pfSense 2.4.5-RELEASE-p1 Now Available
-
@avr Great :) If you like please post the link to the bug report here as to keep you post and bug report "linked" together. Makes it easier for other people to find your bug report that may experience the same issue as you.
(Also if you find it useful maybe post a link to your forum post in the redmine ticket you created.)
Thanks
@Visseroth I understand your frustration and feelings. My only advice is reach out, describe/report, be succinct/to the point etc. People at Netgate are also people. You, I and the people at Netgate have probably both been the ones giving and getting support and trying to do our best. If Netgate does not do the best then it is the management problem, but somehow to me it is misplaced to have the critique posted here in the forum where we all should help each other and e.g. write bug reports when it seems needed and getting things back on track. :) So maybe - if needed - have a special "write to management" kind of channel if some specific general quality problem arises over and over again.
I know I probably cannot interface your problem and frustration 100% with this answer, but I do understand you frustration - trust me! -
@al
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664 -
@avr said in pfSense 2.4.5-RELEASE-p1 Now Available:
@al
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664Isn't dns-leakage while using VPN-clients a general problem in pfSense? Can't see what your have done would help there in the first place.
Do you have DNS Query Forwarding in the forwarder enabled? -
@Bob-Dig Enable Forwarding Mode is disabled
-
@Visseroth Strange. Please try using a different browser or an anonymous tab when logging in - it could be some cache stuff or an old cookie or something else that gives a problem.
-
@avr Ok, same here. But I think tinkering under general setup is no solution in the first place. The only solution I am aware of is using only the vpn-client(s) as Outgoing Network Interfaces in the resolver. Works flawlessly.
-
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664Hi,
this is a misstatement:
"So all of you out there may be leaking vpn DNSs right now after upgrade... that's an upgrade bug, a serious one."this is not the case for everyone...
-
@al Tried that, some results
-
@DaddyGo it's not a misstatement: 'may' is not the same as affirming for sure... anyway I'm happy for you, but I'm not happy for me.
pfSense most likelly has 2 sets of configurations: one configured in the OS in the form of conf files and one for the front-end. I bet in my case they got out of sync, and setting off and on again made sync them... of course this is just and hypothesis but still a logical one. -
@avr said in pfSense 2.4.5-RELEASE-p1 Now Available:
@DaddyGo it's not a misstatement: 'may' is not the same as affirming for sure... anyway I'm happy for you, but I'm not happy for me.
pfSense most likelly has 2 sets of configurations: one configured in the OS in the form of conf files and one for the front-end. I bet in my case they got out of sync, and setting off and on again made sync them... of course this is just AN hypothesis but still a logical one. -
@al Restarted, tried again, stuck again...
[220/239] Reinstalling pkg-1.13.2... [220/239] Extracting pkg-1.13.2: 100% You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed. [221/239] Upgrading pfSense-pkg-squidGuard from 1.16.18_5 to 1.16.18_6... [221/239] Extracting pfSense-pkg-squidGuard-1.16.18_6: 100% Removing squidGuard components... Menu items... done. Services... done. Loading package instructions... Deinstall commands... done.
-
@Visseroth Do you still get a:
I did try your post and received "pkg-static: Cannot get an advisory lock on a database, it is locked by another process"
if so does a:
killall pkg-static
make a difference? Is the process truly terminated if you look up / check with 'ps -aux' or 'top' ?
Afterwards please run (again) and see if package continue to become installed:
pkg-static upgrade -f
-
@Visseroth also consider running a:
pkg clean
, after killing the process - maybe it does the job re. the lock. A wild guess, but try.
-
Hi, Thanks for your reply.
something can be safely called a global problem, if the problem is the same everywhere
if it only happens in a few installations, it can be anything, I mean it's not good for you, but it can be something else in the background
if this were the situation in a completely general way and for everyone - then you are absolutely right
there are nearly 50 of pfSense (2.4.5-p1) running on our systems - and we really haven’t experienced that issue...
(on a variety of environments and hardware)it scared me too - but we checked several installations immediately - but no question so far
we use almost only OpenVPN connections between multiple countries and of course NordVPN + ExpVPN subscriptions
my opinion is that:
I modify - this is not a misstatement - but a problem to be investigated individually ,first (of course with community help if needed)
-
@al pkg clean and pkg-static clean gave me "Nothing to do"
Tried pkg-static upgrade -f again, same result -
@Visseroth Seems the problems are with specific packages re. https://forum.netgate.com/topic/154403/squidguard-update-fails-after-upgrading-pfsense-2-4-5-release-p1 where (deep below in the thread) it is listed how to workaround it. However the problem might be a bug in the pkg-static program.
dennis_s / Netgate employee mention using 'killall -9 pkg-static', whereas pr340 mention deleting squidGuard calling 'pkg delete squidGuard', unfortunately I think you need to read it through thoroughly to decide which path you want to take.
-
@Visseroth forgot to mention: Try to close down the squid service before doing the package update. Maybe that makes a difference.
-
@DaddyGo said in pfSense 2.4.5-RELEASE-p1 Now Available:
if it only happens in a few installations, it can be anything
I'd like to politelly disagree there... software engineering, the absent elephant in the room, should prevent 'random' problems like this to occur. Imagine if, instead of a security software product, it was a bridge, or a building... oh wait! anti-engineering is getting there too!
-
I have 3 gateways, one ipv6 (Comcast, SLAAC) and 2 ipv4 (Comcast static /29 and Verizon Wireless static /32). The status of the ipv6 gateway remains "Unknown" although ipv6 clients get an address and routing works. I added a report to a bug here: https://redmine.pfsense.org/issues/10565#change-46724
but there has been no notice of it. -
@al Good call, I don't know why I didn't think of that! I guess I ass-u-me-d (assumed) that it would stop the service and then update the application and then restart the service.