Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!

    Messages from the pfSense Team
    49
    115
    24605
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1eyebrow @edmund last edited by

      @edmund Could be, I have on the device 3 WANs on different ISPs, but no joy (ipv4), it seams that I have to go pet the device :)

      1 Reply Last reply Reply Quote 1
      • A
        AndrewZ @SebM last edited by

        @sebm said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

        my OpenVPN has stopped working

        OpenVPN client

        Check around Data Encryption Negotiation, Data Encryption Algorithms and Fallback Data Encryption Algorithm. But first of all check your OpenVPN log (assuming you have the necessary verbosity set).

        SebM 1 Reply Last reply Reply Quote 1
        • SebM
          SebM @AndrewZ last edited by

          @andrewz thanks for the suggestions. I actually did all that yesterday for quite a while, but seemed to also have DNS issues etc, so have re-installed 2.4.5-p1 and restored a backup.

          Re-install and restore was a challenge in itself since I run pfBlockerNG. Had to reinstall packages manually before the restore, and make sure it was using the right repo.

          E 1 Reply Last reply Reply Quote 0
          • E
            edmund @SebM last edited by

            @sebm - Mine "worked" initially but then quit after 12 hours - I think the cache emptied. I went to the DNS resolver settings and checked the box that says "Use SSL/TLS for outgoing DNS queries..." and it's working now.

            SebM 1 Reply Last reply Reply Quote 0
            • SebM
              SebM @edmund last edited by

              @edmund Thanks for adding this info. I was planning to upgrade again in a week or two once I’ve gathered enough troubleshooting data from others, so this will be useful.

              1 Reply Last reply Reply Quote 0
              • P
                plfinch last edited by

                I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:

                Loading configured modules...
                can’t find ‘/etc/hostid’
                /boot/entropy size=0x1000
                -
                

                Then nothing.

                I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.

                chudak J P 3 Replies Last reply Reply Quote 1
                • chudak
                  chudak @plfinch last edited by

                  @plfinch said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                  I attempted an upgrade of my SG-2440 backup firewall from 2.4.5p1 to 21.02 thru the GUI. Appliance no longer boots or functions. Console shows following on startup:

                  Loading configured modules...
                  can’t find ‘/etc/hostid’
                  /boot/entropy size=0x1000
                  -
                  

                  Then nothing.

                  I was able to successfully clean-install 21.02 from USB memstick to this device without issue after the upgrade failed.

                  not sure but maybe this is related https://twitter.com/NetgateUSA/status/1362791245546946561 ?

                  1 Reply Last reply Reply Quote 0
                  • J
                    JeffV @plfinch last edited by

                    @plfinch
                    Where did you get the 21.02 image? I have the same device and mine updated to 2.5.0 instead of 21.02. How do I get the 21.02 download link?

                    johnpoz 1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator @JeffV last edited by

                      @jeffv said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                      Where did you get the 21.02 image?

                      If you want an actual image to do a clean install with - open a ticket with netgate, they will send you a link to image very quickly.. Took a whole 28 minutes the other day during the drop of new, while I am sure they are quite busy with legit tickets and not just requests for images.

                      If you updated to 2.5 vs 21.02 - you were prob running the CE version on your netgate appliance vs the FE (factory edition)..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                      1 Reply Last reply Reply Quote 1
                      • M
                        matthijs last edited by

                        One big mess after upgrading to 2.5 with named/Bind, this is it, I am done with PFsense Netgate. I have those Issues with conflicting rndc ports between named and unbound for years forcing me to run the named/bind rndc port on a virtual IP instead of localhost/172.0.0.1 I am migrating to OPNSense now, bye bye PFSense

                        M 1 Reply Last reply Reply Quote 1
                        • M
                          matthijs @matthijs last edited by

                          Update !

                          The issue is de Bind package,

                          [1/5] Installing protobuf-3.13.0,1...
                          [1/5] Extracting protobuf-3.13.0,1: .......... done
                          [2/5] Installing protobuf-c-1.3.2_6...
                          [2/5] Extracting protobuf-c-1.3.2_6: .......... done
                          [3/5] Installing fstrm-0.6.0...
                          [3/5] Extracting fstrm-0.6.0: .......... done
                          [4/5] Installing bind916-9.16.11...
                          [4/5] Extracting bind916-9.16.11: .......... done
                          [5/5] Installing pfSense-pkg-bind-9.16_9...
                          [5/5] Extracting pfSense-pkg-bind-9.16_9: .......... done
                          Saving updated package information...
                          overwrite!
                          Loading package configuration... done.
                          Configuring package components...
                          Loading package instructions...
                          Custom commands...
                          Executing custom_php_install_command()...done.
                          Executing custom_php_resync_config_command()...rndc: connect failed: 10.17.19.1#8953: timed out

                          The install procedure (resync config command) is trying to find de rncd port on the interface Bind/Named is bind to in my configuration (a virtual IP address) but I guess it is bind to 127.0.0.1 instead failing the installation/upgrade

                          Sucks Big Time because I have a very big and complex bind configuration with Acme integration, and have have this rndc issues for years now.

                          So this sucks big time for me !!

                          1 Reply Last reply Reply Quote 0
                          • E
                            edmund @dennis_s last edited by

                            @dennis_s said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                            Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.

                            Everything would go much better if the upgrade process made a backup automatically and offered users the ability to quickly return to the previous release when they run into problems. I would see this as a major feature.

                            1 Reply Last reply Reply Quote 3
                            • M
                              mmichael @froussy last edited by

                              Hello,

                              thanks for the new Release. Update on two VM's was easy! But I have a issue with my IPSEC-Tunnels. The tunnels to Machines with 2.4.1 didn't come online.
                              A IPSEC-Tunnel between two 2.5 Machines is up - but on one Machine "marked as down" (but working).
                              For business use - I'll wait a bit bevor upgrading
                              Regards
                              Martin

                              1 Reply Last reply Reply Quote 0
                              • P
                                plfinch @plfinch last edited by

                                Upgrade of my primary firewall, an SG-5100, was successful via GUI update. I did experience the following:

                                1. Could not connect OpenVPN. Looks like pfSense Dynamic DNS did not actually update Google DNS after boot. I forced the update (“Save & Force Update”) and all good once propogated.

                                2. Arpwatch continually reported 2 devices flip-flopping on one IP. Rebooted both devices to resolve.

                                chudak 1 Reply Last reply Reply Quote 0
                                • chudak
                                  chudak @plfinch last edited by

                                  @plfinch said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                  Upgrade of my primary firewall, an SG-5100, was successful via GUI update. I did experience the following:

                                  1. Could not connect OpenVPN. Looks like pfSense Dynamic DNS did not actually update Google DNS after boot. I forced the update (“Save & Force Update”) and all good once propogated.

                                  2. Arpwatch continually reported 2 devices flip-flopping on one IP. Rebooted both devices to resolve.

                                  Did you have to redo OpenVPN ovpn config files for clients ?

                                  P 1 Reply Last reply Reply Quote 0
                                  • G
                                    gpfsenser last edited by

                                    The update bricked my SG-1100. Had to access via serial (which took a bit because my OSX tool was not compatible with recent OS). After this serial connect issue was solved - lots of errors on the menu on pretty much every option. Opened a support ticket, downloaded recovery image, and reinstalled. Would recommend anyone with a netgate device to actually do this first just to have as a standby. Things running well now. Having your configuration backed up is a must. Thanks for the update! I hope the reliability of updates improves - I'm like 0/3 now. ;-) New version UI runs faster, package manager runs better - no downsides discovered yet.

                                    SebM P 2 Replies Last reply Reply Quote 2
                                    • SebM
                                      SebM @gpfsenser last edited by

                                      @gpfsenser said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                      Opened a support ticket, downloaded recovery image, and reinstalled. Would recommend anyone with a netgate device to actually do this first just to have as a standby.

                                      Underrated comment right there!

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        plfinch @chudak last edited by

                                        Did you have to redo OpenVPN ovpn config files for clients ?

                                        No. No changes at all are required on the pfSense appliance or the openvpn client devices after upgrading. The openvpn config information is fully contained in the pfSense backup file. Even swapping to my standby/backup firewall loaded from the same config file, my client devices can connect without issue.

                                        1 Reply Last reply Reply Quote 1
                                        • P
                                          plfinch @gpfsenser last edited by

                                          Opened a support ticket, downloaded recovery image, and reinstalled. Would recommend anyone with a netgate device to actually do this first just to have as a standby.

                                          Even after successfully upgrading my SG-5100 via the GUi, I went back and did a clean install from the memdisk image and reloaded the post-upgrade config backup. I always do this on updates to ensure I have a fresh clean build.

                                          SebM 1 Reply Last reply Reply Quote 1
                                          • SebM
                                            SebM @plfinch last edited by

                                            @plfinch said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                            Opened a support ticket, downloaded recovery image, and reinstalled. Would recommend anyone with a netgate device to actually do this first just to have as a standby.

                                            Even after successfully upgrading my SG-5100 via the GUi, I went back and did a clean install from the memdisk image and reloaded the post-upgrade config backup. I always do this on updates to ensure I have a fresh clean build.

                                            Sounds pretty good actually, I like it the idea of a fresh install and also installing the default file system and other options (I think it’s ZFS now, right?)

                                            So restoring the backup of 2.4.5-p1 onto 21.02 shouldn’t be a problem, right?

                                            G 1 Reply Last reply Reply Quote 0
                                            • G
                                              gpfsenser @SebM last edited by

                                              @sebm For me - no issues faced, configuration restore worked on the first attempt.

                                              1 Reply Last reply Reply Quote 0
                                              • T
                                                tele_01 last edited by

                                                I've updated an APU2C4 from 2.4.5p1 to 2.5. After adjusting "Fallback Data Encryption Algorithm" to "None (No Encryption)" the setup was working fine with my uploaded backup data from 2.4.5p1. Also Squid and pfBlockerNG Devil are working well. A real impact is the VPN speed even if I've used nearly the same settings as my VPN provider taught and were existent under 2.4.5p1. I use OpenVPN with NordVPN and after updating the d/l speed is the half. Under 2.4.5p1 I've had about 96mbit now at about 50mbit. I've tried different options also under "Allow Compression" in the VPN Client settings but no change achieved so far. If this will is not getting better I'll go back to 2.4.5p1.

                                                T 1 Reply Last reply Reply Quote 0
                                                • T
                                                  tele_01 @tele_01 last edited by

                                                  @tele_01 I've forgot to mention that the processor load was not above 90% via SSH. My feeling is that OpenVPN was different migrated into FreeBSD 11.x than under 12.x within pfSense because on 2.4.5p1 and having sometimes more than 100mbit in d/l (provider hosts max 120mbit) the processor load was at about 94%.

                                                  1 Reply Last reply Reply Quote 0
                                                  • E
                                                    elvisimprsntr last edited by

                                                    1. Performed an in place upgrade on my backup Protectli FW1 to see how the upgrade went, followed by a memstick clean install.
                                                    2. Then performed an in place upgrade on my primary Protectli FW4A without any issues.
                                                    T 1 Reply Last reply Reply Quote 2
                                                    • T
                                                      Taz79 @elvisimprsntr last edited by

                                                      Upgraded my SG-1100 from 2.4.5p1 to 21.02.. Upgrade went fine. The network was down for 14 minutes, so dont worry if it takes a long time. Everything came up and my 2 VPN tunnels came up again without any issues.

                                                      Good Job Netgate! :)

                                                      1 Reply Last reply Reply Quote 0
                                                      • B
                                                        brians last edited by

                                                        Upgraded my home custom PC system based on an old HP proudest desktop to 2.5.0 with no major issues. I had to manually start DNS resolver as DNS was not working right after but maybe was just my impatience. OpenVPN server for client works, all IPsec tunnels up.

                                                        The only production system I did was an SG-2220 so far at one of our locations over weekend I did remotely. It seemed to go smooth but when I was in there onsite yesterday no Internet but the IPsec tunnels were up. After troubleshooting it was a bad GW which I had left in there from an old static WAN configuration, but it is currently using GW via DHCP. I removed this static GW and made sure the DHCP GW is default which solved the issue and works fine now.

                                                        Hesitant to do my SG-5100s maybe will wait a bit and do first while onsite.

                                                        I have customer with SG-4860 that has lots of VPN tunnels, VLANs etc. it has been up for 230 days... probably will wait on that one for a while.

                                                        1 Reply Last reply Reply Quote 0
                                                        • D
                                                          defunct78 last edited by

                                                          Just tried to upgrade a SG-1100. During the download/install process before the first reboot, I got a failure on certificate verification.

                                                          [87/200] Fetching libgpg-error-1.41.txz: .......... done
                                                          [88/200] Fetching libgcrypt-1.8.7.txz: .......... done
                                                          [89/200] Fetching libffi-3.3_1.txz: ..... done
                                                          [90/200] Fetching libevent-2.1.12.txz: .......... done
                                                          [91/200] Fetching libedit-3.1.20191231,1.txz: .......... done
                                                          [92/200] Fetching libdnet-1.13_3.txz: ......... done
                                                          [93/200] Fetching libdaemon-0.14_1.txz: .... done
                                                          1082884096:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_02_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283:
                                                          Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.netgate.com
                                                          1082884096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_02_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
                                                          Child process pid=29228 terminated abnormally: Segmentation fault
                                                          Failed
                                                          
                                                          D G 2 Replies Last reply Reply Quote 0
                                                          • B
                                                            brians last edited by

                                                            Forgot to mention that since upgrade my SG-2220 seems faster now and can get 900+Mbps on Speedtest.net where before was around 600-700Mbps. ipSEC still seems around 400Mbps, not as fast as 5100 but still good for an older box... just wish it had one more OPT port.

                                                            1 Reply Last reply Reply Quote 1
                                                            • A
                                                              alain.leinbach last edited by

                                                              Please advise how I may return my SG-1100 to the previous version, prior to 21.02.

                                                              This new 21.02 is apparently dangerously unstable. My specific symptoms have been manageable so far as they are limited to incorrect and missing display information on the admin portal, but based on these forums, I fear that I may experience serious problems in the future if I stay on 21.02. Thank you in advance for your response.

                                                              S 1 Reply Last reply Reply Quote 0
                                                              • S
                                                                SteveITS @alain.leinbach last edited by

                                                                @alain-leinbach said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                                                advise how I may return my SG-1100 to the previous version, prior to 21.02

                                                                Open a ticket at https://go.netgate.com/ to request Netgate firmware.

                                                                Steve

                                                                Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
                                                                When upgrading, let it finish. Allow 10 minutes or more depending on packages and device speed.

                                                                1 Reply Last reply Reply Quote 0
                                                                • D
                                                                  defunct78 @defunct78 last edited by

                                                                  @defunct78 I attempted again, and was able to successfully upgrade. Though it looks like I am now having problems with the unbound service not starting. No logs either, which makes it hard to troubleshoot (resolver.log empty). I was able to switch over DNS Fowarder as suggested in here,

                                                                  https://www.reddit.com/r/PFSENSE/comments/lo9ag5/since_upgrading_to_25_dns_resolver_unbound_keeps/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

                                                                  add have restored services.

                                                                  D 1 Reply Last reply Reply Quote 0
                                                                  • G
                                                                    gpfsenser @defunct78 last edited by

                                                                    @defunct78 I had the same error exactly.....

                                                                    pzanga 1 Reply Last reply Reply Quote 0
                                                                    • FileCity
                                                                      FileCity last edited by

                                                                      Smooth upgrade as always. Running for more than 24 hours and very happy.
                                                                      Thanks to the developers for this welcomed upgrade !!!
                                                                      Keep the good work and take care.

                                                                      1 Reply Last reply Reply Quote 1
                                                                      • D
                                                                        defunct78 @defunct78 last edited by

                                                                        @defunct78 said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                                                        @defunct78 I attempted again, and was able to successfully upgrade. Though it looks like I am now having problems with the unbound service not starting. No logs either, which makes it hard to troubleshoot (resolver.log empty). I was able to switch over DNS Fowarder as suggested in here,

                                                                        https://www.reddit.com/r/PFSENSE/comments/lo9ag5/since_upgrading_to_25_dns_resolver_unbound_keeps/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

                                                                        add have restored services.

                                                                        As a side note, with Unbound, I was doing this.
                                                                        https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html

                                                                        Not sure if that broke with the upgrade.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • R
                                                                          rameshk last edited by

                                                                          I have installed and configured OpenVPN on my pfSense 2.5 (spare) box yesterday. All working fine so far.

                                                                          I need to do bit more experiment to understand the algorithms settings as it struggled to connect with AES-256-GCM. I have set the fall back algorithm to AES-128-CBC.

                                                                          I appreciate any suggestions or guidance.

                                                                          Thank you

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • W
                                                                            weldong last edited by

                                                                            When 21.02 was released 5 days ago, my SG-3100 showed the upgrade was available. However, by the end of the week (and as of today), it shows I am running the most current version (2.4.5-RELEASE-p1 (arm) ). Looks like the new revisions have been pulled?

                                                                            Given this and this thread, i think I will wait for the next minor release before upgrading.

                                                                            bmeeks E 2 Replies Last reply Reply Quote 0
                                                                            • bmeeks
                                                                              bmeeks @weldong last edited by

                                                                              @weldong said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                                                              When 21.02 was released 5 days ago, my SG-3100 showed the upgrade was available. However, by the end of the week (and as of today), it shows I am running the most current version (2.4.5-RELEASE-p1 (arm) ). Looks like the new revisions have been pulled?

                                                                              Given this and this thread, i think I will wait for the next minor release before upgrading.

                                                                              Yes, the Netgate team has temporarily pulled the update for SG-3100 boxes as they work on fixing a bug and testing the fix. Posts over the past weekend suggest the bug has been identified and hopefully fixed. They are testing to be sure before releasing a patched upgrade.

                                                                              M 1 Reply Last reply Reply Quote 0
                                                                              • M
                                                                                mkryger @bmeeks last edited by

                                                                                @bmeeks
                                                                                Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
                                                                                Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
                                                                                I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread.

                                                                                S bmeeks 3 Replies Last reply Reply Quote 0
                                                                                • S
                                                                                  SteveITS @mkryger last edited by

                                                                                  @mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                                                                  disappeared from my SG-3100.
                                                                                  Can you possibly provide a link

                                                                                  https://forum.netgate.com/topic/160959/21-02-sudden-lockup/

                                                                                  Steve

                                                                                  Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
                                                                                  When upgrading, let it finish. Allow 10 minutes or more depending on packages and device speed.

                                                                                  chudak 1 Reply Last reply Reply Quote 1
                                                                                  • bmeeks
                                                                                    bmeeks @mkryger last edited by

                                                                                    @mkryger said in pfSense Community Edition (CE) 2.5.0 and pfSense Plus 21.02 now available!:

                                                                                    @bmeeks
                                                                                    Thank you for the info, as i was also a bit confused why it disappeared from my SG-3100.
                                                                                    Can you possibly provide a link for the source of this information, so we will be able to follow the progress and get to know about what the bug was about?
                                                                                    I find it weird the team didn't inform about this in the original post or made it clear elsewhere in this thread.

                                                                                    @teamits beat me to it, but here is a copy of his link as a clickable one: https://forum.netgate.com/topic/160959/21-02-sudden-lockup/.

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post