@thimplicity You should see this being mentioned above
https://forum.netgate.com/post/992280

@soheil-amiri Check documentation for sample rate and tcp timeout options for softflowd. Adjust them to suit your traffic. This hints at why you might see less netflow stats arriving at your log server than you're expecting.

One thing I have noticed: If you already have OpenVPN installed, the export package installer for 2.6.x will offer to uninstall the client instead of installing it on top of itself or skipping that step automatically.

You can X out of that part of the installer if you want to leave the currently installed client alone, then it will go on and prompt to do the next part of the process which copies the configuration file into place.

@jimp This was the fix THANK YOU!

@frog said in Freeradius Google auth not working:

https://vorkbaard.nl/how-to-set-up-openvpn-with-google-authenticator-on-pfsense/

Maybe.
I would prefer using the original info, written by the one who actually build and created the system.
For info about your Tesla, would you seek help on www.ford.com ?

Three systems tested, all three with the same issue.
As workaround I configured service watchdog to start the services after reboot.

@SteveITS 2.7.0 CE fixed the restore issue with Avahi for me. However, I can only confirm it as "fixed" on a single pfsense box with a maximum of 2-3 restores.
My pfsense has only been updated a few days ago. Early days, without another user also confirming it as fixed I would say.

@JeGr I was able to fix it by changing line 221 in /usr/local/pkg/filer.inc from:

$execcmd .= "sync_package_filer();";

to

$execcmd .= "filer_sync();";

@occamsrazor So I've tried DynFi and seen that it has some great features, but the centralized management features are limited. I think it's better for Day N where you're monitoring and tweaking the devices after they're set up.

In a fleet of business owned firewalls, you would want to define configuration based on policies at a global level, site level and individual firewall level. The global and site level config is very minimal with what I think I can do with DynFi - what would be ideal is something like: Creating a firewall rule for a secure maintenance access via properly configured SSH over VPN. A site level config example may be configuring a CA and certs for 4 firewalls that an MSP is responsible for, an individual firewall config might be all the unique stuff like hostname, etc for that firewall.

With a centralized management platform offering, the firewall could have a script to check the central platform during boot for ownership of the serial number and then attach itself to the platform. This Zero Touch Provisioning feature means I don't have to travel all over the country setting up firewalls, I could have the option of using a contractor to rack and plug the box in and then hand it off to me to do the rest remotely. Those are some savings, efficiency and quality of life upgrades I know businesses would want to pay for.

I'm sure Netgate already knows this, but business customers are the type looking to purchase verified Netgate brand hardware with support contracts. I'm currently going through a POC to try out all the competition and I can say what I described here is hilariously hit or miss across all the big vendors. Very few are doing a great job with this or they make it difficult to POC those features. Meanwhile, the first setup to cross the finish line in lab was of course pfsense plus and DynFi so Kudos for the "ease of setup"!

@SteveITS said in 2.7.0 release has broken package management for 2.6.0 ?:

@DBMandrake
https://redmine.pfsense.org/issues/10464
It's a long standing issue.

Don't install packages for the wrong version. (yes I know that isn't what was intended) In the past it would try, and do things like upgrade PHP, breaking the old version.

The problem is, whether I tried to manually install a package via the GUI or not, some background process had already attempted to update some system packages (not those listed in the GUI) and in the process broken the pkg command itself. (although I notice the GUI uses pkg-static)

See my other thread.

This happened on four different systems, three of which I didn't even log into until I was aware of the issues on the first system, so definitely something that happened automatically as a result of the package repositories being updated on the servers.

I had to manually fix the pkg command on all four systems and they still complain about the fact that the FreeBSD package library is now using a newer database version than it should be.

This really shouldn't be happening without user interaction.

I haven't experienced these problems before because this is the first time that "Current" has changed versions in the repositories since I've been using PFSense. (Since I started with 2.6.0 which has been out for 1 1/2 years now)

Change System/Update/Settings to Previous Stable branch to be on 2.6, then install/update packages.

That doesn't fix the pkg command at the command line though, I had to fix that manually.

@hauy said in Package Manager not showing some packages:

@bmeeks I figured it out. I deactivated and reactivated the service and it seems to work now. Thanks again for your help!

That likely means some piece of the configuration was incomplete, and making that change and saving it caused the package GUI code to rewrite the configuration.

@FollyDude-0 Currently running on pfsense 2.7.0

@Raven7362 I don't fell like testing if can duplicate your problem, because well kind of using my config ;)

But if your having issues, all of the conf files and such are stored here

/usr/local/etc/raddb/

I would assume you could uninstall freerad package, then remove all those files.. Then reinstall package.

you can view their path and files in the view config in the freerad package gui section.

Don't do that! That directory is "no execute" for a very good reason.

Instead, put your custom shell scripts in /usr/local/etc/rc.d/ or perhaps /usr/local/bin/.

Hi calebh, thanks for writing all this up.

Just to say, I've been looking into alternative ways of doing this, which don't need xinetd or the filter cronjob.

One way is to add an SSH key to the User's Authorized Keys, e.g.

`restrict,command="/opt/bin/check_mk_agent" ssh-rsa AAAAB...`

And then set up an Agents > Other integrations > Individual program call instead of agent access rule, like: ssh admin@$HOSTADDRESS$ -i mysshkey

(Some more parameters might be needed to disable TTY or something, I can't remember.)

I've decided against this approach though, because the SSH connections end up spamming the System Logs.

I think a better way is to create a simple .php file that calls the agent:

/usr/local/www/check_mk_agent.php

<?php header('Content-Type: text/plain; charset=utf-8'); system('/opt/bin/check_mk_agent'); ?>

Then the Individual Program Call should look something like:

curl -ks https://$HOSTADDRESS$/check_mk_agent.php

It would be possible to modify the PHP to add some more security, perhaps some IP address filtering or to check for a secret parameter. But even without those steps, it at least has the advantage of encrypting the traffic over SSL so it can't be read by third parties.

Note, this will end up spamming the nginx log (System > GUI Service). Arguably that's better than spamming the System Log, but may still not be appreciated.

Happy to confirm the error has been resolved by upgrading to pfSense+ 23.05.
That release includes the upgraded package haproxy-devel 0.62_13 (was haproxy-devel 0.62_12).

Hope this helps someone.

Same problem after so many years