Are we close to an RC release?
-
yes that issue along with it I can no longer access
https://192.168.1.1:7445/cachemgr.cgi too
I get my login for it however I get access blocked
Also error logs issue again
But it is working cacheing and blocking URLS correctly just access the logging something is off for me.
/pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2024/04/04 09:21:08| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:21:08| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:21:08| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:21:08| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:21:08| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:21:08| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:21:08| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:21:08| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:21:08| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:21:08| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:21:08| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:21:08| WARNING: UPGRADE: ACL 'manager' is now a built-in ACL. Remove it from your config file. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 257: acl no_miss url_regex -i ^.*gateway\.facebook\.com\/ws\/realtime\? 2024/04/04 09:21:08| WARNING: regular expression '^.*gateway\.facebook\.com\/ws\/realtime\?' has unnecessary wildcard(s). Using 'gateway\.facebook\.com\/ws\/realtime\?' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 258: acl no_miss url_regex -i ^.*web-chat-e2ee\.facebook\.com\/ws\/chat 2024/04/04 09:21:08| WARNING: regular expression '^.*web-chat-e2ee\.facebook\.com\/ws\/chat' has unnecessary wildcard(s). Using 'web-chat-e2ee\.facebook\.com\/ws\/chat' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*web-chat-e2ee\.facebook\.com\/ws\/chat' has unnecessary wildcard(s). Using 'web-chat-e2ee\.facebook\.com\/ws\/chat' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*gateway\.facebook\.com\/ws\/realtime\?' has unnecessary wildcard(s). Using 'gateway\.facebook\.com\/ws\/realtime\?' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*conviva\.com.*' has unnecessary wildcard(s). Using 'conviva\.com.*' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*cdn\.office\.net' has unnecessary wildcard(s). Using 'cdn\.office\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*bitdefender\.net' has unnecessary wildcard(s). Using 'bitdefender\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*.azure-devices\.net' has unnecessary wildcard(s). Using '.azure-devices\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*tubi\.video' has unnecessary wildcard(s). Using 'tubi\.video' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*tubi\.io' has unnecessary wildcard(s). Using 'tubi\.io' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*media-amazon\.com' has unnecessary wildcard(s). Using 'media-amazon\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*aiv-cdn\.net' has unnecessary wildcard(s). Using 'aiv-cdn\.net' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*appattest\.apple\.com' has unnecessary wildcard(s). Using 'appattest\.apple\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*itunes\.apple\.com' has unnecessary wildcard(s). Using 'itunes\.apple\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*mzstatic\.com' has unnecessary wildcard(s). Using 'mzstatic\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*zoom\.us' has unnecessary wildcard(s). Using 'zoom\.us' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*teams\.microsoft\.com' has unnecessary wildcard(s). Using 'teams\.microsoft\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*(outlook\.)(office365|office)\.com' has unnecessary wildcard(s). Using '(outlook\.)(office365|office)\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*hulustream\.com' has unnecessary wildcard(s). Using 'hulustream\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*hulu\.com' has unnecessary wildcard(s). Using 'hulu\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump" 2024/04/04 09:21:08| WARNING: regular expression '^.*dssott\.com' has unnecessary wildcard(s). Using 'dssott\.com' instead. 2024/04/04 09:21:08| /usr/local/etc/squid/squid.conf line 279: acl NoSSLIntercept ssl::server_name_regex -i "/usr/lI got to clean up my wild cards opps
-
OpenVPN works
-
Hmm, OK I see that Squid error. Digging....
-
here is the errors without the huge regex errors
/status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2024/04/04 09:45:59| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:45:59| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:45:59| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:45:59| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| SECURITY WARNING: Peer certificates are not verified for validity! 2024/04/04 09:45:59| WARNING: UPGRADE: The DONT_VERIFY_PEER flag is deprecated. Remove the clientca= option to disable client certificates. 2024/04/04 09:46:04| Current Directory is /usr/local/www 2024/04/04 09:46:09| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:46:09| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:46:09| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:46:09| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| SECURITY WARNING: Peer certificates are not verified for validity! 2024/04/04 09:46:09| WARNING: UPGRADE: The DONT_VERIFY_PEER flag is deprecated. Remove the clientca= option to disable client certificates. 2024/04/04 09:46:12| Current Directory is /usr/local/www ipcrm: msqid(196609): : Invalid argument'
-
This shows no counters for me acts unused also.
I was told it would be used automatically.
I have it enabled and a VPN connection running.
No counters seen in pfsense
Use the shell command vmstat -i | grep safexcel
to test it used to show counters when used
-
These issues should be in separate threads if we have any hope of tracking them.
-
@stephenw10 sorry opening threads now.
-
@behemyth said in Are we close to an RC release?:
Bump, since it's been nearly a week since an update.
pfSense roadmap
The Release 24.03 was targeted for March 2024, actual only one
"thing" is open.P.S. I got my pfSense also updated to 24.03.
-
welcome to RC . . .
-
@herozero Yay!
-
Yup!
-
This RC took a long time to upgrade - even from the most recent beta! I even took my laptop to the rack since I couldn't SSH in! Whew!
-
Really? Mine was really fast. No issues on my 6100.
-
@behemyth It took almost 10 minutes on my 6100 MAX when each incremental beta took less than a few miinutes. Suricata was the only package that had an upgrade and that one appeared to take a while for whatever reason. Interestingly enough I never got a boot verification. I'll have to see if this RC version flipped this back to an opt-in feature.
UPDATE: I never got a boot verification this time:
-
Hmm, that's odd. Anything logged?
-
@stephenw10 said in Are we close to an RC release?:
Hmm, that's odd. Anything logged?
I haven’t looked yet and my dog is looking at me wanting to know why we haven’t left for the dog park yet. I’ll check when I get back home!
-
I noticed that this RC version did not clear my package cache. You can run this command to reclaim the disk space:
pkg clean -a -
@stephenw10 said in Are we close to an RC release?:
Hmm, that's odd. Anything logged?
What should I look for specifically? Thanks!
-
@DefenderLLC said in Are we close to an RC release?:
I noticed that this RC version did not clear my package cache.
I saw the same.
-
@DefenderLLC said in Are we close to an RC release?:
What should I look for specifically? Thanks!
Something that shows it verifying the boot automatically when it should have been manual for example.
