Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    To 2.5.1 or not ? that is the question :)

    Scheduled Pinned Locked Moved General pfSense Questions
    108 Posts 39 Posters 35.8k Views 33 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC Offline
      chudak @Qinn
      last edited by

      @qinn said in To 2.5.1 or not ? that is the question :):

      @chudak It's rather easy, first you create the snapshots. In the beginning snapshot are 0MB. They will grow with every change. Then upgrade to let's say 2.5.0 and after the upgrade they will have "kinda" the size of a complete pfSense installation, as everything has changed due to the upgrade and the snapshot "saves" all the changes. When you rollback (that's how a restore is called) all is back as to the moment the snapshots were created.

      Sounds good !
      I've started a small VM to test and installed 2.5.1 on zfs

      933cf5ea-fb8f-4150-ac84-0354358f661b-image.png

      Do you know command lines how to test it ?

      QinnQ 1 Reply Last reply Reply Quote 0
      • AKEGECA Offline
        AKEGEC
        last edited by

        I just want to warn people about downgrade to previous pfsense versions with current configuration settings, After you downgrade and restored using current backup configuration, make sure you check every settings. Some security Encryption settings could be changed to lowest security e.g. 512 bits to 256 or 128 bits.

        I feel really sorry for users that experienced problems. 😢 😢 😢

        bingo600B 1 Reply Last reply Reply Quote 0
        • bingo600B Offline
          bingo600 @AKEGEC
          last edited by

          @akegec said in To 2.5.1 or not ? that is the question :):

          I just want to warn people about downgrade to previous pfsense versions with current configuration settings, After you downgrade and restored using current backup configuration, make sure you check every settings. Some security Encryption settings could be changed to lowest security e.g. 512 bits to 256 or 128 bits.

          I feel really sorry for users that experienced problems. 😢 😢 😢

          Nice "warning"

          To me it seems like you are referring to OpenVPN encryptopn settings or ???

          And i suppose you are talking about restoring a config made on a 2.5.x system , onto a "clean" 2.4.5 ??

          That post needs further explanation , please elaborate a bit.

          /Bingo

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 1
          • QinnQ Offline
            Qinn @chudak
            last edited by

            @chudak Good idea use a VM and take a look at

            https://forum.netgate.com/topic/95148/pc-engines-apu2-experiences/577

            Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
            Firmware: Latest-stable-pfSense CE (amd64)
            Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

            chudakC 1 Reply Last reply Reply Quote 1
            • chudakC Offline
              chudak @Qinn
              last edited by

              @qinn said in To 2.5.1 or not ? that is the question :):

              @chudak Good idea use a VM and take a look at

              https://forum.netgate.com/topic/95148/pc-engines-apu2-experiences/577

              Very useful, thx !

              I tried a dry-run, commands worked, but it was not real as my VM is not fully setup as a router. But in general it seem like a worthwhile exercise to consider switch to zfs.

              D 1 Reply Last reply Reply Quote 1
              • D Offline
                Docop2 @chudak
                last edited by

                On my side, as soon you try to do an install with a different ip or a different sub. it result into a 404 Not found -nginx error page. if leave and touch nothing and just put the psw.. look ok, but even after try to change the ip and it fail. Doing the exact same process as 2.4.5 or 2.5. So .. no 2.5 is the last working version.

                AKEGECA 1 Reply Last reply Reply Quote 0
                • TAC57T Offline
                  TAC57 @Yanik
                  last edited by

                  @yanik Did you get your port forwarding working in 2.5.1?

                  I'm having the same issues on port forwarding to my Synology box and Plex Server (FreeNAS box). :-(

                  To roll back from pfSense 2.5.1 to 2.5.0 can I just restore my 2.5.0 backup config file, or would I have to do a clean install of pfSense 2.5.0 first and then restore the 2.5.0 backup?

                  bingo600B YanikY 2 Replies Last reply Reply Quote 0
                  • bingo600B Offline
                    bingo600 @TAC57
                    last edited by

                    @tac57
                    A roolback would always include a reinstall (format) , unless you are using ZFS w. snapshot.

                    If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                    pfSense+ 23.05.1 (ZFS)

                    QOTOM-Q355G4 Quad Lan.
                    CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                    LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                    1 Reply Last reply Reply Quote 0
                    • AKEGECA Offline
                      AKEGEC @Docop2
                      last edited by

                      @docop2 de Winter is almost over, let's hope dev fix the bugs.

                      1 Reply Last reply Reply Quote 0
                      • YanikY Offline
                        Yanik @TAC57
                        last edited by

                        @tac57 said in To 2.5.1 or not ? that is the question :):

                        @yanik Did you get your port forwarding working in 2.5.1?

                        I'm having the same issues on port forwarding to my Synology box and Plex Server (FreeNAS box). :-(

                        To roll back from pfSense 2.5.1 to 2.5.0 can I just restore my 2.5.0 backup config file, or would I have to do a clean install of pfSense 2.5.0 first and then restore the 2.5.0 backup?

                        No, 2.5.1 port forwarding doesnt work.
                        I reinstalled pfsense v2.4.5_1 with zfs instead of ufs to able to have snapshots before upgrades.

                        C 1 Reply Last reply Reply Quote 0
                        • J Offline
                          JustWantItToWork
                          last edited by

                          Upgrade from 2.5.0 to 2.5.1 went quickly and mostly fine on my netgate RCC-VE 2440. I have a pretty basic setup with a few vlans and pfblocker. The only issue I noticed was that DNS was not working. A subsequent reboot solved that.

                          M 1 Reply Last reply Reply Quote 0
                          • M Offline
                            marvosa @JustWantItToWork
                            last edited by marvosa

                            My starting point was a working v2.5.0 install with no issues. Here is the sequence of events after upgrading to v2.5.1 this morning:

                            1. PFsense unable to route traffic after boot up.
                            2. Unable to ping google.com or 8.8.8.8 from PC
                            3. Bounced the DNS forwarder service, no change
                            4. Rebooted PFsense, no change
                            5. Still unable to ping google.com or 8.8.8.8 from PC
                            6. Verified PFsense itself can ping 8.8.8.8
                            7. Verified correct default gateway was selected
                            8. Rebooted PFsense a 2nd time, no change
                            9. Verified I am able to ping my L3 switch and PFsense, but unable to ping my WAN_DHCP gateway IP (i.e. cable modem)
                            10. Power cycled cable modem
                            11. We have Internet!

                            I've never had to bounce my cable modem with any other upgrades (including 2.4.5-p1 to 2.5.0), so it's unclear why a power cycle was needed after this latest upgrade from 2.5.0 to 2.5.1.

                            I would be cautious about any remote upgrades to this version. This would've been a disaster if I performed the upgrade remotely and wasn't on-site to troubleshoot the outage.

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG Offline
                              Gertjan @marvosa
                              last edited by

                              @marvosa
                              Let me redo you list :

                              1 PFsense unable to route traffic after boot up.
                              1a) does it have a WAN IP ? Is it a valid IP ? Does it have a gateway ? Are these addresses known / seen before.

                              I'll be looking at the DHCP client log. Checking if there was a dialog that looks 'normal' between the pfSense DHCP client, and the upstream DHCP server, where ever that may be.

                              Step 2 to 11 : sending a ping to some remote network, knowing there is no 'route' only proves there is no route.
                              Restarting DNS doesn't has anything to do with routes. When using IP addresses as 8.8.8.8, DNS functionality isn't used anyway. Also, if there is no 'route', DNS wouldn't work anyway.

                              Very true : Modem devices have most often nothing to set up, and should be transparent.
                              The reality is different : the most strange things are shown on this forum : modem that flap their NIX state several times during reboot or connection re negotiation. Or assign a RFC1918 while the connection isn't build yet.

                              After pfSEnse has been undergoing a major update, a planned reboot is part of the 'validation process'. Just to be sure that, if it reboots in your absence, things land on their feeds.

                              It's hard to say what happened in your case, but it could be something like this :
                              Updating pfsense to 2.5.0 needs a kernel update. To do this, it needs to reboot to load the new kernel. The reboot will take you pfSense WAN NIC down for a moment. The mdoem sees this, and act upon that event, like : a upstream re negotiation.
                              pfSense boots fast, the modem is (to) slow to open a new connection to the ISP. The pfSense WAN DHCP client repeats over an over a DHCP DISCOVER. This request never reaches the upstream DHCP server : the question is why this dead lock situation exists - why it is created ?
                              Many modems (ISPs) have their own explanation. This forum has many examples about modems not being very cooperative.
                              To work out something that works for every situation, the pfSense DHCP client has some 'advanced' options could be very useful.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              M 1 Reply Last reply Reply Quote 0
                              • AlanesiA Offline
                                Alanesi
                                last edited by

                                I cannot access my local servers from the internet after the update to 2.5.1 while it was working before the update.
                                I have checked the firewall but nothing blocked. No changes on the port forwarding.
                                I can access Pfsense from the internet using HTTPS but not my local server which using HTTP.

                                GertjanG 1 Reply Last reply Reply Quote 0
                                • GertjanG Offline
                                  Gertjan @Alanesi
                                  last edited by Gertjan

                                  @alanesi said in To 2.5.1 or not ? that is the question :):

                                  I can access Pfsense from the internet using HTTPS

                                  To make that work, you need a firewall rule on the WAN interface.

                                  @alanesi said in To 2.5.1 or not ? that is the question :):

                                  but not my local server which using HTTP

                                  To make that work, you need a NAT rule.

                                  To make it work again, you need to do some step by step NAT troubleshooting.
                                  Can't tell you nothing because you told us close to nothing.

                                  2 details :
                                  Opening your https pfSense webserver to the Internet should be IP limited. Normally, its just is not done.
                                  The IP you use to connect to the pfSense from the outside (you do connect from the outside, aren't you ?) indicates that you use the right IP.

                                  edit :

                                  A real example :

                                  I have a 'DiskSation' (Synology NAS) living on my LAN. It has IPv4 192.168.1.33
                                  pfSense has 192.168.1.1/24.

                                  The HTTPS access of a DiskSation, by default, is 5001.

                                  I added this NAT rule to pfSense :

                                  abbddd13-ae42-4d37-aecc-6c824409e4eb-image.png

                                  and now I can access - from anywhere from the Internet, my DiskSation using https://myip.tld

                                  Because I'm PATting from 443 to 5001 in pfSense, I t all works right away **

                                  ** That is : I also had to NAT my upstream ISP router.

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  AlanesiA 1 Reply Last reply Reply Quote 0
                                  • AlanesiA Offline
                                    Alanesi @Gertjan
                                    last edited by

                                    @gertjan I appreciate your prompt reply.

                                    I have reviewed the configurations but still cannot find the issue.

                                    Port.png

                                    2021-04-21_15-01-00.png

                                    Cool_CoronaC 1 Reply Last reply Reply Quote 0
                                    • C Offline
                                      cellobita @Yanik
                                      last edited by

                                      @yanik Current status, according to https://redmine.pfsense.org/issues/11805:

                                      • The bug with NAT not working on non-default gateways exists, and has been fixed;

                                      • However, the patch involves an issue in the kernel, so it is not possible to patch it in-place.

                                      • It will be included in the next release, but no, they do not know when that will be.

                                      • From the amount of "I'm experiencing this too" posts there that have been periodically removed by jimp, it seems fairly widespread - I hope that this means that there'll be an interim release prior to 2.6.0, which is far in the future.

                                      Marcello Marques
                                      Santos - SP - Brazil

                                      GertjanG 1 Reply Last reply Reply Quote 0
                                      • GertjanG Offline
                                        Gertjan @cellobita
                                        last edited by

                                        @cellobita said in To 2.5.1 or not ? that is the question :):

                                        From the amount of "I'm experiencing this too" posts there that have been .....

                                        Not enough as you can see.

                                        No "help me" PM's please. Use the forum, the community will thank you.
                                        Edit : and where are the logs ??

                                        C 1 Reply Last reply Reply Quote 0
                                        • Cool_CoronaC Offline
                                          Cool_Corona @Alanesi
                                          last edited by

                                          @alanesi Your doing it wrong.

                                          http -> http on wan ports and forwarded to http redirect to internal server

                                          GertjanG AlanesiA 2 Replies Last reply Reply Quote 0
                                          • GertjanG Offline
                                            Gertjan @Cool_Corona
                                            last edited by

                                            @cool_corona

                                            Yeah, the port range, from 80 to 82 :

                                            a1446f7f-bce4-4131-860f-a4b8e238333f-image.png

                                            If the port range is needed he would be needing it, I guess.

                                            No "help me" PM's please. Use the forum, the community will thank you.
                                            Edit : and where are the logs ??

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.