Are we close to an RC release?

JonathanLee

here is the errors without the huge regex errors

/status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2024/04/04 09:45:59| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:45:59| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:45:59| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:45:59| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:45:59| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:45:59| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:45:59| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:45:59| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/04/04 09:45:59| SECURITY WARNING: Peer certificates are not verified for validity! 2024/04/04 09:45:59| WARNING: UPGRADE: The DONT_VERIFY_PEER flag is deprecated. Remove the clientca= option to disable client certificates. 2024/04/04 09:46:04| Current Directory is /usr/local/www 2024/04/04 09:46:09| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| Starting Authentication on port 127.0.0.1:3128 2024/04/04 09:46:09| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| Starting Authentication on port 127.0.0.1:3129 2024/04/04 09:46:09| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/04/04 09:46:09| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/04/04 09:46:09| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| ERROR: Directive 'dns_v4_first' is obsolete. 2024/04/04 09:46:09| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/04/04 09:46:09| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/04/04 09:46:09| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/04/04 09:46:09| SECURITY WARNING: Peer certificates are not verified for validity! 2024/04/04 09:46:09| WARNING: UPGRADE: The DONT_VERIFY_PEER flag is deprecated. Remove the clientca= option to disable client certificates. 2024/04/04 09:46:12| Current Directory is /usr/local/www ipcrm: msqid(196609): : Invalid argument'

JonathanLee

Screenshot 2024-04-04 100905.png

This shows no counters for me acts unused also.

I was told it would be used automatically.

I have it enabled and a VPN connection running.

No counters seen in pfsense

Use the shell command vmstat -i | grep safexcel
to test it used to show counters when used

Screenshot 2024-04-04 101437.png

stephenw10

These issues should be in separate threads if we have any hope of tracking them.

JonathanLee

@stephenw10 sorry opening threads now.

Dobby_

@behemyth said in Are we close to an RC release?:

Bump, since it's been nearly a week since an update.

pfSense roadmap
The Release 24.03 was targeted for March 2024, actual only one
"thing" is open.

P.S. I got my pfSense also updated to 24.03.

24.03.jpg

herozero

welcome to RC . . .

juanzelli

@herozero Yay!

Dobby_

Yup!

24.03 RC.jpg

DefenderLLC

This RC took a long time to upgrade - even from the most recent beta! I even took my laptop to the rack since I couldn't SSH in! Whew!

behemyth

@DefenderLLC

Really? Mine was really fast. No issues on my 6100.

DefenderLLC

@behemyth It took almost 10 minutes on my 6100 MAX when each incremental beta took less than a few miinutes. Suricata was the only package that had an upgrade and that one appeared to take a while for whatever reason. Interestingly enough I never got a boot verification. I'll have to see if this RC version flipped this back to an opt-in feature.

UPDATE: I never got a boot verification this time:

stephenw10

Hmm, that's odd. Anything logged?

DefenderLLC

@stephenw10 said in Are we close to an RC release?:

Hmm, that's odd. Anything logged?

I haven’t looked yet and my dog is looking at me wanting to know why we haven’t left for the dog park yet. I’ll check when I get back home!

DefenderLLC

I noticed that this RC version did not clear my package cache. You can run this command to reclaim the disk space:

pkg clean -a

DefenderLLC

@stephenw10 said in Are we close to an RC release?:

Hmm, that's odd. Anything logged?

What should I look for specifically? Thanks!

dennypage

@DefenderLLC said in Are we close to an RC release?:

I noticed that this RC version did not clear my package cache.

I saw the same.

stephenw10

@DefenderLLC said in Are we close to an RC release?:

What should I look for specifically? Thanks!

Something that shows it verifying the boot automatically when it should have been manual for example.

DefenderLLC

@stephenw10 Can you do the boot verification from the console? I may have inadvertently pressed enter s bunch of times when I was trying to establish a session via USB cable. Things appeared to have been locked up before the terminal refreshened with new text.

stephenw10

Hmm, not sure I've ever tried!

DefenderLLC

@stephenw10 I'll to the upgrade from the console on the released version and report back! I have a feeling that's what happened because I admittedly got impatient after 10 minutes of not being able to SSH in. Normally the 24.03 upgrades were really quick (like < 2 min).

There's another 6100 MAX users that experienced the same slow upgrade. The main difference is that he is running Snort vs Suricata. He did paste some log failures in his post. Take note of the last line:

Performing automatic boot verification...done.

https://forum.netgate.com/topic/187308/24-03-rc-install-long-delays/