Netgate Forum

bbqrooster

Snort on 2.1 works fine (I use it in production in a few places), so something in your snort config may need adjusted, or you may have other problems on your system. Start a fresh thread someone can help you there.

What version of 2.1 did you get Snort working? I have done another clean setup of 2.03 and 2.1 using another computer using all default setup with one LAN and one WAN. The 2.1 RC0 was the May 30 built. The 2.03 was the most recent version. I then installed Snort (2.9.4.1 pkg v. 2.5.8) on both. The WAN interface was added with AC-STD performance settings. The box 'Use IPS Policy" was checked in WAN Categories. Everything else was default. On 2.03, Snort worked like a charm. On 2.1 RC0, the WAN interface immediately got cut off once Snort was started. I looked into the system log and I saw that the system kept trying to establish the WAN IP address. I have tried both DHCP and static IP on WAN with the same result. I really don't think it is a problem of setting unless 2.10 RC0 requires you to do some special setup in Snort. I have attached the system log. I'll start a fresh thread on the Packages board. But please take a look at the log file and let me know what you think.

[System Snort Install Log.txt](/public/imported_attachments/1/System Snort Install Log.txt)

rcfa

When I install the tinc package, it seems to install properly.
However, after the next system update, the package lock doesn't clear, and although tinc is listed as installed package, it's not in the menus.
If I manually reinstall the package, it's back in the menu.
Rinse, repeat.

In what sequence are packages reinstalled after a system update?
Either tinc crashes, or something before tinc gets installed, does.

Why would a package (re)install manually, but then then the system is update>

bbqrooster

Ok, I think I have gotten to the bottom of this issue with Snort not working with pfSense 2.1 RC0. It is a Intel NIC driver issue, but it is an issue that happens with the combination of pfSense 2.1 RC0, Snort 2.9.4.1 and the Intel NIC driver. I have been using Intel 729757-005 10/100 PCI NIC as the WAN interface. I have tested a few other NIC cards as the WAN interface. Here's the finding

pfSense 2.1 RC0 (i386) May 30 Built with Snort 2.9.4.1 v 2.5.8
Non-working NIC - Intel 729757-005, 721383-008 using fxp0 driver
Working NIC - Netgear FA311 (NatSemi chip) using sis0, on-board Realtek NIC using re0

pfsense 2.03 with Snort 2.9.4.1 v 2.5.8
All 4 NIC works

I have also tried pfsense 2.1 RC0 amd64. Same problem with the Intel NIC cards.

I have made a similar post in the Packages board. I hope someone would take a look at this.

frater

stunnel doesn't work….
I had it working in 2.1 but when I noticed it wasn't anymore and tried to edit the entries I get

Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14

Re-installing doesn't work…
I don't know how to edit those googledocs

jimp

@rcfa:

This is what lightsquid says:

Note after installation:
On the first - enable log in squid package with "/var/squid/log" path.
On the second - press Refresh button for create lightsquid reports, else you will have error diagnostic page.

However, squid, in the logging section, provides a default path of /var/squid/logs (note the "s" at the end).

Which is the proper place?

That's not specific to 2.1, but to the package in general, doesn't belong in this thread.

@rcfa:

Figured since the lightsquid doesn't give me an option to supply another path, I override and use the /var/squid/log path. But even after restarting squid, hitting the refresh button, I still get this error page:

LigthSquid diagnostic.
Error : report folder '/var/lightsquid/report' not contain any valid data! Please run lightparser.pl (and check 'report' folder content)
Please check config file !
Variable value
$tplpatph /usr/pbi/lightsquid-amd64/www/lightsquid/tpl
$templatename novopf
$langpatph /usr/pbi/lightsquid-amd64/share/lightsquid/lang
$langname eng
$reportpath /var/lightsquid/report
Access to '/var/lightsquid/report' folder yes
$graphreport 1
folder content:

It worked the last several times I tried it, might be something specific to your setup, worthy of its own separate thread.

jimp

@rcfa:

When I install the tinc package, it seems to install properly.
However, after the next system update, the package lock doesn't clear, and although tinc is listed as installed package, it's not in the menus.
If I manually reinstall the package, it's back in the menu.
Rinse, repeat.

In what sequence are packages reinstalled after a system update?
Either tinc crashes, or something before tinc gets installed, does.

Why would a package (re)install manually, but then then the system is update>

Difficult to say, but that is likely specific to the tinc package and not 2.1 in general. That package was contributed by a forum member and not us, so it would be best to start a thread in the packages board (or dig up the old/original tinc development thread, I believe there was one) and get the maintainer's attention.

jimp

@frater:

stunnel doesn't work….
I had it working in 2.1 but when I noticed it wasn't anymore and tried to edit the entries I get
Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14
Re-installing doesn't work…
I don't know how to edit those googledocs

Stunnel has its own set of issues not specific to 2.1. It isn't currently maintained as far as I'm aware. It would be best to start a new thread in the packages forum to see if anyone else might have a solution/fix for that.

jimp

Locking this thread for now, separate threads are better from here on.

The purpose of this thread was for problems specific to 2.1 – meaning, package X worked on 2.0.x, but not 2.1. Most of those have been fixed, but packages that were broken on 2.0.x are also likely broken on 2.1 (e.g. stunnel, vhosts, freeswitch) and that's beyond the scope of what this thread is meant to deal with.

I was originally doing triage trying to fix what I could on things to get things in decent shape, but we're at the point now where the package maintainers for items with remaining issues need to step up and fix what few things are left. In the cases where there are no active package maintainers for certain packages, someone with the time/knowledge may have to take them on.