2.7.0 Issues

Gertjan

@JKnott
and also "https://acb.netgate.com" is not reachable ?
I can assure you that I can reach it - I was using 23.05 last week, 23.05.1 RC this morning and 23.05.1 right now.
A DNS issue ?
A 'it's using IPv6' issue (I know, don't laugh) -> force IPv4 usage on the command line, see forum how to do so.

JKnott

@Gertjan said in 2.7.0 Issues:

and also "https://acb.netgate.com" is not reachable ?

When I put that in a browser, I can connect, but with an IPv4 address. Isn't it supposed to be IPv6 too? This forum has an IPv6 address.

Gertjan

@JKnott

[23.05.1-RELEASE][root@pfSense.bhf.net]/root: host forum.netgate.com
forum.netgate.com has address 208.123.73.199
forum.netgate.com has IPv6 address 2610:160:11:18::199

[23.05.1-RELEASE][root@pfSense.bhf.net]/root: host netgate.com
netgate.com has address 199.60.103.104
netgate.com has address 199.60.103.4
netgate.com has IPv6 address ::ffff:199.60.103.4
netgate.com has IPv6 address ::ffff:199.60.103.104
netgate.com mail is handled by 30 aspmx4.googlemail.com.
netgate.com mail is handled by 30 aspmx3.googlemail.com.
netgate.com mail is handled by 20 alt2.aspmx.l.google.com.
netgate.com mail is handled by 30 aspmx5.googlemail.com.
netgate.com mail is handled by 10 aspmx.l.google.com.
netgate.com mail is handled by 20 alt1.aspmx.l.google.com.
netgate.com mail is handled by 30 aspmx2.googlemail.com.

[23.05.1-RELEASE][root@pfSense.bhf.net]/root: host acb.netgate.com
acb.netgate.com has address 208.123.73.212

So IPv4 only.

Only the forum uses IPv6 I guess.
And the update servers etc.

@JKnott said in 2.7.0 Issues:

This forum has an IPv6 address.

I'm posting here using IPv6 only for many years now.

edit : compare
pkg-static -d -6 update
with
pkg-static -d -4 update

to know if it is a 4/6 issue.

nimrod

ews.netgate.com also needs to be reachable.

JKnott

@Gertjan said in 2.7.0 Issues:

So IPv4 only.

Well, whether IPv4 or IPv6, it should still work. I just checked again and still unable to update.

Gertjan

@nimrod said in 2.7.0 Issues:

ews.netgate.com also needs to be reachable.

Dono who that is or what it does, but it resolves and replies to my pings - IPv4 only.

TAC57

I had these same issues with 23.05. And think it was related to this issue.

https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl/181

I was hoping this would have been fixed in 2.7 CE.

nimrod

@Gertjan said in 2.7.0 Issues:

@nimrod said in 2.7.0 Issues:

ews.netgate.com also needs to be reachable.

Dono who that is or what it does, but it resolves and replies to my pings - IPv4 only.

It needs to be reachable. Otherwise you cant update or install any package. Talking about IPv4 of course.

SteveITS

@TAC57 said in 2.7.0 Issues:

I was hoping this would have been fixed in 2.7 CE.

https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html#dns-resolver
"Fixed: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR #14056"

JKnott

@JKnott

Any fix for this?

Tzvia

Hmmm... I'm not using forwarding with DOT or DOH, just straight resolving, but had issues where packages would not download and install after I imported my 2.6 backup. I hadn't upgraded (put the MSATA with 2.6 aside as an emergency 'roll back'), instead did a fresh install of 2.7. Then fixed up what was WAN and what was LAN, thinking that with at least those corrected, I could login and do the setup wizard, then restore my backup and that would handle the other interfaces/vlans and the packages. Well, nope. No packages attempted to install, no banner about packages installing please wait a few hours... nothing. I rebooted. Nothing. I should have taken a peek to see what branch it thought it was in, but instead I just imported my backup again... Finally got the dang banner and I waited maybe 8 minutes for the packages to install. So while not a perfect install execution, it did finally setup properly. If the issues here with you guys can be traced to that DOT issue not really being fixed, the issue would hopefully resolve if you sent it to resolve instead? Or maybe a host override (would that work for the firewall itself trying to resolve something?). Just thinking out loud here...

SteveITS

@Tzvia Usually if packages fail to restore it’s because pfSense can’t connect out (yet) so the attempt fails. One can reinstall packages from the GUI as well.
https://docs.netgate.com/pfsense/en/latest/packages/manager.html#reinstalling-and-updating-packages

JKnott

@Tzvia said in 2.7.0 Issues:

instead did a fresh install of 2.7

I have been considering that and then reinstalling the packages. However, why is this problem even happening? Is the problem in 2.6 or the server?

Tzvia

@SteveITS Yes I know- that is why before I do anything on a fresh install- at the console, I set the WAN and LAN - as my LAN is IGB0 and my WAN is IGB1 (don't ask). I set those manually, then run the wizard and afterwards, verify I have working internet. THEN I import the settings, thinking that it should be able to DL the packages... This has worked for me in the past but not this time. And as I had mentioned, no DOT/DOH or any DNS forwarding, just resolving to roots. PFSense just plain didn't attempt to download packages but it did pick up all the rest of my settings; VLANS and what packages I SHOULD have. But they were 'not installed' and no indication that they were installing either, no banner, nothing. But I had internet...

I don't know if anyone here had tried to import their settings again.. or tried setting DNS back to straight resolving and then attempting to re-import... If it works, curious if it would continue to if you then manually set it back to forwarding with DOT.

TAC57

@Jknott I've been using pfsense forever! Not a single problem with 2.6.0. I jumped to pfsense+ and started getting issues with unable to check for updates, unable to backup my config files, problems with app updates, etc. I was told it was a DNS problem and I must a bad configuration issue somewhere. I finally went back to 2.6.0 and everything was cool. I figured when v2.7 was released the DNS issues wouldn't be there but that doesn't appear to be the case.

Now I reload pfsense 2.6 iso, try to load my config file and get told it won't load any packages because I need to upgrade to 2.7. When I up grade to 2.7 I get 'No packages installed.' When I got to the package manager I'm told:

How do I deal with this?

TAC57

@SteveITS See my additional reply below.

Kind of hard to reinstall anything.

SteveITS

@TAC57 if using 2.6 you’ll need to change the update branch to Previous Stable so it downloads packages for 2.6. Note that will work until 2.8 is released, and Previous=2.7.

I’ve seen your other threads and don’t really have an answer. DNS should work out of the box. Does everything work if you reset the config to factory defaults? You can restore your config afterwards.

JKnott

@TAC57 said in 2.7.0 Issues:

I've been using pfsense forever! Not a single problem with 2.6.0. I jumped to pfsense+ and started getting issues with unable to check for updates, unable to backup my config files, problems with app updates, etc. I was told it was a DNS problem and I must a bad configuration issue somewhere.

I have been running pfSense for about 6.5 years and it's always been fine. When I go to the command line, in pfSense, I can successfully ping acb.netgate.com and ews.netgate.com, so that rules out any DNS problem.

nimrod

I did fresh install of 2.7 and restored my old 2.6 config. No issues whatsoever.

JKnott

@nimrod

I guess I'll have to do the same, if a better solution doesn't turn up.