Update from 22.05 to 23.01 one bricked another with errors.

stephenw10

Hmm, you can't even ping to or from the other node over the sync connection? Is that directly between them?

Can we see the actual error output it shows?

Steve

itNGO

Direct Connection via 10GBe for Internal and HP Switch for other lines.... Node 1 is exactly connected the same way and still works normally....

[23.01-RELEASE][root@pfSense2.jgs.local]/root:
Message from syslogd@pfSense1 at Mar 13 18:33:29 ...
php-fpm[92160]: /firewall_rules.php: Successful login for user 'admin' from: xx (Local Database)
ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1): 56 data bytes
^C
--- 192.168.168.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 192.168.168.2
PING 192.168.168.2 (192.168.168.2): 56 data bytes
64 bytes from 192.168.168.2: icmp_seq=0 ttl=64 time=0.173 ms
64 bytes from 192.168.168.2: icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from 192.168.168.2: icmp_seq=2 ttl=64 time=0.069 ms
^C
--- 192.168.168.2 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.069/0.108/0.173/0.046 ms
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1): 56 data bytes
^C
--- 192.168.168.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss

stephenw10

Ok, so it can ping itself. The network stack is up at least.

Make sure routes exist: netstat -rn

You're using only the 10G SFP ports, ix0 and ix1?

Do you see all the expected interfaces present in ifconfig?

itNGO

@stephenw10
Yes all interfaces are present and routes are in place.
[23.01-RELEASE][root@pfSense2.jgs.local]/root: netstat -rn
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 82.198.xxx.xxx UGS lagg0.40
10.10.10.1 link#15 UH lo0
10.42.1.0/24 link#21 U lagg0.40
10.42.1.2 link#21 UHS lo0
10.42.10.0/24 10.42.1.240 UGS lagg0.40
10.42.11.0/24 10.42.1.240 UGS lagg0.40
10.42.12.0/24 10.42.1.240 UGS lagg0.40
10.42.13.0/24 10.42.1.240 UGS lagg0.40
10.42.14.0/24 10.42.1.240 UGS lagg0.40
10.42.16.0/24 10.42.1.240 UGS lagg0.40
10.42.96.0/24 link#23 U lagg0.96
10.42.96.2 link#23 UHS lo0
10.255.42.0/24 10.42.1.3 UGS lagg0.40
10.255.42.1 link#21 UHS lagg0.40
10.255.192.0/24 10.42.1.3 UGS lagg0.40
82.198.xxx.168/29 link#20 U lagg0.40
82.198.xxx.172 link#20 UHS lo0
127.0.0.1 link#15 UH lo0
192.168.168.0/24 link#1 U ix0
192.168.168.2 link#1 UHS lo0
192.168.178.0/24 link#24 U lagg0.40
192.168.178.3 link#24 UHS lo0

Internet6:
Destination Gateway Flags Netif Expire
::1 link#15 UHS lo0
fe80::%ix0/64 link#1 U ix0
fe80::208:a2ff:fe10:d096%ix0 link#1 UHS lo0
fe80::%lo0/64 link#15 U lo0
fe80::1%lo0 link#15 UHS lo0
fe80::%lagg0/64 link#19 U lagg0
fe80::208:a2ff:fe10:d098%lagg0 link#19 UHS lo0
fe80::%lagg0.4090/64 link#20 U lagg0.40
fe80::208:a2ff:fe10:d098%lagg0.4090 link#20 UHS lo0
fe80::%lagg0.4091/64 link#21 U lagg0.40
fe80::208:a2ff:fe10:d098%lagg0.4091 link#21 UHS lo0
fe80::%lagg0.7/64 link#22 U lagg0.7
fe80::208:a2ff:fe10:d098%lagg0.7 link#22 UHS lo0
fe80::%lagg0.96/64 link#23 U lagg0.96
fe80::208:a2ff:fe10:d098%lagg0.96 link#23 UHS lo0
fe80::%lagg0.4092/64 link#24 U lagg0.40
fe80::208:a2ff:fe10:d098%lagg0.4092 link#24 UHS lo0

stephenw10

Ok so it looks like you're using ix0 directly and everything else is via VLANs on lagg0. Can I assume lagg0 is still the internal connection to the switch, ix2 and ix3?

As a test try disabling pf: pfctl -d If the ruleset is not loading fully it might be blocking outbound traffic.
Use pfctl -e to re-enable it.

Steve

itNGO

@stephenw10 said in Update from 22.05 to 23.01 one bricked another with errors.:

pfctl -d

I tried, but also this does not help.

Maybe try factory reset?

[23.01-RELEASE][root@pfSense2.jgs.local]/root: pfctl -d
pf disabled
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 10.42.1.1
PING 10.42.1.1 (10.42.1.1): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 10.42.1.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 10.42.1.3
PING 10.42.1.3 (10.42.1.3): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 10.42.1.3 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

stephenw10

You certainly can try a reset. If the default config is able to connect that would prove it's something from the config causing it.

That's a different error though. Do you only see that with pf disabled? Can it still ping it's own IPs?

itNGO

@stephenw10
Well the system denies factory reset. It just stays after "y" forever and CTRL+C brings back normal Console-Menu with old settings.

Ping itself is ok.... mabye we need to flash it down to 22.05 again. Is this possible via console and an USB-Stick with old Image?

Gertjan

@itngo

If you have a USB ready with 22.05 : just boot from it, have the disk partitioned, install etc, and that will take of things.

stephenw10

Yes, you can do that. Though I would first try a clean 23.01 install. The fact it won't factory default sounds more like it didn't complete the upgrade successfully.

Steve