Still looking at what we might be able to do here. In the mean time it looks like this was working in 2.6 and now is not because the various instructions are referencing the FreeBSD 12 Latest repo. That now contains a version of netdata which depends on Python 3.9 and pfSense 2.6/22.05 is running 3.8. If you use the pkgs from 12 Quarterly instead I expect that to work.

Steve

I know that this question is old, but it actually helped me getting tcptraceroute on opnsense. The key thing was pkg add from freebsd. So for me it needed to be updated since I am on freebsd:13:amd64, I found https://freebsd.pkgs.org/13/freebsd-amd64/ with search :)

So for me the resulting command was:

pkg add http://pkg.freebsd.org/FreeBSD:13:amd64latest/All/tcptraceroute-1.5beta7.txz

Still same version of tcptraceroute 2 years later, but it is how to find the package name that is important

So thanks for this thread.

@buzz2912
Sounds like;
https://forum.netgate.com/topic/173074/22-05-upgrade-breaks-remote-access-openvpn/15

same problem.

Nvm im dumb... didn't read this line:

[!] Service [Wireguard_SSL]: Protocol not supported

Hi!

Somebody have a solution for this error?

Thanks

@mcury Thanks but this doesn't work in the users file. I think it's very restricted in what sort of entries can be made :(

@jimp Ok. So I took a few minutes and there's somthing I'm not getting.

When the Update setting is set to 22.05 the Package Manager shows two updatable packages, WireGuard 0.1.6_1 and ipsec-profile-wizard 1.0_4.
Screenshot 22.05 .png

And much to my surprise, when the Update setting is set to 22.01, I see one updatable package WireGuard 0.1.6_1 !:
Screenshot 22.01 .png

Is this correct? Is WireGuard 0.1.6_1 supposed to work on 22.01, or not? Upgrading WireGuard to 0.1.6_1 is the action that took down WireGuard in our NH router.

Here are the messages from the NH log that appear to describe the problem:

Jun 27 21:12:15 kernel linker_load_file: /boot/modules/if_wg.ko - unsupported file type
Jun 27 21:12:15 kernel KLD if_wg.ko: depends on kernel - not available or version mismatch

What's wrong?

@dvl Great. Option 2 would have been to reinstall and restore from backup. 😥

The upgrade thing catches lots of people. I put it in my sig a while back. One such problem is when the package is dependent on a PHP version that doesn't exist in the older pfSense, so it gets upgraded. There's a redmine to hopefully fix it or at least block/warn people.

Well one issue with the move to the new version. Previously bind was installed on my /cf now it is in /var/etc/named/etc/namedb/ a side effect, is whenever the router is restarted all my keys specified as global option will vanish

include "/etc/namedb/acme-keys.key";
include "/etc/namedb/ddns-key-inf.key";
include "/etc/namedb/ddns-key-sec.key";
include "/etc/namedb/ddns-key.key";

An idea would be to save them in the pfsense configuration.

@dennypage said in WebUI takes forever to load if UPS unreachable...:

I am assuming that the host running the NUT sever is using a fixed IP address, yes? And in the NUT config on pfSense, are you using the IP address (rather than hostname) to identify the NUT sever?

Yep, my whole network is based around fixed IP's, either both on the machine and dhcp server or only in dhcp server. And yes pfsense connects via IP.

@dennypage said in WebUI takes forever to load if UPS unreachable...:

You might want to consider moving to using pfSense as the NUT sever and having the other host as a client. NUT on pfSense is very stable.

Well my room is kinda limited because of the network cabling, the pfsense box and the UPS is on the opposite end of my room. Would require a 5 meter+ cable to connect the 2. Thats why i opted for a dedicated box and ATM this problematic box is the only one i can use. Done a few things to it including installing intel-microcode package and seems to be stable now ( knocks on wood ).

@jimp Thanks that worked. It seems like the install process did not recognize that the Patches package was there and re-installed it. But left the menu option in place.
420937b5-a131-4cd4-9c3e-8450d18f77e7-image.png

@bmeeks OK ... I understand

Hmm, looks like that was changed here:
https://github.com/pfsense/FreeBSD-ports/commit/7f64c9db1a0f5c0ffc18afe7a9f7a9b9f82f9c67

Not sure how you ended up with both though.

@justplayinn Have not yet upgraded. Have you tried removing and reinstalling the packages?

There is no "downgrade" path. To accomplish that you'll need to reinstall and restore your config file from backup.

@jimp https://redmine.pfsense.org/issues/13309

@steveits
Less for benchmarking and more for stressing. I want the CPU cycles included in that test. I can run iperf from desktop to server over the vpn, but this I want to see if HIS internet is to blame. I have a number of clients all on Verizon FIOS all claiming their clouds are slow. Verizon is very fractured right now and they lack people who can understand what you are talking about in the support space.

Got it working like a week ago after a while not thinking about it. For future reference I have created a manual.
It was quite hard to find out the what and how. But it can be done from gui.

https://dkict.com/pfsense-haproxy-authelia/

Pfsense haproxy + authelia

@tnowak I'll take a look

@allanlanier87 I've been reading/hearing about pfCenter for 8+ years. If it hasn't happened by now, it isn't going to happen.

@scourtney2000 But if you're telling the ping which source to use and it works.... sounds like a route issue.

Can you post pics of your configs, gateways and routes?

@flat4 you don't sign up for it - you set it up..

https://github.com/Tautulli/Tautulli/wiki/Notification-Agents-Guide#email

You will notice the gmail instructions call out using app password

Then you setup which of your users get the "newsletter" I use BCC instead of CC so that users don't see all the others users email addresses.

@eddy2020 its a bug, you can fix it by manually changing the config file

https://forum.netgate.com/topic/150856/lcdproc-on-watchguard-xtm-5-series-with-pfsense-2-4-4/25?_=1655488887623

@steveits this has been resolved in the background it is working again.

@bdossantos said in node_exporter for ARM:

node_exporter

Hello, anyone would like to use node_exporter on their arm negate ? :/

@hehob60672 said in Snort alert only on priority 1:

Is there any way to make Snort generate alerts only for rules with priority 1?

No, unfortunately the PRIORITY field is not an option for alert suppression/thresholding. If the only rules you want to even inspect traffic are those marked as PRIORITY 1, then you could perhaps use the pattern matching features on the SID MGMT tab to select only rules matching that criteria to enable.

@johnpoz yeah, leave it up.

I made the assumption they wouldn't have two similarly named packages/apt would correct me.

Sorry, but had to interject here. It seem @johnpoz has a very narrow view of what pfsense is, despite being a forum mod.
Maybe due to supporting a majority of non-technical users, he only sees the cases where pfsense is used on the bare minimum hardware and only for IP routing.
The reality of pfsense is that it is also for power users. Maybe they @johnpoz doesn't hear about the advanced use cases as much.

Using pfsense to perform periodic ISP speed tests is absolutely a fair ask.
pfsense has packages that make it way more than just a router.

In addition to "just being a router" it is also a DHCP server of course, but also can be:

Web Server Captive Portal DNS Server RADIUS Authentication Server Gateway monitoring Daemon Squid Proxy NG Firewall (pfblocker) Dynamic DNS Client VPN Client and VPN Server and much, much more.

Yes, all of these services running does require good hardware, but not even a full desktop sucking down 95W. A mini PC like a NUC does work great.

pfsense IS SUPPOSED to also be a client in many situations. VPN is a good example. It's OpenVPN package allows a user to create a persistent VPN client on the pfsense to a VPN provider on the Internet. That's more resource intensive than a periodic speedtest.

And the built in "dpinger" Gateway Monitoring Daemon has the sole purpose of keeping an eye on the WAN gateways to see if they go down. It pings the ISP periodically. A periodic speedtest would be a natural extension of this function. DDNS is another client that goes out to a service on the internet to update the Public IP.
So it is absolutely a proper request that a speedtest client be an available feature.

Regarding "slow results" from speedtest-cli running on the pfsense, this is due to the sivel package being old/buggy and not using the closest servers compared to the Speedtest.net website and/or the Ookla provided cli client.

Power users understand that speedtest.net isn't going to be 100% perfect, but it does provide a source of trending data that will help users if they need to show their ISP that they are not getting what they pay for.