Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.5.2 or 2.6.0 ? I need to fix multiwan bug on production systems

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 8 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Luca De Andreis
      last edited by

      Hello everybody,

      I have several firewalls in single WAN mode and I use PfSense 2.5.1, other firewalls in production use an old PfSens 2.4.5p1 because they have multi WAN or WAN && MPLS.
      The development of version 2.6.0 is just over 50%, I saw that a version 2.5.2 was proposed in the roadmap.

      Does anyone have any anticipations on the line that will be followed? I would like to update 2.4.5p1 versions to eliminate several security problems (old openssl libraries, old openvpn, etc.).

      Veru thanks

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @Luca De Andreis
        last edited by

        @luca-de-andreis It's difficult to provide an answer without a disclaimer. So, it would be up you and your skill level to make the decision. The only suggestion I can give is for you to upgrade to v2.5.1 on the production machine and, tries that unless your lab test has proven problematic with your multi-ISPs.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • Cool_CoronaC
          Cool_Corona
          last edited by

          Do NOT upgrade to 2.5.1. I run 2.5.0 no issues in vm's on multiwan setups.

          I am glad I didnt upgrade...

          1 Reply Last reply Reply Quote 0
          • L
            Luca De Andreis
            last edited by

            Mmmmm

            On 2.5.0 (and 2.5.1) the security problem on openssl minor that 1.1.1k persist, the same for openvpn minor that 2.5.2.
            PfSense 2.5.0 has a bug with HA on a non standard tcp 443 port for replication.

            I would not like to upgrade to a 2.6.0 snapshot version (which solves all the above problems). This is why I would be interested to know if a 2.5.2 release is planned in a short time since 2.6.0 has a development level of 50%.

            KOMK 1 Reply Last reply Reply Quote 0
            • KOMK
              KOM @Luca De Andreis
              last edited by

              @luca-de-andreis JimP said yesterday that pf+ 21.05 is a week or two away. I imagine that CE edition will be in a similar timeframe.

              Cool_CoronaC 1 Reply Last reply Reply Quote 0
              • Cool_CoronaC
                Cool_Corona @KOM
                last edited by

                @kom I am afraid that you wont see CE edition upgraded right away...

                KOMK 1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM @Cool_Corona
                  last edited by

                  @cool_corona Oh? Why not?

                  Cool_CoronaC 1 Reply Last reply Reply Quote 0
                  • Cool_CoronaC
                    Cool_Corona @KOM
                    last edited by

                    @kom Because its the last to get the updates since its free and not a paid subscription.

                    KOMK 1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM @Cool_Corona
                      last edited by

                      @cool_corona I don't understand what you mean. They're built from the same codebase and all the updates are free for everyone who uses pfSense, no matter what your subscription status. pf+ 21.02 and CE 2.5.0 came out at the same time, as did 21.02.1 and CE 2.5.1. I have not read anything from Netgate saying that future CE releases would come after pf+.

                      dotdashD P 2 Replies Last reply Reply Quote 0
                      • dotdashD
                        dotdash @KOM
                        last edited by

                        @kom
                        I'd guess he's reacting to the fact that Plus is fixed, and CE is still broken. If I read the bug tracker correctly, that's because the bug manifested in Plus first but not CE. After it was fixed in Plus, the bug was discovered in 2.5.1 Netgate should have made this clear, but they don't seem to want to address the fact that 2.5.1 is broken for a lot of users. IMHO, they should have at least posted a warning not to upgrade if you use port forwarding on multiple WANs. I would have been happier if they just applied the fix to 2.5.1 and released it as 2.5.2

                        KOMK 1 Reply Last reply Reply Quote 0
                        • P
                          Patch @KOM
                          last edited by Patch

                          @kom said in 2.5.2 or 2.6.0 ? I need to fix multiwan bug on production systems:

                          I don't understand what you mean. They're built from the same codebase and all the updates are free for everyone who uses pfSense, no matter what your subscription status.

                          Netgate announced their business strategy going forwards in this thread Announcing pfSense plus and associated blog
                          @patch said in Announcing pfSense plus:

                          As for PfSense open source product, the future does not look bright

                          Historically, pfSense FE and pfSense Community Edition (CE) have been closely related ... In 2021, they will begin to diverge from one another ... Netgate will focus most of its efforts on pfSense Plus ... pfSense CE ... security vulnerability protection ... 2) hardware support updates, and 3) bug fixes ... upgrade path to pfSense Plus (? nagware)

                          From Announcing pfSense® Plus blog

                          anticipate there will be a 2.6 release in 2021 to provide 1) the necessary upgrade path to pfSense Plus for instance types beyond those already covered, 2) hardware support updates, and 3) bug fixes.

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM @dotdash
                            last edited by

                            @dotdash Huh, I wasn't aware that the multi-wan issue was working in pf+ (I don't have that scenario.) I'm sure they're aware of the issue but yes they could be a little more forward about their plans. This glitch aside, I still don't see anything to make me believe that CE won't be updated along with pf+.

                            @Patch I'm aware of that blog entry. Nothing in it says anything about CE releases lagging behind pf+. The only thing that could be read in a negative light would be "The frequency of this support will be evaluated on an ongoing basis" but that's ambiguous at best. Then there's this:

                            "We plan to make pfSense Plus available for use on 3rd party hardware and select virtual machines by June 2021, if not sooner.

                            There will be a no charge path for home and lab use and a chargeable version for commercial use."

                            AKEGECA P 2 Replies Last reply Reply Quote 0
                            • AKEGECA
                              AKEGEC @KOM
                              last edited by

                              @kom we were hoping that Netgate learn from the pass mistakes. Like Wireguard incident, without involving the author(s). Let's be honest, that was a fckng sh*t move.

                              1 Reply Last reply Reply Quote 0
                              • P
                                Patch @KOM
                                last edited by

                                @kom said in 2.5.2 or 2.6.0 ? I need to fix multiwan bug on production systems:

                                Nothing in it says anything about CE releases lagging behind pf+

                                My reading of the blog and associated threads is; at some time, valuable pfSense functions will be described as new program features rather than bug fixes. When this happens, and what functionality is described in this manner, we can all guess at, but I think it is fairly certain it will happen.

                                The concern is looking at what Netgate have not committed to do, rather that what they have said they will do.

                                KOMK 1 Reply Last reply Reply Quote 0
                                • KOMK
                                  KOM @Patch
                                  last edited by

                                  @patch said in 2.5.2 or 2.6.0 ? I need to fix multiwan bug on production systems:

                                  valuable pfSense functions will be described as new program features rather than bug fixes

                                  The blog didn't say anything of the sort. They did say that pf+ would get some value-added specialized features (like those two wizards) that CE won't. That's it. Everything else you're just pulling out of the air. And if it really bothers you that much then move to pf+ when it becomes generally available.

                                  Cool_CoronaC 1 Reply Last reply Reply Quote 0
                                  • Cool_CoronaC
                                    Cool_Corona @KOM
                                    last edited by

                                    @kom Select virtual machines....

                                    Its the same shit that VmWare pulls on updates to the Hypervisor.

                                    You cant run Server 2019 unless you upgrade and to your surpirse... an Enterprise Plus License as we run, is VERY expensive in a large clustered setup.

                                    So yeah.... this will definately make OpnSense a viable option for a LOT of people going forward.

                                    Or reviving that old M0n0wall brand once more.

                                    V 1 Reply Last reply Reply Quote 0
                                    • V
                                      vjizzle
                                      last edited by

                                      Hi. It concerns a lot of people how Netgate is handling the multi-wan bug. The bug existed in pfsense+ and was squashes within days there. Understandable because that is their commercial line. About Netgate treating pfsense CE the same as pfsense + (the famous blog where they explain it) is already not true. They have been sitting on the multiwan fix for months now, it is solved for pfsense+ line…leaving CE branch behind. Read between the lines kinda thing goin on.

                                      1 Reply Last reply Reply Quote 0
                                      • V
                                        vjizzle @Cool_Corona
                                        last edited by vjizzle

                                        @cool_corona I did a small test with opnsense and multi-wan with port forwarding for openvpn did not work there. From what I read on their forums it is kinda a hit-and-miss depending on which build they use. Same goes for untangle. It could be me off course with my limited knowledge. But for now in the land of the blind one eye is king :(

                                        1 Reply Last reply Reply Quote 1
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.