pfSense Plus 21.02-p1 Now Available
-
pfSense Plus version 21.02-p1 is now available. This minor release addresses a bug that causes stability and performance issues on Netgate SG-3100 security gateway appliances.
We also have published a more in-depth blog that details what exactly was happening.
-
@dennis_s Thanks for posting the blog post. Interesting and helpful.
-
Hi,
I'm facing the same problem with this version..
Downloaded the image, so it's a clean install.This happens with pfblockerNG, same configuration as before, just ran the wizard.
Can you please check and advise? -
Opened a TAC ticket, attached my full xml config, and described the actions taken to trigger the problem.
TAC: 76936 -
@mcury I'm assuming you're referring to the Segmentation fault error? If so you likely have an issue with the package. I see your ticket and we will reply to it whenever we're able to do so.
-
@kphillips said in pfSense Plus 21.02-p1 Now Available:
I'm assuming you're referring to the Segmentation fault error?
Hello kphillips, hope you are doing fine.
Yes it is, same error as we spoke previously.Kindly check and advise if I can help you with more information, thanks.
-
Just to confirm you were seeing that in 21.02 also?
The p1 release addresses only https://redmine.pfsense.org/issues/11444.
If we had included any additional fixes or updates it would have required a lot more testing and delayed the fix release significantly. That particular issue was impacting SG-3100 severely.What you're seeing here does not appear to be that.
Steve
-
@stephenw10 said in pfSense Plus 21.02-p1 Now Available:
Just to confirm you were seeing that in 21.02 also?
The p1 release addresses only https://redmine.pfsense.org/issues/11444.
If we had included any additional fixes or updates it would have required a lot more testing and delayed the fix release significantly. That particular issue was impacting SG-3100 severely.What you're seeing here does not appear to be that.
Steve
Hello stephenw10,
Yes, I was seeing this same behavior in 21.02.It happens only with pfblockerNG-devel 3.0.0_10 installed.
Didn't test with pfblockerNG 2.1.4_24.This happens during a reboot, after installing and configuring this package.
Without it, I can't see any problems. -
inside this link: https://redmine.pfsense.org/issues/11444
Check the file OS-Message Buffer.txt
-
@dennis_s I am experiencing random reboots with my SG-1100 since upgrading to 21.02. I applied the p1 update; however, still seeing random reboots. They seem to occur once or twice in a day, with no pattern.
I created a ticket, #INC-76956, and attached the file created from the status page.
Any idea what might be going on or have any suggestions that might help?
Thanks in advance
-
It's unlikely that was related to the update unfortunately. The p1 point release would not have done anything for that, it addressed only: https://redmine.pfsense.org/issues/11444
We should be able to resolve that on the ticket for you.
Steve
-
@dennis_s Thanks for the links, and to Netgate for the extended blog on the details.
That was amazing work considering the time frame and everything else that was going on.
I'm an internals guy, and I thought there might be a deadlock involved when I saw the workaround.
Also, good on the team to provide a real fix rather than a patch that would reduce performance and increase technical debt.
-
I read through the blog. 48hr find/fix is quite an accomplishment. Good job.
Leaves me with a couple of questions that have zero urgency tied to them.What is different in the SG-3100 hardware that made it susceptible to this lock condition?
If you are NOT running SG-3100 hardware, is there any merit/value in doing the -p1 update?
Rick
-
@ramosel It's the processors architecture that is unique to the 3100. As to updating on other devices it can be assumed they tested that. Given the forum is not overrun with complaints I would conclude it's fine to upgrade.
-
@jwj Agreed, but I wasn't asking if it was safe or "fine"... I was asking if there was any merit/value in updating if one wasn't running an SG-3100.
-
@ramosel It fixes the one issue that was specific to the 3100. It doesn't address any other issues (as per Netgate), so the value on other devices would be zero. The harm also appears to be zero. If you are staring at an 'update available' notice or flashing led I'd update just to make that go away.
-
Yeah, there no need to update if a reboot is inconvenient for example. On other architectures 21.02p1 is effectively unchanged. But it is safe to do so.
Steve
-
@stephenw10 Awesome... thank you.
-
@stephenw10 said in pfSense Plus 21.02-p1 Now Available:
if a reboot is inconvenient for example
Exactly... I am prob just going to wait til the zfs correction for
https://redmine.pfsense.org/issues/11483Is implemented, I would assume 21.0X or if a p2 comes out..
Reboots are always "inconvenient" ;)
The 3100s I have are stuck running what they are running until such time that I can get to office(es) or someone is onsite as smart hands, etc. While it would be nice to get them current - just not worth "any" risk of something going wrong.. Since offices don't have any staff there currently.
-
Hi,
After upgrading my SG-3100 I'm seeing issues with fq_codel. I have limiters configured and it has been running fine before upgrading to 21.02-p1.
The firewall stops passing traffic when limiters are enabled and connecting to console all I see is these error messages over and over again:
fq_codel_new_sched cannot allocate memory for fq_codel configuration parameters
si_new new_sched errorMy limiters and rules are configures as follows:
Please let me know if I can provide and more details, logs or anything else that can help me (and you) resolve this issue.
Best regards,
Bo