Re: [pfSense] WiFi with Compex WLE600VX card
Hi Alex Am 24.01.2016 um 14:05 schrieb Alexander Hofmann: [...] > The device shows up as: > none1@pci0:4:0:0: > class=0x028000 card=0x chip=0x003c168c rev=0x00 hdr=0x00 > but no device driver is associated with the device. > > Does anyone of you know if this device is already supported by > FreeBSD/pfSense and can give me a hint? Doesn't seem to be even remotely supported by FreeBSD-CURRENT as of writing. However a quick google search revealed this: https://github.com/erikarn/otus/blob/master/otus/freebsd/src/sys/dev/athp/if_athp_pci.c If Adrian Chadd's writing in the root of his git repository is still up-to-date then it means that he is / was working at some time in late 2015 on updating some Qualcomm Atheros drivers and it happens that your device at least gets mentioned there. I'm not into drivers and can't tell you anything about the state. > If not: do you know if this device will be supported in a future release? *cough* talk Adrian into polishing / finishing the port *cough*, be his guinea pig, send him a sample card if he hasn't that particular card at hand. I'd say that FreeBSD owes a couple of not-so unimportant wireless advancements to Adrian, so be nice to him. :-) Other than that, you might check the pfSense FreBSD source tree which contains the patches and backported drivers to see what cards are really already supported. -- Mathieu ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SCVMM Agent
Hi, Am 09.01.2016 um 18:47 schrieb Jim Thompson: > We have an official image for Azure coming. > Should be available soon. We're in final stages with Microsoft. That's one thing, but the OP is asking about the SCVMM agent, that's another (additional thing) on top of Hyper-V integration services. I don't use SCVMM, was able to get a hold on the install ISO and check a bit against the documentation for SCVMM 2012 R2. >From what I saw the Linux scvmmagent installer archives it contains have some scripts looking for /bin/bash and at least one binary called scvmmagent.bin which definitely is compiled for Linux, not FreeBSD. The scripts seem to look for some some (Linux) distro-specific locations, nothing mendionted about FreeBSD. pfSense neither ships bash, nor linux.ko for Linux ABI compatibility etc. In contrast to the Hyper-V integration stuff these bits are definitely closed source and available to those with a license for SCVMM. Maybe ESF has possibilities to work with MS, but I doubt that MS are already working on supporting FreeBSD with SCVMM. I also doubt that ESF would be very happy to ship linux.ko + linux_base + bash (+ maybe else + some hackeries) with pfSense just for this one agent. -- Mathieu ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] github.com/google/google-authenticator/ on pfSense 2.2x
Hi Am 13.10.2015 um 14:30 schrieb Olivier Mascia: > I guess I first need to setup a development environment en BSD, then I should > be flying? Seems to build here (simply following the instructions, without testing) Ideally by getting a FreeBSD (virtual) machine running the same or closest-to what pfSense's base is. That would be like FreeBSD 10.2. > Are there some recommended guidelines for porting and debugging (if needed) > things to the specific BSD environment of pfSense 2.2x? It seems that a port actually exists already: https://www.freshports.org/security/pam_google_authenticator/ See if it's in an updated and working shape for your usage, you can likely install it from the binary packages repo, otherwise if you need to tweak it (it last updated 2014), consider the porters handbook. -- Mathieu ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Question on WiFi frequency change
Hi there I've an ALIX board still doing its daily routing job on pfSense 2.2.4 where a MiniPCI card serves as simple AP. I recently swapped out the Atheros 802.11abg card for an AR9220-based Compex WLM200NX while I was upgrading to a faster CF card. Almost all settings from the previous card were imported properly (almost) all I had to select was the channel/frequency. What happened was, that the card came up on the selected 5GHz channel, but since I had a (single) 2.4GHz client I had to switch back to 2.4Ghz for now. Now I realized that the card, even after applying the (several different) frequency settings, it stayed on the first 5GHz channel when checking ifconfig's output. The channel switching got applied after I had rebooted pfSense. Could anyone with a miniPCI(e) card confirm this behaviour? - Get a console on your pfSense box and get the output of ifconfig where for ath_wlan you can see the current channel. - In the UI switch to another frequency (maybe 2.4 -> 5 like myself) and apply the settings - Check the output of ifconfig again I'd be interested to know what you're seeing. Thanks, Mat ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] NetFlow analysis tools
Hi Am 15.01.2015 um 17:08 schrieb b...@todoo.biz: > I am particularly interested in GUI back-end. For a students project on the Uni's HPC cluster co-students and I were also looking at first for such a tool and stumbled on FlowViewer used and largely developed at NASA ESDIS: http://sourceforge.net/projects/flowviewer/ FlowViewer was a beast to compile from source, but we made it run and it look pretty good including graphs and had quite some documentation. Its collector side supports NetFlow 5, 9 and IPFIX. Back then when we looked at it looked promising but too big for our needs of a 1-semester project. If it would have been for a serious deployment, we may have ended up with that. Because of our tight schedule and the excellent examples found in 'Network Flow Analysis' from the known BSD author Michael W. Lucas we ended up filtering our NetFlow 5 data using good ol' flow-tools and plotting data with gnuplot for our final report. -- Mathieu --- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. http://www.avast.com ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] OT: Good network switch for 10 machines?
Am 25.09.2014 um 12:50 schrieb Josh Reynolds: > EdgeRouters offer great performance and a good featureset, although for > hardcore business/commercial use, there's still some things missing > (features similar to carp/pfsync, HA, needs redundant power supply > options, etc.). Just as reminder: EdgeOS, the OS on Ubiquiti routers (a Ubiquiti-internal Vyatta fork) is NOT what runs EdgeSwitches. I remember reading on their forums that we can assume (strong CLI similarity w. Netgear) that they run a branded Broadcom FastPath switching software. Netgear managed switches definitely run on FastPath (do an snmpwalk). FastPath itself often runs on top of an embededded Linux. For Ubiquiti's wireless stuff, I agree, they don't do everything as good as other big players, but at the price tey offer their devices, they offer a lot bang for the buck with ease of management. I've given a look at the EdgeSwitches but the following downsides made me a bit hesitant: - Almost no documentation, no CLI reference manual (yet). Cisco, HP, even Netgear have such documents, they are not only handy, but quite essential to look up i.e. default behaviour. Not all mentioned do top-notch documentation, but at least it's there. - No console port current shipping models, though I've seen they strongly considered adding one in future revisions. On a managed switch with CLI, it's quite a must (at least for me) - Fan control seems ot be absent, they tend to run quite noisy > > They are incredibly fast though, and Dave Taht (cero-wrt fame, > bufferbloat project) has been working with the directly to get fq_codel > added in. For the EdgeOS yes, they seem to be loosely tracking and sometimes even contributing back to the open source Vyatta fork VyOS (by looking at the VyOS release notes). -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [SOLVED] Re: Captive portal and RADIUS authentication
Hi Nicola Am 11.07.2014 11:04, schrieb Nicola Ferrari (#554252): > OK, now it's working with NDS Radius on Win2008R2 and radius settings > directly in Captive Portal. > > I think the problem was simply a "too strong"/too long shared secret > with non standard characters such as @, commas and others... > maybe encoding problems?? Very likely, even on other environemts it happens that the supplicant doesn't handle encoding as you'd expect. - Some OS X versions had issues with special characters as well an users were unable to connect via WiFi unless they removed those special characters from their passwords. Glad to hear you worked out a solution for your environment and thanks for sharing your howto with NPS and pfSense captive portal. :-) -- Mathieu ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive portal and RADIUS authentication
Hi Nicola Am 10.07.2014 12:31, schrieb Nicola Ferrari (#554252): > I tried to config the internal freeradius2 package with ldap to > interface with the win2008ad, but it doesn't seem to work. Because it cannot verify passwords in LDAP as AD doesn't store passwords in plaintext which is what FreeRADIUS would do against a LDAP server. If you have a standalone RADIUS server on BSD/Linux you have to use Samba and let FreeRADIUS check the passwords with 'ntlm_auth', which is part of Samba. I guess Brian is using FreeRADIUS locally with a local user database, that should work as is. Since FR with AD is one of the most-asked questions on, the FR developers have made pretty comprehensive howtos for that precise use-case. (freeradius.org wiki and Alan Dekok's deployingradius.com) I don't thinkg installing a full-blown Samba on pfSense is what you want (there is no binary Samba package for pfSense either) > could you please explain me your config? I guess since if you have an NPS up and running that it's better to try this route. Are you positive that you entered the hostname or IP, port and shared secret in Service: Captive portal: ? I'm asking since youre initial error message with PAP told you so. You mention configuring RADIUS in User management -> Servers. In my understanding this can be used for admin access, VPN etc, but captive portal is independent. That's why there are the fields in the captive portal to use RADIUS and then place to put the IP/port/shared secret. In fact I configured a pfSense box to authenticate admins against an existing AD so they don't get used to login as root. (and if someone breaks things we know who it was, not just admin/root) - and that was simply by using LDAP authentication, not extra RADIUS required in this case. Hope that helps a little -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pkg_add
Hi Martin Am 09.07.2014 16:30, schrieb Martin Fuchs: > Is there a possibility to install a package from the ports tree for testing > purposes ? Just a search away... (1) Technically yes but not directly from the base OS, you'll need a FreeBSD 8.3 machine to build packages for. Remember that pfSense 2.1 is based on 8.3 and that current ports tree has removed support for this FreeBSD release. You'll have to use an older version of the ports tree. Read more here in the forums(2) concerning this topic. > Somethink like pkg_add or else ? Also a search away... (3) pkg_add is available right in the base OS. However again: pkg_tools will be phased out this year too in favour of pkg-ng(4). pfSense 2.1 is a quite nicely update-date-patched 8.3 but but the base is aging. That is why 2.2 is going to be based on 10.x :-) Currently no pkg-ng is inside pfSense base system. Be cautious with it (i.e. installing things that depend on openssl from ports, as some software inside the base OS does use OpenSSL from ports located in /usr/local/ (i.e. OpenVPN). If you overwrite it with your own it will likely break things in the base OS. -- Mathieu (1) https://doc.pfsense.org/index.php/Can_I_use_FreeBSD_ports_with_pfSense (2) https://forum.pfsense.org/index.php?topic=77406.0 (3) https://doc.pfsense.org/index.php/Installing_FreeBSD_Packages (4) http://blogs.freebsdish.org/portmgr/2014/02/03/time-to-bid-farewell-to-the-old-pkg_-tools/ --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Thermal Sensors
Am 02.06.2014 10:33, schrieb Ulrik Lunddahl: > Are you running pfSense as a VM? > > In that case you will not be able to, as HOST hardware instrumentations is > not propagated to VM's. Yup, the OP he won't be able to if this is the case, for physical installation pfSense there is something we the OP should be able to do. I haven't read through the results of last-month's thread on this machine, anyhow for physical installation of pfSense... >> What's the trick to get the thermal sensors to work on pfSense? I'm using a >> power edge 2850 and they clearly show up in VMWare 4.1 Magical google search words: "pfSense sensors" ;-) See: https://doc.pfsense.org/index.php/What_Hardware_Monitoring_Is_Supported In short: You should be able to get the CPU thermal sensor shown in the UI, for this enable loading the coretemp (Intel CPUs) module in Systems -> Advanced -> Miscellaneous. However when it comes to ACPI or IPMI sensors, well then it's more about luck if you can get them working / if FreeBSD understands your hardware. (As the docs page states). You might want to more specifically search on FreeBSD list/forum archives. (AFAIK) FreeBSD still doesn't have an equivalent to Linux lm-sensors or OpenBSD's sensorsd(8) -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] apu.4c silently dies
Hi mayak > Many roads lead to ... gut says SSD - I'd try running off CD first. Seems apu1.4c (guess that's what you meant) has a SATA port, now you only need to get find way for powering a desktop CD/DVD drive (i.e. spare ATX power supply) > On Mon, May 19, 2014 at 10:15 PM, mayak wrote: > >> hi all, >> >> i have a new apu.4c with a Kingston SSD >> >> unit will run sometimes for days, or sometimes for several hours, before >> becoming unresponsive: >> >> - no mac response from ethernet cards >> - serial console dies -- no errors displayed Have you actually left serial console attached and kept logging the output? I did that once with a whacky but important network switch since syslog didn't give enough info. (i.e. tools like PuTTY can log output to a text file) >> - no errors in system log >> - no crash report on reboot Another idea would be to set up remote syslog logging so you can possibly store more data off the device than is staying within the circular logging on the box. >> >> what is the best approach to finding out what is happening? Ideally if someone knows how to set up serial crash console, but I'm not enough knowledgable in this area :-\ -- Mathieu P.S. I don't know if that makes any difference but it seems PC Engines is still labeling APU's BIOS as beta so you might want to check out (http://pcengines.ch/apu1c4.htm) ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro A1SRI-2758F-O igb0: Could not setup recieve structures
Hi Kevin Am 12.05.2014 09:34, schrieb Kevin Boatswain: > > Thank you for the response I wasn't sure if anyone would be up at this time > to help (2:30 am central time us where i am at). That's when it's morning in other regions. > > I ended up trying these settings in the /boot/loader.conf.local > > kern.ipc.nmbclusters="131072" > hw.igb.num_queues=4 Depending on available memory look at the mbuf usage in pfSense UI if it exhausts it under load inclrease it, otherwise leave as is. However i.e. for 10GE adapters Intel recommends larger nmbcluster size.* > I however am not sure if these settings are appropiate for my setup or not. There is no patented recipe for this, however the values in the pfSense Wiki correlate with other known good values shared n the FreeBSD universe (i.e. FreeNAS). So they must be pretty much proven / OK. > My box does currently have 4 igb nics (intel i354 x 4) and also currently > has 8 cores (c2756) . > > Does this mean I should try hw.igb.num_queues=8 instead of > hw.igb.num_queues=4 ? Also here it depends: Test and see if you are fine with the results, otherwise tune. It depends on the workload you throw at the box and also how many other services you gonna run on it. > I am not familiar with these settings just trying to figure out what > settings I should apply for stability and out of the box performance. I wasn't too and neither am familiar now. The base pfSense settings are often chosen on the basis of less-powerful boxes ** (to not exhaust limited resources) that's why you have to tune things a bit. -- Mathieu * http://downloadmirror.intel.com/14688/eng/README.txt ** Something like chooseable pre-tunings for slower or or larger systems would be interesting. :-) ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro A1SRI-2758F-O igb0: Could not setup recieve structures
Hi Kevin Am 12.05.2014 08:37, schrieb Kevin Boatswain: > Has anyone that recently build or purchased the supermicro 2758 (Rangley) > seen these errors before? > > This box would be somewhat identical to what is sold in the pfsense store > and netgate minus the support and custom tuning, > > http://store.netgate.com/Firewall/C2758.aspx > > http://store.pfsense.org/c2758/ > > > > I seem to get the message "*igb0: Could not setup recieve structures*" > multiple times on my LAN interface. > > I found this case documented here as a bug for the igb driver but it has > been marked as resolve and is over three years old so didnt figure it was > still a problem. > > https://redmine.pfsense.org/issues/1221 I've seen such errors on a system with quad i350 NICs where I could only enable 2 out of 4 ports if I remember correctly. Have you tried the loader.conf.local changes as reference in the bug tracker? Also see the wiki on this topic: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards If you have built it yourself you don't a Netgate-flavoured but vanilla image, the images on Netgate appliances (as Jim T. mentioned once on the list) contain some pre-tuning in order to run pfSense smoothly out-of-the-box. The tuning is specific per system which is why it isn't applied to the standard image. -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet
Am 10.05.2014 00:34, schrieb Chris Bagnall: > On 9 May 2014, at 23:25, Dave Warren wrote: >> I'm looking on eBay as well, it's worth the gamble vs buying new. > > Not pfSense-specific, but I've used quite a few from eBay (both dual and quad > port cards) in generic FreeBSD installs and not had a problem with them. > > As others have said, they're so cheap (by comparison to new prices) on eBay > that it's a gamble worth taking. Those cards were launched between 7-9 years back ago and some of the models are now EoL-ed by Intel, the servers that had them installed are now aged too, that's why they become easily available. (look at http://ark.intel.com/) A more modern I350-T4 uses less power (5 instead of 12W for the PT quad) and has some fancy virtualization features. Other than that - solid and almost-never failing cards. HCL: If it's listed it means a someone reported it was actually working with FreeBSD. Sometimes you can find about it when searching for the network controller on the card. pfSense 2.1.1+ ships with quite recent Intel NIC drivers, even I210 (2013) are supported. -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HP DL160 for pfSense in a datacenter
Am 23.04.2014 15:24, schrieb Erik Anderson: > On Wed, Apr 23, 2014 at 8:14 AM, mayak wrote: >> The machine has one of those stupid raid chips that works for software >> raid -- pfSense knows about these kinds of cards, but nonetheless, I >> would like to make this machine as bullet proof as possible (in terms of >> disk failure). > > You're not going to want to hear this, but... > > ...purchase a real hardware RAID card. FakeRAID cards are horrible, > and I'd never trust them for something as critical as a > firewall/router device. You don't need anything fancy - you should be > able to source a used RAID controller for a very reasonable price. Unfortunately you don't tell us what controller (dmesg ?) it is nor the DL160's generation (G6, G7...). Some of those lower-end rackserver are able to run in plain AHCI (if SATA) or SAS HBA-mode (i.e. LSI's in IT-mode). If that is possible you may just go with that and install pfSense on a geom mirror. The installer should (if I remember right) have such an option. -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Netgate's customized pfSense release
Am 13.02.2014 17:54, schrieb Andrew Hull: > [...] I've noticed that the pfSense pre-install image was > customized with Netgate branding and the firmware auto-update mechanism > was set to a Netgate URL. > > Has this been discussed on the list before? I don't think often for what I can remember. > > My knee jerk reaction is that this is A Bad Thing(tm), and I reloaded > the devices with images from ESF. Does anyone here have a strong opinion > one way or the other? No worries, that's how open source works, and in case of the BSD license there are are almost all liberties to do derivative products, as long as you follow minimal rules and trademark (pfSense and the logo are trademarks of ESF). Netgate allows you to run what image you like, other (non pfSense) appliance vendors are way less nice :-) Common guess: Beyond branding, their images may contain pre-done tuning for the hardware that makes it perform at its best without extra user intervention. In comparison, at one place I have a 3-letter brand server running pfSense and I had to spend some time on loader.conf.local and tunings to make all NICs work and work good (props to ESF staff who assisted). Quick history: BSD Perimeter moved from Kentucky (in 2012) to Texas and reinstated as ESF. Jim Thompson from Netgate (also Texas) got involved with ESF, he is actually active in both companies. That may explain why Netgate is permitted to redistribute modifed images without the need to rename the resulting product binaries or replacing the logos. (Jim, correct me I'm writing this out of my memory, I remember there was once a post or a mailing list discussion) -- Mat ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Recent FreeBSD Security Vulnerabilities
Hi In Addition to Moshe's answer, they're working hard on fixing a couple of bugs that were detected in 2.1 as well as including the FreeBSD advisories where applicable, read: https://doc.pfsense.org/index.php/2.1.1_New_Features_and_Changes and follow the discussion in the Development and Documentation section of the forum. -- Mat ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Apple Messages Blocked
Hi Paul Although I didn't yet have to look at this, I could imagine some of our teachers and students might come at us sooner or later and ask about iMessage and Facetime, that's why I'm answering ... 2014/1/14 Paul Galati > I have tried searching the forums for find a fix to allow Apple Messages > app to successfully connect using Audio, Video, or Screen Sharing. > Unfortunately I have not found a solution. It seems the port number is > different each time I view the logs. Has anyone been able to resolve this > or similar issue? The initial connection does work (ringing the bell) but > when I accept the invite, it fails to start the actual stream. I am using > the Jabber protocol with gmail since both parties have gmail accounts. > > Is it possible to temporarily create a DMZ to a specific private IP > address to allow the service to connect and view the logs to understand > what ports are needed to make this work safely. > At least Apple has put up some documentation on that topic: http://support.apple.com/kb/ht4245 maybe that's the ports you see listed there? Honestly I don't know how good or bad iMessage works with NAT, at least Apple seems to ask for (manual) port forwarding. If that is going to be true, I don't see myself putting up static port forwardings as we do have NAT and not that many public IPv4's for the (wifi) network However that's not my daily job and I'm just not seing the silver bullet to make it work? ;-) -- Mat ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Who uses a Realtek RTL-8111 based nic without problems?
Hi Adrian 2013/12/4 Adrian Zaugg > > I would like to know whether you experience similar problems with your > Realtek 8111 variant (or maybe another Realtek chip using the re > driver). To test, send a lot of data through your Realtek-based device > or just to your device, e.g. like this: > > - login to your_device and start: > nc -l 1 > /dev/null > > - send data from another machine: > dd if=/dev/zero | nc your_device 1 > I have a Intel D510MO board (Atom D510) that I recently tossed 10.0-BETA3, now BETA4 on it. It seems this board has a the NIC you and others encounter issues with: re0@pci0:1:0:0: class=0x02 card=0xd6158086 chip=0x816810ec rev=0x03 hdr=0x00 vendor = 'Realtek Semiconductor Co., Ltd.' device = 'RTL8111/8168B PCI Express Gigabit Ethernet controller' class = network subclass = ethernet I have no jumbo frames or whatsoever enabled. The other side is a 10.0-BETA4 Virtualbox with an emulated Intel NIC (em). So far (> 5' of continuous run), no hickups, but I doubt that in my case the CPU on the Realktek side is likely the limiting factor as 'top' says 50% continuous CPU load (it has 2 core) and "systat -ifstat" tells me that I'm receiving at rouhgly 64 MB/s - at that rate the 8111 isn't really hitting its limits. After a minute or so, the ethernet link gets lost. Currently this doesn't seem to happen here, but I only have 1 VM hitting the box. > Some reporters say until a manual intervention occurs, in many other cases > like mine for a > couple of seconds. > > [...] is it common sense to file a bug for pfsense and let the pfsense > devs report upstream?). > Don't take this as reference, I'm still quite new to FreeBSD, but I also run pfSense boxes (not with Realtek NICs though). Asking for, or doing comparison against native FreeBSD has generally been helpful at least for me at least (i.e. for picking patches from -STABLE) Hitting pfSense tracker is certainly not a bad idea either (considering people reported problems on FreeNAS too). -- Mathieu ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Intel PRO/1000 PT Quad Port Ethernet Card EXP19404PT doesn't work
G'day I've been using a single and dual variant of PRO 1000 PT on our last years test rig (and that was 2.0.2 back then), normally - it should just work. The PT's are now quite "old" there have been newer cards that use less power like the "ET". (newer 1GE cards from Intel have either no or very small heatsinks while the PT had larger ones) A good idea would be to get your hands on a FreeBSD 8.1 install disc (that's what 2.0 is based on) and get to a shell so you can see if it works. PT should be supported by "em" Adam as wrote, only newer cards will use igb. If you have lots of nics - at least that's what happened to me with 2 ixgbe and 4 igb's I had to tune the loader.conf.local to make them all working - although the kernel recognized them (that doesn't seem to be the issue yet) -- Mathieu 2013/7/19 Maik Heinelt > On 2013/07/19 11:07, Adam Thompson wrote: > >> -Original Message- >>> From: list-boun...@lists.pfsense.org [mailto:list- >>> boun...@lists.pfsense.org] On Behalf Of Maik Heinelt >>> Sent: Thursday, July 18, 2013 8:41 PM >>> To: list@lists.pfsense.org >>> Subject: [pfSense] Intel PRO/1000 PT Quad Port Ethernet Card >>> EXP19404PT doesn't work >>> >>> We try to get working Intel PRO/1000 PT Quad Port Ethernet Card >>> EXP19404PT with pfSense. >>> Since it is an Intel card, it should work. >>> The card is brand new and tested with Linux and Windows without >>> issue. >>> >>> The card is not listed as Ethernet adapter. >>> We use pfSense 2.0.3 64 bit, latest version. >>> >>> Any hint? >>> >>> Thanks in advance, >>> >>> Maik >>> >> FYI, replying to a message - even if you change the subject - will cause >> many email programs to automatically lump your problem in with the other >> discussion thread. You should, wherever possible, start a new message when >> starting a new discussion thread. >> >> Anyway. FreeBSD supports that card, so the problem is unlikely to be >> pfSense. However, you say you've tested with Linux and Windows, which >> indicates the problem *is* pfSense. This is puzzling. >> >> Please verify that the FreeBSD kernel recognizes the card, by getting to >> the command-line on the console (menu option #8) and looking for "Intel(R)" >> in the dmesg output. >> (i.e. run the command "dmesg | grep Intel") >> >> You should see (at least) four lines that look something like this: >> em0: port >> 0x2000-0x203f mem 0xd102-0xd103,**0xd100-0xd100 irq 18 >> at device 0.0 on pci2 >> em1: port >> 0x2040-0x207f mem 0xd104-0xd105,**0xd101-0xd101 irq 19 >> at device 1.0 on pci2 >> em2:... (etc.) >> em3:... (etc.) >> >> Yours will look different, because you have different hardware than I do, >> but it'll be vaguely similar, and it should be recognizable as an Intel >> PRO/1000 network card of some sort. >> >> If the FreeBSD kernel recognizes the card, then we can proceed with other >> troubleshooting. If not, umm... then I don't know what to do next! Maybe >> try a different PCIe slot? >> >> -Adam Thompson >> athom...@athompso.net >> >> >> __**_ >> List mailing list >> List@lists.pfsense.org >> http://lists.pfsense.org/**mailman/listinfo/list<http://lists.pfsense.org/mailman/listinfo/list> >> > UPS, sorry, didn't know about the list email reply issue. Thanks for the > info. > > Regarding the card, I checked the output of dmesg| grep Intel. > pfSense find the CPU, all the Intel controller, but not the card. Maybe I > should run a LiveCD on that hardware to make sure, the card is really > working on that machine?! > I am not able to use another PCIe slot. It is an ITX board and just have > one slot. > > Maik > > > __**_ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/**mailman/listinfo/list<http://lists.pfsense.org/mailman/listinfo/list> > -- Mathieu Simon mathieu@gmail.com ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Dandy pfSense appliance
Am 24.04.2013 19:40, schrieb Odhiambo Washington: > I'd like to acquire a nicely designed device running pfSense. Is there > a nicely designed device the size of a typical Netgear WiFi router > device, with high specs? Depends what you think about "high specs" many 1 GE ports or even 10 GE, lots of cores etc? In case of sized like "typical netgear wifi router device" I guess you won't get much more than an atom in that form factor if it has to be fanless or otherwise very quiet and power-saving. Other than that prebuilt Core i/Xeon systems exist, but they are more likely to be 1 rack unit format (often not full depth) and less office-friendly I guess. Some hardware vendors are listed here: http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50 -- Mathieu ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.0.2 release now available
Am 24.12.2012 10:04, schrieb Chris Buechler: > > We knocked out some of the most critical this month, especially the > slow ro-rw mounts on nanobsd. There are still 81 open issues in > redmine, though a slew of those are in feedback status meaning they > need testing and/or confirmation and are probably fine. A significant > portion of the others aren't regressions and only impact rare > circumstances. Some of the rest are just input validation improvements > to prevent foot shooting. Renato (rbgarga), a long time contributor on > the open source side, is starting full time with us on January 2. His > first month will largely be dedicated to 2.1, and a month of work will > be enough to get it to RC1 status with release not long after. Chris - thanks for the positive news and congratulations to Renato for joining the BSDPerimeter crew :-) With some smal itches to scratch still here and there, I can confirm that 2.1 is doing really well over here in semi-production. - Although I do see areas where the code might require some cleanup (like for PHP 5.4 compatibility once a day) but that's maybe better for a post-2.1? -- Mathieu ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Firewall routing
G'day Mark 2012/11/24 Mark Olliver : > Can i install and use the quagga ipv4/6 daemon instead? I appreciate i would > have to manually configure it rather than use the gui but that it not an > issue. If you built a pkg from ports or take it from FreeBSD you'll have to take care to not break dependencies of other packages. - That's where I see the point of using PBI's with 2.1 onwards. For the init script just be aware that you can't just add id to rc.conf but will want to make a little script like it is done for other packages. (check how other packages do) :-) -- Mathieu ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Problems with installing pfSense Kernel 8.1 on R420 Poweregde?
Hi Luiz Much to answer... ;-) Adam is right, the issue comes from the CD. It can come from your media, your burner (I had some issues in that area too once). Make sure you don't burn at maximum speed though. It seems you're not using the DRAC-mounted ISO but your integrated DVD, maybe the iDRAC (even with Adam's warnings) could yield better results? It seems you're using a quite old image from November 2nd, If you're stuck at F10, this might be caused a couple of images that had this issue make sure to get a fresh image. You'll at least want a ISO built after November 7th to get the mfi backport, but around then the installer was messed and fixed. (well, that's what daily build are for: testing) I hope this gives you some ideas what to try next, at least it doesn't look like a desperate situation, because your OS starts booting, even up to the installer. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Problems with installing pfSense Kernel 8.1 on R420 Poweregde?
G'day Just take a picture of where it starts booting the OS, this likely to give a hint where the problem lies. PERC 5 and 6 are all SAS 3GB/s controllers and thus (by now) quite dated, I don't think you can find them in (or get them to work) in the quite modern R410. I don't hink (yet) that it is cause by the RAID controller, because here initially (pre-mfi-backport snapshots) booted fine but couldn' detect storage. Yes, you could go with software RAID, but would have to switch the RAID controller to a plain HBA - or take risk to flash an HBA "IT"-mode LSI firmware for the PERC you use. (but this will void your Dell warranty...) The onboard controllers in such boxes often only bring SATA, so you can just cable the backplane to onboard ports since you cannot drive a SAS backplane on a SATA controller. (SAS controler + backplanes on the other hand can drive SATA disks) -- Mathieu ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Problems with installing pfSense Kernel 8.1 on R420 Poweregde?
G'day Luiz If you happen to have a KVM over IP functionality in your IPMI/BMC enabled (I think Dell cals them DRAC?), you may be able to capture a console screenshot which will help you localize where it fails. Additionally, check out a vanilla FreeBSD 9.1-RC3 in comparison. (and 8.3 if you can, but that one is sure to fail with mfi) -- Mathieu ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Problems with installing pfSense Kernel 8.1 on R420 Poweregde
G'day Luiz As I have a IBM x3550 m4 with a Xeon E5-2609 here, the R420 looks quite similar to my box here, maybe you get similar results. With 2.0.1 the x3550 M4 panicked at early boot stage during SMP initialization, but 2.1 booted fine. Try to boot a pfSense 2.1 amd64 snapshot from snapshots.pfsense.org to see how far you can get. If you have bought a R420 with Intel NICs, it is likely to have I350's, I'm sure they'll be recognized (the X3550 m4 has 4x I350). But you'll have to tune some parameters as mentioned here - especially with a high core count.* (this seems to be known overall with FreeBSD) For storage, I guess you'll have a PERC in this box? If so (and this is why I answer ... ;-) ) l'm actually interested in your possible feedback: Only recently pfSense recently added patches that backport the 'mfi' module and 'mfiutil' backport from FreeBSD 8-STABLE. The drivers still have some known caveats, but expand the range of supported MegaRAID-based RAID controllers significantly. (a plain FreeBSD 8.3 or 9.0 will not recognize most modern MegaRAID SAS) If your box boots up, I'd be interested in some of the following output from the shell: pciconfig -lvb | grep mfi mfiutil show adapters mfiutil show volumes Best regards Mathieu P.S. If you want your drives to be seen by pfSense, you need to create them before boot in the MegaRAID/PERC BIOS or using mfiutil. * http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense running in hyper-v
Hi Brad Am 04.11.2012 19:24, schrieb Brad Otto: > I successfully got pfsense running in Hyper-V on Win Server 2012. Short answer: The problem is definitely on the Hyper-V side... While I haven't run anything *BSD-based on Hyper-V I have "had to" use Linux guests in early days with Hyper-V at my work. It took Microsoft developers almost 2 years (Linux 2.6.32 to 3.4) to get open source drivers in such shape they behaved enough sane to not be considered 'staging' anymore. (they were horribly unstable in the beginning when I tried the initial code) Only this Summer a joint project by MS and some FreeBSD commercial consumers have uploaded open code to Github for FreeBSD. Yet from what I have been able to catch was, that the code runs, but wasn't really meeting expections to be considered stable. And thus the drivers haven't been included in upstream FreeBSD. Hyper-V relies so heavily on paravirtualized drivers connecting to some "VMBus". Only OS with VMBus drivers can utilize the faster devices or even use > 1 vCPU. Every device in the VM that is emulated is generally dog slow. Hyper-V guests without integration drivers are heavily crippled in terms of performance and features. The legacy NIC is an emulated 100MBits DEC Tulip and is theoretically capped at 100MBit, but I can confirm that also on Linux it wasn't always delivering the promised maximum. You only get faster guest networking with the paravirt NICs. So yes: pfSense on Hyper-V isn't yet something I'd recommend as the required integration drivers are not present inside pfSense and those floating around can't be considered stable enough for now I'd say. You'll have to bite the bullet and run pfSense on either physical or another virtualization plattform like VMware or something based on Linux or illumos KVM (virtio is supported with pfSense). Hope that got you some insights ;-) -- Mathieu P.S. The driver modules can be found here: http://freebsdonhyper-v.github.com/ ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list