This looks strange … the process lasts for over an hour already. Just "Firmware upgrade in progress..." and then one dot after the other.
The webgui isn't reachable anymore: "Parse error: syntax error, unexpected '*' in /etc/inc/util.inc on line 869".
Internet works ... should I powercycle already? hmm ...

EDIT: solved via reboot. 2.3 beta up and running! nice ;-) thanks!

Yeah that part is a bit confusing since the other collapsed areas are hidden behind "advanced" buttons so it isn't consistent, that may need to be re-thought for 2.3.1. The difference is that it's a lot of options that also make sense as their own section, rather than being handled like the others.

Maybe it should be open with an advanced button of its own.

It wasn't doing anything other than log spamming, but I'll change that to not start it even when enabled in that circumstance to avoid that. You won't see it anymore since you disabled RAs.

Thanks!!! Looks like I should be fine.

I cleaned up the old/dead symlinks just now, thanks for letting us know

@itsme01:

Whoopsie… Wasn't aware of that. So what do you recommend to people who have a 4860 and have already upgraded to 2.3 beta amd64 full (and loving it, by the way!!!)?

I'm sure we'll have a procedure worked out in due time. For the moment just keep tracking 2.3 snapshots.

So I just realized that the "hang" I reported was just this package upgrade loop with no console output. If connectivity is required during an upgrade, this should probably be explained somewhere during the process. I can't put my test system online without changing a lot of stuff (static IP, VLAN settings, etc).

For some reason it worked the second time.

I'm almost positive 'pass out route-to' rules used to route the traffic appropriately for OpenVPN clients in 2.2.x. The issues inherent in doing that with Squid seemed to be TCP-only, or not relevant to the OpenVPN client use case. It's not in 2.3 though. It's matching the appropriate rule to do so.

@138(1000012211) pass out route-to (igb1 192.168.1.254) inet from 192.168.1.2 to ! 192.168.1.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"

where 192.168.1.2 is WAN, 1.254 is WAN's gateway. But it ends up going out via the routing table on a diff interface.

Need to try that on 2.2.6 and compare.

Fixed.  Jorge's suggestion was correct, code was changed but I missed this call before. Thanks!

Thanks!

It isn't a url issue – I had thought that maybe it was pulling the non-pro rules that are not as up to date as the pro versions.

I'll wait for the update to run tonight and check to see if the file timestamps on the rule files update.

@phil.davis:

There is nothing in the GUI code that tries to reverse-engineer whatever happens to be the config of the running system and let you edit that

I don't think reverse-engineering is necessary here.  If the GUI is aware that the user hasn't clicked "Apply" when disabling IPSEC, then a check of this flag should be possible when deciding if the GUI should display the firewall ipsec rule tab.

That should be accepting 0 since it was the prior "disable" value. I changed the code so 0 and blank are equivalent and fixed up the code a little around it.

https://redmine.pfsense.org/issues/6040

The commit will show there momentarily.

Those line numbers show it's prior to Monday's changes. gitsync or upgrade again and give it another shot.

Can confirm that updating to the latest snapshot (March 29th 01:50) resolved this issue for me. Updated using a memstick from 2.2.6 to 2.3 beta snapshot (March 17th) then updated from GUI to the latest snapshot (March 29th 01:50). Although ntp was not started on boot and after trying to start it the second time from the GUI it started and everything seems to be going well afterward.

Thank you for assisting in this issue ;D

@BBcan177:

This however, doesn't affect the functionality of the package… Just an issue at lower screen size...  Once the Devs have made changes to this code, I will get it integrated....

Indeed, no functionality issues, readability/UX usability issues only at Medium (md) resolutions.

Forgive me for the rehash of this, and thanks for the links and info. I make plugins and do some light UI/UX work for some other projects as I have time, and the peculiar way this is being "templated" via XML is not something I have really encountered before. I was expecting there would be a lot more fine-grained control available of the layout given Bootstrap is the target framework.

Thanks again!

@virgiliomi:

Maybe an improvement for 2.3.1… rather than just say "Updates are available", list out what packages will be updated when the Update button is pressed. Obviously we can see what packages get updated as the update process goes, but it's nice to know what will be done before clicking the button. Plus, knowing if a reboot would be required because pfsense-kernel is among those being updated would allow for downtime planning in a business environment.

Agree. Or at least a reboot latter? scheduler reboot? update in a scheduler if any update? ok to much probably.

Found a script that should work, .. however don't get assigned a ipv6 prefix is there somewhere i can add send duid in the dhcpv6c advanced options? If so how?

#!/usr/local/bin/perl -w #### client DUID generator for WIDE-DHCPv6 #### (C)2007 Jeffrey F. Blank <jfb@mtu.edu>/ Michigan Technological University use Config; use Getopt::Std; use POSIX; #//$FN = getcwd() . '/var/db/dhcp6c_duid'; $FN = '/var/db/dhcp6c_duid'; getopts('hm:t:', \%opts); if ( defined($opts{h}) ) { &usage; exit 0; } if ( (defined($opts{m}) && $#ARGV >= 0) || (!defined($opts{m}) && ($#ARGV != 0 || $ARGV[0] =~ /^-/o)) ) { &usage; exit 1; } if ( defined($opts{t}) ) { # timestamp specified; check its format (positive int or "now") $opts{t} = time() if $opts{t} eq 'now'; if ( $opts{t} !~ /^\d+$/o ) { &usage; exit 1; } # LLT DUID type $duidtype = 1; } else { # LL DUID type $duidtype = 3; } if ( defined($opts{m}) ) { # MAC address specified; use it instead of running 'ifconfig' $l = $opts{m}; } else { # interface name specified; run 'ifconfig' to retrieve its MAC address # start with a default of /sbin/ifconfig and update it if found in $PATH $ifconfig = '/sbin/ifconfig'; @path = split(/:/o, $ENV{PATH}); foreach(@path) { if ( -e "$_/ifconfig" ) { $ifconfig = "$_/ifconfig"; last; } } # popen ifconfig command and read its output open(IFC, "$ifconfig $ARGV[0]|") or die "$0: can't popen $ifconfig: $!\n"; if ( ! (@ifc=<ifc>) ) { # no need to print an error, as ifconfig probably already did exit ($? >> 8); } close(IFC); # we expect the MAC address to be preceded by "hwaddr" or "ether" # and colon-separated @ifc = grep { /(ether|hwaddr)\s*[0-9a-f]{1,2}(:[0-9a-f]{1,2}){5}/oi } @ifc; if ( $#ifc != 0 ) { print STDERR "$0: cannot decipher 'ifconfig' output\n"; exit 3; } chomp ($l=shift @ifc); $l =~ s/^.*(hwaddr|ether)\s*//oi; $l =~ s/\s.*//oi; } # form the first two words of the DUID data: DUID type and link type. # link-type is assumed to be ethernet(6)! $duid_data = chr(0) . chr($duidtype) . chr(0) . chr(6); if ( defined($opts{t}) ) { # create string from byte values, host byte order for ( $i=24; $i >= 0; $i -= 8 ) { $duid_data .= chr(($opts{t} >> $i) & 0xff); } } @mb = split(/:/o, $l); foreach(@mb) { $duid_data .= chr(hex($_)); } # first two bytes are DUID length, so figure that out $duidlen = length($duid_data); open(DUID, ">$FN") or die "$0: can't create $FN: $!\n"; # DUID length must be in network byte order, so check what perl thinks its # byte order is. could use htons() from Net::Inet, but that's not included # in at least some base installations. if ( substr($Config{byteorder}, 0, 1) eq '1' ) { # reverse bytes on little-endian hosts printf DUID "%c%c", $duidlen & 0xff, $duidlen >> 8; } else { # big-endian host; DUID length is already in network byte order printf DUID "%c%c", $duidlen >> 8, $duidlen & 0xff; } # DUID itself is written in host byte order print DUID $duid_data; close(DUID) or die "$0: error closing dhpc6c_duid: $!\n"; # print out DUID for potential use in server config file $fmt = "successfully created $FN\nDUID is %02x" . (':%02x' x ($duidlen - 1)) . "\n"; @duid_bytes = (); for ( $i=0; $i < $duidlen; $i++ ) { push @duid_bytes, ord(substr($duid_data, $i, 1)); } printf $fmt, @duid_bytes; ### end main ############## sub usage { print STDERR "usage:\t$0 [ -t <time>] { -m <macaddr>| <ifname>}\n" .     "\tif specified, <macaddr>must be 6 colon-separated hex values\n" .     "\tif specified, <time>must be an integer or 'now'\n"; } 1;</time></macaddr></ifname></macaddr></time></ifc></jfb@mtu.edu>

When i hexdump the file the values are in reverse by 2 xxyy become yyxx