Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?

mcury

@paul2019 There is a problem, but nothing related to VOIP.
The problem is related to high CPU usage.

There is a patch for that however you are going to need to apply it manually editing a file.

You can read more about here:
https://redmine.pfsense.org/issues/13154
https://forum.netgate.com/topic/173083/22-05-and-pfblocker/8
https://www.reddit.com/r/pfBlockerNG/comments/v7zp72/ip_block_logging_not_working_in_2205_plus_release/

paul2019

@mcury Thank you, applied the patch. Even though there are no known issues with VOIP per se if that glitch affected pfblocker I'm wondering if it messes with the traffic somehow.

alt text

mcury

@paul2019 If it does, this would be the 1st comment about it.. At least I didn't see anything else about VOIP and pfblocker here in the forum.

Since pfblockerng works blocking IPs, geoIP and DNSBL, you can check the reports tab to check if its blocking.

Or, you could disable pfblockerng and its features to test.

paul2019

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@paul2019 If it does, this would be the 1st comment about it.. At least I didn't see anything else about VOIP and pfblocker here in the forum.

Since pfblockerng works blocking IPs, geoIP and DNSBL, you can check the reports tab to check if its blocking.

Or, you could disable pfblockerng and its features to test.

When I tried to disable it I got a few warnings regarding my rules "Unresolvable source alias 'pfB_COUNTRIES_PERMIT_v4' for rule 'NAT " and everything stopped working, should I stop the service or uncheck the "Enable" checkbox (that's what threw the warnings)?

paul2019

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@paul2019 If it does, this would be the 1st comment about it.. At least I didn't see anything else about VOIP and pfblocker here in the forum.

Since pfblockerng works blocking IPs, geoIP and DNSBL, you can check the reports tab to check if its blocking.

Or, you could disable pfblockerng and its features to test.

the traffic seems to pass fine:
alt text

mcury

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

everything stopped working

That shouldn't happen.
Check the reports tab to confirm before taking actions, you will be able to see something related to VOIP if that is the case.

You can run an update

Once its complete, check the logs during the process to confirm if that list 'pfB_COUNTRIES_PERMIT_v4' for rule 'NAT was downloaded.

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

should I stop the service or uncheck the "Enable" checkbox (that's what threw the warnings)?

I don't think there is a difference, I would tick the enable option to disable the service, both pfblockerng and dnsbl.

paul2019

@mcury Did the update but still disabling pfblockerng makes the phone not work at all, I get a bunch of "Unresolvable source alias...." for all rules I have in place that forward the necessary ports.

alt text

mcury

@paul2019 Edit that rule, check if the alias is correctly set, then save the rule again.

paul2019

@mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before.

alt text

mcury

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before.

No, this is not normal

paul2019

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before.

No, this is not normal

There we go, must have happened after the update, how I can troubleshoot it?

paul2019

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before.

No, this is not normal

Checking here the DNSBL tab, the Enabled DNSBL is unchecked, I don't remember turn it on before, not sure if that's related.

mcury

@paul2019 Tick enable, but I doubt that is related to the voip issue.

SteveITS

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before.

No, this is not normal

It is normal if DNSBL is not enabled. Many of our installs we use pfB for block lists and not DNSBL so it's off.

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

Unresolvable source alias

If the alias doesn't exist pfSense will throw that error, if a firewall or NAT rule uses the alias. It can happen for instance when uninstalling pfBlocker in order to install an update to pfSense...years ago I locked myself out that way, installing an update to our office at night through a pfB NAT rule, but fortunately had other ways to get connected. I have also seen it on rare occasions after a reboot. Just run an update in pfB to recreate the alias.