Netgate SG-1000 microFirewall

Author Topic: Given up on 2.2  (Read 4597 times)

0 Members and 1 Guest are viewing this topic.

Offline 154218K2

  • Newbie
  • *
  • Posts: 5
  • Karma: +2/-0
    • View Profile
Given up on 2.2
« on: January 29, 2015, 07:25:42 am »
Enough is enough! After a week of struggling with upgrade, fresh install, packages etc Iīve had it. The real killer blow came when a NAT change suddenly exposed my WAN IP instead of the VPN one. Had to reboot to get it working again. Seems the change completely broke the NAT and rewrote the ruleset.

Next was postfix and Lightsquid which wonīt work either. I noticed some workarounds but donīt like that.
ClamAV was next and couldnīt get that to work either.
The DNS changes with forwarder as well as resolver are unclear as to how they are supposed to coexist or not and ended in me stopping them both since I noticed leaks.
The reverse proxy was another I couldnīt get to work. It just wasnīt there no matter what I did.

I will leave 2.2 for now and wait for some serious fixes before I go near it again! To me it appears it wasnīt tested enough.
I would  also like to add that Iīve been running 2.1.x for a long time and been very happy with it.

Offline charliem

  • Sr. Member
  • ****
  • Posts: 565
  • Karma: +43/-1
    • View Profile
Re: Given up on 2.2
« Reply #1 on: January 29, 2015, 07:41:05 am »
How many of these issues have you reported?

Offline 154218K2

  • Newbie
  • *
  • Posts: 5
  • Karma: +2/-0
    • View Profile
Re: Given up on 2.2
« Reply #2 on: January 29, 2015, 07:51:25 am »
How many of these issues have you reported?

None, never been active here except reading! Iīve done upgrades before but never had this many issues and time is limited...

Offline ashes00

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +2/-1
    • View Profile
Re: Given up on 2.2
« Reply #3 on: January 29, 2015, 08:49:20 am »
Enough is enough! After a week of struggling with upgrade, fresh install, packages etc Iīve had it. The real killer blow came when a NAT change suddenly exposed my WAN IP instead of the VPN one. Had to reboot to get it working again. Seems the change completely broke the NAT and rewrote the ruleset.

Next was postfix and Lightsquid which wonīt work either. I noticed some workarounds but donīt like that.
ClamAV was next and couldnīt get that to work either.
The DNS changes with forwarder as well as resolver are unclear as to how they are supposed to coexist or not and ended in me stopping them both since I noticed leaks.
The reverse proxy was another I couldnīt get to work. It just wasnīt there no matter what I did.

I will leave 2.2 for now and wait for some serious fixes before I go near it again! To me it appears it wasnīt tested enough.
I would  also like to add that Iīve been running 2.1.x for a long time and been very happy with it.

154218K2 - I have to agree with you 100%.  I am glad that the devs are pushing forward, but just in the 1st few days of 2.2 being released I counted over 60 forum posts about problems with 2.15 -> 2.2.  I know there are always issues with new version, but this seems excessive.  From some of the security news I came across (2 weeks ago'ish), I saw that there were some Openvpn, and some other TLS Security Announcements that came out which I believe applied to PFsense.  I was hoping that the fix(es) were NOT going to be rolled into V2.2, because with those fixes come tons of bricks.   V2.1.5 has been working pretty well.  I think we could have used the security fixes, and allowed V2.2 to stay in the oven a bit longer.  None the less I will be waiting until I see most of these V2.2 problems are fixed before I even think about upgrading.  Just wondering if Pfsense is ever going to adopt the same FreeBSD/FreeNas Multiple Boot Volumes, so as to make it extremely easy to revert back to a different boot environment if the upgrade is crap.  I think this came out in FreeBSD Version 9 something.  Anyways I feel your pain.  I will continue to check this thread to see how the state of 2.2 is going.  Thanks

~Ash

Offline palu

  • Newbie
  • *
  • Posts: 4
  • Karma: +5/-0
    • View Profile
Re: Given up on 2.2
« Reply #4 on: January 29, 2015, 10:04:04 am »
Thumbs up for 2.2!
I switched our productive environment and really like it! i Just needed one workaround on ipsec and posted my fix in ipsec forum.

my honest opinion on those "whiners" - forum newbies, if you would have spend some time to focus on beta, test and report problems or even post some useful debug and error reporting information on the troubles you have, you would help this project much more. i know i feed the trolls :)

154218K2: "To me it appears it wasnīt tested enough." oh, rly? your fault 154218K2 :)

pfsense team, i love pfsense, keep up the good work!

cheers

palu

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Given up on 2.2
« Reply #5 on: January 29, 2015, 10:41:17 am »
"Next was postfix and Lightsquid which wonīt work either"

Since when is it the responsibility of the pfsense developers to make sure packages work??  If you want to have a problem with someone - track down people creating/maintaining those packages.  Same goes for clamav and reverse proxy..

Who said the resolver and forwarder were suppose to coexist?  And what leaks did you notice?

Sorry but I feel no pain for anyone that blindly updates a production system to a brand new release, and then complains that something you use to do no longer works.. Where do you work that you could go to new release of anything without a backout plan..  If you use feature X of systems - first thing would be validate feature X works as it did before or better before moving that into production.
« Last Edit: January 29, 2015, 10:44:46 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: Given up on 2.2
« Reply #6 on: January 29, 2015, 12:07:40 pm »
Quote
Since when is it the responsibility of the pfsense developers to make sure packages work??

I guess I'm in the minority in believing that a package that is offered via the pfSense package repository should actually work when installed without hacks and workarounds.  To use his example, Lightsquid wouldn't work until you do the following:

Code: [Select]
ln -s /usr/pbi/lightsquid-amd64/local/www/lightsquid /usr/local/www/lightsquid
ln -s /usr/pbi/lightsquid-amd64/local/etc/lightsquid /usr/local/etc/lightsquid
pkg install perl5
pkg install p5-gd
/usr/bin/perl /usr/pbi/lightsquid-amd64/www/lightsquid/lightparser.pl today

Expecting users to figure this out on their own is absurd.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Given up on 2.2
« Reply #7 on: January 29, 2015, 12:15:22 pm »
None of this surprises me...

A release always happens
People install and works for most but there are always package issues and other issues once a large enough base has started using new release.
Then the packages get updated
Minor release with fixes of pfsense gets pushed.
And then its solid.

Thats how 2.1 got to be 2.15 I think and I'm pretty sure I heard all the same sorts of complaints going into 2.1

Anyway - If something isn't working for a percentage of people, I'm sure its just a short waiting game before its fixed.
So if its a critical bug for you, roll back to last working version and wait the fixes.

Thats my guess anyway.

Offline dgcom

  • Full Member
  • ***
  • Posts: 140
  • Karma: +7/-2
    • View Profile
Re: Given up on 2.2
« Reply #8 on: January 29, 2015, 12:27:52 pm »
I would second KOM's comment - since packages are now in full control of the dev team - they are built, hosted and toolkit access controlled by them - it becomes pfSense's team responsibility that packages work without an error with basic config on clean install. And looking through the forum, it does not seems to be the case :(

I like pfSense and I greatly respect development team's work, but really hope that they can look into packages issue...
If it would be me, installing and owning some 3rd party package through pkg_add - I wold not complain, because I always can go and do some searching, test different versions, etc... But with pfSense packages it is almost impossible... Once can try and troubleshoot and post some workaround, but there is no guarantee that anyone will be looking into implementing it in the next release... I filed bugs for packages before, no one cares fixing them.
DG

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: Given up on 2.2
« Reply #9 on: January 29, 2015, 12:39:36 pm »
I hear you, Kejainshi, but Lightsquid and Sarg have been broken since I started using pfSense more than a year ago -- long before 2.2.  I'm not going to rant about it (again), but it doesn't look good on the project to have common packages broken on install for a long time.

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +962/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Given up on 2.2
« Reply #10 on: January 29, 2015, 12:43:43 pm »
I hear you, Kejainshi, but Lightsquid and Sarg have been broken since I started using pfSense more than a year ago -- long before 2.2.

Yes. So, there's actually no 2.2 regression then, no? :D :D :D
Do NOT PM for help!

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Given up on 2.2
« Reply #11 on: January 29, 2015, 12:54:25 pm »
lightsquid worked just fine for me before 2.2
I just uninstalled it and squid dansguardian and the rest because I saw no continuing need to filter my kids web when he turned 13.

Thank god too...   Those packages do not make the internet more reliable.

I've had to roll back once or twice in the past, wait 3 months for an update and move forward also.

I half expect it with any new release of any OS or firmware.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9786
  • Karma: +1104/-311
    • View Profile
Re: Given up on 2.2
« Reply #12 on: January 29, 2015, 12:56:24 pm »
If it's important to you:

  • Document what you see as best you can.
  • Open a bug report.
  • Roll back to 2.1.5.
  • Watch redmine to see the progress of your issue.
  • Proceed back to 2.2.X when you think it's safe to do so.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Given up on 2.2
« Reply #13 on: January 29, 2015, 12:58:02 pm »
The best I would hope for, is that before packages can be added that they have to be validated.  So when new release comes out there are no packages until the package creators/maintainers show that it works for that release.

So when release.x comes out all packages are removed and not available to install until the makers of said package get it validated for release.x - that would for sure be a win win for everyone involved if you ask me IMHO..

My point is the developers are not coding for all the packages, they are coding for the core..  To expect them do make sure their code doesn't break any package is also absurd.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9786
  • Karma: +1104/-311
    • View Profile
Re: Given up on 2.2
« Reply #14 on: January 29, 2015, 01:01:05 pm »
Where were all these package maintainers during the beta and RC cycles?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM