• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!

Scheduled Pinned Locked Moved Messages from the pfSense Team
115 Posts 49 Posters 61.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gpfsenser @defunct78
    last edited by Feb 21, 2021, 9:15 PM

    @defunct78 I had the same error exactly.....

    P 1 Reply Last reply Feb 27, 2021, 11:59 PM Reply Quote 0
    • F
      FileCity
      last edited by Feb 21, 2021, 9:19 PM

      Smooth upgrade as always. Running for more than 24 hours and very happy.
      Thanks to the developers for this welcomed upgrade !!!
      Keep the good work and take care.

      1 Reply Last reply Reply Quote 1
      • D
        defunct78 @defunct78
        last edited by Feb 21, 2021, 9:21 PM

        @defunct78 said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

        @defunct78 I attempted again, and was able to successfully upgrade. Though it looks like I am now having problems with the unbound service not starting. No logs either, which makes it hard to troubleshoot (resolver.log empty). I was able to switch over DNS Fowarder as suggested in here,

        https://www.reddit.com/r/PFSENSE/comments/lo9ag5/since_upgrading_to_25_dns_resolver_unbound_keeps/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

        add have restored services.

        As a side note, with Unbound, I was doing this.
        https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html

        Not sure if that broke with the upgrade.

        SG-1100 24.03 (ZFS)

        1 Reply Last reply Reply Quote 0
        • R
          rameshk
          last edited by Feb 22, 2021, 10:32 AM

          I have installed and configured OpenVPN on my pfSense 2.5 (spare) box yesterday. All working fine so far.

          I need to do bit more experiment to understand the algorithms settings as it struggled to connect with AES-256-GCM. I have set the fall back algorithm to AES-128-CBC.

          I appreciate any suggestions or guidance.

          Thank you

          1 Reply Last reply Reply Quote 0
          • W
            weldong
            last edited by Feb 22, 2021, 2:50 PM

            When 21.02 was released 5 days ago, my SG-3100 showed the upgrade was available. However, by the end of the week (and as of today), it shows I am running the most current version (2.4.5-RELEASE-p1 (arm) ). Looks like the new revisions have been pulled?

            Given this and this thread, i think I will wait for the next minor release before upgrading.

            B E 2 Replies Last reply Feb 22, 2021, 3:01 PM Reply Quote 0
            • B
              bmeeks @weldong
              last edited by Feb 22, 2021, 3:01 PM

              @weldong said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

              When 21.02 was released 5 days ago, my SG-3100 showed the upgrade was available. However, by the end of the week (and as of today), it shows I am running the most current version (2.4.5-RELEASE-p1 (arm) ). Looks like the new revisions have been pulled?

              Given this and this thread, i think I will wait for the next minor release before upgrading.

              Yes, the Netgate team has temporarily pulled the update for SG-3100 boxes as they work on fixing a bug and testing the fix. Posts over the past weekend suggest the bug has been identified and hopefully fixed. They are testing to be sure before releasing a patched upgrade.

              M 1 Reply Last reply Feb 22, 2021, 3:28 PM Reply Quote 0
              • M
                mkryger @bmeeks
                last edited by Feb 22, 2021, 3:28 PM

                @bmeeks
                Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
                Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
                I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread.

                S B 3 Replies Last reply Feb 22, 2021, 3:31 PM Reply Quote 0
                • S
                  SteveITS Galactic Empire @mkryger
                  last edited by Feb 22, 2021, 3:31 PM

                  @mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                  disappeared from my SG-3100.
                  Can you possibly provide a link

                  https://forum.netgate.com/topic/160959/21-02-sudden-lockup/

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote 👍 helpful posts!

                  C 1 Reply Last reply Feb 22, 2021, 3:53 PM Reply Quote 1
                  • B
                    bmeeks @mkryger
                    last edited by Feb 22, 2021, 3:49 PM

                    @mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                    @bmeeks
                    Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
                    Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
                    I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread.

                    @teamits beat me to it, but here is a copy of his link as a clickable one: https://forum.netgate.com/topic/160959/21-02-sudden-lockup/.

                    1 Reply Last reply Reply Quote 0
                    • C
                      chudak @SteveITS
                      last edited by Feb 22, 2021, 3:53 PM

                      @teamits

                      https://twitter.com/NetgateUSA/status/1362791245546946561

                      1 Reply Last reply Reply Quote 0
                      • E
                        edmund @weldong
                        last edited by Feb 22, 2021, 3:54 PM

                        @weldong - I wish that I had been as smart as you and not "upgraded" as soon as I saw the alert. My system is a SG-4860 and after a couple of days working on it I think I've got it working reliably again.
                        The main problem that I see with the update process is that you are just told that an update is read to be installed but without any information of details.

                        1 Reply Last reply Reply Quote 0
                        • B
                          bmeeks @mkryger
                          last edited by Feb 22, 2021, 3:55 PM

                          @mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                          @bmeeks
                          Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
                          Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
                          I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread.

                          I'm not a Reddit user, but I understand something was also posted there by the team (and perhaps on Twitter, but not sure about that one). I'm just not an active social media guys, so I don't follow all those sites.

                          The main bug causing the lockups appears to have been a sort of estoteric thing where the llvm compiler for ARM hardware was reordering some memory reads and writes for optimization, but that reordering, in one particular case, resulted in a thread locking deadlock situation. If this link opens for you, here is the bug fix: https://github.com/pfsense/FreeBSD-src/commit/4b914061a48bb289ede4d3a7362ed6adf9378c0f. This is also being backported into FreeBSD-12, I believe.

                          1 Reply Last reply Reply Quote 0
                          • Y
                            yepitro1986
                            last edited by Feb 22, 2021, 4:40 PM

                            Still no GUI for ZFS?

                            1 Reply Last reply Reply Quote 0
                            • Y
                              yepitro1986
                              last edited by Feb 22, 2021, 4:42 PM

                              and how about ZFS email notification, is it available on Pfsense 2.5.0

                              1 Reply Last reply Reply Quote 0
                              • B
                                brians
                                last edited by Feb 23, 2021, 4:28 PM

                                Upgraded SG-5100 to 21.02.
                                IPsec seems to have issue. Tunnels connect but some are duplicated and shown as disconnected at bottom of Status->IPsec page but instead create a different IPsec ID with a larger con# eg. con400000 vs typical lower number like con1000. These large connections have same information and show connection except there is blank where name should be. If I identify one what it should be and disconnect, reconnecting the "correct" one, or sending IP traffic across a tunnel still creates these incorrect IDs. This also slows down the interface when loading status. Some tunnels are fine and do not have this behaviour. I deleted the tunnels and recreated and same problem.
                                Anyone else ever see this?
                                Here is example (which IP address blocked out) that shows disconnected an a con400000 that actually connects...

                                42176a49-c041-43d0-83b1-15c23e3693fd-image.png
                                1648ff3a-9825-4001-a7fe-a3824e5b9d23-image.png

                                C 1 Reply Last reply Feb 25, 2021, 5:45 PM Reply Quote 1
                                • E
                                  elvisimprsntr
                                  last edited by Feb 25, 2021, 12:14 PM

                                  Seems there is a problem with updating snort GPLv2 suricata rules.

                                  Anyone else seen this problem?

                                  Starting rules update...  Time: 2021-02-25 07:03:23
                                  	Downloading Emerging Threats Open rules md5 file...
                                  	Checking Emerging Threats Open rules md5 file...
                                  	Emerging Threats Open rules are up to date.
                                  	Downloading Snort GPLv2 Community Rules md5 file...
                                  	Snort GPLv2 Community Rules md5 download failed.
                                  	%#ff26000)[Server returned error code 404.
                                  	Server error message was: 404 Not Found]
                                  	Snort GPLv2 Community Rules will not be updated.
                                  The Rules update has finished.  Time: 2021-02-25 07:03:23
                                  
                                  
                                  
                                  B R 2 Replies Last reply Feb 25, 2021, 12:39 PM Reply Quote 0
                                  • B
                                    bmeeks @elvisimprsntr
                                    last edited by Feb 25, 2021, 12:39 PM

                                    @elvisimprsntr said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                    Seems there is a problem with updating snort GPLv2 suricata rules.

                                    Anyone else seen this problem?

                                    Starting rules update...  Time: 2021-02-25 07:03:23
                                    	Downloading Emerging Threats Open rules md5 file...
                                    	Checking Emerging Threats Open rules md5 file...
                                    	Emerging Threats Open rules are up to date.
                                    	Downloading Snort GPLv2 Community Rules md5 file...
                                    	Snort GPLv2 Community Rules md5 download failed.
                                    	%#ff26000)[Server returned error code 404.
                                    	Server error message was: 404 Not Found]
                                    	Snort GPLv2 Community Rules will not be updated.
                                    The Rules update has finished.  Time: 2021-02-25 07:03:23
                                    
                                    
                                    

                                    Are you running Suricata and using the Snort GPLv2 Community Rules?

                                    What is the version of your Suricata package?

                                    And what hardware and pfSense type? Is is CE or pfSense+ (on Netgate hardware)?

                                    This line in your update log is very puzzling:

                                    %#ff26000)[Server returned error code 404.
                                    

                                    It's the "%#ff26000)" part that is weird. Almost like some kind of memory corruption occurred.

                                    E 1 Reply Last reply Feb 25, 2021, 12:45 PM Reply Quote 0
                                    • E
                                      elvisimprsntr @bmeeks
                                      last edited by Feb 25, 2021, 12:45 PM

                                      @bmeeks

                                      I tried to color code the error message in red when I posted the log output, unfortunately I cannot edit my OP.

                                      I am running Suricata 6.0.0_8

                                      Hardware is a https://protectli.com/product/fw4a/

                                      Running pfsense CE

                                      B 1 Reply Last reply Feb 25, 2021, 12:52 PM Reply Quote 0
                                      • B
                                        bmeeks @elvisimprsntr
                                        last edited by Feb 25, 2021, 12:52 PM

                                        @elvisimprsntr said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                        @bmeeks

                                        I tried to color code the error message in red when I posted the log output, unfortunately I cannot edit my OP.

                                        I am running Suricata 6.0.0_8

                                        Hardware is a https://protectli.com/product/fw4a/

                                        Running pfsense CE

                                        Oh, okay ... 😀. That one had me wondering for a minute.

                                        I don't know of any other problems reported like that recently. I will fire up my test VM and check it out to be sure. Many times this is caused by one of the following:

                                        1. a temporary issue with posting of the actual file (and copying it to all the servers in the CDN network). This would be on the Snort end and will heal itself once the file is replicated around.

                                        2. a problem accessing the specific Amazon Web Services IP space where the rules file lives. Even though the URL says it's a snort.org site, it actually redirects you to AWS infrastructure. In the past, folks using pfBlockerNG with various IP feeds have sometimes encountered feeds that block some of the IP space of AWS.

                                        3. a problem with Squid or Squidguard blocking the download if those packages are installed.

                                        Wait a bit and then retry the rules update manually by going to the UPDATES tab and clicking the button. If it still does not succeed and fails with the same error, then I would first check for anything blocking stuff on your end.

                                        I will post back with the results of my test shortly.

                                        E 1 Reply Last reply Feb 25, 2021, 1:03 PM Reply Quote 0
                                        • E
                                          elvisimprsntr @bmeeks
                                          last edited by Feb 25, 2021, 1:03 PM

                                          @bmeeks

                                          Thanks.

                                          I disabled pfBLockNG and DNSBL and attempted manual suricata update.
                                          Unfortunately, I get the same error message

                                          B 1 Reply Last reply Feb 25, 2021, 1:10 PM Reply Quote 0
                                          91 out of 115
                                          • First post
                                            91/115
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received