pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!

captainjackla

So I made a new flash drive with 2.5.0 from my Mac, tried to install it on the same Mac Mini I have been testing. It would not boot from it, the EFI Boot option was not there like it is with 2.4.5 flash drive. Reworked the flash drive, same issue.

I went ahead and installed 2.4.5 again, left all defaults, setup my LAN, DHCP and WAN. All working fine. Then I did the upgrade feature, this time watching it work from the other screen that shows the entire process. It did get stuck once on # 15/212 Extracting Python, but 5 minutes later it finished that line. The entire upgrade took about 20 minutes until I can boot and login to the GUI screen.

I checked again my LAN, DHCP and WAN settings, all looked good. And I am getting internet, and speed test was normal [400/400]

So for the Mac maybe this upgrade to 2.5.0 takes longer and I didn't let it finish the first time I tried it. But so far 15 minutes later, and I am doing a constant ping out to 8.8.8.8, no issues yet.

rameshk

@dennis_s

Thank you for the good news. I have upgraded my pfSense router running CE to 2.5 last night and all Working fine on Odyssey x86 (Spare). I will upgrade my main router running on Exsi VM ones I am satisfied that it’s working fine.

mikesamo

@bldnightowl what need to be update in the script to fix the issue? Thanks

bldnightowl

@mikesamo By default gpioctl uses /dev/gpioc0 -- turns out that's not always the right LED device. In my case, it's now /dev/gpioc2.

gpioctl -f /dev/gpioc2 ...

1eyebrow

Remotely updated 2.4.5 to 2.5 on Netgate RCC-VE 4860 and everything is dead.
Will go on site to ... diagnose.

Regards

edmund

@1eyebrow - Check the DNS, this update seems to have made many changes that may affect IPv4 configurations that have worked for years. I suspect that all the development was done in an IPv6 environment, not IPv4.

1eyebrow

@edmund Could be, I have on the device 3 WANs on different ISPs, but no joy (ipv4), it seams that I have to go pet the device :)

AndrewZ

@sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

my OpenVPN has stopped working

OpenVPN client

Check around Data Encryption Negotiation, Data Encryption Algorithms and Fallback Data Encryption Algorithm. But first of all check your OpenVPN log (assuming you have the necessary verbosity set).

SebM

@andrewz thanks for the suggestions. I actually did all that yesterday for quite a while, but seemed to also have DNS issues etc, so have re-installed 2.4.5-p1 and restored a backup.

Re-install and restore was a challenge in itself since I run pfBlockerNG. Had to reinstall packages manually before the restore, and make sure it was using the right repo.

edmund

@sebm - Mine "worked" initially but then quit after 12 hours - I think the cache emptied. I went to the DNS resolver settings and checked the box that says "Use SSL/TLS for outgoing DNS queries..." and it's working now.

SebM

@edmund Thanks for adding this info. I was planning to upgrade again in a week or two once I’ve gathered enough troubleshooting data from others, so this will be useful.

plfinch

I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:

Loading configured modules...
can’t find ‘/etc/hostid’
/boot/entropy size=0x1000
-

Then nothing.

I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.

chudak

@plfinch said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:

Loading configured modules...
can’t find ‘/etc/hostid’
/boot/entropy size=0x1000
-

Then nothing.

I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.

not sure but maybe this is related https://twitter.com/NetgateUSA/status/1362791245546946561 ?

JeffV

@plfinch
Where did you get the 21.02 image? I have the same device and mine updated to 2.5.0 instead of 21.02. How do I get the 21.02 download link?

johnpoz

@jeffv said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

Where did you get the 21.02 image?

If you want an actual image to do a clean install with - open a ticket with netgate, they will send you a link to image very quickly.. Took a whole 28 minutes the other day during the drop of new, while I am sure they are quite busy with legit tickets and not just requests for images.

If you updated to 2.5 vs 21.02 - you were prob running the CE version on your netgate appliance vs the FE (factory edition)..

matthijs

One big mess after upgrading to 2.5 with named/Bind, this is it, I am done with PFsense Netgate. I have those Issues with conflicting rndc ports between named and unbound for years forcing me to run the named/bind rndc port on a virtual IP instead of localhost/172.0.0.1 I am migrating to OPNSense now, bye bye PFSense

matthijs

Update !

The issue is de Bind package,

[1/5] Installing protobuf-3.13.0,1...
[1/5] Extracting protobuf-3.13.0,1: .......... done
[2/5] Installing protobuf-c-1.3.2_6...
[2/5] Extracting protobuf-c-1.3.2_6: .......... done
[3/5] Installing fstrm-0.6.0...
[3/5] Extracting fstrm-0.6.0: .......... done
[4/5] Installing bind916-9.16.11...
[4/5] Extracting bind916-9.16.11: .......... done
[5/5] Installing pfSense-pkg-bind-9.16_9...
[5/5] Extracting pfSense-pkg-bind-9.16_9: .......... done
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...rndc: connect failed: 10.17.19.1#8953: timed out

The install procedure (resync config command) is trying to find de rncd port on the interface Bind/Named is bind to in my configuration (a virtual IP address) but I guess it is bind to 127.0.0.1 instead failing the installation/upgrade

Sucks Big Time because I have a very big and complex bind configuration with Acme integration, and have have this rndc issues for years now.

So this sucks big time for me !!

edmund

@dennis_s said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.

Everything would go much better if the upgrade process made a backup automatically and offered users the ability to quickly return to the previous release when they run into problems. I would see this as a major feature.

mmichael

Hello,

thanks for the new Release. Update on two VM's was easy! But I have a issue with my IPSEC-Tunnels. The tunnels to Machines with 2.4.1 didn't come online.
A IPSEC-Tunnel between two 2.5 Machines is up - but on one Machine "marked as down" (but working).
For business use - I'll wait a bit bevor upgrading
Regards
Martin

plfinch

Upgrade of my primary firewall, an SG-5100, was successful via GUI update. I did experience the following:

1. Could not connect OpenVPN. Looks like pfSense Dynamic DNS did not actually update Google DNS after boot. I forced the update (“Save & Force Update”) and all good once propogated.

2. Arpwatch continually reported 2 devices flip-flopping on one IP. Rebooted both devices to resolve.