[pfSense] Some upgrades from 2.4.2-1 to 2.4.3-1 failed at reboot
Hi all, I upgraded some pfSense on APU CPU Type AMD GX-412TC SOC 4 CPUs: 1 package(s) x 4 core(s) AES-NI CPU Crypto: Yes (active) from 2.4.2-1 to 2.4.3-1 The first one via cmd-line (VPN - SSH). It was installed with the default single disk ZFS option on SD, then set up (via GUI) to use / tmp and /var on RAM: zroot/ROOT/default on / (zfs, local, noatime, nfsv4acls) The upgrade seemed to go on regularly, but the system did not came up for many hours. Connected to the serial console, even after a power cicle, it showed (as copied from the console, sorry for the double chars): NNoo //bbtt//kkeerrnneell//kkeerrnneell FFrrBBSSDD//xx8866 bbtt DDeeffaauulltt:: 00::aadd((00,,aa))//bbtt//kkeerrnneell//kkeerrnneell bbtt:: I thought it could be a problem related to /tmp or /var in RAM, but it I guess it wasn't because I reinstalled pfSense 2.4.2-1, reloaded the config I saved just before starting the previous upgrade so /tmp and /var should have been in RAM again. Then I upgraded via SSH (while connected to the serial console to monitor the process). Now the upgrade worked fine. So, seen the problem I had on the first one upgrading via SSH I upgraded some other similar APU from 2.4.2-1 to 2.4.3-1 via GUI. All of them are on SSD, some in UFS, some on ZFS, many of them with /tmp and /var in RAM. All but one (SSD, UFS, /tmp and /var in RAM) upgraded fine. The one that did not upgrade was in the same status and with the same message copied above. Again I reinstalled 2.4.2-1, reloaded the last config, upgraded via GUI and everything worked fine. Did someone have similar issues or have any clue abaout it? /Odette/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Upgrade nanobsd 2.3.4 to 2.4.x
Yes, just to try it before upgrading some production installations. Odette > Did you do this for experimental purposes? > > On Thu, Oct 26, 2017 at 12:19 PM, Odette Nsaka <odette.ns...@libero.it> wrote: > > Hi, > > > > I tried to upgrade some pfSense 2.3.4-x amd64 on nanobsd running on > > PC-engines APU2> > > and APU3, to 2.4.x full install following the guide > > > >https://doc.pfsense.org/index.php/Upgrading_64-bit_NanoBSD_2.3_to_2.4 > > > > I've collected a good number of failures (100%) related to the > > inconsistency of the pkg database after the reboot, until I begun to > > integrate the guide at the above link as follows: consider just the final > > chapter named "Script-Assisted Conversion" (copied below) that is all you > > need to upgrade > > > > /Script-Assisted Conversion/ > > > > /Many of the steps above can be automated using a script, however, a few > > steps must still be made manually as in the above procedure./ > > > > /Perform the steps in the Check Firewall Boot Partition subsection/ > > /Perform the steps in the Change Package Repository subsection/ > > /Fetch and run the script from a shell prompt:/ > > > > / # fetch -o /root/ > > https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_4_0/ > > tools/scripts/pfSense-nanobsd_to_fullinstall.sh/ > > / # /bin/sh pfSense-nanobsd_to_fullinstall.sh/ > > > > START ADDED PROCEDURE > > > > Disable RAM Disks: from the GUI menu go to System => Advanced => > > Miscellaneous, find the section "RAM Disk Settings" and uncheck "Use > > memory file system for /tmp and /var" > > > > Reboot > > > > END ADDED PROCEDURE > > > > / # pfSense-upgrade -y/ > > > > > > (If needed, after upgrade has successfully completed re-enable the RAM > > Disks for /var and /tmp) > > > > > > Following these modified guide the upgrade process worked twice like a > > charm on both the two attempts I made (100% success) > > > > Can anybody confirm that following the modified instructions the upgrade > > from nanobsd to 2.4.x works fine? > > > > Thanks, maybe this will help someone. > > > > Cheers, > > > > Odette > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Upgrade nanobsd 2.3.4 to 2.4.x
Hi, I tried to upgrade some pfSense 2.3.4-x amd64 on nanobsd running on PC-engines APU2 and APU3, to 2.4.x full install following the guide https://doc.pfsense.org/index.php/Upgrading_64-bit_NanoBSD_2.3_to_2.4 I've collected a good number of failures (100%) related to the inconsistency of the pkg database after the reboot, until I begun to integrate the guide at the above link as follows: consider just the final chapter named "Script-Assisted Conversion" (copied below) that is all you need to upgrade /Script-Assisted Conversion/ /Many of the steps above can be automated using a script, however, a few steps must still be made manually as in the above procedure./ /Perform the steps in the Check Firewall Boot Partition subsection/ /Perform the steps in the Change Package Repository subsection/ /Fetch and run the script from a shell prompt:/ / # fetch -o /root/ https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_4_0/ tools/scripts/pfSense-nanobsd_to_fullinstall.sh/ / # /bin/sh pfSense-nanobsd_to_fullinstall.sh/ START ADDED PROCEDURE Disable RAM Disks: from the GUI menu go to System => Advanced => Miscellaneous, find the section "RAM Disk Settings" and uncheck "Use memory file system for /tmp and /var" Reboot END ADDED PROCEDURE / # pfSense-upgrade -y/ (If needed, after upgrade has successfully completed re-enable the RAM Disks for /var and /tmp) Following these modified guide the upgrade process worked twice like a charm on both the two attempts I made (100% success) Can anybody confirm that following the modified instructions the upgrade from nanobsd to 2.4.x works fine? Thanks, maybe this will help someone. Cheers, Odette ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Update to 2.3.4(_1) fails (Not Found)
In the afternoon some Alix failed. Then, in the evening they updated correctly from 2.3.3_1 to 2.3.4_1. Odette > Hmm, has anyone been able to upgrade from 2.3.x or earlier to 2.3.4_1 since > its release Thursday? Or perhaps everyone on this list was on 2.3.4 > already... :) ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] ✉news on the deal
Hi. Sorry for the spam sent from my address. Maybe there's been a security problem with the mail provider libero.it since I've seen yesterday other spam/phishing emails sent on behalf of known users. Sorry again, Odette In data mercoledì 28 giugno 2017 11:50:05 CEST, ha scritto: > Hi! > > Here is the latest news on deal we've discussed yesterday, please read > them here http://bit.do/dxAad > > > Odette Nsaka > > > > From: pfSense Support and Discussion Mailing List > [mailto:list@lists.pfsense.org] Sent: Wednesday, June 28, 2017 12:50 AM > To: odette.ns...@libero.it > Subject: Or Lima, Pennsylvania > > I can't speak for swinging, but "recreational nudism" or "naturism" is > loaded with guys looking to get it on with other guys. I would venture > that some of these guys might be swingers already or would be swingers > if their wives were into it, and are trying to satisfy their desire for > this form of sex which is discouraged by the prevailing etiquette of the > swinger micro-cultures (in recognition that "cultures" may vary from > region to region and venue to venue). > > > I say this as someone who is an experienced nudist and has seen men try > to pick up my husband from a variety of angles and contexts. I am drawing > possible conclusions from my empirical observations, not projecting > assumptions onto individuals or groups of people i haven't met. > > > Sent from Mail for Windows 10 > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Continuous crashes on a couple of 2.2.6 amd64
Previous mail truncated. I'm just adding the last two days crashes: 2016.02.16 Crashes fw1 22:58 fw2 09:24 09:43 10:06 15:03 15:12 2016.02.17 Crashes fw1 (no Crash) fw2 06:52 08:50 09:44 11:08 12:05 12:14 13:09 All other pfsense I have (nanobsd, x86, amd64), all on version 2.2.6 are working fine. Does anyone have any advise? Thanks in advance Odette Nsaka ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Continuous crashes on a couple of 2.2.6 amd64
Hi all, I've got a couple of Pf servers running: 2.2.6-RELEASE (amd64) built on Mon Dec 21 14:50:08 CST 2015 FreeBSD 10.1-RELEASE-p25 on Intel(R) Xeon(R) CPU 5130 @ 2.00GHz 4 CPUs: 2 package(s) x 2 core(s) Memory usage 5% of 4059 MB (fw1) Memory usage 7% of 3035 MB (fw2) configured in CARP for High Availability, both with 5 Ethernet ports (bce and igb). Both the firewalls have been working like a charm for a long time while they were set up with 32 bit versions. The official PfSense documentation suggests to use 64 bit releases on 64 bit systems, so, a few months ago, I upgraded both from 2.2.4 (config. rev. 11.9) 32 bit to the release listed above. To change to 64 bit release I saved the configuration files, re-installed from scratch the 64-bit version and then restored the saved configuration files. As soon as reinstalled the firewalls begun to crash as soon as they were up. So I added kern.ipc.nmbclusters100 in System: Advanced: System Tunables and the problem was solved. Then both the firewalls are unstable: they crash frequently. fw2 (backup) crashes several times everyday, while fw1 crashes every couple of days. My first though is that the crashes are related to hardware issues, but this doesn't explain why the problem begun after upgrading to 2.2.6 64 bit, and why the behaviour is similar, but not the same, on both the firewalls: the probability of hardware failure on both at the same time is very low... Looking at some documentation online, I have also added the following lines to /boot/loader.conf.local hw.bce.tso_enable=0 hw.pci.enable_msix=0 hw.pci.enable_msi=0 net.inet.tcp.tso=0 so at the moment the file is: kern.cam.boot_delay=1 legal.intel_ipw.license_ack=1 legal.intel_iwi.license_ack=1 hw.bce.tso_enable=0 hw.pci.enable_msix=0 hw.pci.enable_msi=0 net.inet.tcp.tso=0 I have a huge Crash report file (44 reports for fw2 and 4 for fw1) but I thing they are too great to be posted here... Here is an example of the last lines of a crash report: _ Fatal trap 9: general protection fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0x80b30bd3 stack pointer = 0x28:0xfe003be5da60 frame pointer = 0x28:0xfe003be5da90 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 12 (irq18: igb2 bce0+) � ��� ��� ��� ��� ��� ���version.txt�� ��� 06000 ���0���275�12661061373� 7624� ��� ��� ���ustar���root wheel ��� ��� ��� ��� ��Fr eeBSD 10.1-RELEASE-p25 #0 c39b63e(releng/10.1)-dirty: Mon Dec 21 15:20:13 CST 2015 root@pfs22-amd64- builder:/usr/obj.RELENG_2_2.amd64/usr/pfSensesrc/src.RELENG_2_2/sys/pfS ense_SMP.10 ��� ��� ��� ��� ��� ��� ��� ��� ��� _ What I see is that from the crash report file on fw2 I have 21 times on 44 the same value 0x28:0xfe003be5da60 for the stack pointer and 14 times 0x28:0xfe003be5da90 for the frame pointer, and almost always, but non always, the value of current process is related to bce0 Here's the list of the last crashes and my notes: 2016.02.02 Crashes: fw1 ~11:00 fw2 ~17:00 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] client VPN on IOS
"OpenVPN Connect": on several "i-Something" and Android too. And on several PfSense. Stable and easy. On iOS you I've not been able to make the client ask for certificate password every time you want to establish a new connection. When you import the certificate iOS asks for the passkey and then never asks for it again. So, if you set up Ovpn to use only certificate verification (Remote access SSL/TLS), everybody who has access to the iPhone or iPad can connect without the need to know any password. To solve the issue, I've set up Ovpn server to ask also for the user password (Remote SSL/TLS+User Auth) and instructed users to non flag "remember the password". Bye -- */Odette Nsaka/* In data martedì 15 settembre 2015 08:18:21, Ray Bagby ha scritto: > Greetings, > > Anyone have any luck connecting iphone via VPN? > > Thanks > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Issues with 2.2.x and Alix devices
I've successfully upgraded 5 Alix 2D3 fron 2.2.2 to 2.2.3 Everything OK Odette In data martedì 7 luglio 2015 09:45:38, Микаел Бак ha scritto: Hi Kostas, On 2015-07-06 18:53, Kostas Backas wrote: Hello, I had no success restoring 2.2.x (2.2.2 or 2.2.3) proper installers or updaters to 2 different Alix devices. 2.1.5 is installing fine, and then update works OK. I haven’t tested yet the devices with serial cables to see where they stop. Anyone faced this? You do not specify how much RAM your Alix device have. I have only been able to run pfsence reliably with Alix devices that have 256MB RAM. With less (128MB RAM) the webconfigurator process kills itself, presumably because it needs more RAM to work properly. Perhaps I'm wrong, but this is what I have noticed on my systems. HTH, Mikael ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] PCengine APU sleepness
Hi there finally (see the thread [pfSense] APU and SSD: full install or NanoBSD on this mailing list ) I opted for a full install with /var anf /tmp on ramdisk on one APU and an ebbedded one fon another APU. They are both working fine. But, on both, I have some issues with the web interface: if I'm working (refreshing frequently the web pages) everything works fine and fast. But if i leave the browser open on a web page for a while (minutes) and do nothing , when I try to access again the web interface, the pf web server seems to be very slow, so slow that often the browser gives up with time-out error, as if the APU, php engine or the web server were fallen aspept and needs some time to wake up. The next request, if asked in a few seconds, is answered very fast (alredy awaken ???). I did not experience similar lags or reactivity issues of the other components not web related. I don't remember a similar behaviour on Alix or PC Did someone experience a similar behaviour? Suggestions? Thanks in advance, Odette ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
Not too much related, but I am. I'm using a multi-wan connection to different ISP who give me dynamic IP address. I set up the Internet connection via a couple of different routers, one for each ISP. The difference in my configuration is that the routers connect to the ISP via PPPoA and PF is connected to the routers via regular IP local subnet connection (no PPPoE/PPPoA on PF). This way everything works fine, asterisk on the LAN side of PF too, even when one or both of the public IPs are changed. In case of failure of one (or the other) of the ISP connections, asterisk connects with no problem to the VoIP provider, no matter on which is the active or preferred gateway. O. -- On Sept. 26th 2014 15:51:37, Hannes Werner wrote: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote: On 26/09/2014 12:42, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz-Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? It's not my place, either, to pass comment on what free software you should decide to use, I am also none other than a happy end user (with a PPPoE service on at least one of my pfsense boxes, but with a static IP). Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring that you have, under System -- Advanced -- Miscelleaneous -- State Killing on Gateway Failure enabled provide a workaround resolution for you? I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced from #1629. Also it's clear that bug #1629 is pushed out to 2.2, although the latest comment is for it to be addressed, or to push it out to 2.3. It's probably not good news for you, but it looks like there is a schedule for it to be fixed just not very quickly. Do bear in mind that the original PPP software was designed for opportunistic on-demand dial-up connections, and isn't perfectly suited for running server side applications on the client end. PPPoE PPPoA built on this, I guess, to allow ISPs to continue to use their RADIUS infrastructure for customers authentication as they moved to broadband / cable based connections. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
In the different environments where I use PF I'm using different appliances acting as modem/routers. In most cases I use those supplied by the ISP. In other cases I use some other low-medium level modem/routers. As an example some are Tp-link TD-W8968. All these modem/routers connect: - to the ISP on the phone line over ADSL and PPPoE/PPPoA - to the pfSense WAN port via Ethernet port They are just enough to act as - ADSL2+ modem on the 20 mbit/sec ADSL lines - inbound NATP towards the PF WAN IP. pfSense act as routing firewalls, sometimes as VPN endpoints, never as ADSL modem. O. -- In data venerdì 26 settembre 2014 20:00:59, Hannes Werner ha scritto: Thank you very much Odette, what type of router do you use? Those who are doing the PPPoA? So you use pfSense as a strict Firewall? On Fri, Sep 26, 2014 at 4:35 PM, Odette Nsaka odette.ns...@libero.it wrote: Not too much related, but I am. I'm using a multi-wan connection to different ISP who give me dynamic IP address. I set up the Internet connection via a couple of different routers, one for each ISP. The difference in my configuration is that the routers connect to the ISP via PPPoA and PF is connected to the routers via regular IP local subnet connection (no PPPoE/PPPoA on PF). This way everything works fine, asterisk on the LAN side of PF too, even when one or both of the public IPs are changed. In case of failure of one (or the other) of the ISP connections, asterisk connects with no problem to the VoIP provider, no matter on which is the active or preferred gateway. O. -- On Sept. 26th 2014 15:51:37, Hannes Werner wrote: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote: On 26/09/2014 12:42, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz- Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? It's not my place, either, to pass comment on what free software you should decide to use, I am also none other than a happy end user (with a PPPoE service on at least one of my pfsense boxes, but with a static IP). Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring that you have, under System -- Advanced -- Miscelleaneous -- State Killing on Gateway Failure enabled provide a workaround resolution for you? I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced from #1629. Also it's clear that bug #1629 is pushed out to 2.2, although the latest comment is for it to be addressed, or to push it out to 2.3. It's probably not good news for you, but it looks like there is a schedule for it to be fixed just not very quickly. Do bear in mind that the original PPP software was designed for opportunistic on-demand dial-up connections, and isn't perfectly suited for running server side applications on the client end. PPPoE PPPoA built on this, I guess, to allow ISPs to continue to use their RADIUS infrastructure for customers authentication as they moved to broadband / cable based connections. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ List mailing list List@lists.pfsense.org___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [SOT] apu1c4/apu1d4 stability
Not 20 but just 1 (at the moment), working as espected 24/7 since when installed (a couple of months). The environmet temperature is between 20°C and 27°C. Odette */In data lunedì 22 settembre 2014 18:10:55, mayak ha scritto:/* */ hi all,/* */ /* */ in an earlier thread, i recounted issues that i had with the apu1c4 unit/* */ silently dying -- this was the only thread that i saw here, so i assume/* */ that i just got a bad unit./* */ /* */ can anyone confirm a small deployment of 20 of these without issue? i am/* */ currently getting ready to do a proposal and i need to reassured./* */ /* */ thanks/* */ /* */ m/* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Upgrade to 2.1.5 looses packages
Here are the packages were not reinstalled Alix 1): $ df -hm Filesystem1M-blocks Used Avail Capacity Mounted on /dev/ufs/pfsense0 1845 175 152210%/ devfs 00 0 100%/dev /dev/ufs/cf 4973816%/cf /dev/md0 38034 1%/tmp /dev/md1 57 213140%/var devfs 00 0 100%/var/dhcpd/dev Alix 2): $ df -hm Filesystem1M-blocks Used Avail Capacity Mounted on /dev/ufs/pfsense0 1845 156 1541 9%/ devfs 00 0 100%/dev /dev/ufs/cf 4963815%/cf /dev/md0 38034 1%/tmp /dev/md1 57 223042%/var devfs 00 0 100%/var/dhcpd/dev And here is where the packages have been corectly reinstalled Alix 3) $ df -hm Filesystem1M-blocks Used Avail Capacity Mounted on /dev/ufs/pfsense1 1845 166 153110%/ devfs 00 0 100%/dev /dev/ufs/cf 49143 3%/cf /dev/md0 38035 1%/tmp /dev/md1 57 163631%/var devfs 00 0 100%/var/dhcpd/dev So I think the problem is not related to the free space on the file system -- */In data mercoledì 10 settembre 2014 14:50:22, Ryan Coleman ha scritto:/* */ How much space is free on this that did and those that did not? You only get/* */ 2GB of that 4./* */ On Sep 10, 2014, at 14:49, Odette Nsaka odette.ns...@libero.it wrote:/* */ /* */ Storage: 4GB/* */ RAM: 256 MB/* */ /* */ To me, this will not explain why, on similar configurations, most of the/* */ ALIX did not reinstall packages, while the last one did./* */ /* */ Somewhere in the mailing list archive there's chatter about the lower end/* */ boards not having enough resources to complete - either storage or RAM./* */ Could you be maxing out during the upgrade process? How big is your/* */ storage/* */ device?/* */ /* */ On Sep 10, 2014, at 13:12, Odette Nsaka odette.ns...@libero.it wrote:/* */ /* */ ALIX 2D13 LX800 256MB/* */ /* */ In data martedì 9 settembre 2014 17:57:51, Ryan Coleman ha scritto:/* */ I suspect it might be your specific configuration - all 8 of mine/* */ automatically patched the packages./* */ /* */ What specific ALIX hardware are you using?/* */ /* */ On Sep 9, 2014, at 16:10, Odette Nsaka odette.ns...@libero.it wrote:/* */ Hi all,/* */ /* */ I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5,/* */ the/* */ /* */ packages are not reinstalled./* */ /* */ This certanly does not mean that the project is not growing better/* */ than/* */ one/* */ could expect./* */ /* */ Thank you again!/* */ /* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* */ /* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* */ /* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* */ /* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* */ /* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Upgrade to 2.1.5 looses packages
I've just upgraded an other Alix (same model) that was flashed with the pfSense-2.1.4-RELEASE-4g-i386-nanobsd.img image. Here the packages have been correctly reinstalled in 2.1.5 On the other Alix's where I got the packages issue during upgrade to 2.1.5, the first installation was made with previous releases and then upgraded, release by release, to 2.1.4 with no previous package issue. Odette */In data martedì 9 settembre 2014 17:57:51, Ryan Coleman ha scritto:/* */ I suspect it might be your specific configuration - all 8 of mine/* */ automatically patched the packages./* */ /* */ What specific ALIX hardware are you using?/* */ /* */ On Sep 9, 2014, at 16:10, Odette Nsaka odette.ns...@libero.it wrote:/* */ Hi all,/* */ /* */ I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the/* */ /* */ packages are not reinstalled./* */ /* */ This certanly does not mean that the project is not growing better than/* */ one/* */ could expect./* */ /* */ Thank you again!/* */ /* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ https://lists.pfsense.org/mailman/listinfo/list/* ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Upgrade to 2.1.5 looses packages
ALIX 2D13 LX800 256MB In data martedì 9 settembre 2014 17:57:51, Ryan Coleman ha scritto: I suspect it might be your specific configuration - all 8 of mine automatically patched the packages. What specific ALIX hardware are you using? On Sep 9, 2014, at 16:10, Odette Nsaka odette.ns...@libero.it wrote: Hi all, I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the packages are not reinstalled. This certanly does not mean that the project is not growing better than one could expect. Thank you again! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Upgrade to 2.1.5 looses packages
Storage: 4GB RAM: 256 MB To me, this will not explain why, on similar configurations, most of the ALIX did not reinstall packages, while the last one did. -- */Odette Nsaka/* In data mercoledì 10 settembre 2014 13:13:58, Ryan Coleman ha scritto: Somewhere in the mailing list archive there's chatter about the lower end boards not having enough resources to complete - either storage or RAM. Could you be maxing out during the upgrade process? How big is your storage device? On Sep 10, 2014, at 13:12, Odette Nsaka odette.ns...@libero.it wrote: ALIX 2D13 LX800 256MB In data martedì 9 settembre 2014 17:57:51, Ryan Coleman ha scritto: I suspect it might be your specific configuration - all 8 of mine automatically patched the packages. What specific ALIX hardware are you using? On Sep 9, 2014, at 16:10, Odette Nsaka odette.ns...@libero.it wrote: Hi all, I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the packages are not reinstalled. This certanly does not mean that the project is not growing better than one could expect. Thank you again! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Upgrade to 2.1.5 looses packages
Hi all, I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the packages are not reinstalled. This certanly does not mean that the project is not growing better than one could expect. Thank you again! -- Odette Nsaka ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1.3 Release Now Available
Hi all, thanks for the great job. I don't see upgrades to 2.1.3 for nanoBSD VGA 512MB CF. I managed upgrading that Alix by mounting an USB perndrive on /root and everything was fine. Please, should I wait for a 512 image, build an image on my own starting from oter images (howto?) or do I have to change the CF? Thanks in advance Odette -- Odette Nsaka In data sabato 3 maggio 2014 02:52:06, Chris Buechler ha scritto: pfSense 2.1.3 release is now available. You can find the details on our blog. https://blog.pfsense.org/?p=1272 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 on WRAP
First of all, thanks to the developers for the new fantastic 2.1 release. I've been using Alix by PC Engines (WRAP's successor) succesfully for a lot of time. I was just wandering about PC Engines not releasing new versions of Alix. And it seems to me they are going to be soon too old for next pfSense releases. So I was asking: - the system requirement will be enough so the development of pfSense will continue for a reasonable ammount of time on Alix ? - Has already been designed the new successor for our dear grandma Alix? Or a suggested platform for embedded solutions? Odette */In data giovedì 19 settembre 2013 23:28:40, Chris Buechler ha scritto:/* */ On Thu, Sep 19, 2013 at 8:22 AM, Ugo Bellavance u...@lubik.ca wrote:/* */ Hi,/* */ /* */ My old PC Engines WRAP is still surviving, and I'd like to install 2.1 on/* */ it. Are these instructions still valid for 2.1?/* */ https://doc.pfsense.org/index.php/NanoBSD_on_WRAP/* */ /* */ I would guess yes. But we haven't tested on WRAP in years. They've/* */ been EOL for 5+ years and their successor is now nearing EOL, it's/* */ time to retire the WRAPs./* */ ___/* */ List mailing list/* */ List@lists.pfsense.org/* */ http://lists.pfsense.org/mailman/listinfo/list/* ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 on WRAP
*/In data venerdì 20 settembre 2013 09:54:17, Seth Mos ha scritto:/* */ On 20-9-2013 9:45, Odette Nsaka wrote:/* */ First of all, thanks to the developers for the new fantastic 2.1 release./* */ /* */ /* */ /* */ I've been using Alix by PC Engines (WRAP's successor) succesfully for a/* */ lot of time. I was just wandering about PC Engines not releasing new/* */ versions of Alix./* */ /* */ And it seems to me they are going to be soon too old for next pfSense/* */ releases./* */ /* */ So I was asking:/* */ /* */ - the system requirement will be enough so the development of pfSense/* */ will continue for a reasonable ammount of time on Alix ?/* */ /* */ - Has already been designed the new successor for our dear grandma Alix?/* */ Or a suggested platform for embedded solutions?/* */ /* */ The main limitation here is RAM, if your Alix has 256 MB it should be/* */ fine really. The forwarding rate is limited to about 70 mbit, so if you/* */ need more only the newer Soekris 6500 series would work./* Thank you, but Soekris 6501 costs as much as the double of Alix. Just to have (for what I really need for a SO solution) +256 MB ram +100 MHz CPU +GBit ethernet My question is (is there any magician around?): will the investement on a new ALIX.2D13 system board (LX800 / 256 MB / 3 LAN / 1 miniPCI / USB / RTC battery) make sense meaning it will support last releases of pfSense for at least the next 3 years? Does somebody know other reliable and cheap embedded platforms running pfSense with no problem? Assuming that the pfSense development was keeping ALIX in serious consideration for the nanobsd version, is it going to substitute ALIX with an other platform? (The question shoud be: Which are newer supported embedded platforms? But the supported term may be too heavy) ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 on WRAP
Keep your eye on this one, too: http://www.pcengines.ch/apu.htm The ALIX doughter... Great, already waiting for it, thanks Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense vs JunOS
I confirm too: excellent support! Odette -- Odette Nsaka odette.ns...@libero.it Il giorno mar, 03/07/2012 alle 15.26 -0600, James Caldwell ha scritto: Absolutely, some of the best support I've had for a software solution to date. James ... ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [pfSense-discussion] Strange 2.0-RC3 behaviour with Lotus Domino
Sorry, I can't publish the pcap files. I could just deliver them to someone who could analyse them to help me in identifying the problem. Who can I send the pcap files to? Thanks in advance Odette -- Odette Nsaka odette.ns...@libero.it Il giorno lun, 19/09/2011 alle 21.27 +0200, Odette Nsaka ha scritto: Thank you Chris and sorry for answering so late. I already collected some pcap files. They're huge and contain some personal data that should not be published. Can I deliver the capture files directly to you or to someone without publishing them? In the header you can find my e-mail address. The private communication will be used just for the pcap delivery, if this is not against the rules of the list. Odette On Mon, 09/12/2011, 16.15 -0400, Chris Buechler wrote: On Mon, Sep 12, 2011 at 8:32 AM, Odette Nsaka odette.ns...@libero.it wrote: Please, did anybody experience any similar behaviour? Not that I've ever seen. Uploading a full pcap of the traffic would be much more telling than the basic text output, without that it's very hard to say. One capture from LAN and one from WAN would be best. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [pfSense-discussion] Strange 2.0-RC3 behaviour with Lotus Domino
Please, did anybody experience any similar behaviour? Suggestions? Shoud I stay on 1.2.3? Thanks Odette -- Odette Nsaka odette.ns...@libero.it Il giorno gio, 25/08/2011 alle 22.00 +0200, Odette Nsaka ha scritto: It's a lot of time I'm using PF and I really appreciate it. Guys you are doing a very good job. I'm successfully using PF 2.0-RC3, even on Alix (embedded) and installed on PC, with ipsec vpn, OVPN, carp for failover, WiFi, WAN in load balancing on 2 different ADSL lines, etc. Everything is working really fine. But a few days ago I encountered a problem that I cannot understand and resolve: I've been upgrading a couple of PF installed on pc (configured in failover with CARP, 5 nics) from release 1.2.3 to 2.0-RC3. In version 1.2.3 and all the previous updates have everything been working fine. After the upgrade to 2.0-RC3 I had just one problem, but because of this I had to revert to 1.2.3. Here is the problem. After the upgrade to version 2.0-RC3 every protocol has been filtered by PF as expected. But the SMTP traffic from the e-mail provider mta (postfix) to the internal MailReley server had a strange behaviour. On the internal mail relay I saw the connection estabilished from the provider mta, but at the moment of receiving the the mail body the connection hanged up and reset at timeout. Just small e-mails, sent as a test by the provider, have been successfully delivered. Reverting to 1.2.3 everything works fine again. An inspection to the traffic, made through a mirror port on the switch (verified sniffing directly on PF) shows the different behaviours reported below. Here are the data captured with 2.0-RC3, related to an attempt of the MTA to send an e-mail messages to the internal mail relay. 226970 684.515289 ProviderMtaIp - MyMailRelayIp TCP 57715 smtp [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=68980421 TSER=0 WS=7 226971 684.515768 MyMailRelayIp - ProviderMtaIp TCP smtp 57715 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 226973 684.526527 ProviderMtaIp - MyMailRelayIp TCP 57715 smtp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=68980427 TSER=0 226977 684.529562 MyMailRelayIp - ProviderMtaIp SMTP S: 220 mail.mycompany.com ESMTP Service (Lotus Domino Release 8.5.1FP2) ready at Wed, 27 Jul 2011 12:52:04 +0200 226978 684.537048 ProviderMtaIp - MyMailRelayIp TCP 57715 smtp [ACK] Seq=1 Ack=110 Win=5888 Len=0 TSV=68980443 TSER=625882 226979 684.537070 ProviderMtaIp - MyMailRelayIp SMTP C: EHLO fedora.provider.org 226980 684.537868 MyMailRelayIp - ProviderMtaIp SMTP S: 250-mail.mycompany.com Hello fedora.provider.org ([ProviderMtaIp]), pleased to meet you | 250-TLS | 250-ETRN | 250-STARTTLS | 250-DSN | 250-SIZE 18432000 | 250 PIPELINING 226992 684.551654 ProviderMtaIp - MyMailRelayIp SMTP C: MAIL FROM:user@domain SIZE=86045 | RCPT TO:user@domain | DATA 226996 684.552697 MyMailRelayIp - ProviderMtaIp SMTP S: 250 user@domain Sender OK | 250 user@domain Recipient OK | 354 Enter message, end with . on a line by itself 227503 686.321903 MyMailRelayIp - ProviderMtaIp SMTP [TCP Retransmission] S: 250 user@domain Sender OK | 250 user@domain Recipient OK | 354 Enter message, end with . on a line by itself 227505 686.329892 ProviderMtaIp - MyMailRelayIp TCP [TCP Previous segment lost] 57715 smtp [ACK] Seq=3001 Ack=404 Win=8064 Len=0 TSV=68982235 TSER=625901 SLE=274 SRE=404 343904 1013.873824 MyMailRelayIp - ProviderMtaIp TCP smtp 57715 [FIN, ACK] Seq=404 Ack=105 Win=64136 Len=0 TSV=629175 TSER=68980454 343909 1013.883338 ProviderMtaIp - MyMailRelayIp TCP 57715 smtp [RST] Seq=105 Win=0 Len=0 As I can see the traffic between the provider's MTA and the mai relay starts and, initially it goes on, but packet ID 226996 get lost, then retransmitted (227503) and acknowledged by ProviderMtaIp but with a grater Seq. number. It looks like the mail data packets have been lost. Then, after about 5 min. the connection reaches the time out, mail relay sends a FIN request and the ProviderMtaIp resets the connection. On PF's logs there's nothing about dropped packets related to the connection. Here's, what happens reverting to 1.2.3 (everything works fine). ... 19377 46.958958 ProviderMtaIp - MyMailRelayIp SMTP C: MAIL FROM:user@domain SIZE=56892 | RCPT TO:user@domain | DATA 19378 46.960259 MyMailRelayIp - ProviderMtaIp SMTP S: 250 user@domain Sender OK | 250 user@domain Recipient OK | 354 Enter message, end with . on a line by itself 19386 46.971715 ProviderMtaIp - MyMailRelayIp SMTP C: DATA fragment, 1248 bytes
