Captive portal doesn´t work after upgrade to 2.2
-
I tried the new configuration as shown in (https://github.com/pfsense/pfsense/commit/98bf4991dc31f97fc7315a6b8aba433de9d39cea#diff-a58872487907e38eb2b46bb3e0f1cd5a) and what I've done is you have not redirect the captive portal.
-
I tried the new configuration as shown in (https://github.com/pfsense/pfsense/commit/98bf4991dc31f97fc7315a6b8aba433de9d39cea#diff-a58872487907e38eb2b46bb3e0f1cd5a) and what I've done is you have not redirect the captive portal.
Be carefull. That GIT link is based on master, not 2.2.
The actual captiveportal.inc is here https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/inc/captiveportal.inc (2.2)
Check out lines 496-517.
Look at line 499 - if the interface is found ($tmpif), $cpipm will be assigned … and add to $cpipm (line 513).The array $cpipm will be parsed (lines 545 - 552) and used to build the firewall that you was using before.
$ips = "{ 255.255.255.255 or {$ips} }"; $cprules .= "add {$rulenum} pass ip from any to {$ips} in\n";So, start to debug the foreach loop 496-517 to see why your carp interface IP recognized as such.
-
sorry for me ignorance, how i can start to debug the foreach loop 496-517?
thanks
-
sorry for me ignorance, how i can start to debug the foreach loop 496-517?
You noticed that the captive portal is its own log ? (Status => System logs => Portal Auth)
Now, look at captiveportal.inc, line 195:
captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']}).");The captiveportal_syslog(…...); function is just great to 'debug'.
Note: it has 4 strings as parameters - look up the actual function definition first. -
i can see this in the log
php-fpm[50532]: /services_captiveportal.php: The command '/sbin/ipfw zone 2 mdel ' returned exit code '64', the output was 'ipfw: bad arguments, for usage summary ``ipfw''
-
This is not good at all.
The ipfw command-option (part of) 'mdel' does NOT exist - it doesn't mean anything to 'ipfw'. ipfw complains badly. PHP logs the error. There is something not good.
Can you list this file:
/tmp/ipfw_xxxxx.cp.rules
where xxxxx is the name of your zone.
(There should be a file with the extension 'rules' in the /tmp directory.)Can you give the result of this SSH command:
grep 'mdel' /etc/inc/*Btw: when I lauch this:
grep '/sbin/ipfw zone' /etc/inc/*
I have this/etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} destroy", true); /etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} create", true); /etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} madd {$cpcarp}", true); /etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} madd {$tmpif}", true); -
this is ssh ipfw_lan.cp.rules
flush
add 65291 allow pfsync from any to any
add 65292 allow carp from any to anylayer 2: pass ARP
add 65301 pass layer2 mac-type arp,rarp
pfsense requires for WPA
add 65302 pass layer2 mac-type 0x888e,0x88c7
PPP Over Ethernet Session Stage/Discovery Stage
add 65303 pass layer2 mac-type 0x8863,0x8864
layer 2: block anything else non-IP(v4/v6)
add 65307 deny layer2 not mac-type ip,ipv6
add 65310 pass ip from any to { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } in
add 65311 pass ip from { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } to any out
add 65312 pass icmp from { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } to any out icmptype 0
add 65313 pass icmp from any to { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } in icmptype 8
add 65314 pipe tablearg ip from table(3) to any in
add 65315 pipe tablearg ip from any to table(4) in
add 65316 pipe tablearg ip from table(3) to any out
add 65317 pipe tablearg ip from any to table(4) out
add 65318 pipe tablearg ip from table(1) to any in
add 65319 pipe tablearg ip from any to table(2) outredirect non-authenticated clients to captive portal
add 65532 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
let the responses from the captive portal web server back out
add 65533 pass tcp from any to any out
block everything else
add 65534 deny all from any to any
repeats the ip 10.130.0.3 that it is the ip of physical interface, but the ip 10.130.0.30 does not appear that it is the virtual carp ip
nothing happened when i launch grep 'mdel' /etc/inc/*
and this is the result of grep '/sbin/ipfw zone' /etc/inc/*
/etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} destroy", true);
/etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} create", true);
/etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} madd {$cpcarp}", true);
/etc/inc/captiveportal.inc: mwexec("/sbin/ipfw zone {$cpzoneid} madd {$tmpif}", true); -
Seesm all normal to me.
I found the '/sbin/ipfw zone 2 mdel' … it was right in front of my nose.
Here : /usr/local/www/services_captiveportal.php - line 411.
It tries to remove an interface {$removeif} but it seems to me that $removeif = get_real_interface($removeif); on line 410 return an empty string …... so things blow up.These lines are called when I REMOVE an interface (so at least having 2 !) on a captive portal instance.
This is an exceptional thing.Can you detail you setup please - interfaces - portal settings ? (image !!).
-
the configuration of captive portal is default configuration
 -
the rest of configuration
 -
This is correct (?):
Your Captive portal interface run on LAN [is selected] (why not a separate OPTx interface ?)
Your LAN IP = 10.131.0.4 (why not 10.131.0.1 ?)
Or, the firewall rule mention: 10.131.0.3 (why not 10.131.0.1 ?)
This:add 65310 pass ip from any to { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } in
add 65311 pass ip from { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } to any out
add 65312 pass icmp from { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } to any out icmptype 0
add 65313 pass icmp from any to { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } in icmptype 810.131.0.3 or 10.131.0.3 == "10.131.0.3"
You changed something here. It was different before.
This was CARP related - is it possible that you put your Captive portal interface on its dedicated interface - leaving this CARP thing else where and NOT in this network segment.Not related, but curious: a radius server an WAN :o (I saw that identification is set to None right now - better test your box first with some locally define users in the User manager).
Please double check : "Idle timeout" and "Hard timeout". Leaving both non initialized (as is the case right now) == playing with fire.
-
i haven´t a radius server in wan. in RADIUS NAS IP attribute you can see all the ip of all yours interface.
the configuration of captive portal is by default like i say before.
in previous version 2.1.5 of pfsense all work perfectly, is in the version 2.2 when i have the problem of ipfw, the problem is that the virtual carp ip not is inserted in ipfw rule.
add 65310 pass ip from any to { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } in
add 65311 pass ip from { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } to any out
add 65312 pass icmp from { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } to any out icmptype 0
add 65313 pass icmp from any to { 255.255.255.255 or 10.131.0.3 or 10.131.0.3 } in icmptype 8the gateway 10.131.0.3 10.131.0.4 or 10.131.0.1 is exactly same.
is true that in old post my gateway was 10.131.0.3 i have changed to try with other ip, but the result is the same. (sorry i forgive have said in the previous post).
we controll the idle and hard timeout by radius.
thanks
-
As said before: remove the CARP IP from the LAN segment (or ditch the carp for the time during tests).
Or: do what pfSense somewhat advices : use the Portal on a dedicated interface. -
hello good morning .
see you've now changed the way in which the virtual interface is managed. if I do a ifconfig , appeared before the vitual interface as an interface but now the virtual ip interface appears within the interface to which it belongs .
before in version 2.1.5
em3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether xx:xx:xx:xx:xx:xx
inet 10.131.0.3 netmask 0xffff0000 broadcast 10.131.0.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: activelan_vip15: flags=49 <up,loopback,running>metric 0 mtu 1500
inet 10.130.0.30 netmask 0xffff0000
carp: MASTER vhid 15 advbase 1 advskew 200now in version 2.2
em3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether xx:xx:xx:xx:xx:xx
inet 10.131.0.3 netmask 0xffffff00 broadcast 10.131.0.255
inet 10.131.0.30 netmask 0xffffff00 broadcast 10.131.0.255 vhid 15
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
carp: BACKUP vhid 15 advbase 1 advskew 0this is a possible cause of this issue.
before in ipfw_context
captive: em3,lan_vip15,
now in ipfw zone list
captive: em3,
i´ve tryed all kind of configurations and i continue with the problem.
thanks sir Gertjan for your effort</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></up,loopback,running></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast>
-
Dear All,
uaxero is not alone with such issues of keeping captive portal up after upgrading to 2.2 on a system with CARP.
I have a similar setup where the two pfSense machines are 192.168.4.78 and 192.168.4.79 sharing a CARP VIP of 192.168.4.1. Before 2.2, I used unbound as a package. I had the portal (internal) domain name resolve to 192.168.4.1 via local data and have DHCP provide 192.168.4.1 as DNS and gateway. That did work well. After the upgrade, a PC connecting to the guest network can see 192.168.4.78, 192.168.4.79 (and any other IP on the guest network), but not 192.168.4.1. Hence DNS and forwarding does not work. Obvious changes, such as having DHCP provide 192.168.4.78 as DNS and gateway instead, for example, do not help.
Any explanation in plain English (or pictures) regarding how to handle CARP now would be highly welcome.
Regards,
Michael Schefczyk
-
Dunno how many times does this need to be said: Use the Captive Portal on a dedicated interface.
-
Dear doktornotor,
wishing it was that simple: My guest network is on a separate vlan configured as an interface - if lagg0_vlan4 (pls. see ifconfig output below). Unless I do misunderstand this, a vlan configured as an interface does qualify as a separate interface in line for your reply, right? Alternatively, do I need to set a physical interface aside by removing it from lagg0, connecting it to the switch by a separate cable and use it for the capitve portal interface excusively?
Regards,
Michael Schefczyk
$ ifconfig
igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:e9:f6:a2
inet 192.168.6.4 netmask 0xffffff00 broadcast 192.168.6.255
inet6 fe80::225:90ff:fee9:f6a2%igb0 prefixlen 64 scopeid 0x1
inet 192.168.6.2 netmask 0xffffff00 broadcast 192.168.6.255 vhid 1
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
carp: MASTER vhid 1 advbase 1 advskew 100
igb1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:e9:f6:a3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:f3:8b:82
inet 172.16.1.79 netmask 0xffffff00 broadcast 172.16.1.255
inet6 fe80::225:90ff:fef3:8b82%igb2 prefixlen 64 scopeid 0x3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:f3:8b:83
inet 192.168.0.4 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::225:90ff:fef3:8b83%igb3 prefixlen 64 scopeid 0x4
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 vhid 2
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
carp: MASTER vhid 2 advbase 1 advskew 100
igb4: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:e9:f6:a3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb5: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:e9:f6:a3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
pflog0: flags=100 <promisc>metric 0 mtu 33144
pfsync0: flags=41 <up,running>metric 0 mtu 1500
pfsync: syncdev: igb2 syncpeer: 172.16.1.78 maxupd: 128 defer: on
syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
nd6 options=21 <performnud,auto_linklocal>lagg0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:25:90:e9:f6:a3
inet6 fe80::225:90ff:fee9:f6a3%lagg0 prefixlen 64 scopeid 0xb
inet 192.168.1.79 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 vhid 3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: active
carp: MASTER vhid 3 advbase 1 advskew 100
laggproto lacp lagghash l2,l3,l4
laggport: igb5 flags=1c <active,collecting,distributing>laggport: igb4 flags=1c <active,collecting,distributing>laggport: igb1 flags=1c <active,collecting,distributing>lagg0_vlan4: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=3 <rxcsum,txcsum>ether 00:25:90:e9:f6:a3
inet6 fe80::225:90ff:fee9:f6a3%lagg0_vlan4 prefixlen 64 scopeid 0xc
inet 192.168.4.79 netmask 0xffffff00 broadcast 192.168.4.255
inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255 vhid 4
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: active
vlan: 4 vlanpcp: 0 parent interface: lagg0
carp: MASTER vhid 4 advbase 1 advskew 100
ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::225:90ff:fee9:f6a2%ovpns1 prefixlen 64 scopeid 0xd
inet 192.168.9.1 –> 192.168.9.2 netmask 0xffffffff
nd6 options=21 <performnud,auto_linklocal>Opened by PID 24764
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::225:90ff:fee9:f6a2%ovpns2 prefixlen 64 scopeid 0xe
inet 192.168.10.1 --> 192.168.10.2 netmask 0xffffffff
nd6 options=21 <performnud,auto_linklocal>Opened by PID 28882
ovpns3: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::225:90ff:fee9:f6a2%ovpns3 prefixlen 64 scopeid 0xf
inet 192.168.18.1 --> 192.168.18.2 netmask 0xffffffff
nd6 options=21 <performnud,auto_linklocal>Opened by PID 33508
ovpns4: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::225:90ff:fee9:f6a2%ovpns4 prefixlen 64 scopeid 0x10
inet 192.168.19.1 --> 192.168.19.2 netmask 0xffffffff
nd6 options=21 <performnud,auto_linklocal>Opened by PID 37582</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,promisc,simplex,multicast></active,collecting,distributing></active,collecting,distributing></active,collecting,distributing></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast> -
wishing it was that simple: My guest network is on a separate vlan configured as an interface - if lagg0_vlan4 (pls. see ifconfig output below).
And what's that CARP IP doing there?
lagg0_vlan4: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
inet 192.168.4.79 netmask 0xffffff00 broadcast 192.168.4.255
inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255 vhid 4</up,broadcast,running,promisc,simplex,multicast>Really, this was said already a couple of times on this thread:
- https://forum.pfsense.org/index.php?topic=87991.msg485907#msg485907
- https://forum.pfsense.org/index.php?topic=87991.msg485987#msg485987
Again, nuke CARP from the interface that you have CP running on.
-
Dear doktornotor,
Thank you very much. I can read the text about CARP changes in 2.2, but I am unable to make sense out of it - probably it is not myself alone.
By my understanding, the CP guest network is something like the LAN to guests. The pfSense 2.1 draft book lists the following CARP example on page 473:
Table 25.2. LAN IP Address Assignments
IP Address Usage
192.168.1.1 CARP shared IP
192.168.1.2 Primary firewall LAN IP
192.168.1.3 Secondary firewall LAN IPThis was my world for a long time. Translated to my CP it meant that 192.168.4.1 was the router (Gateway, DNS) for guests. And that address was sometimes held by the primary and sometimes by the secondary firewall. Guests would not have to know about that. In my translation, 192.168.1.2 was 192.168.4.78 and 192.168.1.3 was 192.168.4.79.
Please let me know HOW I can move the CARP IP elsewhere. I have tried to understand that for a long time, but I cannot solve it intuitively and I cannot find documentation. To which interface would I move the CARP IP? Then, how could guests reach the CARP IP if it it was not on their networks interface anymore? The aim should still be that guests have one Gateway and DNS IP, regardless which firewall is master at a given point in time. Ideally, that address would be 192.168.4.1.
My CARP setting is enclosed as a jpg screenshot. DMESG output is attached below.
Thank you very much for your efforts!
Regards,
Michael Schefczyk
$ dmesg | less
Copyright
1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.1-RELEASE-p4 #0 36d7dec(releng/10.1)-dirty: Thu Jan 22 15:12:35 CST 2015
root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz (2400.06-MHz K8-class CPU)
Origin = "GenuineIntel" Id = 0x406d8 Family = 0x6 Model = 0x4d Stepping = 8
Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x43d8e3bf <sse3,pclmulqdq,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,sse4.1,sse4.2,movbe,popcnt,tscdlt,aesni,rdrand>AMD Features=0x28100800 <syscall,nx,rdtscp,lm>AMD Features2=0x101 <lahf,prefetch>Structured Extended Features=0x2282 <tscadj,smep,erms>VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
TSC: P-state invariant, performance statistics
real memory = 17179869184 (16384 MB)
avail memory = 16567734272 (15800 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <intel tiano ="">FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
FreeBSD/SMP: 1 package(s) x 8 core(s)
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 2
cpu2 (AP): APIC ID: 4
cpu3 (AP): APIC ID: 6
cpu4 (AP): APIC ID: 8
cpu5 (AP): APIC ID: 10
cpu6 (AP): APIC ID: 12
cpu7 (AP): APIC ID: 14
ACPI BIOS Warning (bug): Invalid length for FADT/Pm1aControlBlock: 32, using default 16 (20130823/tbfadt-682)
ioapic0 <version 2.0="">irqs 0-23 on motherboard
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff80606c30, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80606ce0, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80606d90, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff8062e400, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff8062e4b0, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff8062e560, 0) error 1
random: <software, yarrow="">initialized
module_register_init: MOD_LOAD (vesa, 0xffffffff80fb8b00, 0) error 19
kbd0 at kbdmux0
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
acpi0: <alaska a="" m="" i="">on motherboard
acpi0: Power Button (fixed)
cpu0: <acpi cpu="">on acpi0
cpu1: <acpi cpu="">on acpi0
cpu2: <acpi cpu="">on acpi0
cpu3: <acpi cpu="">on acpi0
cpu4: <acpi cpu="">on acpi0
cpu5: <acpi cpu="">on acpi0
cpu6: <acpi cpu="">on acpi0
cpu7: <acpi cpu="">on acpi0
hpet0: <high precision="" event="" timer="">iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 350
Event timer "HPET1" frequency 14318180 Hz quality 340
Event timer "HPET2" frequency 14318180 Hz quality 340
atrtc0: <at realtime="" clock="">port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <at timer="">port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus="">on pcib0
pcib1: <acpi pci-pci="" bridge="">mem 0xdf6e0000-0xdf6fffff irq 16 at device 1.0 on pci0
pci1: <acpi pci="" bus="">on pcib1
pcib2: <acpi pci-pci="" bridge="">at device 0.0 on pci1
pci2: <acpi pci="" bus="">on pcib2
vgapci0: <vga-compatible display="">port 0xd000-0xd07f mem 0xde000000-0xdeffffff,0xdf000000-0xdf01ffff irq 16 at device 0.0 on pci2
vgapci0: Boot video device
pcib3: <acpi pci-pci="" bridge="">mem 0xdf6c0000-0xdf6dffff irq 16 at device 2.0 on pci0
pci3: <acpi pci="" bus="">on pcib3
xhci0: <xhci (generic)="" usb="" 3.0="" controller="">mem 0xdf500000-0xdf501fff irq 17 at device 0.0 on pci3
xhci0: 64 byte context size.
usbus0 on xhci0
pcib4: <acpi pci-pci="" bridge="">mem 0xdf6a0000-0xdf6bffff irq 20 at device 3.0 on pci0
pci4: <acpi pci="" bus="">on pcib4
igb0: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xc020-0xc03f mem 0xdf200000-0xdf2fffff,0xdf404000-0xdf407fff irq 22 at device 0.0 on pci4
igb0: Using MSIX interrupts with 9 vectors
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: Bound queue 4 to cpu 4
igb0: Bound queue 5 to cpu 5
igb0: Bound queue 6 to cpu 6
igb0: Bound queue 7 to cpu 7
igb1: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xc000-0xc01f mem 0xdf100000-0xdf1fffff,0xdf400000-0xdf403fff irq 23 at device 0.1 on pci4
igb1: Using MSIX interrupts with 9 vectors
igb1: Bound queue 0 to cpu 0
igb1: Bound queue 1 to cpu 1
igb1: Bound queue 2 to cpu 2
igb1: Bound queue 3 to cpu 3
igb1: Bound queue 4 to cpu 4
igb1: Bound queue 5 to cpu 5
igb1: Bound queue 6 to cpu 6
igb1: Bound queue 7 to cpu 7
pci0: <processor>at device 11.0 (no driver attached)
pci0: <base peripheral,="" iommu=""> at device 15.0 (no driver attached)
igb2: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe0c0-0xe0df mem 0xdf660000-0xdf67ffff,0xdf70c000-0xdf70ffff irq 20 at device 20.0 on pci0
igb2: Using MSIX interrupts with 9 vectors
igb2: Bound queue 0 to cpu 0
igb2: Bound queue 1 to cpu 1
igb2: Bound queue 2 to cpu 2
igb2: Bound queue 3 to cpu 3
igb2: Bound queue 4 to cpu 4
igb2: Bound queue 5 to cpu 5
igb2: Bound queue 6 to cpu 6
igb2: Bound queue 7 to cpu 7
igb3: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe0a0-0xe0bf mem 0xdf640000-0xdf65ffff,0xdf708000-0xdf70bfff irq 21 at device 20.1 on pci0
igb3: Using MSIX interrupts with 9 vectors
igb3: Bound queue 0 to cpu 0
igb3: Bound queue 1 to cpu 1
igb3: Bound queue 2 to cpu 2
igb3: Bound queue 3 to cpu 3
igb3: Bound queue 4 to cpu 4
igb3: Bound queue 5 to cpu 5
igb3: Bound queue 6 to cpu 6
igb3: Bound queue 7 to cpu 7
igb4: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe080-0xe09f mem 0xdf620000-0xdf63ffff,0xdf704000-0xdf707fff irq 22 at device 20.2 on pci0
igb4: Using MSIX interrupts with 9 vectors
igb4: Bound queue 0 to cpu 0
igb4: Bound queue 1 to cpu 1
igb4: Bound queue 2 to cpu 2
igb4: Bound queue 3 to cpu 3
igb4: Bound queue 4 to cpu 4
igb4: Bound queue 5 to cpu 5
igb4: Bound queue 6 to cpu 6
igb4: Bound queue 7 to cpu 7
igb5: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 2.4.0="">port 0xe060-0xe07f mem 0xdf600000-0xdf61ffff,0xdf700000-0xdf703fff irq 23 at device 20.3 on pci0
igb5: Using MSIX interrupts with 9 vectors
igb5: Bound queue 0 to cpu 0
igb5: Bound queue 1 to cpu 1
igb5: Bound queue 2 to cpu 2
igb5: Bound queue 3 to cpu 3
igb5: Bound queue 4 to cpu 4
igb5: Bound queue 5 to cpu 5
igb5: Bound queue 6 to cpu 6
igb5: Bound queue 7 to cpu 7
ehci0: <intel avoton="" usb="" 2.0="" controller="">mem 0xdf717000-0xdf7173ff irq 23 at device 22.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
ahci0: <intel avoton="" ahci="" sata="" controller="">port 0xe150-0xe157,0xe140-0xe143,0xe130-0xe137,0xe120-0xe123,0xe040-0xe05f mem 0xdf716000-0xdf7167ff irq 19 at device 23.0 on pci0
ahci0: AHCI v1.30 with 4 3Gbps ports, Port Multiplier not supported
ahcich0: <ahci channel="">at channel 0 on ahci0
ahcich1: <ahci channel="">at channel 1 on ahci0
ahcich2: <ahci channel="">at channel 2 on ahci0
ahcich3: <ahci channel="">at channel 3 on ahci0
ahci1: <intel avoton="" ahci="" sata="" controller="">port 0xe110-0xe117,0xe100-0xe103,0xe0f0-0xe0f7,0xe0e0-0xe0e3,0xe020-0xe03f mem 0xdf715000-0xdf7157ff irq 19 at device 24.0 on pci0
ahci1: AHCI v1.30 with 2 6Gbps ports, Port Multiplier not supported
ahcich4: <ahci channel="">at channel 0 on ahci1
ahcich5: <ahci channel="">at channel 1 on ahci1
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
orm0: <isa option="" roms="">at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xc9000-0xc9fff,0xca000-0xcafff on isa0
sc0: <system console="">at flags 0x100 on isa0
sc0: CGA <16 virtual consoles, flags=0x300>
vga0: <generic isa="" vga="">at port 0x3d0-0x3db iomem 0xb8000-0xbffff on isa0
ppc0: cannot reserve I/O port range
est0: <enhanced speedstep="" frequency="" control="">on cpu0
p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
est1: <enhanced speedstep="" frequency="" control="">on cpu1
p4tcc1: <cpu frequency="" thermal="" control="">on cpu1
est2: <enhanced speedstep="" frequency="" control="">on cpu2
p4tcc2: <cpu frequency="" thermal="" control="">on cpu2
est3: <enhanced speedstep="" frequency="" control="">on cpu3
p4tcc3: <cpu frequency="" thermal="" control="">on cpu3
est4: <enhanced speedstep="" frequency="" control="">on cpu4
p4tcc4: <cpu frequency="" thermal="" control="">on cpu4
est5: <enhanced speedstep="" frequency="" control="">on cpu5
p4tcc5: <cpu frequency="" thermal="" control="">on cpu5
est6: <enhanced speedstep="" frequency="" control="">on cpu6
p4tcc6: <cpu frequency="" thermal="" control="">on cpu6
est7: <enhanced speedstep="" frequency="" control="">on cpu7
p4tcc7: <cpu frequency="" thermal="" control="">on cpu7
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
random: unblocking device.
usbus0: 5.0Gbps Super Speed USB v3.0
usbus1: 480Mbps High Speed USB v2.0
ugen1.1: <intel>at usbus1
uhub0: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus1
ugen0.1: <0x1912> at usbus0
uhub1: <0x1912 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
uhub1: 8 ports with 8 removable, self powered
uhub0: 8 ports with 8 removable, self powered
ugen1.2: <vendor 0x8087="">at usbus1
uhub2: <vendor 2="" 9="" 0x8087="" product="" 0x07db,="" class="" 0,="" rev="" 2.00="" 0.02,="" addr="">on usbus1
uhub2: 4 ports with 4 removable, self powered
ugen1.3: <american power="" conversion="">at usbus1
ugen1.4: <vendor 0x0000="">at usbus1
uhub3: <vendor 4="" 9="" 0x0000="" product="" 0x0001,="" class="" 0,="" rev="" 2.00="" 0.00,="" addr="">on usbus1
uhub3: 4 ports with 3 removable, self powered
ugen1.5: <vendor 0x0557="">at usbus1
ukbd0: <vendor 0="" 5="" 0x0557="" product="" 0x2419,="" class="" 0,="" rev="" 1.10="" 1.00,="" addr="">on usbus1
kbd1 at ukbd0
ada0 at ahcich4 bus 0 scbus4 target 0 lun 0
ada0: <hgst hts541010a9e680="" ja0oa560="">ATA-8 SATA 3.x device
ada0: Serial Number JA10001F1PP8AM
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad12
ada1 at ahcich5 bus 0 scbus5 target 0 lun 0
ada1: <hgst hts541010a9e680="" ja0oa560="">ATA-8 SATA 3.x device
ada1: Serial Number JA10001F1RA14N
ada1: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
ada1: Command Queueing enabled
ada1: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad14
SMP: AP CPU #3 Launched!
SMP: AP CPU #1 Launched!
SMP: AP CPU #6 Launched!
SMP: AP CPU #4 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #7 Launched!
SMP: AP CPU #5 Launched!
Timecounter "TSC-low" frequency 1200028632 Hz quality 1000
GEOM_MIRROR: Device mirror/pfSenseMirror launched (2/2).
Trying to mount root from ufs:/dev/mirror/pfSenseMirrors1a [rw]…
padlock0: No ACE support.
aesni0: <aes-cbc,aes-xts,aes-gcm>on motherboard
lagg0: IPv6 addresses on igb1 have been removed before adding it as a member to prevent IPv6 address scope violation.
lagg0: link state changed to DOWN
lagg0: IPv6 addresses on igb4 have been removed before adding it as a member to prevent IPv6 address scope violation.
lagg0: IPv6 addresses on igb5 have been removed before adding it as a member to prevent IPv6 address scope violation.
vlan0: changing name to 'lagg0_vlan4'
igb0: promiscuous mode enabled
carp: demoted by 240 to 240 (interface down)
igb3: promiscuous mode enabled
carp: demoted by 240 to 480 (interface down)
igb5: promiscuous mode enabled
igb4: promiscuous mode enabled
igb1: promiscuous mode enabled
lagg0: promiscuous mode enabled
carp: demoted by 240 to 720 (interface down)
lagg0_vlan4: promiscuous mode enabled
carp: demoted by 240 to 960 (interface down)
carp: demoted by 240 to 1200 (pfsync bulk start)
igb4: link state changed to UP
carp: VHID 3@lagg0: INIT -> BACKUP
carp: demoted by -240 to 960 (interface up)
lagg0: link state changed to UP
carp: VHID 4@lagg0_vlan4: INIT -> BACKUP
carp: demoted by -240 to 720 (interface up)
lagg0_vlan4: link state changed to UP
igb5: link state changed to UP
tun1: changing name to 'ovpns1'
tun2: changing name to 'ovpns2'
carp: VHID 2@igb3: INIT -> BACKUP
carp: demoted by -240 to 480 (interface up)
igb3: link state changed to UP
tun3: changing name to 'ovpns3'
tun4: changing name to 'ovpns4'
carp: VHID 1@igb0: INIT -> BACKUP
carp: demoted by -240 to 240 (interface up)
igb0: link state changed to UP
pflog0: promiscuous mode enabled
ovpns1: link state changed to UP
ovpns2: link state changed to UP
ovpns4: link state changed to UP
ovpns3: link state changed to UP
igb2: link state changed to UP
carp: demoted by -240 to 0 (pfsync bulk done)
carp: VHID 1@igb0: BACKUP -> MASTER (preempting a slower master)
carp: VHID 2@igb3: BACKUP -> MASTER (preempting a slower master)
carp: VHID 4@lagg0_vlan4: BACKUP -> MASTER (master down)
carp: VHID 3@lagg0: BACKUP -> MASTER (master down)
igb1: link state changed to UP
carp: demoted by 240 to 240 (send error 50 on lagg0)
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to accept, logging disabled
DUMMYNET 0 with IPv6 initialized (100409)
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
load_dn_sched dn_sched PRIO loaded
</aes-cbc,aes-xts,aes-gcm></hgst></hgst></vendor></vendor></vendor></vendor></american></vendor></vendor></intel></intel></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></cpu></enhanced></generic></system></isa></isa></pci-isa></ahci></ahci></intel></ahci></ahci></ahci></ahci></intel></intel></intel(r)></intel(r)></intel(r)></intel(r)></processor></intel(r)></intel(r)></acpi></acpi></xhci></acpi></acpi></vga-compatible></acpi></acpi></acpi></acpi></acpi></acpi></at></at></high></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></alaska></software></software,></version></intel ></tscadj,smep,erms></lahf,prefetch></syscall,nx,rdtscp,lm></sse3,pclmulqdq,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,sse4.1,sse4.2,movbe,popcnt,tscdlt,aesni,rdrand></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>
