Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE)

    Scheduled Pinned Locked Moved General pfSense Questions
    31 Posts 8 Posters 3.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      For home use I would say it is. I have not seen any major issues there for some time.

      Be prepared to rollback though, as always.

      The more people can test that the better really.

      Steve

      V 4 2 Replies Last reply Reply Quote 1
      • V Offline
        vjizzle @stephenw10
        last edited by

        @stephenw10

        Thank you. I will do some testing and I will make sure to be able to rollback yes.

        1 Reply Last reply Reply Quote 0
        • 4 Offline
          4o4rh @stephenw10
          last edited by

          @stephenw10 is there no release schedule for 2.5.2?

          1 Reply Last reply Reply Quote 0
          • P Offline
            psp
            last edited by

            Having here a cold spare device, I'm currently running v2.6-DEV due to #11805 issue.
            Using NAT on 2 WANs, 3 IPSec tunnels, 4 OpenVPN site-to-site server, 2 OpenVPN site-to-site client, 1 WireGuard "theonemcdonald" tunnel for 10 road warrior devices, pfBlockerNG-devel.
            No problems so far.
            Ready to swap on main device though...

            V 1 Reply Last reply Reply Quote 2
            • V Offline
              vjizzle @psp
              last edited by

              @psp Amazing! Do you have policy based routing working fine also?

              P 1 Reply Last reply Reply Quote 0
              • P Offline
                psp @vjizzle
                last edited by

                @vjizzle
                Yes, but only related to OpenVPN outbound traffic (i.e. no WG right now).

                V 1 Reply Last reply Reply Quote 1
                • V Offline
                  vjizzle @psp
                  last edited by vjizzle

                  @psp Great! Switching over to 2.6 level is getting more and more tempting. Thank you and let us know if you find issues with it. I am running it in a lab environment and it is looking promising there as well.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    The only issue I'm aware of that might be a show stopper for running it is match rules are broken:
                    https://redmine.pfsense.org/issues/11857

                    So if you are altq traffic shaping you would not be able to run current 2.6 snaps. Yet.

                    Steve

                    1 Reply Last reply Reply Quote 2
                    • V Offline
                      vjizzle
                      last edited by

                      Ok the last snapshot of 2.6 killed my lab pfsense and now I can see someone posting the solution on de development forum. So for now 2.6 is off the table. Can’t have this “surprise-me-time” on my production firewall. The wait continues.

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        swampkracker
                        last edited by

                        Same thing happened to me. I haven't had the chance to connect a monitor and keyboard to see what is going on.

                        1 Reply Last reply Reply Quote 0
                        • X Offline
                          xparanoik @stephenw10
                          last edited by

                          @stephenw10 Thanks for the info. Do you have a link for the bug report on the upstream kernel (FreeBSD)? Or is this a bug that was introduced by Netgate patching the upstream?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Not sure of the bug report. The patch is here though:
                            https://github.com/freebsd/freebsd-src/commit/6d786845cf63c8bf57174e3e43b0b5c5eca75be3
                            And here in our tree:
                            https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484

                            Steve

                            4 1 Reply Last reply Reply Quote 0
                            • 4 Offline
                              4o4rh @stephenw10
                              last edited by 4o4rh

                              @stephenw10 why aren't we getting a 2.5.2 hotfix? I had to switch from the WAN GW pool, to single WAN as my default route, to fix the issues introduced in 2.5.1

                              V 1 Reply Last reply Reply Quote 0
                              • V Offline
                                vjizzle @4o4rh
                                last edited by

                                @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                                Sadly this is not the case for the free version of pfSense.

                                4 1 Reply Last reply Reply Quote 0
                                • 4 Offline
                                  4o4rh @vjizzle
                                  last edited by

                                  @vjizzle said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):

                                  @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                                  Sadly this is not the case for the free version of pfSense.

                                  I really hope you are wrong there. There is a huge difference between offering a value add component for a price, versus broken core functionality. Even if it is in the CE version.

                                  V 1 Reply Last reply Reply Quote 0
                                  • V Offline
                                    vjizzle @4o4rh
                                    last edited by

                                    @gwaitsi I hope I am wrong as well yes. Sadly it is not looking good atm.

                                    1 Reply Last reply Reply Quote 0
                                    • Cool_CoronaC Offline
                                      Cool_Corona
                                      last edited by

                                      That will be the end of PFsense as a community.

                                      V 1 Reply Last reply Reply Quote 0
                                      • V Offline
                                        vjizzle @Cool_Corona
                                        last edited by vjizzle

                                        @cool_corona Yeah. It would not surprise me if multi-wan will be a feature only available in pfSense Plus. I am speculating off course but given the way this issue is being handled does not bode well for the future of pfSense CE.

                                        Saying that the issue will be resolved in 2.6 CE is also not the way to go I think. How long did it take to get from 2.4.5 to 2.5....3 years orso?

                                        S 1 Reply Last reply Reply Quote 0
                                        • S Offline
                                          slu @vjizzle
                                          last edited by slu

                                          @vjizzle
                                          this is a bug, I don't think Netgate disable multi-wan by design!

                                          pfSense Gold subscription

                                          1 Reply Last reply Reply Quote 2
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Umm, yeah, this is a bug not a 'feature'. And it is fixed in current 2.6 snapshots which are not significantly different from 2.5.1 at this point. Still built in 12.2 stable.

                                            It was less than 1 year between 2.4.5 and 2.5 releases.
                                            https://docs.netgate.com/pfsense/en/latest/releases/versions.html
                                            Less if you look from 2.4.5p1.

                                            Steve

                                            S V 4 3 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.