• Category is retired...

    Pinned
    1
    0 Votes
    1 Posts
    453 Views
    No one has replied
  • HEADS UP: IPsec swanctl conversion

    Pinned
    6
    3 Votes
    6 Posts
    2k Views
    M

    @jimp it looks like the mobile-pool may need to be split now to support both IPv4 and IPv6.

    Configuring 192.168.4.0/24 and 2604:2000:2941:4604::/120 results in the following in /var/etc/ipsec/swanctl.conf

    pools { mobile-pool { addrs = 192.168.4.0/24,2604:2000:2941:4604::/120 dns = 192.168.10.1 subnet = 0.0.0.0/0,::/0 split_include = 0.0.0.0/0,::/0 # Search domain and default domain 28674 = "nyc.example.com" 28675 = "nyc.example.com" } }

    But it appears that only the first (IPv4) addresses are used...

    $ swanctl --list-pools mobile-pool 192.168.4.0 0 / 0 / 254

    I created a (more detailed) issue in https://redmine.pfsense.org/issues/10296

  • 8 Votes
    3 Posts
    1k Views
    jimpJ

    Another note: If you are using zfs, then /var probably already has lz4 compression enabled so you can disable log compression if you like.

    : zfs get compression zroot/var NAME PROPERTY VALUE SOURCE zroot/var compression lz4 inherited from zroot
  • HEADS UP: relayd deprecated on pfSense 2.5.0

    Pinned Locked Moved
    14
    4 Votes
    14 Posts
    5k Views
    jimpJ

    Those are all topics for another thread. You would achieve it the same way you would for any other service off the firewall.

    I've locked this thread as it's purpose has been served.

  • squidguard dependencies missing

    2
    0 Votes
    2 Posts
    2k Views
  • Unbound crashes periodically with signal 11

    105
    0 Votes
    105 Posts
    31k Views
    jimpJ

    For this particular issue it would be the same on both

  • WAN_DHCP6 Stuck Pending / Unknown

    35
    0 Votes
    35 Posts
    8k Views
    D

    @daplumber and now an official Comcast Advanced Gateway, and an Arris S33. I don't think it's the CM.

  • openVPN issue after yesterday update

    15
    0 Votes
    15 Posts
    14k Views
    Q

    Props to @Beerman

    I was having the same issue at a site where fortunately the VPN is not mission critical. Your post pointed me in the right direction and it's now resolved.

    New CA, server cert, user cert applied to the existing OpenVPN setup, new client config exported and it all works like it should.

  • Debug Kernel Build with Witness

    19
    0 Votes
    19 Posts
    2k Views
    bmeeksB

    It can be fun if you are into such things. In my younger days I did this with embedded systems things. Many of those used Intel or Texas Instruments embedded microprocessors with the code in EPROM. Dump the EPROM using a reader, start at the power-on reset vector in the EPROM code for the CPU and start disassembling the binary. I often wrote my own disassemblers using the datasheets from the CPU manufacturers to get the binary opcodes and their assembler mnemonics so I could properly code the disassembler.

    I did it to satisfy my curiosity and not for nefarious purposes. Mostly just to see if I could do it. My wife did question my sanity at times when she found me poring over a stack of paper from a dot-matrix printer composed of pages of assembly code. I would be writing in comments as I figured out what a section of code was likely doing.

    Luckily I recovered ... 😀, and no longer suffer from that yearning.

  • Crash report 2.5.0-RC

    8
    0 Votes
    8 Posts
    1k Views
    yon 0Y

    @virgiliomi

    I think multiple factors may cause the crash, I think it involves FRR and wireguard.

    i have report to wireguard admin.

  • Expiretable Port fails to compile

    1
    0 Votes
    1 Posts
    264 Views
    No one has replied
  • FRR BGP issue once upgraded from 2.4.5-p1 to 2.5.0-RC

    5
    0 Votes
    5 Posts
    793 Views
    M

    @kinch

    Yes that is exactly what I observed. It was a mix of new defaults in line with best practices that come with FRR 7.5 vs the 7.3 you would have been running on pfSense 2.4.5 as well as some bugs that are now in redmine.

    If you see your BGP session as "Established" but your prefixes are not being announced checklist here:

    In your environment, are the prefixes to be announced in your local RIB or are they not ? If not, you need to set a flag no bgp network import-check

    This is sort of exposed in the GUI but currently broken because if you uncheck it in the GUI the new FRR 7.5 default means it is inherently enabled anyway. Thus you need to work with RAW CONFIG for now.

    Do you have any sort of filtering for your announcements ? A route map or prefix list ? Or do you just go Services -> FRR BGP and drop the prefixes in there. If so, you will need to enable a policy to satisfy the new default of bgp ebgp-requires-policy

    You could, but probably should not disabled this check with

    no bgp ebgp-requires-policy

    This is exposed in the GUI and seems to work but it is not regarded best practice. Better you create a prefix list with the stuff you want to announce and then attach it to your neighbor(s).

    Edit: Since this effects 2.5.0-release and we are no longer using a dev snapshot: There is more detail in this thread I have in the FRR sub-forum

  • Congrats on v. 2.5 CE!

    1
    0 Votes
    1 Posts
    338 Views
    No one has replied
  • Panic String: sleeping thread

    1
    0 Votes
    1 Posts
    434 Views
    No one has replied
  • running FRR high netstate CPU usage in pf2.5

    20
    0 Votes
    20 Posts
    2k Views
    yon 0Y
    sysctl dev.cpu dev.cpu.3.temperature: 59.1C dev.cpu.3.cx_method: C1/hlt dev.cpu.3.cx_usage_counters: 32910065 dev.cpu.3.cx_usage: 100.00% last 214us dev.cpu.3.cx_lowest: C1 dev.cpu.3.cx_supported: C1/1/0 dev.cpu.3.%parent: acpi0 dev.cpu.3.%pnpinfo: _HID=none _UID=0 dev.cpu.3.%location: handle=\_PR_.P003 dev.cpu.3.%driver: cpu dev.cpu.3.%desc: ACPI CPU dev.cpu.2.temperature: 59.1C dev.cpu.2.cx_method: C1/hlt dev.cpu.2.cx_usage_counters: 37679235 dev.cpu.2.cx_usage: 100.00% last 236us dev.cpu.2.cx_lowest: C1 dev.cpu.2.cx_supported: C1/1/0 dev.cpu.2.%parent: acpi0 dev.cpu.2.%pnpinfo: _HID=none _UID=0 dev.cpu.2.%location: handle=\_PR_.P002 dev.cpu.2.%driver: cpu dev.cpu.2.%desc: ACPI CPU dev.cpu.1.temperature: 59.1C dev.cpu.1.cx_method: C1/hlt dev.cpu.1.cx_usage_counters: 32443366 dev.cpu.1.cx_usage: 100.00% last 337us dev.cpu.1.cx_lowest: C1 dev.cpu.1.cx_supported: C1/1/0 dev.cpu.1.%parent: acpi0 dev.cpu.1.%pnpinfo: _HID=none _UID=0 dev.cpu.1.%location: handle=\_PR_.P001 dev.cpu.1.%driver: cpu dev.cpu.1.%desc: ACPI CPU dev.cpu.0.temperature: 59.1C dev.cpu.0.cx_method: C1/hlt dev.cpu.0.cx_usage_counters: 35826705 dev.cpu.0.cx_usage: 100.00% last 195us dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_supported: C1/1/0 dev.cpu.0.freq_levels: 3600/19240 3200/14577 2800/10578 2400/6951 1900/4162 1400/2887 dev.cpu.0.freq: 3600 dev.cpu.0.%parent: acpi0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 dev.cpu.0.%location: handle=\_PR_.P000 dev.cpu.0.%driver: cpu dev.cpu.0.%desc: ACPI CPU dev.cpu.%parent:
  • can't install last 2 dev versions on sg 3100 from USB

    4
    0 Votes
    4 Posts
    789 Views
    G

    @bcruze no worries. The images for official Netgate appliances are never available on the website. Those are CE images for use with amd64 devices. I could use one on my SG-5100 for example. However, for the official images you will always have to request them from Netgate via a support ticket. They are super quick to respond when you do. I tend to do a clean install every time a new version is released so I back up my configuration, send the request to Netgate, and then get down to business once they give me a link to the image.

  • /dev/led missing on PC Engines APU2

    1
    0 Votes
    1 Posts
    353 Views
    No one has replied
  • 21.02 RC Snapshots?

    2
    0 Votes
    2 Posts
    667 Views
  • Updated and not sure what state it's in

    4
    0 Votes
    4 Posts
    669 Views
    GertjanG

    @griffo said in Updated and not sure what state it's in:

    I've always logged in as root.

    I just tried 'root' : works also. had the menu etc.
    That is : it works for 2.4.5-p1 - I just noticed that your using a newer version....

  • php-fpm and netstat taking very high CPU

    4
    0 Votes
    4 Posts
    814 Views
    yon 0Y

    @mfld

    i have reply it. I have been reporting this problem for several years, and Jim doesn't believe it. This problem has always existed in this 2.5 system.But it runs much better in the 2.4.x system.I’m not a programmer, so I don’t know what has changed in the system, only Jim knows what has changed in the system.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.