pfSense 2.5 released

Looks like pfSense 2.5 has dropped…

Looking forward to your video evaluation, @LTS_Tom !


here we go 21.02 fist pfSense+ upgrade, let’s see.


1 Like

Before getting too excited better follow pfSense Upgrade Guide — pfSense Documentation think I’ll wait a couple of weeks until pulling the trigger.


It’s my homelab pfSense so im fine with it but had some learnings. Some rules IPv6 in the firewall caused huge error loops and I needed to fix them manually.

There were error(s) loading the rules:
/tmp/rules.debug:324: no routing address with matching address family found.
- The line in question reads [324]: pass in quick on $VLAN20_IOT $GWWAN_DHCP6 inet6 proto { tcp udp } from 2a02:908:####:####::/64 to any tracker 1579613145 keep state label "USER_RULE: Allow WAN"
@ 2021-02-17 21:34:11

But now it seems to run.

1 Like

Wow. 217 updates on mine.

Beware folks…

Have mine running 1h now and something is wrong. Even I have a “official” SG-3100 it now already stop responding completely via IP two times. Only thing what helped was a reboot via console. So the system was still active but the interfaces didn’t accepted any traffic anymore. Need to figure out whats wrong tomorrow. Now already 11pm here.

1 Like

I’ll wait until I see a 2.5. something besides a zero. Nice to see it’s out, but I can’t take any chances at the moment.

1 Like

So yeah, it seem to have some Issue with some devices like SG-3100 netgate forum show alot of people having the same Issue. So better wait for a hotfix release.

Yep, that was me and I do not recommend the upgrade at this time! 3100s seem to be more affected than some other models, but I lost several hours yesterday on something that should have been bulletproof.

Behhh thats nasty. I’m running about 15 pfSense Boxes. Just found that even you don’t hit the upgrade button the new release could cripple your package manager because just the switch to a new brache (which is on netgate appliances automatically switched to 21.02) will upgrade the pkg manager backend in freeBSD.

If you run into the same trouble here is a quick fix:

Yet to see anything bullet proof read through their fixes and updates, no one who works in tech will apply an update after only hours of release. Now you know why !

Sure, one thing for good Netgate themself warn about applying an update on production systems.
The way we do it here is: 1st upgrade the lab FW, if this runs for some weeks we may upgrade some non critical systems first. If they run fine we go to upgrade CPE.

Funny thing… I didn’t know this just came out. I dusted off an old mini to install from whatever ISO I had, then I updated to whatever it said was latest… 2.5 is on this but it’s a clean start. I guess I’ll stick with it and see what happens.

I got an error, too. I upgraded a pfsense vm in proxmox, all went well.
Then I upgraded another pfsense vm in Virtualbox, I get this error.
Did a few reboots, I don’t seem to get a WAN address.

Just updated my system to 2.5.

Was so eager to update, that i forgot to take a backup first :stuck_out_tongue: but luckily it went smooth for my part.

Only “issue” i noticed was that the DNS service did not start automatically right after the update. manual start worked fine!

and after another reboot it started successfully!


I had the same DNS issue on my SG-3100 upgrading to 21.02
After a reboot all is working well now for the last 7 hours.

I’m waiting until summer when or classes are done. I already went from 2.4.4 to 2.4.5 and had it fail back to 2.4.4, not sure what happened there and not going to mess with it now.

Got bigger issues to fix right now.

I was debating pfSense SG-3100 vs SG-5100. Will sit back for now. Netgate testing thoroughly on their own appliance models was a major selling point for me. I still believe that, but then what happened with this release?

FYI There is some official movement in the Situation from netgate:

We found a way to reliably trigger it here in lab conditions so we can work on it, no need to provide more info at the moment.

As a temporary workaround until we can put out a fix, you can reduce the number of CPUs used by the OS to 1 by adding hw.ncpu=1 to /boot/loader.conf.local and then rebooting. You’ll lose some performance but it appears (so far) to not trigger the issue when set that way. Otherwise, you can step back to 2.4.5-p1 and wait for a fix.

Link: Upgrade to 21.02-RELEASE borked on SG-3100 | Netgate Forum

There is a reported issue with unbound not responding properly to updates from the DHCP server.
Workarounds for that appear to be to turn off the Register DHCP leases in the DNS Resolver option in the DNS Resolver settings, and/or using Service_Watchdog to restart unbound when it gets hung.

Another issue is automatically configuring the IPv6 Gateway address. Netgate has reproduced this, so a fix should be in the works. The workaround is to use set a manual IP to monitor using the information from the Diagnostics > Routes page. This will work unless and until that upstream address changes, but that should be good enough until they fix the bug.