updated 5 systems tonight.
all of them had issues with updating: they didn't find 2.4.2-release / they either found 2.4.0 or 2.4.1 or even only 2.3.5
i tried changing firmware branch back & forth (update/settings), but that didn't resolve the issue.

most of it was solved by doing
Code: [Select]
pkg update -f
pkg-static update -f
and then updating from console
1 of the boxes didn't finish the upgrade properly: ssh to box didn't show the /etc/initial menu. after starting it manually & doing another console update it was sorted.

the old (static/full) update system was less dynamic but it sure was more stable for me. am I doing something wrong or are there issues (in some cases) with pkg-ng ?

Feedback / Please stop removing posts
« on: October 25, 2017, 05:34:57 pm »
Dear staff,

Please stop removing non-spam posts. I'm sure there needs to be some moderation, but please lock them instead of making them vanish.
Censorship is seldom a solution, try coming up with valid/other responses instead.

Thanks in advance

Installation and Upgrades / [solved]issue updating package on 2.3.x
« on: October 12, 2017, 03:22:43 pm »
just tried to update some packages on a 2.3.3-release from GUI (yes i know its outdated)

Code: [Select]
WARNING: Current pkg repository has a new OS major version.
         pfSense should be upgraded before doing any other

this probably needs to be sorted for anyone wishing to stay on 2.3.x
nevermind, there is an option in     System/Update/Update Settings to stay on 2.3 branch.

nothing to see here, carry on   :D :D

Feedback / reporting spam delay - not productive
« on: October 12, 2017, 04:49:12 am »
The last topic report from your IP was less than 40 seconds ago. Please try again later.

this makes reporting "crap" time consuming....
is there an option to remove this feature for member that have > x_#_posts or account_creation_date > x_#_days  ?

DHCP and DNS / unbound dns discovery
« on: May 11, 2017, 04:06:48 am »
@work we use a print-management service called papercut.

they have this newish feature called 'mobility print', that allows byod printing easily by use of an app.

There are 2 options to get this app working
-mdns  (will probably work when using avahi to infect the network with zillions of multicasts)

-dns discovery (never heard about it)
;---------------- Mobility Print records --------------

b._dns-sd._udp       IN PTR pc-printer-discovery
lb._dns-sd._udp      IN PTR pc-printer-discovery
pc-printer-discovery IN NS  print-server-host
print-server-host    IN A   XXX.XXX.XXX.XXX

;--------------- End of Mobility Print records ---------
so that would be a valid config when using a BIND zone (example from papercut docs)
Anyone know how to translate the above in unbound?

fyi captiveportal is involved.

I know i could setup a separate VM with a bind or could probably do the same on one of the DC's, but would prefer to use the resolver builtin to pfsense

2 out of 3 systems i've upgraded failed to start quagga on initial boot. On second boot quagga started fine.
quagga is used to for routing subnet towards other ends of openvpn tunnels.

i did the upgrade remotely and had to go in over ssh, using the tunnel network & manually running
Code: [Select]
/usr/local/sbin/zebra -d -f /var/etc/quagga/zebra.conf
/usr/local/sbin/ospfd -d -f /var/etc/quagga/ospfd.conf

General Discussion / intel C3xxx ftw ?
« on: February 21, 2017, 02:27:28 pm »

2.4 Development Snapshots / tryforward rework FIB4
« on: February 07, 2017, 11:08:43 am »
i stumbled upon something i don't understand at all... but the pictures look great :D

seems its been pulled in devel-11 branch but it doesn't appear in releng_2_4.

is this going in 2.4 or will it have to wait for 2.x/3.x ? Is this at all useful for pfSense ?

Hardware / confirmed working JBC375F533-1900-B4
« on: December 19, 2016, 08:19:15 am »
Had to order a cheap system for one my schools. Ended up with this. Paid around 380 including an 120gb SSD & shipping.
Seems to work fine; idles at around 35C

iperf-server <---> pfsense_WAN | pfsense_lan <---> iperf-client

2.4 Development Snapshots / Progress netmap-fwd
« on: October 07, 2016, 01:27:07 am »
It's been a couple since months I've read something about this.

How is this progressing? Is there going to be an experimental build for this in the near future?

Installation and Upgrades / eta 2.4 snapshots?
« on: June 01, 2016, 10:40:52 am »
getting too far from edge ... risk too low .... adrenaline fading


-Tier1 came back online
-Gateway group showed both 'online'
-Default route = Tier1
-----Default-gateway switching = enabled

still, for whatever reason, it kept sending "some" clients out through tier2 - this was still happening 10hours after the last gateway event.

to fix it i clicked "reset all states" in the GUI.
(it's impossible that the states were still alive from before the gateway-event, because nobody was around at 2am in the morning)

Code: [Select]
May 2 13:38:35 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 40% dest_addr bind_addr identifier "WAN_TELENET0 "
May 2 13:38:35 dpinger send_interval 500ms loss_interval 10000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 40% dest_addr bind_addr identifier "WAN_SCARLETGW "
May 1 02:14:26 dpinger WAN_TELENET0 Clear latency 9788us stddev 1395us loss 29%
May 1 02:13:26 dpinger WAN_TELENET0 Alarm latency 9607us stddev 1263us loss 41%

The values set for dpinger are those that made APINGER work somewhat reliably.
perhaps the values need to be set to sane values, now that we have a good pinger ?

That said, the system has been up for 20 days, and a couple of failover events took place ... this is the first time it didn't fall back.


Last week i've upgraded one of my production systems to 2.3
it runs on esxi5.5.

CP has around 200-350 logged in users on average during working hours.
CP uses vouchers & AD2008r2 authentication.

Every couple of days since the upgrade i get a notification of a crash report on dashboard. Luckily everything keeps working as normal.

Can't find any clue's in system logs / portal auth log at the time of the crash report.

Code: [Select]
Crash report begins.  Anonymous machine information:

FreeBSD 10.3-RELEASE #6 05adf0a(RELENG_2_3_0): Mon Apr 11 18:52:07 CDT 2016     root@ce23-amd64-builder:/builder/pfsense-230/tmp/obj/builder/pfsense-230/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[18-Apr-2016 08:43:25 CET] PHP Stack trace:
[18-Apr-2016 08:43:25 CET] PHP   1. {main}() /usr/local/captiveportal/index.php:0
[18-Apr-2016 08:43:25 CET] PHP   2. radius() /usr/local/captiveportal/index.php:210
[18-Apr-2016 08:43:25 CET] PHP   3. portal_allow() /etc/inc/
[18-Apr-2016 08:43:25 CET] PHP   4. captiveportal_read_db() /etc/inc/
[18-Apr-2016 08:43:25 CET] PHP   5. SQLite3->query() /etc/inc/
[18-Apr-2016 08:43:25 CET] PHP Stack trace:
[18-Apr-2016 08:43:25 CET] PHP   1. {main}() /usr/local/captiveportal/index.php:0
[18-Apr-2016 08:43:25 CET] PHP   2. radius() /usr/local/captiveportal/index.php:210
[18-Apr-2016 08:43:25 CET] PHP   3. portal_allow() /etc/inc/
[18-Apr-2016 08:43:25 CET] PHP   4. portal_reply_page() /etc/inc/
[18-Apr-2016 08:43:25 CET] PHP   5. header() /etc/inc/
[18-Apr-2016 10:47:19 CET] PHP Stack trace:
[18-Apr-2016 10:47:19 CET] PHP   1. {main}() /usr/local/captiveportal/index.php:0
[18-Apr-2016 10:47:19 CET] PHP   2. radius() /usr/local/captiveportal/index.php:210
[18-Apr-2016 10:47:19 CET] PHP   3. portal_allow() /etc/inc/
[18-Apr-2016 10:47:19 CET] PHP   4. portal_reply_page() /etc/inc/
[18-Apr-2016 10:47:19 CET] PHP   5. header() /etc/inc/

cp config snippet
Code: [Select]
                <htmltext> ........
                <errtext> ..............

only cp-related error i can find in system log
Code: [Select]
Apr 15 10:17:39 php-fpm 69184 /index.php: Submission to captiveportal with unknown parameter zone:
The timestamps do not match the crash report in any way

So not a big issue, as everything works as intended ... but probably something that should be investigated.


i've updated from 04/06  --> 04/14. I wish to keep tracking the snapshots. (goal is not to go to -release)

since then i'm unable to see package-list / installed packages in the GUI:
Code: [Select]
Unable to retrieve package information
system / update (https://ip/pkg_mgr_install.php?id=firmware) shows this:
Code: [Select]
Current Base System
Latest Base System
Unable to retrieve system versions.

-updating from console option 13 works without a problem
-re-saved branch from GUI to "keep following 2.3 development snapshots'
-gitsync'd to releng_2_3
-pkg update -f   completes succesfully
-pkg upgrade -f completes succesfully
-pkg info -x pfSense:
Code: [Select]
[2.3.1-DEVELOPMENT][root@pfsense.vbees.lan]/root: pkg info -x pfSense

Code: [Select]
[2.3.1-DEVELOPMENT][root@pfsense.vbees.lan]/root: ls -l /usr/local/etc/pkg/repos/pfSense.conf
lrwxr-xr-x  1 root  wheel  58 Apr 14 23:01 /usr/local/etc/pkg/repos/pfSense.conf -> /usr/local/share/pfSense/pkg/repos/pfSense-repo-devel.conf

what am i missing here?

