• You've been granted Beta access to this site, allowing you to explore some of the new features while they're still under construction. More information can be found in the Beta forum.

Bug in PFSense 2.5.1?

pete_c

Guru
Disconnecting or removing power or rebooting Arris Surfboard SB-6190 disconnects PFSense from the modem.  The only solution is to bounce or reboot PFSense.  
 
The only mechanism to bounce the modem is to power it off or reboot it via the XFinity online gui / diagnostics.
 
Personally here the main WAN link fails over to the LTE WAN link and the VOIP phones continue to function.
 
I do not recall this happening with PFSense 2.4.5.  
 
Tried changing the DHCP settings on the WAN link and it did not work.  
 
The current solution to fix this is a band aid fix (mickey mouse) using a small Gb switch between the modem and the PFSense WAN port.
 
The modem, PFSense box and managed switches are all on a UPS here.  Test it yourself with whatever modem / ISP connection you are utilizing.  Most likely you will not see this issue if you are using a combo router / AP / Switch and bridging the connection.
 
This week testing PFSense box #2 in house #2 with PFSense 2.4.5 to see if the issue is there too.
 

Frunple

Active Member
No issue with mine.
Arris SB8200 connected directly to pfSense.
Been having all kinds of internet issues for the past week (all Comcrap's fault) so the modem has been rebooted/power cycled many times and always came back up.
 

pete_c

Guru
Thank you @Frunpie.
 
The SB6190 always comes back but PFSense doesn't want to connect to it (DHCP wise) such that PFSense shows disconnected from the WAN.
 
Same here with XFinity issues.  I went to the XFinity forum about my issues.  One of the moderators tested the line for 72 hours and then passed it to an XFinity employee that opened a ticket for a truck roll here on TUE.  
 
My issues here are intermittent where it works for a couple of days then for an hour or two I get T-2 / T3 errors in the SB eventlog then its fine.  When doing this it would failover over to my LTE backup.
 
I do only use the Internet and the modem is directly connected to the coax running about 10 feet.  Modem was running hot (signal wise) and the XFinity moderator had me put in an attenuator which brough the signal down a bunch (download stream power was around 10 and the attenuator brought it down to 3).
 
Requesting that they check the outside across the yard box, then the signal at the box attached to the house and maybe install an RG11 cable to replace the current old cable.  XFinity did that in my old house.
 
My SB6190 is now around 3 years old and I was thinking of getting an SB8200.  I do not think there are issues with my current modem except not getting DHCP from PFSense.  
 

pete_c

Guru
@Frunpie
 
Are you utilizing IPv6 on the WAN link and wondering what you have configured?
 
Are you using both NIC ports on the SB8200?
 
Here have configured the DHCPv6 Prefix Delegation size to be 60 verses the default of 64?
 
Testing the same configuration here in house #2 (with IPv6 - SB6190) and another location in Texas with exact same configuration and ISP (XFinity).
 
Same exact issue with all three locations.  
 
 
 

sic0048

Senior Member
I haven't been willing to upgrade from the 2.4.x release.  From what I understand, there are still some pretty severe bugs with all of the 2.5 releases so far.
 

pete_c

Guru
Ahh...thank you @sic0048
 
Yes here had many issues with first 2.5 release.  Mostly relating to IPv6 and my VPN servers (IPSec and OpenVPN).

I do have a hot spare PFSense box here which is the old one that uses a core duo / 4Gb of RAM.
 
I did keep posting on the PFSense forum relating to the dev version updates which almost occurred every day for a bit to get to the release version of 2.5.1.
 
I have kept house #2 (with ipV6, SB6190) to PFSense V2.4.X and it is not giving me any issues relating to modem reboots, IPv6, et al.
 
Version 2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE
 
Version 2.5.1 is available. 
Version information updated at Mon May 3 10:08:19 CDT 2021   
 
House #1 with issues.
 

Version 2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021
FreeBSD 12.2-STABLE
 
The system is on the latest version.
Version information updated at Mon May 3 10:09:49 CDT 2021   
 
Both IPSec and OpenVPN servers are working well on both sites with using Linux, Windows, Android clients now.
 

viroid

Member
You could try OPNsense. I ran pfSense for years, currently playing with a Firewalla Gold. In the event that I dont stick with FWG, I've already ported my entire config to OPNsense and would use it going forward.

I'm dual-stacked with IPv6, Firewalla Gold tracks devices by MAC, and therefore rules apply to all IPv4/IPv6 addresses associated with a given MAC. So much simpler than dhcp reservations and trying to keep track of v6 addresses.
 

viroid

Member
* OPNsense will let you create aliases which contain MAC addresses, and the use them in firewall rules, which would provide similar capability as FWG.
 

sic0048

Senior Member
Updates suck......
 
I am trying out the Android 12 Beta 4 release and there is a bug that prevents any VPN from connecting.  Seriously?
 

pete_c

Guru
I'll wait now to upgrade or test new Android on my phone. 
 
The original PFSense upgrade to 2.5.1 broke both the IPSec and OpenVPN servers.  I had to run patches to get it running again.
 
Today I shut off my Android phone (and other phones) when I am home and have it configured as a disconnected number when it is off. 
 
Only give out my GV number as a cell these days.
 
Top