pfSense 2.5.1 multi-WAN routing trouble
-
Same. Dual wan config, but only one at the time will accept incoming connection after upgrade to 2.5.1. I have mail on one and web server on another. Both wan addresses wont accept incoming connections at the same time as before. If I choose default gateway my dual wan grou then pfsense anyway will choose one out from dual group as “default” and services from another wan wont work
-
Same issue with failover dual WAN, no CARP.
Incoming traffic is only working on the "default" gateway. This used to work for years before 2.5.1 -
@digdug3 I downgraded to 2.4.5 for now
-
@raudraido Agree.
If it takes to long to fix this then I will have to downgrade to 2.5.0
Had no issues there. For now I removed all traffic on the 2nd WAN.
Fingers crossed there won't be any issue on the 1st. -
Since I did file a bug report which was classified as a duplicate (would not have found the original bug report without that), we know that the developers know:
https://redmine.pfsense.org/issues/11805
What we still lack is communcations in terms of what is likely to happen when.
-
@michaelschefczyk I reverted to 2.5.0 and all is working again.
-
@digdug3 I revert back 2.4.5.1 because I have seen so many complains with 2.5.0 as well. Also everything now works as intended.
-
@michaelschefczyk said in pfSense 2.5.1 multi-WAN routing trouble:
What we still lack is communcations in terms of what is likely to happen when.
look like we must wait for 2.6.0, since this is an issue in the kernel.
No idea to handle this issue for me now, since we need the openssl fix. -
Hail Folks, I'm experiencing something like this... On my PFSense Server I use OpenVPN + Radius Connection, everything was working good, but after update from 2.5.0 to 2.5.1 every connection wich comes from my second (WAN - OPT) works for a minute and the connection get drop. There's no reason for it.. cuz, I Haven't change anything on firewall... If anyone have any clue to me.. I will appreciate a lot. Thanks in advance.
-
@theone The only workaround I have found so far(in case someone needs it)
System >> Advanced >> Firewall & NATBypass firewall rules for traffic on the same interface
This is workaround but definitely a bug in 2.5.1
-
@peterzy To my regret I don't have static routes. Policy based only.
-
@digdug3 How did you reverted to 2.5.0 ?
-
@makq I have pfSense installed as a VM, so I can just roll back.
Otherwise, if you still have a backup of an older pfsense config file, you can reinstall pfSense and restore the backup of the config file. -
ok. this really has become a problem, i have tried a number of things but i need to revert back to 2.5.0.
Is the config.xml backward compatible with 2.5.0 ?
Can i simply re-install and restore the 2.5.1 xml?
-
@gwaitsi I am unable to answer your question. As I backup my configuration nighly on a server in my LAN, I did just roll back to the last configuration before going to 2.5.1.
The biggest problem in my view is that the Netgate team does not communicate at all about perspectives to resolve this. The choice now is either no real multi-WAN or a risky version of OpenSSL.
I did make a trip to the other end of my VPN to downgrade there to get everything working again. My personal next step will be to move from CARP-HA to two single routers and then convert one in the stack to OPNsense. It might be safer to have two options.
-
@gwaitsi for me, revert did not work. Did clean install
-
@gwaitsi Hi. The config should be backwards compatible. I have done this and imported my backup from 2.5 to 2.4.5 p1. However this was not on my production unit but my testlab pfSense. It did work but my Openvpn clients were messed up and my routing groups were not working properly. I had to manually fix that. Again, this was just an exercise for me and not something I will do on my production unit.
As always I have backups before I upgrade so in the end I just installed 2.4.5 p1 on my production unit and restored the config from that version.
-
I think with the attitude they have PfSense is https://www.youtube.com/watch?v=tH2w6Oxx0kQ
-
@peterzy i haven't given up on them, but when they say it is a kernel fix and can't be deployed as a patch, given the severity, it is very disheartening to see they don't release 2.5.1p1 to fix this issue.
Have started looking at untangle, but that is not a fair comparison because you have to pay to get the same features that are including in pfsense CE.
-
@gwaitsi said in pfSense 2.5.1 multi-WAN routing trouble:
2.5.1p1 to fix this issue.
It seems there is a 2.5.2 in the pipeline:
