2.2.4-RELEASE Now Available!
-
https://doc.pfsense.org/index.php/2.2.4_New_Features_and_Changes
"Fix dashboard hardware crypto display where AES-NI is enabled. #4832"I think this refers to the wrong bug; https://redmine.pfsense.org/issues/4809
And can somebody tell me how enable this hardware crypto display on the dashboard? ;)
Yeah that was linked to the wrong bug number, fixed.
It automatically displays on the dashboard where AES-NI is enabled under System>Advanced, Misc, and exists on the system.
-
@cmb:
It automatically displays on the dashboard where AES-NI is enabled under System>Advanced, Misc, and exists on the system.
This should be in the 'system information' widget, right? I have an A1SRi-2558F, AES-NI is enabled under the misc settings. It doesn't show for me. I tried to disable AES-NI and then enable it again, but that also did not work.
Status -> System logs does show "kernel: aesni0: <aes-cbc,aes-xts,aes-gcm>on motherboard"
Oh, now I get it, cat /var/log/dmesg.boot | grep aes doesn't show anything, it only shows something for grep AES.
In /var/log/system.log there is the "kernel: aesni0: <aes-cbc,aes-xts,aes-gcm>on motherboard" logged.What to do? Keep complaining here, open a new bug report, continue with 4809 or something else?</aes-cbc,aes-xts,aes-gcm></aes-cbc,aes-xts,aes-gcm>
-
Guessing you enabled it after the last boot of the system? That should be the only way it won't show 'aesni0' in dmesg.boot, but it is in the system log. The boot log is the only thing that's retained that can be used for that purpose, so it won't show if it wasn't enabled during the last boot of the system.
-
@cmb:
Guessing you enabled it after the last boot of the system? That should be the only way it won't show 'aesni0' in dmesg.boot, but it is in the system log. The boot log is the only thing that's retained that can be used for that purpose, so it won't show if it wasn't enabled during the last boot of the system.
I enabled aes-ni a while ago. Because of 2.2.4, to make sure I just rebooted, with the same results.
-
If you are using URL Ports type alias(es) then you will get "Error loading the rules" in 2.2.4 - I broke that (unintentionally) when handling another case of numeric host names.
You will need to apply this patch on top of 2.2.4 to fix it:
https://github.com/pfsense/pfsense/commit/d7b67981909a17f575aaa90f4468b3b9ad1dffdewhich can be done easily using the System Patches package.
-
@cmb:
Guessing you enabled it after the last boot of the system? That should be the only way it won't show 'aesni0' in dmesg.boot, but it is in the system log. The boot log is the only thing that's retained that can be used for that purpose, so it won't show if it wasn't enabled during the last boot of the system.
I enabled aes-ni a while ago. Because of 2.2.4, to make sure I just rebooted, with the same results.
Start a new thread on that, including the output of:
grep -i aesni /var/log/dmesg.bootand we can troubleshoot there.
-
@cmb:
https://blog.pfsense.org/?p=1833
Thank you so much pfSense Team!
I updated yesterday and the new version is working fine, the ONE recurrent issue that I believe the Team should look into, is the
Package re-installation:Package re-installation has had issues in pretty much every single update I have done.
Packages start to get re-installed but the process stops at one point or another.
You have to check your package list as sometimes it deletes the package when the process dies in the middle (can we at least make sure we don't
lose the package when something goes wrong in the update??).I end up having to either re-install all packages (Diagnostic-Backup/Restore-Reinstall Packages) or to re-install each individual package when
the Reinstall Packages halts and never finishes going through all the package re-installs.Instead of having a 10 minute painless update, I had to spent a good while re-installing packages and 'hoping' they work…
Can we please put some attention and effort to Package re-installation?
Thanks again for a great product!
J. -
Indeed package reinstalls getting stuck has been an issue forever. Like there's an ntopng bug ticket open that shows where its reinstall fails and hangs 1 of 3 times IIRC, which causes the package reinstall process to get stuck. Usually some kind of includes mess in the package's code. That's something we'll get some focus towards in 2.3 as we're getting rid of the PBI mess.
-
@cmb:
Indeed package reinstalls getting stuck has been an issue forever. Like there's an ntopng bug ticket open that shows where its reinstall fails and hangs 1 of 3 times IIRC, which causes the package reinstall process to get stuck. Usually some kind of includes mess in the package's code. That's something we'll get some focus towards in 2.3 as we're getting rid of the PBI mess.
Thanks for the reply/ack.
Not only this is screwing peoples config, but it is wasting bandwidth every time the package(s) fail.Hope it gets fixed sometime soon so I can finally deploy pfsense around my customers.
It is a very small issue, yes, but I don't deploy to my customers any sw that it is not rock-solid.I do use several packages (pfBlockerNG, squid3, cron, suricata) that are essential to my installs and cannot be babysitting
the package re-installation on each of them after each upgrade.Thanks again for the great work and I will be contributing to the project.
J -
@cmb:
Start a new thread on that, including the output of:
grep -i aesni /var/log/dmesg.bootand we can troubleshoot there.
Just wanted to point out… I started a thread about this as it's affecting me as well.
https://forum.pfsense.org/index.php?topic=97240.0
