LAN malfunctions after upgrade 2.4.3 -> 2.4.4



  • Hi

    I have had a flawless upgrade for a long time but this time the upgrade broke 2 things.

    1. my physical console mutes after the initial FreeBSD boot menu and neither FreeBSD boot up messages nor pfSense menu appears. If I select the kernel.old during boot menu I get a console but a lot of stuff does not work due to kernel/app mismatch

    2. when the firewall gets up running I cannot communicate with it on it's LAN address but i can - through the LAN network - get to an firewall address on another OPT network! and hence get to both web and ssh interface. Now the strange thing: as soon as ssh logged in console runs tcpdump -i LAN | grep AnyTagThatDoesNeverAppear all connectivity in the LAN is restored until i stop tcpdump again !?!?
      It is as if the promiscuous mode set up by tcpdump wakes up the firewalls LAN config and enables the endpoint. From the ssh session all network connectivity works.

    Any ideas ?
    Is there any way to get safely back to 2.4.3-RELEASE ?
    Basically I'm halfway bricked :-O

    Claus



  • You really should read the update announcement, release notes and upgrade guide! It's not that hard and prevents/solves some problems.



  • @grimson I get you and would normally do if I were to fiddle with files directly - but the upgrade appears as a failsafe one-click option and I only selected stable releases...



  • @grimson Just checked the announcement
    https://www.netgate.com/blog/pfsense-2-4-4-release-now-available.html
    and i don't see what I could have done differently - I have no packs and I did a full config backup.

    Do you have any clues to what is hitting me ?



  • Does anyone else have a clue to why the LAN interface is not recognized by the firewall until a tcpdump.exe is attached ?

    I tried to find 2.4.3-RELEASE for download on the net but I don't seem to be able to find anything but 2.4.4. and 2.3.2.
    I did do a backup while running 2.4.3-RELEASE before upgrading so I guess I should be able to install that one and then restore the backup ?

    Thanks
    Claus



  • I just tried to use tcpdump -p -i LAN and that does NOT fix the issue - so setting LAN into promiscuous mode is what does the trick/hack



  • I scrutinized the https://www.netgate.com/docs/pfsense/install/upgrade-guide.html#upgrading-from-versions-older-than-pfsense-2-4-4 and the kern.vty=sc trick fixed my muted console :-) I tried to reselect the default gateway but my LAN interface still needs to be in promiscuous mode to allow LAN hosts to communicate with firewall. Routing to other network segments still work and allow me to communicate with firewall on its address in a non-LAN segment.



  • After adding the two descriptions to the lagg's it started working without promiscuous mode :-O
    Apparently that reset something in the system

    <laggs>
            <lagg>
                <members>em0,em1</members>
                <descr><![CDATA[WANLAGG]]></descr>
                <laggif>lagg0</laggif>
                <proto>lacp</proto>
            </lagg>
            <lagg>
                <members>em2,em3</members>
                <descr><![CDATA[LANLAGG]]></descr>
                <laggif>lagg1</laggif>
                <proto>lacp</proto>
            </lagg>
        </laggs>
    

    This helped me getting some clues
    https://forums.freebsd.org/threads/interface-wont-work-without-promiscuous-mode-after-changing-mac-address.49518/#post-403611