PfSense 2.0.1-RELEASE with Squid & HAVP = major problems
-
Its a problem if a site goes down and a lot of inst. fail or dont receive updates asf….
And people cant get on with installing everything. Is it possible to create an offsite line install where pacakages can be DL and installed from another location?
-
Still fail..
Ive just successfully updated to the latest version of pfsense
2.0.1-RELEASE (amd64) built on Mon Dec 12 18:43:51 EST 2011 FreeBSD 8.1-RELEASE-p6
but trying to install HAVP I still get:
Installation of HAVP antivirus FAILED! Beginning package installation for HAVP antivirus... Downloading package configuration file... done. Saving updated package information... done. Downloading HAVP antivirus and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/havp-0.91_1.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/havp-0.91_1.tbz. of havp-0.91_1 failed! Installation aborted.Backing up libraries... Removing package... Starting package deletion for havp-0.91_1...done. Removing HAVP antivirus components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file havp.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Cleaning up... Failed to install package. Installation halted.
What do you need to get this working?
-
Just wait http://files.pfsense.org get back.
-
Yeah that what I figured… its still down. Will wait.
But the pfsense devs should really consider a mirroring system of some sort.. Imagine if sites like kernel.org or the mirrors and repositories for the other major linux distros were doing this..
-
Hello guys
I'm sure you're aware of all the problems.
I'm not new to pfsense, so it is my fault for not checking first, but I've been trying since 7am this morning to get my pfS box working. I wanted to upgrade to the new version, thought I'd do it today. Well…. surpirse, I couldn't even reinstall squid or anything. Eventually I thought I messed up somewhere and reinstsalled (stupid), at least i have backup from monday... but the problem is I'm now at home, waiting for the update site to get back online so that I can reinstall & config everything (downloading 2.0.1 right now, hoping) - I have about 200 user already configured for proxy, so I'm stressing, 'cos I can't figure out how to port forward 8080 proxy to 80 on the outside so that they can bypass proxy and I can't wait till next week to get everyone working again. Otherwise I have to change all of them users to get out bypassing proxy and change back later... I only saw some post about 2 hours after I reinstalled that the update/ downlload site is down... now I'm buggered. I learnt a lesson though, but it is freaking me out - gonna go for IPcop just to get everybody to stop complaining soon (11 pm here, work starts at 7 am) and then try to work around the prblem later on.... what happened; you get hacked or some serious power outage or what... hope you get all running again SOON. When abouts can we expect all to 2 b normal again - please guys, I'm not gonna sleep until I know my customer can do online baning and mailing tomorrow morning... I relaised it wasn't my config or your product, just not thinking.... shoulda left all as is, but I'm stufft as we sit here... please tell us how long till we can get going again...
Thanks for a greatest product this side of the world and for your dedication and work, all of you... you don't understand - africa is different and not as hot as you are in the US or EU... I love pfS and I actively try to compete with MS ISA / Foreforont over here, and doing a damn good job of it... :-) -
You can try to install freebsd 8.1 squid package and configure it by hand until files.pfsense get back.
-
Follow this topic
http://forum.pfsense.org/index.php/topic,44242.msg229815.html#msg229815
-
As per cmb, files.pfsense.org is back and it won't happen again.
-
OK its been a few days now that things were not too bad, but now: BOOM again! pfsense is acting again…. Right now, it refuses to deliver http://forum.xbmc.org/ and I get an error page like:
HAVP - DNS error HAVP A DNS error occurred while opening the page forum.xbmc.org Please contact your tech support
Why? I really dont know. This morning I accessed this forum without problems. Snort does not block anything the blocked list is empty. Squidguard's is deactivated
Im really tired of the randomness… It works now, 5 minutes later, it no longer works.. Why? I bet even God doesnt know.
Here are the problems, on top of this thread (and my 10 other threads on this forum):
Problems accessing youtube (buffing for 15-30 sec every minute or so while playing, plus takes about 3 to 5 minutes to start the video playback)
random websites stops going thru pfsense (forum.xbmc.org, www.mls.ca, this forum also stopped working at some point)...
Firefox behaves very strangely (like right now, it permanently says "Transferring data from forum.pfsense.org..." in the corner, and the "wheel contonuously spins in the page tab)I dont know how many times I mentioned this, but pfsense IS the problem. I plug my laptop directly to the cable modem, and BANG it works..!
What will it be next?I am getting to miss my stupid D-Link router.. Anybody cares to step forward and help me before I abandon pfsense? I really believes in the project, but to be honest, if I had a good run at it I would be more confidant to use it….
-
I think the best way now is to buy few paid support hours or contact havp package maintainer.
I do not have this problems but I do not use havp.
Dansguardian package with antivirus is under devel. Maybe when It's done you will have no need to use havp.
-
Do you have antivirus on your dlink?
If your problem is with havp, why not just disable it and use only squid+squidguard?
It will do more then dlink.
-
What puzzles me is that I seem to be the only one with such problems… Am I or its that nobody cares (except you of course)?
Hell, I thought some websites actually banned my IP since ive been several weeks without being able to access them... Going to the cable modem directly solved it. Browsing feels also much much much snappier...
-
Forgot to mention this: if there are really problems in the packages, the devs NEED to know about it.
-
@lpallard:
Forgot to mention this: if there are really problems in the packages, the devs NEED to know about it.
It could also be havp current version and not package gui.
Did you tried to rum havp on any Linux/unix server other then pfsense.Some times is better having firewall appart of proxy.
Packages are almost contributions to pfsense project sent by community, maybe havp is currently outdated because there is nobody with free time to maintain it.
-
@lpallard:
Forgot to mention this: if there are really problems in the packages, the devs NEED to know about it.
It could also be havp current version and not package gui.
Did you tried to rum havp on any Linux/unix server other then pfsense.Some times is better having firewall appart of proxy.
Packages are almost contributions to pfsense project sent by community, maybe havp is currently outdated because there is nobody with free time to maintain it.
Im gonna deactivate HAVP and see if it helps, but I think I already tried that.. Anyways, I have discovered in the last few days/weeks that most of my problems were from Snort or SquidGuard blocking stuff up, which I deactivated the rules and it helped. When that happened, I was getting a Connection failed error from HAVP, not a DNS error
what can cause a DNS error?
-
what can cause a DNS error?
As I saw in some posts, could be snort
http://forum.pfsense.org/index.php/topic,43628.0.htmlsome extra info about havp I got from package description:
maintainer: dvserg
pfsense package version: 0.91_1
latest version : 0.9.2a
latest havp update: 07.11.2010This package looks like really stable or few used as last release was more then a year ago.
I think the best configuration for this package is squid + havp as parent for squid.
-
OK Ive done some testing…
At first,
suppress gen_id 122, sig_id 22 ``` seemed to have fixed it. It worked for about 5 or 10 minutes,. Then, suddenly everything stopped to work. Now **every** sites (except google) gives the DNS error thing.. Every website! Until further notice, or a solution is found, pfsense is out of order… EDIT: Unplugging my laptop from the pfsense box, and re-plugging it to the pfsense box seems to help, now all seems to work. **Also Snort is deactivated.,** Snort might be the problem… It was until I added these rules:
suppress gen_id 120, sig_id 3
suppress gen_id 122, sig_id 22Any DNS experts out there?
-
this morning, not working. Unless a burglar or a ghost played with my router while I was sleeping, I dont see why it would have worked yesterday and not this morning.
forum.xbmc.org is not accessible.
The frustrating part is that pfsense with NO packages works PERFECTLY. So I wont blame pfsense devs because I have used it for more than a year now and it was flawless until I installed the snort/squid/squidguard/havp >:( stuff..
-
@lpallard:
The frustrating part is that pfsense with NO packages works PERFECTLY. So I wont blame pfsense devs because I have used it for more than a year now and it was flawless until I installed the snort/squid/squidguard/havp >:( stuff..
Just like I said, packages are contributions, some are maintained by core team, but not all.
Uncheck block ofenders from snort, so it will not block false positives and not deny your dns resolution.