Update from 22.05 to 23.01 one bricked another with errors.

itNGO

@stephenw10

Direct Connection via 10GBe for Internal and HP Switch for other lines.... Node 1 is exactly connected the same way and still works normally....

[23.01-RELEASE][root@pfSense2.jgs.local]/root:
Message from syslogd@pfSense1 at Mar 13 18:33:29 ...
php-fpm[92160]: /firewall_rules.php: Successful login for user 'admin' from: xx (Local Database)
ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1): 56 data bytes
^C
--- 192.168.168.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 192.168.168.2
PING 192.168.168.2 (192.168.168.2): 56 data bytes
64 bytes from 192.168.168.2: icmp_seq=0 ttl=64 time=0.173 ms
64 bytes from 192.168.168.2: icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from 192.168.168.2: icmp_seq=2 ttl=64 time=0.069 ms
^C
--- 192.168.168.2 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.069/0.108/0.173/0.046 ms
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1): 56 data bytes
^C
--- 192.168.168.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss

stephenw10

Ok, so it can ping itself. The network stack is up at least.

Make sure routes exist: netstat -rn

You're using only the 10G SFP ports, ix0 and ix1?

Do you see all the expected interfaces present in ifconfig?

itNGO

@stephenw10
Yes all interfaces are present and routes are in place.
[23.01-RELEASE][root@pfSense2.jgs.local]/root: netstat -rn
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 82.198.xxx.xxx UGS lagg0.40
10.10.10.1 link#15 UH lo0
10.42.1.0/24 link#21 U lagg0.40
10.42.1.2 link#21 UHS lo0
10.42.10.0/24 10.42.1.240 UGS lagg0.40
10.42.11.0/24 10.42.1.240 UGS lagg0.40
10.42.12.0/24 10.42.1.240 UGS lagg0.40
10.42.13.0/24 10.42.1.240 UGS lagg0.40
10.42.14.0/24 10.42.1.240 UGS lagg0.40
10.42.16.0/24 10.42.1.240 UGS lagg0.40
10.42.96.0/24 link#23 U lagg0.96
10.42.96.2 link#23 UHS lo0
10.255.42.0/24 10.42.1.3 UGS lagg0.40
10.255.42.1 link#21 UHS lagg0.40
10.255.192.0/24 10.42.1.3 UGS lagg0.40
82.198.xxx.168/29 link#20 U lagg0.40
82.198.xxx.172 link#20 UHS lo0
127.0.0.1 link#15 UH lo0
192.168.168.0/24 link#1 U ix0
192.168.168.2 link#1 UHS lo0
192.168.178.0/24 link#24 U lagg0.40
192.168.178.3 link#24 UHS lo0

Internet6:
Destination Gateway Flags Netif Expire
::1 link#15 UHS lo0
fe80::%ix0/64 link#1 U ix0
fe80::208:a2ff:fe10:d096%ix0 link#1 UHS lo0
fe80::%lo0/64 link#15 U lo0
fe80::1%lo0 link#15 UHS lo0
fe80::%lagg0/64 link#19 U lagg0
fe80::208:a2ff:fe10:d098%lagg0 link#19 UHS lo0
fe80::%lagg0.4090/64 link#20 U lagg0.40
fe80::208:a2ff:fe10:d098%lagg0.4090 link#20 UHS lo0
fe80::%lagg0.4091/64 link#21 U lagg0.40
fe80::208:a2ff:fe10:d098%lagg0.4091 link#21 UHS lo0
fe80::%lagg0.7/64 link#22 U lagg0.7
fe80::208:a2ff:fe10:d098%lagg0.7 link#22 UHS lo0
fe80::%lagg0.96/64 link#23 U lagg0.96
fe80::208:a2ff:fe10:d098%lagg0.96 link#23 UHS lo0
fe80::%lagg0.4092/64 link#24 U lagg0.40
fe80::208:a2ff:fe10:d098%lagg0.4092 link#24 UHS lo0

stephenw10

Ok so it looks like you're using ix0 directly and everything else is via VLANs on lagg0. Can I assume lagg0 is still the internal connection to the switch, ix2 and ix3?

As a test try disabling pf: pfctl -d If the ruleset is not loading fully it might be blocking outbound traffic.
Use pfctl -e to re-enable it.

Steve

itNGO

@stephenw10 said in Update from 22.05 to 23.01 one bricked another with errors.:

pfctl -d

I tried, but also this does not help.

Maybe try factory reset?

[23.01-RELEASE][root@pfSense2.jgs.local]/root: pfctl -d
pf disabled
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 10.42.1.1
PING 10.42.1.1 (10.42.1.1): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 10.42.1.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[23.01-RELEASE][root@pfSense2.jgs.local]/root: ping 10.42.1.3
PING 10.42.1.3 (10.42.1.3): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 10.42.1.3 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

stephenw10

You certainly can try a reset. If the default config is able to connect that would prove it's something from the config causing it.

That's a different error though. Do you only see that with pf disabled? Can it still ping it's own IPs?

itNGO

@stephenw10
Well the system denies factory reset. It just stays after "y" forever and CTRL+C brings back normal Console-Menu with old settings.

Ping itself is ok.... mabye we need to flash it down to 22.05 again. Is this possible via console and an USB-Stick with old Image?

Gertjan

@itngo

If you have a USB ready with 22.05 : just boot from it, have the disk partitioned, install etc, and that will take of things.

stephenw10

Yes, you can do that. Though I would first try a clean 23.01 install. The fact it won't factory default sounds more like it didn't complete the upgrade successfully.

Steve