Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.2-ALPHA Snapshots Available

    2.2 Snapshot Feedback and Problems - RETIRED
    23
    39
    28153
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimp
      jimp Rebel Alliance Developer Netgate last edited by

      For those who want to live on the bleeding edge, 2.2-ALPHA snapshots are up for testing at http://snapshots.pfsense.org/

      Update URLs for use in firmware update settings:
      http://snapshots.pfsense.org/FreeBSD_stable/10/amd64/pfSense_HEAD/.updaters/
      http://snapshots.pfsense.org/FreeBSD_stable/10/i386/pfSense_HEAD/.updaters/

      Be aware there are some rough edges but many things should function. That said, you should not expect to use these in production yet. Lab environment or tinkering only at this stage.

      In particular, CARP, IPsec, and Wireless are good testing targets.

      Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        thanks devs!

        keep up the good work!

        1 Reply Last reply Reply Quote 0
        • W
          whitexp last edited by

          thanks a lot guys

          1 Reply Last reply Reply Quote 0
          • D
            dison4linux last edited by

            Is there any information out there detailing the changes/features expected in 2.2?
            I know the base is being upgraded from FreeBSD 8.3 to 10 but other than that, what all is different in 2.2 from 2.1?

            1 Reply Last reply Reply Quote 0
            • E
              eri-- last edited by

              php-fpm instead of php in general.

              More optimal usage of fcgi in general to avoid careless forking around.

              strongswan instead of ipsec-tools.

              Apart that not many other changes apart improvements in general and getting to FreeBSD 10.

              1 Reply Last reply Reply Quote 0
              • W
                whitexp last edited by

                i going for use pfsense dialy , but iĀ  want update pfsense alls day …
                but i get this error in update manager ...

                sorry bad english

                thanks


                1 Reply Last reply Reply Quote 0
                • P
                  phil.davis last edited by

                  Outbound NAT - in 2.2 you can keep Automatic Outbound NAT and then add some extra manual rules, thus having a "hybrid" outbound NAT. That will help when adding new LAN-style interfaces, changing LAN-style subnet numbers… The automatic outbound NAT rules can regenerate themselves without the user having to think, and still have the option to have a couple of extra special rules.
                  This is a bit of code I am planning to test out and use.

                  As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                  If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                  1 Reply Last reply Reply Quote 0
                  • jimp
                    jimp Rebel Alliance Developer Netgate last edited by

                    @whitexp:

                    i going for use pfsense dialy , but iĀ  want update pfsense alls day …
                    but i get this error in update manager ...

                    Copy the path from the first message on this thread exactly. You have the wrong URL.

                    Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • jimp
                      jimp Rebel Alliance Developer Netgate last edited by

                      I've also made a few changes/additions to OpenVPN, the server options and client-specific overrides.

                      Eventually we'll have a page with a list of changes like for other versions

                      Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • W
                        whitexp last edited by

                        @jimp:

                        @whitexp:

                        i going for use pfsense dialy , but iĀ  want update pfsense alls day …
                        but i get this error in update manager ...

                        Copy the path from the first message on this thread exactly. You have the wrong URL.

                        thanks jimp

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest last edited by

                          @ermal:

                          php-fpm instead of php in general.

                          More optimal usage of fcgi in general to avoid careless forking around.

                          strongswan instead of ipsec-tools.

                          Apart that not many other changes apart improvements in general and getting to FreeBSD 10.

                          And for the first time in a very long time, pfSense will be somewhat in-sync with the mainline FreeBSD tree.

                          FreeBSD 10 also has a much-improved 'pf'.

                          The "not many other changes" was intentional.Ā  By limiting the scope we stayed out of the mess that bogged down the 2.1 release.

                          The method used: Set an achievable goal; Meet it.Ā  Repeat.

                          1 Reply Last reply Reply Quote 0
                          • V
                            vitek last edited by

                            Any planned improvements regarding better AES-NI support and performance?

                            1 Reply Last reply Reply Quote 0
                            • H
                              heper last edited by

                              any idea if there will be ECMP support?

                              it could enable loadbalancing when dealing with dynamic routing protocols like ospf, bgp, rip.
                              might it even help to solve the issue's with loadbalancing certain services like squid? What are the devs thoughts about this?

                              thanks

                              1 Reply Last reply Reply Quote 0
                              • jimp
                                jimp Rebel Alliance Developer Netgate last edited by

                                @vitek:

                                Any planned improvements regarding better AES-NI support and performance?

                                It's in development but is not likely to make 2.2. More news on that will come later.

                                Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • jimp
                                  jimp Rebel Alliance Developer Netgate last edited by

                                  @heper:

                                  any idea if there will be ECMP support?

                                  it could enable loadbalancing when dealing with dynamic routing protocols like ospf, bgp, rip.
                                  might it even help to solve the issue's with loadbalancing certain services like squid? What are the devs thoughts about this?

                                  It's on our radar but not terribly important for 2.2 (see above, re: narrow scope) but if we stick to the plan then 2.3 won't be far off and it may make it there.

                                  Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • Q
                                    quantumx last edited by

                                    THANK YOU for this.

                                    IGB drivers seem to perform flawlessly with minimal tuning and various routing quirks have vanished.

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      Guest last edited by

                                      @jimp:

                                      @vitek:

                                      Any planned improvements regarding better AES-NI support and performance?

                                      It's in development but is not likely to make 2.2. More news on that will come later.

                                      The issue isn't "AES-NI" support.Ā  The issue is that AES-GCM isn't implemented in FreeBSD.

                                      We're fixing that, but as jimp said, it's unlikely to make 2.2.

                                      1 Reply Last reply Reply Quote 0
                                      • nesense
                                        nesense last edited by

                                        @vitek:

                                        Any planned improvements regarding better AES-NI support and performance?

                                        "Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt. " according to: https://wiki.freebsd.org/WhatsNew/FreeBSD10#Kernel.2C_hardware_support_.26_other_low_level_improvements

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          jasonlitka last edited by

                                          @ermal:

                                          strongswan instead of ipsec-tools.

                                          Does that mean we'll get IKE v2? I'm getting a bit tired of connecting to ASAs and having their admins make comments about having to "downgrade" their equipment.

                                          @gonzopancho:

                                          The "not many other changes" was intentional.Ā  By limiting the scope we stayed out of the mess that bogged down the 2.1 release.

                                          The method used: Set an achievable goal; Meet it.Ā  Repeat.

                                          Rapid, iterative development.Ā  That's the way to go.Ā  Glad to hear this.

                                          I can break anything.

                                          1 Reply Last reply Reply Quote 0
                                          • O
                                            ohmantics last edited by

                                            @nesense:

                                            "Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt. " according to: https://wiki.freebsd.org/WhatsNew/FreeBSD10#Kernel.2C_hardware_support_.26_other_low_level_improvements

                                            I assume that 2.2 is built with LLVM and not gcc. LLVM has had AESNI for a few years now.

                                            1 Reply Last reply Reply Quote 0
                                            • S
                                              SeventhSon last edited by

                                              I saw one of the first posts mentions that you wanted CARP tested.

                                              I can install this on my home setup secondary router and enable CARP again, should you be able to sync between 2.2 and 2.1-RELEASE (i386)?

                                              1 Reply Last reply Reply Quote 0
                                              • X
                                                Xon last edited by

                                                @ermal:

                                                php-fpm instead of php in general.

                                                This is a fairly big improvement for memory usage.

                                                On a 256mb system (ie ALix2d3), it should be safe enough to turn opcode caching back on which provides a nice performance win.

                                                1 Reply Last reply Reply Quote 0
                                                • chpalmer
                                                  chpalmer last edited by

                                                  GitsyncĀ  Ā  Ā  master?Ā  Or other??

                                                  :)

                                                  Triggering snowflakes one by one..

                                                  1 Reply Last reply Reply Quote 0
                                                  • jimp
                                                    jimp Rebel Alliance Developer Netgate last edited by

                                                    @chpalmer:

                                                    GitsyncĀ  Ā  Ā  master?Ā  Or other??

                                                    :)

                                                    Master, until it gets branched. Gitsync is only marginally useful these days though.

                                                    Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                                    Need help fast? Netgate Global Support!

                                                    Do not Chat/PM for help!

                                                    1 Reply Last reply Reply Quote 0
                                                    • chpalmer
                                                      chpalmer last edited by

                                                      Thanks!Ā  Ā  8)

                                                      Just trying to break things until someone goes over and kicks the snapshot server.Ā  ;D

                                                      Triggering snowflakes one by one..

                                                      1 Reply Last reply Reply Quote 0
                                                      • A
                                                        acebluefire last edited by

                                                        unable to install package SQUID 2.7 and squidguard

                                                        ERROR: No digital signature! If you are SURE you trust this PBI, re-install with –no-checksig option.




                                                        1 Reply Last reply Reply Quote 0
                                                        • Raul Ramos
                                                          Raul Ramos last edited by

                                                          Hi

                                                          Are 64bit snapshots stopped?

                                                          Thanks

                                                          pfSense:
                                                          ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
                                                          Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
                                                          NIC's: RTL8100E (Internal ) and IntelĀ® PRO/1000 PT Dual (Intel 82571GB)

                                                          1 Reply Last reply Reply Quote 0
                                                          • jimp
                                                            jimp Rebel Alliance Developer Netgate last edited by

                                                            We have been focused on getting 2.1.2 out to fix Heartbleed. 2.2 snaps will be back around soon.

                                                            Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                                            Need help fast? Netgate Global Support!

                                                            Do not Chat/PM for help!

                                                            1 Reply Last reply Reply Quote 0
                                                            • rcfa
                                                              rcfa last edited by

                                                              @ermal:

                                                              strongswan instead of ipsec-tools.

                                                              Will settings be automatically migrated for ipsec tunnels, or does the move mean setting up the tunnels from scratch?

                                                              Having a very peculiar problem with my connection that started showing up since i started using the 2.1.1 betas, and that has been sticking around since then, so testing a different ipsec stack sound tempting…

                                                              1 Reply Last reply Reply Quote 0
                                                              • R
                                                                Rhongomiant last edited by

                                                                Greetings All,

                                                                My first question can be ignored. I realize this is not possible as packets can only hold the next hop. I was working with someone and we basically assumed that it could work because some other devices let you create these route statement, but it turns out the only reason it was allowed was for documentation purposes and it shows that as usual pfSense is doing it correctly.

                                                                [IGNORE]

                                                                1. Will pfSense ever allow for route creation with a remote gateway. e.g. If my default gateway is 1.1.1.1 and through it I can reach 2.2.2.2 and I want to create a route to 3.3.3.0/24, I can set most other business class routers and firewalls like Cisco ASAs so that 3.3.3.0/24 can be reached via 2.2.2.2 without having an IP in the same subnet as 2.2.2.2.

                                                                Is this a FreeBSD limitation? Is the fix a simple kernel flag or can the kernel be compiled to allow for this?

                                                                Additionally, I get that this can be an issue for multi-wan, but I would guess there is a way to deal with that as BSD is the basis for many high-end routers out there that support multi-wan.

                                                                Would the solution would be to have a rule that pushes traffic to 3.3.3.0/24 through the correct interface, using the default routing table. This is no big deal with the current setup as with multi-wan currently you have to create rules for all traffic that needs to use the default routing table.

                                                                The real technical challenge is when 2.2.2.2 can be reached via multiple WAN interfaces something has to be created to push this traffic through the active WAN with the highest priority.
                                                                [/IGNORE]

                                                                1. A More simple multi-WAN setup. Currently you have to create rules to use multi-WAN setups which means that you have to create separate rules for internal traffic. The idea is that the admin could specify multiple WANs as default with the LB and Failover metrics and all traffic to default would be sent down the appropriate WAN without special rules. Maybe other systems allow for this by creating their own IP stack with a routing table system that allows for this, so maybe it's not possible with stock BSD.

                                                                I believe that FreeBSD supports multiple routing tables. Could route-to be used with fibs or is there something that could replace route-to for use with fibs?

                                                                e.g. If a user has two wans pfSense could create two fibs. Each fib has all the same routes, I understand this would require code, except the default route for fib0 is the first WAN and the default route for fib1 is the second WAN. Then something like a gateway group could be created for the fibs. This would eliminate the need to create separate rules for local traffic which is required when using gateway groups.

                                                                Thanks,

                                                                Rhongomiant

                                                                1 Reply Last reply Reply Quote 0
                                                                • ?
                                                                  Guest last edited by

                                                                  @ohmantics:

                                                                  @nesense:

                                                                  "Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt. " according to: https://wiki.freebsd.org/WhatsNew/FreeBSD10#Kernel.2C_hardware_support_.26_other_low_level_improvements

                                                                  I assume that 2.2 is built with LLVM and not gcc. LLVM has had AESNI for a few years now.

                                                                  Support in LLVM / gcc only helps get the code compiled.Ā  Neither compiler will "recognize" the various modes of AES being compiled and magically emit the correct instruction sequence.

                                                                  AES-XTS / AES-CBC are useful for storage.Ā  For IPSEC, typically AES-CTR mode is used (with SHA256 as a MAC).

                                                                  Since IPSEC wants both crypto and MAC, you don't get a lot of speedup running AES-CTR mode.Ā  Thus the coming implementation of AES-GCM, which allows one to do the crypt and MAC parts in one flow, rather than two passes.

                                                                  Early results say that we should be able to come close to filling a 10Gbps pipe.Ā  Certainly IPSEC at 1Gbps becomes possible, assuming hardware able to support same is used.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • V
                                                                    vitek last edited by

                                                                    @gonzopancho:

                                                                    @ohmantics:

                                                                    @nesense:

                                                                    "Support for AES-NI instruction and intrinsics has been added to gcc. The aesni module has been improved to use pipelining when possible. This results in a significant speed up for AES-XTS and AES-CBC decrypt. " according to: https://wiki.freebsd.org/WhatsNew/FreeBSD10#Kernel.2C_hardware_support_.26_other_low_level_improvements

                                                                    I assume that 2.2 is built with LLVM and not gcc. LLVM has had AESNI for a few years now.

                                                                    Support in LLVM / gcc only helps get the code compiled.Ā  Neither compiler will "recognize" the various modes of AES being compiled and magically emit the correct instruction sequence.

                                                                    AES-XTS / AES-CBC are useful for storage.Ā  For IPSEC, typically AES-CTR mode is used (with SHA256 as a MAC).

                                                                    Since IPSEC wants both crypto and MAC, you don't get a lot of speedup running AES-CTR mode.Ā  Thus the coming implementation of AES-GCM, which allows one to do the crypt and MAC parts in one flow, rather than two passes.

                                                                    Early results say that we should be able to come close to filling a 10Gbps pipe.Ā  Certainly IPSEC at 1Gbps becomes possible, assuming hardware able to support same is used.

                                                                    What about OpenVPN ? Will it see the same performance improvements as IPSEC?

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • D
                                                                      Dario Palmisano last edited by

                                                                      Hello Everybody,

                                                                      first of all thanks for the good job done by developers!

                                                                      I wonder if in 2.2-ALPHA Snapshots is it working the IPv6 support in captive portal (which I read and verified was not available in 2.1.x)?

                                                                      Thanks again

                                                                      Dario

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • S
                                                                        S_D last edited by

                                                                        Do you intend to add support for mini-jumbo frames ie 2508 byte packets for better PPPoE support on UK FFTC circuits?

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • F
                                                                          Fegu last edited by

                                                                          Is there any doc with a short list of changes/improvements in each snap? Just a couple of lines would let everyone know what to test and when not to expect changes in the issues at hand.

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • jimp
                                                                            jimp Rebel Alliance Developer Netgate last edited by

                                                                            @Fegu:

                                                                            Is there any doc with a short list of changes/improvements in each snap? Just a couple of lines would let everyone know what to test and when not to expect changes in the issues at hand.

                                                                            There is not a specific changelog that is written since the snapshots are automated. You can get an idea by checking the commit logs on github or by watching https://redmine.pfsense.org/projects/pfsense/activity

                                                                            Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                                                            Need help fast? Netgate Global Support!

                                                                            Do not Chat/PM for help!

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • K
                                                                              kpa last edited by

                                                                              2.2-ALPHA (i386) 
                                                                              built on Thu May 22 22:15:16 CDT 2014 
                                                                              FreeBSD 10.0-STABLE
                                                                              

                                                                              I did manage to install this snapshot on a Parallels for Mac virtual machine and initial impression is that it works. However, the first install went bad because I resetted the virtual machine during the interface set up to add a second interface to the virtual machine. This caused the system think that the interface set up was already done but no config.xml configuration was saved and the system was unusable after that.

                                                                              Note that I'm using vtnet interfaces for both WAN and LAN so they seem to be working fine when used with Parallels for Mac.

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • K
                                                                                kpa last edited by

                                                                                On the same snapshot I do have working IPv6 connectivity with SLAAC on WAN but the WAN_DHCP6 gateway keeps showing "Pending" and does not show any stats for the gateway.

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • jimp
                                                                                  jimp Rebel Alliance Developer Netgate last edited by

                                                                                  Please start individual threads for issues, this is just an announcement thread not meant for troubleshooting.

                                                                                  Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                                                                  Need help fast? Netgate Global Support!

                                                                                  Do not Chat/PM for help!

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • First post
                                                                                    Last post