The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Gertjan

Pages: [1] 2 3 4 5 ... 144
1
Hi,

These files should exist in /usr/local/lib/php/20131226 :
Code: [Select]
total 3428
drwxr-xr-x  2 root  wheel     1024 Nov 22 11:11 .
drwxr-xr-x  4 root  wheel      512 Apr 13  2016 ..
-rw-r--r--  1 root  wheel    37808 Nov 17 11:32 bcmath.so
-rw-r--r--  1 root  wheel    22080 Nov 17 11:32 bz2.so
-rw-r--r--  1 root  wheel    13408 Nov 17 11:32 ctype.so
-rw-r--r--  1 root  wheel    82296 Nov 17 11:32 curl.so
-rw-r--r--  1 root  wheel   185576 Nov 17 11:32 dom.so
-rw-r--r--  1 root  wheel    46064 Nov 17 11:32 filter.so
-rw-r--r--  1 root  wheel    54912 Nov 17 11:33 ftp.so
-rw-r--r--  1 root  wheel    12776 Nov 17 11:32 gettext.so
-rw-r--r--  1 root  wheel   177152 Nov 17 11:32 hash.so
-rw-r--r--  1 root  wheel    41800 Nov 17 11:32 json.so
-rw-r--r--  1 root  wheel    59688 Nov 17 11:32 ldap.so
-rw-r--r--  1 root  wheel  1049792 Nov 17 11:32 mbstring.so
-rw-r--r--  1 root  wheel    45552 Nov 17 11:32 mcrypt.so
-rw-r--r--  1 root  wheel   147912 Nov 17 11:32 opcache.so
-rw-r--r--  1 root  wheel   155384 Nov 17 11:32 openssl.so
-rw-r--r--  1 root  wheel    30144 Nov 17 11:32 pcntl.so
-rw-r--r--  1 root  wheel   102016 Nov 17 11:32 pdo.so
-rw-r--r--  1 root  wheel    25384 Nov 17 11:32 pdo_sqlite.so
-rw-r--r--  1 root  wheel   111312 Nov 17 11:32 pfSense.so
-rw-r--r--  1 root  wheel    28960 Nov 17 11:32 posix.so
-rw-r--r--  1 root  wheel    49360 Oct  9 00:09 radius.so
-rw-r--r--  1 root  wheel    30384 Nov 17 11:32 readline.so
-rw-r--r--  1 root  wheel    32688 Oct  9 00:14 rrd.so
-rw-r--r--  1 root  wheel    80736 Nov 17 11:32 session.so
-rw-r--r--  1 root  wheel    11904 Nov 17 11:32 shmop.so
-rw-r--r--  1 root  wheel    54016 Nov 17 11:33 simplexml.so
-rw-r--r--  1 root  wheel    83728 Nov 17 11:33 sockets.so
-rw-r--r--  1 root  wheel    46176 Nov 17 11:32 sqlite3.so
-rw-r--r--  1 root  wheel    71040 Oct  9 00:17 ssh2.so
-rw-r--r--  1 root  wheel   149432 Oct  9 00:11 suhosin.so
-rw-r--r--  1 root  wheel    16464 Nov 17 11:32 sysvmsg.so
-rw-r--r--  1 root  wheel     9056 Nov 17 11:32 sysvsem.so
-rw-r--r--  1 root  wheel    12376 Nov 17 11:32 sysvshm.so
-rw-r--r--  1 root  wheel    18344 Nov 17 11:32 tokenizer.so
-rw-r--r--  1 root  wheel    53360 Nov 17 11:32 xml.so
-rw-r--r--  1 root  wheel    34448 Nov 17 11:33 xmlreader.so
-rw-r--r--  1 root  wheel    49096 Nov 17 11:32 xmlwriter.so
-rw-r--r--  1 root  wheel    36568 Nov 17 11:32 zlib.so
-rw-r--r--  1 root  wheel    73040 Oct  9 00:14 zmq.so

If one or more are missing consider your system 'hosed' : reinstall.

Btw :
Code: [Select]
find / -name extensions.iniinforms me that that files doesn't exist any more.
"extensions.ini" was used with an old PHP version -- these days things work differently.

See /usr/local/etc/php.ini and /usr/local/etc/php.conf for more info.

2
webGUI / Re: Config rollback confirmation bug?
« on: December 08, 2017, 01:46:09 pm »
.... How do I go about formally reporting this to investigate/get into the bug queue?
Go here pfSense Forum pfSense English Support webGUI and read this thread Typo error.


3
Installation and Upgrades / Re: Pfsense basic setup issues
« on: December 07, 2017, 07:39:10 am »
But from PFSENSE > LAN > LAPTOP directly connected without any switch in between i can assess PFSENSE web gui with 192.168.1.1
and then
but when i acess LAN gateway 192.168.1.1 from laptop via switch its not working , Even i tried connecting laptop directly to pfsense LAN interface
when i try to ping the 192.168.1.1 i do get destination host unreachable
What is it ?
"direct" NIC PC connected to NIC LAN pfSense works, or not ?
If so, ditch switch.

WAN : pfSEnse is efusing the IP because it is also 192.168.1.1/24 ? (wild guess).
Setup LAN using 192.168.2.1/24 and retry getting IP WAN.

4
...  wireless barcode scanners for warehouse management.
... and thes etrusted devices also have to hit also a login page - captive portal ?

Today i made the Update to 2.3.4_1 and i cant believe it, i dont want to believe it, but now it works with the same setup than before. Except on one Android 4.2 Tablet where i had to browse manually to the portal page, but i dont care about one old OS.
Keep in mind : things can go even better : what about the latest stable version 2.3.5 ? ;)
Btw 2.3.4_1 di not existed very long time, some nasty bugs security pushed it to _2 (using my memory, it's already old stuff now)

5
Captive Portal / Re: Captive portal problem under high load
« on: December 07, 2017, 07:08:41 am »
Ah, ok.
And let me guess, they all try to enter between 08h30 and 09h00 AM ?

I presume that your problem is related to the authentication phase.
Ones the client is connected, it's IP and MAC is loaded in one of the first tables in ipfw see https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting - remember : 2.4.x : no more "-x" parameter)

When you look at the ipfw rules and tables, and /etc/inc/captiveportal.inc (where the rules are created and injected into ipfw) it is easy to create somewhere in the middle a pass-all rule. Put one in, and see if the "load" problem still exists. If so : it's not the portal or pfsense but your routing capabilities, it's time tu upgrade the hardware.
If the problem is the authentication phase, or, more precis : the web server that handles the login pages, the creation of the rules into the tables, and the housekeeping of a mini database - 2 of them (the 'nasty' PHP build-in SQLITE which tends to create a huge file that tends be be read and written often - you better have some fast media or put it into RAM) you should look up the several threads in this forum that talk about heavy load portals - have read about some installations that have several thousands of clients at the same moment.

Also : do not set the soft and hard time out to low : tat means people have to re-log again more often.

Btw : I presume you have some PHP knowledge (accessible ones one can read - it worlds most simple language, only basic was more ....) and have some global "system" knowledge about things like "ipfw" (all the doc is on the net already).
You want to tune your system, which is ok of course, so, the question is : are you a tuner ? If not, have it tune ;)

See my reply not as a "do this and you will be fine", more as a "I would take these steps to see where the bottle neck is".

Btw : you are running VLAN's over what ? one 1GB interface ? 100 Mbit interface ?
Think about ditching VLAN and take real physical LAN's (1 Gb does NOT take 1 Giga bit per second, it will be far less ...)

6
Installation and Upgrades / Re: Having problems with installation
« on: December 06, 2017, 03:03:39 pm »
I install PFsence and it displayed a menu in dos and I can't get past this. I can't even exit out of it only by turning off the computer. Can anyone tell me what I am doing wrong?
Hi !

Possible that you make us see what you see ?
Btw : keyboard works ?
Also : when you see 'dos' then you're not looking at the right screen  :)

7
...
independent of this i just dont want a "everybody can use it" Network in "my" company
I understand.
But my company (a hotel) all trusted devices (our own stuff) are all wired without exception. Never ever my company LAN will flies over a radio connection, not even WPA2.
The captive portal is for non trusted devices, they can not even communicate with each other (AP isolation and every visitors is restricted to communicate with the gateway (== pfsense) only).
So, my clients can only visit the "net" with my connection portal connection,  as this is intended usage of the captive portal in the first place.
I presume that they (my hotel clients) will use a SSL connection when they connect to their Gmail, facebook, their bank, or whatever handles their private info.

Btw : when I activated the WPA2 on my AP's, everything still worked fine. Had to enter the password ones, of course.

8
Captive Portal / Re: Captive Portal accepts clients without Voucher
« on: December 06, 2017, 02:05:39 pm »
Unfortunately this is a nanoBDS platform that does not support the current 2.4.2 software.
2.3.5 includes a boatload with fixes. That's why one upgrades ;)

It has been stable for years but nowerdays keeps crashing once or twice a week.
I tried to avoid hardware problems by exchanging promary ans secondary (identical) firewall. Same crashes.
I collected crash dumps (or at least logs) using the serial line output
A crashdump is under
https://pastebin.com/SBcsDe2g
https://pastebin.com/WKuPMk2Q

More dumps on request
I'm not an expert in reading crash dumps, but i found something : 252 occurrences of the process "filterdns".
This is what I have :
Code: [Select]
[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep 'filterdns'
19927  -  Is       0:04.57 /usr/local/sbin/filterdns -p /var/run/filterdns-cpzone1-cpah.pid -i 300 -c /var/etc/filterdns-cpzone1-captiveportal.conf -d 1
20510  -  Ss       0:24.97 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
92118  -  Is       0:02.35 /usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c /var/etc/filterdns.conf -d 1
34116  1  S+       0:00.00 grep filter
thus : 3.

Run :
Code: [Select]
ps ax | grep 'filterdns'to what you have.

9
Captive Portal / Re: Captive portal problem under high load
« on: December 06, 2017, 01:52:46 pm »
Hi,

Can you give some numbers ?

10
Console access is nice to have for an initial setup. Did that last decade. A minimal 640 x 400 will do just fine for that purpose.
Now i use the SSH access, and a tool like Putty. Their is no limit for a "screen size" - and very easy to 'setup'  :)

11
webGUI / Re: Can't connect to the Pfsense Web GUI when Wan is plugged in
« on: December 06, 2017, 06:21:25 am »
For a school project I need to configure a server with pfsense. We want to use it as a captive portal. My problem is that I can't get in the WebGUI when I have my Wan connection plugged in.
What ??
(but you explain why afterwards ...)

When I freshly booted my server I need to unplug the wan cable, then I can login in pfsense. After that I can plug the wan cable back in an everything works. Do you guys now How i can fix this? When I booted the server I don't have internet, but when I login in pfsense I get internet.

Some info that might be usefull:
  • Lan IP : 192.168.1.100
  • Wan IP : 192.168.1.103 (DHCP)
Thanks for the info.
You totally broke one of the most important rules when it comes routing.
KEEP LAN on 192.168.1.1/24
Make WAN something 192.168.2.1/24 or 10.0.0.1/16 but NOT in the 192.168.1.1.1/24 segment.
IF your WAN needs to be in 192.168.1.0/24 then make your LAN (example) 192.168.2.1/24

Remember : your are operating a router/firewall, not a switch.

12
Captive Portal / Re: Unused Vouchers shown as expired
« on: December 06, 2017, 06:14:04 am »
Same here.
Created 5 rolls  with 5 vouchers each - lasting 15 minutes each.
Tested them all using the "voucher test page"
They ware all valid, 15 minutes left.
When using one, it timed out after 15 min.


13
Let me guess you dont use a WPA2 Password in your Hotel Network like everywhere else.
Noop.
Because I asked myself : what flows "readable" through the air ?
Pretty much nothing these days. Everything is SSL these days except for some old, non maintained sites.
So, encoding WPA2 above SSL .... why complicate my visitors with double authentification ?
Most, if not all public hot spots do not use encrypted Wifi these days. They will hit the portal.
Example : when you visit McDonalds, is it WPA encrypted ? Of course not.

But : when I enable WPA2 (or whatever auth scheme) my portal still works.

OPEN Wifi Network - Everythink works perfectly and the login page opens automatically or there is a message to open the page

WPA2 Secured Network - Nothing is happening. And sometimes The devices just dont use it because "there is no internet connection" on Android you get a message like this "no internet connection. do you want to stay at this network or change to another"

Maybe i should do i wireshark testing to see whats really happening.

Look to me right now that your problem is more situated between AP and the visiting device.
This WPA2 thing has nothing to do with pfSense. I presume your AP isn't integrated into the pfSense box.

DNS: I dont use resolver because there is a domain with DNS Server in the LAN Network with about ~2000 static(?) and ~150 mobile devices, 3 VPN Networks  to connect branches and Clients. pfsense not resolving and just forwarding is wanted behavior and again: DNS is working just fine, i can do fully qualified lookups when connected to wifi without authenticated to Portal.
Good.
Wanted you to know that that is an important thing.

btw: for the client there is no difference in Resolver and Forwarder. Its Just resolve at pfsense or resolve at other host.
For basic internet surfing : correct. The forwarder even has it merits probably.

14
Captive Portal / Re: Captive Portal accepts clients without Voucher
« on: December 06, 2017, 06:00:07 am »
I have a pfSense setup with 2 pfSense 2.3.2p2 in a master slave configuration.
... and what about the bug in an old version, corrected in the latest stable version  ;)

On a separate Interface (opt5) I intiated a Captive Portal with Vouchers.
Everything worked fine but after a spontaneous reboot of the pfSense all traffic is passed from OPT5 to the Internet with a Voucher being asked for.
"with" (as you said)  or "without" ?

All traffic is passed until the Captive Portal is disabled and re-enabled again.
Once re-enabled the portal works fine again - until the next pfCrash when everything is passed again.
Any ideas what happened or how to further analyse?
No.
pfSense doesn't crash - mine stays of for months or years if needed.
As soon as it restarted, go console or SSH access and run dmesg - dump it to pastebin.com (NOT in the forum) - and paste link here.
Like to see if FreeBSD complains about your hardware - some driver not ok (Realtek problem or whatever). We'll see.

Detecting why it crashes (reports, logs, details) is also very important. Never say it crahes, show what it says when it crashed, We can't see nothing from here.

The config seems to be correct as everything works after disabling and enabling
Often the setup is not good, or hardware not good.
As said, pfSense works - I do not think a double WAN is a problem (I don't have one).

15
Documentation / Re: ipfw changed (again) when using 2.4.x
« on: December 05, 2017, 05:28:18 pm »
Humm.
Was always fighting with this "-x" stuff, which was added especially for "pfSense" or some one from the pfSense team was asking for it back then if memory serves me well.

Anyway : ipfw rules are looking better now ... tables have names now : good !

Pages: [1] 2 3 4 5 ... 144