pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!
-
Thanks.
I disabled pfBLockNG and DNSBL and attempted manual suricata update.
Unfortunately, I get the same error message -
@elvisimprsntr said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Thanks.
I disabled pfBLockNG and DNSBL and attempted manual suricata update.
Unfortunately, I get the same error messageI've duplicated the error in my VM, and the answer is not good. It's not a problem with the Suricata package. Instead, it appears the Snort team has changed the Community Rules to work with only with Snort3 now. The old URL (filename, actually) no longer works, and the new community rules file is named "snort3-community-rules.tar.gz".
-
Thanks for the detective work!
I guess there is not workaround other than wait for a package update
-
@elvisimprsntr said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Thanks for the detective work!
I guess there is not workaround other than wait for a package update
Well, first I need to check and test if those rules will even work in Snort 2.x. If they have rewritten the rules to use any Snort3-specific syntax, then they won't work in Snort 2.x binaries anymore.
-
I have 2 minor issues.
1 - igb driver looks like it had a replacement, different sysctl's etc. I noticed its unstable when checksums are off, fixed by turning on (was off from som etesting I did a while ago and forgot to turn back on).
2 - For some reason the LAN rule page is slow to load, slow after save, apply also, WAN and other rule pages are fine.Everything else at first glance seems ok.
-
Just for kicks, I enable use snort custom URL on the on the suricata global settings tab and pasted the v3 community rules URL and performed a manual update.
https://www.snort.org/downloads/community/snort3-community-rules.tar.gz
The update worked. I can't tell is the rules are actually working.
-
@elvisimprsntr said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just for kicks, I enable use snort custom URL on the on the suricata global settings tab and pasted the v3 community rules URL and performed a manual update.
https://www.snort.org/downloads/community/snort3-community-rules.tar.gz
The update worked. I can't tell is the rules are actually working.
I believe all (or nearly all) of the Community Rules are default disabled out-of-the-box by the creator (Talos). So they are actually not loading. Open up and look at the file and you will see the comment character ("#") in front of each rule. That means it is not processed by the Snort or Suricata engine.
To really test compatibility, you would need to remove the comment and enable each rule. I'm researching now to see if these new rules are backwards compatible.
Let's take the discussion out of this thread and instead post any further replies and updates to a new thread that has opened in the IDS/IPS sub-forum. This is not an issue with the new pfSense releases. It is an externally-caused problem.
-
@elvisimprsntr
I don’t think snort3 rules will work with Suricata. Please extract from my pfSense settings
Hope it helps
-
I disable use custom URL and performed a manual update.
seems to have download the v2 rules now.
-
This issue is now resolved. It was a problem on the Snort/Talos side. They accidentially omitted the old file. It is restored now and updates will work in both Snort and Suricata.
-
@bmeeks
Just an hour ago Snort GPLv2 rules wouldn’t update. Now downloaded successfully. -
@brians I'm seeing the same isssue. anyone have an idea?
-
I do Clouds and am not involved with pfsense much. But this upgrade has been a single disaster for me bc I lost my Snort in this, the paid one, and thats the only reason I went with Netgate/pfsense in the first place.
I cant rollback because the tarballs for the 2.4.x have disappeared, I cant find them.
So Im writing this product off as loss, wish it was managed with a more foresight instead of becoming the low-yield nuke that it is.
-
@jkaukenen said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
tarballs for the 2.4.x have disappeared
If you open a ticket with Netgate they'll send you a firmware download. If you downgrade make sure to change the version in System/Upgrades before installing packages.
Totally sympathize. With almost everything I wait a bit after release to see if there are issues.
-
I feel your plight. That's why I keep backups of images.
-
@teamits thank you. I did open a ticket and I was successful in loading the 2.4.5.1, and got my SNORT back....so I am very happy. thanks -
-
@chopsuey172
re: ipSEC... look on there and apply those six patches.https://www.provya.com/blog/pfsense-2-5-0-bugs-and-fixes-after-upgrade/#ipsec-problems-pfsense
-
Just had the same issue on my sg-1100 about an hour ago. Didn't have time to retry the update. Has anyone come across any further info about this one? I'm just starting to search through the forums for ideas myself.
Thanks
-
@pzanga said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just had the same issue on my sg-1100 about an hour ago. Didn't have time to retry the update. Has anyone come across any further info about this one? I'm just starting to search through the forums for ideas myself.
Thanks
I haven't had any more luck but I found this and I believe it may be related. I have a VM running 2.5.0 and unbound runs, but on the SG-1100 it won't even start and it looks like the version of unbound is different between those two.
https://forum.netgate.com/topic/161313/21-02-release-unable-to-force-unbound-upgrade-to-1-13-1
-
ISSUE WITH UPGRADE - Netgate SG-3100
OPENVPN client on Netgate SG-3100 issue with portfowarding traffic from OVPN interface.
-
Given the issues widely reported on the forum with 2.5.1, is there a release schedule for 2.5.2?
-
@gwaitsi said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Given the issues widely reported on the forum with 2.5.1, is there a release schedule for 2.5.2?
So it's not advisable to upgrade from 2.5.0 to 2.5.1?
-
@kevindd992002 if you have a multi-wan use case, you might want to read the posts from other users who have posted on it and specifically the fix not available via a patch.
-
@gwaitsi said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
@kevindd992002 if you have a multi-wan use case, you might want to read the posts from other users who have posted on it and specifically the fix not available via a patch.
I only have single WAN but I use an IPSec S2S connection that can serve as a gateway for some of my local traffic. Hopefully, that is not affected.
-
@dylan-fraser said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
ISSUE WITH UPGRADE - Netgate SG-3100
OPENVPN client on Netgate SG-3100 issue with portfowarding traffic from OVPN interface.
I run OpenVPN on generic router box and had no issues with 2.5.x releases.
I would assume that for Netgate SG-3100 issue it'd be addressed by Netgate guys quickly. Do we have a confirmed bug for this problem in the tracking system ? -
Unpinned by
dennis_s
