24.11 upgrade to 25.07 - LAN connectivity issues
-
temporarily disabling the firewall via
pfctl -ddoes not result in successful ping .
so I suspect route related however routes look correct and identical to working setup I have next to it. -
@RandomVMTeam said in 24.11 upgrade to 25.07 - LAN connectivity issues:
further debugging on the pfsense gateway via tcpdump filtering on "arp and icmp", shows the gateway receiving pings and arp's.
By gateway there you mean the pfSense LAN interface address that clients are using as their gateway?
So clients are losing the ARP entries for the pfSense LAN. The pcap shows them ARPing for it but no replies?
-
@stephenw10 yes, as the client continuously gets a timeout..
PFsense Gateway has a WAN interface
and its also the Gateway for the LAN interface..
so all clients on the network talk to PFsense for DHCP, DNS, etc..I have DHCP static mapping with static ARP configured in the KEA DHCP server, i dont know if thats playing a part.
I can try another upgrade disabling them if thats recommended. -
Ah OK.
Normally you should not have a gateway on the pfSense LAN. You would only need a gateway there if you're routing to some downstream router in the LAN subnet.
Additionally if you have added that on the LAN directly you'll get auto outbound NAT rules applied to it which you usually wouldn't want.Using Static ARP entries is almost always a bad idea. It's probably not the cause of the issue here but it's preventing you see the problem. Likely something has changed address or there is a conflict but instead of ARPing it;'s just sending to the static entry.
-
@stephenw10 sorry I mispoke, its not the Gateway for the LAN..
I will do some tests with static ARPs disabled and see if the result is any better and report back.
Thanks.. -
@stephenw10
upon upgrading the first boot was not successful, the system hung and never completed a reboot..I ended up having to power cycle. this initially is what happen the first time recall (before starting this thread).with or without static ARP entries the reboot after the upgrade failed on first attempt. so it wasn't the static arp entries..
I was able to fix it by cycling through the few boot environments listed with
bectl list.. whats strange is the boot environment i picked of a recent date still had 25.07 but it was not the boot environment it used after the power cycle hang.if its doing what I think it is, its failing to upgrade and reboot, and rolling back to another boot environment for 25.07 that doesnt fully function.
-
Where did it fail at the first boot?
-
@stephenw10 I wasnt able to capture unfortunately as I kicked off the upgrade from a remote client.. It seem to never get past normal bootup as when I connected a monitor cable while it was in this stuck state, the screen was still blank, no terminal output.
I did little more testing and noticed one of my devices had no internet..
I assigned a static ARP entry and its connectivity started to work. seems like multiple problems going on. one as of now is related to the usage of static ARP in KEA DHCP server. DHCP seems to be broken for none-static ARP clients.I'll try turning off static ARP entry and see if connectivity resumes for all other clients.
-
Are you able to retest the upgrade to get the console log up to the failure point?
-
@stephenw10 I can.
i'll switch back to 24.01 and kick off another upgrade at the terminal.
