pfSense Plus and SG-3100
-
A problem has been reported by some users of the Netgate SG-3100 appliance who have upgraded to pfSense Plus version 21.02. Our engineering team is working to correct the issue as quickly as possible. In the meantime, we have suspend the upgrade for the SG-3100 and SG-1000 (as precaution). We expect to provide a solution to the issue, which appears to be related to reloading the packet filter, as soon as testing is complete. We apologize for the inconvenience.
-
@stephenw10 , I suggest users to downgrade.
-
@stephenw10 Hello, when do we expect to have the fix release? thanks!
-
As soon as possible. Hard to say anything more at this point.
It's a lot closer now that we have replicated it locally though.Steve
-
@stephenw10 If you want me to test something, just tell me, I'm currently using the 21.02 in a SG-3100 and I would be glad to be able to help you folks..
-
Thanks for the offer. I'll reach out if we need more data points.
It's in the hands of our developers now though and they are able to replicate it on demand.Steve
-
@mcury same for me!
-
Is there an email alert we could get to know when this is fixed? (I'll poke around and see if I can find a way to sign up for an alert in the meantime).
We have 2 SG-3100's and 1 was upgraded.
-
I have the same problem and I am not able to down grade as the package manager seems to be broken on the SG3100.
I need to get this stabilized for my customer. As a workaround, I am stating to build up a 'home edition' one just to get him stable.
Would I be correct in assuming that if I could roll back, I would not be having these random/every few hour/ halts?
Like others, I have been monitoring the Serial port, but very little information is available to move forward to resolving this.
pkg update -f
Updating pfSense-core repository catalogue...
pkg: https://files01.netgate.com/pkg/pfSense_plus-v21_02_armv7-core/meta.txz: Not Found
repository pfSense-core has no meta file, using default settings
pkg: https://files01.netgate.com/pkg/pfSense_plus-v21_02_armv7-core/packagesite.txz: Not Found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: https://files00.netgate.com/pkg/pfSense_plus-v21_02_armv7-pfSense_plus-v21_02/meta.txz: Not Found
repository pfSense has no meta file, using default settings
pkg: https://files00.netgate.com/pkg/pfSense_plus-v21_02_armv7-pfSense_plus-v21_02/packagesite.txz: Not Found
Unable to update repository pfSense
Error updating repositories!So, this likely should be a new thread. But, I checked
cat /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf
FreeBSD: { enabled: no }pfSense-core: {
url: "pkg+https://firmware.netgate.com/pkg/pfSense_plus-v21_02_armv7-core",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/local/share/pfSense/keys/pkg",
enabled: yes
}pfSense: {
url: "pkg+https://firmware.netgate.com/pkg/pfSense_plus-v21_02_armv7-pfSense_plus-v21_02",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/local/share/pfSense/keys/pkg",
enabled: yes
}And
https://firmware.netgate.com/pkg/pfSense_plus-v21_02_armv7-pfSense_plus-v21_02
Does not exist at firmware.netgate.com
thanks in advance,
-
@va3mw you'll need to backup your config and re-install pfSense 2.4.5. See https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html
-
Ahh, I've been experiencing the "wonkiness" today, so I'm glad it's not just me.
If someone has already upgraded, and doesn't really want to downgrade, is there any other workaround, or is it basically just restarting the firewall to get it operational again?
-
You can disable one CPU core and it will avoid ever hitting the lock. Obviously performance will be reduced but that may not be an issue for a lot of use cases. Run:
echo hw.ncpu=1 >> /boot/loader.conf.local
Then reboot.
Remove or comment out that line later after this is fixed.
Steve
-
@stephenw10 said in pfSense Plus and SG-3100:
echo hw.ncpu=1 >> /boot/loader.conf.local
Done and done. Thank you Steve!
Will updates on the update be placed in this thread (that I'm watching)?
-
Yes, this thread will be updated.
-
@amarand said in pfSense Plus and SG-3100:
@stephenw10 said in pfSense Plus and SG-3100:
echo hw.ncpu=1 >> /boot/loader.conf.local
Done and done. Thank you Steve!
Will updates on the update be placed in this thread (that I'm watching)?
Did this work for you? Im stuck rebooting randomly during the day also.
-
Just added this entry to the file a few minutes ago, so we'll see!
I only had a single failure requiring a reboot during the day today...so I was hoping to avoid experiencing that again.
Glad there's a quick and easy workaround.
-
@mr_aj So far so good for me, 3 hrs in on a single cpu.
-
@oldmanniko said in pfSense Plus and SG-3100:
@mr_aj So far so good for me, 3 hrs in on a single cpu.
All is well with this quick fix. Thanks!
-
Good to hear.
We think we have found the root cause of this and will be testing fixes imminently.
Technical details here for those who may be interested:
https://reviews.freebsd.org/D28821Steve
-
@artooro Thanks. That is what I did.