PFsense CE 2.5.1 NAT broken on interface != default WAN
-
@imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use. -
@0x00fe-0 Thank you for reply.
yeah i updated to 2.6.0 and the problem is gone but there is other problems!
for example my speed limiters aren't working now!i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.
all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...
-
@imanrnm
we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
https://www.openssl.org/news/vulnerabilities.htmlAnd no note in the known issues:
https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html -
Thanks God I found this post . I was going crazy .
NAT is not broken but suddenly stop working in 2.5.1 .I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!
Any workaround ? not feeling to downgrade or go BETA
cheers ,
-
unfortunately there is no information about a 2.5.x / -px release.
First time in over 10 years pfSense we can't upgrade the system. -
@imanrnm Since CE and Plus + =(
-
@slu regretfully
-
@antonio76
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out. -
@bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out.UPDATE for: Jim Pingle
2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).
-
I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.
we had to restore from backup. :(
-
+1 here I have the same issue with multi-WAN ..
I was going nuts why my vpn wasnt working anymore... out of options I googled if it was a issue with 2.5.1..
well at least I can stop blaming myself :P
-
Think this was the fix.
https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484
-
@vajonam can you explain how to solve the issue?
-
@infosamu-it
since the kernel must be rebuild, no chance to fix this with the patch package.
We also wait for a new pfSense release since we have issues with this bug. -
@infosamu-it since netgate hasn't released the build tools, not much we can do but wait for the next release AFAIK. 2.6.0 is an option but there are a few issues with that I know of
kernel panics #11839
counters 0/0 #11775
Also rate limiting seems broken as per another user. maybe related to #11775.pfsense fun!
-
Any timeframe we can expect a fix to be released?
Neither downgrade nor development version seems a great choice. -
I am also just a user who shares your pain, stuck on 2.5.1, any guesses will just be speculation at at this time.
-
tambem tive esse problema, resolvi assim
desabilito - starto o serviço depois desmarco e funcionou.João Oliveira
-
@joao-maria Hmm.. not sure I wan to disable firewall :-)
-
@vajonam This is not true netgate has released the right build tools. together with another user I was able build the new kernel and install and can confirm it fixes the problem. so we have to hurry up and wait for a p1 or some such release officially.
For others interested.
https://github.com/Augustin-FL/building-pfsense-iso-from-source