@mrancier said in add new Congestion-Control Algorithms:

@yon-0 Opnsense 20.7.1. Modules are readily available in the OS and load without issue. I have used htcp, cdg and cubic. Currently on Cubic and works quite well. Also, seems to be better at respecting loader.conf and loader.conf.local mods. No hardcoded kernel patches that I am aware of anyway.

Have a chance to learn from you. 👼

i try full new install frr and not old config data, the bugs still here.

textdump.tar.0

@viragomann said in Clear Package Lock Button failure:

@yon-0

kill <PID>

Replace <PID> by the number shown in the error-message.

thanks!

@jimp It's been too long to has no solve this problem. More than a year.

Those are two completely different sets of crypto controls. One for the operating system in general, and one specifically for OpenVPN. There are many more uses for crypto on pfSense than OpenVPN.

AES-NI never shows in OpenVPN because it isn't a relevant option. It is not considered a crypto "engine" to OpenVPN or OpenSSL, because it uses it automatically. Some devices have to be selected manually.

pkg install pfSense-pkg-frr
Updating pfSense-core repository catalogue...
Fetching meta.txz: 100% 916 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 2 KiB 1.8kB/s 00:01
Processing entries: 100%
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.txz: 100% 137 KiB 2.7kB/s 00:51
Processing entries: 0%
Newer FreeBSD version for package cpustats:
To ignore this error set IGNORE_OSVERSION=yes

package: 1201519 running kernel: 1200086
Ignore the mismatch and continue? [Y/n]: y

just now it is work that using Ed448 curves for opnvpn in pf2.5 built on Thu Aug 13 13:04:02 EDT 2020 tls-version-min 1.3

this is great !

It's not usable yet, there is more work to do. But the tools are required to do that work.

@rschell
Memstick would be great. Thanks!

[2.4.5-RELEASE][root@pfsense.local.lan]/root: openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 199640 aes-128-cbc's in 0.19s Doing aes-128-cbc for 3s on 64 size blocks: 215441 aes-128-cbc's in 0.14s Doing aes-128-cbc for 3s on 256 size blocks: 187886 aes-128-cbc's in 0.16s Doing aes-128-cbc for 3s on 1024 size blocks: 149849 aes-128-cbc's in 0.11s Doing aes-128-cbc for 3s on 8192 size blocks: 39862 aes-128-cbc's in 0.02s OpenSSL 1.0.2u-freebsd 20 Dec 2019 built on: date not available options:bn(64,32) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 17035.95k 98049.59k 293173.74k 1402929.15k 20899168.26k [2.4.5-RELEASE][root@pfsense.local.lan]/root: openssl engine -t -c -pre DUMP_INFO (cryptodev) BSD cryptodev engine [Failure]: DUMP_INFO 542513824:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/crypto/openssl/crypto/engine/eng_ctrl.c:131: 542513824:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/crypto/openssl/crypto/engine/eng_ctrl.c:311: [RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC] [ available ] (dynamic) Dynamic engine loading support [Failure]: DUMP_INFO 542513824:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/crypto/openssl/crypto/engine/eng_ctrl.c:131: 542513824:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/crypto/openssl/crypto/engine/eng_ctrl.c:311: [ unavailable ] [2.4.5-RELEASE][root@pfsense.local.lan]/root: kldstat Id Refs Address Size Name 1 1 0xc0000000 1bd2740 kernel [2.4.5-RELEASE][root@pfsense.local.lan]/root: uname -a FreeBSD pfsense.local.lan 11.3-STABLE FreeBSD 11.3-STABLE #238 885b1ed26b6(factory-RELENG_2_4_5): Tue Jun 2 17:52:40 EDT 2020 root@buildbot1-nyi.netgate.com:/build/factory-crossbuild-245-armv6/obj/armv6/kJlGauaG/arm.armv6/build/factory-crossbuild-245-armv6/sources/FreeBSD-src/sys/pfSense-SG-3100 arm

@bmeeks said in Crashes do not recover due to a faulty code in /etc/inc/config.lib.inc line 383:

When you lose the config.xml file on the disk, all bets are off at that point. That is the most critical file for a pfSense installation. It contains everything for how the firewall should configure itself.

A few remarks

This is what probably happens ..... Even if it is true this is not the correct way of handling things! The platform should always recover (perhaps with the previous config, that appart).

To guarantee that:

each "what ever action" should never be executed before a valid copy of the previous config file has been made if the action lead to a crash than the saved old config should be loaded a second config change should never start before the previous is executed / finished

And I am sure that that is what NetGate is more or less doing. I know there is a config.old

Whatever something within that implementation is not "waterproof"

Louis

@w0w said in No Startup/Shutdown Sound since some build:

Don't know what was it, but after I tested beep with command Prompt, the sound is back. Also on boot and reboot and login. 😂

Interesting.. Well cool!

The 81 address it the remote server address. That's the only one pfSense can see. Your VPN provider is doing NAT so it appears to come from yet another different address. pfSense has no way to tell what that is in the OpenVPN status since it isn't relevent to OpenVPN itself.

@louis2 said in Any one know which Intel ix driver for x520 card is in the actual kernel?:

it is so old that it just forgot its version number

or drank a lot at a party and is now a hangover... 😀

Hello, as you can read in the development forum "I am fighting" PIMD. It is not necessarily PIMD itself, but the result are "crashes" as soon as I switch an interface off and on and a PIMD not properly working. Today I decided to start googling using keywords from the crash report, and guess what ..... I found a topic arround PIMD started by you. And at the end that in your opinion, it was caused by the x520 ..... It happens to be that a lot of my vlans ..... are x520 based ..... So I am very curieus about the actual situation / your findings !!

Louis
PS I can not bind every thing on 1G interfaces, ...... 🎃

Yes

I went back to built on Fri Jul 03 07:02:27 EDT 2020, however ... the same issues.

23/6 I did some test, I can not repeat with the current snapshots, but be aware the situation was never OK

In fact my router is perfectly stable as long as ..

PIMD is not installed and I am not switching Interfaces on and off especially not if PIMD is installed
Running PIMD and swithing an interface, is in my config "100%" crash garantiee

How the system recovers from such a crash differ from time to time,

sometimes in a one reboot recovery sometimes a crash during the recovery, however at the end it is recoverd sometimes it does not recover at all

I noticed that in:

in some cases the system can not find its config, falling back on an earlier version in some cases even that does not working, but placing an USB containg the config helps in some cases I had to do a full reinstall

I also noticed following strange error:
starting CRON .... done
ERROR: It was not possible to identify which pfSense kernel is installed
Starting package PIMD .... done

What ever ...... something terrrible wrong .... as soon as you start using PIMD. Can be pimd itself, but my feeling (I can not proof it), is that it something deeper in the kernel.

If some one has ideas how to point more exact to what is causing this ......
That would be helpfull ....

Note that nearly all the crash dumps are ending with the lines copied below

Louis

<118>Bootup complete
ugen0.2: <Kingston DataTraveler SE9> at usbus0 (disconnected)
umass0: at uhub0, port 7, addr 1 (disconnected)
da0 at umass-sim0 bus 0 scbus7 target 0 lun 0
da0: <Kingston DataTraveler SE9 PMAP> s/n 000FEAFB7959BC80E7D4000C detached
(da0:umass-sim0:0:0:0): Periph destroyed
umass0: detached
<6>vlan1: changing name to 'lagg0.26'
<6>vlan1: changing name to 'lagg0.26'
<6>vlan1: changing name to 'lagg0.26'

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor write data, page not present
instruction pointer = 0x20:0xffffffff80e934f5
stack pointer = 0x28:0xfffffe00004de7f0
frame pointer = 0x28:0xfffffe00004de7f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 12 (swi1: netisr 2)
trap number = 12
panic: page fault
cpuid = 0
time = 1594546367
KDB: enter: panic

Hello,

I just had a crash ..... and a crash dump ..... and guess what I saw in that crash dump ...

<118>Welcome to pfSense 2.5.0-DEVELOPMENT...
<118>
<118>savecore 126 - - reboot after panic: page fault
<118>savecore 126 - - writing core to /var/crash/textdump.tar.0
<118>...ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.30/mach/CORE
<118>32-bit compatibility ldconfig path:
<118>done.
<118>>>> Removing vital flag from php73... done.
<118>External config loader 1.0 is now starting...
<118>Launching the init system ...Updating CPU Microcode...
CPU: Intel(R) Pentium(R) CPU G4620 @ 3.70GHz (3696.18-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x906e9 Family=0x6 Model=0x9e Stepping=9
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>

etc

<118>Done.

So the simple answer is, ..... NetGate does update the micro code (just in another way).

So glad I saw this!

Thanks Netgate !!

Louis