The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jimp

Pages: [1] 2 3 4 5 ... 1436
Packages / Re: ACME client renewal cronjob - any logs?
« on: December 15, 2017, 10:38:43 am »
I get it fine, at the moment that's the only way to know so that's the workaround.

It could log those to the main system log, open up a feature request on redmine under pfSense-packages set for ACME and I'll have a look next time I'm in the code.

Packages / Re: ACME client renewal cronjob - any logs?
« on: December 15, 2017, 10:14:13 am »
Cron output doesn't get logged unless a script manually makes log entries. Hence checking the other logs to see if the script actually updated the certs.

2.4 Development Snapshots / Re: Use Ramdisk
« on: December 15, 2017, 07:59:06 am »
There was a fix put in for that in 2.4.3

Try using the system patches package to apply the changes from the PR and see if it helps:

Installation and Upgrades / Re: SG3100 boot loop
« on: December 15, 2017, 07:49:46 am »
Is that all you get? No other output past that?

Installation and Upgrades / Re: Segmentation Fault on Update
« on: December 15, 2017, 07:41:39 am »
Follow the other suggestions above and see if your repository files are also zero bytes.

If you want to fix the repo files there are manual steps that can be taken but honestly, reinstalling and restoring is so fast and easy there is little reason to attempt a manual repair. See

2.4 Development Snapshots / Re: Restore file question
« on: December 15, 2017, 07:34:59 am »
Usually, no, because the configuration format changes. That said, at the moment, they are still on the same configuration format version (17.3, see ) so you can move the configuration either way.

If anything gets changed on 2.4.3 snapshots that increases that number, then the configuration can no longer be moved back to 2.4.2.

NAT / Re: Outbound NAT rule generation & FRR OSPF-learned routes/subnets
« on: December 15, 2017, 07:23:47 am »
No. There is no way that dynamic routes can be picked up by automatic outbound NAT.

If they are all privately numbered, you could make an RFC1918 alias (,, and then setup hybrid or manual outbound NAT rules to match that alias as a source.

General Questions / Re: No active remote repositories configured.
« on: December 14, 2017, 02:58:03 pm »
Quite strange. That suggests that your entire repository configuration is missing. The easiest way to recover is likely going to be a quick reinstall and recovery as outlined here:

Repairing it manually is possible but there is no telling what else is wrong beyond that one problem, a reinstall is quicker and safer in the long run.

General Questions / Re: No active remote repositories configured.
« on: December 14, 2017, 01:04:01 pm »
First, go to System > Update, Update Settings tab and select a branch there and save. The Stable branch is the one you want. If that doesn't let it check, select the 2.4.3 snapshot development branch and then switch back to the stable branch.

General Questions / Re: Load Balancer and apache virtual hosts
« on: December 14, 2017, 01:02:35 pm »
For https checks with host to work, it requires SNI. The load balancer is very, very basic and cannot do that.

HAProxy is only recently gaining that ability. I'm not sure if it's in the haproxy package yet, but it might be there, or in the haproxy-devel package.

Check the cache/proxy board here under packages.

Official pfSense Hardware / Re: SG-3100 I/O Lights
« on: December 14, 2017, 12:57:17 pm »
The LED behavior for the WAN and OPT1 ports is different from the behavior of the LAN switch ports. They are all documented here now:

That was just added in the last couple days.

Development / Re: stock package compile options
« on: December 13, 2017, 03:04:11 pm »
Because it draws in too many huge dependencies to do so, and client side graphing via d3 and similar is better. It's been discussed many, many times since that decision was made for 2.3.x.

General Questions / Re: When to enable the tcp flag "out of" ?
« on: December 13, 2017, 02:54:20 pm »
In nearly all cases, you will never need to touch that. It's for making sure some flags are set and others are unset.

So if you have "S" out of "SA" checked it will only match if SYN is set and ACK is not set. This way it can match the first packet of a TCP handshake but not the later packets. That example is the default choice when that control is left alone at the default and the rule is for TCP.

Outgoing requests from the firewall will follow the default gateway. For updates to go over the VPN, the firewall's default gateway would have to be (at least temporarily) changed to be the VPN.

The exact method for that varies by VPN

Installation and Upgrades / Re: 2.3.5 is shown as 2.3.4-RELEASE (i386)
« on: December 13, 2017, 02:31:39 pm »
Hmm, those appear to be OK, but something must have failed to write out properly.

You could try one of a few things:

1. For a reinstall of all packages (pkg-static upgrade -f)
2. Reinstall pfSense
3. Wait until 2.3.5-p1 drops later this week and attempt to update again then and see if it corrects itself.

Pages: [1] 2 3 4 5 ... 1436