pfSense 2.4.4 Released

IamSpartacus

Well-Known Member
Mar 14, 2016
2,273
548
113
Anyone upgraded yet? I'm excited about the new IPsec routing features and am hoping that the filterdns bug has been patched but they may have pushed that back to 2.4.5.
 

SIlviu

Member
May 27, 2016
68
3
8
31
Tried to update packages first and the first one was ACME, it crashed at updating, going to restore tomorrow from backup...
 

gslavov

New Member
Jun 7, 2017
17
4
3
41
Tried to update packages first and the first one was ACME, it crashed at updating, going to restore tomorrow from backup...
Same for me, more or less vanilla install of pfSense 2.4.3 dead in the water post update.

Throws an error on boot about haproxy.inc on line 1965. Might be an idea to hold off updating or just backup the config and deploy it clean.
 

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
6,988
1,567
113
CA
I'm holding off for now, have 3 new pfsense systems I need to build so will try with those when the time comes :) (C25xx based)
 
  • Like
Reactions: Monoman

gslavov

New Member
Jun 7, 2017
17
4
3
41
Reinstalled mine from the ISO installer. All good after that. Looks like a problem with their upgrade scripts.
 

Occamsrazor

New Member
Feb 23, 2018
20
5
3
Tried to update packages first and the first one was ACME, it crashed at updating, going to restore tomorrow from backup...
I feel your pain. Having pfSense die is annoying, although to be fair the way you can reinstall everything from scratch with just a single backup file is pretty awesome.
You don't want to upgrade the packages first - upgrade pfSense then it will upgrade the packages itself, or you may need to do manually after. I'm no expert but it's something to do with the PHP upgrade - there's some posts on the pfSense forum though I didn't run into this issue.

I upgraded mine OK... A few initial errors but mostly fixed by a few restarts and upgrading of remaining packages. The only unresolvable one for me so far is the squid package has issues due to a new way the C-ICAP component does stuff:
[2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting
I was only really playing with squid so no big deal for me but I guess if squid is really critical to you you might want to do the manual fix in that thread,.

For me the two most interesting additions are the fq-codel traffic shaping and having DNS-over-TLS baked in to pfsense GUI.

I set up by DNS with Quad9 yesterday so my Unbound DNS Resolver now does:
- DNS resolution with queries forwarded solely over DNS-over-TLS to Quad9
- Acts as a DNS-over-TLS server should any clients make queries themselves over DNS-over-TLS
- Blocks any "normal" DNS or DNS-over-TLS requests from going anywhere else but pfSense
Quad9 DNS-over-TLS setup with Unbound & forwarding in 2.4.4-RC
Of course you could use same setup for any DNS that supports DNS-over-TLS, Quad9 just worked out best for my location.

I set up fq_codel using the walkthrough guide in this video:


I didn't really have many bufferbloat issues before, but I like the idea and it seems to be working fine. Need to try a bit more testing to see what effect it is really having though.
 

SIlviu

Member
May 27, 2016
68
3
8
31
Restored from Backup and I did try to update System first but it gave me a fatal error for haproxy after reboot. I will do a fresh install.
Played with DNS over TLS on 2.4.3_1 but its very very slow...
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,273
548
113
I upgraded two installs from 2.4.3 with no issue. Not a ton of packages installed, just avahi, iperf, openvpn-client-export, pfblockerng, and snort.
 

RadDoc98

New Member
Mar 14, 2016
16
0
1
47
I upgraded my SG-4860 last night. Upgrade seemed to go fine. However, now DNS is broken. I have to manually added DNS to my PCs and WiFi devices. All the settings look ok in pfsense. I even reloaded by backed up config. Anyone else seen this? I’m not a networking person by any means, but I’ve not had this problem before, and I’ve been using pfsense for about 3 years now.

Thanks.
 

Occamsrazor

New Member
Feb 23, 2018
20
5
3
I upgraded my SG-4860 last night. Upgrade seemed to go fine. However, now DNS is broken. I have to manually added DNS to my PCs and WiFi devices. All the settings look ok in pfsense. I even reloaded by backed up config. Anyone else seen this? I’m not a networking person by any means, but I’ve not had this problem before, and I’ve been using pfsense for about 3 years now.

Thanks.
Can't say I had this problem, all my DHCP and DNS worked fine after. As much as I enjoy STH, suggest you ask for help on the Netgate/pfSense forum as there's probably way more people with expertise who could help you there, and imagine you want to get it fixed asap.
 
  • Like
Reactions: RadDoc98

KC8FLB

Member
Aug 12, 2018
52
35
18
I have Pfsense running on an ESXI box (my first trip into firewall virtualization). I always back up the config, and try to upgrade from the GUI but it always fails. This is probably because I have not thought out the ramifications/dependencies/limitations of virtualized pfsense.

Not a big deal though. I just install the new pfsense binaries in the virtual machine with the new .iso image in the datastore and then restore the config and create a snapshot.

Working great!
 

RadDoc98

New Member
Mar 14, 2016
16
0
1
47
Figured out my issue. My DNS servers disappeared from the LAN DHCP settings. Added them back, all good now.
 

kapone

Well-Known Member
May 23, 2015
769
364
63
Not sure if this "bug" is present in earlier versions...but if you disable the DNS resolver, the homepage takes a LONG time to load (essentially until the DNS lookup times out). This happens even if you disable the version check.
 
  • Like
Reactions: RadDoc98