Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE)
-
The only issue I'm aware of that might be a show stopper for running it is match rules are broken:
https://redmine.pfsense.org/issues/11857So if you are altq traffic shaping you would not be able to run current 2.6 snaps. Yet.
Steve
-
Ok the last snapshot of 2.6 killed my lab pfsense and now I can see someone posting the solution on de development forum. So for now 2.6 is off the table. Can’t have this “surprise-me-time” on my production firewall. The wait continues.
-
Same thing happened to me. I haven't had the chance to connect a monitor and keyboard to see what is going on.
-
@stephenw10 Thanks for the info. Do you have a link for the bug report on the upstream kernel (FreeBSD)? Or is this a bug that was introduced by Netgate patching the upstream?
-
Not sure of the bug report. The patch is here though:
https://github.com/freebsd/freebsd-src/commit/6d786845cf63c8bf57174e3e43b0b5c5eca75be3
And here in our tree:
https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484Steve
-
@stephenw10 why aren't we getting a 2.5.2 hotfix? I had to switch from the WAN GW pool, to single WAN as my default route, to fix the issues introduced in 2.5.1
-
@gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.
Sadly this is not the case for the free version of pfSense.
-
@vjizzle said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):
@gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.
Sadly this is not the case for the free version of pfSense.
I really hope you are wrong there. There is a huge difference between offering a value add component for a price, versus broken core functionality. Even if it is in the CE version.
-
@gwaitsi I hope I am wrong as well yes. Sadly it is not looking good atm.
-
That will be the end of PFsense as a community.
-
@cool_corona Yeah. It would not surprise me if multi-wan will be a feature only available in pfSense Plus. I am speculating off course but given the way this issue is being handled does not bode well for the future of pfSense CE.
Saying that the issue will be resolved in 2.6 CE is also not the way to go I think. How long did it take to get from 2.4.5 to 2.5....3 years orso?
-
@vjizzle
this is a bug, I don't think Netgate disable multi-wan by design! -
Umm, yeah, this is a bug not a 'feature'. And it is fixed in current 2.6 snapshots which are not significantly different from 2.5.1 at this point. Still built in 12.2 stable.
It was less than 1 year between 2.4.5 and 2.5 releases.
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
Less if you look from 2.4.5p1.Steve
-
For me, I feel not safe enough to upgrade to 2.6 in my productiv setup.
Still hope for a hotfix release "-p1". -
@stephenw10 Hi Steve. Thank you for your feedback :).
I know it is fixed in 2.6 but that is still development branch. I was running 2.6 on my lab but one of the snapshots nuked it. So that is a no go for now for me. I think (hope) that all the people running serious production environment also feel the same way about running 2.6 dev on their main firewall.
The amount of people reporting this bug, here on the forum and reddit, and Netgate acknowledging it but doing basically nothing to fix it does concern me. Don't get me wrong, I love the software and I am still recommending and running it...but just the whole attitude about not fixing this on short term is very very frustrating. And (again) running 2.6 development branch is not the fix.
-
@stephenw10 I use pfsense at home, but I am working at home full-time since civod. I originally had my J1900 with legacy boot. When I upgraded to 2.5.0 I was down for a while I tried to figure out why the unit was failing (it had failed previously on a number of occasions).
Despite using the auto-backup option I wasn't able to get configs for 2 weeks prior to the upgrade. In the end, I reformatted and used UEFI and ZFS and had to figure out the changes I had made in the 2 weeks prior (I was in the progress of cleaning rules during this time). I put in a 2nd WAN a couple of months before the upgrade, and everything was working fine.
The whole family are on video conferences during lockdown often at the same time. With work and school from home, it is not safe or viable to put a development build on (even at home) now, and risk disrupting everyone's school and work from home.
-
I hear you. I'm in that same situation. I'm just pointing out that this is not something we are deliberately not fixing, it's already fixed. It just hasn't made it to a release version yet.
We are very aware of the problem.Steve
-
@stephenw10 Is it fixed in pfsense+ or the 21.02 branch?
-
@stephenw10 Thank you for the update. I am glad to hear that you guys are very aware of the problem and I hope we see the much needed fix soon.
-
@stephenw10 I don't know if this is related to the same issue, but this only happens since the 2.5.1 upgrade. I switched the default route to using Single WAN instead of the GW, but I still have the following issue.
Momentarily drops, most visible to the user when youtube videos or streaming are playing. There are periodic moments where it repeats a few second of video.
