Reply
New Member
Posts: 22
Registered: ‎07-12-2016

Re: [USG] Firmware v4.4.36 now available

Upgraded 2 of my jobs and the USG's won't re connect. I'm not going to touch any more jobs . Now I have to roll a truck.

Emerging Member
Posts: 53
Registered: ‎04-11-2017
Kudos: 46
Solutions: 1

Re: [USG] Firmware v4.4.36 now available

@hotdogs this happened with a USG I updated that I couldn't possibly have driven to and I was fortunately able to work around it without leaving my chair. In my case the update didn't "take" the first time and it also for some reason reverted to the secondary inform address (unifi:8080). The configuration however was still correct, preserving internet access.

If it ends up the same for you you can sidestep into the USG if you have any other unifi equipment onsite. I used the controller to connect to the terminal of the switch there and then used the switch to SSH into the USG. After checking the config and informs I asked it to reboot. This caused it to start reporting to the controller again. After that I used SSH to ask it to upgrade rather than the controller and the upgrade completed successfully.

Hopefully this can help anyone in a similar situation.

Regular Member
Posts: 697
Registered: ‎06-11-2017
Kudos: 197
Solutions: 69

Re: [USG] Firmware v4.4.36 now available


@And4713 wrote:

@hotdogs this happened with a USG I updated that I couldn't possibly have driven to and I was fortunately able to work around it without leaving my chair. In my case the update didn't "take" the first time and it also for some reason reverted to the secondary inform address (unifi:8080). The configuration however was still correct, preserving internet access.

If it ends up the same for you you can sidestep into the USG if you have any other unifi equipment onsite. I used the controller to connect to the terminal of the switch there and then used the switch to SSH into the USG. After checking the config and informs I asked it to reboot. This caused it to start reporting to the controller again. After that I used SSH to ask it to upgrade rather than the controller and the upgrade completed successfully.

Hopefully this can help anyone in a similar situation.


This has saved my bacon before as well with the USG showing disconnected but still obviously running as other devices and users were updating in the controller.  Using another connected device's terminal to SSH into the USG and issue a reboot, once restarted it reported back to the controller normally. 

Established Member
Posts: 1,499
Registered: ‎08-20-2012
Kudos: 784
Solutions: 19

Re: [USG] Firmware v4.4.36 now available


@UBNT-cmb wrote:

@rdahlin wrote:

Yesturday I upgraded an USG to 4.4.34 (before this was released) and I lost contact with the whole site.

 

When I arrived to the site I noticed that it had not configurated the WAN at all and a cold reboot did not fix it either. This is what I saw when I logged in via a console:

 

:/home/admin# show interfaces 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description                 
---------    ----------                        ---  -----------                 
eth0         -                                 A/D                              
eth1         192.168.1.1/24                    u/u  LAN                         
eth1.10      192.168.10.1/24                   u/u                              
eth1.35      192.168.35.1/24                   u/u                              
eth1.50      192.168.50.1/24                   u/u                              
eth2         -                                 A/D                              
lo           127.0.0.1/8                       u/u                              
             ::1/128                          
root@USG01-AA01-Lodgen:/home/admin# ifdown eth0
ifdown: interface eth0 not configured
root@USG01-AA01-Lodgen:/home/admin# ifup eth0
Ignoring unknown interface eth0=eth0.

 

I did a set-default it and readopted it to the cluod based controller and then it was up and running like nothing has ever happened.

 

@UBNT-cmb : Was that a but in 4.4.34 that could cause that and / or is it fixed in 4.4.36 ?


No, literally just that one small one-line change to dhclient-script to prevent it from wiping the interface IPs in PREINIT. ifup/ifdown aren't usable on EdgeOS so that explains that much of it. Nothing in upgrading changes the config, but post-upgrade it will get re-provisioned. If config was changed at some point and didn't get provisioned for some reason, that could explain why. But doesn't add up with re-adopting and having things back. "show configuration commands|match ethernet" would help to see whether it had anything configured there in the future, but guessing not from the looks of that. Admin down (A) indicates no config for eth0, and D indicates link down.

 

Any helpful indications in server.log in the controller? Like did it ever reconnect after the upgrade, and was it reprovisioned? Knowing whether it got back online first, and whether provisioned after that, would also help narrow down. 

 

Thanks for the report. 


I looked in the alert and events log in the controller but I never saw anything about that the USG tried to reconnect again by itself.

 

The USG was noted as disconnected at 16:52 and the last device that did disconnect was an AP at 16:54. The next noted event was when the USG did reconnect at 11:19 the next day.

Emerging Member
Posts: 68
Registered: ‎12-01-2017
Kudos: 2

Re: [USG] Firmware v4.4.36 now available

4.4.36 was pushed to me today. Updated with no problems.

USG-3P 4.4.36
AC-Lite\Pro 4.0.15
AC-HD 4.0.15
Controller 5.9.29
Regular Member
Posts: 468
Registered: ‎01-28-2016
Kudos: 90
Solutions: 17

Re: [USG] Firmware v4.4.36 now available


@Loudog2 wrote:

Will there ever be an add blocker set in the USG or controller like untangle has? 


Check out this project:

 

https://community.ubnt.com/t5/UniFi-Routing-Switching/HowTo-Ad-blocking-using-dnsmasq-d-instead-of-e...

 

--

Klint

Primary Innovator at Sprocket Technology
UEWA | Contributor to Easy UBNT: UniFi SDNUFW Lockdown, Companion API Project | Host on Vultr
New Member
Posts: 3
Registered: ‎11-30-2016
Kudos: 7

Re: [USG] Firmware v4.4.36 now available

Hi, I've updated a bunch of USG3 and one USG-Pro.
No issues with the USG3's.


USG-Pro has no s2s VPN-connections to my non-USG sites since the update. The VPN's where set up via config.gateway.json - nothing changed there. The USG3's still can connect the s2s-VPN's to the non-USG-sites.

Could'nt fix that so far - anyone else ran into this issue?

Member
Posts: 174
Registered: ‎01-20-2018
Kudos: 29
Solutions: 3

Re: [USG] Firmware v4.4.36 now available

I saw that.  Was talking about something automatically implemented into the controller where you can set categories to block and turn on/off if needed.

New Member
Posts: 19
Registered: ‎03-24-2017

Re: [USG] Firmware v4.4.36 now available

Upgraded this last night and now the Controller is showing a Downgrade button.

 

Is there an issue with this version?  I've not seen a Downgrade button before (user since July).

New Member
Posts: 26
Registered: ‎03-09-2018
Kudos: 3

Re: [USG] Firmware v4.4.36 now available

Same for me, I’m just ignoring it. 

 

I did notice the USG 3P was showing offline this morning, although it was still passing Internet traffic. I did a soft reboot, let’s see how it goes. 

Regular Member
Posts: 468
Registered: ‎01-28-2016
Kudos: 90
Solutions: 17

Re: [USG] Firmware v4.4.36 now available


@Loudog2 wrote:

I saw that.  Was talking about something automatically implemented into the controller where you can set categories to block and turn on/off if needed.


Category filtering is implemented with DPI, and arguably DPI gives you better control than DNS filtering. If you want more/different categories and/or still want DNS filtering, check out the feature requests and kudo one or add one if you don't find one similar to your request.

 

https://community.ubnt.com/t5/UniFi-Feature-Requests/idb-p/UniFi_Ideas

 

--

Klint

Primary Innovator at Sprocket Technology
UEWA | Contributor to Easy UBNT: UniFi SDNUFW Lockdown, Companion API Project | Host on Vultr
New Member
Posts: 16
Registered: ‎01-29-2017
Kudos: 2

Re: [USG] Firmware v4.4.36 now available

Upgraded all 15 sites to:

(1) USG3P - 4.4.36.5146617

(2) Unifi Switch 8 POE 60W - 4.0.10.9653

(1) Unifi AP-AC-Lite - 4.0.10.9653

(1) Unifi AP-AC-Pro - 4.0.10.9653

(1) Controller - 5.9.29 - Running on (1) Cloud Key 0.12.0

(3) VLANS

IPS Active

No Issues on any sites since 7:30am CST.

Regular Member
Posts: 697
Registered: ‎06-11-2017
Kudos: 197
Solutions: 69

Re: [USG] Firmware v4.4.36 now available


@Ramias wrote:

Upgraded this last night and now the Controller is showing a Downgrade button.

 

Is there an issue with this version?  I've not seen a Downgrade button before (user since July).


No issues being widely reported. Downgrade button appears if your fw is ahead of what the controller thinks is the current release. It can sometimes take a day or two to catch up. If you manually check for updates in your settings -> maintenance tab, it may make the "downgrade" button go away. 

New Member
Posts: 14
Registered: ‎09-02-2015
Kudos: 1

Re: [USG] Firmware v4.4.36 now available

any idea when SSTP vpn will be added?  my clients have so much trouble trying to connect over l2tp via windows 10.

New Member
Posts: 2
Registered: ‎09-04-2016

Re: [USG] Firmware v4.4.36 now available

Since I have upgraded one USG-Pro and two USG-3 the automatic s2s is not working anymore between these three sites

 

Help !

New Member
Posts: 12
Registered: ‎09-22-2013

Re: [USG] Firmware v4.4.36 now available

[ Edited ]

Upgraded to 4.4.36.

 

All fine on private network.

 

Authentification issue (something related to certificate) on the guess network (open network, require a password on landing page). 

 

Certificate alert shows up after guest auth and shows up again anytime one would access any site (secured or not). No internet available whatsoever then ...

 

I have never installed any certificate.

 

No time to investigate further at the moment, tried some basic stuff :

- disable dpi

- re-enable dpi

- reboot cloudkey

- reboot all devices one by one

 

Only way to solve the issue was to roll back to 4.4.34 thanks to the downgrade option ...

New Member
Posts: 17
Registered: ‎09-21-2017
Kudos: 10
Solutions: 1

Re: [USG] Firmware v4.4.36 now available


@pk1966 wrote:

The upgrade went OK on my USG3P.

 

However, most (all?) updates to the USG require me to disable IPv6 on the WAN network, then re-enable it to get IPv6 working again.

 

Is this a known issue or does it need to be formally reported somewhere?

 

Does anyone else see it?


I haven't experienced that.  If you SSH into the USG and run `show interfaces`, do they not have IPv6 addresses assigned?  Are you not using Prefix Delegation?  Do you have extremely short DHCP lease times?  If it's not getting an IP, you should be able to run `renew dhcpv6  interface` instead of cycling the settings / rebooting.

New Member
Posts: 2
Registered: ‎09-05-2017

Re: [USG] Firmware v4.4.36 now available

 

I was notified that 4.4.36 was available via the controller (5.9.29).

 

I upgraded the USG Pro from 4.4.34 (originally installed under Beta release for memory usage issues)

 

Site lost internet connection after upgrade.

 

The PPPoE connection was changed to DHCP (assume the upgrade did it as working immediately prior to upgrade). A simple change in the controller back to PPPoE restored the site's settings for PPPoE and the site was back online.

 

A simple fix but it shouldn't happen on a production release of firmware!!!

 

Regards.

New Member
Posts: 5
Registered: ‎08-08-2016

Re: [USG] Firmware v4.4.36 now available

 @UBNT-cmb

 

On a USG from remote location from the controller, the USG will get stuck on "Provisioning". Same issue from 4.4.29. Have to roll back to 4.4.18. I have a "Site to Site" VPN with multiple USGs. The main USG4 where the controller lives will update fine to 4.4.34. When trying to update the remote USG3 and USG4s, It will get stuck on provisioning and send a Commit Error due to overlapping DHCP networks. This is when updating from the interface. This happens on just firware 4.4.29 and now 4.4.34, all other past firmwares will update fine. I have just SSH updated one of the remote sites with 4.4.36 and same issue. Reboot loop after a minute or 2. I updated the Local USG4 and no issues. Errors logged. 

 

 configuration commit error. Error message: { "COMMIT" : { "error" : "￾[ service radius-server ]\nStopping FreeRADIUS daemon: freeradius.\nStarting FreeRADIUS daemon: freeradius.\n\n￿1\n￾[ interfaces ethernet eth2 dhcp-options ]\nRenewing DHCP lease on eth2 ...\n\n￿1\n￾[ service dhcp-server ]\nConflicting subnet ranges: 172.16.64.0/24 overlaps 172.16.64.0/24\nConflicting subnet ranges: 172.16.64.0/24 overlaps 172.16.64.0/24\nDHCP server configuration commit aborted due to error(s).\n\n￿0\nCommit failed\n" , "failure" : "1" , "success" : "1"} , "DELETE" : { "failure" : "0" , "success" : "1"} , "SESSION_ID" : "12a9e517d7394b506d9c713448" , "SET" : { "failure" : "0" , "success" : "1"}}

 

then a minute later

 

configuration commit error. Error message: { "COMMIT" : { "error" : "￾[ service dhcp-server ]\nConflicting subnet ranges: 172.16.64.0/24 overlaps 172.16.64.0/24\nConflicting subnet ranges: 172.16.64.0/24 overlaps 172.16.64.0/24\nDHCP server configuration commit aborted due to error(s).\n\n￿0\nCommit failed\n" , "failure" : "1" , "success" : "1"} , "DELETE" : { "failure" : "0" , "success" : "1"} , "SESSION_ID" : "12a9e517d7394b506d9c713448" , "SET" : { "failure" : "0" , "success" : "1"}}

 

Currently stuck on Provisioning. Still able to ping the USG3 and will be downgrading back to 4.4.18. 

 

Any ideas here? I feel like the tunnel is the issue, but quite scared to remove the tunnel and upgrade hoping the upgrade will work. 

 

New Member
Posts: 3
Registered: ‎04-06-2016

Re: [USG] Firmware v4.4.36 now available

[ Edited ]

I can confirm the issue with GEOIP.  WAN connection is dead after the update (static IP in my case, not DHCP) to 4.4.36.

 

Disabling GEOIP solved the issues.  Keeping GEOIP disabled for now.

 

Rergards,

W

 

Reply