Netgate SG-1000 microFirewall

Author Topic: [Thread Closed] 2.1 Package Testing  (Read 29152 times)

0 Members and 1 Guest are viewing this topic.

Offline Reiner030

  • Full Member
  • ***
  • Posts: 283
  • Karma: +7/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #15 on: May 06, 2013, 08:37:49 am »
OpenBGP had last week problems to get fresh installed ... in hung every time in process custom_php_resync_config_command().
As I knew the "hidden" URL /openbgpd_raw.php I get access to it and copied a config from other firewall, then install/reinstall works correct.

EDIT: btw... IPv6 works - when used in raw config... only WebGUI didn't support it yet.
« Last Edit: May 06, 2013, 08:39:34 am by Reiner030 »

Offline markuhde

  • Full Member
  • ***
  • Posts: 198
  • Karma: +1/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #16 on: May 17, 2013, 01:03:21 am »
Syslog-ng doesn't start as a service automatically, and only runs a few hours when run from the terminal.

Offline bbqrooster

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #17 on: May 30, 2013, 11:50:58 am »
I am having problem getting Snort to work with pfsense 2.1 RC0 May 28 built. After installing Snort and enabling it on the WAN interface, I cannot connect to the internet anymore. The dashboard showed that WAN interface (DHCP) did not get an IP address (showing 0.0.0.0) from my cable modem. It appeared pfsense kept trying and kept losing the IP address. The Services status also showed that dhcpd and dnsmasq were having problem starting. I did not have problem using Snort on the same network configuration with pfsense 2.03.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: 2.1 Package Testing
« Reply #18 on: May 30, 2013, 12:01:30 pm »
I am having problem getting Snort to work with pfsense 2.1 RC0 May 28 built. After installing Snort and enabling it on the WAN interface, I cannot connect to the internet anymore. The dashboard showed that WAN interface (DHCP) did not get an IP address (showing 0.0.0.0) from my cable modem. It appeared pfsense kept trying and kept losing the IP address. The Services status also showed that dhcpd and dnsmasq were having problem starting. I did not have problem using Snort on the same network configuration with pfsense 2.03.

Snort on 2.1 works fine (I use it in production in a few places), so something in your snort config may need adjusted, or you may have other problems on your system. Start a fresh thread someone can help you there.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline rcfa

  • Hero Member
  • *****
  • Posts: 731
  • Karma: +4/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #19 on: May 31, 2013, 09:08:33 am »
This is what lightsquid says:
Quote
Note after installation:
On the first - enable log in squid package with "/var/squid/log" path.
On the second - press Refresh button for create lightsquid reports, else you will have error diagnostic page.

However, squid, in the logging section, provides a default path of /var/squid/logs (note the "s" at the end).

Which is the proper place?

Figured since the lightsquid doesn't give me an option to supply another path, I override and use the /var/squid/log path. But even after restarting squid, hitting the refresh button, I still get this error page:

Quote
LigthSquid diagnostic.
Error : report folder '/var/lightsquid/report' not contain any valid data! Please run lightparser.pl (and check 'report' folder content)
Please check config file !
Variable   value
$tplpatph   /usr/pbi/lightsquid-amd64/www/lightsquid/tpl
$templatename   novopf
$langpatph   /usr/pbi/lightsquid-amd64/share/lightsquid/lang
$langname   eng
$reportpath   /var/lightsquid/report
Access to '/var/lightsquid/report' folder   yes
$graphreport   1
folder content:

Offline bbqrooster

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #20 on: May 31, 2013, 04:48:09 pm »

Snort on 2.1 works fine (I use it in production in a few places), so something in your snort config may need adjusted, or you may have other problems on your system. Start a fresh thread someone can help you there.

What version of 2.1 did you get Snort working? I have done another clean setup of 2.03 and 2.1 using another computer using all default setup with one LAN and one WAN. The 2.1 RC0 was the May 30 built. The 2.03 was the most recent version. I then installed Snort (2.9.4.1 pkg v. 2.5.8) on both. The WAN interface was added with AC-STD performance settings. The box 'Use IPS Policy" was checked in WAN Categories.  Everything else was default. On 2.03, Snort worked like a charm. On 2.1 RC0, the WAN interface immediately got cut off once Snort was started. I looked into the system log and I saw that the system kept trying to establish the WAN IP address. I have tried both DHCP and static IP on WAN with the same result. I really don't think it is a problem of setting unless 2.10 RC0 requires you to do some special setup in Snort. I have attached the system log. I'll start a fresh thread on the Packages board. But please take a look at the log file and let me know what you think.

Offline rcfa

  • Hero Member
  • *****
  • Posts: 731
  • Karma: +4/-0
    • View Profile
Any issues with tinc?
« Reply #21 on: June 01, 2013, 01:36:34 am »
When I install the tinc package, it seems to install properly.
However, after the next system update, the package lock doesn't clear, and although tinc is listed as installed package, it's not in the menus.
If I manually reinstall the package, it's back in the menu.
Rinse, repeat.

In what sequence are packages reinstalled after a system update?
Either tinc crashes, or something before tinc gets installed, does.

Why would a package (re)install manually, but then then the system is update>

Offline bbqrooster

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #22 on: June 01, 2013, 12:11:39 pm »
Ok, I think I have gotten to the bottom of this issue with Snort not working with pfSense 2.1 RC0. It is a Intel NIC driver issue, but it is an issue that happens with the combination of pfSense 2.1 RC0, Snort 2.9.4.1 and the Intel NIC driver. I have been using Intel 729757-005 10/100 PCI NIC as the WAN interface. I have tested a few other NIC cards as the WAN interface. Here's the finding

pfSense 2.1 RC0 (i386) May 30 Built with Snort 2.9.4.1 v 2.5.8
Non-working NIC - Intel 729757-005, 721383-008 using fxp0 driver
Working NIC - Netgear FA311 (NatSemi chip) using sis0, on-board Realtek NIC using re0

pfsense 2.03 with Snort 2.9.4.1 v 2.5.8
All 4 NIC works

I have also tried pfsense 2.1 RC0 amd64. Same problem with the Intel NIC cards.

I have made a similar post in the Packages board. I hope someone would take a look at this.

Offline frater

  • Full Member
  • ***
  • Posts: 135
  • Karma: +1/-0
    • View Profile
Re: 2.1 Package Testing
« Reply #23 on: June 04, 2013, 05:31:57 am »
stunnel doesn't work....
I had it working in 2.1 but when I noticed it wasn't anymore and tried to edit the entries I get

Code: [Select]
Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14
Re-installing doesn't work...
I don't know how to edit those googledocs

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: 2.1 Package Testing
« Reply #24 on: June 05, 2013, 08:47:57 am »
This is what lightsquid says:
Quote
Note after installation:
On the first - enable log in squid package with "/var/squid/log" path.
On the second - press Refresh button for create lightsquid reports, else you will have error diagnostic page.

However, squid, in the logging section, provides a default path of /var/squid/logs (note the "s" at the end).

Which is the proper place?

That's not specific to 2.1, but to the package in general, doesn't belong in this thread.

Figured since the lightsquid doesn't give me an option to supply another path, I override and use the /var/squid/log path. But even after restarting squid, hitting the refresh button, I still get this error page:

Quote
LigthSquid diagnostic.
Error : report folder '/var/lightsquid/report' not contain any valid data! Please run lightparser.pl (and check 'report' folder content)
Please check config file !
Variable   value
$tplpatph   /usr/pbi/lightsquid-amd64/www/lightsquid/tpl
$templatename   novopf
$langpatph   /usr/pbi/lightsquid-amd64/share/lightsquid/lang
$langname   eng
$reportpath   /var/lightsquid/report
Access to '/var/lightsquid/report' folder   yes
$graphreport   1
folder content:

It worked the last several times I tried it, might be something specific to your setup, worthy of its own separate thread.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Any issues with tinc?
« Reply #25 on: June 05, 2013, 08:49:43 am »
When I install the tinc package, it seems to install properly.
However, after the next system update, the package lock doesn't clear, and although tinc is listed as installed package, it's not in the menus.
If I manually reinstall the package, it's back in the menu.
Rinse, repeat.

In what sequence are packages reinstalled after a system update?
Either tinc crashes, or something before tinc gets installed, does.

Why would a package (re)install manually, but then then the system is update>

Difficult to say, but that is likely specific to the tinc package and not 2.1 in general. That package was contributed by a forum member and not us, so it would be best to start a thread in the packages board (or dig up the old/original tinc development thread, I believe there was one) and get the maintainer's attention.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: 2.1 Package Testing
« Reply #26 on: June 05, 2013, 08:50:39 am »
stunnel doesn't work....
I had it working in 2.1 but when I noticed it wasn't anymore and tried to edit the entries I get

Code: [Select]
Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14
Re-installing doesn't work...
I don't know how to edit those googledocs

Stunnel has its own set of issues not specific to 2.1. It isn't currently maintained as far as I'm aware. It would be best to start a new thread in the packages forum to see if anyone else might have a solution/fix for that.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: 2.1 Package Testing
« Reply #27 on: June 05, 2013, 08:55:00 am »
Locking this thread for now, separate threads are better from here on.

The purpose of this thread was for problems specific to 2.1 -- meaning, package X worked on 2.0.x, but not 2.1. Most of those have been fixed, but packages that were broken on 2.0.x are also likely broken on 2.1 (e.g. stunnel, vhosts, freeswitch) and that's beyond the scope of what this thread is meant to deal with.

I was originally doing triage trying to fix what I could on things to get things in decent shape, but we're at the point now where the package maintainers for items with remaining issues need to step up and fix what few things are left. In the cases where there are no active package maintainers for certain packages, someone with the time/knowledge may have to take them on.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!