To 2.5.0 or not ? that is the question :)

buggz

Hmm, well, cleared the error, but still no traffic for LAN shown on the Traffic Graph...

chudak

My 2c...

Well, usually I click on the upgrade button before reading any messages. Not this time, I was trying to be very careful and finally got brave today and did upgrade to 2.5.0

In general after ~10 minutes the system rebooted and I was able to login.

Here is the list of my packages:

No names were resolving at first.
I did enable "DHCP Registration" saved and disabled it and saved again, and everything seem to be working fine (will see how sustainable this is after awhile).

I did see a couple of times after reboots that DNS Resolver was not resolving names even tho the service was up and running, after restating it all went back to normal. No really sure if this is a problem.
I use "Enable Forwarding Mode" with "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" encryption.

One of my worries was OpenVNP server as I have some clients that will be uneasy to update. But OpenVNP seems normal.

Hope this help some people.

PS: I see a new service "pcscd PC/SC Smart Card Daemon" - what is it ?

KB8DOA

After having installed RC21 on several appliances, then seeing traffic halt -

I then freaked out and removed anything having to do with IPv6 out of all of them, to get them working again.

I was quite saddened to have to do this, but there were no known workarounds.

I am not sure if I will ever go through all the work again, and set up IPv6 again in the future.

I would really like to know how PFsense+ made it to RC status, and nobody even tested IPv6.

I am now also questioning continued use of pfSense+, because of this - as it caused a big disruption and major inconvenience....

skogs

@kb8doa Roughly 40% of my traffic is IPv6 and seems just fine and I did do tons of testing over the last 6 months.

stephenw10

@kb8doa said in To 2.5.0 or not ? that is the question :):

I would really like to know how PFsense+ made it to RC status, and nobody even tested IPv6.

Clearly that is not true.

IPv6 is working fine for me and many, many others. The only thing I've seen the IPv6 gatewau monitoring issue but that does not prevent v6 connectivity.
If your particular IPv6 setup is not working in 21.02/2.5 then open a thread about it to diagnose it. If it's a bug open a bug report so we can get it fixed.

Steve

KB8DOA

@stephenw10 said in To 2.5.0 or not ? that is the question :):

@kb8doa said in To 2.5.0 or not ? that is the question :):

I would really like to know how PFsense+ made it to RC status, and nobody even tested IPv6.

Clearly that is not true.

IPv6 is working fine for me and many, many others. The only thing I've seen the IPv6 gatewau monitoring issue but that does not prevent v6 connectivity.
If your particular IPv6 setup is not working in 21.02/2.5 then open a thread about it to diagnose it. If it's a bug open a bug report so we can get it fixed.

Steve

At the time that I applied the RC21, there was no way of me to know that a "bug" was preventing the IPv6 Gateway detection/monitoring.
If I would have known, I could have just manually disabled the monitoring to allow the interface to function...

So are you saying that all testing of RC21 ironically involved users that had static IPv6 setups?
I am just trying to wrap my head around how the the software progressed to RC with such a showstopper?
Or did I miss a release note that specifically instructed us to disable Gateway Monitoring for IPv6?

stephenw10

The only thing that is not working there is the monitoring itself. dpinger fails to select the monitoring target. You can set one manually and it's fine.
In either case it does not actually affect v6 connectivity. Or did not for me at least.
https://redmine.pfsense.org/issues/11454

Steve

pfworker79

1. V2.4.5 configuration is not compatible with v2.5.0.
2. Clean install using ZFS on two memorysticks reports GENOM error on da0. Also present on two new sticks. gpart recover da0 reports ok, but error returns after each reboot. Fsck doesn't help either.
3. Reporting some outgoing errors on VLAN tagged interfaces only. Using Quad Intel network card, can't be sure of others. Seems it has something to do with FreeBSD 12.2, the Intel driver, IPv6 and msi-x. Further research needed.
4. NUT has problems starting the ups-driver when rebooting. Manual restart of the service makes it start.

None of these issues were present in v2.4.5, except for NUT.

Adding "net.inet6.ip6.auto_linklocal=0" to System Tunables, reduced the number of errors on tagged interfaces. I do not use IPv6. Others using FreeBSD 12.2 experiences the same issue: https://github.com/opnsense/src/issues/74

I think I was too quick to install v2.5.0 on my main firewall. Should have waited.

buggz

Installed fresh from 2.5 image.
restored 2.4.5p1 .xml.
Everything works again, EXCEPT LAN Traffic Graph.

Bummer, something in my .xml config?
I can't seem to find the reason...

@buggz said in To 2.5.0 or not ? that is the question :):

Hmm, well, cleared the error, but still no traffic for LAN shown on the Traffic Graph...

stephenw10

What is your LAN interface? Anything special?

stephenw10

@pfworker79 said in To 2.5.0 or not ? that is the question :):

V2.4.5 configuration is not compatible with v2.5.0.

In what way? You can import a 2.4.5 config into 2.5.

Steve

buggz

@stephenw10
No special LAN settings that I know of.
LAN is set to IPV4 ONLY.
IPV6 is turned OFF on BOTH the WAN and LAN.
WAN Traffic Graph works good.

stephenw10

Hmm, the only place I have seen that is odd interface types, like wireguard, where there is a known issue.

pfworker79

@stephenw10 Didn't work here. Importing the whole config resulted in no internet, GUI or SSH access. Only pinging the firewall worked.

stephenw10

Hmm, must be something specific in your config then. In general that should always be possible.

Steve

buggz

@buggz said in To 2.5.0 or not ? that is the question :):

@stephenw10
No special LAN settings that I know of.
LAN is set to IPV4 ONLY.
IPV6 is turned OFF on BOTH the WAN and LAN.
WAN Traffic Graph works good.

POOF, and now on reboot, the WAN interface is out, not updating.

Hard to believe I am the only one with this problem...

buggz

This post is deleted!

stephenw10

What is your WAN type?

How is it failing? The actual link goes down? Not pulling an IP?

Steve

buggz

@stephenw10
EVERYTHING, EXCEPT the LAN Traffic Monitor works.
I changed the time on my Win10 box, it has the Chrome interface to the pfSense box, and the WAN Traffic Monitor recovered, now works. That was strange.
LAN Traffic Monitor is still NOT working.
Though, worked great in the previous release.
Tried Firefox, still no go.

stephenw10

Like the traffic graphs? Can we see a screenshot?

We have seen problems there before with a bad timezone.

Steve