Its working now with the Plus 24.02 beta installer.
Only cavehat u need to run the installer , note the NDI, contact TAC support to pre activate that NDI.(because new Hardware)
After that Installer will run and detect activated NDI so u can install.

https://redmine.pfsense.org/issues/15411

Good news: I was finally able to compile all packages!

Only 1 package failed (pfSense-repoc, which the source is now proprietary), and 2 skipped (pfSense@php82, pfSense-upgrade); 547 compiled successfully.

After sorting out the issue with LIB32 (thanks again @bmeeks!), I kept bumping into an issue with pfSense-pkg-zabbix-[proxy|agent]4, that didn't exist in the Ports repo.

I tried moving to FreeBSD 15.0.dev, which solved the zabbix dependencies, but then the compiled packages didn't run properly in pfSense 2.7.2 (not surprisingly; the packages compiled in 15.0 linked to libraries that didn't exist in 14.0).

After enabling debug (set -x), I finally spotted the problem: the Poudriere jail kept defaulting to devel branch, so it was using zabbix packages that didn't exist in 14.0. Checking the Ports branch downloaded, I confirmed it was devel, and not 2.7.2

The solution was to add POUDRIERE_PORTS_GIT_BRANCH in build.conf. It then changed to the right Ports branch, and properly, and finally the packages as expected.

I was able to change, compile and move miniupnpd to 2.7.2 production, and has been running stable for the last 24h.

Here's my build.conf:

export PRODUCT_NAME="pfSense" export PRODUCT_URL="https://pfsense.org/" export FREEBSD_REPO_BASE=https://github.com/pfsense/FreeBSD-src.git export FREEBSD_BRANCH=RELENG_2_7_2 export DEFAULT_ARCH_LIST="amd64.amd64" export PKG_REPO_BRANCH_DEVEL="RELENG_2_7_2" export PKG_REPO_BRANCH_RELEASE="RELENG_2_7_2" export POUDRIERE_PORTS_GIT_BRANCH="RELENG_2_7_2"

Also adjusted tools/builder_defaults.sh to:

PKG_REPO_BRANCH_DEVEL="v2_7_2" PKG_REPO_BRANCH_RELEASE="v2_7_2" PKG_REPO_BRANCH_PREVIOUS="v2_7_1"

All the other instructions above are still valid: e.g., comment out gnid in tools/builder_common.sh, create the file /usr/local/etc/poudriere.d/src.conf with WITHOUT_LIB32=y, etc.

@encrypt1d -- I remember you were also trying to compile miniupnpd. I've been running my modified version, and seems pretty stable so far. In my case I just wanted to fix the logging, removing some useless interface mismatch log spam, and flip some messages from LOG_INFO to LOG_WARNING (so I can audit them if necessary).

This time I took detailed instructions so I can reproduce the build, so lmk if you still have problems compiling it.

Thanks for all the help folks!

ps: of course, all this will be wasted effort once Netgate upgrades to 2.7.3+.

Backtrace:

db:0:kdb.enter.default> bt Tracing pid 11 tid 100007 td 0xfffffe0003fd6720 kdb_enter() at kdb_enter+0x32/frame 0xfffffe000379d9c0 vpanic() at vpanic+0x183/frame 0xfffffe000379da10 panic() at panic+0x43/frame 0xfffffe000379da70 trap_fatal() at trap_fatal+0x409/frame 0xfffffe000379dad0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe000379db30 calltrap() at calltrap+0x8/frame 0xfffffe000379db30 --- trap 0xc, rip = 0xffffffff80b05c80, rsp = 0xfffffe000379dc00, rbp = 0xfffffe000379dc00 --- vmxnet3_isc_txd_credits_update() at vmxnet3_isc_txd_credits_update+0x20/frame 0xfffffe000379dc00 iflib_fast_intr_rxtx() at iflib_fast_intr_rxtx+0xf7/frame 0xfffffe000379dc60 intr_event_handle() at intr_event_handle+0x123/frame 0xfffffe000379dcd0 intr_execute_handlers() at intr_execute_handlers+0x4a/frame 0xfffffe000379dd00 Xapic_isr1() at Xapic_isr1+0xdc/frame 0xfffffe000379dd00 --- interrupt, rip = 0xffffffff8125b026, rsp = 0xfffffe000379ddd0, rbp = 0xfffffe000379ddd0 --- acpi_cpu_c1() at acpi_cpu_c1+0x6/frame 0xfffffe000379ddd0 acpi_cpu_idle() at acpi_cpu_idle+0x2fe/frame 0xfffffe000379de10 cpu_idle_acpi() at cpu_idle_acpi+0x48/frame 0xfffffe000379de30 cpu_idle() at cpu_idle+0x9e/frame 0xfffffe000379de50 sched_idletd() at sched_idletd+0x4d1/frame 0xfffffe000379def0 fork_exit() at fork_exit+0x7d/frame 0xfffffe000379df30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe000379df30 --- trap 0, rip = 0, rsp = 0, rbp = 0 ---

We've seen that a few times and looked into it. We submitted a bug fix for it upstream: https://reviews.freebsd.org/D43712

Disabling multi-queue support prevents it if you're hitting it repeatedly.

Increasing the descriptor counts in the tunables will make it happen less frequently. But will still eventually hit it.

Steve

Or in: https://redmine.pfsense.org/projects/pfsense-plus

@John-Willard

pfSense has python.
Open up a command line : console, or SSH into pfSEnse, and fire it up :

[23.09.1-RELEASE][root@pfSense.bhf/tld]/root: python3.11 -h usage: python3.11 [option] ... [-c cmd | -m mod | file | -] [arg] ... Options (and corresponding environment variables): -b : issue warnings about str(bytes_instance), str(bytearray_instance) and comparing bytes/bytearray with str. (-bb: issue errors) -B : don't write .pyc files on import; also PYTHONDONTWRITEBYTECODE=x -c cmd : program passed in as string (terminates option list) -d : turn on parser debugging output (for experts only, only works on debug builds); also PYTHONDEBUG=x ........

Be aware : pfSense is a firewall, not a dev system.
You'll have a hard time pulling in more packages and other tools that maybe not present in the base system.

@John-Willard said in Python and pfSense:

Does pfSense have an API

pfSense is build upon the FreeBSD kernel, and that one is 100 % open source.
But again : it's probably not on pfSense that you develop anything, it's not the correct environment.

Btw : Snort, Surriata, Wireshark etc are all binaries, certainly not "interpreted scripts" ;)

@Ellis-Michael-Lieberman said in A questions about certs from a small-shop / home user (Maybe wrong category?):

Do I understand that you want me to list "pfsense.netwrightt.net" in my public record?

if you want Letsencrypt to sign you a certificate that contains "pfsense.netwrightt.net" you must proof the Letsencrypt that you are "pfsense.netwrightt.net" == that you handle (admin, own, etc) that domain name.
There are multiple ways to do this, hence the big list here : https://github.com/acmesh-official/acme.sh/wiki/dnsapi

Example : there is a domain name server that handles "netwrightt.net". With a acme.sh script, and access credentials your registrar gave you, acme.sh access your registrar's domain server, and places in the sub domain /.well-known/ a text (TXT) file. The filename and content of the file name are give to acme.sh by Letsencrypt.
When done, Letencrypt test the existence of that file name, and the content, so it knows that you 'admin' that domain name.
This method is called "rfc2136".
Since then, registrars have created their own methods and that's what the dnsapi list is so big.

@stephenw10 That would be greatly appreciated! Thanks!

Nice. 👍

It will be great, if you share your script :). Thanks.

New build is good.

@jrey said in Need Help...Want to build custom pFSense build...:

@dapperamer786 said in Need Help...Want to build custom pFSense build...:

with my required changes in the GUI

What? the GUI is web based.
There are even some completely different dashboards floating around.

what is it are you trying to do?

I think what he is trying to do is install pfSense with his backup config? Rather than install a clean install then go through the process of uploading the config.xml in backup/restore.

@hulleyrob said in Creating a new dashboard widget:

Are there any tutorials for this or does someone know of a good starting point?

I want to create a widget that would show the current days totals from traffic totals stats page.

All the code should already be done in the php files but I have no idea how to go about running it to see what it already gets and what I need to do to filter out the data I want.

Seems like a simple thing but hopefully if I would use it other people would find it useful too.

Any help would be appreciated.

To begin building a widget that shows daily traffic totals from PHP files, you must first comprehend the PHP code that is currently in use and how the data is computed. For the widget, set up an HTML structure and apply CSS styling. Use JavaScript to asynchronously retrieve data from PHP so that the widget is updated dynamically. Verify locally that the PHP files are retrieving data properly. PHP should be modified if needed to support APIs. For a thorough overview, look for tutorials on HTML, CSS, JavaScript, and PHP. Install the widget on a server so that anyone can use it and maybe help others who are looking for a similar feature.

After attempting to manually start vnstatd, you can check its status using the following command:
service vnstatd status
You should ensure that the configuration file for vnstatd is correctly set up. You can find the configuration file at /usr/local/etc/rc.d/vnstatd. See if any parameters or settings that might have changed in the new version. If your system uses systemd, there might be conflicts between the init system and systemd. Ensure that vnstatd is configured to work correctly with your init system. Even though you haven't found anything in the General logs, it's worth checking other logs such as /var/log/messages for any potential vnstatd-related issues.

@Skoony could you please give more details?

: sudo pkg search debug php82-pecl-xdebug-3.2.2 Xdebug extension for PHP

doesn't seem to find anything. Searching for "debug" in the available packages gui doesn't show anything either.

@JonathanLee I am running 2.7.2-RELEASE and everything is the latest.

Thank you for doing this important research Fabricio. I apologize if I have misspelled your name. Please connect with me. I have information that can help both of us.

@heartk What shell are you running ?

If its /bin/csh if ends with an endif

That one is not plus specific, the commit referenced there is showing on Github.