Pfsense 25.11 broke my lan.
-
Hi.
I have updated and pfsense can ping google, and WAN's are in green, all in the router is ok, but all lan devices go offline. Nas, dead, Proxmox dead, computers, offline, VPN to pfsense Works!
PV6 is off in my pfsense.
Reverted to previous version.
What's happening? -
I don't know if is PFBLOCKER but i have 2 wans... TELEFONICA AND ADAMO... PPPOE and DHCP both with IPV6 "none". In routing, FAILOVER as primary WAN and again IPV6 to none.
Pfsense can ping to google.es
Any clue?
Thanks!
NO UPDATES in package manager:
-
@wisepds packages get upgraded/reinstalled at upgrade so that’s expected.
What isn’t working exactly? DNS? Ping to pfSense? DHCP?
-
What firewall rules do you have on internal interfaces?
Do you have any match rules? Do you have quick set?
-
@wisepds
And what hardware is pfSense running on? -
@w0w It's a Proxmox MV under a Ryzen threadripper.3995WX. No problem in 5 years.
-
@stephenw10 My lan and wan rules are the same for 5 years.
With 25.07 works perfect. I can't imagine que a Freebsd base update can broke rules. -
@SteveITS Update process complete without problems, after reboot, all devices under the pfsense can't access to internet.
This night i will update again. My problem is that i only can update at night...
Do you want specific test or any information before/after update?I have another pfsense+ inside lan only for openvpn. I will update too..
-
@wisepds said in Pfsense 25.11 broke my lan.:
@w0w It's a Proxmox
So it using pppoe over vtnet interface?
-
@w0w Yes, here in spain ppoe Movistar is Vlan 6. but it works because pfsense have internet and i can connect to openvpn.
-
@w0w
OH! I hope this is a bug.. no, my WAN PPOE es virtIO because PFSENSE ID are attached to MAC cards.. so if i migrate my PFSENSE MV from one node to another my PFSENSE licence will lost being passthrough!!!This is impossible to assume!
-
@wisepds said in Pfsense 25.11 broke my lan.:
With 25.07 works perfect. I can't imagine que a Freebsd base update can broke rules.
It could if you have match rules with quick set and have been relying on the broken behaviour. Typically those are added as floating rules for traffic shaping. Do you have that?
-
@stephenw10 My floating rules:
-
@wisepds said in Pfsense 25.11 broke my lan.:
@w0w
OH! I hope this is a bug.. no, my WAN PPOE es virtIO because PFSENSE ID are attached to MAC cards.. so if i migrate my PFSENSE MV from one node to another my PFSENSE licence will lost being passthrough!!!This is impossible to assume!
If you were not using passthrough then In the Proxmox VM assign each NICs its current MAC address.
It’s been posted elsewhere Netgate is working on a fingerprint/different method instead of NDI/MAC for the Plus license so maybe in the future…
-
I don’t get it…
So you’re using VirtIO, which means you have the same bug as me (and as the other person in the thread I linked above), right?
Why do you need to migrate from one node to another? Did you read the thread?
You can try adding the following to loader.conf.local:
hw.vtnet.tso_disable=1 hw.vtnet.csum_disable=1…and see if it helps.
-
@SteveITS But for now it's the method. For us passthrough is not an option.
I think this release is problematic. A lot of people with problems.
Any possible solution for my setup or i must wait for a fix?
-
@w0w We have a cluster... if one node dies, we have HA to migrate all MV's to another node.
It's impossible for us use physical mac nics (Passthroug) while netgate use this data for fingerprint/Licence.
I think you'r right... we have the same problem...
This is unacceptable in a software with paid suscription. -
@wisepds said in Pfsense 25.11 broke my lan.:
It's impossible for us use physical mac nics (Passthroug) while netgate use this data for fingerprint/Licence.
If you are lucky one, you don't need to do passthrough. Read my previous message. If you don't want to mess with it, stay on the 25.07
-
@w0w do you think a fix is coming?
-
@wisepds said in Pfsense 25.11 broke my lan.:
This is unacceptable in a software with paid suscription.
You can create a ticket. https://www.netgate.com/tac-support-request
