pfSense 2.6 issues

stephenw10

@adriangalbincea said in pfSense 2.6 issues:

not sure how can you sustain that is my setup at fault

Sorry, I'm not assigning blame here. If your config worked fine in 2.5.2 it should work fine in 2.6.
I'm just saying that the fact most users are not seeing issues like that indicates there is something in your config or hardware that is unusual.
To solve this we need to first pin down how this is failing then try to replicate that locally. But we need you to give us some details so we can attempt that and that might mean you need to be running 2.6.

So, yeah, what hardware are you running? Anything unusual?

What config are you running? Again anything unusual?

Steve

nethunter403

This post is deleted!

PeterPorker3

Just wanted to post here that I am having the exact same issue as @KpuCko . I tested all the hardware every way I can, and it all seems to be in good working order. Previous updates have been performed without any issue.

Hardware:
-HP DL320e G8 v2
-Intel Core i3 4150
-4GB ECC Unbuffered Memory
-2x 40GB Intel SATA SSDs in ZFS Mirror
-Only network card in use is an HP NC365T which is Intel Based

Config Overview: 1x Passive LAG (bridged with LAN), OpenVPN, HAproxy, 1x LAN, 1x LAN, Minimal firewall rules

Probably going to end up reinstalling. I doubt I will receive a response here, but if you do happen to see this within the next few days and have any suggestions on another fix, please let me know!

stephenw10

You're seeing exactly the same errors?

Can we see the errors you have?

Most errors of that sort are caused by the upgrade failing to complete for some reason leaving mismatched kernel/world binaries.
Did it appear to complete correctly?

Steve

PeterPorker3

@stephenw10 As far as I can tell, yes, exactly the same. Symptoms the same as well: no access to WAN/internet. (Although I can establish a connection to this firewall via OpenVPN) The first line is what I see in the notification panel and in the System logs, and is displayed a total of 6 times in various parts of the log:

/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULENV: Operation not supported by device - The line in question reads [0]:

In the System logs only (not the notifications), the above error is also accompanied by this message:

/rc.filter_configure_sync: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETSYNCOOKIES' 

I also found the following errors that occur at verious parts of the log that may or may not be related:

KLD cpuctl.ko: depends on kernel - not available or version mismatch 
KLD if_wg.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
KLD aesni.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
KLD coretemp.ko: depends on kernel - not available or version mismatch

Which where all individually followed by:

linker_load_file: /boot/kernel/XXX.ko - unsupported file type 

And the last one I found was this which happened three times:

>>> Gateway alarm: WANGW (Addr:192.168.1.1 Alarm:0 RTT:.320ms RTTsd:.412ms Loss:7%) 

If there are any other errors logged, I couldn't identify them. But I can't say I'm an expert on the inner workings of pfsense so if there is somewhere specific I should look, please let me know.

I don't recall seeing any errors during the upgrade process, however I'm not sure where to look to double check. I did try running pkg update and pkg upgrade in the shell, but it said everything was up to date and displayed no errors at all. I also attempted to export the config and restore from it without reinstalling, but that made no difference.

It might also be worth noting that I have a double NAT setup (for various reasons), with the WAN of this pfsense box being connected to another local network. I cannot access the internet or any of the local network resources on the outer/WAN network, despite not being blocked by any firewall rules (this was a working setup prior to the upgrade, upgrade was performed to troubleshoot an unrelated issue with the HAproxy package).

stephenw10

Ok, that deffinately looks like a kernel mismatch.

What do you see output from uname -a and freebsd-version -kur.

You might also try pkg upgrade and see if you are offered any updates. Imediately following the upgrade to 2.6 I would not expect to see any.

Steve

PeterPorker3

@stephenw10 If appears that you are spot on. Here's the output:

[2.6.0-RELEASE][admin@XXX]/root: uname -r
12.2-STABLE
[2.6.0-RELEASE][admin@XXX]/root: freebsd-version -kur
12.3-STABLE
12.2-STABLE
12.3-STABLE

The newer kernel is installed, yet the older kernel is currently in use (stays that way after a reboot as well).

I assume the pfsense bootloader screen would have a way to specify which kernel to load, however I am not at home this week and I'm limited to what I can do over a VPN. What would be the best way to correct this with that limitation in mind? I'm not too worried about potentially making it worse, since the network is already unusable and I am traveling back on Saturday.

stephenw10

Do you have more than one boot device in the system?

We have seen some instances where an old kernel is loaded from a different device.

Installing 2.6 clean and restoring the config will get you back up again whatever the current state is.

Steve

PeterPorker3

@stephenw10 pfsense is installed on a ZFS Mirror array with two SSDs. Would that apply in this case? Besides that there are no other volumes/disks.

stephenw10

Ok, looking at that it appears the installed and running kernel is correct but the userland is still at 12.2.
pkg upgrade didn't offer you any updates?

Try running pkg info -x pfSense and see if anything there still shows 22.01.

I would not expect a ZFS mirror to be capable of booting a different kernel. I've only ever seen it on separate boot devices.

Steve