2.3 upgrade bricks Netgate 2440

  • I just updated my Netgate 2440 from 2.2.6 to 2.3, and it killed my device. No boot. Had to resort to my trusty serial cable, reinstall a fresh image from USB, reformat the 4GB flash etc etc. Fortunately I backed up my config just before. I also had to trash my squid cache (on a local mSATA SSD) to get that working again. Nothing very fancy going on, just OpenVPN and Squid packages installed.

    Just a word of warning to anyone considering the same. Download everything you need beforehand, print all the instructions, backup your config, make sure you don't need the internet for a while, and set aside an hour or two.

  • Define "bricks", what happened, what was on the console? Guessing most likely the haproxy left over old files issue, though that's easily and quickly fixable without a reinstall.

  • Well, it's fixed now. I'm afraid I didn't make a note. Something about a kernel image in the console. Possibly that it couldn't be found.

  • I bought a Netgate 4860 just before 2.3 came along - it was running fine until 2.3 updated - it seems that any changes to the rules or other edits in the firewall configuration cause the interface to slow down to glacial speeds.  A rule edit requires about 20 seconds to apply and a reboot before the GUI performs at regular speeds  - the system display panel shows disk usage at 103% when this happens.  Given that the box has 128Gb SSD its a good bet that the GUI is either lying or something else is up.

    Basically if I do anything on the system it slows to a crawl and has to be rebooted.

  • I don't know what's happened but this problem (very slow GUI until rebooted) has gone away after I did a bunch of reconfiguring and cleaning up this morning.  Since the problem seemed related to editing the firewall rules I deleted everything including the NATs and re-created all of the rules from scratch using exactly the same incantations

    In the process I also moved the main Internet feed from Igb3 to Igb1 - the LAN side has always been on Igb0 with another Internet feed on Igb2.  Igb1 used to be the main feed a while back but we changed providers and configured the new ISP on Igb3 - so for a while we've been running with internet access via Igb2 and Igb3 without using Igb1 at all - that's the configuration that was giving us problems.

    The response time is now sweet and so far everything is running well.

    So these are just questions for the developers to think about

    1. Is there something magic about the interface called "WAN" that REQUIRES that it is present even if the firewall rules and configuration do not use it?
    2. When an interface is deleted, what happens to the rules associated with the interface?  I think they get left in place but since there's not interface associated with them you can't see them.

Log in to reply