Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE)

    Scheduled Pinned Locked Moved General pfSense Questions
    31 Posts 8 Posters 3.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      The only issue I'm aware of that might be a show stopper for running it is match rules are broken:
      https://redmine.pfsense.org/issues/11857

      So if you are altq traffic shaping you would not be able to run current 2.6 snaps. Yet.

      Steve

      1 Reply Last reply Reply Quote 2
      • V Offline
        vjizzle
        last edited by

        Ok the last snapshot of 2.6 killed my lab pfsense and now I can see someone posting the solution on de development forum. So for now 2.6 is off the table. Can’t have this “surprise-me-time” on my production firewall. The wait continues.

        1 Reply Last reply Reply Quote 0
        • S Offline
          swampkracker
          last edited by

          Same thing happened to me. I haven't had the chance to connect a monitor and keyboard to see what is going on.

          1 Reply Last reply Reply Quote 0
          • X Offline
            xparanoik @stephenw10
            last edited by

            @stephenw10 Thanks for the info. Do you have a link for the bug report on the upstream kernel (FreeBSD)? Or is this a bug that was introduced by Netgate patching the upstream?

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Not sure of the bug report. The patch is here though:
              https://github.com/freebsd/freebsd-src/commit/6d786845cf63c8bf57174e3e43b0b5c5eca75be3
              And here in our tree:
              https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484

              Steve

              4 1 Reply Last reply Reply Quote 0
              • 4 Offline
                4o4rh @stephenw10
                last edited by 4o4rh

                @stephenw10 why aren't we getting a 2.5.2 hotfix? I had to switch from the WAN GW pool, to single WAN as my default route, to fix the issues introduced in 2.5.1

                V 1 Reply Last reply Reply Quote 0
                • V Offline
                  vjizzle @4o4rh
                  last edited by

                  @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                  Sadly this is not the case for the free version of pfSense.

                  4 1 Reply Last reply Reply Quote 0
                  • 4 Offline
                    4o4rh @vjizzle
                    last edited by

                    @vjizzle said in Hotfix for #11805 with crowdfunding / donation possible? (NAT issue 2.5.1 CE):

                    @gwaitsi I believe this is the roadmap for pfSense CE sadly. If it works-it-works but clearly the focus is pfSense Plus. This same bug was resolved for pfSense Plus within days I believe, like we can expect from any other firewall vendor.

                    Sadly this is not the case for the free version of pfSense.

                    I really hope you are wrong there. There is a huge difference between offering a value add component for a price, versus broken core functionality. Even if it is in the CE version.

                    V 1 Reply Last reply Reply Quote 0
                    • V Offline
                      vjizzle @4o4rh
                      last edited by

                      @gwaitsi I hope I am wrong as well yes. Sadly it is not looking good atm.

                      1 Reply Last reply Reply Quote 0
                      • Cool_CoronaC Offline
                        Cool_Corona
                        last edited by

                        That will be the end of PFsense as a community.

                        V 1 Reply Last reply Reply Quote 0
                        • V Offline
                          vjizzle @Cool_Corona
                          last edited by vjizzle

                          @cool_corona Yeah. It would not surprise me if multi-wan will be a feature only available in pfSense Plus. I am speculating off course but given the way this issue is being handled does not bode well for the future of pfSense CE.

                          Saying that the issue will be resolved in 2.6 CE is also not the way to go I think. How long did it take to get from 2.4.5 to 2.5....3 years orso?

                          S 1 Reply Last reply Reply Quote 0
                          • S Offline
                            slu @vjizzle
                            last edited by slu

                            @vjizzle
                            this is a bug, I don't think Netgate disable multi-wan by design!

                            pfSense Gold subscription

                            1 Reply Last reply Reply Quote 2
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Umm, yeah, this is a bug not a 'feature'. And it is fixed in current 2.6 snapshots which are not significantly different from 2.5.1 at this point. Still built in 12.2 stable.

                              It was less than 1 year between 2.4.5 and 2.5 releases.
                              https://docs.netgate.com/pfsense/en/latest/releases/versions.html
                              Less if you look from 2.4.5p1.

                              Steve

                              S V 4 3 Replies Last reply Reply Quote 0
                              • S Offline
                                slu @stephenw10
                                last edited by

                                For me, I feel not safe enough to upgrade to 2.6 in my productiv setup.
                                Still hope for a hotfix release "-p1".

                                pfSense Gold subscription

                                1 Reply Last reply Reply Quote 0
                                • V Offline
                                  vjizzle @stephenw10
                                  last edited by

                                  @stephenw10 Hi Steve. Thank you for your feedback :).

                                  I know it is fixed in 2.6 but that is still development branch. I was running 2.6 on my lab but one of the snapshots nuked it. So that is a no go for now for me. I think (hope) that all the people running serious production environment also feel the same way about running 2.6 dev on their main firewall.

                                  The amount of people reporting this bug, here on the forum and reddit, and Netgate acknowledging it but doing basically nothing to fix it does concern me. Don't get me wrong, I love the software and I am still recommending and running it...but just the whole attitude about not fixing this on short term is very very frustrating. And (again) running 2.6 development branch is not the fix.

                                  1 Reply Last reply Reply Quote 3
                                  • 4 Offline
                                    4o4rh @stephenw10
                                    last edited by

                                    @stephenw10 I use pfsense at home, but I am working at home full-time since civod. I originally had my J1900 with legacy boot. When I upgraded to 2.5.0 I was down for a while I tried to figure out why the unit was failing (it had failed previously on a number of occasions).

                                    Despite using the auto-backup option I wasn't able to get configs for 2 weeks prior to the upgrade. In the end, I reformatted and used UEFI and ZFS and had to figure out the changes I had made in the 2 weeks prior (I was in the progress of cleaning rules during this time). I put in a 2nd WAN a couple of months before the upgrade, and everything was working fine.

                                    The whole family are on video conferences during lockdown often at the same time. With work and school from home, it is not safe or viable to put a development build on (even at home) now, and risk disrupting everyone's school and work from home.

                                    1 Reply Last reply Reply Quote 3
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      I hear you. I'm in that same situation. I'm just pointing out that this is not something we are deliberately not fixing, it's already fixed. It just hasn't made it to a release version yet.
                                      We are very aware of the problem.

                                      Steve

                                      Cool_CoronaC V 4 3 Replies Last reply Reply Quote 1
                                      • Cool_CoronaC Offline
                                        Cool_Corona @stephenw10
                                        last edited by

                                        @stephenw10 Is it fixed in pfsense+ or the 21.02 branch?

                                        1 Reply Last reply Reply Quote 0
                                        • V Offline
                                          vjizzle @stephenw10
                                          last edited by

                                          @stephenw10 Thank you for the update. I am glad to hear that you guys are very aware of the problem and I hope we see the much needed fix soon.

                                          1 Reply Last reply Reply Quote 0
                                          • 4 Offline
                                            4o4rh @stephenw10
                                            last edited by

                                            @stephenw10 I don't know if this is related to the same issue, but this only happens since the 2.5.1 upgrade. I switched the default route to using Single WAN instead of the GW, but I still have the following issue.

                                            Momentarily drops, most visible to the user when youtube videos or streaming are playing. There are periodic moments where it repeats a few second of video.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.