Upgrading to pfSense+ 23.09 broke my network
-
Yesterday I paid for a Taclite subscription in order to keep my pfSense Plus license (previously free) and to get the latest upgrade to 23.09. The update process seemed to work ok, but immediately after, my pfSense device could not get an IP address from the cable modem. This is the first time that an update to pfSense negatively affected my network operation. I managed to fix it, but I had to go through and disable IPv6 in a number of spots. Apparently my Netgear CM-700 and Xfinity cable internet didn't react well to whatever changes were made in the update. FWIW, the hardware I run pfSense on is a Moginsok MGSRCJ4 purchased off of Amazon. I just wanted to put this out here as feedback to the developers. I am not sure why but this update also changed a number of my settings. It was the first problematic upgrade I have experienced with either pfSense CE or pfSense Plus. I have been using pfSense for about a year now.
-
@louie1961 said in Upgrading to pfSense+ 23.09 broke my network:
FWIW, the hardware I run pfSense on is a Moginsok MGSRCJ4
Did it come supplied with pfSense? Did you reinstall it clean?
We've seen reports of those running modified versions of pfSense with who-knows what modifications.That aside did it break only v6 or v4 also somehow?
Steve
-
@stephenw10 It came loaded with pfSense CE. I have not ever done a clean install. But I have been using it for almost a year without issue, and upgraded from CE to Plus without issue.
It changed a lot of stuff. I had my ethernet interfaces set for 2.5gbe and suddenly they were at 100mb. There were other assorted changes that happened unexpectedly. I wouldn't say that IPv4 was broken, but it was essentially turned off for the WAN interface.
-
Hmm, and simply disabling IPv6 corrected the link speed issues?
Is that i225 or i226 NICs? Though neither should have seen a difference like that with driver updates.
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
@stephenw10 Its the older I225 nics
To be honest, I am not 100% sure exactly what fixed my issue. I ended up going through virtually every configuration screen and putting things back the way I had them. Most of the changes were focused on IPv6 and the interfaces. I also changed some stuff with Kea DHCP. But I can say for sure that the issue was the pfSense box was failing to get a DHCP assignment from the cable modem. Whan I plugged my laptop directly into the cable modem (hardwired ethernet) it worked fine. The laptop is running Debian 12. But when I plugged in the pfSense box, the WAN interface would show no IP assignment.
-
FWIW, I am pretty sure I have a copy of the non working XML configuration file on my laptop. I can send you that if it helps.
-
Ok so you enabled Kea after you upgraded and it was still working OK after that for some time? And then it failed, maybe when it tried to renew the WAN dhcp lease?
-
@stephenw10 No, I enabled Kea as part of the fix
-
Hmm, interesting. So potentially ISC dhcpd was handing out something incorrect before that?
-
@stephenw10 I am not sure about that. I think it was failing to get a lease from the cable modem, whatever that involved. I am not much of a network engineer to be honest.
-
Hmm. The client side is handled by dhclient and the associated script, it doesn't use either ISC dhcpd or Kea. So changing that should not have made any difference to the WAN.
However if the WAN was pulling an invliad IPv6 lease perhaps then one of those might have been trying to use a bad prefix which would have caused problems. Switching between them may have cleared that.
