Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfSense Plus 21.02-p1 Now Available

    Messages from the pfSense Team
    13
    26
    2793
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dennis_s
      dennis_s Netgate last edited by

      pfSense Plus version 21.02-p1 is now available. This minor release addresses a bug that causes stability and performance issues on Netgate SG-3100 security gateway appliances.

      We also have published a more in-depth blog that details what exactly was happening.

      R C T 3 Replies Last reply Reply Quote 12
      • R
        rsherwood_va @dennis_s last edited by

        @dennis_s Thanks for posting the blog post. Interesting and helpful.

        M 1 Reply Last reply Reply Quote 1
        • M
          mcury @rsherwood_va last edited by

          Hi,

          I'm facing the same problem with this version..
          Downloaded the image, so it's a clean install.

          This happens with pfblockerNG, same configuration as before, just ran the wizard.
          Can you please check and advise?

          26c17745-a392-423f-87e3-ac2a795998e5-image.png

          SG-3100 22.05 / Unifi Flex Mini / Unifi NanoHD

          M 1 Reply Last reply Reply Quote 0
          • M
            mcury @mcury last edited by

            Opened a TAC ticket, attached my full xml config, and described the actions taken to trigger the problem.
            TAC: 76936

            SG-3100 22.05 / Unifi Flex Mini / Unifi NanoHD

            K 1 Reply Last reply Reply Quote 0
            • K
              kphillips Administrator Netgate @mcury last edited by

              @mcury I'm assuming you're referring to the Segmentation fault error? If so you likely have an issue with the package. I see your ticket and we will reply to it whenever we're able to do so.

              M 1 Reply Last reply Reply Quote 0
              • M
                mcury @kphillips last edited by

                @kphillips said in pfSense Plus 21.02-p1 Now Available:

                I'm assuming you're referring to the Segmentation fault error?

                Hello kphillips, hope you are doing fine.
                Yes it is, same error as we spoke previously.

                Kindly check and advise if I can help you with more information, thanks.

                SG-3100 22.05 / Unifi Flex Mini / Unifi NanoHD

                1 Reply Last reply Reply Quote 0
                • stephenw10
                  stephenw10 Netgate Administrator last edited by

                  Just to confirm you were seeing that in 21.02 also?

                  The p1 release addresses only https://redmine.pfsense.org/issues/11444.
                  If we had included any additional fixes or updates it would have required a lot more testing and delayed the fix release significantly. That particular issue was impacting SG-3100 severely.

                  What you're seeing here does not appear to be that.

                  Steve

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    mcury @stephenw10 last edited by

                    @stephenw10 said in pfSense Plus 21.02-p1 Now Available:

                    Just to confirm you were seeing that in 21.02 also?

                    The p1 release addresses only https://redmine.pfsense.org/issues/11444.
                    If we had included any additional fixes or updates it would have required a lot more testing and delayed the fix release significantly. That particular issue was impacting SG-3100 severely.

                    What you're seeing here does not appear to be that.

                    Steve

                    Hello stephenw10,
                    Yes, I was seeing this same behavior in 21.02.

                    It happens only with pfblockerNG-devel 3.0.0_10 installed.
                    Didn't test with pfblockerNG 2.1.4_24.

                    This happens during a reboot, after installing and configuring this package.
                    Without it, I can't see any problems.

                    SG-3100 22.05 / Unifi Flex Mini / Unifi NanoHD

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      mcury @mcury last edited by

                      inside this link: https://redmine.pfsense.org/issues/11444

                      Check the file OS-Message Buffer.txt

                      SG-3100 22.05 / Unifi Flex Mini / Unifi NanoHD

                      1 Reply Last reply Reply Quote 0
                      • C
                        costanzo @dennis_s last edited by

                        @dennis_s I am experiencing random reboots with my SG-1100 since upgrading to 21.02. I applied the p1 update; however, still seeing random reboots. They seem to occur once or twice in a day, with no pattern.

                        I created a ticket, #INC-76956, and attached the file created from the status page.

                        Any idea what might be going on or have any suggestions that might help?

                        Thanks in advance

                        1 Reply Last reply Reply Quote 0
                        • stephenw10
                          stephenw10 Netgate Administrator last edited by

                          It's unlikely that was related to the update unfortunately. The p1 point release would not have done anything for that, it addressed only: https://redmine.pfsense.org/issues/11444

                          We should be able to resolve that on the ticket for you.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • T
                            Traveller @dennis_s last edited by

                            @dennis_s Thanks for the links, and to Netgate for the extended blog on the details.

                            That was amazing work considering the time frame and everything else that was going on.

                            I'm an internals guy, and I thought there might be a deadlock involved when I saw the workaround.

                            Also, good on the team to provide a real fix rather than a patch that would reduce performance and increase technical debt.

                            1 Reply Last reply Reply Quote 1
                            • R
                              Ramosel last edited by

                              I read through the blog. 48hr find/fix is quite an accomplishment. Good job.
                              Leaves me with a couple of questions that have zero urgency tied to them.

                              What is different in the SG-3100 hardware that made it susceptible to this lock condition?

                              If you are NOT running SG-3100 hardware, is there any merit/value in doing the -p1 update?

                              Rick

                              ? 1 Reply Last reply Reply Quote 0
                              • ?
                                A Former User @Ramosel last edited by

                                @ramosel It's the processors architecture that is unique to the 3100. As to updating on other devices it can be assumed they tested that. Given the forum is not overrun with complaints I would conclude it's fine to upgrade.

                                R 1 Reply Last reply Reply Quote 0
                                • R
                                  Ramosel @Guest last edited by

                                  @jwj Agreed, but I wasn't asking if it was safe or "fine"... I was asking if there was any merit/value in updating if one wasn't running an SG-3100.

                                  ? 1 Reply Last reply Reply Quote 0
                                  • ?
                                    A Former User @Ramosel last edited by

                                    @ramosel It fixes the one issue that was specific to the 3100. It doesn't address any other issues (as per Netgate), so the value on other devices would be zero. The harm also appears to be zero. If you are staring at an 'update available' notice or flashing led I'd update just to make that go away.

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10
                                      stephenw10 Netgate Administrator last edited by stephenw10

                                      Yeah, there no need to update if a reboot is inconvenient for example. On other architectures 21.02p1 is effectively unchanged. But it is safe to do so.

                                      Steve

                                      R johnpoz 2 Replies Last reply Reply Quote 1
                                      • R
                                        Ramosel @stephenw10 last edited by

                                        @stephenw10 Awesome... thank you.

                                        1 Reply Last reply Reply Quote 0
                                        • johnpoz
                                          johnpoz LAYER 8 Global Moderator @stephenw10 last edited by johnpoz

                                          @stephenw10 said in pfSense Plus 21.02-p1 Now Available:

                                          if a reboot is inconvenient for example

                                          Exactly... I am prob just going to wait til the zfs correction for
                                          https://redmine.pfsense.org/issues/11483

                                          Is implemented, I would assume 21.0X or if a p2 comes out..

                                          Reboots are always "inconvenient" ;)

                                          The 3100s I have are stuck running what they are running until such time that I can get to office(es) or someone is onsite as smart hands, etc. While it would be nice to get them current - just not worth "any" risk of something going wrong.. Since offices don't have any staff there currently.

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                          1 Reply Last reply Reply Quote 0
                                          • P
                                            pfBo last edited by

                                            Hi,

                                            After upgrading my SG-3100 I'm seeing issues with fq_codel. I have limiters configured and it has been running fine before upgrading to 21.02-p1.

                                            The firewall stops passing traffic when limiters are enabled and connecting to console all I see is these error messages over and over again:

                                            fq_codel_new_sched cannot allocate memory for fq_codel configuration parameters
                                            si_new new_sched error

                                            My limiters and rules are configures as follows:

                                            2021-02-27 17_55_48-Window.png

                                            2021-02-27 17_56_02-Window.png

                                            2021-02-27 17_56_15-Window.png

                                            Please let me know if I can provide and more details, logs or anything else that can help me (and you) resolve this issue.

                                            Best regards,

                                            Bo

                                            1 Reply Last reply Reply Quote 0
                                            • P
                                              pfBo last edited by

                                              Apologies, I can't for the life of me figure out how to edit my own post ;)

                                              I just wanted to add that I have a SG-5100 setup with the exact same limiters and rules and that works flawlessly after upgrading to SG-3100 so I suspect it's a model specific "bug".

                                              Best regards,

                                              Bo

                                              1 Reply Last reply Reply Quote 0
                                              • S
                                                StacyAnn33 last edited by

                                                Are they still expecting to have pfSense Plus available to 3rd party hardware later in the year, or has that been pushed ahead to an earlier date?

                                                R 1 Reply Last reply Reply Quote 0
                                                • R
                                                  Ramosel @StacyAnn33 last edited by

                                                  @stacyann33 According to the Blog announcement on Jan 21 of this year... (under item #11)

                                                  "We plan to make pfSense Plus available for use on 3rd party hardware and select virtual machines by June 2021, if not sooner."

                                                  1 Reply Last reply Reply Quote 0
                                                  • T
                                                    Taz79 last edited by

                                                    Why is there no posts about 21.02.2 being available? Or has it been pulled back?

                                                    I'm having issues, my VPN to public internet connection is not working since the upgrade.. Tunnel is up but no communications.. Hosts in the alias list defining what computers should go via the VPN cannot even ping the router on the LAN side which is really strang.e..

                                                    T 1 Reply Last reply Reply Quote 0
                                                    • T
                                                      Taz79 @Taz79 last edited by

                                                      Never mind.. a restart of the OpenVPN service seems to have fixed the issue.. but anyway strange that there is no post about this update in here??

                                                      R 1 Reply Last reply Reply Quote 0
                                                      • R
                                                        Ramosel @Taz79 last edited by

                                                        @taz79 said in pfSense Plus 21.02-p1 Now Available:

                                                        but anyway strange that there is no post about this update in here??

                                                        Yeah, I'd have to agree that it's odd there was no announcement of the(ir) forum. It was on the blog though.

                                                        https://www.netgate.com/blog/

                                                        Between the Blog, this forum, redmine and reddit... it's hard to know where to go and when to get the latest info "straight from the horse's mouth".

                                                        Hopefully they are all just really busy working through the problems on the 2.5/21.02 release.

                                                        1 Reply Last reply Reply Quote 0
                                                        • Unpinned by  dennis_s dennis_s 
                                                        • First post
                                                          Last post