Post DR package repo not available in 2.7.2

MakOwner

@stephenw10
in the GUI it just freezes up still...

When this eventually times out the session I'll install from the cli and try removing in the gui.

MakOwner

@MakOwner

Where can I find help on the pkg command?
I see things in the command list like "clean" but "pkg help clean" just shows

: pkg help clean
sh: /usr/bin/man: not found

I had to install from the cli.
Once I installed the open-vm-tools package the kernel mods package was no longer visible in available packages to install.
I made a few guesses at the name but no luck.

I don't see an obvious way to list available pkgs from the command line.

BUT, the page that shows currently installed packages will now eventually populate.
Haven't seen anything that slow since 300baud dialup.

removing the open-vm-tools package just gets stuck back here:

The GUI just locks up.
Can't navigate away from that screen.
Have to kill that tab and login again.

MakOwner

Hmmm.. what is "libdnet"?
Any danger in removing it?

: pkg autoremove
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 2 packages:

Installed packages to be REMOVED:
	libdnet: 1.13_4
	open-vm-tools-nox11: 12.3.5,2

Number of packages to be removed: 2

The operation will free 4 MiB.

Proceed with deinstalling packages? [y/N]: 

stephenw10

See: https://man.freebsd.org/cgi/man.cgi?query=pkg

[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pkg search vm-tools
open-vm-tools-nox11-12.3.5,2   Open VMware tools for FreeBSD VMware guests (without X11)
pfSense-pkg-Open-VM-Tools-10.1.0_5,1 pfSense package Open-VM-Tools

libdnet is not installed by default:

[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pkg info libdnet
pkg: No package(s) matching libdnet
[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pkg search libdnet
libdnet-1.13_4                 Simple interface to low level networking routines

MakOwner

@stephenw10

I'll wait until after business hours to uninstall that just in case ...

What's the difference between pkg and pkg-static commands?
Is there an documentation I can review about the package manager?
Is this a standard BSD package manager or something unique to pfsense?

I want to install PFBlocker and using the CLI is magnitudes faster than the GUI ...

stephenw10

pkg-static uses static linked libs. It's needed udring upgrade. The pfSense scripts always use it to be sure.

It's the standard FreeBSD package manager. See the man page I linked above.

There's something broken with the gui on your install. It should not be significantly slower.

MakOwner

@stephenw10
Best approach would be to ensure all packages are removed, run the auto remove command and create a fresh backup, re install the restore?

I have run the restore previously via the GUI after configuring the LAN interface.
That was so I could run a temporary setup and not interrupt local network access.

Is that a potential source for these issues?

I boot the installation media from DVD drive.

How would the backup file be presented during the initial boot process?
USB stick?
Will the installer search for mount point or does that have to be done manually?

stephenw10

If you put the backup on the root of a fat32 formatted USB driev and name it config.xml it will be found by the installer.

For backwards compatibility it also looks in /conf on the USB drive.
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-usb-during-install

Remember to remove the USB drive because it will also look for configs there at every boot via the ECL:
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl

MakOwner

@stephenw10

The config section for installed packages should just be:
<installedpackages>
</installedpackages>

correct?

the pkg-repoc command is finally returning something now:

/root: pfSense-repoc
pfSense-repoc: failed to fetch the repo data
failed to read the repo data.

stephenw10

Hmm, that seems like a general connectivity failure. Other systems behind pfSense are not seeing any issues?

MakOwner

@stephenw10

No connection issues that I can determine.
Email is slower than I'd like, but ...

I'm connecting through it right now.

stephenw10

Hmm, if there's nothing in the system log check the nginx logs then. There must be something erroring out.

MakOwner

@stephenw10
Quick run through the logs doesn't show anything odd other than sshguard going up and down extremely frequently, and ntp logs showing an out of sync condition when I don't think it should.

I did tar up /var/log for a closer look later.

stephenw10

If ssh guard is being restarted very often that means at least one of the logs is being rotated often. And that implies something is happening that's generating a lot of logs.

Check the logs (ls -ls /var/log) so see which log is rotating and what's in it.

Steve

MakOwner

@stephenw10
nginx, filter and gateways logs have rotated more than others but the filter log looks like it does so more frequently.

rw-------   1 root wheel 144457 Feb  1 07:36 auth.log
-rw-r--r--   1 root wheel  44790 Jan 29 08:39 bsdinstall_log
-rw-------   1 root wheel 410497 Feb  1 07:35 dhcpd.log
-rw-------   1 root wheel  14347 Jan 31 17:00 dhcpd.log.0.bz2
-rw-------   1 root wheel  16915 Jan 30 20:35 dhcpd.log.1.bz2
-rw-r--r--   1 root wheel  15164 Jan 31 05:46 dmesg.boot
-rw-------   1 root wheel 437599 Feb  1 07:36 filter.log
-rw-------   1 root wheel  23772 Feb  1 07:34 filter.log.0.bz2
-rw-------   1 root wheel  23153 Feb  1 07:31 filter.log.1.bz2
-rw-------   1 root wheel  23168 Feb  1 07:28 filter.log.2.bz2
-rw-------   1 root wheel  23363 Feb  1 07:25 filter.log.3.bz2
-rw-------   1 root wheel  23705 Feb  1 07:22 filter.log.4.bz2
-rw-------   1 root wheel  23334 Feb  1 07:19 filter.log.5.bz2
-rw-------   1 root wheel  23087 Feb  1 07:16 filter.log.6.bz2
-rw-------   1 root wheel 503608 Feb  1 07:11 gateways.log
-rw-------   1 root wheel   8957 Jan 30 03:44 gateways.log.0.bz2
-rw-------   1 root wheel   8032 Jan 30 02:44 gateways.log.1.bz2
-rw-------   1 root wheel   8120 Jan 30 01:46 gateways.log.2.bz2
-rw-------   1 root wheel   8103 Jan 30 00:48 gateways.log.3.bz2
-rw-------   1 root wheel   7979 Jan 29 23:50 gateways.log.4.bz2
-rw-------   1 root wheel   7617 Jan 29 22:52 gateways.log.5.bz2
-rw-------   1 root wheel   7791 Jan 29 21:54 gateways.log.6.bz2
-rw-------   1 root wheel      0 Jan 31 05:45 ipsec.log
-rw-------   1 root wheel      0 Jan 31 05:45 l2tps.log
-rw-r--r--   1 root wheel      0 Jan 29 10:53 lastlog
drwxr-xr-x   2 root wheel      3 Jan 29 09:18 nginx
-rw-------   1 root wheel 334891 Feb  1 07:33 nginx.log
-rw-------   1 root wheel  10109 Jan 31 19:53 nginx.log.0.bz2
-rw-------   1 root wheel  10127 Jan 31 19:21 nginx.log.1.bz2
-rw-------   1 root wheel  10021 Jan 31 18:49 nginx.log.2.bz2
-rw-------   1 root wheel  10032 Jan 31 18:17 nginx.log.3.bz2
-rw-------   1 root wheel  10079 Jan 31 17:45 nginx.log.4.bz2
-rw-------   1 root wheel  10014 Jan 31 17:13 nginx.log.5.bz2
-rw-------   1 root wheel  10562 Jan 31 16:41 nginx.log.6.bz2
drwxr-xr-x   2 root wheel      2 Jan 29 09:18 ntp
-rw-------   1 root wheel 351580 Jan 31 06:43 ntpd.log
-rw-------   1 root wheel      0 Jan 31 05:45 openvpn.log
-rw-------   1 root wheel      0 Jan 31 05:45 poes.log
-rw-------   1 root wheel      0 Jan 31 05:45 portalauth.log
-rw-------   1 root wheel      0 Jan 31 05:45 ppp.log
-rw-------   1 root wheel 265790 Feb  1 07:33 resolver.log
-rw-------   1 root wheel  11140 Jan 30 08:02 resolver.log.0.bz2
-rw-------   1 root wheel      0 Jan 31 05:45 routing.log
-rw-------   1 root wheel  41041 Feb  1 07:36 system.log
-rw-------   1 root wheel  35445 Jan 31 21:00 system.log.0.bz2
-rw-------   1 root wheel   6318 Jan 31 05:46 userlog
-rw-r--r--   1 root wheel    394 Feb  1 07:36 utx.lastlogin
-rw-------   1 root wheel   1555 Feb  1 07:36 utx.log
-rw-------   1 root wheel      0 Jan 31 05:45 vpn.log
-rw-------   1 root wheel      0 Jan 31 05:45 wireless.log

MakOwner

@stephenw10

I have two gateways for this firewall -- the default to the WAN and another interface that routes to another pfsense firewall in another building.
It's a 10G link between buildings for backups and access to the private network there.

This hopefully doesn't affect anything as it worked without issues with 2.6.x virtualized -- maybe some logging setting is wrong for the private gateway?

MakOwner

I see a lot of this in the firewall logs:

stephenw10

Yeah that's rotating every few minutes. Unless you have very limited disk space I would set the firewall log larger so it rotates less frequetly and disable log compression so it isn't taxing the CPU each time.

You might also consider changing the ruleset to log less depending on what it's logging.

MakOwner

I'll do that and pursue the question of why the firewall is being flooded from that private IP range with the ISP ...

I've got overly large disk space for this firewall so I bumped log size from 512000 to 5120000 an turned off compression.

Filesystem                            Size    Used   Avail Capacity  Mounted on
pfSense/var/log                       729G    825K    729G     0%    /var/log

stephenw10

Ah, nice. Well it would be trivial to add a block rule for just UDP port 10002 without logging enabled. That traffic is odd though I agree.