Install older version of Packages
-
Yes, I understand. We need to know what caused that though, there's a good chance these things have the same root cause.
-
@stephenw10 OK, Thanks.
-
@Pete-wright and @JonathanLee you might want to follow this thread relative to your Squid conversation.
-
My Squid and Squidguard packages are working great as of now. Again I am running patches that are now part of this new version as well as the adapted error files.
Does any of this occur?
https://redmine.pfsense.org/issues/13984These patches on that Redime are now part of the new Squid and Squidguard versions. I am running SSL intercept and transparent at the same time and utilize custom options. Thank you Marcos for fixing all of those issues for us.
What are your error logs showing?
-
@JonathanLee In general, Squid and ClamAV are not working. I fixed those ERROR Templates just as you did, I had not ready your thread. I was also seeing the DNS first error even thought it is unchecked.
I am not running Squidguard which is a difference from your setup.
And these are clean installs. I did not have an earlier version of Squid installed.
I went from pfSense CE 2.7.0 to pfSense 23.01 then 23.05 on a PC and on a Netgate 6100 MAX from pfSense+ 223.01 to 23.05.
Squid 0.4.46 was a clean/new install.
Those patches should be incorpated as you mentioned since I only recently installed.
stephenw10 is looking into it.
-
@ericreiss I have seen the DNS first error for many years. It's a warning. IPv4 first is outdated or something. They just want you to have IPv6 now. Don't stress that one.
-
@JonathanLee Thanks Jonathan.
Sorry I did not repond sooner, I had short notice Thursday evening to drive down to our office (1.5 hour one way drive) for Friday to test our newly installed 100G symmetric Fiber installation and in stall the Netgate pfSense 6100 MAX.
The 6100 MAX worked like a champ. I had a little issue with a WIFI router I loaned them with DD-WRT firmware as I am trying to convince my boss about the benefits of using it of Lionksys' firmware.
When I returned home and checked it that night, I was able to Tailscale VPN and Wireguard VPN in to manage it.
Love the pfSense.
Then I had a busy weekend personal stuff.
Regarding the DNS v4 first issue, I liked Stephenw10's reply about the Template and DNS v4 first having possible root cause problems causing the other problems I was having.
Looking forward to seeing it working reliably be the other packages and pfSense have been great.
Thanks.
~Eric
-
-
-
Nothing on the bug report yet. Anything further will be added there.
-
@stephenw10 what about wget???
-
@stephenw10 so it has been four months on this and no updates on Squid fix?
-
What I'm going to say here is not supported, it can brick your firewall and there is a high chance of a reinstall being required.
So, if you choose to follow this route, do it at your own risk, backup a config first and also take a snapshot just to be safe, ok ?That being said, sometime ago I used to install a previous version of softflowd doing the following procedure: (updated for Squid).
Make sure Squid is not installed.
1- ssh to pfsense
2- go to /tmp directory
3- fetch https://firmware.netgate.com/pkg/pfSense_plus-v23_01_armv7-pfSense_plus_v23_01/All/pfSense-pkg-squid-0.4.45_10.pkg
4- fetch https://firmware.netgate.com/pkg/pfSense_plus-v23_01_armv7-pfSense_plus_v23_01/All/squid-5.7.pkg
5- pkg install pfSense-pkg-squid-0.4.45_10.pkg
6- pkg install squid-5.7.pkgTo remove this package: run pkg remove squid
Note: This version is for ARMv7 only, version 23.01.
Unfortunately, this is the latest version I found at https://firmware.netgate.com/pkg/Proceed with caution, I didn't test this with Squid, just with softflowd, so you are on your own, your responsibility !
To be honest, I'm not sure if it is a good idea to share this.. pfSense admins, feel free to remove this post if you want, it is ok by me!!
-
@ericreiss Thanks @mcury but I would like to see support resolve this properly. Others were experiencing what may be the root of the problem from a ticket https://redmine.pfsense.org/issues/14406.
So the solution is not to try to install older versions of package.
But it appears that "Marcos M" could not replicate the problem and that nothing else is being done.
He tried on release 23.09 and I am now at 23.09 whereas I was at 23.05 at the time of the problem. Maybe I should uninstall Squid and try a reinstall.
It would have been nice if it had been tried against 23.05 and 23.09 to see if there was a difference and if the problem was reproducable on 23.05 so that we would know that just going to 23.09 and then installing Squid would fix everything.
But it appears support put the least amount of effort into this and I have not checked it in months.
-
@mcury This can also work for Snort right?
-
@ericreiss said in Install older version of Packages:
https://redmine.pfsense.org/issues/14406
My redmine lists how to fix the issue, have you attempted to relink the folder, or copy it over to the empty folder?
After 23.05 update and new Squid version 0.4.46 installed errors started showing, "ERROR: loading file 9;/usr/local/etc/squid/errors/en/ERR_ZERO_SIZE_OBJECT': (2) No such file or directory" and many others the path /usr/local/squid/errors/templates is the only sub folder listed with error code. It seems Headers Handling, Language and Other Customizations settings for languages is not loading the error codes into the required subfolder. System is functional however no errors are listed Fix: cp -a /usr/local/etc/squid/errors/templates/. /usr/local/etc/squid/errors/en-us cp -a /usr/local/etc/squid/errors/templates/. /usr/local/etc/squid/errors/en seems to resolve this however for other languages there is no error codes anylonger. -
@JonathanLee said in Install older version of Packages:
@mcury This can also work for Snort right?
I didn't test, but I think it could work.. The best approach would be to wait a proper fix..
For softflowd, I tested a lot of versions and they all worked, but softflowd is much simpler than Squid or Snort.. -
@JonathanLee I had done that over the summer. It fixed the one error but there are other problems and @stephenw10 thought there might be a bigger issue since some thing were not being installed properly, it might be indicative of bigger and/or more widespread problems.
So your fix while solving some of the warnings did not resolve the other problem I was seeing.
I was trying to get Squid to do the AV Clam scanning so my needs were more involved.
-
@mcury I need the Snort .11 version, my 23.05.01 has separated layer 2 broadcast domains for Compex card Vs Marvel Switch in 23.09.01 they are all one giant broadcast domain, I have issues with Arp Storms in the past, so I am stuck until that is resolved in 23.09.01 I have an open redmine for it because that could open a possibility of VLAN hopping because it does do double MAC registrations, it also did that in 23.05.01 but the traffic between the layer 2 interfaces did not flow like it does in 23.09.01
https://redmine.pfsense.org/issues/15104
This concerns me, the intra interfaces should not require layer 2 communication between each other, they are not virtual not even on the same switch, they have different outbound NAT, they have different layer 3 IP addresses. It worked correctly in 23.05.01, I think KEA DHCP implication has something to do with it, but ISC is also showing one broadcast domain. It's weird.
-
@ericreiss Oooo I have a 2100 MAX ClamAV eats up RAM I use to run it all the time, it works still but with Snort's appID running with all my custom text rules Snort needed more RAM so TAC's recommendation was for me to just disable ClamAV because I don't have the RAM for it to run both packages.
