pfSense 2.6 issues

stephenw10

@firewallproblemsoops said in pfSense 2.6 issues:

Also the file produced seems to be encrypted or formatted in some unknown way, I can't read the .cap file it produced now in a couple different text editors I tried.

You need to open it in Wireshark to see most useful stuff.

Steve

adriangalbincea

@firewallproblemsoops I had similar issue in the new version. It looks like DNS issue to me. 40-50% of the time, the webpages will not load, will say that cannot resolve or similar. If I refresh the page will load fine. I had to reinstall mine with version 2.5.2. everything is back to normal.

adriangalbincea

@firewallproblemsoops I did the same, ran ping -t for long time, and is not consistent, will get time out very often...

stephenw10

If it gives a resolution error then it's definitely DNS.

If it's a v6 issue then pinging something will always succeed because that's v4. You need to run ping6 and see if it tries (and fails). It should give a 'no route' or 'unreachable' error if you do not have IPv6.

Steve

adriangalbincea

@stephenw10 I have only IPv4 on ISP pfsense and PC. So IPv6 makes no sense for me to troubleshoot... Any other solution?

stephenw10

@adriangalbincea said in pfSense 2.6 issues:

I have only IPv4 on ISP pfsense and PC

Mmm, that's exactly what everyone who hits this thinks. Did you actually try it?

Otherwise, as I said, if it shows a resolution error it's a DNS issue. So check it can resolve against all the assigned servers. Check pfSense can also.

Steve

johnpoz

@adriangalbincea said in pfSense 2.6 issues:

ran ping -t for long time, and is not consistent, will get time out very often...

Well that says its not actually dns related, but if your having packet loss issues you could for sure have dns problems because of the packet loss.

Once you start the ping, even if was to some fqdn - if that resolved to an IP and then you later see packet loss that has nothing to do with dns. But actual packet loss..

adriangalbincea

@johnpoz Can well be a drop of the package too. I will let other people report this too... I will not upgrade my router just to troubleshoot again. I reverted my Windows 11 upgrade because of this to realize it was actually the pfSense upgrade, not the Windows upgrade... I spent days and forums saying nothing about this issue... What is weird though, it happened always only on the PC which is connected via cable, mobile devices had no issues... I will stay with 2.5.2 for the moment and I will not update any of my clients routers either.

johnpoz

@adriangalbincea said in pfSense 2.6 issues:

drop of the package too

Sorry but no... Have no idea what your issue was or is... But once you resolve something from dns to its IP and are running a constant ping.. .dns is out of the picture, unbound could be completely dead.. You could turn off the service.

Your saying your wireless clients all worked just fine.. So then it wasn't your isp, and how exactly was it pfsense either?

That specific interface - how exactly did you this pc connect vs your wireless clients that were having no issues, etc..

Your more than welcome to stay on version 1 if you want.. Nothing forcing you to do anything... You can continue to use windows 9x if you want as well..

stephenw10

Mmm, there is no known issue in 2.6 that presents like that. If you have found a new issue it's likely related to your setup specifically, either your hardware or config. It's unlikely to get fixed if we cannot troubleshoot it.

Steve

johnpoz

@stephenw10 said in pfSense 2.6 issues:

unlikely to get fixed if we cannot troubleshoot it.

Why would you want to do that? Just stay on version 1 of something, never move forward.. Just use what works first time until the end of time ;)

stephenw10

Well I mean that's option.

adriangalbincea

@stephenw10 not sure how can you sustain that is my setup at fault if I update the router firmware and the connection becomes unstable and if I restore the older version is back to normal. Really? This is how you deal with issues?

johnpoz

@adriangalbincea said in pfSense 2.6 issues:

can you sustain that is my setup at fault

Because if not then the forum would be on fire with everyone on the planet that upgraded to 2.6 screaming it doesn't work.

So clearly it is something related to you setup in some fashion that is unique enough that others are not screaming about the same issue..

That is how.. What are you running pfsense on? Hardware, VM? There quite a bit of chatter about users having issues with hyper-v, etc. What interface was this pc connected too, some usb interface, an port from a multiple port nic? A intel nic, a realtek nic?

We have absolutely zero actual info about your problem... You say websites don't load 50 % of the time, but only this 1 pc - not any of yoru wireless clients, or othe wired client?? But you say it looses ping.. 50% loss? 5% loss? Pings once started have zero to do with dns, etc. etc..

stephenw10

@adriangalbincea said in pfSense 2.6 issues:

not sure how can you sustain that is my setup at fault

Sorry, I'm not assigning blame here. If your config worked fine in 2.5.2 it should work fine in 2.6.
I'm just saying that the fact most users are not seeing issues like that indicates there is something in your config or hardware that is unusual.
To solve this we need to first pin down how this is failing then try to replicate that locally. But we need you to give us some details so we can attempt that and that might mean you need to be running 2.6.

So, yeah, what hardware are you running? Anything unusual?

What config are you running? Again anything unusual?

Steve

nethunter403

This post is deleted!

PeterPorker3

Just wanted to post here that I am having the exact same issue as @KpuCko . I tested all the hardware every way I can, and it all seems to be in good working order. Previous updates have been performed without any issue.

Hardware:
-HP DL320e G8 v2
-Intel Core i3 4150
-4GB ECC Unbuffered Memory
-2x 40GB Intel SATA SSDs in ZFS Mirror
-Only network card in use is an HP NC365T which is Intel Based

Config Overview: 1x Passive LAG (bridged with LAN), OpenVPN, HAproxy, 1x LAN, 1x LAN, Minimal firewall rules

Probably going to end up reinstalling. I doubt I will receive a response here, but if you do happen to see this within the next few days and have any suggestions on another fix, please let me know!

stephenw10

You're seeing exactly the same errors?

Can we see the errors you have?

Most errors of that sort are caused by the upgrade failing to complete for some reason leaving mismatched kernel/world binaries.
Did it appear to complete correctly?

Steve

PeterPorker3

@stephenw10 As far as I can tell, yes, exactly the same. Symptoms the same as well: no access to WAN/internet. (Although I can establish a connection to this firewall via OpenVPN) The first line is what I see in the notification panel and in the System logs, and is displayed a total of 6 times in various parts of the log:

/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULENV: Operation not supported by device - The line in question reads [0]:

In the System logs only (not the notifications), the above error is also accompanied by this message:

/rc.filter_configure_sync: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETSYNCOOKIES' 

I also found the following errors that occur at verious parts of the log that may or may not be related:

KLD cpuctl.ko: depends on kernel - not available or version mismatch 
KLD if_wg.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
KLD aesni.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
KLD coretemp.ko: depends on kernel - not available or version mismatch

Which where all individually followed by:

linker_load_file: /boot/kernel/XXX.ko - unsupported file type 

And the last one I found was this which happened three times:

>>> Gateway alarm: WANGW (Addr:192.168.1.1 Alarm:0 RTT:.320ms RTTsd:.412ms Loss:7%) 

If there are any other errors logged, I couldn't identify them. But I can't say I'm an expert on the inner workings of pfsense so if there is somewhere specific I should look, please let me know.

I don't recall seeing any errors during the upgrade process, however I'm not sure where to look to double check. I did try running pkg update and pkg upgrade in the shell, but it said everything was up to date and displayed no errors at all. I also attempted to export the config and restore from it without reinstalling, but that made no difference.

It might also be worth noting that I have a double NAT setup (for various reasons), with the WAN of this pfsense box being connected to another local network. I cannot access the internet or any of the local network resources on the outer/WAN network, despite not being blocked by any firewall rules (this was a working setup prior to the upgrade, upgrade was performed to troubleshoot an unrelated issue with the HAproxy package).

stephenw10

Ok, that deffinately looks like a kernel mismatch.

What do you see output from uname -a and freebsd-version -kur.

You might also try pkg upgrade and see if you are offered any updates. Imediately following the upgrade to 2.6 I would not expect to see any.

Steve