To do 24.11 or not? That's the question.

chudak

@Normandy214 said in To do 24.11 or not? That's the question.:

@chudak My question is why upgrade now. If you're firewall is running well now, why risk breaking it with an upgrade (sorry @stephenw10).
Is there a new or improved feature in 24.11 that you need?
If not, per the Netgate website, https://docs.netgate.com/pfsense/en/latest/releases/versions.html , versions 23.09.1 and 24.03 are still under support.
I usually don't upgrade until support ends. I let everyone else suffer the issues with new releases and then upgrade once I have a better understanding of the issues I am likely to face.
If you do decide to go let us know how the adventure goes.

It's more of a philosophical question.
I prefer to run on the latest s/w, some people would never update as long as they don't have any problems

Dunno

chudak

Re: To do 24.11 or not? That's the question.

I finally upgraded to the latest version.

The overall process went fine. But I see some issues. I monitor my system via Uptime Kume, usually ping check and I see all my systems fail with "queryA ETIMEOUT" errors and then come back online.

That's not normal :(

Has anybody else observed something similar?

I may have to restore the previous good version

chudak

@chudak I restored my 24.03 version and all is back to normal.

I did not see any obvious issues except Kuma, but also noticed overall stability issues. Felt like DNS resolution was on and off.

In any event - thumb down for the update.

stephenw10

@chudak said in To do 24.11 or not? That's the question.:

Has anybody else observed something similar?

More information needed! How is that check running? From where? Is it shown as blocked anywhere?

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

@chudak said in To do 24.11 or not? That's the question.:

Has anybody else observed something similar?

More information needed! How is that check running? From where? Is it shown as blocked anywhere?

I wish I can characterise it better.
I booted back to 24.11.

I still see the problem
Here is an example.
I monitor my Windows VM via ping every 60 seconds

On the previous version, I didn’t see any issues. On 24.11 I see this test show unsuccessful ping followed by successful ping every several minutes.

I see nothing suspicious in the logs

I also see actual interruptions streaming YouTube and even typing this text see service interruption on this website

IMHO this version is not usable (for me) :(

‍️‍️

Gertjan

@chudak said in To do 24.11 or not? That's the question.:

I monitor my Windows VM via ping every 60 seconds

pfSense is using 'dpinger' to ping a upstream gateway (often 8.8.8.8) every 500 msec, just to check if the upstream Internet connection is working.
What I mean : pfSense can ping hosts just fine. Launch a ping test to some LAN hist, or actyally any host yourself with the GUI.
If some VM refuses to answer .... well, have a look at that VM.

@chudak said in To do 24.11 or not? That's the question.:

Felt like DNS resolution was on and off.

Check your unbound.
Is it getting restarted a lot ? Check the unbound (resolver) log.
Mine doesn't https://www.test-domaine.fr/munin/brit-hotel-fumel.net/pfsense.brit-hotel-fumel.net/unbound_munin_memory.html - and the recent restarts are normal, I just switched to 24.11 and trying out a lot of things, also rebooting.

DNS is pretty (very) solid for me.
( and we all use the exact same binary ^^ )

stephenw10

@chudak What are you running this on?

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

@chudak What are you running this on?

QOTOM-Q355G4

stephenw10

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

I am physically don't have access to my psF bix now and hesitant to mess with it remotely.

Hope somebody else reports similar (or not) and I will try later and wait for a point update.