• Welcome to the 2.2.5 snapshots testing board

    Pinned Locked
    8
    0 Votes
    8 Posts
    6k Views
    K

    wow..welcome 2.2.5  :)

  • Snap 27 Oct 10:31:57 CDT - broken IPSEC status

    Locked
    11
    0 Votes
    11 Posts
    11k Views
    J

    Ermal,

    I had not named you, but since you outed yourself, I will respond.

    I wasn't blaming you for the memory leak, that's due an interaction with how strongswan uses it's "built-in" printf extensions and the implementation of same in FreeBSD's libc.

    Moving the printf extensions from "builtin" (libc) to vstr stopped (nearly all of) the leak, but, due to the way the strongswan plugin system is architected, the SMP interface is not compatible with the vstr library.

    Several times I tried to get you to replace the SMP interface with VICI, and each time you abjectly refused.  This despite the demonstrated need, because SMP had been deprecated in-favor of VICI, and the technical debt incurred in maintaining a set of custom patches to a port.

    When we finally undertook the work to replace the SMP plugin, it took less than two days to a full solution.  In the process, we reduced the technical debt of the project, because we now need fewer custom patches to the Strongswan port in FreeBSD.

    The "logs" have not been erased as you accuse.  We put the formerly discrete patches (and patches on patches) on a branch in a copy of the FreeBSD 'src' and 'ports' trees.

    In closing, a lot of the work you did here was good.  It was really your poor attitude, tendency to 'go missing' for extended periods and repeated instances of involving yourself in situations that presented a clear conflict of interest that catalyzed your dismissal.

  • Not Enabling APC - 512 MB Insufficient

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    N

    Two systems (one bare metal with 2 GB, one VM with 512 MB) report 33 MB less than physical in the webgui dashboard.  So those two cases would indicate about 479 MB detection requirement would work.  Or slightly less to allow some margin for variation.

  • Gigabit PPPoE?

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    D

    @cmb:

    @derringer66:

    Yeah and don't use any of the ADI/Netgate/or pfSense rebranded routers if you're using Gigabit PPPoE, they all use the crappy igb drivers :(

    I had to build an i5 box to support it with the em drivers, works like a charm with all *bsd routing platforms.

    There's nothing crappy about igb. In fact it's better than em.

    Broadly speaking, igb supports newer / higher end Intel Gigabit adapters, and em supports older / lower end Intel Gigabit adapters. The driver was split somewhere around five years ago, as it was hard to support NICs with such a wide spread of architectural differences and offloading features in a single driver.

    I'll take an igb over an em any day.

  • Fix old SNMP bindlan setting - Redmine #3883

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    @David_W:

    cmb / anyone - is the plan that 2.2.5 is the last 2.2 release unless a serious security issue or erratum arises before 2.3 is ready to release? It would be useful to know, as there is little point submitting further pull requests against RELENG_2_2 once 2.2.5 has released if there is no intention to make any further 2.2 releases.

    That is the plan, though for small but beneficial things we may still accept a PR or put a fix on RELENG_2_2, so long as it's not a binary change someone could use gitsync to pull in things fixed post-2.2.5 even if we don't roll an official release.

  • Firewall log display reject icon

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    P

    The part of this to do with displaying the "reject" icon instead of "block" icon has been moved to 2.3 target.

    Fixup for the rule lookup on dynamically added rows is available for RELENG_2_2 in https://github.com/pfsense/pfsense/pull/2014

  • Dynamic DNS RFC2136 tracking gateway groups

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Crash report

    Locked
    11
    0 Votes
    11 Posts
    5k Views
    C

    @cwagz:

    I just turned AES-NI off and will see what happens.  Thanks for the information.

    I found a couple crash reports submitted from the same IP you're visiting the forum from, and it's not likely that's the cause in your case. There have been known AES-NI panics related to FPU in all versions, which the vast majority never hit, but some routinely hit. It's something we're pursuing upstream and expect to have resolved in 2.3. It's something to try, but I don't expect it'll have any impact for you.

    Your crash looks nothing at all like those (nor any others I can recall offhand), and the two different crashes aren't even similar to each other. Most often when you're getting crashes with that frequency, and they're not the same or at least similar, the root cause is a hardware problem. Both those were memory corruption related, which could still be a software problem.

    If you're continuing to get crashes, keep submitting the crash reports, and start a new thread since this is not the same as the original issue here, and I'll check them and suggest how to proceed from there.

  • VPN: IPsec gateway will not connect when using Dynamic DNS

    Locked
    12
    0 Votes
    12 Posts
    14k Views
    T

    I didn't mention it in the last post, but after the changes, rebooted both sides, and the tunnel came up.  But just went ahead and added this VPN>IPsec, Pre-Shared Keys tab, with identifiers back in, rebooted, and the tunnel came up again.  Will leave this as the new running config and will watch it for stability to make sure it survives rekey and all.

    @cmb:

    Only because they were already there before. Reboot, or stop then start strongswan, and it'll stop working again (or possibly later during rekey without stop/start).

  • Captive portal does not perform its functions properly

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    R

    what happens if i run captive portal + squid3? I want to authenticate users with CP credentials

    (Testing on 2.2.5: Squid crashes after select that Authentication Method)

  • MOVED: Squidguard and Squid Problem

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • GRE/GIF tunnel was broken on IPSec Tunnel

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • SOLVED 32-bit snapshot builder is not running again

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • DHCP Server

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    Z

    @staticelement:

    When settings LAN interface to 10.0.0.1/8

    Well that's just a broadcast storm waiting to happen.

  • 0 Votes
    9 Posts
    3k Views
    D

    Thanks; will test some new snapshot this weekend.

  • Cant edit some files in www folder using edit file

    Locked
    44
    0 Votes
    44 Posts
    15k Views
    C

    @phil.davis:

    @xbipin:

    i found this bug report for 2.3 so it it whats also causing on 2.2.5

    https://redmine.pfsense.org/issues/5234

    That was properly broken code in the bootstrap conversion - the Save button was there but did nothing for any file.

    Yes, that was a bootstrap issue which only impacted 2.3.

  • Installer

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Fresh nanobsd install wont restore config

    Locked
    22
    0 Votes
    22 Posts
    6k Views
    X

    tried a fresh install of 2.2.4 on all the 3 CF cards, booted it, configured interface, restored config and rebooted fine. Edit file also works. Even tried both things multiple times and with CF permanently mounted as RW as well as RO and then let it switch automatically when restoring config and in all possible scenarios everything works all good on 2.2.4 on all the 3 CF cards i have from pcengines so definitely something changed between 2.2.4 and 2.2.5 or some other patches in the php files etc caused this to happen to my box which was merged in 2.2.5

  • Dns resolver takes too long to start

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    X

    what i believe to be the cause is i have an alias with 4 domains in it, now when dns resolver starts at boot, i think its trying to resolve that even before the firewall table entries r there or so

  • 32-bit snapshot builder is not running

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    P

    Thanks, I have upgraded to the latest and looks good in general.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.