Development

• T

  Error Building 2.4.0 Kernel
  • TheNarc

  3
  0
  Votes
  3
  Posts
  1041
  Views

  C

  I also found myself with this problem, which I was able to fix with this fix : https://github.com/freebsd/freebsd/commit/6884a6e482ca6effa702761a1e3fa98bb6946c30#diff-49d9a861ee932d5b656eb20466f2a292 But other problems have occurred. :-[ I had not had this problem with the RC version, which it was in "FreeBSD 11.0", so I put a compilation environment under this version, and compilation to work. I therefore conclude that the development team forgot to add a "BRANCH RELENG_2_4_0" on this repository: https://github.com/pfsense/FreeBSD-src The "Main repository for pfSense" is also unusable because it refers to a "BRANCH" that is missing: https://github.com/pfsense/pfsense/blob/RELENG_2_4_0/tools/builder_defaults.sh#L108 Can someone tell us about this omission ? Thank you !
• 

  802.11s status pfSense
  • pmisch

  2
  0
  Votes
  2
  Posts
  507
  Views

  

  As far as I'm aware, we have no intention of adding any wifi features like that. AP features belong in an AP. FreeBSD is great, but it does not lend itself well to being an AP.
• J

  Temperature Alert Script
  • JMac87

  6
  0
  Votes
  6
  Posts
  3269
  Views

  K

  Jimp is right, this type of monitoring needs a lot of manual configuration because on many systems the readings are nonsensical unless adjusted properly using information from the manufacturer. For example some of the AMD CPUs give you negative values and you're supposed to know the reference temperature used to calculate the real temperature as reference+reported. On such systems the only out of the box reliable CPU temperature is the one show in BIOS setup. Such reporting system would work out of the box only on a small number of systems where the calibration values are known.
• S

  PFSense Image Azure CustomData
  • salmanbukhari

  1
  0
  Votes
  1
  Posts
  374
  Views

  No one has replied

• B

  A short preview of the "3.0" CLI commands (/r/PFSENSE)
  • biggsy

  3
  0
  Votes
  3
  Posts
  883
  Views

  

  @biggsy: Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong. I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd. It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too. The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload. Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd. Sorry…just realized today that I posted my reply to the wrong thread ...  :-[ Bill
• P

  Squid UI proposal: Add input for blacklisting URLs in addition to domains
  • PakoUser

  1
  0
  Votes
  1
  Posts
  417
  Views

  No one has replied

• E

  Cisco AnyConnect (server) support?
  • einervonvielen

  5
  0
  Votes
  5
  Posts
  5946
  Views

  D

  If it was an optional package add-on, the GPL license doesnt taint the base at all. +1 to this. This guy brought it in via freebsd packages https://blog.dhampir.no/content/pfsense-as-a-cisco-anyconnect-vpn-client-using-openconnect
• O

  User Interface suggestion for improved visability
  • oldunixguy

  1
  0
  Votes
  1
  Posts
  388
  Views

  No one has replied

• N

  FauxAPI :: A REST API interface for pfSense to facilitate dev-ops
  • ndj

  6
  0
  Votes
  6
  Posts
  5105
  Views

  N

  FauxAPI has received an update to v1.1 In brief:- new API call alias_update_urltables - forces the immediate update of remote URL tables new API call gateway_status - returns the current status of the gateways updated documentation tested against pfSense 2.3.2 and 2.3.3 The package has received some great feedback and users deploying in complex large environments - enjoy, send feedback. N
• 

  MOVED: Configuracion de PFsense
  • Derelict

  1
  0
  Votes
  1
  Posts
  412
  Views

  No one has replied

• 

  BUG: unbound/ PfblockerNG when enabling RAM disk
  • Mr_JinX

  3
  0
  Votes
  3
  Posts
  748
  Views

  B

  I had the same issue until I increased my RAM disk size.  I think what happens is the file tries to write to the RAM disk but fails since it's out of space with the default size.  The setting is found under System/Advanced/Miscellaneous.  I increased mine to 512 MB's.  Since I have 8 or 16 gigs of RAM and have plenty to spare.
• A

  Custom index.html - Bandwidthd
  • andresense

  1
  0
  Votes
  1
  Posts
  427
  Views

  No one has replied

• T

  Command line management - pfSense_API via PowerShell
  • TommyLiu

  1
  0
  Votes
  1
  Posts
  741
  Views

  No one has replied

• J

  Tools Repo
  • jporter

  50
  0
  Votes
  50
  Posts
  20322
  Views

  

  The tools repo is no longer used. Everything needed to build current versions is in the public repositories on github. There is a reason this thread has not had any activity in years. Locking.
• W

  How to Build pfSense 2.3?
  • william9527

  21
  0
  Votes
  21
  Posts
  11427
  Views

  C

  I followed the detailed post above, its on the right path but the build script is clearly designed with obstacles. So if rename to pfSense it blocks the build. So then try to rename appropriate files from pfSense to nonSense since they dont distribute with that name in addition it tries to fetch packages from dead netgate url's. The showstopper is when renaming the 3 files in here to nonSense pfsense # ls /root/work/pfsense/pfsense/tmp/FreeBSD-src/release/conf/ pfSense_make.conf          ufw_installer_make.conf    ufw_recover_make.conf pfSense_src-env.conf      ufw_installer_src-env.conf ufw_recover_src-env.conf pfSense_src.conf          ufw_installer_src.conf    ufw_recover_src.conf Then running build.sh again, the build script itself renames them back to pfSense and then complains it cannot find the nonSense files, so its sabotaging itself. I blocked the script doing the sabotage by making the filles immune (root cannot even write/delete) chflags schg nonSense_* But now hitting repo clone errors. Since I only need to compile a custom kernel I might just try to compile the kernel in the traditional FreeBSD way, as I am only oing this to get a patched kernel to fix a nasty panic bug.
• M

  New Feature, Seamless upconversion of Telnet to SSH via pfSense, For SCADA
  • MasterX-BKC-

  5
  0
  Votes
  5
  Posts
  1144
  Views

  M

  My method is automated, Even the people who connect to these remote devices in many cases dont know anything about linux, or security.  So with a bit or code i wrote, When you SSH to the SG-1000 it automatically redirects you into telnet to the proper device, no need to issue any telnet commands, etc.  You SSH, and its as if you have gone directly to the telnet device in question. The SG-1000 would also take the place of the firewalling of the crappy DSL Modems, as they could be put in transparent mode, and the pfsense then utilized for a much better firewalling solution and access control. It would be a simultaneous upgrade to the firewall, and the telnet device at the same time, as well as facilitating better security for any other devices connected in that location. My code supports tunneling each user account to a different telnet device, not just 1 telnet device.  So its flexible in its usage, and works on bigger models as well, such as SG-2220, and 2440.
• A

  Package question
  • arnoldg

  1
  0
  Votes
  1
  Posts
  544
  Views

  No one has replied

• K

  SysLog Data - Anyone have data they could provide for testing
  • KizzMyAnthia

  2
  0
  Votes
  2
  Posts
  554
  Views

  K

  Looking for syslogs with external host data (i.e. public internet facing) I have internal network logs and can collect without an issue.
• P

  Watchguard X750e with pfSense 2.3.4 NIC LED-Fix available!
  • pfworker79

  1
  0
  Votes
  1
  Posts
  918
  Views

  No one has replied

• K

  HOWTO: compile kernel with LISP support
  • kleinem

  3
  0
  Votes
  3
  Posts
  2230
  Views

  

  This topic has been readen 1177 times. It means that many people interested in this technology, really good thing to drop NPt away in IPv6 Multihoming.
• F

  New project: accountability software for a network (prevent porn)
  • fermion

  1
  0
  Votes
  1
  Posts
  655
  Views

  No one has replied

• R

  Additional OpenDNS intergration
  • Ragen

  9
  0
  Votes
  9
  Posts
  1533
  Views

  

  @huzbub: Can PFBlockerNG DNSBL be used in conjunction with OpenDNS?  I realize this may be a little redundant as OpenDNS does much of what PFBlocker does but I like the multiple layers of protection and additional customization of PFBlocker. I used the guide below to get OpenDNS setup and it indicates that DNS Resolver must be disabled.  And if I understand correctly the DNS Resolver is required for PFBlocker to work. https://forum.pfsense.org/index.php?topic=112288.0 DNS Resolver & Forwarder Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder. (I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY) To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked) After that, Go to Services > DNS Forwarder > Enable: Checked Interfaces: All Click Save Any help appreciated! The DNS Resolver (Unbound) can be enabled in Resolver or Forwarder mode. Don't confuse that with the DNS Forwarder (DNSMasq). So you can check the DNS forwarder option in the Resolver. And add the OpenDNS servers to the pfSense General tab settings to utilize both DNSBL and OpenDNS.
• R

  Booting Pfsense
  • raghvendra

  3
  0
  Votes
  3
  Posts
  597
  Views

  R

  sorry i guess you didn't understood what i said. I have made a custom pfsense iso which doesnt boot so i was wondering if anyone can help with that . The iso i made is bootable , but it shows the error " cant find kernel".
• O

  How to create .txz in FreeBSD & transfer it to pfSense?
  • olifka-kun

  15
  0
  Votes
  15
  Posts
  2193
  Views

  D

  @renato.nogueira: @doktornotor: If you do not want the webgui, just don't install it. pkg remove pfSense-pkg-squid pkg install squid sorry, the pfsense is 2.0.1
• U

  XSD for Config.XML
  • ulrichlang

  2
  0
  Votes
  2
  Posts
  535
  Views

  

  No, there is no formal spec or XSD.
• 

  Add apply button on 2.3 pkg xml framework
  • marcelloc

  1
  0
  Votes
  1
  Posts
  442
  Views

  No one has replied

• R

  Block traffic when related NAT rule Alias doesn't exist
  • Rajko Ray

  7
  0
  Votes
  7
  Posts
  668
  Views

  Q

  Thanks for raising Rajko and thanks for the fix devs.
• 

  MOVED: Found this was an interesting read, execute code on routers
  • ivor

  1
  0
  Votes
  1
  Posts
  410
  Views

  No one has replied

• 

  Interface names
  • luckman212

  4
  0
  Votes
  4
  Posts
  701
  Views

  

  Thank you both for the helpful replies. Might not be a bad idea to add a note about that to the Developer Style Guide (e.g. Whenever possible, the preferred way to reference interfaces is by using the logical interfaces name eg opt2 yada yada…)
• D

  PHP error on 2.3.2 update
  • ddaniel51

  4
  0
  Votes
  4
  Posts
  1842
  Views

  D

  @thallam08: Issue is still there in 2.3.3 and 2.3.3_p1 Not really, don't necropost. https://github.com/pfsense/pfsense/blob/RELENG_2_3/src/usr/local/bin/dhcpd_gather_stats.php
• 

  What is check_reload_status?
  • luckman212

  6
  0
  Votes
  6
  Posts
  1424
  Views

  

  I made a small test patch (have not submitted a PR yet because I wanted feedback first) that seems to solve the issue for me. At least in my case it was caused by Console opt 16 restart php-fpm, killing that made check_reload_status go into a nosedive.  So I wrapped it with a start/stop. Been testing that for a couple days and so far it has helped. Any thoughts? Side note: since it doesn't seem possible to build a "pfSense" platform from source, what is the recommended method for trying to make & test changes to check_reload_status.c in case it needs to be worked on? edit: didn't get any comments here so I submitted PR#3637
• N

  SSH GitSync
  • NOYB

  1
  0
  Votes
  1
  Posts
  430
  Views

  No one has replied

• S

  Why won't pfsense 2.3.3 build nonSense out of the box
  • stevencmon

  2
  0
  Votes
  2
  Posts
  553
  Views

  D

  I think it's fairly obvious that it's broken on purpose and you won't get any assistance from pfSense guys here, whatsoever. https://forum.pfsense.org/index.php?topic=109089.0
• A

  PHP Shell Scripts: bringing up and down Interfaces and checking whether enabled
  • andipandi

  4
  0
  Votes
  4
  Posts
  1122
  Views

  A

  So.. i copy/pasted the code from the UI interfaces.php (the "apply" POST). Also, I had to persist the .interfaces.apply for each configuration (enabled and disabled). Gateway assignment and defaults still were a huge issue.. so I am happy it is running for now. I guess this will break with some update in the future (would be nicer to have a clear cut between UI and some fixed logic with a documented API), so I will be a little more reluctant to update that box. So.. what I have now is a PPPoE-CARP (well, the CARP is only on the LAN, but the WAN uses PPPoE depending on who is CARP master, so they also share the same WAN IP), I also just added a VLAN interface to have HA of the relevant parts (for me VPN, IPSEC and OpenVPN) sync from Master to Backup via HA. When the MASTER beocmes unavailable, it takes a little over 1 minute till the BACKUP is dialed in, but still, I hope this will prevent me from remotely locking myself out in the future, plus it should make system updates a lot better (internet connection only interrupted for 1 minute, available afterwards again with same features).
• G

  Do I still need this patch? Upgrade to 2.3.3-RELEASE broke it.
  • guardian

  8
  0
  Votes
  8
  Posts
  642
  Views

  D

  Dude dunno what are you after here. There's no user-configurable stuff in there and in general nothing of user interest in there either. The file was split to one per PHP extension. There's nothing to patch, fix, add, edit or invent there. And no, there's is no easy way to look.
• B

  Is this plugin idea even possible?
  • brandon3055

  5
  0
  Votes
  5
  Posts
  845
  Views

  B

  Ok so i figured out the problem. It should probably be noted in the documentation that in order for accounting to work FreeRADIUS needs an interface set to listen on port 1813 for Accounting packets. But now i have a new problem. According to the documentation to reset the counter you simply have to delete the used-octets- <username>file. Well for some reason that does not work. When it regenerates the file it simply picks up where it left off. At this point i dont think i will even use radius to handle the data caps i will just use it as a counter and handle everything with scripts. But its going to make things a lot more complicated if i cant reset the counter. Edit: Im also noticing something odd about the accounting. It seems the usage counter continues to increase at a rate of a few hundred KB per minute even when the user is no longer connected to the network. Meaning a user can login then disconnect their machine from the network and until their login session times out they will continue to use data at a relatively slow rate. That will get rather annoying if i cant figure out how to fix it… Edit2: Its worse that i thought. A user that isnt even connected to the network just used around 20MB in about 10 minutes. Thats going to make this completely unusable... Edit3: Unless im just missing something stupid i think radius accounting may just be broken on PFSense. I just tried a fresh pfsense install on a different system and its doing the exact same thing... So... Any ideas? Oh and what i said about it showing 20MB used in 10 minutes... It got worse than that. It seems a bit random but after a bit more testing i left the test user connected and went to bed. In the morning the user had been disconnected for reaching the 100GB limit set...</username>
• S

  Need help building module for broadcom 5719
  • shikka

  22
  0
  Votes
  22
  Posts
  6276
  Views

  M

  I know this is off topic. But does this device support inline IPS? Also do you know where can I get updated firmware for this device. Thanks in advance!
• D

  Regular expression generator
  • doktornotor

  3
  0
  Votes
  3
  Posts
  1258
  Views

  N

  My favorite is: http://php.net/manual/en/pcre.pattern.php Along with: $regex_sub_pattern_x = "something_x"; $regex_sub_pattern_y = "something_y"; $regex_sub_pattern_z = "something_z"; $regex_pattern = $sub_pattern_x . $sub_pattern_y . $sub_pattern_z;
• N

  Sprintf or direct assignment
  • NOYB

  4
  0
  Votes
  4
  Posts
  964
  Views

  N

  Kind of torn between the alternatives. Found this quote interesting.  Never thought of the opcache. http://stackoverflow.com/questions/7147305/performance-of-variable-expansion-vs-sprintf-in-php Ultimately the 1st is the fastest when considering the context of a single variable assignment which can be seen by looking at various benchmarks. Perhaps though, using the sprintf flavor of core PHP functions could allow for more extensible code and be better optimized for bytecode level caching mechanisms like opcache or apc. In other words, a particular sized application could use less code when utilizing the sprintf method. The less code you have to cache into RAM, the more RAM you have for other things or more scripts. However, this only matters if your scripts wouldn't properly fit into RAM using evaluation. Sounds like single quote (nowdocs) catenation may be fastest when only a single var.  But then there is that opcache thing and memory mentioned in the quote.
• S

  Idea to Install CPU-X into pfsense as a package with widget
  • sprinteroz

  4
  0
  Votes
  4
  Posts
  685
  Views

  

  Have at it… I see zero reason for such a thing..  Its a firewall, pretty sure will know what cpu it has on it before I set it up ;)  After that would have zero reason to look at this info.. if did need any such info, could just read dmesg or sysctl [2.3.2-RELEASE][root@pfsense.local.lan]/root: sysctl hw.model hw.machine hw.ncpu hw.model: AMD Turion II Neo N40L Dual-Core Processor hw.machine: amd64 hw.ncpu: 2