pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!
-
@captainjackla said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
All Available Packages show up, but it still won't install any that I select, I tried 5 or 6.
Are you allowing IPv6? I had to go to System / Advanced / Networking and uncheck the "Allow IPv6" box for the package manager to work. There are other reports of this issue on 2.4.5... seems to work ok after the 2.5 upgrade with IPv6 allowed.
Also, similar to another post on this forum, DNS was flakey after the upgrade and I had to re-run the network setup wizard to get things up and running. Not sure if a reboot would have fixed that issue as well, but the setup wizard retains all settings.
-
@funky-d
I never use IP6 so its always unchecked. I have 3 or 4 other sites with 2.4.5 that use OpenVPN and package manager was not an issue.I will not upgrade any firewall until 2.5.1 comes out and tested. So it seems that I have 2 different issues.
-
Ok I couldn't wait.. So I booted usb with 21.02 on it - but could not get switched over to ZFS.. It wouldn't boot... Might help if I did a bit of research before just clicking go ;)
So anyhoo - I just did UFS from the usb, it loaded my config that I had put on the usb.. And I am up and running.. Looks like everything is working.. HAproxy is working, freerad is working. My vpn connection to my vps came up. My HE tunnel came up.. There was one package it couldn't install because its not in the 2.5
I will have to read over the docs on migration from UFS to ZFS..
It took a bit to reinstall my packages - but didn't have to reconfigure anything..
-
WAN interface for CE 2.5.0 with static IP configuration using a non-local IP gateway is just showing as offline (upgraded from 2.4.5), re-created another VM (2.4.5) no extra packages installed and upgraded to 2.5.0 using the GUI, same issue, it's somehow unable to contact the gateway.
-
@edmund
I have the same situation on my SG-2440. I've tried all kind of things and can't keep my WAN up for more than 5 minutes at a time. I have Verizon FiOS w/ DHCP. Interestingly, I'm able to use another consumer router to interface with FiOS and it's LAN port going into my SG-2440's WAN port results in a stable connection. Not ideal but at least a temporary workaround. -
I also upgraded 2 of my boxes, all good.
But, as always, I will reinstall 2.5.0 from scratch anyway, I like to refresh them from time to time. -
@peter-fyri said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
I also upgraded 2 of my boxes, all good.
But, as always, I will reinstall 2.5.0 from scratch anyway, I like to refresh them from time to time.Great idea. I am going to try that tomorrow with my test box. See if 2.5 will work and if I can get Package Manager to work, I need VPN installed.
-
@captainjackla
When I upgraded, on one of the boxes, I had 2 OpenVPN servers set up, which fortunately continued working after the upgrade. -
I have a cron job which runs every minute to update the SG3100 LEDs based on the gateway status. It no longer seems to do anything in 21.02. No errors when run explicitly on the console -- but the LEDs remain unchanged (circle dark, square dark, diamond flashing blue).
#!/bin/tcsh # # This script updates the SG-3100 device's first LED with gateway status # # php /usr/local/sbin/pfSsh.php playback gatewaystatus # set gw = `/usr/local/bin/php /usr/local/sbin/pfSsh.php playback gatewaystatus | grep WAN ` set gwping = `echo $gw | awk '{ ORS=" "; print $6 }' ` set gwstatus = `echo $gw | awk '{ ORS=" "; print $7 }' ` # based on gwstatus, set color of first LED # led a - led b - led c # 6 7 8 - 3 4 5 - 0 1 2 switch ($gwstatus) case "none": case "Online": /usr/sbin/gpioctl 6 duty 0 /usr/sbin/gpioctl 7 duty 1 /usr/sbin/gpioctl 8 duty 0 breaksw case "down": case "Offline": /usr/sbin/gpioctl 6 duty 10 /usr/sbin/gpioctl 7 duty 0 /usr/sbin/gpioctl 8 duty 0 breaksw case "highloss": case "loss": case "highdelay": case "delay": case "Warning": /usr/sbin/gpioctl 6 duty 10 /usr/sbin/gpioctl 7 duty 1 /usr/sbin/gpioctl 8 duty 0 breaksw default: /usr/sbin/gpioctl 6 duty 0 /usr/sbin/gpioctl 7 duty 0 /usr/sbin/gpioctl 8 duty 128 endsw
-
Figured it out -- apparently my LEDs are now /dev/gpioc2 after the upgrade -- when before they were the default /dev.gpioc0. Whatever.
-
I upgraded a few mintues ago, after the message counting down "rebooting" in 90 seconds, it kept on re-setting 20 seconds. This happened at least twice. Then I clicked on the "pfsense" icon on the top left hand side, logged on again and I saw version 2.50. so really pretty good upgrade.
Memory usage is up, but having 8 GB RAM, so this is not a problem. Internet seems more sprightly and speed-test is slightly better. Overall smooth. -
@funky-d - good point, the 21.02 release appears to have made many internal changes that can cause problems. Anyone updating may have to spend a lot of time reconfiguring everything to get it working again. They seem to deleted the IPV4 support in this "downgrade"
-
Make hardware probes to get counted in statistics like this was done by OPNsense users.
-
@waqar-uk said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
after the message counting down "rebooting" in 90 seconds, it kept on re-setting 20 seconds
I haven't installed 2.5 yet but based on upgrades on prior versions like 2.4.x the timing is heavily dependent on hardware, for example disk write speed. On base level 2100s and 3100s we generally allow 10 minutes before even thinking about starting to worry. I suspect the timer is something to look at so the person doesn't get a "can't connect" browser error, panic, and pull power during the upgrade.
-
Upgraded to 2.5.0 from 2.4.5p1 yesterday and everything went smooth. Upgrade took about 5 minutes and system came right back up. All packages and services working as expected. I've been using pfSense since the 2.3.x branch on a Supermicro 5018D-FN8T 1U server and all upgrades since then have gone smoothly.
With this latest release I get the impression that network throughput has improved a little bit, although that is based mostly on anecdotal evidence right now by running a few internal internal (routing between two 10Gbit LAN subnets) and external (e.g. speedtest.net) speed tests since the upgrade.
The only issue I have run into are ping spikes that appear to get worse if I increase the velocity of ping packets.
https://forum.netgate.com/topic/160974/upgraded-to-2-5-0-now-seeing-ping-spikes
I have reviewed and changed my hardware tuning parameters a little bit and this appears to have helped somewhat by making the spikes last frequent at lower velocities. The issue still persists, however, but thankfully I have no evidence right now that this is a general problem affecting all traffic (e.g. including TCP, UDP, etc.). Could ICMP packets be getting de-prioritized somehow?
On a related note, I also want to call out that there have been some fairly significant changes to how FreeBSD 12 handles NIC driver interfacing with the OS kernel compared to older versions. For instance, FreeBSD now uses a framework called
iflib
:The em driver has also been updated, please see the following:
https://forums.freebsd.org/threads/freebsd-12-sysctl-system-parameters.78806/
If you're like me and have a lot of hardware tunables set, it is worth reviewing them after the upgrade as some of them 1. may no longer be supported, or 2. may now have be set through
iflib
. For example, this will be the case if you have a system that uses Intel NIC's and theigb
driver. -
@froussy said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just upgraded my sg-5100 to 21.02.. had to downgrade to 2.4.5.. IPSec tunnel keep dropping, even recreating them :(
I upgraded my SG-5100 from 2.4.5-p1 to 21.02 and my OpenVPN has stopped working. Currently troubleshooting and considering a downgrade back to 2.4.5-p1...
It's just a vanilla VPN connecting to NordVPN, and I used their comprehensive documentation to set it up (pfSense 2.4.4 VPN setup)
-
SG-3100 wont stay online more than an 1hr after the upgrade. Broken release!
-
@sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
@froussy said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just upgraded my sg-5100 to 21.02.. had to downgrade to 2.4.5.. IPSec tunnel keep dropping, even recreating them :(
I upgraded my SG-5100 from 2.4.5-p1 to 21.02 and my OpenVPN has stopped working. Currently troubleshooting and considering a downgrade back to 2.4.5-p1...
It's just a vanilla VPN connecting to NordVPN, and I used their comprehensive documentation to set it up (pfSense 2.4.4 VPN setup)
OpenVPN server or client ?
-
@chudak said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
OpenVPN server or client ?
OpenVPN client
-
I saw the following issues with the recent update:
My WAN connection was set to a fixed rate running over a CAT5 cable. I would get some minor errors at 100baseT but everything has worked for years now. But the update forces the interface to autoset the rate so it failed repeatedly by switching to 1000baseT and failing. The new interface driver doesn't seem to support 100baseT fixed rate well. Opening all the doors across the building and running a CAT6 cable across the building got it working but I now have to move everything.
The internal network is IPv4 and used the pfsense DNS service, the update appears to have replaces the IPv4 DNS service with an IPv6 service so everyone lost access to the internet. I've turned on DNS forwarding and it seems to have solved the problem although I'm concerned this means that there may be potential a security risk until I can get control over DNS back in house.
-
@teamits
I have a core i5-5250U with a SATA kingston 120 GB SSB Qotom that is connected to a UK /virgin media 100 Mbit connection. This is the first time it behaved like this. I have been using pfsense since version 2.2. All NIC's are 1 Gbit Ethernet.
-
My upgrade went smooth on SG5100. I can see pfsense + on dashboard. I can see a slow UI response but hopefully that will go away.
All of my services are working fine;
Thanks for the good stuff.
-
So I made a new flash drive with 2.5.0 from my Mac, tried to install it on the same Mac Mini I have been testing. It would not boot from it, the EFI Boot option was not there like it is with 2.4.5 flash drive. Reworked the flash drive, same issue.
I went ahead and installed 2.4.5 again, left all defaults, setup my LAN, DHCP and WAN. All working fine. Then I did the upgrade feature, this time watching it work from the other screen that shows the entire process. It did get stuck once on # 15/212 Extracting Python, but 5 minutes later it finished that line. The entire upgrade took about 20 minutes until I can boot and login to the GUI screen.
I checked again my LAN, DHCP and WAN settings, all looked good. And I am getting internet, and speed test was normal [400/400]
So for the Mac maybe this upgrade to 2.5.0 takes longer and I didn't let it finish the first time I tried it. But so far 15 minutes later, and I am doing a constant ping out to 8.8.8.8, no issues yet.
-
Thank you for the good news. I have upgraded my pfSense router running CE to 2.5 last night and all Working fine on Odyssey x86 (Spare). I will upgrade my main router running on Exsi VM ones I am satisfied that itās working fine.
-
@bldnightowl what need to be update in the script to fix the issue? Thanks
-
@mikesamo By default gpioctl uses /dev/gpioc0 -- turns out that's not always the right LED device. In my case, it's now /dev/gpioc2.
gpioctl -f /dev/gpioc2 ...
-
Remotely updated 2.4.5 to 2.5 on Netgate RCC-VE 4860 and everything is dead.
Will go on site to ... diagnose.Regards
-
@1eyebrow - Check the DNS, this update seems to have made many changes that may affect IPv4 configurations that have worked for years. I suspect that all the development was done in an IPv6 environment, not IPv4.
-
@edmund Could be, I have on the device 3 WANs on different ISPs, but no joy (ipv4), it seams that I have to go pet the device :)
-
@sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
my OpenVPN has stopped working
OpenVPN client
Check around Data Encryption Negotiation, Data Encryption Algorithms and Fallback Data Encryption Algorithm. But first of all check your OpenVPN log (assuming you have the necessary verbosity set).
-
@andrewz thanks for the suggestions. I actually did all that yesterday for quite a while, but seemed to also have DNS issues etc, so have re-installed 2.4.5-p1 and restored a backup.
Re-install and restore was a challenge in itself since I run pfBlockerNG. Had to reinstall packages manually before the restore, and make sure it was using the right repo.
-
@sebm - Mine "worked" initially but then quit after 12 hours - I think the cache emptied. I went to the DNS resolver settings and checked the box that says "Use SSL/TLS for outgoing DNS queries..." and it's working now.
-
@edmund Thanks for adding this info. I was planning to upgrade again in a week or two once Iāve gathered enough troubleshooting data from others, so this will be useful.
-
I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:
Loading configured modules... canāt find ā/etc/hostidā /boot/entropy size=0x1000 -
Then nothing.
I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.
-
@plfinch said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:
Loading configured modules... canāt find ā/etc/hostidā /boot/entropy size=0x1000 -
Then nothing.
I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.
not sure but maybe this is related https://twitter.com/NetgateUSA/status/1362791245546946561 ?
-
@plfinch
Where did you get the 21.02 image? I have the same device and mine updated to 2.5.0 instead of 21.02. How do I get the 21.02 download link? -
@jeffv said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Where did you get the 21.02 image?
If you want an actual image to do a clean install with - open a ticket with netgate, they will send you a link to image very quickly.. Took a whole 28 minutes the other day during the drop of new, while I am sure they are quite busy with legit tickets and not just requests for images.
If you updated to 2.5 vs 21.02 - you were prob running the CE version on your netgate appliance vs the FE (factory edition)..
-
One big mess after upgrading to 2.5 with named/Bind, this is it, I am done with PFsense Netgate. I have those Issues with conflicting rndc ports between named and unbound for years forcing me to run the named/bind rndc port on a virtual IP instead of localhost/172.0.0.1 I am migrating to OPNSense now, bye bye PFSense
-
Update !
The issue is de Bind package,
[1/5] Installing protobuf-3.13.0,1...
[1/5] Extracting protobuf-3.13.0,1: .......... done
[2/5] Installing protobuf-c-1.3.2_6...
[2/5] Extracting protobuf-c-1.3.2_6: .......... done
[3/5] Installing fstrm-0.6.0...
[3/5] Extracting fstrm-0.6.0: .......... done
[4/5] Installing bind916-9.16.11...
[4/5] Extracting bind916-9.16.11: .......... done
[5/5] Installing pfSense-pkg-bind-9.16_9...
[5/5] Extracting pfSense-pkg-bind-9.16_9: .......... done
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...rndc: connect failed: 10.17.19.1#8953: timed outThe install procedure (resync config command) is trying to find de rncd port on the interface Bind/Named is bind to in my configuration (a virtual IP address) but I guess it is bind to 127.0.0.1 instead failing the installation/upgrade
Sucks Big Time because I have a very big and complex bind configuration with Acme integration, and have have this rndc issues for years now.
So this sucks big time for me !!
-
@dennis_s said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.
Everything would go much better if the upgrade process made a backup automatically and offered users the ability to quickly return to the previous release when they run into problems. I would see this as a major feature.