Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE)
-
For home use I would say it is. I have not seen any major issues there for some time.
Be prepared to rollback though, as always.
The more people can test that the better really.
Steve
-
Thank you. I will do some testing and I will make sure to be able to rollback yes.
-
@stephenw10 is there no release schedule for 2.5.2?
-
Having here a cold spare device, I'm currently running v2.6-DEV due to #11805 issue.
Using NAT on 2 WANs, 3 IPSec tunnels, 4 OpenVPN site-to-site server, 2 OpenVPN site-to-site client, 1 WireGuard "theonemcdonald" tunnel for 10 road warrior devices, pfBlockerNG-devel.
No problems so far.
Ready to swap on main device though... -
@psp Amazing! Do you have policy based routing working fine also?
-
@vjizzle
Yes, but only related to OpenVPN outbound traffic (i.e. no WG right now). -
@psp Great! Switching over to 2.6 level is getting more and more tempting. Thank you and let us know if you find issues with it. I am running it in a lab environment and it is looking promising there as well.
-
The only issue I'm aware of that might be a show stopper for running it is match rules are broken:
https://redmine.pfsense.org/issues/11857So if you are altq traffic shaping you would not be able to run current 2.6 snaps. Yet.
Steve
-
Ok the last snapshot of 2.6 killed my lab pfsense and now I can see someone posting the solution on de development forum. So for now 2.6 is off the table. Can’t have this “surprise-me-time” on my production firewall. The wait continues.
-
Same thing happened to me. I haven't had the chance to connect a monitor and keyboard to see what is going on.
-
@stephenw10 Thanks for the info. Do you have a link for the bug report on the upstream kernel (FreeBSD)? Or is this a bug that was introduced by Netgate patching the upstream?
-
Not sure of the bug report. The patch is here though:
https://github.com/freebsd/freebsd-src/commit/6d786845cf63c8bf57174e3e43b0b5c5eca75be3
And here in our tree:
https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484Steve
-
@stephenw10 why aren't we getting a 2.5.2 hotfix? I had to switch from the WAN GW pool, to single WAN as my default route, to fix the issues introduced in 2.5.1
-
@gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.
Sadly this is not the case for the free version of pfSense.
-
@vjizzle said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):
@gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.
Sadly this is not the case for the free version of pfSense.
I really hope you are wrong there. There is a huge difference between offering a value add component for a price, versus broken core functionality. Even if it is in the CE version.
-
@gwaitsi I hope I am wrong as well yes. Sadly it is not looking good atm.
-
That will be the end of PFsense as a community.
-
@cool_corona Yeah. It would not surprise me if multi-wan will be a feature only available in pfSense Plus. I am speculating off course but given the way this issue is being handled does not bode well for the future of pfSense CE.
Saying that the issue will be resolved in 2.6 CE is also not the way to go I think. How long did it take to get from 2.4.5 to 2.5....3 years orso?
-
@vjizzle
this is a bug, I don't think Netgate disable multi-wan by design! -
Umm, yeah, this is a bug not a 'feature'. And it is fixed in current 2.6 snapshots which are not significantly different from 2.5.1 at this point. Still built in 12.2 stable.
It was less than 1 year between 2.4.5 and 2.5 releases.
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
Less if you look from 2.4.5p1.Steve
