Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.6 issues

    Scheduled Pinned Locked Moved General pfSense Questions
    56 Posts 12 Posters 20.3k Views 15 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @adriangalbincea
      last edited by

      @adriangalbincea said in pfSense 2.6 issues:

      ran ping -t for long time, and is not consistent, will get time out very often...

      Well that says its not actually dns related, but if your having packet loss issues you could for sure have dns problems because of the packet loss.

      Once you start the ping, even if was to some fqdn - if that resolved to an IP and then you later see packet loss that has nothing to do with dns. But actual packet loss..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      A 1 Reply Last reply Reply Quote 0
      • A Offline
        adriangalbincea @johnpoz
        last edited by

        @johnpoz Can well be a drop of the package too. I will let other people report this too... I will not upgrade my router just to troubleshoot again. I reverted my Windows 11 upgrade because of this to realize it was actually the pfSense upgrade, not the Windows upgrade... I spent days and forums saying nothing about this issue... What is weird though, it happened always only on the PC which is connected via cable, mobile devices had no issues... I will stay with 2.5.2 for the moment and I will not update any of my clients routers either.

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @adriangalbincea
          last edited by johnpoz

          @adriangalbincea said in pfSense 2.6 issues:

          drop of the package too

          Sorry but no... Have no idea what your issue was or is... But once you resolve something from dns to its IP and are running a constant ping.. .dns is out of the picture, unbound could be completely dead.. You could turn off the service.

          Your saying your wireless clients all worked just fine.. So then it wasn't your isp, and how exactly was it pfsense either?

          That specific interface - how exactly did you this pc connect vs your wireless clients that were having no issues, etc..

          Your more than welcome to stay on version 1 if you want.. Nothing forcing you to do anything... You can continue to use windows 9x if you want as well..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Mmm, there is no known issue in 2.6 that presents like that. If you have found a new issue it's likely related to your setup specifically, either your hardware or config. It's unlikely to get fixed if we cannot troubleshoot it.

            Steve

            johnpozJ A 2 Replies Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @stephenw10
              last edited by

              @stephenw10 said in pfSense 2.6 issues:

              unlikely to get fixed if we cannot troubleshoot it.

              Why would you want to do that? Just stay on version 1 of something, never move forward.. Just use what works first time until the end of time ;)

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Well I mean that's option. ๐Ÿ˜‰

                1 Reply Last reply Reply Quote 0
                • A Offline
                  adriangalbincea @stephenw10
                  last edited by

                  @stephenw10 not sure how can you sustain that is my setup at fault if I update the router firmware and the connection becomes unstable and if I restore the older version is back to normal. Really? This is how you deal with issues? ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚

                  johnpozJ stephenw10S 2 Replies Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator @adriangalbincea
                    last edited by johnpoz

                    @adriangalbincea said in pfSense 2.6 issues:

                    can you sustain that is my setup at fault

                    Because if not then the forum would be on fire with everyone on the planet that upgraded to 2.6 screaming it doesn't work.

                    So clearly it is something related to you setup in some fashion that is unique enough that others are not screaming about the same issue..

                    That is how.. What are you running pfsense on? Hardware, VM? There quite a bit of chatter about users having issues with hyper-v, etc. What interface was this pc connected too, some usb interface, an port from a multiple port nic? A intel nic, a realtek nic?

                    We have absolutely zero actual info about your problem... You say websites don't load 50 % of the time, but only this 1 pc - not any of yoru wireless clients, or othe wired client?? But you say it looses ping.. 50% loss? 5% loss? Pings once started have zero to do with dns, etc. etc..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator @adriangalbincea
                      last edited by

                      @adriangalbincea said in pfSense 2.6 issues:

                      not sure how can you sustain that is my setup at fault

                      Sorry, I'm not assigning blame here. If your config worked fine in 2.5.2 it should work fine in 2.6.
                      I'm just saying that the fact most users are not seeing issues like that indicates there is something in your config or hardware that is unusual.
                      To solve this we need to first pin down how this is failing then try to replicate that locally. But we need you to give us some details so we can attempt that and that might mean you need to be running 2.6.

                      So, yeah, what hardware are you running? Anything unusual?

                      What config are you running? Again anything unusual?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • N Offline
                        nethunter403
                        last edited by nethunter403

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          PeterPorker3
                          last edited by PeterPorker3

                          Just wanted to post here that I am having the exact same issue as @KpuCko . I tested all the hardware every way I can, and it all seems to be in good working order. Previous updates have been performed without any issue.

                          Hardware:
                          -HP DL320e G8 v2
                          -Intel Core i3 4150
                          -4GB ECC Unbuffered Memory
                          -2x 40GB Intel SATA SSDs in ZFS Mirror
                          -Only network card in use is an HP NC365T which is Intel Based

                          Config Overview: 1x Passive LAG (bridged with LAN), OpenVPN, HAproxy, 1x LAN, 1x LAN, Minimal firewall rules

                          Probably going to end up reinstalling. I doubt I will receive a response here, but if you do happen to see this within the next few days and have any suggestions on another fix, please let me know!

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            You're seeing exactly the same errors?

                            Can we see the errors you have?

                            Most errors of that sort are caused by the upgrade failing to complete for some reason leaving mismatched kernel/world binaries.
                            Did it appear to complete correctly?

                            Steve

                            P 1 Reply Last reply Reply Quote 0
                            • P Offline
                              PeterPorker3 @stephenw10
                              last edited by PeterPorker3

                              @stephenw10 As far as I can tell, yes, exactly the same. Symptoms the same as well: no access to WAN/internet. (Although I can establish a connection to this firewall via OpenVPN) The first line is what I see in the notification panel and in the System logs, and is displayed a total of 6 times in various parts of the log:

                              /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULENV: Operation not supported by device - The line in question reads [0]:
                              

                              In the System logs only (not the notifications), the above error is also accompanied by this message:

                              /rc.filter_configure_sync: The command '/sbin/pfctl -Of /tmp/rules.limits' returned exit code '1', the output was 'pfctl: DIOCSETSYNCOOKIES' 
                              

                              I also found the following errors that occur at verious parts of the log that may or may not be related:

                              KLD cpuctl.ko: depends on kernel - not available or version mismatch 
                              KLD if_wg.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
                              KLD aesni.ko: depends on kernel - not available or version mismatch (occured multiple times, different places)
                              KLD coretemp.ko: depends on kernel - not available or version mismatch
                              

                              Which where all individually followed by:

                              linker_load_file: /boot/kernel/XXX.ko - unsupported file type 
                              

                              And the last one I found was this which happened three times:

                              >>> Gateway alarm: WANGW (Addr:192.168.1.1 Alarm:0 RTT:.320ms RTTsd:.412ms Loss:7%) 
                              

                              If there are any other errors logged, I couldn't identify them. But I can't say I'm an expert on the inner workings of pfsense so if there is somewhere specific I should look, please let me know.

                              I don't recall seeing any errors during the upgrade process, however I'm not sure where to look to double check. I did try running pkg update and pkg upgrade in the shell, but it said everything was up to date and displayed no errors at all. I also attempted to export the config and restore from it without reinstalling, but that made no difference.

                              It might also be worth noting that I have a double NAT setup (for various reasons), with the WAN of this pfsense box being connected to another local network. I cannot access the internet or any of the local network resources on the outer/WAN network, despite not being blocked by any firewall rules (this was a working setup prior to the upgrade, upgrade was performed to troubleshoot an unrelated issue with the HAproxy package).

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                Ok, that deffinately looks like a kernel mismatch.

                                What do you see output from uname -a and freebsd-version -kur.

                                You might also try pkg upgrade and see if you are offered any updates. Imediately following the upgrade to 2.6 I would not expect to see any.

                                Steve

                                P 1 Reply Last reply Reply Quote 0
                                • P Offline
                                  PeterPorker3 @stephenw10
                                  last edited by

                                  @stephenw10 If appears that you are spot on. Here's the output:

                                  [2.6.0-RELEASE][admin@XXX]/root: uname -r
                                  12.2-STABLE
                                  [2.6.0-RELEASE][admin@XXX]/root: freebsd-version -kur
                                  12.3-STABLE
                                  12.2-STABLE
                                  12.3-STABLE
                                  

                                  The newer kernel is installed, yet the older kernel is currently in use (stays that way after a reboot as well).

                                  I assume the pfsense bootloader screen would have a way to specify which kernel to load, however I am not at home this week and I'm limited to what I can do over a VPN. What would be the best way to correct this with that limitation in mind? I'm not too worried about potentially making it worse, since the network is already unusable and I am traveling back on Saturday.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Do you have more than one boot device in the system?

                                    We have seen some instances where an old kernel is loaded from a different device.

                                    Installing 2.6 clean and restoring the config will get you back up again whatever the current state is.

                                    Steve

                                    P 1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      PeterPorker3 @stephenw10
                                      last edited by PeterPorker3

                                      @stephenw10 pfsense is installed on a ZFS Mirror array with two SSDs. Would that apply in this case? Besides that there are no other volumes/disks.

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Ok, looking at that it appears the installed and running kernel is correct but the userland is still at 12.2.
                                        pkg upgrade didn't offer you any updates?

                                        Try running pkg info -x pfSense and see if anything there still shows 22.01.

                                        I would not expect a ZFS mirror to be capable of booting a different kernel. I've only ever seen it on separate boot devices.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.