Nope, none of those are a big concern. Some of that could be cleaned up but they are just ugly.

@stephenw10 Since this is a pretty nasty issue, I will try to test myself, but 2.8 beta is as an update only release still right? no installer. This will delay things a bit but will test as soon as possible, using q35, and full virtio.

@w0w Thats the plan, but I need to be sure I am not submitting something that only works for me and breaks for others, it needs care taken on this issue.

@w0w

Seems so or possibly an interaction with if_pppoe and something else within the new beta.

Regressing to 24.11 again and symptoms vanish. Reverting to the old backend on the beta seems fine too (albeit with the old pppoe issues).

I had to work back again and re-test as I had the test diff patch applied with the revised beta, which drew some doubts on my results for a while. Fat-fingering in a config error when testing is something I try to avoid but you have to admit your mistakes.

I'm waiting for the next beta drop really, to see if the changes also impact the issues I see. Opening up all the cores may just be peeling back something that was already latent and just masked by the old backend process.

I did do a couple of tests that suggests the upload fq_codel settings may need adjusting against a different workload for if_pppoe; but too early to be sure.

I'm also being nudged to try Kea again, as apparently it has matured a bit since its launch.

☕️

Hmm, it does seem kinda shady!

There's no FreeBSD port as far as I can see, though there is one for v2ray which this was forked from.

You are asking about adding it as a client to connect to the xrayvpn service only?

I'm not really seeing any advantages over existing VPN options TBH.

@jimp oh cool, it never even occurred to me that ppl would carry around a universal cert

@patient0 Worked! thanks!

The rule order in the configuration file is supposed to reflect both the rule processing and rule position (i.e. what's shown in the GUI) order. Ultimately, the processing itself is determined by what gets put into /tmp/rules.debug. As for the rule position in the GUI, there are multiple factors involved. With the latest fixes (referenced in the thread linked above), what does happen should finally match what is supposed to happen.

@techpro2004 FFS.

@antoine2711 said in Can’t compile a port software. Error: Unable to determine OS version. Either define OSVERSION, install /usr/include/sys/param.h or define SRC_BASE:

Hi @bmeeks, I was able to retreive the pkg in the cache folder of my FreeBSD (/var/cache/pkg).

Thanks for your help again. I’m ok for now.

Best Regards, Antoine

The risk with installing packages from the stock FreeBSD repo (or any other repo except the official pfSense repo for your version) is that the versions of various shared library dependencies may differ from what is currently used by pfSense. The pkg utility will automatically attempt to download and install any shared library dependencies needed by the package you are installing. So long as those are the same ABI and shared library versions as what already exists on the pfSense installation, you are fine. It's when they differ that your pfSense installation can get broken - and sometimes irretrievably broken.

@stephenw10 I don't think kernel debug symbols are really going to be of much use to me. And Xdebug is a php debugger, but I need debug symbols for php83-pecl-radius (and php-fpm I suppose).

@LamaZ This looks to have been going on for many years glad it made it. Secure Time!! Quizzes, Tests, Exams, etc all are now a bit more secure.

@guiambros said in pfSense compile requirements for 3rd party software:

Using the default devel branch I can finish the poudriere jail, but can't compile packages due to missing pfSense-pkg-zabbix-[agent4|proxy4] pre-reqs. If I use the RELENG_2_7_2 branch, jail creation fails with make[4]: don't know how to make aes-586.S. Stop.

For anyone having this issue, you just need fork the FreeBSD-src then merge this pull request into your branch.

@encrypt1d: it seems Netgate made it (intentionally?) impossible to compile or do anything with CE.

I do not believe this is an intentional sabotage. The commits that led to this issue can be found here and here.

I don't really understand why these commits were made, but I suspect it was because netgate wanted to upgrade OpenSSL to version 3.0.9 on pSense 2.7.2. This version was not yet integrated into FreeBSD 14, hence the custom commits.

As for "netgate made it harder to build pfSense"..yes, possibly, but it's not impossible. See this repo.

Also: WITHOUT_LIB32=y is absolutely not needed to my knowledge. I don't know why people keep referencing it.

I spent some time yesterday learning how to build from ports, and I was able to create Zabbix 7.0.6 proxy and agent binaries using a fully updated FreeBSD 14.2 VM. I didn't use Poudriere jails or anything, just ran

I copied the binaries to a pfSense 24.11 box for testing and so far they work perfectly.
This is not a proper build and testing process, but it's a good indication that Zabbix 7.0 should work fine on pfSense 24.11.

I'm not a developer and don't have a Github repo, so I guess this doesn't help anyone unless I setup an account and submit a PR for my binaries to be included?

Also, is there a guide of what the statuses mean on Redmine? The Zabbix 7.0 package request is "Confirmed", "In Progress", and target is 25.01. Does this mean that Zabbix 7.0 will NEVER be released for 24.03 or 24.11? Is Netgate staff working on the packages to include with 25.01, or is it waiting on someone in the community to submit it?

If 24.11 is the currently supported version of pfSense, and assuming the Zabbix package doesn't require modifications to pfSense, then it should be possible for an official package to be released for 24.11, right? As far as I can tell, it can 7.0 behaves exactly the same as 6.4.

I think my test port uses different default paths for the config, log, and pid files than pfSense does, but the log and pid paths can be set in the config file, and the the config file path is given as a parameter to the binary. Or someone with more knowledge than me could just set those correctly in the build.

KvY6SmgB4s.png

@marcosm said in Multiple instances of repeatable:

Sounds like it'd be best to go with a single input field for each section.

Yea, I think you're right. Enhancing the javascript could end up as a lifelong project for me.

You are trying to do this using some custom php script in pfSense directly?