SG-3100 pfSense v2.4.4-p3 : Many sudden issues
-
Hi - as stated, I have an SG-3100, running v2.4.4-p3 and it's been stable, with no configuration changes for several months.
Today, I was having some sites have very slow DNS resolving and then some that wouldn't connect at all. I went to the pfSense GUI, which took a long time to open and was going to check the logs. The logs are missing with the message "No logs to Display". I rebooted, same error. I went to logs/settings and "reset log files", still no logs, although at one point, the error "vm_thread_new: kstack allocation failed" was displayed many times.
Other "new" issues: on the dashboard, message "unable to check for updates", under my auto config backups, none are listed and I have them auto-saved every 24 hours.
Any assistance would be appreciated! Thanks
-
we are already here:
https://forum.netgate.com/topic/154337/pfsense-2-4-5-release-p1-now-available/57this is not personalization, but it really is what many use
-
@DaddyGo said in SG-3100 pfSense v2.4.4-p3 : Many sudden issues:
https://forum.netgate.com/topic/154337/pfsense-2-4-5-release-p1-now-available/57
Thanks for the reply. Yes, I am aware of the release of 2.4.5, but haven't had time to go through the upgrade process.
I can upgrade, but I would like to know why my current system has become unstable and resolve any issue - unless the issue is 2.4.4-p3, which seems unlikely.
-
@newberger said in SG-3100 pfSense v2.4.4-p3 : Many sudden issues:
I would like to know why my current system has become unstable and resolve any issue - unless the issue is 2.4.4-p3, which seems unlikely.
The need or needing to upgrade ... why hesitates!
-
Hi,
I love your style, realy.....
who knows, but it may be precisely, because you don’t update (long ago)there are two kinds of people (my friend) who dares and who does not dare
but this makes no sense in informatics....we can talk about what we use, so we’re already here: 2.4.5-p1
these are not arrogant speeches, that is a fact and observe the other users as well
would you be worried, if it was a Windows update, probably not,
do the same with PfSense -
Is your disk full?
If DNS isn't working then the GUI, especially the dashboard, is slow as it waits until DNS timeouts happen. -
@teamits
I don’t think you need to encourage a colleague to debug an outdated system
we will never get out of the happy squirrel wheel, unless we move forward to the current version 2.4.5 -p1
+++++what’s the point of talking about - which no longer exists
-
@teamits hi - thanks for the reply. No, the disk is showing 12% usage.
-
I get your point but if his disk is full or corrupted it's unlikely upgrading will help or work.
We didn't upgrade any of our 2.4.4 to 2.4.5 because of the pf issue, and I'm waiting to see if 2.4.5p1's package installation issues get resolved. Old versions shouldn't just stop working.
Also @newberger if DNS isn't working then updates won't work either.
-
there are many changes since your current version 2.4.4
please update and don't be afraid
until then, it is pointless to talk about this, as your system will fundamentally change -
@teamits
become a security player and you will never get ahead
it’s a community stuff and we help with the development, with our stupid texts
-
For what its worth....
IMHO one cant make a user upgrade anytime a new release is out.
Its like making all windows servers update the version when a new version is released.
Making the previous versions unusable and unpatched.
A pfsense 2.2.6 does way better performance wise with IDS/IPS like snort/suricata.
I understand why people prefer a stable running system that performs well compared to what we have been through with the 2.4.5 release until they upgraded to p1.
On a 16 core system i currently push 300/300mbit/s on 2.4.5p1.
Same system with 2.2.6 and same rules in IDS, I push 910/945mbit/s.
So by forcing an update on people instead of making the eco system able to run several versions of pfsense, you are more or less forcing a potential error on everybody which is not good. To say the least....
-
Note I haven't said not to upgrade. By contrast the OP has said he/she gets "unable to check for updates." So is your suggestion to contact Netgate to get a copy of a current 3100 installer image, hook up a console cable, format, install, and restore config from backup (if possible, that was noted as a problem also)?
-
Thanks for the replies. I rebooted all of my hardware, modem, switch, SG-3100 and the problem is resolved. I can see my logs, my saved configurations, and the upgrade is shown as available. I've had this setup for 2 1/2 years and never had an issue with the modem/SG-3100 like that.
-
in an older post you said that you were brand new here - ok
for example, you didn't know who BBcan177 and what is his role in pfSense
I mean, you want to know more, but you have to learn firstread through the forum, you will see who the "great old people" are here.....
notice how many recommend running old versions.....(nobody)those who know pfSense from the inside - outside, they perform the update first
@Cool_Corona "Its like making all windows servers update the version when a new version is released."
No, no, no / for windows you have no choice, because you can only delay the update and if you don't do it in time, it could be a suicide!
it's a communiti version (pfSense) and not windows (profit oriented) so you get help here for free, but you also have to give it to the community......!!!
PS:
@Cool_Corona "On a 16 core system i currently push 300/300mbit/s on 2.4.5p1.
Same system with 2.2.6 and same rules in IDS, I push 910/945mbit/s."
(16 cores(???), make no sense on pfSense, just a force pointing show)otherwise there can be no such speed difference between versions, ergo you are doing something wrong
-
Tell me why 16 cores doesnt make sense on a 10gbit connection when using IDS/IPS?
-
for me this cannot be a case of debate
these are unreasonable things at SOHOsurely there is also a nuclear power plant in the garage to serve this muscular firewall + router unit
you can’t hunt sparrows with a cannon, but it’s your decision
I look at these things with a professional eye and you only experiment with pfSenseit has been my job for a long time and I think you're dealing with it as a hobby
this is not a problem anyway, but like I said - we are different