Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - robi

Pages: [1] 2 3 4
Hardware / Serial ports disappeared on Supermicro board
« on: March 01, 2018, 02:50:25 am »
Guys, I have a strange issue with serial ports since I upgraded pfSense to 2.4(.2).

All the serial ports have disappeared completely from the system. My Supermicro A1SRi-2758F has 2 serial ports and I've been using them for two things for years:
- GPS NTP sync
- Smart UPS communication

Now both of these functions are dead, because the system lost all the serial ports since the upgrade...

Code: [Select]
dmesg | egrep "uart|sio|tty|cua"returns no serial ports at all

Code: [Select]
sysctl -a | grep 'uart'Returns
Code: [Select]
device uart_ns8250
device uart
debug.uart_force_poll: 0
debug.uart_poll_freq: 50

As far as I see the system detects that there's an UART device on the system but doesn't load drivers?

Tried loading uart.ko manually from a FreeBSD CD-ROM, but got this:
Code: [Select]
can't re-use a leaf (uart_poll_freq)!
can't re-use a leaf (uart_force_poll)!
module_register: cannot register acpi/uart from kernel; already loaded from uart.ko
Module acpi/uart failed to register: 17
module_register: cannot register isa/uart from kernel; already loaded from uart.ko
Module isa/uart failed to register: 17
module_register: cannot register pccard/uart from kernel; already loaded from uart.ko
Module pccard/uart failed to register: 17
module_register: cannot register pci/uart from kernel; already loaded from uart.ko
Module pci/uart failed to register: 17
module_register: cannot register puc/uart from kernel; already loaded from uart.ko
Module puc/uart failed to register: 17
So it seems that pfSense's kernel already has uart.ko driver built-in and probably loads it too, but the device is not seen...

Tried replacing in /boot/device.hints:
Code: [Select]"isa"
Code: [Select]"isa"
As described here in the manual, but got zero results.
Couldn't figure out what .ko file should I try to manually load for this "sio" diver... maybe I'm on the wrong path...?

BIOS settings double-checked, ports are enabled, set to "Auto" as before (tried tro set IRQ and DMA manually but no change). No console redirection enabled or anything sort of.

Kernel missing the drivers? Any ideas?
Back in pfSense 2.1, 2.2 and 2.3 days these ports were working perfectly. 'been using them for years.

General Questions / Intel CPUs Massive Security Flaw issue
« on: January 03, 2018, 04:29:45 am »
"All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw"

I'm really starting to loose my trust in Intel. First ME, than this. Oh and the C2000 series bug...
I used to use AMD CPUs in the past, I switched to Intel about 15 years ago because AMDs tended to overheat etc. while Intels looked more trustworthy, they costed more but had less compromises at that time than AMDs (the era of Athlons and Durons).
I wonder how do AMDs perform these days...? I definitely intend to start looking at AMDs in my next projects....

Anyways, the big questions are:
- do we get (and when) a kernel update to pfSense to address this issue
- how much performance decrease should we espect. Thinking here of Atoms especially, C2000 series (like the famous Supermicro A1SRi-2758F and its brothers board, used by thousands of us in pfSense)

General Questions / System logs time interval?
« on: December 12, 2017, 01:54:53 pm »
I see that Sytem logs there's a filter functionality, but the 'Regular expression reference' doesn't contain any sensible information on how to simply filter out a time interval.
For example, I'dl like to see logs beween 2AM and 4AM. Any quick and dirty hints to check this out?

Packages / ACME client renewal cronjob - any logs?
« on: December 12, 2017, 01:51:31 pm »
How to prove if it ran successfully? Couldn't find any log entries related to the client renewal cron. Neither in the system logs, nor in /tmp/acme.
I'd check if this really runs as expected - certs expire in 90 days, but I really think I shouldn't need to wait that much time to confirm that the cron job actually does something.

Hardware / FTTH setups - connect fiber directly to pfSense
« on: June 16, 2017, 02:23:11 pm »
OK so most FTTH providers use GPON architecture to deploy the service at the customers. For the home and small business category users they give a CPE which already contains NAT functions with VoIP and TV out - this prevents the effective usage of pfSense.
The good way would be if there would be some hardware with an SFP slot in it (like a PCI card with an SFP slot), and use a GPON SFP module with it. See:

Another way would be to just use a GPON-Ethernet bridge:
but it's questionable if these are really bridges, and what performance loss they include. And not talking about the extra power they need.

Anybody has experience on this?
Any PCI or PCI-E card with an SFP cage with proven working GPON stick in it?

On Supermicro A1SRi-2758F, using a 4GB CF card with v2.3.2 Nano 64bit freshly installed, and then upgraded to 2.3.2_1 from console (option 13).

No kernel found on the upgraded slice, no config found using the backup slice.
Took this photo through the system's IPMI.

OpenVPN / OpenVPN performance boost observation
« on: September 24, 2016, 10:34:12 am »
I've noticed drastic improvements on file transfers through OpenVPN, between two sites using the same Supermicro A1SRi-2758F systems, running both pfSense 2.3.2 64-bit, by just adding these lines to both client and server:

Code: [Select]
sndbuf 0;
rcvbuf 0;

General Questions / Unable to send notifications
« on: September 20, 2016, 03:36:31 pm »
On previous v2.2.x I had e-mail notifications working properly, now I upgraded to v2.3.2, and I get no more mails, but see this in the log:
Code: [Select]
/system_advanced_notifications.php: Could not send the message to xxx@xxx.xx -- Error: could not start TLS connection encryption protocol
The mail server (provided by a zimbra installation) requires STARTTLS at Secure SMTP Connection, and uses PLAIN Notification E-Mail auth mechanism.

Any idea how to fix?

Under new pfSense 2.3 it's impossible to assign/enable new LAN interface if previously doesn't exist. This is the case where you have a box with only one NIC, and your're trying to add VLANs to it.

When creating the new interface, it complains that a DHCP6 Server is active thus cannot be saved. But since that inteface doesn't exist yet, there's no present config on DHCPv6 page.

Detailed steps to reproduce here:

This used to work well on 2.2.6 and before.

Hello devs,
Congrats, all seems good in this new release.

I'm using a couple of FreeBSD packages independent from pfSense, like the well-known reverse proxy 'pound'. Pound hasn't got any pfSense-specific package, thus doesn't have any GUI, I used to install it manually on earlier versions with

pkg install pound (and even earlier with pkg_add)

Now what I'm seeing is:
Code: [Select]
[2.3-RELEASE][root@pfSense.localdomain]/root: pkg install pound
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Updating database digests format: 100%
pkg: No packages available to install matching 'pound' have been found in the repositories

How to add back FreeBSD official repository?


Installation and Upgrades / Install packages through LAN proxy
« on: November 22, 2015, 08:55:49 am »
Guys, I'm having an issue where pfSense is used as an internal network, which has no access to the internet. It just routes and firewalls some internal, industrial-purposed networks, where internet access is not needed/allowed.
However, I need some packages to install on it, and I can manage to get some temporary internet access through a host connected to one of the internal LANs behind it, by running an http proxy.

I've got in System: Advanced: Miscellaneous: Proxy support enabled an set up to the working proxy. The update checker in the dashboard uses it and correctly detects that I'm on the latest release.

But in System: Package Manager: Available Packages I still get an error message saying it's unable to download the packages list after some considerable timeout. It seems the Package Manager doesn't take into account the proxy setting specified in the Proxy support page. Only the update checker works.

Note the special case when the proxy is not seen through the WAN interface, but through one of the LANs. Could that be the cause?

Development / Use Network Aliases in OpenVPN configuration too?
« on: November 18, 2015, 02:33:58 pm »
Guys, do we have any chance to use the Aliases we can create in Firewall > Aliases area, in OpenVPN's configuration at Server or Client Tunnel Settings > IPv4 Local Network/s? I see that these Aliases are used not only in firewall, but also in routing and NAT functions. I wonder why not possible to do the same for OpenVPN.

There are many complex scenarios when various VPNs are set up and Aliases are used to set up correctly routing and NATting (for example creating an alias containing all the networks of the remote site, in order to handle routing and firewall rules in that direction). It would be very handy to use the Aliases the same way in OpenVPN's own config page.

Often it happens that a new network appears on one side, it is added to aliases properly everywhere, thus routes, NAT and rules apply automatically to the new network, but it has to be manually added to OpenVPN's Tunnel settings also, which is just a field containing comma separated CIDR values. I'm currently having 26 subnets separated here by commas, it's becoming a pain to overlook and also a serious place to make mistakes - while Aliases would be so much better...

Any chance to have that?

2.2.5 Snapshot Feedback and Issues / Gigabit PPPoE?
« on: October 16, 2015, 12:51:04 pm »
Guys, have you considered including the fix for PPPoE being handled on a single thread?

It's mislabeled as "feature", while it's clearly a bug. Newest 8-core Atoms can't handle Gigabit speeds because of this...

NTP -> Serial GPS settings -> down the page GPS Initialization > Advanced "Show GPS Initialization commands", lots of random characters appear instead of the Initialization commands.

Select a Garmin, MediaTek, SiRF or some other GPS device to reproduce the proglem.

Hardware / A1SRi-2758f - no beep?
« on: July 31, 2015, 05:24:15 pm »
There's a nice beep script in pfSense which plays on the speaker when bootup is complete. Also there's a beep when somebody logs in the webgui.

But not on Supermicro A1SRi-2758f! This board is muted...
It does have an onboard speaker which works because it beeps at bios POST. But there's no beep coming out of pfSense.

I double-checked, the "Disable the startup/shutdown beep" in System: Advanced: Notifications is NOT ckecked.

Pages: [1] 2 3 4