2.5.2 to 2.6 CE upgrade yielded two issues
-
Long time user, it's the first time I've had issues, that I don't THINK are my fault. One minor, one major, and some lessons learned. I had to revert back to 2.5.2.
Minor Issue 1: The NIC's (Intel X710-DA4) fixed speed configurations did not "stick" with '10Gbase-SR' with the upgrade. They reset to "Default" and when they did they would show connected but would not properly obtain a DHCP lease from ISP. These are 10G-Base-T SFP+ modules. This was easily fixed by setting them to the "fixed" speed.
Issue 2: I have a dual-WAN failover gateway setup. (One ISP is fibre the other is cable, fibre is primary, the cable is backup) All three
(failover gateway, ISP1 and ISP2) of these devices have dynamic DNS entries at Cloudflare and these have worked fine up until this 2.6 release. With the failover entry being the "active" ISP. The secondary ISP's entry times out when trying to negotiate a connection with Cloudflare. Deleted entry, redid it with API, still timeout, nothing mentioned of an "authentication error."Lessons learned, Restoring backups isn't always pretty. I had made a full backup, and made the 2.5.2 restore media and a secondary restore USB Key with the renamed configuration file, I've tested it before and it is pretty slick. Just don't forget to remove the "config restore media" when you're done or your firewall will revert to that configuration at every boot.
-
Reverting to the previous backup and 2.5.2, somehow corrupted the ssh host key generation, it didn't have one. I had to generate it manually, sshd would not start and was very cryptic on how to fix this. (Google helped immensely).
-
I learned about "forcing a specific version of pfSense, before restoring all packages." As the restore, and subsequent, "re-install all packages" installed all the "wrong 2.6 ones. System -> Update -> Update Settings and set it to the branch of your choice first would have been wise. However, it did rewind all my "bad/too high of a version" packages when I did a "re-install all packages" under the backup/restore menu.
Being the first time I've ever had an issue with pfSense, how do I go about properly reporting, and providing any information needed, for the Dynamic DNS issue?
TLDR; Updating Dynamic DNS on Cloudflare on secondary ISP appears to be failing after 2.5.2 to 2.6 CE upgrade.
-
-
@bcinbc It craps all of the remote sites unless you have a dual WAN setup everywhere to use in case.
Annoying as f*ck.
-
@bcinbc you can open a report at https://redmine.pfsense.org
-
@steveits Thank you! Also, your "quote" is exactly what saved me for Lesson Learned #2. :)
-
@cool_corona I'm not sure I understand what you are saying?
I have dual WAN fail-over working now on 2.5.2. With 2.6, it won't update the dynamic DNS entry for the second ISP so there is no way I could set the gateway for external DNS for incoming services. It just times out, whereas the first ISP, and the gateway, with the same settings (save for the DNS names), works just fine.
-
@bcinbc said in 2.5.2 to 2.6 CE upgrade yielded two issues:
saved me for Lesson Learned #2. :)
You're welcome, I figure those are two things that should be common knowledge (and handled better in the GUI) and yet can cause a lot of damage. :)
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
The minor issue was probably that those NICs are better supported in 2.6 and may have correctly recognised the modules and available link types. '10Gbase-SR' may not longer have been available.
Steve
-
I finally got around to trying the update again after reverting to 2.5.2. I also went up to 22.01, with no change in this behaviour.
- Packages, SSH, and everything else worked fine.
- WAN disconnection issues, or perhaps just failing to do a DHCP renewal? Seem to require flipping back and forth between "autoselect" and 10Gbase-SR to initiate a new DHCP update.
It will failover to the secondary connection but fail to perform the dynamic DNS updates on Cloudflare. I see that there are at least two patches for two DynDNS services: Google and Namecheap.
Always with this error:
/services_dyndns.php: Dynamic DNS cloudflare (FQDN domain removed): _checkStatus() starting.
/services_dyndns.php: Curl error occurred: Failed to connect to api.cloudflare.com port 443 after 90002 ms: Operation timed outI have three dynamic addresses I update on Cloudflare, but it will only correctly update two addresses as soon as there are three? One will always fail. (ISP1, ISP2, and the failover gateway IP address in use).
I now have the information, and now I have to figure out how to file a report. Thanks for the help!
-
-
@stephenw10
I figured it out. Report filed. It looks like someone else had a similar issue, made sure to quote it in my report.