To do 24.11 or not? That's the question.

AndyRH

@Normandy214 said in To do 24.11 or not? That's the question.:

My question is why upgrade now. If you're firewall is running well now

There are always fixes and improvements. With Boot Environments it is too easy to go back if there is a problem. For me this is home, and I can be a little wilder. At work we are very cautious with upgrades. Upset family vs millions of dollars.
Your judgment for your environment.

chudak

@Normandy214 said in To do 24.11 or not? That's the question.:

@chudak My question is why upgrade now. If you're firewall is running well now, why risk breaking it with an upgrade (sorry @stephenw10).
Is there a new or improved feature in 24.11 that you need?
If not, per the Netgate website, https://docs.netgate.com/pfsense/en/latest/releases/versions.html , versions 23.09.1 and 24.03 are still under support.
I usually don't upgrade until support ends. I let everyone else suffer the issues with new releases and then upgrade once I have a better understanding of the issues I am likely to face.
If you do decide to go let us know how the adventure goes.

It's more of a philosophical question.
I prefer to run on the latest s/w, some people would never update as long as they don't have any problems

Dunno

chudak

Re: To do 24.11 or not? That's the question.

I finally upgraded to the latest version.

The overall process went fine. But I see some issues. I monitor my system via Uptime Kume, usually ping check and I see all my systems fail with "queryA ETIMEOUT" errors and then come back online.

That's not normal :(

Has anybody else observed something similar?

I may have to restore the previous good version

chudak

@chudak I restored my 24.03 version and all is back to normal.

I did not see any obvious issues except Kuma, but also noticed overall stability issues. Felt like DNS resolution was on and off.

In any event - thumb down for the update.

stephenw10

@chudak said in To do 24.11 or not? That's the question.:

Has anybody else observed something similar?

More information needed! How is that check running? From where? Is it shown as blocked anywhere?

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

@chudak said in To do 24.11 or not? That's the question.:

Has anybody else observed something similar?

More information needed! How is that check running? From where? Is it shown as blocked anywhere?

I wish I can characterise it better.
I booted back to 24.11.

I still see the problem
Here is an example.
I monitor my Windows VM via ping every 60 seconds

On the previous version, I didn’t see any issues. On 24.11 I see this test show unsuccessful ping followed by successful ping every several minutes.

I see nothing suspicious in the logs

I also see actual interruptions streaming YouTube and even typing this text see service interruption on this website

IMHO this version is not usable (for me) :(

‍️‍️

Gertjan

@chudak said in To do 24.11 or not? That's the question.:

I monitor my Windows VM via ping every 60 seconds

pfSense is using 'dpinger' to ping a upstream gateway (often 8.8.8.8) every 500 msec, just to check if the upstream Internet connection is working.
What I mean : pfSense can ping hosts just fine. Launch a ping test to some LAN hist, or actyally any host yourself with the GUI.
If some VM refuses to answer .... well, have a look at that VM.

@chudak said in To do 24.11 or not? That's the question.:

Felt like DNS resolution was on and off.

Check your unbound.
Is it getting restarted a lot ? Check the unbound (resolver) log.
Mine doesn't https://www.test-domaine.fr/munin/brit-hotel-fumel.net/pfsense.brit-hotel-fumel.net/unbound_munin_memory.html - and the recent restarts are normal, I just switched to 24.11 and trying out a lot of things, also rebooting.

DNS is pretty (very) solid for me.
( and we all use the exact same binary ^^ )

stephenw10

@chudak What are you running this on?

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

@chudak What are you running this on?

QOTOM-Q355G4

stephenw10

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

chudak

@stephenw10 said in To do 24.11 or not? That's the question.:

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

I am physically don't have access to my psF bix now and hesitant to mess with it remotely.

Hope somebody else reports similar (or not) and I will try later and wait for a point update.