Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.6 issues

    Scheduled Pinned Locked Moved General pfSense Questions
    56 Posts 12 Posters 20.3k Views 15 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      adriangalbincea @FirewallProblemsOops
      last edited by

      @firewallproblemsoops I did the same, ran ping -t for long time, and is not consistent, will get time out very often...

      johnpozJ 1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        If it gives a resolution error then it's definitely DNS.

        If it's a v6 issue then pinging something will always succeed because that's v4. You need to run ping6 and see if it tries (and fails). It should give a 'no route' or 'unreachable' error if you do not have IPv6.

        Steve

        A 1 Reply Last reply Reply Quote 0
        • A Offline
          adriangalbincea @stephenw10
          last edited by

          @stephenw10 I have only IPv4 on ISP pfsense and PC. So IPv6 makes no sense for me to troubleshoot... Any other solution?

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator @adriangalbincea
            last edited by

            @adriangalbincea said in pfSense 2.6 issues:

            I have only IPv4 on ISP pfsense and PC

            Mmm, that's exactly what everyone who hits this thinks. Did you actually try it?

            Otherwise, as I said, if it shows a resolution error it's a DNS issue. So check it can resolve against all the assigned servers. Check pfSense can also.

            Steve

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @adriangalbincea
              last edited by

              @adriangalbincea said in pfSense 2.6 issues:

              ran ping -t for long time, and is not consistent, will get time out very often...

              Well that says its not actually dns related, but if your having packet loss issues you could for sure have dns problems because of the packet loss.

              Once you start the ping, even if was to some fqdn - if that resolved to an IP and then you later see packet loss that has nothing to do with dns. But actual packet loss..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              A 1 Reply Last reply Reply Quote 0
              • A Offline
                adriangalbincea @johnpoz
                last edited by

                @johnpoz Can well be a drop of the package too. I will let other people report this too... I will not upgrade my router just to troubleshoot again. I reverted my Windows 11 upgrade because of this to realize it was actually the pfSense upgrade, not the Windows upgrade... I spent days and forums saying nothing about this issue... What is weird though, it happened always only on the PC which is connected via cable, mobile devices had no issues... I will stay with 2.5.2 for the moment and I will not update any of my clients routers either.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator @adriangalbincea
                  last edited by johnpoz

                  @adriangalbincea said in pfSense 2.6 issues:

                  drop of the package too

                  Sorry but no... Have no idea what your issue was or is... But once you resolve something from dns to its IP and are running a constant ping.. .dns is out of the picture, unbound could be completely dead.. You could turn off the service.

                  Your saying your wireless clients all worked just fine.. So then it wasn't your isp, and how exactly was it pfsense either?

                  That specific interface - how exactly did you this pc connect vs your wireless clients that were having no issues, etc..

                  Your more than welcome to stay on version 1 if you want.. Nothing forcing you to do anything... You can continue to use windows 9x if you want as well..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    Mmm, there is no known issue in 2.6 that presents like that. If you have found a new issue it's likely related to your setup specifically, either your hardware or config. It's unlikely to get fixed if we cannot troubleshoot it.

                    Steve

                    johnpozJ A 2 Replies Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator @stephenw10
                      last edited by

                      @stephenw10 said in pfSense 2.6 issues:

                      unlikely to get fixed if we cannot troubleshoot it.

                      Why would you want to do that? Just stay on version 1 of something, never move forward.. Just use what works first time until the end of time ;)

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Well I mean that's option. ๐Ÿ˜‰

                        1 Reply Last reply Reply Quote 0
                        • A Offline
                          adriangalbincea @stephenw10
                          last edited by

                          @stephenw10 not sure how can you sustain that is my setup at fault if I update the router firmware and the connection becomes unstable and if I restore the older version is back to normal. Really? This is how you deal with issues? ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚

                          johnpozJ stephenw10S 2 Replies Last reply Reply Quote 0
                          • johnpozJ Offline
                            johnpoz LAYER 8 Global Moderator @adriangalbincea
                            last edited by johnpoz

                            @adriangalbincea said in pfSense 2.6 issues:

                            can you sustain that is my setup at fault

                            Because if not then the forum would be on fire with everyone on the planet that upgraded to 2.6 screaming it doesn't work.

                            So clearly it is something related to you setup in some fashion that is unique enough that others are not screaming about the same issue..

                            That is how.. What are you running pfsense on? Hardware, VM? There quite a bit of chatter about users having issues with hyper-v, etc. What interface was this pc connected too, some usb interface, an port from a multiple port nic? A intel nic, a realtek nic?

                            We have absolutely zero actual info about your problem... You say websites don't load 50 % of the time, but only this 1 pc - not any of yoru wireless clients, or othe wired client?? But you say it looses ping.. 50% loss? 5% loss? Pings once started have zero to do with dns, etc. etc..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator @adriangalbincea
                              last edited by

                              @adriangalbincea said in pfSense 2.6 issues:

                              not sure how can you sustain that is my setup at fault

                              Sorry, I'm not assigning blame here. If your config worked fine in 2.5.2 it should work fine in 2.6.
                              I'm just saying that the fact most users are not seeing issues like that indicates there is something in your config or hardware that is unusual.
                              To solve this we need to first pin down how this is failing then try to replicate that locally. But we need you to give us some details so we can attempt that and that might mean you need to be running 2.6.

                              So, yeah, what hardware are you running? Anything unusual?

                              What config are you running? Again anything unusual?

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • N Offline
                                nethunter403
                                last edited by nethunter403

                                This post is deleted!
                                1 Reply Last reply Reply Quote 0
                                • P Offline
                                  PeterPorker3
                                  last edited by PeterPorker3

                                  Just wanted to post here that I am having the exact same issue as @KpuCko . I tested all the hardware every way I can, and it all seems to be in good working order. Previous updates have been performed without any issue.

                                  Hardware:
                                  -HP DL320e G8 v2
                                  -Intel Core i3 4150
                                  -4GB ECC Unbuffered Memory
                                  -2x 40GB Intel SATA SSDs in ZFS Mirror
                                  -Only network card in use is an HP NC365T which is Intel Based

                                  Config Overview: 1x Passive LAG (bridged with LAN), OpenVPN, HAproxy, 1x LAN, 1x LAN, Minimal firewall rules

                                  Probably going to end up reinstalling. I doubt I will receive a response here, but if you do happen to see this within the next few days and have any suggestions on another fix, please let me know!

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    You're seeing exactly the same errors?

                                    Can we see the errors you have?

                                    Most errors of that sort are caused by the upgrade failing to complete for some reason leaving mismatched kernel/world binaries.
                                    Did it appear to complete correctly?

                                    Steve

                                    P 1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      PeterPorker3 @stephenw10
                                      last edited by PeterPorker3

                                      @stephenw10 As far as I can tell, yes, exactly the same. Symptoms the same as well: no access to WAN/internet. (Although I can establish a connection to this firewall via OpenVPN) The first line is what I see in the notification panel and in the System logs, and is displayed a total of 6 times in various parts of the log:

                                      /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULENV: Operation not supported by device - The line in question reads [0]:
                                      

                                      In the System logs only (not the notifications), the above error is also accompanied by this message:

                                      /rc.filter_configure_sync: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETSYNCOOKIES' 
                                      

                                      I also found the following errors that occur at verious parts of the log that may or may not be related:

                                      KLD cpuctl.ko: depends on kernel - not available or version mismatch 
                                      KLD if_wg.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
                                      KLD aesni.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
                                      KLD coretemp.ko: depends on kernel - not available or version mismatch
                                      

                                      Which where all individually followed by:

                                      linker_load_file: /boot/kernel/XXX.ko - unsupported file type 
                                      

                                      And the last one I found was this which happened three times:

                                      >>> Gateway alarm: WANGW (Addr:192.168.1.1 Alarm:0 RTT:.320ms RTTsd:.412ms Loss:7%) 
                                      

                                      If there are any other errors logged, I couldn't identify them. But I can't say I'm an expert on the inner workings of pfsense so if there is somewhere specific I should look, please let me know.

                                      I don't recall seeing any errors during the upgrade process, however I'm not sure where to look to double check. I did try running pkg update and pkg upgrade in the shell, but it said everything was up to date and displayed no errors at all. I also attempted to export the config and restore from it without reinstalling, but that made no difference.

                                      It might also be worth noting that I have a double NAT setup (for various reasons), with the WAN of this pfsense box being connected to another local network. I cannot access the internet or any of the local network resources on the outer/WAN network, despite not being blocked by any firewall rules (this was a working setup prior to the upgrade, upgrade was performed to troubleshoot an unrelated issue with the HAproxy package).

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Ok, that deffinately looks like a kernel mismatch.

                                        What do you see output from uname -a and freebsd-version -kur.

                                        You might also try pkg upgrade and see if you are offered any updates. Imediately following the upgrade to 2.6 I would not expect to see any.

                                        Steve

                                        P 1 Reply Last reply Reply Quote 0
                                        • P Offline
                                          PeterPorker3 @stephenw10
                                          last edited by

                                          @stephenw10 If appears that you are spot on. Here's the output:

                                          [2.6.0-RELEASE][admin@XXX]/root: uname -r
                                          12.2-STABLE
                                          [2.6.0-RELEASE][admin@XXX]/root: freebsd-version -kur
                                          12.3-STABLE
                                          12.2-STABLE
                                          12.3-STABLE
                                          

                                          The newer kernel is installed, yet the older kernel is currently in use (stays that way after a reboot as well).

                                          I assume the pfsense bootloader screen would have a way to specify which kernel to load, however I am not at home this week and I'm limited to what I can do over a VPN. What would be the best way to correct this with that limitation in mind? I'm not too worried about potentially making it worse, since the network is already unusable and I am traveling back on Saturday.

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Do you have more than one boot device in the system?

                                            We have seen some instances where an old kernel is loaded from a different device.

                                            Installing 2.6 clean and restoring the config will get you back up again whatever the current state is.

                                            Steve

                                            P 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.