Upgrade from 2.4.4 -> 2.5 no networking



  • Has anyone had any issues with the upgrade from 2.4.4->2.5. I have tried it on 2 boxes so far, both with quad intel nics (em) and both times it resulted in not being able to see any network traffic on any interfaces. Disabling pf with 'pfctl -d' doesnt help and I dont see anything when I 'tcpdump -e -i emX', apart from outbound traffic from the firewall. Yes the links are up on the interfaces, the speed is negotiated fine, and the nic logical to physical mappings are correct. All i did to upgrade was run "/usr/local/sbin/pfSense-upgrade" from the shell and reboot. Am i missing a step, or is this a known issue? Luckily thanks to zfs and beadm rolling back was very easy.


  • Rebel Alliance Developer Netgate

    No problems that we're aware of. Do you have any traffic shaping active? There have been reports of issues with Limiters causing traffic to not pass. That doesn't seem to match your symptoms though since that traffic would still have arrived in a packet capture.

    If both of your systems have the same card, it might be a problem with the driver for that specific chipset.



  • Thanks for the reply i will have another go at the weekend, when downtime is less critical. No there was not traffic shaping and its the intel em driver so should be rock solid i would have thought. I might try disabling checksums to see if that helps.


  • Rebel Alliance Developer Netgate

    They usually are solid, assuming they are legit cards. There are a lot of counterfeit cards out there being passed off as Intel that tend to fail in unexpected ways like this.



  • Tried again and still the same

    I might well be being hit by this bug. This will probably affect quite a few of those Chinese pfsense boxes off amazon.

    https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219428

    8(

    : pciconf -lv|grep Gigabit
        device     = '82583V Gigabit Network Connection'
        device     = '82583V Gigabit Network Connection'
        device     = '82583V Gigabit Network Connection'
        device     = '82583V Gigabit Network Connection'
        device     = '82583V Gigabit Network Connection'
        device     = '82583V Gigabit Network Connection'
    

    this might speed up my idea to virtualize pfsense on this box


  • LAYER 8 Netgate

    Small point of contention: there are no Chinese pfSense boxes sold on Amazon. There might be Chinese boxes sold on Amazon that people try to run pfSense on.



  • OK i have found a fix, well it seems to work at the moment. Time will tell if it lasts..

    Definately related to this
    https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235147

    adding the following to loader.conf and rebooting seemed to work

    hw.pci.enable_msix=0

    This will catch quite a lot of people out I suspect. Both bits a kit I saw this happen were partaker mini pfsense firewall boxes. They are fairly common out there. One is the 6 port i5 version and the other is the older 4 port j1900 .


  • LAYER 8 Netgate

    I see my point is lost on you.



  • @Derelict

    Well both of mine shipped with it installed so logically im correct, that doesnt mean they are officially supported or branded as such now does it? Hence why i didnt put a tm symbol on the sentence? That is beside the point though, a lot of people out there do run it, and when they upgrade....



  • This one to related to that same interface type. Which references the second link above.

    https://redmine.pfsense.org/issues/9414

    Not to beat a dead horse but this is why using development snapshots for production environments is not recommended. However Im sure the extra testing and reports are greatly appreciated. :)



  • @Derelict

    Not at all, this is a preproduction test environment, but it does have other users, that kind of test things so uptime during business hours is still as important, but not critical. Most individuals test environments are virtual, so this issue hand not being picked up due to it being hardware based.



  • Having the same trouble. After upgrading, the second re1 stopped working as soon as bsd loaded. I tried re-installing, but formatting re-installing didn't help because pfsense downloaded the latest version which disabled the second nic, again!. ifup re1 didn't work. I could see that I had a physical link, until bsd loaded and before the firewall software loaded up. The problem appears to be BSD and not pfsense. I can't install packages because 2.4.3 is looking for an upgrade and, frankly, I really don't want suffer the same trouble on a production system. Any help here would be appreciated. Not the way I wanted to spend my saturday afternoon.

    I ended up installing on a completely different system.

    Thanks


Log in to reply