Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.2 seems like a big step forward…

    2.2 Snapshot Feedback and Problems - RETIRED
    6
    7
    1587
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcfa last edited by

      Just a general bit of feedback. It seems that 2.2 performs considerably better, and a variety of services perform much better, so the combination of updated packages, new OS, php, etc. seems to make a huge difference.

      Dansguardian and Snort never ran quite right, they ran without tons of error messages after the upgrade. In the mean time I replaced Snort with suricata, which has seemingly an amazingly low overhead: running on four interfaces and with blocking enabled it uses much less CPU than snort on two without blocking.

      Trim support seems to work fine, too. A checkbox under advanced configuration would be the icing on the cake, but as long as it works, I'm happy.

      Frankly, I was nearly shitting my pants hitting the upgrade button, because one of the devices in a colo probably a 1000 miles away, and any issue would have required a plane trip or many days of downtime (and FedEx) to fix. Big sigh of relief seeing that things work better now than ever.

      Only issue, so far is the status widget for the IPSec links, but that's mostly a cosmetic issue, since I'll immediately know when that link is down (as it's my main internet connection, the ISP only provides the pipe for that IPSec link).

      So pretty much a big thumbs up for this almost release!

      The only question I have, is how does the situation with L2TP-over-IPSec look like? Does it work now? If so, anyone written a small config tutorial, because it would seem the settings aren't "neatly in one place" as one's used to from the various L2TP clients (e.g. iOS, etc.)

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        There are a couple threads on L2TP+IPsec that have config examples but we do not yet have one officially blessed configuration.

        Once we do, it'll be up on the Wiki. Same with IKEv2

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • stephenw10
          stephenw10 Netgate Administrator last edited by

          @rcfa:

          Frankly, I was nearly shitting my pants hitting the upgrade button, because one of the devices in a colo probably a 1000 miles away…

          Braver than me.  ;)

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            @stephenw10:

            @rcfa:

            Frankly, I was nearly shitting my pants hitting the upgrade button, because one of the devices in a colo probably a 1000 miles away…

            Braver than me.  ;)

            Mine are all within 500km range, but some over 3600m passes now covered in snow. After first checking that the particular build installs fine on my home Alix and OpenVPN links come up first time, then there is no trouble upgrading remote sites. On nanoBSD the upgrade process is very good at bailing out if there is any error in writing the new slice, mounting it, copying over /boot/loader.conf.local … So far I have never had an uncontactable remote upgrade - the remote system reboots on the new slice, the OpenVPN links come back up a few minutes later and all is well.
            No need to keep toilet paper on hand ;)

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              Yep, that's a good reason to run identical hardware everywhere. You can at least test extensively and be confident you won't have any incompatibility issues. However just rebooting a remote box, even one that has been running faultlessly is no guarantee it will come back up.  Call me old fashioned but I like to have toilet paper at all times.  ;) (at least until I get an IPv6 addressable bidet  ;D)

              Edit: Even that may not be safe.  ::)

              Steve

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66 last edited by

                Colo plus IPMI = win for remote management.

                1 Reply Last reply Reply Quote 0
                • ?
                  Guest last edited by

                  Used to operate the Netgate servers co-located in San Jose when I lived in Hawaii.  5000 mile plane trip if I screwed the pooch.  (Only happened once.)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post