2.4 is it stable enough?



  • Hi!

    I really want to use squidanalyzer but it seems that is not working with 2.3.4…

    What you think is it stable enough for home use?

    Can I restore configurations from 2.3.4?


  • Rebel Alliance Developer Netgate

    2.4-RC is stable, yes, for any purpose.

    You can restore a 2.3.x (or any older) configuration to 2.4-RC. Or upgrade in-place.

    That said, squidanalyzer is not an official package so whatever you do to install that may make your firewall unstable through no fault of pfSense.



  • Thx… I really can't understand why I did not remember that I can choose branch at update settings  :o :-[ :-[



  • @jimp:

    2.4-RC is stable, yes, for any purpose.

    Really? I'm getting terrible download/upload speeds with 2-4-RC compared with 2.3.4 using the exact same configuration. It's worst with my VPN – 50%-80% speed degradation (e.g., 20 Mbps on a 75Mbps connection.) I'm getting a 20% speed degradation when not using the VPN. Also see very high RTT and RTTds times for the WAN and VPN Gateways. It was suggested that the problem is that I can't turn on AES-NI and Hardware Acceleration at the same time, but that wouldn't affect non-VPN speeds and I found that Hardware Acceleration on or off makes no difference to VPN speeds in 2.3.4.

    2-4-RC is unusable for me. Something isn't right.

    If you have a spare drive I'd suggest putting 2-4-RC on it so you don't have to reinstall 2.3.4 if you have to backtrack.



  • I've been running the RC release for a couple of weeks now and everything seems rock solid so far. I run a number of services including Squid (proxy and ClamAV), Snort IDS/IPS, OpenVPN, plus the usual DHCP, Traffic shaping etc. All been working great! I don't have a very fast connection at 40/10 but even the Celeron847 in my system is coping well only maxing out when downloading steam games. My RTT and RTTds times sit around 5ms and 2ms even under heavy load.

    I cant comment on squidanalyzer but lightsquid is certainly working fine for me.



  • @jmdixon85:

    I've been running the RC release for a couple of weeks now and everything seems rock solid so far.

    Thanks for the feedback. I could be wrong, but this leads me to believe that something in 2.4.0RC or its version of FreeBSD isn't fully compatible with my Zoltac ZBOX C1327. Is anyone running 2.4.0RC successfully on a ZBOX? If so, which model? I believe the firmware is different in the various models, so the performance problem could be specific to the C1327. I would have gotten the more proven C1323 but couldn't find one anywhere.

    Since speed on VPN and non-VPN connections is affected, and RTT/RTTsd times on both are degraded, it could be an issue with NIC I/O. Is there a diagnostic I can use to track this down?


  • Rebel Alliance Developer Netgate

    @peppersass:

    Is there a diagnostic I can use to track this down?

    Start your own thread with a specific subject, don't use this one that is not related to your problem.



  • @jimp:

    Start your own thread with a specific subject, don't use this one that is not related to your problem.

    Sorry. Actually, I did start a thread on this subject last week. Need to update it with what I found about crypto acceleration. Maybe you could comment?