Re: [pfSense] Running newer then released?

2017-03-03 Thread Arno Gramatke 
There is already a thread on the forum:

https://forum.pfsense.org/index.php?topic=126523.0 
<https://forum.pfsense.org/index.php?topic=126523.0>

> Am 03.03.2017 um 15:20 schrieb Vick Khera <vi...@khera.org>:
> 
> Ha... I read that as something you wrote yourself. Curious...
> 
> 
> On Fri, Mar 3, 2017 at 9:17 AM, Stephen Shkardoon <step...@zxsecurity.co.nz 
> <mailto:step...@zxsecurity.co.nz>>
> wrote:
> 
>> Not the number, rather the message: "The system is on a later version than
>> the official release.". Isn't this misleading? Isn't it on the *same*
>> version as the official release?
>> 
>> On Sat, Mar 4, 2017 at 3:10 AM, Vick Khera <vi...@khera.org 
>> <mailto:vi...@khera.org>> wrote:
>> 
>>> What number exactly are you fretting about?
>>> 
>>> As of Feb 16, FreeBSD 10.3-p16 was current, and pfsense 2.3.3 was and is
>>> still current.
>>> 
>>> 
>>> On Fri, Mar 3, 2017 at 9:07 AM, Stephen Shkardoon <
>>> step...@zxsecurity.co.nz <mailto:step...@zxsecurity.co.nz>>
>>> wrote:
>>> 
>>>> The issue is that the message displayed is, exactly:
>>>> ```
>>>> 2.3.3-RELEASE (amd64)
>>>> built on Thu Feb 16 06:59:53 CST 2017
>>>> FreeBSD 10.3-RELEASE-p16
>>>> 
>>>> The system is on a later version than
>>>> the official release.
>>>> ```
>>>> 
>>>> So I am guessing there's just a file to update somewhere or similar
>> that
>>>> was missing from the release process?
>>>> 
>>>> 
>>>> On Sat, Mar 4, 2017 at 2:48 AM, Arno Gramatke <a...@gramatke.biz 
>>>> <mailto:a...@gramatke.biz>>
>> wrote:
>>>> 
>>>>> 2.3.3 is the current release, isn’t it?
>>>>> 
>>>>> https://blog.pfsense.org/?p=2325 <https://blog.pfsense.org/?p=2325> 
>>>>> <https://blog.pfsense.org/?p=2325 <https://blog.pfsense.org/?p=2325>>
>>>>> 
>>>>>> Am 03.03.2017 um 14:45 schrieb Yılmaz Bilgili <
>>> li...@yilmazbilgili.com
>>>>> :
>>>>>> 
>>>>>> 03-03-2017 15:38 tarihinde Doug Lytle yazdı:
>>>>>>> My home pfSense is reporting:
>>>>>>> 
>>>>>>> 2.3.3-RELEASE (amd64)
>>>>>>> built on Thu Feb 16 06:59:53 CST 2017
>>>>>>> FreeBSD 10.3-RELEASE-p16
>>>>>>> 
>>>>>>> The system is on a later version than
>>>>>>> the official release.
>>>>>> 
>>>>>> Same with me.
>>>>>> 
>>>>>> ___
>>>>>> pfSense mailing list
>>>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>>>> Support the project with Gold! https://pfsense.org/gold
>>>>> 
>>>>> ___
>>>>> pfSense mailing list
>>>>> https://lists.pfsense.org/mailman/listinfo/list 
>>>>> <https://lists.pfsense.org/mailman/listinfo/list>
>>>>> Support the project with Gold! https://pfsense.org/gold 
>>>>> <https://pfsense.org/gold>
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> --
>>>> *Stephen Shkardoon*
>>>> Security Consultant - ZX Security Limited
>>>> 
>>>> Email: step...@zxsecurity.co.nz <mailto:step...@zxsecurity.co.nz> | Web: 
>>>> www.zxsecurity.co.nz <http://www.zxsecurity.co.nz/>
>>>> ___
>>>> pfSense mailing list
>>>> https://lists.pfsense.org/mailman/listinfo/list 
>>>> <https://lists.pfsense.org/mailman/listinfo/list>
>>>> Support the project with Gold! https://pfsense.org/gold 
>>>> <https://pfsense.org/gold>
>>>> 
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list 
>>> <https://lists.pfsense.org/mailman/listinfo/list>
>>> Support the project with Gold! https://pfsense.org/gold 
>>> <https://pfsense.org/gold>
>>> 
>> 
>> 
>> 
>> --
>> *Stephen Shkardoon*
>> Security Consultant - ZX Security Limited
>> 
>> Email: step...@zxsecurity.co.nz <mailto:step...@zxsecurity.co.nz> | Web: 
>> www.zxsecurity.co.nz <http://www.zxsecurity.co.nz/>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list 
>> <https://lists.pfsense.org/mailman/listinfo/list>
>> Support the project with Gold! https://pfsense.org/gold 
>> <https://pfsense.org/gold>
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list 
> <https://lists.pfsense.org/mailman/listinfo/list>
> Support the project with Gold! https://pfsense.org/gold 
> <https://pfsense.org/gold>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running newer then released?

2017-03-03 Thread Arno Gramatke 
Ah, now I understand. And I just noticed the same for my installation.

And when I go to System -> Update -> System Update I see this:
Current Base System 2.3.3
Latest Base System 0.19

It looks like it takes much longer to retrieve the update information from the 
update server. So maybe its running into a time out and then display 0.19 as 
the latest base system? Or some file on the update server contains wrong 
information.

> Am 03.03.2017 um 15:07 schrieb Stephen Shkardoon <step...@zxsecurity.co.nz>:
> 
> The issue is that the message displayed is, exactly:
> ```
> 2.3.3-RELEASE (amd64)
> built on Thu Feb 16 06:59:53 CST 2017
> FreeBSD 10.3-RELEASE-p16
> 
> The system is on a later version than
> the official release.
> ```
> 
> So I am guessing there's just a file to update somewhere or similar that
> was missing from the release process?
> 
> 
> On Sat, Mar 4, 2017 at 2:48 AM, Arno Gramatke <a...@gramatke.biz 
> <mailto:a...@gramatke.biz>> wrote:
> 
>> 2.3.3 is the current release, isn’t it?
>> 
>> https://blog.pfsense.org/?p=2325 <https://blog.pfsense.org/?p=2325> 
>> <https://blog.pfsense.org/?p=2325 <https://blog.pfsense.org/?p=2325>>
>> 
>>> Am 03.03.2017 um 14:45 schrieb Yılmaz Bilgili <li...@yilmazbilgili.com>:
>>> 
>>> 03-03-2017 15:38 tarihinde Doug Lytle yazdı:
>>>> My home pfSense is reporting:
>>>> 
>>>> 2.3.3-RELEASE (amd64)
>>>> built on Thu Feb 16 06:59:53 CST 2017
>>>> FreeBSD 10.3-RELEASE-p16
>>>> 
>>>> The system is on a later version than
>>>> the official release.
>>> 
>>> Same with me.
>>> 
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list 
>> <https://lists.pfsense.org/mailman/listinfo/list>
>> Support the project with Gold! https://pfsense.org/gold 
>> <https://pfsense.org/gold>
>> 
> 
> 
> 
> -- 
> *Stephen Shkardoon*
> Security Consultant - ZX Security Limited
> 
> Email: step...@zxsecurity.co.nz <mailto:step...@zxsecurity.co.nz> | Web: 
> www.zxsecurity.co.nz <http://www.zxsecurity.co.nz/>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list 
> <https://lists.pfsense.org/mailman/listinfo/list>
> Support the project with Gold! https://pfsense.org/gold 
> <https://pfsense.org/gold>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running newer then released?

2017-03-03 Thread Arno Gramatke 
2.3.3 is the current release, isn’t it?

https://blog.pfsense.org/?p=2325 

> Am 03.03.2017 um 14:45 schrieb Yılmaz Bilgili :
> 
> 03-03-2017 15:38 tarihinde Doug Lytle yazdı:
>> My home pfSense is reporting:
>> 
>> 2.3.3-RELEASE (amd64)
>> built on Thu Feb 16 06:59:53 CST 2017
>> FreeBSD 10.3-RELEASE-p16
>> 
>> The system is on a later version than
>> the official release.
> 
> Same with me.
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense reloads configuration every second after enabling IPV6 on WAN interface

2016-10-17 Thread Arno Gramatke 
The Deutsche Telekom, that provides this line, moved the line to their new BNG 
(Broadband Network Gateway) in September. It looks like this is the culprit of 
the issue.

Several router manufacturers have updated their firmwares to fix problems with 
the IPv6 DHCP when connected to the BNG (after looking for it, I found some 
hints in the release notes from AVM, bintec and TP-Link).

>From what I gathered from other forum entries there seems to be problems when 
>renewing an IPv6 prefix because the dhcp6c client would not send the old 
>prefix in the renew request and then the BNG would reply with NoPrefixAvail 
>with a lifetime of 0.

Does that make any sense when looking at the log excerpts I sent? If so, is 
there a way to work around this issue in pfSense?

> Am 17.10.2016 um 12:31 schrieb Arno Gramatke <a...@gramatke.biz>:
> 
> Hi all,
> 
> I am running pfSense 2.3.2-RELEASE-p1 on a PC Engines APU1D4 connected to a 
> Deutsche Telekom VDSL line.
> 
> My interface configuration looks like this:
> 
> WAN => PPPoE on re0_vlan7
> LAN => re1
> OPT1 => re2
> OPT2 => re0 (for access to the DSL modem)
> 
> When just using IPv4 everything works fine.
> 
> To use IPv6 I have to enable DHCP for IPv6 on the WAN interface and request 
> the prefix/connection information over the IPv4 link. Prefix delegation size 
> is set to 56 and "Send IPv6 prefix hint" is enabled. The IPv6 type on the LAN 
> interface is set to track the WAN interface with prefix ID 0.
> 
> As soon as I enable this configuration the pfSense box starts to reload the 
> IPv6 configuration several times each minute. Although the box shows that it 
> has IPv6 addresses on the WAN and LAN interface, I can't use IPv6. 
> traceroute6 to an external host stops at the pfSense box. When I try to test 
> for IPv6 connectivity using http://ipv6-test.com <http://ipv6-test.com/> (for 
> example) it shows that IPv6 is not supported.
> 
> Here is a log excerpt:
> 
> === /var/log/system.log ===
> Oct 13 09:35:44 pfsense check_reload_status: Reloading filter
> Oct 13 09:35:45 pfsense xinetd[12487]: Starting reconfiguration
> Oct 13 09:35:45 pfsense xinetd[12487]: Swapping defaults
> Oct 13 09:35:45 pfsense xinetd[12487]: readjusting service 6969-udp
> Oct 13 09:35:45 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 
> (services)
> Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: rc.newwanipv6: Info: 
> starting on pppoe0.
> Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: rc.newwanipv6: on (IP 
> address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real 
> interface: pppoe0).
> Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: ROUTING: setting 
> default route to 62.155.241.152
> Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: ROUTING: setting IPv6 
> default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
> Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: Removing static route 
> for monitor 8.8.8.8 and adding a new route through 62.155.241.152
> Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: Removing static route 
> for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through 
> fe80::2a0:a50f:fc81:6d2e%pppoe0
> Oct 13 09:35:46 pfsense check_reload_status: Reloading filter
> Oct 13 09:35:47 pfsense xinetd[12487]: Starting reconfiguration
> Oct 13 09:35:47 pfsense xinetd[12487]: Swapping defaults
> Oct 13 09:35:47 pfsense xinetd[12487]: readjusting service 6969-udp
> Oct 13 09:35:47 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 
> (services)
> Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: Info: 
> starting on pppoe0.
> Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: on (IP 
> address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real 
> interface: pppoe0).
> Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting 
> default route to 62.155.241.152
> Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting IPv6 
> default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
> Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route 
> for monitor 8.8.8.8 and adding a new route through 62.155.241.152
> Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route 
> for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through 
> fe80::2a0:a50f:fc81:6d2e%pppoe0
> Oct 13 09:35:47 pfsense check_reload_status: Reloading filter
> Oct 13 09:35:48 pfsense xinetd[12487]: Starting reconfiguration
> Oct 13 09:35:48 pfsense xinetd[12487]: Swapping defaults
> Oct 13 09:35:48 pfsense xinetd[12487]: readjusting service 6969-udp
> Oct 13 09:35:48 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dro

[pfSense] pfSense reloads configuration every second after enabling IPV6 on WAN interface

2016-10-17 Thread Arno Gramatke 
Hi all,

I am running pfSense 2.3.2-RELEASE-p1 on a PC Engines APU1D4 connected to a 
Deutsche Telekom VDSL line.

My interface configuration looks like this:

WAN => PPPoE on re0_vlan7
LAN => re1
OPT1 => re2
OPT2 => re0 (for access to the DSL modem)

When just using IPv4 everything works fine.

To use IPv6 I have to enable DHCP for IPv6 on the WAN interface and request the 
prefix/connection information over the IPv4 link. Prefix delegation size is set 
to 56 and "Send IPv6 prefix hint" is enabled. The IPv6 type on the LAN 
interface is set to track the WAN interface with prefix ID 0.

As soon as I enable this configuration the pfSense box starts to reload the 
IPv6 configuration several times each minute. Although the box shows that it 
has IPv6 addresses on the WAN and LAN interface, I can't use IPv6. traceroute6 
to an external host stops at the pfSense box. When I try to test for IPv6 
connectivity using http://ipv6-test.com  (for example) 
it shows that IPv6 is not supported.

Here is a log excerpt:

=== /var/log/system.log ===
Oct 13 09:35:44 pfsense check_reload_status: Reloading filter
Oct 13 09:35:45 pfsense xinetd[12487]: Starting reconfiguration
Oct 13 09:35:45 pfsense xinetd[12487]: Swapping defaults
Oct 13 09:35:45 pfsense xinetd[12487]: readjusting service 6969-udp
Oct 13 09:35:45 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 
(services)
Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: rc.newwanipv6: Info: 
starting on pppoe0.
Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: rc.newwanipv6: on (IP 
address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real interface: 
pppoe0).
Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: ROUTING: setting 
default route to 62.155.241.152
Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: ROUTING: setting IPv6 
default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: Removing static route 
for monitor 8.8.8.8 and adding a new route through 62.155.241.152
Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: Removing static route 
for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through 
fe80::2a0:a50f:fc81:6d2e%pppoe0
Oct 13 09:35:46 pfsense check_reload_status: Reloading filter
Oct 13 09:35:47 pfsense xinetd[12487]: Starting reconfiguration
Oct 13 09:35:47 pfsense xinetd[12487]: Swapping defaults
Oct 13 09:35:47 pfsense xinetd[12487]: readjusting service 6969-udp
Oct 13 09:35:47 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 
(services)
Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: Info: 
starting on pppoe0.
Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: on (IP 
address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real interface: 
pppoe0).
Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting 
default route to 62.155.241.152
Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting IPv6 
default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route 
for monitor 8.8.8.8 and adding a new route through 62.155.241.152
Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route 
for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through 
fe80::2a0:a50f:fc81:6d2e%pppoe0
Oct 13 09:35:47 pfsense check_reload_status: Reloading filter
Oct 13 09:35:48 pfsense xinetd[12487]: Starting reconfiguration
Oct 13 09:35:48 pfsense xinetd[12487]: Swapping defaults
Oct 13 09:35:48 pfsense xinetd[12487]: readjusting service 6969-udp
Oct 13 09:35:48 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 
(services)
Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: Info: 
starting on pppoe0.
Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: on (IP 
address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real interface: 
pppoe0).
Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting 
default route to 62.155.241.152
Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting IPv6 
default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route 
for monitor 8.8.8.8 and adding a new route through 62.155.241.152
Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route 
for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through 
fe80::2a0:a50f:fc81:6d2e%pppoe0

=== /var/log/dhcpd.log ===
Oct 13 09:35:46 pfsense dhcp6c[29215]: a new XID (f740cc) is generated
Oct 13 09:35:46 pfsense dhcp6c[29215]: set client ID (len 14)
Oct 13 09:35:46 pfsense dhcp6c[29215]: set server ID (len 26)
Oct 13 09:35:46 pfsense dhcp6c[29215]: set status code
Oct 13 09:35:46 pfsense dhcp6c[29215]: set identity association
Oct 13 09:35:46 pfsense dhcp6c[29215]: set elapsed time (len 2)
Oct 13 09:35:46 pfsense