Re: [pfSense] Restoring XML config file from URL at console
If youre using VMware to run your VM why not just create a template from your working pfSense VM and export it then each time you need this to role-out just import it in the destination virtualization host the same thing if your using KVM. I am using packer.io. This is a tool for building images directly from the original ISO. It fires up a qemu/kvm virtual machine and does stuff to it (including blind typing if necessary). > > However I'm happy to drop down either to the Linux shell or the PHP shell. pfSense is based on FreeBSD. Oops, sorry about that. Force of habit :-) Anyway I've cobbled together a PHP script (below) based on bits and pieces found in other scripts. It would be nice though if the existing "pre-flight install" functionality could be exposed as a simple script I could call. Regards, Brian. #!/usr/local/bin/php-cgi -q $file = file_get_contents('http://{{ .HTTPIP }}:{{ .HTTPPort}}/config-class-gw.xml'); if ($file === False) { echo 'Failed to load config'; exit(1); } file_put_contents('/tmp/config.xml', $file); conf_mount_rw(); config_restore('/tmp/config.xml'); /* from /usr/local/www/diag_backup.php */ touch('/conf/needs_package_sync_after_reboot'); conf_mount_ro(); ?> ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] dpinger data collection
I'm trying to trace how the data gets from dpinger into the RRD file and ultimately into the UI. I see dpinger is writing to a socket, but I cannot for the life of me find what process is reading that socket and writing to the RRD file. How does that happen? My ultimate goal is to see if I can convince pfsense to monitor other arbitrary IPs to debug certain conditions like VPN slowness. I want to monitor the "quality" of the other endpoint of the openvpn connections, for example. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense Aliases / firewall rule with an FQDN and multiple entries
When editing an alias the Hint line shows, "FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used." -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WolfSec-Support Sent: Friday, October 7, 2016 9:56 AM To: pfSense Support and Discussion Mailing List Subject: [pfSense] pfSense Aliases / firewall rule with an FQDN and multiple entries Hello, what is doing a pfense with an rule which contains an alias. this alias is a FQDN - which for sure will resoluted by DNS This A record has multiple entries. e.g. 1.1.1.1 and 2.2.2.2 and 3.3.3.3 So, is pfsense applying this rule to ALL IP's in this record, or round robin ? Kind regards Stephan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfSense Aliases / firewall rule with an FQDN and multiple entries
Hello, what is doing a pfense with an rule which contains an alias. this alias is a FQDN - which for sure will resoluted by DNS This A record has multiple entries. e.g. 1.1.1.1 and 2.2.2.2 and 3.3.3.3 So, is pfsense applying this rule to ALL IP's in this record, or round robin ? Kind regards Stephan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Restoring XML config file from URL at console
> On Oct 7, 2016, at 6:09 AM, Brian Candler wrote: > > However I'm happy to drop down either to the Linux shell or the PHP shell. pfSense is based on FreeBSD. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Restoring XML config file from URL at console
Dear Brian, If youre using VMware to run your VM why not just create a template from your working pfSense VM and export it then each time you need this to role-out just import it in the destination virtualization host the same thing if your using KVM. On Friday, 7 October 2016, Brian Candler wrote: > On 07/10/2016 12:09, Brian Candler wrote: > >> I would like to be able to restore an XML config from a HTTP(S) URL at >> the console prompt. Is this possible? >> >> The use case is for a rapid rebuild of a node entirely at the console: >> >> * Run through the installer in express mode >> * Configure just vtnet0 as WAN (no additional config needed if DHCP is >> available) >> * Fetch XML config from URL >> * Reboot >> >> That's it. The new node is now fully prepared, with no need to configure >> the LAN interface or connect to the GUI. >> >> Other use case: I am trying to set up an automated build of a pfSense VM. > The VM builder tool I'm using (packer.io) can put the config file on a > floppy disk image, or can serve it from a local http server. > > I found this: > > https://doc.pfsense.org/index.php/Automatically_Restore_During_Install > > which is almost what I want, except (a) packer creates a floppy device > (not usb); and (b) packer only puts files in the root directory. As far as > I can see, pfSense doesn't have a /dev/fd0 - nor does it have a loadable > module for the floppy driver. I guess it's reasonable to minimise the image > size by removing legacy hardware. > > So really I need to pull the config XML via HTTP. > > Regards, > > Brian. > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- This email or attachments may contain confidential or legally privileged information intended for the sole use of the addressee(s). Any use, redistribution, disclosure, or reproduction of this message, except as intended, is prohibited. If you received this email in error, please notify the sender and reformat your hard drive to remove all copies of the message, including any attachments; failure to do so may result in your floppy drive being filled with jelly. Any views or opinions expressed in this email (unless otherwise stated) may not represent those of the Vatican City, Barack Hussein Obama II, or the Sisters of the Perpetual Motion. Cheers [image: ] ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Restoring XML config file from URL at console
On 07/10/2016 12:09, Brian Candler wrote: I would like to be able to restore an XML config from a HTTP(S) URL at the console prompt. Is this possible? The use case is for a rapid rebuild of a node entirely at the console: * Run through the installer in express mode * Configure just vtnet0 as WAN (no additional config needed if DHCP is available) * Fetch XML config from URL * Reboot That's it. The new node is now fully prepared, with no need to configure the LAN interface or connect to the GUI. Other use case: I am trying to set up an automated build of a pfSense VM. The VM builder tool I'm using (packer.io) can put the config file on a floppy disk image, or can serve it from a local http server. I found this: https://doc.pfsense.org/index.php/Automatically_Restore_During_Install which is almost what I want, except (a) packer creates a floppy device (not usb); and (b) packer only puts files in the root directory. As far as I can see, pfSense doesn't have a /dev/fd0 - nor does it have a loadable module for the floppy driver. I guess it's reasonable to minimise the image size by removing legacy hardware. So really I need to pull the config XML via HTTP. Regards, Brian. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available
On 07/10/2016 13:57, Holger Bauer wrote: > pkg clean > pkg update > pkg upgrade > reboot This worked for me, thanks. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available
I found an older post to the list regarding the same issues with a different version, however this solution worked for me on my testsystem just fine: Run from the console (ssh or local console) Option 8 to go to the shell. Then enter the following commands: pkg clean pkg update pkg upgrade reboot After that the system come up fine with the new release. I'll try that on some production systems this evening. Regards Holger 2016-10-07 14:51 GMT+02:00 Pete Boyd : > Same for me, failure first time on a full install: > > Fetching pfSense-kernel-pfSense-2.3.2_1.txz: . done > pkg: > https://pkg.pfsense.org/pfSense_v2_3_2_i386-core/All/ > pfSense-kernel-pfSense-2.3.2_1.txz: > Operation timed out > >>> Locking package pfSense-kernel-pfSense... done. > Failed > > > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available
Same for me, failure first time on a full install: Fetching pfSense-kernel-pfSense-2.3.2_1.txz: . done pkg: https://pkg.pfsense.org/pfSense_v2_3_2_i386-core/All/pfSense-kernel-pfSense-2.3.2_1.txz: Operation timed out >>> Locking package pfSense-kernel-pfSense... done. Failed -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Restoring XML config file from URL at console
I would like to be able to restore an XML config from a HTTP(S) URL at the console prompt. Is this possible? The use case is for a rapid rebuild of a node entirely at the console: * Run through the installer in express mode * Configure just vtnet0 as WAN (no additional config needed if DHCP is available) * Fetch XML config from URL * Reboot That's it. The new node is now fully prepared, with no need to configure the LAN interface or connect to the GUI. The most convenient would be as a new option at the console menu: similar to "15) Restore recent configuration" but using a remote URL. However I'm happy to drop down either to the Linux shell or the PHP shell. I can see that option 15 (/etc/rc.restore_config_backup) simply calls PHP function config_restore(file). And the main thing that function does is overwrite /config.xml However, looking in diag_backup.php it looks like other things might be needed too, e.g. mark_subsystem_dirty("restore"); touch("/conf/needs_package_sync_after_reboot"); unlink config.cache stuff in /boot/loader.conf various stuff to do with m0n0wall config migration ... etc etc. Maybe this code could be factored out into a helper function which could be invoked from the command line? Or is it safe simply to call config_restore() from the PHP shell, and then reboot? Regards, Brian. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available
Hi, I'm seeing the same issues on multiple systems. As far as I can tell most of the systems are nanobsd versions. I have not seen that on a full install yet (but most of my installations are nanobsd). Also it's not failing always fetching the same file. Sometimes it's the kernel, sometimes it's perl, ... Are there any chances that there is something wrong with the upgraderepository-servers of pkg.pfsense.org or that some kind of timeout is too low for connecting to the updaterepository? If you keep on retrying and retrying on the same system it will make it through fetching all the files and the update will be successfull. However you have to retry it 5-6 times or even more to succeed. If I can provide any more details to nail down the issue let me know. Regards Holger 2016-10-07 4:03 GMT+02:00 FrancisM : > Problem solve after I stop my Snort. Thank you > > On Friday, 7 October 2016, FrancisM wrote: > > > Karl, > > Im seeing the same error when im doing the update then after 4 retry to > > update I could no longer download the update and seeing only this now > > > > > > Number of packages to be upgraded: 4 > > > > 25 MiB to be downloaded. > > Fetching pfSense-base-2.3.2_1.txz: . done > > pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/All/ > > pfSense-base-2.3.2_1.txz: Operation timed out > > *>>> Locking package pfSense-kernel-pfSense... done.* > > *Failed* > > > > On Friday, 7 October 2016, Karl Fife > > wrote: > > > >> Update is failing over here. Is there perhaps a file missing from a > >> repo? This is what I'm seeing when I update from the CLI: > >> > >> ...etc... > >> Fetching php56-5.6.26.txz: .. done > >> Fetching pfSense-rc-2.3.2_1.txz: . done > >> Fetching pfSense-kernel-pfSense_wrap-2.3.2_1.txz: . done > >> pkg: https://pkg.pfsense.org/pfSense_v2_3_2_i386-core/All/pfSense > >> -kernel-pfSense_wrap-2.3.2_1.txz: Operation timed out > >> > >> Is anyone else seeing this? > >> > >> > >> On 10/6/2016 2:29 PM, Jim Thompson wrote: > >> > >>> Details are here: https://blog.pfsense.org/?p=2122 < > >>> https://blog.pfsense.org/?p=2122> > >>> ___ > >>> pfSense mailing list > >>> https://lists.pfsense.org/mailman/listinfo/list > >>> Support the project with Gold! https://pfsense.org/gold > >>> > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > > > > > -- > > > > This email or attachments may contain confidential or legally privileged > > information intended for the sole use of the addressee(s). Any use, > > redistribution, disclosure, or reproduction of this message, except as > > intended, is prohibited. If you received this email in error, please > notify > > the sender and reformat your hard drive to remove all copies of the > > message, including any attachments; failure to do so may result in your > > floppy drive being filled with jelly. Any views or opinions expressed in > > this email (unless otherwise stated) may not represent those of the > Vatican > > City, George W Bush, or the Sisters of the Perpetual Motion. Cheers > [image: > > ] > > > > > > -- > > This email or attachments may contain confidential or legally privileged > information intended for the sole use of the addressee(s). Any use, > redistribution, disclosure, or reproduction of this message, except as > intended, is prohibited. If you received this email in error, please notify > the sender and reformat your hard drive to remove all copies of the > message, including any attachments; failure to do so may result in your > floppy drive being filled with jelly. Any views or opinions expressed in > this email (unless otherwise stated) may not represent those of the Vatican > City, Barack Hussein Obama II, or the Sisters of the Perpetual Motion. > Cheers [image: ] > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold