2.2.6 -> 2.3 Upgrade Issues

  • We've been using pfSense at all of our locations (usually around 10) for the last 4-5 years, normally upgrading to the latest version without any issues at all.  We literally have never had an issue doing upgrades before, remote or local.

    Our hardware right now is typically a SuperMicro 5018-FTN4 (Atom C2758 w/4-8GB RAM, x4 intel interfaces)

    I have to say the upgrade to 2.3 hasn't been working as well as we'd hoped.

    We updated our first location 2 nights ago.  I flew a tech onsite in case anything went wrong.  The upgrade worked fine, and we booted up and had internet access, and all our settings seemed to move over just fine.  So we appeared to be good to go, and I brought my tech back home.

    • Since then, we've had many problems relating to the IPSec site to site connections between the 2.3 location and the other 2.2.6 locations.  I'm not sure what exactly changed with the IPSec, and it appeared to work fine for the first day, but we're no longer able to connect with a hostname.  We must have the IP address in the remote gateway field on both sides.  Once we solved that issue and connected, we were still unable to pass traffic because the traffic was being blocked in the firewall, even though we had pass rules that worked fine on 2.2.6 (and should work fine on 2.3).  So I added the Easy Rule to pass the specific traffic I was testing with, and the traffic was no longer being blocked at the firewall, but I'm still unable to connect.  We have 2 WAN connections, and the same thing is happening on both.  The first few connections seemed to work fine when I switched to the other WAN, but have since stopped.  It's almost as if the connection locks up after a period of time and nothing will bring it back up.  I've tried deleting/readding the connection, using a different WAN tunnel ( which in some cases works for a little while), using different P2 tunnels, different encryption protocols, etc.  I will try a reboot tonight to see if that does anything.

    • We have a dual wan connection in a failover gateway group that updates a dynamic dns address whenever it fails over.  Anytime this happens (3 times so far) we get a crash report on pfSense related to the Dynamic DNS.  This also happens anytime I do a Force Update in the Dynamic DNS.  Crash Report is below.  This doesn't seem to break anything or stop pfSense, but it gives me a crash report error on my dashboard every time.

    • The CPU Usage on the dashboard reports a constant 15-20%, even though the Monitoring (which is a big step down from the RRD Graphs) reports 0-1% across the board, and if I ssh in and run top, it reports 0-1%.  The locations using the same hardware and typically the same usage report 0-1% on the dashboard in 2.2.6.

    • The web interface seems to hang a LOT.  Sometimes I'll have to wait 30s-60s for a page to load.

    I really like pfSense and recommend it whenever I can.  But 2.3 so far has been a real disappointment.  I'm thinking I'll need to downgrade this one location back to 2.2.6 until 2.3 is a little more polished.

    Anyon else been seeing these issues?

    FreeBSD 10.3-RELEASE #6 05adf0a(RELENG_2_3_0): Mon Apr 11 18:52:07 CDT 2016     root@ce23-amd64-builder:/builder/pfsense-230/tmp/obj/builder/pfsense-230/tmp/FreeBSD-src/sys/pfSense
    Crash report details:
    PHP Errors:
    [22-Apr-2016 14:00:23 America/Denver] PHP Stack trace:
    [22-Apr-2016 14:00:23 America/Denver] PHP   1\. {main}() /usr/local/www/services_dyndns_edit.php:0
    [22-Apr-2016 14:00:23 America/Denver] PHP   2\. services_dyndns_configure_client() /usr/local/www/services_dyndns_edit.php:232
    [22-Apr-2016 14:00:23 America/Denver] PHP   3\. updatedns->updatedns() /etc/inc/services.inc:1930
    [22-Apr-2016 14:00:23 America/Denver] PHP   4\. updatedns->_update() /etc/inc/dyndns.class:274
    [22-Apr-2016 14:00:23 America/Denver] PHP   5\. updatedns->_checkStatus() /etc/inc/dyndns.class:808
    [22-Apr-2016 14:00:23 America/Denver] PHP   6\. notify_all_remote() /etc/inc/dyndns.class:1429
    [22-Apr-2016 14:00:23 America/Denver] PHP   7\. notify_via_growl() /etc/inc/notices.inc:468
    [22-Apr-2016 14:00:23 America/Denver] PHP   8\. dns_get_record() /etc/inc/notices.inc:431
    [22-Apr-2016 14:00:28 America/Denver] PHP Stack trace:
    [22-Apr-2016 14:00:28 America/Denver] PHP   1\. {main}() /usr/local/www/services_dyndns_edit.php:0
    [22-Apr-2016 14:00:28 America/Denver] PHP   2\. services_dyndns_configure_client() /usr/local/www/services_dyndns_edit.php:232
    [22-Apr-2016 14:00:28 America/Denver] PHP   3\. updatedns->updatedns() /etc/inc/services.inc:1930
    [22-Apr-2016 14:00:28 America/Denver] PHP   4\. updatedns->_update() /etc/inc/dyndns.class:274
    [22-Apr-2016 14:00:28 America/Denver] PHP   5\. updatedns->_checkStatus() /etc/inc/dyndns.class:808
    [22-Apr-2016 14:00:28 America/Denver] PHP   6\. notify_all_remote() /etc/inc/dyndns.class:1429
    [22-Apr-2016 14:00:28 America/Denver] PHP   7\. notify_via_growl() /etc/inc/notices.inc:468
    [22-Apr-2016 14:00:28 America/Denver] PHP   8\. dns_get_record() /etc/inc/notices.inc:431

  • For the growl crash report, I expect you have some (usually accidental) erroneous name in the "IP Address" field of the Growl settings (System->Advanced, Notifications).

    Fix that and the crash report will go away.

    The Growl crash report problem is fixed by https://github.com/pfsense/pfsense/commit/642c6023fea2957bb646b1290371ead508f5cc67 - which prevents the warning message and instead does a "file notice" so that you will get a sensible message as a notice on the dashboard when this problem occurs. That fix will be in 2.3.1, or you can install System Patches package and then apply that commit as a patch.

  • That seems to have fixed that issue.  Thanks.

    We've never used Growl, so I'm not sure how that became enabled.

  • Regarding the slow interface:
    It seems, that disc speed is much more important in 2.3 than in 2.2.
    I gave my APU some love and upgraded from CF to SSD - and what can I say… normal speed back again.

    But I do have some other problem... I didn't remove the deprecated packages and now they show in the menu but can't be removed.
    And no, I don't want to install from the scratch an reconfigure everything again.
    Any help?

  • Regarding crashes, in 2.3-RELEASE (i386) I see frequent crash reports due to errors on physical Internet links (i.e. ISP errors)regardless of site, platform (physical or virtual machine) and method of installation (upgrade from 2.2.2 or 2.2.6). The crashes are true. I'm not sure if this is relevant, we use IPsec, but not HA IPsec/Dynamic DNS.

Log in to reply