pfSense Support Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - kpa

Pages: [1]
1
I hadn't updated my pfSense box in a while because I've been out of town for some weeks. Today I took a look at the updates and noticed that 2.3.4-p1 is available. I decided to "smooth out" the process by running "pkg update; pkg upgrade" on the console to first install any leftover updates that might have been pushed recently.

This didn't do what I expected. It offered me the full update set (the pkg packages) for 2.3.4 -> 2.3.4-p1 update and I could have let it install them but then I started thinking that maybe that's not the way to go and answered "no" to the prompt. I instead did the console update using option 13) and it all went fine.

So my question is: Would the "pkg update; pkg upgrade" have given me full 2.3.4-p1 equal to what you would get with the console or the webgui update?

If the answer is no then I think your update scheme is little bit broken because the system allows you to install updates that are not meant for the current version of pfSense installed but belong to the update set for the next available updated version of pfSense, in this case the next patchlevel -p1.

2
General Questions / RRD rc.bootup errors
« on: May 26, 2016, 04:50:40 am »
I get these errors in my logs on every boot, they have been present on every version I have used since 2.2.6 to the latest 2.3.1 update 1. Are these just cosmetic or something that happens because I haven't turned some option on?

Code: [Select]
May 26 12:37:06 php-cgi rc.bootup: Creating rrd update script
May 26 12:37:06 php-cgi rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queuedrops.rrd -t N' returned exit code '1', the output was 'ERROR: Not enough arguments'
May 26 12:37:06 php-cgi rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queues.rrd -t N' returned exit code '1', the output was 'ERROR: Not enough arguments'
May 26 12:37:06 php-cgi rc.bootup: RRD create failed exited with 1, the error is: ERROR: you must define at least one Data Source
May 26 12:37:06 php-cgi rc.bootup: RRD create failed exited with 1, the error is: ERROR: you must define at least one Data Source
May 26 12:37:06 php-cgi rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queuedrops.rrd -t N' returned exit code '1', the output was 'ERROR: Not enough arguments'
May 26 12:37:06 php-cgi rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queues.rrd -t N' returned exit code '1', the output was 'ERROR: Not enough arguments'
May 26 12:37:06 php-cgi rc.bootup: RRD create failed exited with 1, the error is: ERROR: you must define at least one Data Source
May 26 12:37:06 php-cgi rc.bootup: RRD create failed exited with 1, the error is: ERROR: you must define at least one Data Source
May 26 12:37:02 kernel .done.

3
Code: [Select]
2.2-ALPHA (i386)
built on Thu May 22 22:15:16 CDT 2014
FreeBSD 10.0-STABLE

I have IPv6 connectivity using SLAAC on the WAN interface but the dynamic IPv6 gateway stays at "Pending" status and doesn't show any stats for the gateway.
 

4
Code: [Select]
2.2-ALPHA (i386)
built on Thu May 22 22:15:16 CDT 2014
FreeBSD 10.0-STABLE

This is on a Parallels for Mac virtual machine. I did a reset (equal to pressing the reset switch on real hardware) of the virtual machine to add a second network interface to the system before the initial interface setup had finished. This resulted in config.xml not being saved but the system thought that there was no need to run the interface setup again on next boot resulting in unusable system. I had to reinstall from scratch.

5
NAT / Outbound NAT weirdness with 127.0.0.0/8 addresses.
« on: April 23, 2014, 09:27:37 am »
It seems that the automatic outbound NAT generates a rule for NATing traffic with 127.0.0.0/8 net as its source address. Is this really necessary? I've always thought that the way FreeBSD's routing code selects the source address for outgoing connections guarantees that the localnet addresses are never visible outside the host.

This is on version 2.1.2-RELEASE i386.

6
This is with "2.0-BETA4  (i386) built on Wed Aug 25 02:21:33 EDT 2010 FreeBSD 8.1-RELEASE" snapshot.

If you create a new remote access server with SSL/TLS + User Auth options the "Backend for authentication" -selection has nothing selected by default and if you forget to select anything there you'll get no error when you press save and a rather cryptic error in the openvpn log:

Code: [Select]
openvpn[13201]: Options error: --username-as-common-name must be used with --management-client-auth, an --auth-user-pass-verify script, or plugin

I think the Local Database should be selected by default or there should be a note somewhere in the UI that prompts you to select something in the "Backend for authentication" selection.

7

Why does the dns forwarder return "hostname.localdomain" for reverse dns of the WAN ip address? Wouldn't it make more sense to leave the resolution to the ISP dns server (or whatever is configured at general setup)?

This is what dig returns on my system when I query the dns forwarder listening at the LAN interface (joesgarage being my local domain, xxx blanks the last number of my IP)

;; ANSWER SECTION:
xxx.217.223.80.in-addr.arpa. 1  IN      PTR     pfsense.joesgarage.

Asking the ISP dns forwarder returns:

;; ANSWER SECTION:
xxx.217.223.80.in-addr.arpa. 86400 IN   PTR     dsl-hkibrasgw2-fed9df00-xxx.dhcp.inet.fi.



This is on "2.0-BETA1 built on Wed Mar 31 01:56:32 EDT 2010",  I don't have a 1.2.x system to test if the same happens on 1.2.x.

8
I don't have AutoConfigBackup installed, never had but I got this warning after upgrading to lastest snapshot using http://snapshots.pfsense.org/FreeBSD7/RELENG_1_2/pfSense-Full-Update-1.2.3-20090219-2152.tgz :

Feb 21 00:30:03    php: : New alert found: Either the username, password or encryption password is not set for Automatic Configuration Backup. Please correct this in Diagnostics -> AutoConfigBackup -> Settings.


9
OpenVPN / Regarding redirect-gateway -option
« on: April 07, 2008, 02:43:08 pm »
If you are using redirect-gateway to redirect all trafic through the tunnel, you HAVE to enable Advanced Outbound NAT and create a NAT mapping for the address range used by OpenVPN (the address pool assigned to clients). Otherwise nobody will be able to connect anywhere outside local subnets known to the firewall. I learned this the hard way, hope this helps someone struggling with the same problem :)

10
IPsec / Accessing bridged to wan opt1 with ipsec
« on: March 27, 2008, 06:16:16 am »
I have a pfsense firewall with wan, lan and opt1 interfaces, opt1 is bridged to wan with filtering bridge on and using public ip addresses. I'd like to setup a site to site vpn with ipsec to another site and the other site should be able to access both lan and the bridged to wan opt1 from the other end. I can setup the lan <-> other site part just fine but how do I set up the bridged to wan opt1 <-> other site part?


11
Both 1.2-RC4 and 1.2 release do the same. After removing a running server from the list in the webgui, the associated server process and tunnel are not shut down but left running and accepting connections. A reboot seems to fix the issue.



Pages: [1]