pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!
-
Upgraded to 2.5.0 from 2.4.5p1 yesterday and everything went smooth. Upgrade took about 5 minutes and system came right back up. All packages and services working as expected. I've been using pfSense since the 2.3.x branch on a Supermicro 5018D-FN8T 1U server and all upgrades since then have gone smoothly.
With this latest release I get the impression that network throughput has improved a little bit, although that is based mostly on anecdotal evidence right now by running a few internal internal (routing between two 10Gbit LAN subnets) and external (e.g. speedtest.net) speed tests since the upgrade.
The only issue I have run into are ping spikes that appear to get worse if I increase the velocity of ping packets.
https://forum.netgate.com/topic/160974/upgraded-to-2-5-0-now-seeing-ping-spikes
I have reviewed and changed my hardware tuning parameters a little bit and this appears to have helped somewhat by making the spikes last frequent at lower velocities. The issue still persists, however, but thankfully I have no evidence right now that this is a general problem affecting all traffic (e.g. including TCP, UDP, etc.). Could ICMP packets be getting de-prioritized somehow?
On a related note, I also want to call out that there have been some fairly significant changes to how FreeBSD 12 handles NIC driver interfacing with the OS kernel compared to older versions. For instance, FreeBSD now uses a framework called
iflib:The em driver has also been updated, please see the following:
https://forums.freebsd.org/threads/freebsd-12-sysctl-system-parameters.78806/
If you're like me and have a lot of hardware tunables set, it is worth reviewing them after the upgrade as some of them 1. may no longer be supported, or 2. may now have be set through
iflib. For example, this will be the case if you have a system that uses Intel NIC's and theigbdriver. -
@froussy said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just upgraded my sg-5100 to 21.02.. had to downgrade to 2.4.5.. IPSec tunnel keep dropping, even recreating them :(
I upgraded my SG-5100 from 2.4.5-p1 to 21.02 and my OpenVPN has stopped working. Currently troubleshooting and considering a downgrade back to 2.4.5-p1...
It's just a vanilla VPN connecting to NordVPN, and I used their comprehensive documentation to set it up (pfSense 2.4.4 VPN setup)
-
SG-3100 wont stay online more than an 1hr after the upgrade. Broken release!
-
@sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
@froussy said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just upgraded my sg-5100 to 21.02.. had to downgrade to 2.4.5.. IPSec tunnel keep dropping, even recreating them :(
I upgraded my SG-5100 from 2.4.5-p1 to 21.02 and my OpenVPN has stopped working. Currently troubleshooting and considering a downgrade back to 2.4.5-p1...
It's just a vanilla VPN connecting to NordVPN, and I used their comprehensive documentation to set it up (pfSense 2.4.4 VPN setup)
OpenVPN server or client ?
-
@chudak said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
OpenVPN server or client ?
OpenVPN client
-
I saw the following issues with the recent update:
My WAN connection was set to a fixed rate running over a CAT5 cable. I would get some minor errors at 100baseT but everything has worked for years now. But the update forces the interface to autoset the rate so it failed repeatedly by switching to 1000baseT and failing. The new interface driver doesn't seem to support 100baseT fixed rate well. Opening all the doors across the building and running a CAT6 cable across the building got it working but I now have to move everything.
The internal network is IPv4 and used the pfsense DNS service, the update appears to have replaces the IPv4 DNS service with an IPv6 service so everyone lost access to the internet. I've turned on DNS forwarding and it seems to have solved the problem although I'm concerned this means that there may be potential a security risk until I can get control over DNS back in house.
-
@teamits
I have a core i5-5250U with a SATA kingston 120 GB SSB Qotom that is connected to a UK /virgin media 100 Mbit connection. This is the first time it behaved like this. I have been using pfsense since version 2.2. All NIC's are 1 Gbit Ethernet.
-
My upgrade went smooth on SG5100. I can see pfsense + on dashboard. I can see a slow UI response but hopefully that will go away.
All of my services are working fine;
Thanks for the good stuff.
-
So I made a new flash drive with 2.5.0 from my Mac, tried to install it on the same Mac Mini I have been testing. It would not boot from it, the EFI Boot option was not there like it is with 2.4.5 flash drive. Reworked the flash drive, same issue.
I went ahead and installed 2.4.5 again, left all defaults, setup my LAN, DHCP and WAN. All working fine. Then I did the upgrade feature, this time watching it work from the other screen that shows the entire process. It did get stuck once on # 15/212 Extracting Python, but 5 minutes later it finished that line. The entire upgrade took about 20 minutes until I can boot and login to the GUI screen.
I checked again my LAN, DHCP and WAN settings, all looked good. And I am getting internet, and speed test was normal [400/400]
So for the Mac maybe this upgrade to 2.5.0 takes longer and I didn't let it finish the first time I tried it. But so far 15 minutes later, and I am doing a constant ping out to 8.8.8.8, no issues yet.
-
Thank you for the good news. I have upgraded my pfSense router running CE to 2.5 last night and all Working fine on Odyssey x86 (Spare). I will upgrade my main router running on Exsi VM ones I am satisfied that it’s working fine.
-
@bldnightowl what need to be update in the script to fix the issue? Thanks
-
@mikesamo By default gpioctl uses /dev/gpioc0 -- turns out that's not always the right LED device. In my case, it's now /dev/gpioc2.
gpioctl -f /dev/gpioc2 ... -
Remotely updated 2.4.5 to 2.5 on Netgate RCC-VE 4860 and everything is dead.
Will go on site to ... diagnose.Regards
-
@1eyebrow - Check the DNS, this update seems to have made many changes that may affect IPv4 configurations that have worked for years. I suspect that all the development was done in an IPv6 environment, not IPv4.
-
@edmund Could be, I have on the device 3 WANs on different ISPs, but no joy (ipv4), it seams that I have to go pet the device :)
-
@sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
my OpenVPN has stopped working
OpenVPN client
Check around Data Encryption Negotiation, Data Encryption Algorithms and Fallback Data Encryption Algorithm. But first of all check your OpenVPN log (assuming you have the necessary verbosity set).
-
@andrewz thanks for the suggestions. I actually did all that yesterday for quite a while, but seemed to also have DNS issues etc, so have re-installed 2.4.5-p1 and restored a backup.
Re-install and restore was a challenge in itself since I run pfBlockerNG. Had to reinstall packages manually before the restore, and make sure it was using the right repo.
-
@sebm - Mine "worked" initially but then quit after 12 hours - I think the cache emptied. I went to the DNS resolver settings and checked the box that says "Use SSL/TLS for outgoing DNS queries..." and it's working now.
-
@edmund Thanks for adding this info. I was planning to upgrade again in a week or two once I’ve gathered enough troubleshooting data from others, so this will be useful.
-
I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:
Loading configured modules... can’t find ‘/etc/hostid’ /boot/entropy size=0x1000 -Then nothing.
I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.
