2.0-RC1 first impressions from a longtime pfSense user
-
I love pfSense; thanks for all the hard work you (Chris and the whole team) have put into it. I wanted to share just my very first experiences feedback. I'm on AMD64 version installed from RC1 iso to my ESXi 4.1 host, starting from scratch with the settings.
My WAN is static, non-DHCP. First thing I did was to reset this from the console. One thing I didn't like, and could confuse newbies, is that the WAN IP config in the console numbered menu does not include the gateway and dns server information. In order to get the WAN up I had to go to the webgui, look in the Interfaces –> WAN page and see that the 'Gateway' was said -none-. Looking at it again now I see that there was a link there for 'add a new one' which brings up a little box to do it, but using the default theme it was hard to see that the text was actually a link. Again, I think the gateway and at least one DNS entry setup should be part of the WAN config on the console. Wouldn't it be nice for the system to have WAN connectivity the first time the user logs into the webgui.
Next thing, now that the WAN is up and I'm looking at the LOVELY dashboard, I see there's an update. So I click the link there to get it. It downloads all 100+ MB of the update file then says that it is not signed so it's not going to install it. Pity it didn't know it was not signed before downloading all of it, but that's probably not really possible. So I go to 'updater settings' and with mild trepidation (I would prefer to know that my Router software is unmolested from the source) clicked to allow missing or invalid signatures. Sadly, now it proceeded to download the full update again (I don't mind, just doubles your bandwidth costs).
This is not a complaint post, I'm just trying to help out by posting my first experiences with the new version. Now I'm back to setting it up!
-Casey
-
I do agree wit you. There is a lot of things broken at the moment and it seems like a rush for RC1 was to hasty.
For one thing is the watchdog timeout issues related to the Yandex drivers, but there should not be an issue at all. Intel NIC's are market leaders and there should have been testing done to rule out the issue before drivers was comitted.
I somehow get the feeling that it has been "overdone" to make it geeky enough for developers and IT geeks. Fair enough but 1.2.3 was a lot more user friendly and "straight forward" using your WAN setup as an example.
Maybe I am wrong, but that is my gut feeling…...unfortunately.
-
just a few more impressions now:
• I feel that the default choice for "Log packets blocked by the default rule" (in Status->System Logs->Settings) should be OFF.
• The great little blue ? help buttons should open their links in a new window so you can stay on the page in the webgui and view the help at the same time.
• It might prevent some newbie misconfigurations if the DHCP server page defaulted to the LAN tab instead of the WAN tab.
• I'm getting "kernel: em1: Watchdog timeout – resetting" on the system logs very frequently. A search revealed that this is a known issue with the new Yandex drivers for Intel network card (virtualized in my case). The network does not seem to be going down though. Also odd that em0 doesn't have the same issue since it is the same type.
• Open-VM-Tools package fails to install.
So far I'm enjoying the new version though. More to come perhaps... :) -
• It might prevent some newbie misconfigurations if the DHCP server page defaulted to the LAN tab instead of the WAN tab.
I don't think something like this (pfsense) is for newbies :) We all can make mistakes and, in that case, be able to fix them by ourselves and, most important, not making the same mistake never again :P
-
Well, Rubenc, I disagree and believe that default behaviors should lead the user of any experience level to the most likely correct choice. It's nice that pfSense will let you start a DHCP server on the WAN interface in the interest of full configuration flexibility, but for the 99% of the time you want to access the DHCP server on a LAN interface that should be the page that pops into view first.
Adding another observation:
• The default update procedure upon installing 2.0 RC1 seems to be to download nightly snapshots. I am not that familiar with software development procedures, but I expected that installing RC1 would keep me on RC1 and I'd update to RC2 or Release version. When I saw an update was available just after installing RC1 and getting it working I figured, oops, must be a major show-stopper that means RC1 is not useable so the developers want everyone to update. Then I noticed I get a new update (available) every day.
I would think that might make it harder to determine who was having a bug with what version. You would prefer to have a good base of people running your locked RC1 version and giving feedback. But actually now you have people with whatever snapshot version reporting in. For myself, I'm not really sure what to do. When I update I lose some of my Snort configuration so it's a small pain to update.
-
Thats not a bad idea at all.
-
it may be called a Release Candidate but it's really still a Beta product in my opinion. with all the instability and the PPTP proxy being removed, I decided to return to m0n0wall for now. Looks to me like a stable release of 2.0 is a long way off.
Roy…
-
it may be called a Release Candidate but it's really still a Beta product in my opinion. with all the instability and the PPTP proxy being removed, I decided to return to m0n0wall for now. Looks to me like a stable release of 2.0 is a long way off.
Roy…
Why not fall back to pfSense 1.2.3? It's rock solid and has more features than m0n0wall.
-
I agree about 1.2.3 but I had a working m0n0wall config so I just fell back to that for now.
Roy…
-
You can use a m0n0wall config on a pfSense ;)
-
I've tried that several times in the past and had lots of problems afterwords. it might work with a simple config but I would definitely not recommend it! also, 1.2.3 has PPTP limitations that m0n0wall does not.
Roy…