Stay at 2.4.5-p1 or go to 2.5.2?

tohil

Hi Guys...

okay I've hit the update button last night.... has been like pulling the trigger of a gun in your mouth... has gone absolutely wrong... and I had to spend the evening and this morning to get all things back online again...

it seems like an internaly routing issue with 2.5.2. also on startup there was a message after bringing the interfaces up,

route: route not found....

what I have done:

First run:

Created a backup of 2.4.5 config
reboot the box
Created an other Backup File
run upgrade which worked and rebootet
after upgrade there was no traffic passing the box from internal subnet to wan. local routing worked. default gw of wan interface was corretly set in routing table. wan monitoring has been disabled...
I was able to ping 8.8.8.8 from pfsense box with wan interface as source. but if i changed the source interface to an internal interface it doesn't work. i saw passing traffic in the firewall log, but was not able to transfer any packet out the wan interface itself.

second run:

fresh 2.5.2 install
import config
same behavior

third....fourth...fifth run

fresh install 2.4.5_0
upgrade to 2.4.5_1 and import config. 2.4.5 is using 2.5.x as pkg source, what caused installation of 2.5.0 packages and webgui was killed then.... some php issues, because of versions conflicts i guess...

vjizzle

@tohil Hi!. Sorry it went sideways for you. I have upgraded my own pfsense from 2.4.5 p1 to 2.5.2 without a hitch. Running suricata, pfblockerng and openvpnclient export. I do have intel nics, would not trust anything else for pfsense.

tohil

@vjizzle Hi

thanks for your feedback... I've placed this topic in the forum:

https://forum.netgate.com/topic/165632/update-to-2-5-2-from-2-4-5-p1-no-traffic-from-lan-to-wan-anymore

I guess there must be something particular in the config....

Gertjan

This is an issue :

@tohil said in Stay at 2.4.5-p1 or go to 2.5.2?:

fresh 2.5.2 install
import config
same behavior

After the clean install :

Set up a password.
optional : Set up your WAN. As it uses DHCP by default, it will often already work.

Now, pfSense is up and running using the minimal one WAN one LAN setup. Updates, upgrades, DNS, routing etc etc etc, it works.

At this stage, when you import the config, things stop working, you know where the issue is.
"something in the config".

You can use a fresh 'clean' install', and set up functionality using the config file as a (manual) guide line.
Add functionality step by step.
You'll find issue queickly.
Report back with the failing step.

tohil

@gertjan Hi Gertjan

Thanks for your reply... I know that doing a step-by-step troubleshooting would be the best... but you should see my config.... no way to do that... it will take a lot of hours...

I'm still hopping someone have a solution for this....

Gertjan

@tohil said in Stay at 2.4.5-p1 or go to 2.5.2?:

but you should see my config.... no way to do that... it will take a lot of hours...

There is a 'rule' or even 'law' that you shouldn't break :

Keep it simple.

Complex systems are, by nature, complex to ........ (everything).

@tohil said in Stay at 2.4.5-p1 or go to 2.5.2?:

I'm still hopping someone have a solution for this....

Sure. It exists, among a couple of million others.
All what's left to be do is sifting out the ones that don't apply to you. That will be "millions" - 1.
You should share the logs, all details of the setup, so some one can test them out one by one, or some one recognizes details of your problem, and he will share the already known answers.
You might even find a unknown bug.

tohil

@gertjan said in Stay at 2.4.5-p1 or go to 2.5.2?:

ou should share the logs, all details of the setup, so some one can test them out one by one, or some one recognizes details of your problem, and he will share the already known answers.
You might even find a unknown bug.

I've currently out of standby devices, because I have to install them on new locations... and new ones have a hugh backlog... i will test with a spare device as soon as possible...