pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!
-
I have a cron job which runs every minute to update the SG3100 LEDs based on the gateway status. It no longer seems to do anything in 21.02. No errors when run explicitly on the console -- but the LEDs remain unchanged (circle dark, square dark, diamond flashing blue).
#!/bin/tcsh # # This script updates the SG-3100 device's first LED with gateway status # # php /usr/local/sbin/pfSsh.php playback gatewaystatus # set gw = `/usr/local/bin/php /usr/local/sbin/pfSsh.php playback gatewaystatus | grep WAN ` set gwping = `echo $gw | awk '{ ORS=" "; print $6 }' ` set gwstatus = `echo $gw | awk '{ ORS=" "; print $7 }' ` # based on gwstatus, set color of first LED # led a - led b - led c # 6 7 8 - 3 4 5 - 0 1 2 switch ($gwstatus) case "none": case "Online": /usr/sbin/gpioctl 6 duty 0 /usr/sbin/gpioctl 7 duty 1 /usr/sbin/gpioctl 8 duty 0 breaksw case "down": case "Offline": /usr/sbin/gpioctl 6 duty 10 /usr/sbin/gpioctl 7 duty 0 /usr/sbin/gpioctl 8 duty 0 breaksw case "highloss": case "loss": case "highdelay": case "delay": case "Warning": /usr/sbin/gpioctl 6 duty 10 /usr/sbin/gpioctl 7 duty 1 /usr/sbin/gpioctl 8 duty 0 breaksw default: /usr/sbin/gpioctl 6 duty 0 /usr/sbin/gpioctl 7 duty 0 /usr/sbin/gpioctl 8 duty 128 endsw -
Figured it out -- apparently my LEDs are now /dev/gpioc2 after the upgrade -- when before they were the default /dev.gpioc0. Whatever.
-
I upgraded a few mintues ago, after the message counting down "rebooting" in 90 seconds, it kept on re-setting 20 seconds. This happened at least twice. Then I clicked on the "pfsense" icon on the top left hand side, logged on again and I saw version 2.50. so really pretty good upgrade.
Memory usage is up, but having 8 GB RAM, so this is not a problem. Internet seems more sprightly and speed-test is slightly better. Overall smooth. -
@funky-d - good point, the 21.02 release appears to have made many internal changes that can cause problems. Anyone updating may have to spend a lot of time reconfiguring everything to get it working again. They seem to deleted the IPV4 support in this "downgrade"
-
Make hardware probes to get counted in statistics like this was done by OPNsense users.
-
@waqar-uk said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
after the message counting down "rebooting" in 90 seconds, it kept on re-setting 20 seconds
I haven't installed 2.5 yet but based on upgrades on prior versions like 2.4.x the timing is heavily dependent on hardware, for example disk write speed. On base level 2100s and 3100s we generally allow 10 minutes before even thinking about starting to worry. I suspect the timer is something to look at so the person doesn't get a "can't connect" browser error, panic, and pull power during the upgrade.
-
Upgraded to 2.5.0 from 2.4.5p1 yesterday and everything went smooth. Upgrade took about 5 minutes and system came right back up. All packages and services working as expected. I've been using pfSense since the 2.3.x branch on a Supermicro 5018D-FN8T 1U server and all upgrades since then have gone smoothly.
With this latest release I get the impression that network throughput has improved a little bit, although that is based mostly on anecdotal evidence right now by running a few internal internal (routing between two 10Gbit LAN subnets) and external (e.g. speedtest.net) speed tests since the upgrade.
The only issue I have run into are ping spikes that appear to get worse if I increase the velocity of ping packets.
https://forum.netgate.com/topic/160974/upgraded-to-2-5-0-now-seeing-ping-spikes
I have reviewed and changed my hardware tuning parameters a little bit and this appears to have helped somewhat by making the spikes last frequent at lower velocities. The issue still persists, however, but thankfully I have no evidence right now that this is a general problem affecting all traffic (e.g. including TCP, UDP, etc.). Could ICMP packets be getting de-prioritized somehow?
On a related note, I also want to call out that there have been some fairly significant changes to how FreeBSD 12 handles NIC driver interfacing with the OS kernel compared to older versions. For instance, FreeBSD now uses a framework called
iflib:The em driver has also been updated, please see the following:
https://forums.freebsd.org/threads/freebsd-12-sysctl-system-parameters.78806/
If you're like me and have a lot of hardware tunables set, it is worth reviewing them after the upgrade as some of them 1. may no longer be supported, or 2. may now have be set through
iflib. For example, this will be the case if you have a system that uses Intel NIC's and theigbdriver. -
@froussy said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just upgraded my sg-5100 to 21.02.. had to downgrade to 2.4.5.. IPSec tunnel keep dropping, even recreating them :(
I upgraded my SG-5100 from 2.4.5-p1 to 21.02 and my OpenVPN has stopped working. Currently troubleshooting and considering a downgrade back to 2.4.5-p1...
It's just a vanilla VPN connecting to NordVPN, and I used their comprehensive documentation to set it up (pfSense 2.4.4 VPN setup)
-
SG-3100 wont stay online more than an 1hr after the upgrade. Broken release!
-
@sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
@froussy said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
Just upgraded my sg-5100 to 21.02.. had to downgrade to 2.4.5.. IPSec tunnel keep dropping, even recreating them :(
I upgraded my SG-5100 from 2.4.5-p1 to 21.02 and my OpenVPN has stopped working. Currently troubleshooting and considering a downgrade back to 2.4.5-p1...
It's just a vanilla VPN connecting to NordVPN, and I used their comprehensive documentation to set it up (pfSense 2.4.4 VPN setup)
OpenVPN server or client ?
-
@chudak said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:
OpenVPN server or client ?
OpenVPN client
-
I saw the following issues with the recent update:
My WAN connection was set to a fixed rate running over a CAT5 cable. I would get some minor errors at 100baseT but everything has worked for years now. But the update forces the interface to autoset the rate so it failed repeatedly by switching to 1000baseT and failing. The new interface driver doesn't seem to support 100baseT fixed rate well. Opening all the doors across the building and running a CAT6 cable across the building got it working but I now have to move everything.
The internal network is IPv4 and used the pfsense DNS service, the update appears to have replaces the IPv4 DNS service with an IPv6 service so everyone lost access to the internet. I've turned on DNS forwarding and it seems to have solved the problem although I'm concerned this means that there may be potential a security risk until I can get control over DNS back in house.
-
@teamits
I have a core i5-5250U with a SATA kingston 120 GB SSB Qotom that is connected to a UK /virgin media 100 Mbit connection. This is the first time it behaved like this. I have been using pfsense since version 2.2. All NIC's are 1 Gbit Ethernet.
-
My upgrade went smooth on SG5100. I can see pfsense + on dashboard. I can see a slow UI response but hopefully that will go away.
All of my services are working fine;
Thanks for the good stuff.
-
So I made a new flash drive with 2.5.0 from my Mac, tried to install it on the same Mac Mini I have been testing. It would not boot from it, the EFI Boot option was not there like it is with 2.4.5 flash drive. Reworked the flash drive, same issue.
I went ahead and installed 2.4.5 again, left all defaults, setup my LAN, DHCP and WAN. All working fine. Then I did the upgrade feature, this time watching it work from the other screen that shows the entire process. It did get stuck once on # 15/212 Extracting Python, but 5 minutes later it finished that line. The entire upgrade took about 20 minutes until I can boot and login to the GUI screen.
I checked again my LAN, DHCP and WAN settings, all looked good. And I am getting internet, and speed test was normal [400/400]
So for the Mac maybe this upgrade to 2.5.0 takes longer and I didn't let it finish the first time I tried it. But so far 15 minutes later, and I am doing a constant ping out to 8.8.8.8, no issues yet.
-
Thank you for the good news. I have upgraded my pfSense router running CE to 2.5 last night and all Working fine on Odyssey x86 (Spare). I will upgrade my main router running on Exsi VM ones I am satisfied that it’s working fine.
-
@bldnightowl what need to be update in the script to fix the issue? Thanks
-
@mikesamo By default gpioctl uses /dev/gpioc0 -- turns out that's not always the right LED device. In my case, it's now /dev/gpioc2.
gpioctl -f /dev/gpioc2 ... -
Remotely updated 2.4.5 to 2.5 on Netgate RCC-VE 4860 and everything is dead.
Will go on site to ... diagnose.Regards
-
@1eyebrow - Check the DNS, this update seems to have made many changes that may affect IPv4 configurations that have worked for years. I suspect that all the development was done in an IPv6 environment, not IPv4.
