It would be best to split off issues into their own threads rather than piling on the announcement thread. Locking this for now. If you posted an issue here that hasn't already been solved, feel free to start a fresh thread here on the 2.2 board.
That package does not appear to be affected by the problem for which this thread is intended. If it is broken in some other way on 2.2, post a new thread on the 2.2 board and someone may be able to look at the package if there enough detail on how to reproduce the issue.
Diagnostics->Backup/Restore, there should be a Clear Package Lock button. Press that to get rid of the "Packages are currently being reinstalled in the background".
Then go looking in logs to try and see what died that prevented a clean package install and unlock.
Note to other readers: Do not clear the package lock until it has been stuck "a long time" ™ - it might just be taking a while to download, unpack and install stuff (e.g. on nanoBSD with a slow CF card, on a slow link...)
Thx - worked out. This Tinc package just wont install. Is there any other ipsec/vpn which can greate full mesh vpn automatically?
You're not having the same issue. This thread was about a long-ago fixed issue with SSH host key generation in some circumstances. There are no known issues along these lines since, and any that do exist wouldn't be relevant to this thread. Please start a new thread with specifics of what you're seeing, as it's definitely completely unrelated to this thread.
hold off on the bug report, let's troubleshoot further here, as I don't think there is an actual bug there. The description isn't clear to me though. What type of VIPs? What traffic did you see on the affected IPs in a packet capture before fixing it?
It sounds a lot like what'd happen when you have a stale upstream ARP cache after swapping hardware and it sorted itself out by chance while you were going around pushing buttons in the config.
OK, my apologies … :(. It thought I had this working, but not quite. I was fooled by being on my local LAN (for debugging, it's easier), and some traffic "bypassed" the VPN connection. Not working as well once remote.
Trying to debug it, but having a heck of a time with the Firewall Rules. I have added a floating rule (which should be applied first), passing and logging all DHCP traffic between / on LAN and OpenVPN (TAP) ... but it's not catching anything - even though I see the traffic in the DHCP log, and also using tcpdump on the server (LAN interface). Very frustrating ... :(.
Any suggestions on the firewall would be greatly appreciated, as it's hard to debug this blind.
The & was in my config.. not sure if I did while back or was part of a update that I got. Either way that worked. But yes you have point since the package points to amd 64 locations that would cause issue with i386 and older versions as I think they have different file structure
My skills are limited.. Hope someone will help with this.
And my time is limited also..
Found Jim-p did that & stuff to the file little while ago
I've decided to give up on IPSec IKEv1 with just the settings on my phone, and instead focus on L2TP/IPSec instead, which is also done from just the phone. At least there's an option there to send all traffic over the connection. There's already a separate thread about that.
Since SSH goes down after reboot from first upgrade when it works.. I can not get in ssh just use the local monitor and keyboard to the machine. Also noted that system failed to give me IP. I tried using the upgrade from console hoping this would fix it but didn't work. Did upgrade or reinstall install same version I think but still didn't fix it. 2.1 was so much more stable than this version
I only have snort installed but that wasnt doing an update and I think that goes elsewhere iirc.
No widgets installed, no autoconfigbackup installed, wasnt in packages, how would I know about a bogons as I cant see anything in the logs?
I've been trying to adopt the backtrack tag "The quieter you become, the more you are able to hear.", so things like Windows nic phone home is off, http://technet.microsoft.com/en-us/library/cc766017(v=ws.10).aspx, as is windows updates, in fact that only gets initiated when a snort surpress for exe's, dll's aka PE's is enabled until the updates are completed then it goes back on again. And because it can take AV companies months sometimes years to reverse engineer and then decide if some code is malicious, not to mention the AV programs miss a % of virus according to shadowserver.org https://www.shadowserver.org/wiki/pmwiki.php/AV/Viruses I try to be careful and I have an enquiring mind. ;)
I now see this when I add a new user but can log in ok as the newly created user.
Jan 19 22:54:19 php-fpm: /system_usermanager.php: The command '/usr/sbin/pw groupmod admins -g 1999 -M '0,2003' 2>&1' returned exit code '67', the output was 'pw: user `2003' does not exist'
Jan 19 22:54:19 php-fpm: /system_usermanager.php: Tried to remove user but got user pw instead. Bailing.
Hyper-V 2012r2 network speed is 10Gbps to VMs, the speed to pfSese might be a bit slower since freebsd works with an older version of the hyper-v driver for the network card.
One thing that I have noticed with this is that the speed is very dependant on CPU speed for Hyper-V. If I have understod things correct. The pfSense team will work together with MS after the 2.2 release to solve this.
Given the conversations I've had with Microsoft, and presentation from them, my understanding is that we're running something quite recent. Microsoft's current focus on FreeBSD is enhancements to Vmbus and storage for HyperV. These went in 6 days ago: https://github.com/FreeBSDonHyper-V/freebsd/commit/926c32128af7e987669acfd399bddc653783d516 and I didn't think it was worthwhile to put them in now, especially when the impact for pfSense won't be that visible.
For bridge you have to set the sysctl where pf filters will be applied by default they are on member interfaces.
That makes sense if the altq shaping is tied into pf and pf is filtering on the members then applying shaping to the bridge isn't going to work. That hadn't occurred to me, thanks Ermal. :)
Normally I would expect the filtering to have been moved to the bridge in a setup such as yours already though.