PfSense 2.3 LAN interface stops routing traffic - stops working after 2 or 3 day
-
If/when 2.3.1 comes out next week, if I have already botched my Factory system by syncing up with 2.3.1CE is there any way to get back on the Factory track? Or if I do a backup/format/restore would that work?
-
If/when 2.3.1 comes out next week, if I have already botched my Factory system by syncing up with 2.3.1CE is there any way to get back on the Factory track? Or if I do a backup/format/restore would that work?
It's not quite that easy. It can be done with some file edits and such but it's not a very clean switch. Overall, less effort to reinstall+restore.
-
Overall, less effort to reinstall+restore.
ok so just to confirm, I can just pave, reinstall, and restore the config.xml – no extra tweaks or edits needed? thanks again
-
jimp, could you quickly comment on what caused the issue??
-
jimp, could you quickly comment on what caused the issue??
If you mean the original problem from this thread about the traffic stopping, I don't personally have that info. Should be on the tickets and/or in the commit history. It was something in the IPsec code, IIRC.
cmb is on a plane at the moment, he might have some more insight when he's able to respond.
-
We have the IPsec code from FreeBSD -CURRENT in 2.3.x. At the time we merged it in, there was an issue that wasn't identified and fixed until later. The fix was to re-merge all of IPsec from -CURRENT.
-
Looks like you're on the factory image, not CE, so the snapshots aren't available there currently. I'd suggest waiting for 2.3.1-RELEASE which if all goes as planned, will be first thing next week. You could, potentially, switch to CE snapshots but you'd lose the factory image tweaks/extras.
First thing next week, so is that today? Do you know if it is today?
-
The process has begun but we need time to test and such, so probably not today at this rate, but we'll see what happens.
The factory images gained access to snapshots late last week so you could run a snapshot now if you want, but with the release being so close, you may as well wait another day or so for it.
-
@cmb:
We have the IPsec code from FreeBSD -CURRENT in 2.3.x. At the time we merged it in, there was an issue that wasn't identified and fixed until later. The fix was to re-merge all of IPsec from -CURRENT.
OP checking in.
Looks like everything is good to go now. It's been up for over four days and not a single issue. Thanks for taking care of this! I anxiously await 2.3.1 so I can deploy to the rest of my sites!
-
The process has begun but we need time to test and such, so probably not today at this rate, but we'll see what happens.
The factory images gained access to snapshots late last week so you could run a snapshot now if you want, but with the release being so close, you may as well wait another day or so for it.
Well tried again for the factory image snapshot, however still getting an error when trying to get the update list. Hopefully 2.3.1 release will be out soon.
-
Hi,
running 2.3.1-DEVELOPMENT (i386) on net6501-70pfSense crashes EVERY time the remote IPsec user connects and attempts to access some Web pages on a local network.
SSH seems to be more stable. Submitted the crash report via Diagnostics/Crash reportsTried to disable one CPU - has no effect on the crash.
IPSec is not usable for us at this point … -
Crashed again during work hours :-, any eta on this (first thing this week) release for the factory image? There are no snapshots available.
-
FreeBSD released a couple security advisories yesterday evening, which means we had to rebuild the images and do all the testing again, so we're still in the middle of all that.
-
FreeBSD released a couple security advisories yesterday evening, which means we had to rebuild the images and do all the testing again, so we're still in the middle of all that.
OK thanks. Any ETA though? I don't know your testing process and how long that takes.
-
If we don't find anything, release will likely be later today, but we like to err on the side of caution.
-
If we don't find anything, release will likely be later today, but we like to err on the side of caution.
Thanks, good to hear.
-
Hey guys. I saw that 2.3.1 is out, but I tried to switch from development to stable and when I refresh the update page it wants me to go to 2.3.2asomethingsomething instead of 2.3.1. Am I out of luck until 2.3.2 is out now?
-
when you were on development versions it shows 2.3.2a, but actually takes you to 2.3.1 if you're set back to the stable branch. If you stay on development, it'll take you to 2.3.2, though 2.3.2 at this instant at least is the same as 2.3.1 (granted that will start changing).
-
On 2.3.1 factory image now, update took a little longer than anticipated, had to leave the office. Logged in remotely later and all was good. Happy again. Thanks guys.
EDIT: 4 Days 16 Hours uptime since updating to 2.3.1, seems to be working flawlessly for me again. Thanks.
-
I migrated from ZYWALL usg 200 to an Intel NUC I7
I had the same problem! Randomly firewall stopped working.
In my case I disabled hyper threading in BIOS. The probelma kept. I disabled the the multicore and I was only one active core.
Pfsense works good.My system:
Version 2.3.2-DEVELOPMENT (amd64)
built on Wed May 18 04:39:03 CDT 2016
FreeBSD 10.3-RELEASE-p3The system is on the latest version.
Platform pfSense
CPU Type Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz
Uptime 03 Hours 58 Minutes 00 Seconds Current date/time
Thu May 19 14:44:43 UTC 2016