Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE)

    Scheduled Pinned Locked Moved General pfSense Questions
    31 Posts 8 Posters 3.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      The fix is in 2.6 snapshots if you need it.

      It's not something that can be applied as a patch though it's in compiled code.

      Steve

      S V X 3 Replies Last reply Reply Quote 0
      • S Offline
        slu @stephenw10
        last edited by

        @stephenw10 said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):

        It's not something that can be applied as a patch though it's in compiled code.

        Thanks Steve for reply.
        That's why I'm asking to donate a new code build since no easy patch is possible.

        pfSense Gold subscription

        1 Reply Last reply Reply Quote 0
        • V Offline
          vjizzle @stephenw10
          last edited by

          @stephenw10
          Hi thank you for your time. I looked at the bug list for version 2.6 on redline and I think it should be ok running it for home use. Because it is not clear when (or if) a patch will be made availability for 2.5.1, do you think it is ok to move to version 2.6? For the time being at least?

          1 Reply Last reply Reply Quote 1
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            For home use I would say it is. I have not seen any major issues there for some time.

            Be prepared to rollback though, as always.

            The more people can test that the better really.

            Steve

            V 4 2 Replies Last reply Reply Quote 1
            • V Offline
              vjizzle @stephenw10
              last edited by

              @stephenw10

              Thank you. I will do some testing and I will make sure to be able to rollback yes.

              1 Reply Last reply Reply Quote 0
              • 4 Offline
                4o4rh @stephenw10
                last edited by

                @stephenw10 is there no release schedule for 2.5.2?

                1 Reply Last reply Reply Quote 0
                • P Offline
                  psp
                  last edited by

                  Having here a cold spare device, I'm currently running v2.6-DEV due to #11805 issue.
                  Using NAT on 2 WANs, 3 IPSec tunnels, 4 OpenVPN site-to-site server, 2 OpenVPN site-to-site client, 1 WireGuard "theonemcdonald" tunnel for 10 road warrior devices, pfBlockerNG-devel.
                  No problems so far.
                  Ready to swap on main device though...

                  V 1 Reply Last reply Reply Quote 2
                  • V Offline
                    vjizzle @psp
                    last edited by

                    @psp Amazing! Do you have policy based routing working fine also?

                    P 1 Reply Last reply Reply Quote 0
                    • P Offline
                      psp @vjizzle
                      last edited by

                      @vjizzle
                      Yes, but only related to OpenVPN outbound traffic (i.e. no WG right now).

                      V 1 Reply Last reply Reply Quote 1
                      • V Offline
                        vjizzle @psp
                        last edited by vjizzle

                        @psp Great! Switching over to 2.6 level is getting more and more tempting. Thank you and let us know if you find issues with it. I am running it in a lab environment and it is looking promising there as well.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          The only issue I'm aware of that might be a show stopper for running it is match rules are broken:
                          https://redmine.pfsense.org/issues/11857

                          So if you are altq traffic shaping you would not be able to run current 2.6 snaps. Yet.

                          Steve

                          1 Reply Last reply Reply Quote 2
                          • V Offline
                            vjizzle
                            last edited by

                            Ok the last snapshot of 2.6 killed my lab pfsense and now I can see someone posting the solution on de development forum. So for now 2.6 is off the table. Can’t have this “surprise-me-time” on my production firewall. The wait continues.

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              swampkracker
                              last edited by

                              Same thing happened to me. I haven't had the chance to connect a monitor and keyboard to see what is going on.

                              1 Reply Last reply Reply Quote 0
                              • X Offline
                                xparanoik @stephenw10
                                last edited by

                                @stephenw10 Thanks for the info. Do you have a link for the bug report on the upstream kernel (FreeBSD)? Or is this a bug that was introduced by Netgate patching the upstream?

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Not sure of the bug report. The patch is here though:
                                  https://github.com/freebsd/freebsd-src/commit/6d786845cf63c8bf57174e3e43b0b5c5eca75be3
                                  And here in our tree:
                                  https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484

                                  Steve

                                  4 1 Reply Last reply Reply Quote 0
                                  • 4 Offline
                                    4o4rh @stephenw10
                                    last edited by 4o4rh

                                    @stephenw10 why aren't we getting a 2.5.2 hotfix? I had to switch from the WAN GW pool, to single WAN as my default route, to fix the issues introduced in 2.5.1

                                    V 1 Reply Last reply Reply Quote 0
                                    • V Offline
                                      vjizzle @4o4rh
                                      last edited by

                                      @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                                      Sadly this is not the case for the free version of pfSense.

                                      4 1 Reply Last reply Reply Quote 0
                                      • 4 Offline
                                        4o4rh @vjizzle
                                        last edited by

                                        @vjizzle said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):

                                        @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                                        Sadly this is not the case for the free version of pfSense.

                                        I really hope you are wrong there. There is a huge difference between offering a value add component for a price, versus broken core functionality. Even if it is in the CE version.

                                        V 1 Reply Last reply Reply Quote 0
                                        • V Offline
                                          vjizzle @4o4rh
                                          last edited by

                                          @gwaitsi I hope I am wrong as well yes. Sadly it is not looking good atm.

                                          1 Reply Last reply Reply Quote 0
                                          • Cool_CoronaC Offline
                                            Cool_Corona
                                            last edited by

                                            That will be the end of PFsense as a community.

                                            V 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.