Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Are we close to an RC release?

    Scheduled Pinned Locked Moved Plus 24.03 Development Snapshots (Retired)
    75 Posts 11 Posters 12.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Just asking about the RC?

      B 1 Reply Last reply Reply Quote 0
      • B
        behemyth @stephenw10
        last edited by

        @stephenw10

        Yeah. Since we haven’t had an update for over a week now, I’m guessing it’s close?

        Going through update withdrawal.

        JonathanLeeJ 1 Reply Last reply Reply Quote 1
        • JonathanLeeJ
          JonathanLee @behemyth
          last edited by

          @behemyth just run pkg upgrade and pkg update that should get you your fix and hold you over

          Make sure to upvote

          B 1 Reply Last reply Reply Quote 1
          • B
            behemyth @JonathanLee
            last edited by

            @JonathanLee

            Won’t that download potentially unsupported packages though?

            JonathanLeeJ 1 Reply Last reply Reply Quote 0
            • JonathanLeeJ
              JonathanLee @behemyth
              last edited by

              @behemyth just like development software;)

              Make sure to upvote

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                It won't because the public pkg repo hasn't been updated since the last beta. We are ironing out the last few wrinkles internally. I hope! 🤞

                1 Reply Last reply Reply Quote 1
                • GertjanG
                  Gertjan
                  last edited by Gertjan

                  I've pfSense plus 23.09.1, so I cloned my existing 23.09.1 boot environment into a new one, booted into it, and hit the upgrade (to 24.04.xxxx) button.

                  I use these packages :

                  ab4d2624-7930-426f-aa68-5fb9089855cc-image.png

                  and I also use the captive portal.

                  It's now close to 2 weeks, and invested "more then reasonable" time in looking into issues.
                  I've found none.

                  edit : hardware : a 4100.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 1
                  • JonathanLeeJ
                    JonathanLee
                    last edited by JonathanLee

                    Here we go with 2100-MAX safecrypt chip

                    Screenshot 2024-04-04 083438.png

                    Take 2 for me last time it crashed the whole file system 3 months ago,

                    Fingers crossed I do not want to do that reinstall process again

                    Make sure to upvote

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      It shouldn't. I've upgraded 2100s numerous times. If it there is some specific config/package issue though now is the time to find it!

                      JonathanLeeJ 1 Reply Last reply Reply Quote 1
                      • JonathanLeeJ
                        JonathanLee @stephenw10
                        last edited by JonathanLee

                        @stephenw10 It is working YEAHHH Squid 6.6 installed and running and blocking and caching

                        Screenshot 2024-04-04 090152.png

                        I am seeing some random errors in squid 6. something new called KICK again I am using a custom config here is a copy of it for dev team if needed or looking for stuff to check out. It looks to be password locked for the status page something I did I am sure.

                        Screenshot 2024-04-04 091113.png

                        # This file is automatically generated by pfSense
                        # Do not edit manually !
                        
                        http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
                        
                        http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
                        
                        https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
                        
                        icp_port 0
                        digest_generation off
                        dns_v4_first on
                        pid_filename /var/run/squid/squid.pid
                        cache_effective_user squid
                        cache_effective_group proxy
                        error_default_language en
                        icon_directory /usr/local/etc/squid/icons
                        visible_hostname Lee_Family.home.arpa
                        cache_mgr jonathanlee571@gmail.com
                        access_log /var/squid/logs/access.log
                        cache_log /var/squid/logs/cache.log
                        cache_store_log none
                        netdb_filename /var/squid/logs/netdb.state
                        pinger_enable on
                        pinger_program /usr/local/libexec/squid/pinger
                        sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048
                        tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt
                        tls_outgoing_options capath=/usr/local/share/certs/
                        tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
                        tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
                        tls_outgoing_options flags=DONT_VERIFY_PEER
                        sslcrtd_children 10
                        
                        logfile_rotate 0
                        debug_options rotate=0
                        shutdown_lifetime 3 seconds
                        # Allow local network(s) on interface(s)
                        acl localnet src  192.168.1.0/27
                        forwarded_for transparent
                        httpd_suppress_version_string on
                        uri_whitespace strip
                        
                        acl getmethod method GET
                        
                        acl windowsupdate dstdomain windowsupdate.microsoft.com
                        acl windowsupdate dstdomain .update.microsoft.com
                        acl windowsupdate dstdomain download.windowsupdate.com
                        acl windowsupdate dstdomain redir.metaservices.microsoft.com
                        acl windowsupdate dstdomain images.metaservices.microsoft.com
                        acl windowsupdate dstdomain c.microsoft.com
                        acl windowsupdate dstdomain www.download.windowsupdate.com
                        acl windowsupdate dstdomain wustat.windows.com
                        acl windowsupdate dstdomain crl.microsoft.com
                        acl windowsupdate dstdomain sls.microsoft.com
                        acl windowsupdate dstdomain productactivation.one.microsoft.com
                        acl windowsupdate dstdomain ntservicepack.microsoft.com
                        acl windowsupdate dstdomain dc1-st.ksn.kaspersky-labs.com
                        acl windowsupdate dstdomain dc1-file.ksn.kaspersky-labs.com
                        acl windowsupdate dstdomain dc1.ksn.kaspersky-labs.com
                        
                        acl rewritedoms dstdomain .facebook.com .akamaihd.net .fbcdn.net .google.com .static.com .apple.com .oracle.com .sun.com .java.com .adobe.com .steamstatic.com .steampowered.com .steamcontent.com .google.com
                        
                        store_id_program /usr/local/libexec/squid/storeid_file_rewrite /var/squid/storeid/storeid_rewrite.txt
                        store_id_children 10 startup=5 idle=1 concurrency=0
                        always_direct allow !getmethod
                        store_id_access deny connect
                        store_id_access deny !getmethod
                        store_id_access allow rewritedoms
                        #reload_into_ims on
                        max_stale 20 years
                        minimum_expiry_time 0
                        
                        
                        refresh_pattern -i squid.internal 10080 80% 79900 override-lastmod override-expire ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
                        
                        #APPLE STUFF
                        refresh_pattern -i apple.com/..(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$ 0 80% 43200  refresh-ims
                        
                        #apple update
                        refresh_pattern -i (download|adcdownload).apple.com/.*.(pkg|dmg) 4320 100% 43200 
                        refresh_pattern -i appldnld.apple.com 129600 100% 129600     
                        refresh_pattern -i phobos.apple.com 129600 100% 129600     
                        refresh_pattern -i iosapps.itunes.apple.com 129600 100% 129600     
                        
                        # Updates: Windows
                        refresh_pattern -i microsoft.com/..(cab|exe|msi|msu|msf|asf|wma|dat|zip)$ 4320 80% 43200  refresh-ims
                        refresh_pattern -i windowsupdate.com/..(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200  refresh-ims
                        refresh_pattern -i windows.com/..(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$ 4320 80% 43200  refresh-ims
                        refresh_pattern -i microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 
                        refresh_pattern -i windowsupdate.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 
                        refresh_pattern -i windows.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 
                        refresh_pattern -i .*windowsupdate.com/.*.(cab|exe) 259200 100% 259200   
                        refresh_pattern -i .*update.microsoft.com/.*.(cab|exe|dll|msi|psf) 259200 100% 259200   
                        refresh_pattern windowsupdate.com/.*.(cab|exe|dll|msi|psf) 10080 100% 43200 
                        refresh_pattern download.microsoft.com/.*.(cab|exe|dll|msi|psf) 10080 100% 43200 
                        refresh_pattern www.microsoft.com/.*.(cab|exe|dll|msi|psf) 10080 100% 43200 
                        refresh_pattern au.download.windowsupdate.com/.*.(cab|exe|dll|msi|psf) 4320 100% 43200 
                        refresh_pattern bg.v4.pr.dl.ws.microsoft.com/.*.(cab|exe|dll|msi|psf) 4320 100% 43200
                        #windows update NEW UPDATE 0.04
                        refresh_pattern update.microsoft.com/.*.(cab|exe) 43200 100% 129600    
                        refresh_pattern ([^.]+.)?(download|(windows)?update).(microsoft.)?com/.*.(cab|exe|msi|msp|psf) 4320 100% 43200  
                        refresh_pattern update.microsoft.com/.*.(cab|exe|dll|msi|psf) 10080 100% 43200 
                        refresh_pattern -i .update.microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 525600 100% 525600       
                        refresh_pattern -i .windowsupdate.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 525600 100% 525600       
                        refresh_pattern -i .download.microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 525600 100% 525600       
                        refresh_pattern -i .ws.microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 525600 100% 525600       
                        
                        refresh_pattern ([^.]+.)?(cs|content[1-9]|hsar|content-origin|client-download).[steampowered|steamcontent].com/.*.* 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store override-expire override-lastmod
                        refresh_pattern ([^.]+.)?.akamai.steamstatic.com/.*.* 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store override-expire override-lastmod
                        
                        refresh_pattern -i ([^.]+.)?.adobe.com/.*.(zip|exe) 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store override-expire override-lastmod
                        refresh_pattern -i ([^.]+.)?.java.com/.*.(zip|exe) 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store override-expire override-lastmod
                        refresh_pattern -i ([^.]+.)?.sun.com/.*.(zip|exe) 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store override-expire override-lastmod
                        refresh_pattern -i ([^.]+.)?.oracle.com/.*.(zip|exe|tar.gz) 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store override-expire override-lastmod
                        
                        refresh_pattern -i appldnld.apple.com 43200 100% 43200 ignore-reload ignore-no-store override-expire override-lastmod
                        refresh_pattern -i ([^.]+.)?apple.com/.*.(ipa) 43200 100% 43200 ignore-reload ignore-no-store override-expire override-lastmod
                         
                        refresh_pattern -i ([^.]+.)?.google.com/.*.(exe|crx) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        refresh_pattern -i ([^.]+.)?g.static.com/.*.(exe|crx) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        
                        #FACEBOOK
                        refresh_pattern ^http?://*.facebook.com/*  10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        
                        #FACEBOOK IMAGES  
                        refresh_pattern -i pixel.facebook.com..(jpg|png|gif|ico|css|js)  10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        refresh_pattern -i .akamaihd.net..(jpg|png|gif|ico|css|js) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private   
                        refresh_pattern -i (facebook.com).(jpg|png|gif) 10080 80% 43200 store-stale override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private 
                        refresh_pattern static.(xx|ak).fbcdn.net.(jpg|gif|png) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        refresh_pattern ^https?://profile.ak.fbcdn.net*.(jpg|gif|png) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        
                        #FACEBOOK VIDEO
                        refresh_pattern -i .video.ak.fbcdn.net.*.(mp4|flv|mp3|amf) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private   
                        refresh_pattern (audio|video)/(webm|mp4) 10080 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload reload-into-ims ignore-private
                        
                        
                        range_offset_limit 512 MB windowsupdate
                        maximum_object_size 512 MB windowsupdate
                        range_offset_limit 0
                        quick_abort_min -1 KB
                        
                        cache_mem 64 MB
                        maximum_object_size_in_memory 256 KB
                        memory_replacement_policy heap LFUDA
                        cache_replacement_policy heap LFUDA
                        minimum_object_size 0 KB
                        maximum_object_size 4 MB
                        cache_dir diskd /var/squid/cache 64000 256 256
                        offline_mode off
                        cache_swap_low 90
                        cache_swap_high 95
                        acl donotcache dstdomain '/var/squid/acl/donotcache.acl'
                        cache deny donotcache
                        cache allow all
                        # Add any of your own refresh_pattern entries above these.
                        refresh_pattern ^ftp:    1440  20%  10080
                        refresh_pattern ^gopher:  1440  0%  1440
                        refresh_pattern -i (/cgi-bin/|?) 0  0%  0
                        refresh_pattern .    0  20%  4320
                        
                        
                        #Remote proxies
                        
                        
                        # Setup some default acls
                        # ACLs all, manager, localhost, and to_localhost are predefined.
                        acl allsrc src all
                        acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 3129 1025-65535 
                        acl sslports port 443 563 8080 5223 2197
                        
                        acl purge method PURGE
                        acl connect method CONNECT
                        
                        # Define protocols used for redirects
                        acl HTTP proto HTTP
                        acl HTTPS proto HTTPS
                        
                        # SslBump Peek and Splice
                        # http://wiki.squid-cache.org/Features/SslPeekAndSplice
                        # http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
                        # Match against the current step during ssl_bump evaluation [fast]
                        # Never matches and should not be used outside the ssl_bump context.
                        #
                        # At each SslBump step, Squid evaluates ssl_bump directives to find
                        # the next bumping action (e.g., peek or splice). Valid SslBump step
                        # values and the corresponding ssl_bump evaluation moments are:
                        #   SslBump1: After getting TCP-level and HTTP CONNECT info.
                        #   SslBump2: After getting TLS Client Hello info.
                        #   SslBump3: After getting TLS Server Hello info.
                        # These ACLs exist even when 'SSL/MITM Mode' is set to 'Custom' so that
                        # they can be used there for custom configuration.
                        acl step1 at_step SslBump1
                        acl step2 at_step SslBump2
                        acl step3 at_step SslBump3
                        acl banned_hosts src '/var/squid/acl/banned_hosts.acl'
                        acl whitelist dstdom_regex -i '/var/squid/acl/whitelist.acl'
                        acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl'
                        http_access allow manager localhost
                        
                        # Allow external cache managers
                        acl ext_manager src 192.168.1.1
                        acl ext_manager src 127.0.0.1
                        http_access allow manager ext_manager
                        
                        http_access deny manager
                        http_access allow purge localhost
                        http_access deny purge
                        http_access deny !safeports
                        http_access deny CONNECT !sslports
                        
                        # Always allow localhost connections
                        http_access allow localhost
                        
                        quick_abort_min 0 KB
                        quick_abort_max 0 KB
                        quick_abort_pct 95
                        request_body_max_size 0 KB
                        delay_pools 1
                        delay_class 1 2
                        delay_parameters 1 -1/-1 -1/-1
                        delay_initial_bucket_level 100
                        delay_access 1 allow allsrc
                        
                        # Reverse Proxy settings
                        
                        deny_info TCP_RESET allsrc
                        
                        # Package Integration
                        url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
                        url_rewrite_bypass off
                        url_rewrite_children 32 startup=8 idle=4 concurrency=0
                        
                        # Custom options before auth
                        #host_verify_strict on
                        
                        # These hosts are banned
                        http_access deny banned_hosts
                        # Always allow access to whitelist domains
                        http_access allow whitelist
                        # Block access to blacklist domains
                        http_access deny blacklist
                        # List of domains allowed to logging in to Google services
                        request_header_access X-GoogApps-Allowed-Domains deny all
                        request_header_add X-GoogApps-Allowed-Domains consumer_accounts
                        # Set YouTube safesearch restriction
                        acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com
                        request_header_access YouTube-Restrict deny all
                        request_header_add YouTube-Restrict none youtubedst
                        acl sglog url_regex -i sgr=ACCESSDENIED
                        http_access deny sglog
                        # Custom SSL/MITM options before auth
                        acl manager proto cache_object
                        acl localhost src 192.168.1.1/32
                        #cachemgr_passwd disable offline_toggle reconfigure shutdown
                        #cachemgr_passwd topsecret all
                        acl https_login url_regex -i ^https.*(login|Login).*
                        acl no_miss url_regex -i ^.*gateway.facebook.com/ws/realtime?
                        acl no_miss url_regex -i ^.*web-chat-e2ee.facebook.com/ws/chat	
                        acl CONNECT method CONNECT
                        acl wuCONNECT dstdomain www.update.microsoft.com
                        acl wuCONNECT dstdomain sls.microsoft.com
                        http_access allow CONNECT wuCONNECT localnet
                        http_access allow CONNECT wuCONNECT localhost
                        http_access allow windowsupdate localnet
                        http_access allow windowsupdate localhost
                        http_access deny manager
                        
                        acl BrokenButTrustedServers dstdomain '/usr/local/pkg/dstdom.broken'
                        acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
                        sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch
                        sslproxy_cert_error deny all
                        
                        acl splice_only src 192.168.1.8 #Tasha iPhone
                        acl splice_only src 192.168.1.10 #Jon iPhone
                        acl splice_only src 192.168.1.11 #Amazon Fire
                        acl splice_only src 192.168.1.15 #Tasha HP
                        acl splice_only src 192.168.1.16 #iPad
                        
                        acl NoSSLIntercept ssl::server_name_regex -i '/usr/local/pkg/url.nobump'
                        
                        acl markBumped annotate_client bumped=true
                        acl bump_only src 192.168.1.3 #webtv
                        acl bump_only src 192.168.1.4 #toshiba
                        acl bump_only src 192.168.1.5 #imac
                        acl bump_only src 192.168.1.9 #macbook
                        acl bump_only src 192.168.1.13 #dell
                        
                        cache deny https_login
                        
                        ssl_bump peek step1
                        miss_access deny no_miss 
                        ssl_bump splice https_login
                        ssl_bump splice splice_only
                        ssl_bump splice NoSSLIntercept
                        ssl_bump bump bump_only markBumped
                        ssl_bump stare all
                        
                        acl markedBumped note bumped true
                        url_rewrite_access deny markedBumped
                        
                        http_access deny all
                        read_ahead_gap 32 KB
                        negative_ttl 1 second
                        connect_timeout 30 seconds
                        request_timeout 60 seconds
                        half_closed_clients off
                        shutdown_lifetime 10 seconds
                        negative_dns_ttl 1 seconds
                        ignore_unknown_nameservers on
                        pipeline_prefetch 100
                        
                        #acl SSLIntercept ssl::server_name_regex -i '/usr/local/pkg/url.bump'
                        #ssl_bump bump SSLIntercept
                        
                        # Setup allowed ACLs
                        # Allow local network(s) on interface(s)
                        http_access allow localnet
                        # Default block all to be sure
                        http_access deny allsrc
                        
                        

                        Weird

                        Make sure to upvote

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          So it's working as expected but just logging that in the Squid logs?

                          JonathanLeeJ 1 Reply Last reply Reply Quote 0
                          • JonathanLeeJ
                            JonathanLee @stephenw10
                            last edited by stephenw10

                            @stephenw10

                            Screenshot 2024-04-04 092823.png

                            yes that issue along with it I can no longer access

                            https://192.168.1.1:7445/cachemgr.cgi too

                            Screenshot 2024-04-04 092543.png

                            I get my login for it however I get access blocked

                            Screenshot 2024-04-04 092613.png

                            Also error logs issue again

                            Screenshot 2024-04-04 092710.png

                            But it is working cacheing and blocking URLS correctly just access the logging something is off for me.

                            /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2024/04/04 09:21:08| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:21:08| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:21:08| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:21:08| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:21:08| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:21:08| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:21:08| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:21:08| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:21:08| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:21:08| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| WARNING: UPGRADE: ACL 'manager' is now a built-in ACL. Remove it from your config file. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 257: acl no_miss url_regex -i ^.*gateway\.facebook\.com\/ws\/realtime\? 2024/04/04 09:21:08| WARNING: regular expression '^.*gateway\.facebook\.com\/ws\/realtime\?' has unnecessary wildcard(s). Using 'gateway\.facebook\.com\/ws\/realtime\?' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 258: acl no_miss url_regex -i ^.*web-chat-e2ee\.facebook\.com\/ws\/chat 2024/04/04 09:21:08| WARNING: regular expression '^.*web-chat-e2ee\.facebook\.com\/ws\/chat' has unnecessary wildcard(s). Using 'web-chat-e2ee\.facebook\.com\/ws\/chat' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*web-chat-e2ee\.facebook\.com\/ws\/chat' has unnecessary wildcard(s). Using 'web-chat-e2ee\.facebook\.com\/ws\/chat' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*gateway\.facebook\.com\/ws\/realtime\?' has unnecessary wildcard(s). Using 'gateway\.facebook\.com\/ws\/realtime\?' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*conviva\.com.*' has unnecessary wildcard(s). Using 'conviva\.com.*' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*cdn\.office\.net' has unnecessary wildcard(s). Using 'cdn\.office\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*bitdefender\.net' has unnecessary wildcard(s). Using 'bitdefender\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*.azure-devices\.net' has unnecessary wildcard(s). Using '.azure-devices\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*tubi\.video' has unnecessary wildcard(s). Using 'tubi\.video' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*tubi\.io' has unnecessary wildcard(s). Using 'tubi\.io' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*media-amazon\.com' has unnecessary wildcard(s). Using 'media-amazon\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*aiv-cdn\.net' has unnecessary wildcard(s). Using 'aiv-cdn\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*appattest\.apple\.com' has unnecessary wildcard(s). Using 'appattest\.apple\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*itunes\.apple\.com' has unnecessary wildcard(s). Using 'itunes\.apple\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*mzstatic\.com' has unnecessary wildcard(s). Using 'mzstatic\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*zoom\.us' has unnecessary wildcard(s). Using 'zoom\.us' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*teams\.microsoft\.com' has unnecessary wildcard(s). Using 'teams\.microsoft\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*(outlook\.)(office365|office)\.com' has unnecessary wildcard(s). Using '(outlook\.)(office365|office)\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*hulustream\.com' has unnecessary wildcard(s). Using 'hulustream\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*hulu\.com' has unnecessary wildcard(s). Using 'hulu\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*dssott\.com' has unnecessary wildcard(s). Using 'dssott\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/l
                            

                            I got to clean up my wild cards opps

                            Make sure to upvote

                            1 Reply Last reply Reply Quote 0
                            • JonathanLeeJ
                              JonathanLee
                              last edited by

                              OpenVPN works

                              Make sure to upvote

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Hmm, OK I see that Squid error. Digging....

                                JonathanLeeJ 1 Reply Last reply Reply Quote 1
                                • JonathanLeeJ
                                  JonathanLee @stephenw10
                                  last edited by

                                  @stephenw10

                                  here is the errors without the huge regex errors

                                  /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2024/04/04 09:45:59| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:45:59| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:45:59| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:45:59| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| SECURITY WARNING: Peer certificates are not verified for validity! 2024/04/04 09:45:59| WARNING: UPGRADE: The DONT_VERIFY_PEER flag is deprecated. Remove the clientca= option to disable client certificates. 2024/04/04 09:46:04| Current Directory is /usr/local/www 2024/04/04 09:46:09| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:46:09| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:46:09| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:46:09| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| SECURITY WARNING: Peer certificates are not verified for validity! 2024/04/04 09:46:09| WARNING: UPGRADE: The DONT_VERIFY_PEER flag is deprecated. Remove the clientca= option to disable client certificates. 2024/04/04 09:46:12| Current Directory is /usr/local/www ipcrm: msqid(196609): : Invalid argument'

                                  Make sure to upvote

                                  1 Reply Last reply Reply Quote 0
                                  • JonathanLeeJ
                                    JonathanLee
                                    last edited by JonathanLee

                                    Screenshot 2024-04-04 100905.png

                                    This shows no counters for me acts unused also.

                                    I was told it would be used automatically.

                                    I have it enabled and a VPN connection running.

                                    No counters seen in pfsense

                                    Use the shell command vmstat -i | grep safexcel
                                    to test it used to show counters when used

                                    Screenshot 2024-04-04 101437.png

                                    Make sure to upvote

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      These issues should be in separate threads if we have any hope of tracking them.

                                      JonathanLeeJ 1 Reply Last reply Reply Quote 1
                                      • JonathanLeeJ
                                        JonathanLee @stephenw10
                                        last edited by

                                        @stephenw10 sorry opening threads now.

                                        Make sure to upvote

                                        1 Reply Last reply Reply Quote 1
                                        • Dobby_D
                                          Dobby_ @behemyth
                                          last edited by Dobby_

                                          @behemyth said in Are we close to an RC release?:

                                          Bump, since it's been nearly a week since an update.

                                          pfSense roadmap
                                          The Release 24.03 was targeted for March 2024, actual only one
                                          "thing" is open.

                                          P.S. I got my pfSense also updated to 24.03.

                                          24.03.jpg

                                          #~. @Dobby

                                          Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
                                          PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
                                          PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

                                          1 Reply Last reply Reply Quote 2
                                          • H
                                            herozero
                                            last edited by

                                            welcome to RC . . .

                                            juanzelliJ 1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.