Announcement

Collapse
No announcement yet.

Should I Upgrade to v16.6.2 - Home User (HomPro Subcription)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Should I Upgrade to v16.6.2 - Home User (HomPro Subcription)

    My Untangle Home Firewall is currently on v16.5.2... I don't have automatic updates turned on... I just noticed that the update to V16.6.? is now available to install... I have seen many post on this forum of people having many issues after updating their system to v16.6.? Even after many of the issues have been supposedly fixed... I am debating on whether or not I should go ahead and update my system or not.. Or if I should just hold off until the next update comes along or more time has passed to see if anymore of these issues people are still having get fixed... I really don't want to have to spend time fixing things if the update goes wrong, or have to start over from scratch with a clean install when everything is working great on v16.5.2...

    I know that this is an OS level upgrade and that some of the issues people have had are hardware related due to the newer version of Debian... I have Untangle installed on a Dell Optiplex 7050 SFF computer with an Intel Core i5-6500 CPU, 16GB of Memory, and (2) Dual Port Intel NICs... (Onboard NIC Disabled in BIOS)... I have (3) physical Networks configured and (1) VLAN...

    What do you all think..?
    Last edited by BryanC1968; 02-09-2023, 06:48 PM.

  • #2
    I have not been able to get 16.6.2 to full work on my system. No communications across the LAN port.

    Comment


    • #3
      This issue: https://forums.edge.arista.com/forum...-2-from-16-5-2

      is non-trivial. CPU Load is seriously higher (Z4 physically hot to touch when Intrusion Detection/Prevention app is running.) Other than that, no issues here.

      Click image for larger version

Name:	Screenshot 2023-02-05 at 4.15.52 PM.png
Views:	915
Size:	607.8 KB
ID:	396129

      Comment


      • #4
        Originally posted by BryanC1968 View Post
        My Untangle Home Firewall is currently on v16.5.2... I don't have automatic updates turned on... I just noticed that the update to V16.6.? is now available to install... I have seen many post on this forum of people having many issues after updating their system to v16.6.? Even after many of the issues have been supposedly fixed... I am debating on whether or not I should go ahead and update my system or not.. Or if I should just hold off until the next update comes along or more time has passed to see if anymore of these issues people are still having get fixed... I really don't want to have to spend time fixing things if the update goes wrong, or have to start over from scratch with a clean install when everything is working great on v16.5.2...


        What do you all think..?
        I'm wondering the same, to upgrade or not. I'm gonna leave it for now on 16.5.2

        Comment


        • #5
          After the patches my 16.6 run perfectly fine. Just save a backup and reinstall the old version if it borks.

          Comment


          • #6
            I may give it a try over the weekend... Might have to wait until everyone else goes to sleep so if things go wrong I can hopefully get everything working again before morning... Else I will have some unhappy family members it the network is down... LOL...

            Comment


            • #7
              I came in work where luckily the Company's Untangle hasnt upgraded yet so it is in 16.5.2 but in my Home my HomePro upgraded.
              Result? no access to home vlans. All seem fine, openvpn's are connected correctly and i have ping between the 2 untangle's but not from inside between my home vlans and company vlans.
              In routing tables everything seem fine.
              I dont know what is fundamentally changed in this version but something is totally wrong here. I disabled the automatic upgrade in work and i will rollback my home when i will go home.

              Comment


              • #8
                I rolled back to 16.5.2 from a backup (its a VM so its easy) and all the routing is working fine.
                I cannot spot where the problem relies. Seems like the default behavior where untangle is routing unfiltered subbnets its changed in this version?
                In home i have 7 vlan's and subbnets so in the openvpn server when i did the client for home i had set all the subbnets that my home pass to my work but there is no traffic or ping between them in version 16.6

                Do i need to do something extra in the new version? for example to create rules for this traffic to pass because there is a fundamental change how routing and OpenVPN in Untangle works?

                Comment


                • #9
                  Originally posted by bluechris View Post
                  I rolled back to 16.5.2 from a backup (its a VM so its easy) and all the routing is working fine.
                  I cannot spot where the problem relies. Seems like the default behavior where untangle is routing unfiltered subbnets its changed in this version?
                  In home i have 7 vlan's and subbnets so in the openvpn server when i did the client for home i had set all the subbnets that my home pass to my work but there is no traffic or ping between them in version 16.6

                  Do i need to do something extra in the new version? for example to create rules for this traffic to pass because there is a fundamental change how routing and OpenVPN in Untangle works?
                  Just read on a different thread posted by an Arista employee, very possible the interfaces have changed after OS level upgrade, maybe check which is the LAN and WAN now.

                  Comment


                  • #10
                    Originally posted by kkw98 View Post

                    Just read on a different thread posted by an Arista employee, very possible the interfaces have changed after OS level upgrade, maybe check which is the LAN and WAN now.
                    Oh, never thought of that, but everything else was working fine.. i mean i have dual wan with failover etc... its routing problem.
                    I will try a clean install in the next days and restore the config to see if that makes any difference.

                    Comment


                    • #11
                      The full details are all here: https://wiki.debian.org/NetworkInterfaceNames

                      Anyone that lives on a Debian based system deals with this reality. You either make the .link files to anchor your NICs or you risk the flags shifting on each and every reboot. Even a stable machine with a sane BIOS can get enumerated differently when the kernel changes.

                      The thing is, go back in time to when we were on Debian 9 and Debian would generate persistent net rule files to anchor each interface flag to a specific MAC address. Now, we have to do this manually. Why Untangle hasn't improved NGFW to write these files for us is beyond my comprehension, because yes... it's a huge potential issue.

                      It's easy enough to fix, and to prove... but you must get to the physical console to do it.
                      Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
                      NexgenAppliances.com
                      Phone: 866-794-8879 x201
                      Email: [email protected]

                      Comment


                      • #12

                        FWIW: we got a pair of new 2 TB SSDs for my main system this fall. The plan was to use the whole drives in RAID 1, but I did a dumb thing and botched the install. Only about half the drives were used. At that time, 16.5.2 was current.

                        I then scheduled some down time over the Christmas break to fix my mistake. Iin preparation for this I downloaded the 16.6 installer... but I couldn't make it work at all. I don't remember if it was the storage or the video that caused it to fail, but for one reason or another it seems a needed driver is missing from Debian on that server. That means for better or worse I'll probably be stuck on 16.5.2 through summer of 2024... which does not look like fun.

                        My home system, though, which is an even older desktop board with just an Atom D2550 board, is running 16.6.1 fine. I kicked off the update to 16.6.2 just a couple minutes ago. I'm a little worried I'm gonna get home from work one day soon and find this little guy has failed, but it just keeps chugging away.
                        Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

                        Comment


                        • #13
                          I still haven't pulled the trigger on updating my system yet.. But the more I read thru the forums, the more I am hesitant on installing the update... I have never had any issues updating my system in the past that I can recall... Just don't know what to do with this one...

                          Comment


                          • #14
                            Originally posted by BryanC1968 View Post
                            I still haven't pulled the trigger on updating my system yet.. But the more I read thru the forums, the more I am hesitant on installing the update... I have never had any issues updating my system in the past that I can recall... Just don't know what to do with this one...
                            You pull a configuration backup, download and prepare fresh installation media for the current version, and you push the button when you're ready to do a nuke and pave should something go wrong.

                            Just like any other OS level upgrade for NGFW. They ALWAYS do this, nothing in the present is new. Except perhaps the CPU load increase from Intrusion Prevention.

                            And note, because you're ready to nuke the thing, it'll just work. Murphy's Law applies as always.
                            Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
                            NexgenAppliances.com
                            Phone: 866-794-8879 x201
                            Email: [email protected]

                            Comment


                            • #15
                              I can understand if the problems were mainly driver issues, as each of us one way or another, may be using vastly different hardware to run NGFW. But IMHO, the extraordinarily-high CPU utilization issue with IPS/IDS, which appears to be a common theme in all this, should've been caught in beta.

                              I remember a similar fiasco with UniFi Controller/Network Application when they went from v5.x to 6.x, IIRC. With the amount of issues we had, for a while, production systems became unwilling beta participants.

                              Anyway, I hope the good folks at Arista eventually gets to the bottom of this and release a more stable update that will supersede the current one.

                              Comment

                              Working...
                              X
                              😀
                              🥰
                              🤢
                              😎
                              😡
                              👍
                              👎