Yeah, nothing to worry about there. But see:
https://www.freebsd.org/cgi/man.cgi?query=vt

Steve

@viktor_g
I think the version was from 23/12/2021 or later.
I did not provided console output just because there was nothing unusual, standard output but instead of reboot machine just stuck on rebooting message. LAN interface pinging was failed. Unfortunately I forgot to ping SYNC interface that is connected directly to secondary, backup firewall. The logs showed me nothing unusual, except that CARP triggered MASTER event on secondary firewall only when I did reset main, primary firewall which I was thinking just get lost in the middle of nowhere. I don't think it is related NAT issue you have mentioned, but I'll check everything again. So far I have no issues. The one thing I suspect is that there was some glitch on the hardware that caused inability to reboot and machine partly worked, like SYNC interface was available and answered, IDK...

be7a2171-4b39-4260-9892-a6e3db0b5eca-image.png

Tested on 2.6.0.b.20211217.1435

FIXED

@psp

It is working the new snap shot loaded today!! Thanks.

working.JPG

@mushymiddle

Redmine issue created:
https://redmine.pfsense.org/issues/12604

Never mind - I found it - System / Advanced / Firewall & NAT. I'll play with that.

@tquade said in Unable to update 2.6.0:

@nollipfsense The WebGUI provides no debug info on failure. The console does.

Ted Quade

Okay...

@jegr said in Unexpected CARP behavior:

@w0w said in Unexpected CARP behavior:

So then I use CARP only for LAN and looks like this works pretty well.

But isn't CARP for LAN only in your case pretty much useless? As it doesn' t really do anything other then having fallback in case you LAN is faulty or you do an upgrade? If that's all you need that's OK and fine :)

Just why would you disconnect a functioning WAN CARP setup on WAN2 because of that way? Is it no option to just put a dial-up PPPoE device in front of your CARP cluster, let it do the dial-up and setup a nice litte WAN1 CARP setup that way?

Just curious and wondering if that's not an option :)

Yes, faulty firewall or upgrade is mostly my case.
If I put some PPPoE doing device in front of CARP cluster...
How do you imagine this, another NAT device?

Same here from 2.5.2 to 2.6.0.a.20211130.0600. All were properly updated: WireGuard (S2S plus Road Warriors), IPSec tunnels, OpenVPN (S2S plus RW), VLANs, multi WANs, pfBlockerNG.

TYVM!

@jegr
Yep... I have it on the main firewall now. The fun thing is that it's booted and accessible via GUI. Only console is broken for now.
2.6.0-DEVELOPMENT (amd64)
built on Fri Nov 12 06:23:32 UTC 2021
Fixed with patch https://github.com/pfsense/pfsense/commit/56b1a253d5c7e61239aa37a99f24119604641cd8
Could be applied via sytem patches package.

@jegr said in Any chances to get Netflix 's Open Connect Appliance (OCA) TCP code (RACK and BBR) into pfSense®?:

@sergei_shablovsky said in Any chances to get Netflix 's Open Connect Appliance (OCA) TCP code (RACK and BBR) into pfSense®?:

@w0w said in Any chances to get Netflix 's Open Connect Appliance (OCA) TCP code (RACK and BBR) into pfSense®?:

https://klarasystems.com/articles/using-the-freebsd-rack-tcp-stack/

Thank You for news!

Available only on the Freebsd 13 and additional options needed when compiling the kernel. I am pretty sure that Netgate uses the Freebsd 12.3 and I have seen somewhere that there are no plans currently to change the version.

Recently I asking here on forum about pfSense shift to the FreeBSD 13, but no any great news from NetGate.

Really, not good news.

Because pfSense looks outdated on FreeBSD 12.X due most end-users traffic today (80%+ in US/EU and around 90%+ in Asia) are classified as “with big latency, packet loss” where BBR2/QUIC are much better CC solution that all we have before.

About that: Don't understand that nonsense about "pfSense looking old on FreeBSD 12.3". It's simply not true.

FreeBSD 12.2 and 13.0 are the current production ready/stable versions listed on the project page. So talking about "old" or "outdated" is simply false. That Negate currently is staying on 12.x with the current 2.5.x release tree is completely normal and understandable as they aim for a STABLE release. Not bleeding edge. And as we are talking about a border gateway, router, gateway device, that's a good approach. FreeBSD 13 is still young and was only released on April this year. So just about half a year of age and as a new release it wasn't even immediatly pushed to -stable but to a -current/-release state.
I don't see the sense in rushing to new releases as that always requires a complete rebasing and updateing of all components of pfSense and its base system. That doesn't work with the wish for more stable releases per year as is currently planned for pfSense plus. With 3 releases per year you aren't simply adapting a completely new base system every few weeks and can include testing for all bells and whistles.

What I say on this? ;)
My experience in IT after more than 20+ years told me, that You are absolutely right.

There is one BUT: the world running faster and faster. And this speed more and more impact on the ”STABILITY vs NEW FEATURES” balancing that we, as network engineers and SysAdmins need to keep well. And of course, this balance vary depend on network environment, client goals, and many other factors.
And the features that we was very septic about, become more valuable and more needed by our clients.
And this is no “bells and whistles”, this is the protocols and technologies that 3-5 years before not exist, but now become a key for a business.
Media streaming coming (Amazon, Netflix, etc...) - and modern and ** more effective CC** like BBR/BBR come in!
Social networking + better cameras in smartphones coming (with a lot of photos and videos) - and modern effective CC QUIC coming and stay as standard RFC protocol in near a future.

I'm really all for new things that make sense. Hands down. But a stable and more tested release is far better than stupid running around after every new driver and release to include the latest and greatest commits there are.

With this I more than agree: in security sector we need to be more traditional, more stable.

Additionally it was already talked about in several blog posts, that pfSense will get FreeBSD 13 (potentially with 2.6 or 2.7 depending on when/what 2.6 will include) later on. So I see no sense in downtalking the use of a stable base OS :)

I am not sure that coming as fast as we need: after recent issue with error in code (that mean no effective code quality check system exist in Netgate) I am not sure there are so much resources to keep both CE and TNSR versions and (as You good write) ** that always requires a complete rebasing and updateing of all components of pfSense and its base system. That doesn't work with the wish for more stable releases per year as is currently planned for pfSense plus. With 3 releases per year you aren't simply adapting a completely new base system every few weeks and can include testing for all bells and whistles.**.

Looks like we'll be sticking with Unbound 1.13.x. We checked around internally yesterday and even the people who could reliably reproduce crashes on 1.13.x before could not do so on 21.09 since the last Unbound update.

We still have plans to correct how records are handled in Unbound in the near future, but at the moment it seems to have stabilized with the existing method.

https://redmine.pfsense.org/issues/12144

@havastamas Please check the /tmp/rules.packages.squid

@nrgia said in Parsing error in /etc/inc/system.inc:

@gertjan said in Parsing error in /etc/inc/system.inc:

I do not want to argue with all that has been said above.
I even tend to say "yeah, all true".

Still, I like to throw in some more words.

Snapshots are made public for a reason.
Those who made the snapshots public, wrote this : https://www.pfsense.org/snapshots/ and the message over there was written to the ones that made the snapshots available.
Everybody is free to interpret that message as he wants, but what the author wrote should be taken in consideration.

If you are referring to the following text: "These builds are for testing purposes only" then you don't know what testing really is. Did you heard of Definition of Ready or Definition of Done in a Software Development Lifecycle? I don't think you've heard about it.
First of all, before anyone starts testing a build, the one responsible releasing that build, must make sure that the build is TESTABLE, if it's not it should not reach the QA team in the first place. A short Smoke Test like:

Install the Snapshot see if it boots Is the pfSense GUI displayed to the user Are all the default services(packages) loaded without errors after the boot? Is there any error messages in the logs after booting?

should be executed

If any of that fails you should not pass that Build further. You recheck the code and rebuild.

We are all pfSense fans here, with our comments we are hopping that the process will improve, and this will not happen again. Inventing excuses that this is ok to happen is not productive, and proves to me that you don't know what you're talking about.

Also from my perspective I don't have anything to add to this issue, and it will be my last comment for this particular issue.

Hope the process will change though.

TOTALLY AGREE!

@junnu said in 2.6.0 20210715 devel-12-n226655-5bff64636ea certs.inc bug:

If you upgrade 2.6.0-dev to 20210715-version, it does not work, just boots, but gives error from /etc/inc/certs.inc at row 1451

Looks like latest editor does not have syntax checker on his editor, there is missing one ending )

buuttivika_syntax_error_1.jpg

After adding one ) on if statement, it works ok.

How this able to happened ???? In 2021 dozens of IDE and standalone code editors with syntax checking and even suggestions to resolving....

Now that pfSense is running again, I checked my system logging and noticed following messages which are to some unkown extend not ok

Aug 7 19:35:18 pfSense php[454]: rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).'

Aug 7 19:35:15 pfSense php[454]: rc.bootup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1628357715] unbound[68120:0] error: bind: address already in use [1628357715] unbound[68120:0] fatal error: could not open ports'

Aug 7 19:35:14 pfSense php-fpm[393]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 0.0.0.0 -> 83.162.43.161 - Restarting packages.

Aug 7 19:34:52 pfSense kernel: linker_load_file: /boot/kernel/uhid.ko - unsupported file type
Aug 7 19:34:52 pfSense kernel: interface uhid.1 already present in the KLD 'kernel'!

Aug 7 19:34:52 pfSense kernel: WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 14.0.
Aug 7 19:34:52 pfSense kernel: WARNING: Device "kbd" is Giant locked and may be deleted before FreeBSD 14.0.
Aug 7 19:34:52 pfSense kernel: WARNING: Device "pci" is Giant locked and may be deleted before FreeBSD 14.0.
Aug 7 19:34:52 pfSense kernel: WARNING: Device "g_ctl" is Giant locked and may be deleted before FreeBSD 14.0.