OPNsense Forum

English Forums => 19.1 Production Series => Topic started by: franco on November 03, 2018, 01:47:24 pm

Title: 19.1 development milestones
Post by: franco on November 03, 2018, 01:47:24 pm
Hi there,

Important milestones for us, partly shipped in 18.7.x:

* firewall alias API conversion
* collapsible side bar menu in the default theme
* arbitrary ZFS pool importer
* HardenedBSD 11.2
* LibreSSL 2.7
* Unbound 1.8
* Suricata 4.1
* Phalcon 3.4
* Perl 5.28
* Python 3.6 as an optional package for later 2.7 removal
* Realtek NIC driver version 1.95
* multiple DH groups and hash algorithms in IPsec phase 1
* redesigned interface binding for web GUI, Dnsmasq, Unbound, OpenSSH, Syslog export
* firmware health check extended to include kernel and base files
* firmware now embeds version and build information into core package
* firmware package mirror changes to HTTPS by default
* firmware obsolete base set removal, embedded into base set
* opnsense-version to read base, kernel, core and plugin info
* interface iteration function consolidation / simplification
* special interface address filter selectors moved to kernel-time resolving
* WPAD / PAC support in the web proxy
* updates are browser cache-safe regarding CSS and JavaScript assets
* MVC gained single-select, set-if-constraint and compared-to constraints
* captive portal connect API action
* PIE shaper support
* 2FA via LDAP-TOTP combination
* OpenVPN client export API
* Dnsmasq DNSSEC support
* extended IPv6 DUID support
* language updates for  Chinese, Czech, French, German, Japanese, Portuguese and Russian
* P12 certificate export with custom passwords
* Unified and improved anti-lockout behaviour
* web proxy parent proxy support
* Dpinger is now the default gateway monitor with Apinger being removed
* system notifications have been removed in favour of Monit service
* discontinued intrusion detection GeoIP support has been removed (use firewall aliases instead)
* Unbound statistics page
* console menu port configuration now allows to skip LAN and configure additional OPT interfaces (anti-lockout moves to OPT1 in this case)
* GRE IP alias support
* firewall NAT rule log support
* new plugins: os-api-backup, os-bind, os-dmidecode, os-nginx, os-ntopng, os-vnstat, os-dnscrypt-proxy
* rewritten plugins: os-wol

Questions, thoughts? Don't hesitate to ask!


Cheers,
Franco
Title: Re: 19.1 development milestones
Post by: fabian on November 03, 2018, 02:08:03 pm
* nginx plugin
* ntopng plugin
* alias API
Title: Re: 19.1 development milestones
Post by: miroco on November 03, 2018, 03:18:22 pm
How about ad-blocking, is it on the 19.1 roadmap?
Title: Re: 19.1 development milestones
Post by: mimugmail on November 03, 2018, 03:26:37 pm
It's in Bind Plugin already and I'll add Dome stuff to a new dnscrypt-proxy. Unbound may follow, but no idea before 19.1
Title: Re: 19.1 development milestones
Post by: fabian on November 03, 2018, 03:30:13 pm
How about ad-blocking, is it on the 19.1 roadmap?

that is already supported at multiple places (web proxy, bind plugin, …). Somebody has started his own plugin but nothing happened since (https://github.com/opnsense/plugins/pull/808 (https://github.com/opnsense/plugins/pull/808))
Title: Re: 19.1 development milestones
Post by: franco on November 03, 2018, 07:04:36 pm
Updated the list with things already shipped in 18.7.1 - 18.7.6 and 19.1-BETA.
Title: Re: 19.1 development milestones
Post by: l0rdraiden on November 04, 2018, 10:01:59 am
More pfblockerng features and better integrated by default.
Sensei as an official plugin
The ability to create allow block or temporary rules from a log entry
And something similar to SELKS in terms of reporting would be fantastic, maybe integrating it from plugins or creating something similar dedicated to opnsense
The ability to introduce range of IPs like 192.168.1.25-192.168.1.12. In alias
The ability to add more lines in a rule to introduce several IP ranges por port ranges
Alias creation should be something similar to pfsense with is better in this area
Title: Re: 19.1 development milestones
Post by: mimugmail on November 04, 2018, 10:17:03 am
More pfblockerng features and better integrated by default.

Will never happen, pfblocker is also a plugin. The logic of pfblocker is not philosophy of OPN. All plugins a modular and can be combined, this makes more sense than putting all in one plugin and double the work.
Also, 90% of the features are already possible, but not in one location, but this project is not here to be a replica of another :)

Sensei as an official plugin

It' a commercial plugin and it's not stable (1.0). Let's wait what happens ..

The ability to create allow block or temporary rules from a log entry

Good idea, feature requests only on github please.

The ability to add more lines in a rule to introduce several IP ranges por port ranges

You can mix host and port aliases in one rule to fit all ..

Alias creation should be something similar to pfsense with is better in this area

In the long term it will all be done via API, so no need to put extra work for an interim solution.




I'm not sure if this thread is meant as a wishlist, it's more for reporting :)
Title: Re: 19.1 development milestones
Post by: Drinyth on November 04, 2018, 03:19:25 pm
Any idea if:

https://github.com/opnsense/core/issues/1494

Will be resolved in 19.1 still? I have in the past used that logging feature for debugging and for seeing who is connecting to various open ports on the firewall (outside of the individual service logs for each running service). Hopefully it'll get introduced soon?

Thanks for your continued work on opnsense!
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on November 05, 2018, 12:08:00 pm
Still the same boot problem… when reaching the mmc0 :
Code: [Select]
No compatible cards found on the device.

This is well supported in FreeBSD 11.2 so I guess there is a problem with the driver for mmc and supported devices compiled in the Kernel (probably).
Title: Re: 19.1 development milestones
Post by: SiD67 on November 07, 2018, 07:30:26 pm
Would it be possible to integrate pihole or something similar directly into opnsense? I´m running my pihole on a vm at the moment...
Title: Re: 19.1 development milestones
Post by: mimugmail on November 07, 2018, 10:40:36 pm
Would it be possible to integrate pihole or something similar directly into opnsense? I´m running my pihole on a vm at the moment...


BIND plugin ...
Title: Re: 19.1 development milestones
Post by: Nekromantik on November 08, 2018, 10:58:16 pm
I use stubby and getdns via freebsd ports.
will I still be able to compile this via ports on 19.1?
Title: Re: 19.1 development milestones
Post by: franco on November 08, 2018, 11:40:52 pm
Precompiled getdns package is provided since 18.7.7.

Building a proper plugin around it is pending. Until then, it could still break or revert its configuration on updates (like what happened with our Unbound bump).


Cheers,
Franco
Title: Re: 19.1 development milestones
Post by: Nekromantik on November 08, 2018, 11:45:36 pm
Precompiled getdns package is provided since 18.7.7.

Building a proper plugin around it is pending. Until then, it could still break or revert its configuration on updates (like what happened with our Unbound bump).


Cheers,
Franco

ok thanks
Title: Re: 19.1 development milestones
Post by: JetA on November 16, 2018, 12:50:22 pm
It would be very good if they consider at least one of these.

1. https://forum.opnsense.org/index.php?topic=10235.msg46883#msg46883
2. https://forum.opnsense.org/index.php?topic=9845.msg44960#msg44960
3. https://forum.opnsense.org/index.php?topic=9645.msg44649#msg44649
Title: Re: 19.1 development milestones
Post by: mimugmail on November 16, 2018, 01:01:49 pm
In every topic your help is needed, so it's your turn now
Title: Re: 19.1 development milestones
Post by: JetA on November 16, 2018, 07:57:56 pm
mimugmail,
 ;)

There was free time

19.1 + surciata earned on:
xeon x5670x2, intel 350t4v2, hp proliant 360g6
Title: Re: 19.1 development milestones
Post by: maekar on November 22, 2018, 02:24:59 pm
It's in Bind Plugin already and I'll add Dome stuff to a new dnscrypt-proxy. Unbound may follow, but no idea before 19.1
Is possible to add content filter categories to block through Bind Plugin (like Shallalist)? And blacklist specific websites, like Squid do but with DNSBL?

Thanks!
Title: Re: 19.1 development milestones
Post by: mimugmail on November 22, 2018, 02:26:32 pm
No, there are different lists to select which include some kind like categorie, e.g. 1M top porn sites, malware domains, ad's etc.
Title: Re: 19.1 development milestones
Post by: maekar on November 22, 2018, 02:28:35 pm
And its planned to add those features in the near future?
Title: Re: 19.1 development milestones
Post by: mimugmail on November 22, 2018, 02:51:07 pm
You can only add lists which are category specific, but, there are not many public lists available for free.
If you have some, feel free to post :)
Title: Re: 19.1 development milestones
Post by: Davesworld on November 25, 2018, 08:36:10 pm
How about ad-blocking, is it on the 19.1 roadmap?

I have to turn mine off to even use dozens of websites so the webmasters have gotten smarter.

You can already use the proxy and set it up to use it to import lists such as Shalla, etc. The proxy as of yet only works with single wan. On one of my firewalls I set the proxy up and have it update the lists once per week. The benefit of the proxy filter is that you have numerous categories you can block including phishing sites. 
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on November 27, 2018, 02:56:41 pm
Is there a way to test 19.1 with FreeBSD 11.2 kernel ?

When I switch to the "Development" branch, I still have a 11.1 kernel.

I am currently trying 19.1.b_306 which seems to run on 11.1 kernel :

Code: [Select]
root@OPNsense:~ # uname -a
FreeBSD OPNsense.localdomain 11.1-RELEASE-p15 FreeBSD 11.1-RELEASE-p15  2be81e6145f(stable/18.7)  amd64


What are we supposed to do to switch to 11.2 kernel ?


Thanks.
Title: Re: 19.1 development milestones
Post by: franco on November 27, 2018, 08:39:01 pm
https://forum.opnsense.org/index.php?topic=10135.0
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on November 28, 2018, 10:26:19 am
Ok so couple of things here:

We are trying to have OPNsense working with a Netgate sg-5100 which is based on a Denverton architecture.
This device does not boot with any kernel on 11.1 (Denverton is not supported in 11.1) which makes sense.

It also does not boot at all on any kernel based on 11.2 and HardenedBSD.


So I have compiled a kernel based on FreeBSD 11.2 and installed it on top of an 18.7.8 and It boots straight out of the box.

What were the problems that you had with 11.2 and FreeBSD (if any) ?
Do you plan to create an option to install either on FreeBSD kernel or Hardened BSD ?


Thanks.
Title: Re: 19.1 development milestones
Post by: franco on November 28, 2018, 01:29:46 pm
Ideally the manufacturer of the hardware would assist with troubleshooting compatibility. At the very least to provide steps for us to amend images provided.


Cheers,
Franco
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on November 28, 2018, 01:59:59 pm
Quote
Ideally the manufacturer of the hardware would assist with troubleshooting compatibility. At the very least to provide steps for us to amend images provided.

The manufacturer of the hardware is fully compatible with FreeBSD 11.2

I don't see much thing that they could do to have a Hardened BSD image working with Denverton architecture and EMMc since It is working already with FreeBSD 11.2

So the problem is somewhere between the stock FreeBSD 11.2 source code and HardenedBSD 11.2

How could we help to try to solve this issue ?
Title: Re: 19.1 development milestones
Post by: lattera on November 28, 2018, 03:24:45 pm
Couple questions:

At what point does the system fail to boot?

What happens when you set vm.pmap.pti=0 in the loader?
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on November 28, 2018, 04:57:54 pm
So I have tried your hint
Code: [Select]
vm.pmap.pti=0 which didn't work at all and ended up with a SDHCI error (image below)

I have also tried the hint found in here : https://forum.opnsense.org/index.php?topic=10135.0
Code: [Select]
set hint.sdhci_pci.0.disabled=1
set hint.sdhci_pci.1.disabled=1
boot

This last one has allowed me to go further on the install process, but finally ended up with a disk install failure / CAM status problem (mountroot problem) also illustrated with the image below.


And this is the freeBSD 11.2 boot that I have :
Code: [Select]
Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.2-RELEASE-p4 #0 r341013: Tue Nov 27 13:30:22 CET 2018
    root@FBSD:/usr/obj/usr/src/sys/GENERIC_OPNS amd64
FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
VT(vga): resolution 640x480
CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz (2200.07-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x506f1  Family=0x6  Model=0x5f  Stepping=1
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x4ff8ebbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x101<LAHF,Prefetch>
  Structured Extended Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
  Structured Extended Features3=0x2c000000<IBPB,STIBP,ARCH_CAP>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0x1<RDCL_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
real memory  = 8589934592 (8192 MB)
avail memory = 8186150912 (7806 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <INTEL  TIANO   >
WARNING: L1 data cache covers less APIC IDs than a core
0 < 1
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-23 on motherboard
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
Timecounter "TSC-low" frequency 1100035606 Hz quality 1000
random: entropy device external interface
kbd1 at kbdmux0
netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff80ff4580, 0) error 19
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
nexus0
vtvga0: <VT VGA driver> on motherboard
cryptosoft0: <software crypto> on motherboard
acpi0: <ALASKA A M I > on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 24000000 Hz quality 950
Event timer "HPET" frequency 24000000 Hz quality 550
Event timer "HPET1" frequency 24000000 Hz quality 440
Event timer "HPET2" frequency 24000000 Hz quality 440
Event timer "HPET3" frequency 24000000 Hz quality 440
Event timer "HPET4" frequency 24000000 Hz quality 440
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pcib0: _OSC returned error 0x10
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 6.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <processor> at device 0.0 (no driver attached)
pcib2: <ACPI PCI-PCI bridge> mem 0xdff60000-0xdff7ffff irq 20 at device 14.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> mem 0xdff40000-0xdff5ffff irq 21 at device 15.0 on pci0
pci3: <ACPI PCI bus> on pcib3
igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xd000-0xd01f mem 0xdfd00000-0xdfd7ffff,0xdfd80000-0xdfd83fff irq 21 at device 0.0 on pci3
igb0: Using MSIX interrupts with 5 vectors
igb0: Ethernet address: 00:90:0b:7c:3a:49
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib4: <ACPI PCI-PCI bridge> mem 0xdff20000-0xdff3ffff irq 22 at device 16.0 on pci0
pci4: <ACPI PCI bus> on pcib4
igb1: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xc000-0xc01f mem 0xdfc00000-0xdfc7ffff,0xdfc80000-0xdfc83fff irq 22 at device 0.0 on pci4
igb1: Using MSIX interrupts with 5 vectors
igb1: Ethernet address: 00:90:0b:7c:3a:4a
igb1: Bound queue 0 to cpu 0
igb1: Bound queue 1 to cpu 1
igb1: Bound queue 2 to cpu 2
igb1: Bound queue 3 to cpu 3
igb1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <ACPI PCI-PCI bridge> mem 0xdff00000-0xdff1ffff irq 23 at device 17.0 on pci0
pci5: <ACPI PCI bus> on pcib5
ath0: <Atheros 9280> mem 0xdfb00000-0xdfb0ffff irq 23 at device 0.0 on pci5
[ath] enabling AN_TOP2_FIXUP
ath0: [HT] enabling HT modes
ath0: [HT] 1 stream STBC receive enabled
ath0: [HT] 1 stream STBC transmit enabled
ath0: [HT] 2 RX streams; 2 TX streams
ath0: AR9280 mac 128.2 RF5133 phy 13.0
ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0
ahci0: <Intel Denverton AHCI SATA controller> port 0xe0c0-0xe0c7,0xe0b0-0xe0b3,0xe040-0xe05f mem 0xdff96000-0xdff97fff,0xdffa2000-0xdffa20ff,0xdffa1000-0xdffa17ff irq 20 at device 19.0 on pci0
ahci0: AHCI v1.31 with 1 6Gbps ports, Port Multiplier supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
ahci1: <Intel Denverton AHCI SATA controller> port 0xe0a0-0xe0a7,0xe090-0xe093,0xe020-0xe03f mem 0xdff94000-0xdff95fff,0xdffa0000-0xdffa00ff,0xdff9f000-0xdff9f7ff irq 21 at device 20.0 on pci0
ahci1: AHCI v1.31 with 1 6Gbps ports, Port Multiplier supported
ahcich8: <AHCI channel> at channel 7 on ahci1
ahciem1: <AHCI enclosure management bridge> on ahci1
xhci0: <Intel Denverton USB 3.0 controller> mem 0xdff80000-0xdff8ffff irq 19 at device 21.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pcib6: <ACPI PCI-PCI bridge> irq 16 at device 22.0 on pci0
pci6: <ACPI PCI bus> on pcib6
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdf600000-0xdf7fffff,0xdf804000-0xdf807fff irq 16 at device 0.0 on pci6
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:90:0b:7c:3a:4b
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdf400000-0xdf5fffff,0xdf800000-0xdf803fff irq 17 at device 0.1 on pci6
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:90:0b:7c:3a:4c
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
pcib7: <ACPI PCI-PCI bridge> at device 23.0 on pci0
pci7: <ACPI PCI bus> on pcib7
ix2: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdf000000-0xdf1fffff,0xdf204000-0xdf207fff irq 16 at device 0.0 on pci7
ix2: Using MSI-X interrupts with 5 vectors
ix2: Ethernet address: 00:90:0b:7c:3a:4d
ix2: netmap queues/slots: TX 4/2048, RX 4/2048
ix3: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdee00000-0xdeffffff,0xdf200000-0xdf203fff irq 17 at device 0.1 on pci7
ix3: Using MSI-X interrupts with 5 vectors
ix3: Ethernet address: 00:90:0b:7c:3a:4e
ix3: netmap queues/slots: TX 4/2048, RX 4/2048
pci0: <simple comms> at device 24.0 (no driver attached)
pci0: <simple comms, UART> at device 26.0 (no driver attached)
pci0: <simple comms, UART> at device 26.1 (no driver attached)
pci0: <simple comms, UART> at device 26.2 (no driver attached)
sdhci_pci0: <Intel Denverton eMMC 5.0 Controller> mem 0xdff9a000-0xdff9afff,0xdff99000-0xdff99fff irq 16 at device 28.0 on pci0
sdhci_pci0: 1 slot(s) allocated
mmc0: <MMC/SD bus> on sdhci_pci0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
pci0: <memory> at device 31.2 (no driver attached)
pci0: <serial bus> at device 31.5 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 7 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 10 on acpi0
ppc0: cannot reserve I/O port range
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est0 attach returned 6
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est1 attach returned 6
est2: <Enhanced SpeedStep Frequency Control> on cpu2
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est2 attach returned 6
est3: <Enhanced SpeedStep Frequency Control> on cpu3
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est3 attach returned 6
Timecounters tick every 1.000 msec
ugen0.1: <0x8086 XHCI root HUB> at usbus0
uhub0: <0x8086 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
mmcsd0: 8GB <MMCHC M32508 5.2 SN 3642E57D MFG 06/2018 by 112 0x0000> at mmc0 200.0MHz/8bit/8192-block
mmcsd0boot0: 4MB partion 1 at mmcsd0
mmcsd0boot1: 4MB partion 2 at mmcsd0
mmcsd0rpmb: 4MB partion 3 at mmcsd0
ses0 at ahciem0 bus 0 scbus1 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 1.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
ses1 at ahciem1 bus 0 scbus3 target 0 lun 0
ses1: <AHCI SGPIO Enclosure 1.00 0001> SEMB S-E-S 2.00 device
ses1: SEMB SES Device
ada0 at ahcich8 bus 0 scbus2 target 0 lun 0
ada0: <2.5" SATA SSD 3ME2 M170707> ACS-2 ATA SATA 3.x device
ada0: Serial Number 20180724AA1853000018
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 122104MB (250069680 512 byte sectors)
Trying to mount root from ufs:/dev/gpt/rootfs [rw]...
uhub0: 8 ports with 8 removable, self powered
igb0: link state changed to UP
igb1: link state changed to UP
aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
igb0: link state changed to DOWN
ix0: link state changed to UP
igb0: link state changed to UP
igb1: link state changed to DOWN
ng0: changing name to 'pppoe0'
pflog0: promiscuous mode enabled
igb1: link state changed to UP


Thanks for your support.
Title: Re: 19.1 development milestones
Post by: lattera on November 28, 2018, 06:32:22 pm
That is indeed interesting. :)

I'll take a look this weekend. HardenedBSD hasn't made any changes to the CAM layer or SDHCI drivers. Regardless, I'll see if I can figure out what's going on. It'll be difficult with me not being able to reproduce, but I'll give it a shot.
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on November 28, 2018, 06:57:21 pm
Quote
That is indeed interesting. :)

I'll take a look this weekend. HardenedBSD hasn't made any changes to the CAM layer or SDHCI drivers. Regardless, I'll see if I can figure out what's going on. It'll be difficult with me not being able to reproduce, but I'll give it a shot.

Let me know if you want me to test anything… 

Thanks  ;)
Title: Re: 19.1 development milestones
Post by: franco on December 03, 2018, 09:24:34 am
> The manufacturer of the hardware is fully compatible with FreeBSD 11.2

Okay, so I want to know:

Did you ask the vendor about this and they said this to you?

If no, please ask the vendor about *HardenedBSD 11.2* support and what might be the issue from their point of view.

If yes, please let us know that they do not intend to support it.

I'm asking for clues to solve this or be able to say the vendor has no interest in supporting particular operating systems. I'm fine either way, but I don't appreciate you pushing this without giving us the background that you seem to have or maybe not gone ahead and collect for us to properly proceed.
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on December 03, 2018, 10:16:57 am
Quote
> The manufacturer of the hardware is fully compatible with FreeBSD 11.2

Okay, so I want to know:

Did you ask the vendor about this and they said this to you?

First note that my skills are limited and that I am trying to help with a global issue that you seem to have with HardenedBSD which does not exist with FreeBSD.

"Hardware vendors" do support well known OSes (Linux, FreeBSD) eventually less well known OSes (OpenBSD, NetBSD and FreeNAS), but they unfortunately don't provide support for an OS that is used by a very limited community and couple of years old.

Quote
If no, please ask the vendor about *HardenedBSD 11.2* support and what might be the issue from their point of view.

Generally speaking when you fork an OS you try to maintain hardware compatibility with upstream. I understand that this might be difficult, considering the fact that HBSD is changing low level hardware setting to enhance security… 

But considering the very few persons which have taken time to test this seriously as I did, I think that a lot of persons might be impacted by what I have been pointing at. And this is not good. 

Quote
If yes, please let us know that they do not intend to support it.

Again, they are providing full support for FreeBSD.
You can not expect to have a hardware vendor selling hundred thousands of unit to support an OS that is four years old.

From my humble point of view, the upstream compatibility must come from HBSD at this early stage.


Quote
I'm asking for clues to solve this or be able to say the vendor has no interest in supporting particular operating systems. I'm fine either way, but I don't appreciate you pushing this without giving us the background that you seem to have or maybe not gone ahead and collect for us to properly proceed.

Unfortunately my skills are limited.

I have spend time testing the HBSD, proceeded to multiple install with both OPNsense 19.1ß and HardenedBSD directly. I had systematic failure which have been fully reported in your forum.

I am willing to help and I don't see that many persons which have tested OPNsense with 19.1ß - If you think that my answers are not helpfull, I will stop my tests.

I am highlighting a fact that will hapened to MANY users before It becomes critical (before the launch of your 19.1 version). I hope this is considered as helpful.
Title: Re: 19.1 development milestones
Post by: mimugmail on December 03, 2018, 10:35:18 am

I am willing to help and I don't see that many persons which have tested OPNsense with 19.1ß - If you think that my answers are not helpfull, I will stop my tests.



Many ppl tested 19.1, but only with their own hardware .. and I'm quite sure no one is willing to buy every hardware to test compatibility. The hardware is quite new and Denverton is reported to work in general with 19.1.
The main problem is your hardware is from a vendor who is not interested in running OPNsense, or better, to it's best that OPNsense run on it's own hardware .. you know what I mean?  ::)
Title: Re: 19.1 development milestones
Post by: franco on December 03, 2018, 10:52:20 am
> Again, they are providing full support for FreeBSD.

That's a "yes" you spoke with them and "no" they do not in any way will help to figure this out.

Is that correct? :)


Cheers,
Franco
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on December 03, 2018, 11:12:56 am
Quote
> Again, they are providing full support for FreeBSD.

That's a "yes" you spoke with them and "no" they do not in any way will help to figure this out.

Is that correct? :)

Just to be precise: I am not discussing any "issue" with anyone anywhere beside this forum.

I am reporting an error that I have on a hardware that I am planing to use since I tend to prefer OPNsense to pfSense. This is not a major issue. Simply let me know if I can help anywhere or if these tests are simply useless.

Thanks a lot.
Title: Re: 19.1 development milestones
Post by: mimugmail on December 03, 2018, 11:36:29 am
http://www.lannerinc.com/products/network-appliances/x86-desktop-network-appliances/nca-1510

Does it look familiar? Most vendors order from Lanner. Try to find a reseller in your area and try this unit.
I'm quite sure it will work.

Also I'm quite sure the distributor from SG5100 is doing all it can to prevent running OPNsense.

When you want to run Windows, you wont buy a Mac, do you?
Title: Re: 19.1 development milestones
Post by: lattera on December 03, 2018, 03:33:59 pm
Quote
> Again, they are providing full support for FreeBSD.

That's a "yes" you spoke with them and "no" they do not in any way will help to figure this out.

Is that correct? :)

Just to be precise: I am not discussing any "issue" with anyone anywhere beside this forum.

I am reporting an error that I have on a hardware that I am planing to use since I tend to prefer OPNsense to pfSense. This is not a major issue. Simply let me know if I can help anywhere or if these tests are simply useless.

Thanks a lot.

Let's all take a deep breath here. We're on the same team. ;)

You mentioned earlier that you compiled a stock FreeBSD 11.2 kernel on this system. Which kernel config did you use? Did you have any custom kernel configuration options enabled or disabled?
Title: Re: 19.1 development milestones
Post by: bob@afrinet.eu on December 03, 2018, 04:16:27 pm
I have synced my kernel source code from FreeBSD and I have used this to comile my Kernel (as far as I can remember) :

https://github.com/opnsense/src/blob/master/sys/amd64/conf/GENERIC


 :P
Title: Re: 19.1 development milestones
Post by: mimugmail on December 04, 2018, 07:54:24 pm
https://forum.opnsense.org/index.php?topic=10518.0;topicseen
Title: Re: 19.1 development milestones
Post by: chrcoluk on December 13, 2018, 01:27:47 am
really need to see the hardenedbsd boot dmesg log, to help more, use a manual camera if you have to.
Title: Re: 19.1 development milestones
Post by: franco on December 13, 2018, 12:07:42 pm
There's still no word on how 19.1-BETA images fare in this particular case.

https://forum.opnsense.org/index.php?topic=10135.0
Title: Re: 19.1 development milestones
Post by: Nekromantik on December 15, 2018, 05:10:28 pm
how often do the dev builds get released?
is it one a month or whenever a new build is stable enough?
Title: Re: 19.1 development milestones
Post by: maekar on December 19, 2018, 01:51:43 pm
No, there are different lists to select which include some kind like categorie, e.g. 1M top porn sites, malware domains, ad's etc.
Hi, and you can add the option to blacklist specific domains, in a text-box (like the whitelist option)? For example, block Ads, Malware, etc from the list AND Facebook.com, Twitter.com or any other domain we want to add in a block-list.

That would be enough for us, is the main reason to use pfBlocker in our school: block and unblock (if categories makes an unwanted block) specific websites via DNS.

Thanks!
Title: Re: 19.1 development milestones
Post by: mimugmail on December 19, 2018, 04:45:33 pm
Sure, I can have a look :)
Title: Re: 19.1 development milestones
Post by: fabian on December 23, 2018, 11:38:28 pm
how often do the dev builds get released?
is it one a month or whenever a new build is stable enough?

Release and dev builds are created at the same time, the difference is the git branch (master / release) and the dev branch packages have a suffix (-devel).
Title: Re: 19.1 development milestones
Post by: AndyX90 on January 04, 2019, 06:51:15 pm
Is the target for 19.1 still FreeBSD 11.2 or will it go directly to FreeBSD 12?
I am asking because of the driver support for specific wifi-hardware which is given on FreeBSD 12 and up.

Regards
Title: Re: 19.1 development milestones
Post by: mimugmail on January 04, 2019, 07:05:13 pm
11.2
Title: Re: 19.1 development milestones
Post by: Julien on February 01, 2019, 02:21:39 pm
my outbound is broke, i cannot connect at all,
connection is to netflex/xbox/ps4/internet works and sometimes does not.
Title: Re: 19.1 development milestones
Post by: mimugmail on February 01, 2019, 04:12:49 pm
nah .. your outbound works fine ;) google.nl works with different browser, the other page is also down at my side ;) other stuff cannot be tested as nobody at home
Title: Re: 19.1 development milestones
Post by: Julien on February 01, 2019, 07:49:21 pm
nah .. your outbound works fine ;) google.nl works with different browser, the other page is also down at my side ;) other stuff cannot be tested as nobody at home
i have reformated the box to 18.7 everything is working fine now
as discussed .xml file has been emailed to you
Title: Re: 19.1 development milestones
Post by: mimugmail on February 02, 2019, 07:29:56 am
After second Teamviewer session I'm guessing it's about Realtek NIC

https://forum.opnsense.org/index.php?topic=11425.0
Title: Re: 19.1 development milestones
Post by: Julien on February 02, 2019, 08:36:24 pm
After second Teamviewer session I'm guessing it's about Realtek NIC

https://forum.opnsense.org/index.php?topic=11425.0

the solution is thank you mimugmail
Code: [Select]
In Interface Config under DHCP, Client Config, Advanced, set:

supersede interface-mtu 0

in Option Modifiers
Title: Re: 19.1 development milestones
Post by: franco on February 04, 2019, 11:29:15 am
We'll address this in 19.1.1 tomorrow.


Cheers,
Franco
Title: Re: 19.1 development milestones
Post by: Julien on February 06, 2019, 12:40:48 pm
We'll address this in 19.1.1 tomorrow.


Cheers,
Franco
Thank you Franco,
Today updated 4 box and everything seems to be fine,
We have a 10GB WAN and its working fine, i am impressed with the IDS, i pick up 90% of my speed, morever before 40%.
great improvement thank you guys
Title: Re: 19.1 development milestones
Post by: Daemotrix on February 28, 2019, 10:09:12 pm
I read something about new Realtek drivers. Does It bring better USB NIC support with Realtek chips? I have one but on 10mbit instead of 1gbit :(
Title: Re: 19.1 development milestones
Post by: franco on February 28, 2019, 10:33:16 pm
No, the "Realtek vendor driver" is for "re" devices, which are non-USB.


Cheers,
Franco