Nanobsd upgrade from 2.0.1 to 2.1 using web GUI

jimp

DSCP issue seems to be a bug - will need some research but I am able to replicate it here

NanoBSD slowness is a known issue, it only happens to certain CF cards, others are fast.

Not sure why OpenVPN wouldn't be routing - that wouldn't have anything to do with the gateways under System > Routing for typical VPN usage. Even if it were being used in a Gateway Group it should still get used, iirc.

The IPv6 gateway is automatic, and not hurting anything, safe to ignore.

xbipin

DSCP issue meaning that cron package or status-> gateway issue?

the openvpn created gateway keeps showing pending, even same for the ipv6 entry it creates and openvpn doesnt work due to that untill i set the ipv6 entry to disable monitoring, once done openvpn starts working but the ipv4 entry still keeps showing pending under gateway monitoring, in v2.0.1 the monitoring worked perfectly fine

xbipin

can u recommend which CF card works fast so i can get that, already have 3 but is slow on all of them

xbipin

also under status->system log->system->gateways i get a flood of this constantly

Aug 29 18:19:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:20:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:24:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:25:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:29:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:30:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:34:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:35:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:39:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:40:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:44:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:45:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:49:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:50:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:54:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:55:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:59:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:00:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:04:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:05:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:09:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:10:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:14:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:15:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:19:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:20:07 	apinger: rrdtool respawning too fast, waiting 300s.

xbipin

also my openvpn client tunnel says this, so is there any way to disable ipv6 for openvpn client config?

Aug 29 18:42:53 	openvpn[55431]: WARNING: 'tun-ipv6' is present in local config but missing in remote config, local='tun-ipv6'

jimp

@xbipin:

DSCP issue meaning that cron package or status-> gateway issue?

DSCP meaning the filter reload error.

Cron failure was probably due to the filter reload erorr or some other connectivity issue. Any test I've performed upgrading with packages was OK.

@xbipin:

the openvpn created gateway keeps showing pending, even same for the ipv6 entry it creates and openvpn doesnt work due to that untill i set the ipv6 entry to disable monitoring, once done openvpn starts working but the ipv4 entry still keeps showing pending under gateway monitoring, in v2.0.1 the monitoring worked perfectly fine

The gateway entries there have -zero- to do with OpenVPN's internal routing, unless you have misconfigured something.

@xbipin:

can u recommend which CF card works fast so i can get that, already have 3 but is slow on all of them

The only one I remember at the moment is that Sandisk 30MB/s 200x card was fast (4s to remount ro), but a Kingston 133x card was slow (45s to remount ro). See http://redmine.pfsense.org/issues/2401

@xbipin:

also under status->system log->system->gateways i get a flood of this constantly

Aug 29 18:19:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:20:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:24:06 	apinger: Error while feeding rrdtool: Broken pipe

Those aren't the real issue, check the main system log. Something must be restarting the gateway monitoring at those times.

@xbipin:

also my openvpn client tunnel says this, so is there any way to disable ipv6 for openvpn client config?

Aug 29 18:42:53 	openvpn[55431]: WARNING: 'tun-ipv6' is present in local config but missing in remote config, local='tun-ipv6'

That harmless.

xbipin

system log doesnt showing anything restarting it, but let me reboot and see.

that ipv6 config for openvpn, is there some way to disable it completely even though its harmless

config wise its all standard and all was working fine on 2.0.1, i simply upgraded to 2.1, the openvpn config also i read on pfsense forum and configured it as mentioned and worked flawless till now, do u want my config files for both versions?

xbipin

the below error also is there related to a firewall rule i created for icmp, once i disable it the errors go and once i enable they come back

Aug 29 04:55:44 	php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [185]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"
Aug 29 04:55:44 	php: : There were error(s) loading the rules: /tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [185]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"

xbipin

the other thing i noticed was one error message after upgrading nanobsd and rebooting related to wrong file format

FreeBSD/i386 (firewall.xbipin) (console)

Broadcast Message from root@firewall.xbipin
        (no tty) at 10:29 GST...

NanoBSD Firmware upgrade in progress...

Broadcast Message from root@firewall.xbipin
        (no tty) at 10:29 GST...

Installing /root/latest.tgz.

Broadcast Message from root@firewall.xbipin
        (no tty) at 10:31 GST...

NanoBSD Firmware upgrade is complete.  Rebooting in 10 seconds.

*** FINAL System shutdown message from root@firewall.xbipin ***

System going down IMMEDIATELY

pfSense is now shutting down ...

/libexec/ld-elf.so.1: /usr/local/lib/librrd.so.2: invalid file format
tar: var/db/rrd/*.xml: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors.
rm: /var/db/rrd/*.xml: No such file or directory
ovpnc1: link state changed to DOWN
pflog0: promiscuous mode enabled
pflog0: promiscuous mode disabled
Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 done
All buffers synced.
Uptime: 8h31m27s
usbus0: Controller shutdown
uhub0: at usbus0, port 1, addr 1 (disconnected)
usbus0: Controller shutdown complete
usbus1: Controller shutdown
uhub1: at usbus1, port 1, addr 1 (disconnected)
usbus1: Controller shutdown complete
Rebooting...

xbipin

the errors related to openvpn gateway monitor, i rebooted the system and below r the logs, i see syntax erros related to relayd and some curl error and some messages that say impossibly lacks ifp

Aug 30 10:33:42 	kernel: ovpnc1: link state changed to UP
Aug 30 06:33:42 	check_reload_status: rc.newwanip starting ovpnc1
Aug 30 06:33:46 	php: : ROUTING: setting default route to 195.229.252.27
Aug 30 06:33:46 	php: : The command '/usr/local/sbin/relayd -f /var/etc/relayd.conf' returned exit code '1', the output was '/var/etc/relayd.conf:7: syntax error no redirections, nothing to do unused protocol: dnsproto'
Aug 30 06:33:49 	check_reload_status: Updating all dyndns
Aug 30 10:33:59 	php: : ROUTING: setting default route to 195.229.252.27
Aug 30 06:34:00 	check_reload_status: Restarting ipsec tunnels
Aug 30 06:34:00 	check_reload_status: Reloading filter
Aug 30 10:34:00 	php: : DynDns: updatedns() starting
Aug 30 10:34:00 	php: : DynDns debug information: 92.96.246.49 extracted from local system.
Aug 30 10:34:00 	php: : running get_failover_interface for . found
Aug 30 10:34:00 	php: : DynDns debug information: 92.96.246.49 extracted from local system.
Aug 30 10:34:00 	php: : DynDns: Current WAN IP: 92.96.246.49 Cached IP: 92.96.222.121
Aug 30 10:34:00 	php: : DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: 92.96.222.121 WAN IP: 92.96.246.49
Aug 30 10:34:00 	php: : DynDns: DynDns _update() starting.
Aug 30 10:34:00 	php: : DynDns: DynDns _checkStatus() starting.
Aug 30 10:34:00 	php: : DynDns: Current Service: dyndns
Aug 30 10:34:00 	php: : Curl error occurred: Couldn't bind to ''
Aug 30 10:34:01 	php: : rc.newwanip: Informational is starting ovpnc1.
Aug 30 10:34:01 	php: : rc.newwanip: on (IP address: 10.13.40.166) (interface: opt2) (real interface: ovpnc1).
Aug 30 10:34:01 	php: : DynDns: updatedns() starting
Aug 30 10:34:01 	php: : DynDns debug information: 92.96.246.49 extracted from local system.
Aug 30 10:34:02 	php: : running get_failover_interface for . found
Aug 30 10:34:02 	php: : DynDns debug information: 92.96.246.49 extracted from local system.
Aug 30 10:34:02 	php: : DynDns: Current WAN IP: 92.96.246.49 Cached IP: 92.96.222.121
Aug 30 10:34:02 	php: : DynDns debug information: DynDns: cacheIP != wan_ip. Updating. Cached IP: 92.96.222.121 WAN IP: 92.96.246.49
Aug 30 10:34:02 	php: : DynDns: DynDns _update() starting.
Aug 30 10:34:02 	php: : DynDns: DynDns _checkStatus() starting.
Aug 30 10:34:02 	php: : DynDns: Current Service: dyndns
Aug 30 10:34:02 	php: : Curl error occurred: Couldn't bind to ''
Aug 30 10:34:06 	php: : Resyncing OpenVPN instances for interface WAN.
Aug 30 10:34:11 	php: : pfSense package system has detected an ip change 0.0.0.0 -> ... Restarting packages.
Aug 30 06:34:11 	check_reload_status: Starting packages
Aug 30 10:34:11 	kernel: ovpnc1: link state changed to DOWN
Aug 30 06:34:11 	check_reload_status: Reloading filter
Aug 30 10:34:15 	php: : pfSense package system has detected an ip change 0.0.0.0 -> ... Restarting packages.
Aug 30 10:34:39 	php: : Restarting/Starting all packages.
Aug 30 10:34:40 	php: : The Cron package is missing its configuration file and must be reinstalled.
Aug 30 10:34:41 	kernel: ovpnc1: link state changed to UP
Aug 30 06:34:42 	check_reload_status: rc.newwanip starting ovpnc1
Aug 30 06:34:51 	check_reload_status: Syncing firewall
Aug 30 06:34:57 	php: : Beginning package installation for Cron .
Aug 30 10:34:58 	php: : rc.newwanip: Informational is starting ovpnc1.
Aug 30 10:34:58 	php: : rc.newwanip: on (IP address: 10.13.40.166) (interface: opt2) (real interface: ovpnc1).
Aug 30 06:35:00 	check_reload_status: Reloading filter
Aug 30 06:35:06 	check_reload_status: Syncing firewall
Aug 30 10:35:16 	php: : Restarting/Starting all packages.
Aug 30 10:35:34 	login: login on console as root
Aug 30 10:35:34 	sshlockout[50405]: sshlockout/webConfigurator v3.0 starting up
Aug 30 06:35:36 	check_reload_status: Reloading filter

Aug 30 10:34:03 	routed[62502]: static route 10.13.40.166/32 --> 10.13.40.166 impossibly lacks ifp
Aug 30 10:34:03 	routed[62502]: static route 92.96.246.49/32 --> 92.96.246.49 impossibly lacks ifp
Aug 30 10:34:05 	routed[62502]: receiving our own change messages
Aug 30 10:34:42 	routed[62502]: write(rt_sock) RTM_ADD 10.13.40.166/32 -->127.0.0.1 metric=0 flags=0: File exists
Aug 30 10:39:02 	routed[62502]: static route 10.13.40.166/32 --> 10.13.40.166 impossibly lacks ifp
Aug 30 10:49:01 	routed[62502]: 0.0.0.0 (mask 0x68000000) --> 195.229.252.27 disappeared from kernel

xbipin

the gateway monitor showing pending, i sorted this out, actually the migration from 2.0.1 to 2.1 has some issue with the config so i went to routing and deleted the routes and readded them and set a monitoring ip and now gateway monitors fine, some error i saw in system log were as below

Aug 30 10:52:03 	php: : The gateway: ExpressVPN is invalid or unknown, not using it.
Aug 30 10:52:03 	php: : The gateway: ExpressVPN is invalid or unknown, not using it.
Aug 30 10:52:09 	php: : The gateway: ExpressVPN is invalid or unknown, not using it.
Aug 30 10:52:09 	php: : The gateway: ExpressVPN is invalid or unknown, not using it.

xbipin

this bug still exists in the latest nanobsd
http://forum.pfsense.org/index.php/topic,52980.0.html