• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!

Scheduled Pinned Locked Moved Messages from the pfSense Team
115 Posts 49 Posters 74.6k Views 45 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C Offline
    chrcoluk
    last edited by Feb 25, 2021, 1:31 PM

    I have 2 minor issues.

    1 - igb driver looks like it had a replacement, different sysctl's etc. I noticed its unstable when checksums are off, fixed by turning on (was off from som etesting I did a while ago and forgot to turn back on).
    2 - For some reason the LAN rule page is slow to load, slow after save, apply also, WAN and other rule pages are fine.

    Everything else at first glance seems ok.

    pfSense CE 2.8.0

    1 Reply Last reply Reply Quote 0
    • E Offline
      elvisimprsntr @bmeeks
      last edited by Feb 25, 2021, 1:38 PM

      @bmeeks

      Just for kicks, I enable use snort custom URL on the on the suricata global settings tab and pasted the v3 community rules URL and performed a manual update.

      https://www.snort.org/downloads/community/snort3-community-rules.tar.gz

      The update worked. I can't tell is the rules are actually working.

      B 1 Reply Last reply Feb 25, 2021, 1:45 PM Reply Quote 0
      • B Online
        bmeeks @elvisimprsntr
        last edited by Feb 25, 2021, 1:45 PM

        @elvisimprsntr said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

        @bmeeks

        Just for kicks, I enable use snort custom URL on the on the suricata global settings tab and pasted the v3 community rules URL and performed a manual update.

        https://www.snort.org/downloads/community/snort3-community-rules.tar.gz

        The update worked. I can't tell is the rules are actually working.

        I believe all (or nearly all) of the Community Rules are default disabled out-of-the-box by the creator (Talos). So they are actually not loading. Open up and look at the file and you will see the comment character ("#") in front of each rule. That means it is not processed by the Snort or Suricata engine.

        To really test compatibility, you would need to remove the comment and enable each rule. I'm researching now to see if these new rules are backwards compatible.

        Let's take the discussion out of this thread and instead post any further replies and updates to a new thread that has opened in the IDS/IPS sub-forum. This is not an issue with the new pfSense releases. It is an externally-caused problem.

        1 Reply Last reply Reply Quote 0
        • R Offline
          rameshk @elvisimprsntr
          last edited by Feb 25, 2021, 3:23 PM

          @elvisimprsntr
          I don’t think snort3 rules will work with Suricata. Please extract from my pfSense settings

          A2BF0C33-544B-4619-8A43-D9ECFF022888.jpeg

          Hope it helps

          E 1 Reply Last reply Feb 25, 2021, 3:37 PM Reply Quote 0
          • E Offline
            elvisimprsntr @rameshk
            last edited by Feb 25, 2021, 3:37 PM

            @rameshk

            I disable use custom URL and performed a manual update.

            seems to have download the v2 rules now.

            1 Reply Last reply Reply Quote 1
            • B Online
              bmeeks
              last edited by Feb 25, 2021, 3:38 PM

              This issue is now resolved. It was a problem on the Snort/Talos side. They accidentially omitted the old file. It is restored now and updates will work in both Snort and Suricata.

              R 1 Reply Last reply Feb 25, 2021, 3:57 PM Reply Quote 1
              • R Offline
                rameshk @bmeeks
                last edited by Feb 25, 2021, 3:57 PM

                @bmeeks
                Just an hour ago Snort GPLv2 rules wouldn’t update. Now downloaded successfully.

                1 Reply Last reply Reply Quote 0
                • C Offline
                  chopsuey172 @brians
                  last edited by Feb 25, 2021, 5:45 PM

                  @brians I'm seeing the same isssue. anyone have an idea?

                  B 1 Reply Last reply Feb 27, 2021, 7:20 PM Reply Quote 0
                  • J Offline
                    jkaukenen
                    last edited by Feb 26, 2021, 6:29 PM

                    I do Clouds and am not involved with pfsense much. But this upgrade has been a single disaster for me bc I lost my Snort in this, the paid one, and thats the only reason I went with Netgate/pfsense in the first place.

                    I cant rollback because the tarballs for the 2.4.x have disappeared, I cant find them.

                    So Im writing this product off as loss, wish it was managed with a more foresight instead of becoming the low-yield nuke that it is.

                    S E 2 Replies Last reply Feb 26, 2021, 6:35 PM Reply Quote 0
                    • S Offline
                      SteveITS Rebel Alliance @jkaukenen
                      last edited by Feb 26, 2021, 6:35 PM

                      @jkaukenen said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                      tarballs for the 2.4.x have disappeared

                      If you open a ticket with Netgate they'll send you a firmware download. If you downgrade make sure to change the version in System/Upgrades before installing packages.

                      Totally sympathize. With almost everything I wait a bit after release to see if there are issues.

                      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
                      Upvote 👍 helpful posts!

                      J 1 Reply Last reply Feb 27, 2021, 7:17 PM Reply Quote 0
                      • E Offline
                        elvisimprsntr @jkaukenen
                        last edited by Feb 26, 2021, 8:04 PM

                        @jkaukenen

                        I feel your plight. That's why I keep backups of images.

                        1 Reply Last reply Reply Quote 0
                        • J Offline
                          jkaukenen @SteveITS
                          last edited by Feb 27, 2021, 7:17 PM

                          @teamits thank you. I did open a ticket and I was successful in loading the 2.4.5.1, and got my SNORT back....so I am very happy. thanks -

                          1 Reply Last reply Reply Quote 0
                          • B Offline
                            brians @chopsuey172
                            last edited by Feb 27, 2021, 7:20 PM

                            @chopsuey172
                            re: ipSEC... look on there and apply those six patches.

                            https://www.provya.com/blog/pfsense-2-5-0-bugs-and-fixes-after-upgrade/#ipsec-problems-pfsense

                            1 Reply Last reply Reply Quote 0
                            • P Offline
                              pzanga @gpfsenser
                              last edited by Feb 27, 2021, 11:59 PM

                              @gpfsenser @defunct78

                              Just had the same issue on my sg-1100 about an hour ago. Didn't have time to retry the update. Has anyone come across any further info about this one? I'm just starting to search through the forums for ideas myself.

                              Thanks

                              D 1 Reply Last reply Feb 28, 2021, 2:45 AM Reply Quote 0
                              • D Offline
                                defunct78 @pzanga
                                last edited by Feb 28, 2021, 2:45 AM

                                @pzanga said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                @gpfsenser @defunct78

                                Just had the same issue on my sg-1100 about an hour ago. Didn't have time to retry the update. Has anyone come across any further info about this one? I'm just starting to search through the forums for ideas myself.

                                Thanks

                                I haven't had any more luck but I found this and I believe it may be related. I have a VM running 2.5.0 and unbound runs, but on the SG-1100 it won't even start and it looks like the version of unbound is different between those two.

                                https://forum.netgate.com/topic/161313/21-02-release-unable-to-force-unbound-upgrade-to-1-13-1

                                SG-1100 24.03 (ZFS)

                                1 Reply Last reply Reply Quote 1
                                • D Offline
                                  dylan-fraser
                                  last edited by Apr 11, 2021, 4:03 AM

                                  ISSUE WITH UPGRADE - Netgate SG-3100

                                  OPENVPN client on Netgate SG-3100 issue with portfowarding traffic from OVPN interface.

                                  pfsense.PNG

                                  chudakC 1 Reply Last reply Apr 29, 2021, 5:14 PM Reply Quote 0
                                  • 4 Offline
                                    4o4rh
                                    last edited by Apr 28, 2021, 4:16 PM

                                    Given the issues widely reported on the forum with 2.5.1, is there a release schedule for 2.5.2?

                                    K 1 Reply Last reply Apr 28, 2021, 4:19 PM Reply Quote 0
                                    • K Offline
                                      kevindd992002 @4o4rh
                                      last edited by Apr 28, 2021, 4:19 PM

                                      @gwaitsi said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                      Given the issues widely reported on the forum with 2.5.1, is there a release schedule for 2.5.2?

                                      So it's not advisable to upgrade from 2.5.0 to 2.5.1?

                                      4 1 Reply Last reply Apr 29, 2021, 6:22 AM Reply Quote 1
                                      • 4 Offline
                                        4o4rh @kevindd992002
                                        last edited by Apr 29, 2021, 6:22 AM

                                        @kevindd992002 if you have a multi-wan use case, you might want to read the posts from other users who have posted on it and specifically the fix not available via a patch.

                                        K 1 Reply Last reply Apr 29, 2021, 7:40 AM Reply Quote 0
                                        • K Offline
                                          kevindd992002 @4o4rh
                                          last edited by Apr 29, 2021, 7:40 AM

                                          @gwaitsi said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                          @kevindd992002 if you have a multi-wan use case, you might want to read the posts from other users who have posted on it and specifically the fix not available via a patch.

                                          I only have single WAN but I use an IPSec S2S connection that can serve as a gateway for some of my local traffic. Hopefully, that is not affected.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            [[user:consent.lead]]
                                            [[user:consent.not_received]]