To do 24.11 or not? That's the question.

stephenw10

Do it!

tedquade

@chudak Every once in a while you have to "Run with Scissors"

Ted

SteveITS

@AndyRH said in To do 24.11 or not? That's the question.:

CPU seems a little higher

Check thread https://forum.netgate.com/topic/190824/cpu-load-on-1100/24

keyser

@chudak I have upgraded a whole bunch of boxes now (6100's, 2100's) and no issues have revealed itself apart from the CPU usage issue mentioned because of the dashboard widgets. Read @SteveITS Link above for the fix.

I upgraded to KEA DHCP on all of them as well, and that have also not caused any issues.

So a very good release from my perspective - especially because it fixes the memory leak caused by the BSNMP daemon if you monitor your 24.03 pf rule count/hitrate using SNMP.

Gertjan

@chudak

I went for it two days ago.

Keep in mind : 24.11 will be installed in a new "System > Boot Environments" so you can go back with a click.

The install process was pretty uneventful. I wrote about it here.

I'm even using KEA right now.
I saw the new "DNS Registration" coming to live - oh boy this looks so nice.

Normandy214

@chudak My question is why upgrade now. If you're firewall is running well now, why risk breaking it with an upgrade (sorry @stephenw10).
Is there a new or improved feature in 24.11 that you need?
If not, per the Netgate website, https://docs.netgate.com/pfsense/en/latest/releases/versions.html , versions 23.09.1 and 24.03 are still under support.
I usually don't upgrade until support ends. I let everyone else suffer the issues with new releases and then upgrade once I have a better understanding of the issues I am likely to face.
If you do decide to go let us know how the adventure goes.

AndyRH

@Normandy214 said in To do 24.11 or not? That's the question.:

My question is why upgrade now. If you're firewall is running well now

There are always fixes and improvements. With Boot Environments it is too easy to go back if there is a problem. For me this is home, and I can be a little wilder. At work we are very cautious with upgrades. Upset family vs millions of dollars.
Your judgment for your environment.

chudak

@Normandy214 said in To do 24.11 or not? That's the question.:

@chudak My question is why upgrade now. If you're firewall is running well now, why risk breaking it with an upgrade (sorry @stephenw10).
Is there a new or improved feature in 24.11 that you need?
If not, per the Netgate website, https://docs.netgate.com/pfsense/en/latest/releases/versions.html , versions 23.09.1 and 24.03 are still under support.
I usually don't upgrade until support ends. I let everyone else suffer the issues with new releases and then upgrade once I have a better understanding of the issues I am likely to face.
If you do decide to go let us know how the adventure goes.

It's more of a philosophical question.
I prefer to run on the latest s/w, some people would never update as long as they don't have any problems

Dunno

chudak

Re: To do 24.11 or not? That's the question.

I finally upgraded to the latest version.

The overall process went fine. But I see some issues. I monitor my system via Uptime Kume, usually ping check and I see all my systems fail with "queryA ETIMEOUT" errors and then come back online.

That's not normal :(

Has anybody else observed something similar?

I may have to restore the previous good version

chudak

@chudak I restored my 24.03 version and all is back to normal.

I did not see any obvious issues except Kuma, but also noticed overall stability issues. Felt like DNS resolution was on and off.

In any event - thumb down for the update.

stephenw10

@chudak said in To do 24.11 or not? That's the question.:

Has anybody else observed something similar?

More information needed! How is that check running? From where? Is it shown as blocked anywhere?

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

@chudak said in To do 24.11 or not? That's the question.:

Has anybody else observed something similar?

More information needed! How is that check running? From where? Is it shown as blocked anywhere?

I wish I can characterise it better.
I booted back to 24.11.

I still see the problem
Here is an example.
I monitor my Windows VM via ping every 60 seconds

On the previous version, I didn’t see any issues. On 24.11 I see this test show unsuccessful ping followed by successful ping every several minutes.

I see nothing suspicious in the logs

I also see actual interruptions streaming YouTube and even typing this text see service interruption on this website

IMHO this version is not usable (for me) :(

‍️‍️

Gertjan

@chudak said in To do 24.11 or not? That's the question.:

I monitor my Windows VM via ping every 60 seconds

pfSense is using 'dpinger' to ping a upstream gateway (often 8.8.8.8) every 500 msec, just to check if the upstream Internet connection is working.
What I mean : pfSense can ping hosts just fine. Launch a ping test to some LAN hist, or actyally any host yourself with the GUI.
If some VM refuses to answer .... well, have a look at that VM.

@chudak said in To do 24.11 or not? That's the question.:

Felt like DNS resolution was on and off.

Check your unbound.
Is it getting restarted a lot ? Check the unbound (resolver) log.
Mine doesn't https://www.test-domaine.fr/munin/brit-hotel-fumel.net/pfsense.brit-hotel-fumel.net/unbound_munin_memory.html - and the recent restarts are normal, I just switched to 24.11 and trying out a lot of things, also rebooting.

DNS is pretty (very) solid for me.
( and we all use the exact same binary ^^ )

stephenw10

@chudak What are you running this on?

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

@chudak What are you running this on?

QOTOM-Q355G4

stephenw10

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

I am physically don't have access to my psF bix now and hesitant to mess with it remotely.

Hope somebody else reports similar (or not) and I will try later and wait for a point update.

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

OK booted up to 24.11 and watching carefully now.

I do see connections being unstable.

I'm actually pinging my pfS router and one of my VMs all the time. The ping stops after several minutes and then starts working again.

What would you suggest to check?

Thx

PS: I ping from a remote system, connected via TaleSclae, and checked OpenVPN, so services seem to be working fine

chudak

@chudak

I may have a suspect theory.

I see in the logs:

Dec 5 09:19:27 root 59812 Bootup complete

(it could be I missed reboot emails as they were mixed with many others)

That was not my reboot and it corresponds with "instability" timestamps.

Will watch it carefully...

stephenw10

So you think it could be rebooting? That should be logged, should be pretty clear.