Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE)

    Scheduled Pinned Locked Moved General pfSense Questions
    31 Posts 8 Posters 3.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      slu
      last edited by

      Dear pfSense Team,

      we are really in trouble with bug #11805 [1] and if I understand the ticket there is a patch available.

      Since we are respect your work and time you need, is it possible to make an crowdfunding / donation for an hotfix -p1 release?

      [1] https://redmine.pfsense.org/issues/11805

      pfSense Gold subscription

      1 Reply Last reply Reply Quote 2
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        The fix is in 2.6 snapshots if you need it.

        It's not something that can be applied as a patch though it's in compiled code.

        Steve

        S V X 3 Replies Last reply Reply Quote 0
        • S Offline
          slu @stephenw10
          last edited by

          @stephenw10 said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):

          It's not something that can be applied as a patch though it's in compiled code.

          Thanks Steve for reply.
          That's why I'm asking to donate a new code build since no easy patch is possible.

          pfSense Gold subscription

          1 Reply Last reply Reply Quote 0
          • V Offline
            vjizzle @stephenw10
            last edited by

            @stephenw10
            Hi thank you for your time. I looked at the bug list for version 2.6 on redline and I think it should be ok running it for home use. Because it is not clear when (or if) a patch will be made availability for 2.5.1, do you think it is ok to move to version 2.6? For the time being at least?

            1 Reply Last reply Reply Quote 1
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              For home use I would say it is. I have not seen any major issues there for some time.

              Be prepared to rollback though, as always.

              The more people can test that the better really.

              Steve

              V 4 2 Replies Last reply Reply Quote 1
              • V Offline
                vjizzle @stephenw10
                last edited by

                @stephenw10

                Thank you. I will do some testing and I will make sure to be able to rollback yes.

                1 Reply Last reply Reply Quote 0
                • 4 Offline
                  4o4rh @stephenw10
                  last edited by

                  @stephenw10 is there no release schedule for 2.5.2?

                  1 Reply Last reply Reply Quote 0
                  • P Offline
                    psp
                    last edited by

                    Having here a cold spare device, I'm currently running v2.6-DEV due to #11805 issue.
                    Using NAT on 2 WANs, 3 IPSec tunnels, 4 OpenVPN site-to-site server, 2 OpenVPN site-to-site client, 1 WireGuard "theonemcdonald" tunnel for 10 road warrior devices, pfBlockerNG-devel.
                    No problems so far.
                    Ready to swap on main device though...

                    V 1 Reply Last reply Reply Quote 2
                    • V Offline
                      vjizzle @psp
                      last edited by

                      @psp Amazing! Do you have policy based routing working fine also?

                      P 1 Reply Last reply Reply Quote 0
                      • P Offline
                        psp @vjizzle
                        last edited by

                        @vjizzle
                        Yes, but only related to OpenVPN outbound traffic (i.e. no WG right now).

                        V 1 Reply Last reply Reply Quote 1
                        • V Offline
                          vjizzle @psp
                          last edited by vjizzle

                          @psp Great! Switching over to 2.6 level is getting more and more tempting. Thank you and let us know if you find issues with it. I am running it in a lab environment and it is looking promising there as well.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            The only issue I'm aware of that might be a show stopper for running it is match rules are broken:
                            https://redmine.pfsense.org/issues/11857

                            So if you are altq traffic shaping you would not be able to run current 2.6 snaps. Yet.

                            Steve

                            1 Reply Last reply Reply Quote 2
                            • V Offline
                              vjizzle
                              last edited by

                              Ok the last snapshot of 2.6 killed my lab pfsense and now I can see someone posting the solution on de development forum. So for now 2.6 is off the table. Can’t have this “surprise-me-time” on my production firewall. The wait continues.

                              1 Reply Last reply Reply Quote 0
                              • S Offline
                                swampkracker
                                last edited by

                                Same thing happened to me. I haven't had the chance to connect a monitor and keyboard to see what is going on.

                                1 Reply Last reply Reply Quote 0
                                • X Offline
                                  xparanoik @stephenw10
                                  last edited by

                                  @stephenw10 Thanks for the info. Do you have a link for the bug report on the upstream kernel (FreeBSD)? Or is this a bug that was introduced by Netgate patching the upstream?

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Not sure of the bug report. The patch is here though:
                                    https://github.com/freebsd/freebsd-src/commit/6d786845cf63c8bf57174e3e43b0b5c5eca75be3
                                    And here in our tree:
                                    https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484

                                    Steve

                                    4 1 Reply Last reply Reply Quote 0
                                    • 4 Offline
                                      4o4rh @stephenw10
                                      last edited by 4o4rh

                                      @stephenw10 why aren't we getting a 2.5.2 hotfix? I had to switch from the WAN GW pool, to single WAN as my default route, to fix the issues introduced in 2.5.1

                                      V 1 Reply Last reply Reply Quote 0
                                      • V Offline
                                        vjizzle @4o4rh
                                        last edited by

                                        @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                                        Sadly this is not the case for the free version of pfSense.

                                        4 1 Reply Last reply Reply Quote 0
                                        • 4 Offline
                                          4o4rh @vjizzle
                                          last edited by

                                          @vjizzle said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):

                                          @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                                          Sadly this is not the case for the free version of pfSense.

                                          I really hope you are wrong there. There is a huge difference between offering a value add component for a price, versus broken core functionality. Even if it is in the CE version.

                                          V 1 Reply Last reply Reply Quote 0
                                          • V Offline
                                            vjizzle @4o4rh
                                            last edited by

                                            @gwaitsi I hope I am wrong as well yes. Sadly it is not looking good atm.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.