pfSense 2.4.5 Now Available
-
Upgraded yesterday. Exactly 37 minutes ago, at start of this hour, both of my VM upgraded to latest version started to consume CPU 35%-40%, connection started to swop from up to down, console not responding, web-console not loading.
Reverted to snapshot before upgrade, both VMs started to work normally. -
@hmh No, this is not the problem... today before the update everyone was browsing normally, the problem occurred after the update. I'm doing exhaustive testing, squid+radius also does not navigate, only worked with local authentication.
-
Hi to all,
i've upgraded my pfsene to 2.4.5 and I running on FTTH connection.
Before upgrade when I try to testing my speed connection the resulst are over 600; now i'm not up to 300.How can I solve this issue?
Thanks
-
We some problems reported by early adapters of 2.4.5 release, do you plan to release hot-fixes soon to people who is still waiting and not updating?
Thx
-
@chudak move to TNSR :-)
-
UEFI does not work
-
-
Version check says 'Unable to check for updates' - message now, maybe new version is coming up?
-
I updated 4 Days 05 Hours 47 Minutes 35 Seconds ago, with the following packages installed with the only issue that I have discovered is I had to click the update graphs in the traffic totals package.
-
Again update is not available ATM
https://imgur.com/a/gw9hQOW
-
Yes it is
You have a dns or connectivity issue most likely
https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html
do a
pkg-static update -fwhat does it say?
-
@johnpoz said in pfSense 2.4.5 Now Available:
pkg-static update
This is first time I see this issue and I have not changed anything.
Why now ?[2.4.4-RELEASE][admin@pfsense.wawona.lan]/root: pkg-static update -f
Updating pfSense-core repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 2 KiB 1.7kB/s 00:01
Processing entries: 100%
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 141 KiB 144.4kB/s 00:01
Processing entries: 0%
Newer FreeBSD version for package xe-guest-utilities:
To ignore this error set IGNORE_OSVERSION=yes- package: 1103504
- running kernel: 1102000
Ignore the mismatch and continue? [Y/n]:
-
I updated pfBlockerNG-devel to 2.2.5_30 only .
Maybe that's the reason. I am still on 2.4.4
cc: @BBcan177
-
The golden rule is :
Update first pfSense, if an update is available (not RC).
Then the packages ....There is an update to pfSense, 2.4.5 - that should be done first.
Only then you can continue upgrading packages.If not ......
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@johnpoz said in pfSense 2.4.5 Now Available:
I updated 4 Days 05 Hours 47 Minutes 35 Seconds ago, with the following packages installed with the only issue that I have discovered is I had to click the update graphs in the traffic totals package.
@johnpoz noticed you are running pfBlockerNG-devel, would you mind posting your settings? Assuming you have not seen any of the issues reported in the topic below post upgrade to 2.4.5 -- that some have traced back to pfBlockerNG, unbound, pfctl or some combo thereof -- your setup may help provide workarounds for some (especially if running on netgate or other bare-metal servers).
https://forum.netgate.com/topic/151690/increased-memory-and-cpu-spikes-causing-latency-outage-with-2-4-5/
-
-
I only use pfblocker for the geoip aliases - I don't have it doing any rules or anything. It just maintains the aliases that I then use in my own rules. And only then for allowing specific access to my forwards. My settings would not be in line with how most people use it..
I use it to limit access to my plex to the countries that my users are in, and allow access to my vpn to only US, that sort of thing.
BTW - not suggesting that anyone just click upgrade.. You should follow the guide for sure.. But I wouldn't have any issues if it completely blew up either. I have backup of my config, I have image to do a clean install. And my setup overall isn't all that complicated.. Plus have 10+ years of running pfsense - so I am pretty sure if it took a dive I wouldn't have any issues to get my home network up and running in a few minutes. Worse case I do have a spare USGp3 box I could fire up if the hardware decided to take a dump during the process.. You always need to have plans in place when doing any sort of upgrade to this sort of equipment - things always seem to go wrong at the worse times.. So you have to plan for them!
That is why I just did click without removing all the packages, etc. If you are not at this same comfort and skill level, then for sure you should follow best practice upgrade..
I am also right next to the box, and its only a home network - not production.. So even if was down for extended period.. Worse case is wife wouldn't be able to use the internet, and friends and family wouldn't be able to access my plex server ;)
I am not going to update any of the work netgate boxes until we get back to the office, even though right now would be a good time since nobody is there.. But if they had some sort of an issue, they would be down for quite some time - and when people do start going into the offices, which might before I do, etc. they would be down. So yeah those can wait.
-
@Gertjan said in pfSense 2.4.5 Now Available:
The golden rule is :
Update first pfSense, if an update is available (not RC).
Then the packages ....There is an update to pfSense, 2.4.5 - that should be done first.
Only then you can continue upgrading packages.If not ......
I think Package Manager should even allow update packages meant for new version. Then we would not have any of these issues!
-
So you will have a pull request later to day for that I take it?
https://docs.netgate.com/pfsense/en/latest/development/submitting-a-pull-request-via-github.html -
@johnpoz said in pfSense 2.4.5 Now Available:
I only use pfblocker for the geoip aliases - I don't have it doing any rules or anything. It just maintains the aliases that I then use in my own rules. And only then for allowing specific access to my forwards. My settings would not be in line with how most people use it..
I use it to limit access to my plex to the countries that my users are in, and allow access to my vpn to only US, that sort of thing.
That type of use may explain what's happening in some cases where spikes seem to happen due to unbound and (presumably) a large DNSBL entries file. Which you wouldn't have, so it does not impact unbound. Anyway, fortunately, not as affected as others have been and could downgrade pretty easily if it came to that. Right now though, still trying to figure out if there may be any fix short of downgrading available or coming. The point was made and would seem sensible, that pkg should not be switched to pull data from a new version prior to an actual update (happened to me too which sort of forced the matter of the upgrade).
