Re: [pfSense] 2.3.1 -> 2.3 ?

[Chris Buechler]

On Wed, Apr 13, 2016 at 4:53 AM, Olivier Mascia  wrote:
> Hello,
>
> I had a 2.3 RC installed and (mistakenly) let it auto-upgrade some hours ago. 
> It went straight to some 2.3.1 DEV instead of 2.3 REL as I  expected (my 
> mistake). Is there any appropriate way to come back to 2.3 REL other than 
> rebuilding it from scratch?
>

Yes, check here.
https://forum.pfsense.org/index.php?topic=109690.0
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] vmware tools

[Chris Buechler]

On Wed, Apr 13, 2016 at 5:12 AM, Olivier Mascia  wrote:
> Reading this: https://doc.pfsense.org/index.php/Open_VM_Tools_package
> after package installation and reboot,
>
> ps uxawww | grep vmware
>
> gives me this output which differs from the doc.pfsense.org article:
>
> root55265   0.0  0.2  17000  2516  -  S12:04PM  0:00.00 sh -c ps 
> uxawww | grep vmware 2>&1
> root55414   0.0  0.2  18740  2248  -  S12:04PM  0:00.00 grep vmware
> root84296   0.0  0.8 103460  8236  -  S11:37AM  0:00.34 
> /usr/local/bin/vmtoolsd -c /usr/local/share/vmware-tools/tools.conf -p 
> /usr/local/lib/open-vm-tools/plugins/vmsvc
>
> Does /usr/local/bin/vmtoolsd here correspond to /usr/local/sbin/vmware-guestd 
> which the article shows?
> It says "As long as vmware-guestd is shown in the output, it is working."
> Here I have vmtoolsd, not vmware-guestd.
> Merely a matter of older/newer version of this stuff between the article and 
> 2.3.x?
>

Correct, that hadn't been updated for more recent changes in
open-vm-tools. I just updated the page, yours is fine.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 - webConfigurator Fails

[Jim Thompson]

> On Apr 13, 2016, at 7:10 PM, Chris Buechler  wrote:
> 
> On Wed, Apr 13, 2016 at 5:46 PM, David White  wrote:
>> I just upgraded to 2.3, and internet seems to be working fine, but the
>> webConfigurator is failing.
>> 
>> pfSense is running on some older x86 hardware. Checking the system.log, I
>> see this entry:
>> 
>> php-cgi: rc.bootup: The command '/usr/local/sbin/nginx -c
>> /var/etc/nginx-webConfigurator.conf' returned exit code '1', the output was
>> 'PANIC: unprotected error in call to Lua API (CPU not supported)'
>> 
> 
> That appears to mean your CPU's lacking CMOV support. You're the first
> to run into that. What CPU is it? Must be really ancient to be lacking
> CMOV support, something like a Pentium I or AMD K6. Talking CPUs from
> the ‘90s.’

And the early to mid 1990s at that.  CMOVcc came in with P6 microarchitecture.
First CPU to ship with it was Pentium Pro in Nov 1995.

https://en.wikipedia.org/wiki/P6_(microarchitecture) 


Possible that OP has a AMD CPU newer than this.

Chris’ comments about being able to recover something that does support CMOVcc 
still apply.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 - webConfigurator Fails

[Chris Buechler]

On Wed, Apr 13, 2016 at 5:46 PM, David White  wrote:
> I just upgraded to 2.3, and internet seems to be working fine, but the
> webConfigurator is failing.
>
> pfSense is running on some older x86 hardware. Checking the system.log, I
> see this entry:
>
> php-cgi: rc.bootup: The command '/usr/local/sbin/nginx -c
> /var/etc/nginx-webConfigurator.conf' returned exit code '1', the output was
> 'PANIC: unprotected error in call to Lua API (CPU not supported)'
>

That appears to mean your CPU's lacking CMOV support. You're the first
to run into that. What CPU is it? Must be really ancient to be lacking
CMOV support, something like a Pentium I or AMD K6. Talking CPUs from
the '90s.


> Does this mean that the old hardware I'm running won't support 2.3? Is
> there anyway that I can fix / get around this limitation, or do I simply
> need to roll back and do a clean install of the latest 2.2.x branch?
>
> (At some point, I guess I should just replace this hardware, but I'm trying
> to save money these days...)
>

People throw away much newer hardware than that all the time. :) I'm
sure you can find something better than that for free.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Chris Buechler]

On Wed, Apr 13, 2016 at 5:17 PM, Steve Yates  wrote:
> I should restate/clarify that I was looking at the 
> https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes
> page which mentions the package system changed but doesn't specifically 
> mention the below

Good point, I added that to the list there.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Walter Parker]

For a list of Packages in 2.3, see
https://doc.pfsense.org/index.php/Package_Port_List

For a list of packages removed from 2.3, see
https://doc.pfsense.org/index.php/2.3_Removed_Packages


Walter

On Wed, Apr 13, 2016 at 3:17 PM, Steve Yates  wrote:

> I should restate/clarify that I was looking at the
> https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes page which
> mentions the package system changed but doesn't specifically mention the
> below, which is on the
> https://doc.pfsense.org/index.php/Upgrade_Guide#Package_System page that
> I mentioned in another message.
>
> The New Features and Changes page is what is linked from
> https://doc.pfsense.org/index.php/Category:Releases (on the doc Main
> Page: "pfSense Release Versions - Change logs and other information for
> past and present releases")
>
> Also by "specific" I meant, say, the bind package the OP asked about,
> which was covered in other messages also.
>
> Steve
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris
> Buechler
> Sent: Wednesday, April 13, 2016 5:02 PM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] 2.3 show stopper - bind package missing -- don't
> install if you need bind!
>
> On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates  wrote:
> > The release notes don't mention specific package compatibility
>
> Yes it does.
>
> "Packages
>
> The list of available packages in pfSense 2.3 has been significantly
> trimmed.  We have removed packages that have been deprecated upstream, no
> longer have an active maintainer, or were never stable. A few have yet to
> be converted for Bootstrap and may return if converted. See the
> 2.3 Removed Packages list for details."
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSnese 2.3 unresponsive on

[Rosen Iliev]

Hi guys,

Just upgraded my embedded pfsense to 2.3.
I have problems getting to the box (web or ssh) it just time outs.
On the web I sometime I get Nginx 504, sometime, just nothing.
Eventually I got logged in, try to check what's going on.
I have open Diagnostics->System Activity page, and start monitoring the 
network traffic.


There is Java Script that updates the page content every 2.5, but actual 
response in my case was more then 15 sec.

So I ended up with +20 pending requests to /diag_system_activity.php.

I don't think that setInterval is a good option here. Especially when 
you don't know how long it will take for the request to complete.


My suggestion is to use setTimeout like this:


//


Regards,

Rosen
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3 - webConfigurator Fails

[David White]

I just upgraded to 2.3, and internet seems to be working fine, but the
webConfigurator is failing.

pfSense is running on some older x86 hardware. Checking the system.log, I
see this entry:

php-cgi: rc.bootup: The command '/usr/local/sbin/nginx -c
/var/etc/nginx-webConfigurator.conf' returned exit code '1', the output was
'PANIC: unprotected error in call to Lua API (CPU not supported)'

Does this mean that the old hardware I'm running won't support 2.3? Is
there anyway that I can fix / get around this limitation, or do I simply
need to roll back and do a clean install of the latest 2.2.x branch?

(At some point, I guess I should just replace this hardware, but I'm trying
to save money these days...)

-- 
David White
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Steve Yates]

I should restate/clarify that I was looking at the 
https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes page which 
mentions the package system changed but doesn't specifically mention the below, 
which is on the https://doc.pfsense.org/index.php/Upgrade_Guide#Package_System 
page that I mentioned in another message.

The New Features and Changes page is what is linked from 
https://doc.pfsense.org/index.php/Category:Releases (on the doc Main Page: 
"pfSense Release Versions - Change logs and other information for past and 
present releases")

Also by "specific" I meant, say, the bind package the OP asked about, which was 
covered in other messages also.

Steve

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Buechler
Sent: Wednesday, April 13, 2016 5:02 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] 2.3 show stopper - bind package missing -- don't install 
if you need bind!

On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates  wrote:
> The release notes don't mention specific package compatibility

Yes it does.

"Packages

The list of available packages in pfSense 2.3 has been significantly trimmed.  
We have removed packages that have been deprecated upstream, no longer have an 
active maintainer, or were never stable. A few have yet to be converted for 
Bootstrap and may return if converted. See the
2.3 Removed Packages list for details."
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper -- in most cases openvpn client specific overrides will fail to send proper iroute/push route

[Chris Buechler]

On Wed, Apr 13, 2016 at 6:08 AM, mayak  wrote:
> hi all ,
>
> openvpn will fail on v2.3 if you are using `client specific overrides` where
> `iroute` and `push route` are being used:
>
> if the `tunnel network` is:
> 10.16.52.8/30
>
> and the `advanced section`:
> iroute 172.16.32.0 255.255.255.0;
> push "route 10.0.0.0 255.0.0.0";
> push "route 172.16.0.0 255.240.0.0.0"
>

Sounds like this part of the release notes:

OpenVPN topology change – configuration upgrade code was intended to
set upgraded OpenVPN servers to topology net30, rather than the new
default of topology subnet. This is not working as intended in some
cases, but has been fixed for 2.3.1. In the mean time, editing your
OpenVPN server instance and setting the topology to “net30” there will
accomplish the same thing and fix it.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Chris Buechler]

On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates  wrote:
> The release notes don't mention specific package compatibility

Yes it does.

"Packages

The list of available packages in pfSense 2.3 has been significantly
trimmed.  We have removed packages that have been deprecated upstream,
no longer have an active maintainer, or were never stable. A few have
yet to be converted for Bootstrap and may return if converted. See the
2.3 Removed Packages list for details."
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Steve Yates]

The release blog post led me to the upgrade notes which have:

https://doc.pfsense.org/index.php/Upgrade_Guide#Package_System

"Packages require significant conversion for use on 2.3, currently only the 
most popular and supported packages are present on 2.3, so be aware that some 
packages are not available. See Package Port List for a list of packages 
currently available on 2.3."

https://doc.pfsense.org/index.php/Package_Port_List

--

Steve Yates
ITS, Inc.


-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeff H
Sent: Wednesday, April 13, 2016 2:08 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] 2.3 show stopper - bind package missing -- don't install 
if you need bind!

On Wed, Apr 13, 2016 at 11:48 AM, Steve Yates  wrote:

> The release notes don't mention specific package compatibility but a 
> lot of that's third party.  In System: Package Manager does the "platform: 
> 2.2"
> mean the package is compatible with only 2.2?  Or is that because I'm 
> looking at a v2.2 installation?  Is there a package compatibility list 
> for 2.3.x?
>
> --
>
> Steve Yates
> ITS, Inc.


I'm not sure about the listing in Package manger. For a list of removed 
packages in 2.3 see here:
https://doc.pfsense.org/index.php/2.3_Removed_Packages

Jeff
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Jeff H]

On Wed, Apr 13, 2016 at 11:48 AM, Steve Yates  wrote:

> The release notes don't mention specific package compatibility but a lot
> of that's third party.  In System: Package Manager does the "platform: 2.2"
> mean the package is compatible with only 2.2?  Or is that because I'm
> looking at a v2.2 installation?  Is there a package compatibility list for
> 2.3.x?
>
> --
>
> Steve Yates
> ITS, Inc.


I'm not sure about the listing in Package manger. For a list of removed
packages in 2.3 see here:
https://doc.pfsense.org/index.php/2.3_Removed_Packages

Jeff
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[Steve Yates]

The release notes don't mention specific package compatibility but a lot of 
that's third party.  In System: Package Manager does the "platform: 2.2" mean 
the package is compatible with only 2.2?  Or is that because I'm looking at a 
v2.2 installation?  Is there a package compatibility list for 2.3.x?

--

Steve Yates
ITS, Inc.


-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of mayak
Sent: Wednesday, April 13, 2016 5:17 AM
To: pfSense support and discussion 
Subject: [pfSense] 2.3 show stopper - bind package missing -- don't install if 
you need bind!

hi all,

upgraded to 2.3 and found that the bind package is missing.

my whole network depends on its presence ...

does anyone know when it might be available?

thanks

m
-- 

Markets can remain irrational longer than you can remain solvent.

— John Maynard Keynes

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.3 and Unsupported Bandwidthd and Vnstat2

[Nenhum_de_Nos]

On Wed, 13 Apr 2016 06:44:12 -0500
"Peder Rovelstad"  wrote:

> First off, congratulations on the latest version.  It is just beautiful in
> its presentation of the management pages and so far I haven't run into any
> (non-self-inflicted) problems, though it appears my VIA C7 platform is
> reaching its EOL.  I may need to roll back to 2.2.5 and call it quits for
> this platform.  Tale of woe follows, but since this is just a home FW, it's
> nothing I won't be able to recover from given a fresh install.  
> 
> After upgrading, I saw messages that Bandwidthd and Vnstat2 were no longer
> supported.  Not showstoppers for me, so I figured, fine, I'll just change
> the bootup slice, reboot, remove the packages and upgrade again.  Due to my
> own unfamiliarity with the new interface, I managed to hit the "Duplicate
> Slice" rather the "Change Slice" button.  Since there was no confirmation
> dialog (yes, I know it was MY mistake) it went ahead an did exactly what it
> was told to.  
> 
> Anyway, I just thought I'd throw out the need for a confirmation for this
> function.  After all, there is double confirmation required for a simple
> reboot.
> 
> Carry on with more important issues and thanks again for a great project.
> 
> Peder

Hi,

there is no vnstat2 support now or never will be again?

I am planning the update, but that info is realy good against ISP accounting.

thanks,

matheus



-- 
"We will call you Cygnus,
the God of balance you shall be."
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense 2.3 and Unsupported Bandwidthd and Vnstat2

[Peder Rovelstad]

First off, congratulations on the latest version.  It is just beautiful in
its presentation of the management pages and so far I haven't run into any
(non-self-inflicted) problems, though it appears my VIA C7 platform is
reaching its EOL.  I may need to roll back to 2.2.5 and call it quits for
this platform.  Tale of woe follows, but since this is just a home FW, it's
nothing I won't be able to recover from given a fresh install.  

After upgrading, I saw messages that Bandwidthd and Vnstat2 were no longer
supported.  Not showstoppers for me, so I figured, fine, I'll just change
the bootup slice, reboot, remove the packages and upgrade again.  Due to my
own unfamiliarity with the new interface, I managed to hit the "Duplicate
Slice" rather the "Change Slice" button.  Since there was no confirmation
dialog (yes, I know it was MY mistake) it went ahead an did exactly what it
was told to.  

Anyway, I just thought I'd throw out the need for a confirmation for this
function.  After all, there is double confirmation required for a simple
reboot.

Carry on with more important issues and thanks again for a great project.

Peder



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3 show stopper -- in most cases openvpn client specific overrides will fail to send proper iroute/push route

[mayak]

hi all ,

openvpn will fail on v2.3 if you are using `client specific overrides` where 
`iroute` and `push route` are being used:

if the `tunnel network` is:
10.16.52.8/30

and the `advanced section`:
iroute 172.16.32.0 255.255.255.0;
push "route 10.0.0.0 255.0.0.0";
push "route 172.16.0.0 255.240.0.0.0"


the remote end will receive:
/sbin/route add -net 172.16.0.0 10.16.52.1 255.240.0.0
-^

this bombs as the remote end is using 10.16.52.9 for remote end point

the remote route should have been


/sbin/route add -net 172.16.0.0 10.16.52.9 255.240.0.0



i have been to stop the hemorrhage by using 10.16.52.0/30 as the tunnel 
network, however, if you have multiple ips on the tunnel, it will never work.

thanks

m

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.3 "Secure Connection Failed"

[Pete Boyd]

On 12/04/2016 23:06, Chris Buechler wrote:
> If it's the same browser and
> system that can connect to 1 of 3 but not the other two, there's
> something else going on there. Not sure what, haven't heard of that
> from anyone else.

Thanks Chris. Yes it's the same Windows 7 Pro with Firefox ESR 38 used
to connect to all 3. I'll report back if I learn anything more.


-- 
Pete Boyd

Open Plan IT - http://openplanit.co.uk
The Golden Ear - http://thegoldenear.org
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

[mayak]

hi all,

upgraded to 2.3 and found that the bind package is missing.

my whole network depends on its presence ...

does anyone know when it might be available?

thanks

m
--

Markets can remain irrational longer than you can remain solvent.

— John Maynard Keynes

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] vmware tools

[Olivier Mascia]

Reading this: https://doc.pfsense.org/index.php/Open_VM_Tools_package
after package installation and reboot,

ps uxawww | grep vmware

gives me this output which differs from the doc.pfsense.org article:

root55265   0.0  0.2  17000  2516  -  S12:04PM  0:00.00 sh -c ps uxawww 
| grep vmware 2>&1
root55414   0.0  0.2  18740  2248  -  S12:04PM  0:00.00 grep vmware
root84296   0.0  0.8 103460  8236  -  S11:37AM  0:00.34 
/usr/local/bin/vmtoolsd -c /usr/local/share/vmware-tools/tools.conf -p 
/usr/local/lib/open-vm-tools/plugins/vmsvc

Does /usr/local/bin/vmtoolsd here correspond to /usr/local/sbin/vmware-guestd 
which the article shows?
It says "As long as vmware-guestd is shown in the output, it is working."
Here I have vmtoolsd, not vmware-guestd.
Merely a matter of older/newer version of this stuff between the article and 
2.3.x?

Thanks!
-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3.1 -> 2.3 ?

[Olivier Mascia]

Hello,

I had a 2.3 RC installed and (mistakenly) let it auto-upgrade some hours ago. 
It went straight to some 2.3.1 DEV instead of 2.3 REL as I  expected (my 
mistake). Is there any appropriate way to come back to 2.3 REL other than 
rebuilding it from scratch?

(I don't have a problem rebuilding anew, but I'm merely testing this in a vm in 
a dedicated cloud offering which I'm test-driving for 3 weeks, and I don't seem 
to have a way to upload the iso first for a local installation. I have to 
remotely mount the iso and though this works, it takes obviously much longer 
time to proceed with the install. So if I could spare some time for other 
things, it's be nice even if not 'perfect' way to proceed.)

Thanks,
-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold