2.0.3 Image Testing
-
The same as before. Still waiting on FreeBSD's OpenSSL security advisory. No idea why it's taking so long for them to release it, but others have also been fairly slow on this one.
-
Why not use the time to get the Snort package working to its full potential?
Its core functionality and the package is EOL.
-
Packages have nothing to do with a release, and we have plenty else to do. I can't fix snort, I think someone else is already working on that, please don't clutter this thread with package questions.
-
I was just setting up a 2.0.2 virtual machine. I'd like to go this route instead. What will I have to do as updates to 2.0.3 are released?
-
I was just setting up a 2.0.2 virtual machine. I'd like to go this route instead. What will I have to do as updates to 2.0.3 are released?
A firmware update, same as any other update.
-
carp dashboard widget doesn't refresh automatically.
if the master goes down, the widget still shows master and the slave still shows backup.
need to hit F5 to show correct status. -
carp dashboard widget doesn't refresh automatically.
if the master goes down, the widget still shows master and the slave still shows backup.
need to hit F5 to show correct status.It never did. That's not a bug. (It's a feature request, and doesn't belong in this thread)
-
I see. Thanks for the info.
-
Hi everyone,
I upgrade to 2.0.3 pre Release because the captive portal issues on 2.0.2
It works fine for me but i see something strange on Traffic Graph.
The traffic graph showing outside IP Addresses on Lan Interface like is talking on this thread http://forum.pfsense.org/index.php/topic,59714.30.html
Is it already a fix or it will be fix on a 2.0.3 Final ?
Thanks.
Best regards.
Myke -
Hi everyone,
I upgrade to 2.0.3 pre Release because the captive portal issues on 2.0.2
It works fine for me but i see something strange on Traffic Graph.
The traffic graph showing outside IP Addresses on Lan Interface like is talking on this thread http://forum.pfsense.org/index.php/topic,59714.30.html
Is it already a fix or it will be fix on a 2.0.3 Final ?
Thanks.
Best regards.
MykeI can confirm this behaviour, running the 13th March build. In addition to being able to see publicly routable IPs in the table under Status > Traffic Graph > LAN (which is definitely not right) I can also see the WAN interface IP showing up in both the LAN and WAN tables. I've not previously observed this behaviour, ergo it seems odd to me, and is probably related to the originally highlighted issue. Has anyone filed a bug report yet? Maybe if we work fast enough, we can get this fixed in time for 2.0.3-RELEASE.
-
I'm out of town for the weekend so I can't properly check on that, but I think someone else had another thread going for the same problem on 2.1. You can go ahead and open up a ticket on http://redmine.pfsense.org/
-
Here is the cross-reference to the thread for the 2.1 changes to the rate utility (source of the traffic graph bandwidth by IP data): http://forum.pfsense.org/index.php/topic,59714.30.html - that work seems to have all been done in the mainline, not the branch used for 2.0.3
I think things started with this commit: https://github.com/pfsense/pfsense-tools/commit/d09e8fddd50e95f731f7cef8d1db92ba1b4f2398 - to pfsense-tools which made the rate utility spit out data for external IPs as well as local ones. Then various enhancements were done in pfsense repo to the traffic graph GUI to allow filtering the data so users can choose what is displayed.
But all those were done against the master branches. So I don't see how that has leaked into 2.0.3, which would build from the RELENG_2_0 branch. -
The rate binary is built the same on both branches. If the binary changes require changes to the GUI then they'll need to be done on RELENG_2_0 as well, hence needing a bug report on redmine.pfsense.org.
-
Hi
just a question; isn't the patch allready out till 16 days?
http://svnweb.freebsd.org/base/stable/8/crypto/openssl/NEWS?view=markup
Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
or am i wrong ?
best regards
max
-
The rate binary is built the same on both branches. If the binary changes require changes to the GUI then they'll need to be done on RELENG_2_0 as well, hence needing a bug report on redmine.pfsense.org.
The rate binary change has resulted in quite a few comments from 2.1 users. There is quite a bit of code change to give filtering etc options to the bandwidth-by-ip table of traffic graphs in 2.1 to give flexibility to select what to display. I doubt that all that stuff wants to be back-ported to 2.0.3. And in any case, Ermal mentioned something about working some more on the rate source code to get the "In" and "Out" conventions on the display better. So I think it is not complete in 2.1 right now.
If possible, IMHO the previous rate binary should be supplied in 2.0.3.
(I don't understand how/why the pfsense-tools bit of the build doesn't build 2.0.3 from the appropriate branch of pfsense-tools repo, and I see that the 2.0 branch of pfsense-tools has not been added to for ages.)Extra edit: or maybe Ermal can knock up a version of rate that puts back the old output behaviour as a command line option - then the one rate utility compile will do for the "old" 2.0 branch and the "new" 2.1 branch.
-
The tools repo does not have branches. If two separate versions of rate need to exist, they would need to have separate pfPorts.
Debating all this in this thread really doesn't help anything. It belongs in a ticket now since it's a confirmed issue.
-
Yesterday i had to hard reset a 2.0.3 VM in a school.
situation:
Multi-wan / Multi-Vlan network where pfsense manages NAT + inter-vlan routing + captive portal with AD auth.Yesterdays problem:
-Inter-vlan routing was lagging extremely (50% packet loss when pinging to different vlan-subnet)
-ping to internet: 100% packet lossย
-Webgui barely responding (it took minutes before it loaded, most of the times it timed out)
-unable to initiate ssh connect, time out.
-I was able to login to the esxi and open the vm-console of the pfsense.
No obvious errors on the console screen were shown.
TOP showed a process hogging 100% cpu (check_reload_status)Steps taken to resolve the issue:
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-kill -9 the PID of check_reload_status.
-TOP shows cpu almost idle
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-tried 'reboot' from console. It probably attempted to reboot but after 5 minutes it still didn't.
-Did a "hard" reset on the VM with the vsphere-client.
-Pfsense booted without any issues. No obvious issues found in the logs.I know it will be impossible to reproduce, also impossible to find a cause.
I figured i'd better report this in case this happens in the future or if other have had a similar problem.kind regards
jeroen
-
Hi everyone,
I upgrade to 2.0.3 pre Release because the captive portal issues on 2.0.2
It works fine for me but i see something strange on Traffic Graph.
The traffic graph showing outside IP Addresses on Lan Interface like is talking on this thread http://forum.pfsense.org/index.php/topic,59714.30.html
Is it already a fix or it will be fix on a 2.0.3 Final ?
Thanks.
Best regards.
MykeErmal has fixed this - see redmine ticket http://redmine.pfsense.org/issues/2909 - and it is back to the local IP display behaviour in the March 26 2.0.3 builds.
Read the banter in the ticket for "education" about what in and out means on the graph and table. If people have thoughts about that, then start a new thread. -
Hi everyone,
I upgrade to 2.0.3 pre Release because the captive portal issues on 2.0.2
It works fine for me but i see something strange on Traffic Graph.
The traffic graph showing outside IP Addresses on Lan Interface like is talking on this thread http://forum.pfsense.org/index.php/topic,59714.30.html
Is it already a fix or it will be fix on a 2.0.3 Final ?
Thanks.
Best regards.
MykeErmal has fixed this - see redmine ticket http://redmine.pfsense.org/issues/2909 - and it is back to the local IP display behaviour in the March 26 2.0.3 builds.
Read the banter in the ticket for "education" about what in and out means on the graph and table. If people have thoughts about that, then start a new thread.Thanks.
-
i've had the same thing happening again yesterday!! (twice this week)
I did notice however that the Tier1 wan has been failing alot this week.
Also noticed an error about "wan1_gateway" not being available. That gateway however has been renamed week ago.
After checking i found a couple of policy rules that still relied on the old gateway-name and after updating them the error in logs disappeared.I hope the issue is resolved,but i'm almost certain it isn't and i have no clue why this is happening.
the system was running fine for over a month, not much has changed and now the VM is acting odd.kind regards
jeroen
Yesterday i had to hard reset a 2.0.3 VM in a school.
situation:
Multi-wan / Multi-Vlan network where pfsense manages NAT + inter-vlan routing + captive portal with AD auth.Yesterdays problem:
-Inter-vlan routing was lagging extremely (50% packet loss when pinging to different vlan-subnet)
-ping to internet: 100% packet lossย
-Webgui barely responding (it took minutes before it loaded, most of the times it timed out)
-unable to initiate ssh connect, time out.
-I was able to login to the esxi and open the vm-console of the pfsense.
No obvious errors on the console screen were shown.
TOP showed a process hogging 100% cpu (check_reload_status)Steps taken to resolve the issue:
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-kill -9 the PID of check_reload_status.
-TOP shows cpu almost idle
-restart webconfigurator (option 11). This printed "restarting webconfigurator" and stalled. ctrl+c to return to menu
-tried 'reboot' from console. It probably attempted to reboot but after 5 minutes it still didn't.
-Did a "hard" reset on the VM with the vsphere-client.
-Pfsense booted without any issues. No obvious issues found in the logs.I know it will be impossible to reproduce, also impossible to find a cause.
I figured i'd better report this in case this happens in the future or if other have had a similar problem.kind regards
jeroen
