4100 & 23.01 Weird behaviour
-
Hi,
I just got a new 4100 to replace a 2100, out of the box (made the mistake to) upgraded to 23.01 before configuring.
Worked all fine for around 4 hours, as I configured PFBlockerNG and a few other tools, then suddenly the DNS Resolver didn't work anymore and when trying to turn on / off certain features (or try to uninstall packages), the system "hung" and eventually the Webinterface crashed as well.
I reset the everything back to default, then started over. Worked for around 12 hours, now the DNS resolver is no longer working either and it seems to be back in not applying any configuration changes.
Is there a way to go back to 22.05? At this point I consider 23.01 a broken a release.
-
@mkalus If you are forwarding DNS, uncheck the DNSSEC option. I had some issues and at least one other posted something similar but I don't recall if they answered about the DNSSEC yet. Netgate recommends turning that off if simply forwarding and the docs have it as a troubleshooting recommendation.
Downgrading is possible, you will need to ask Netgate for the older image and reinstall.
You can then set the update branch to Previous Stable Version to install packages for 22.05, and restore your config file from 22.05.
-
@mkalus D'oh, if this is a new 4100 it has ZFS so you can revert to the older boot environment. I am still not used to that yet. :)
-
@steveits Oh thanks.
I was just trying to disable the DNSSEC and it just hung there and now the webinterface is dead again.
Weirdly enough, everything else keeps working. It seems only the DNS Resolver and Webadmin croak.
Frustrating.
-
@mkalus If you wanted to troubleshoot it you could look at the logs via a console connection or SSH if you have that enabled, but might be simplest to revert and/or reinstall from scratch (to ensure it's clean) and restore the config.
-
@mkalus In the config file I think it's this if you wanted to edit it out and/or restore?
<unbound> <enable/> <dnssec/> <----
-
@steveits Well, that was fun.
Found the old install, told it to boot from there. Seems to boot, but after the boot seem to complete, no routing.
Went to the console, and it shows me that the configuration file is corrupt. I try to select the 23.01 version again and have it reboot. It now loops when trying to initialize the network.
Giving up now. Ordered a replacement and will return this one tomorrow.
Thanks for your help though Steve, I'll leave the replace on 22.01 until the 23 release as stabilized.
-
@mkalus Clarification: You upgraded a factory reset system? Or you imported your 2100 config and then updated?
@mkalus said in 4100 & 23.01 Weird behaviour:
Is there a way to go back to 22.05? At this point I consider 23.01 a broken a release.
We don't, I have seen many 4100s with updates. You should connect the console and give us an output of the console here for diagnostics.
-
@rcoleman-netgate Hi Ryan,
I did a complete new configuration from scratch on the 4100, so nothing from the 2100.
The console output when booting:
....Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.Starting CRON... done.
ERROR: Config file not found
ERROR: Config file not found
ERROR: Config file not found
ERROR: Config file not found
ERROR: Config file not found
ERROR: Config file not found
tee: /cf/conf/upgrade_log.txt: No such file or directory
ERROR: It was not possible to identify which pfSense kernel is installed
Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.Netgate pfSense Plus 22.01-RELEASE amd64 Mon Feb 07 16:37:59 UTC 2022
Bootup complete
ERROR: Config file not found
I don't have the output from trying to get back to 23.01 right now, if you need it I can try and reboot the 4100 again tomorrow and see if I can capture the output.
On an unrelated note: Another 2100 killed itself on the 23.01 upgrade as well, this isn't a huge as it was just used for testing purposes, but if it booting now all it does is after the initial POST to keep outputting "T" forever.
-
@mkalus The 2100 issue is a specific issue related to UFS and older installs that were upgraded rather than reimaged. Reinstallation of 23.01 from a USB file (request at the URL in my signature) and you can get that back online. See https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems
Aa for the 4100... I would install from a 23.01 image. You can request that (separately) at the address in my signature.
-
@rcoleman-netgate Thanks, I'll see if I can recover the 2100.
For the 4100 it behaved weird from the get to, the whole resolver and WebGUI killing itself every few hours on 23.01 I see how the replacement behaves tomorrow I spent 8 hours so far on it this weekend and am a bit grumpy right now.
Appreciate the help and response though.
Cheers.
M.
-
@mkalus
For what is worth : I was running the RC 23.01 for a couple of weeks, and use 23.01 Release since last friday on my 4100.What I did change, somewhere in 2010, was taking out any ISP, or other fortune 500 company's DNS servers, out of the equitation.
This means : I'm not forwarding to some other DNS resolver.
For me, unbound is the (my) Resolver.Since then : no unbound issues what so ever.
Of course, if you 'have to' forward, then so be it.
You could consider using dnsmasq, the pfSense build in DNS forwarder, it's still there. -
@gertjan Thanks. I am doing the same, I am not using any forwarder (my ISP decided a few years ago they do like to do DNS injections), this is why I noticed that the resolver on the netgate died. Suddenly DNS was completely broken for me.
It actually did this "out of the box", though it can take anywhere from 2 - 12 hours after boot for the resolver to croak. There seems to be a relationship between me making (DNS unrelated) config changes and the Resolver eating it.
I do suspect I got a bum unit for some reason. We'll see. Replacement should be here shortly.
-
Quick update. Replacement one arrived and I am done with the basic config. It appears to be quicker responding when applying configs. etc. On the other one it could take 3 - 5 seconds to apply a config change (or cause the webadmin to crash).
Will see if I have the DNS Resolver crash on me again.