pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!
-
@sebm For me - no issues faced, configuration restore worked on the first attempt.
-
I've updated an APU2C4 from 2.4.5p1 to 2.5. After adjusting "Fallback Data Encryption Algorithm" to "None (No Encryption)" the setup was working fine with my uploaded backup data from 2.4.5p1. Also Squid and pfBlockerNG Devil are working well. A real impact is the VPN speed even if I've used nearly the same settings as my VPN provider taught and were existent under 2.4.5p1. I use OpenVPN with NordVPN and after updating the d/l speed is the half. Under 2.4.5p1 I've had about 96mbit now at about 50mbit. I've tried different options also under "Allow Compression" in the VPN Client settings but no change achieved so far. If this will is not getting better I'll go back to 2.4.5p1.
-
@tele_01 I've forgot to mention that the processor load was not above 90% via SSH. My feeling is that OpenVPN was different migrated into FreeBSD 11.x than under 12.x within pfSense because on 2.4.5p1 and having sometimes more than 100mbit in d/l (provider hosts max 120mbit) the processor load was at about 94%.
-
-
Upgraded my SG-1100 from 2.4.5p1 to 21.02.. Upgrade went fine. The network was down for 14 minutes, so dont worry if it takes a long time. Everything came up and my 2 VPN tunnels came up again without any issues.
Good Job Netgate! :)
-
Upgraded my home custom PC system based on an old HP proudest desktop to 2.5.0 with no major issues. I had to manually start DNS resolver as DNS was not working right after but maybe was just my impatience. OpenVPN server for client works, all IPsec tunnels up.
The only production system I did was an SG-2220 so far at one of our locations over weekend I did remotely. It seemed to go smooth but when I was in there onsite yesterday no Internet but the IPsec tunnels were up. After troubleshooting it was a bad GW which I had left in there from an old static WAN configuration, but it is currently using GW via DHCP. I removed this static GW and made sure the DHCP GW is default which solved the issue and works fine now.
Hesitant to do my SG-5100s maybe will wait a bit and do first while onsite.
I have customer with SG-4860 that has lots of VPN tunnels, VLANs etc. it has been up for 230 days... probably will wait on that one for a while.
-
Just tried to upgrade a SG-1100. During the download/install process before the first reboot, I got a failure on certificate verification.
[87/200] Fetching libgpg-error-1.41.txz: .......... done [88/200] Fetching libgcrypt-1.8.7.txz: .......... done [89/200] Fetching libffi-3.3_1.txz: ..... done [90/200] Fetching libevent-2.1.12.txz: .......... done [91/200] Fetching libedit-3.1.20191231,1.txz: .......... done [92/200] Fetching libdnet-1.13_3.txz: ......... done [93/200] Fetching libdaemon-0.14_1.txz: .... done 1082884096:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_02_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.netgate.com 1082884096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_02_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Child process pid=29228 terminated abnormally: Segmentation fault Failed -
Forgot to mention that since upgrade my SG-2220 seems faster now and can get 900+Mbps on Speedtest.net where before was around 600-700Mbps. ipSEC still seems around 400Mbps, not as fast as 5100 but still good for an older box... just wish it had one more OPT port.
-
Please advise how I may return my SG-1100 to the previous version, prior to 21.02.
This new 21.02 is apparently dangerously unstable. My specific symptoms have been manageable so far as they are limited to incorrect and missing display information on the admin portal, but based on these forums, I fear that I may experience serious problems in the future if I stay on 21.02. Thank you in advance for your response.
-
@alain-leinbach said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
advise how I may return my SG-1100 to the previous version, prior to 21.02
Open a ticket at https://go.netgate.com/ to request Netgate firmware.
-
@defunct78 I attempted again, and was able to successfully upgrade. Though it looks like I am now having problems with the unbound service not starting. No logs either, which makes it hard to troubleshoot (resolver.log empty). I was able to switch over DNS Fowarder as suggested in here,
https://www.reddit.com/r/PFSENSE/comments/lo9ag5/since_upgrading_to_25_dns_resolver_unbound_keeps/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
add have restored services.
-
@defunct78 I had the same error exactly.....
-
Smooth upgrade as always. Running for more than 24 hours and very happy.
Thanks to the developers for this welcomed upgrade !!!
Keep the good work and take care. -
@defunct78 said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
@defunct78 I attempted again, and was able to successfully upgrade. Though it looks like I am now having problems with the unbound service not starting. No logs either, which makes it hard to troubleshoot (resolver.log empty). I was able to switch over DNS Fowarder as suggested in here,
https://www.reddit.com/r/PFSENSE/comments/lo9ag5/since_upgrading_to_25_dns_resolver_unbound_keeps/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
add have restored services.
As a side note, with Unbound, I was doing this.
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.htmlNot sure if that broke with the upgrade.
-
I have installed and configured OpenVPN on my pfSense 2.5 (spare) box yesterday. All working fine so far.
I need to do bit more experiment to understand the algorithms settings as it struggled to connect with AES-256-GCM. I have set the fall back algorithm to AES-128-CBC.
I appreciate any suggestions or guidance.
Thank you
-
When 21.02 was released 5 days ago, my SG-3100 showed the upgrade was available. However, by the end of the week (and as of today), it shows I am running the most current version (2.4.5-RELEASE-p1 (arm) ). Looks like the new revisions have been pulled?
Given this and this thread, i think I will wait for the next minor release before upgrading.
-
@weldong said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
When 21.02 was released 5 days ago, my SG-3100 showed the upgrade was available. However, by the end of the week (and as of today), it shows I am running the most current version (2.4.5-RELEASE-p1 (arm) ). Looks like the new revisions have been pulled?
Given this and this thread, i think I will wait for the next minor release before upgrading.
Yes, the Netgate team has temporarily pulled the update for SG-3100 boxes as they work on fixing a bug and testing the fix. Posts over the past weekend suggest the bug has been identified and hopefully fixed. They are testing to be sure before releasing a patched upgrade.
-
@bmeeks
Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread. -
@mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
disappeared from my SG-3100.
Can you possibly provide a linkhttps://forum.netgate.com/topic/160959/21-02-sudden-lockup/
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote ๐ helpful posts! -
@mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
@bmeeks
Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread.@teamits beat me to it, but here is a copy of his link as a clickable one: https://forum.netgate.com/topic/160959/21-02-sudden-lockup/.
