From: "Peter Müller" <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: IPFire 2.21 test report
Date: Fri, 29 Jun 2018 19:26:58 +0200 [thread overview]
Message-ID: <4b191285-03f9-6b48-0080-0e2729ea4a86@link38.eu> (raw)
In-Reply-To: <001201d40f21$d9ec33a0$8dc49ae0$@ministc.com>
[-- Attachment #1: Type: text/plain, Size: 2064 bytes --]
Hello,
just installed IPFire 2.21 - Core Update 122 on a testing machine.
Issues noticed during update:
(a) Update to 122 was not installed automatically, but needs user
interaction.
(b) Machine rebooted properly and came up again without manual action
required.
(c) WebUI shortly displays "local recursor" for DNS status at
the main page - DNSSEC status of nameservers, however, is green.
These were displayed correctly again after ~ 2 minutes.
(d) NRPE addon required reinstallation (probably due to some
configuration changes). The service did not appear in the list at
the WebUI; this needs some bugfixing.
(e) charon displays connection errors "could not write to socket:
operation not permitted" which disappeared after ~ 2 minutes and
everything was properly established.
Summary:
Reboot, basic functions WORKS
Squid web proxy + URL filter WORKS
IDS WORKS
OpenVPN (N2N only) WORKS
IPsec (N2N only) WORKS
SSH WORKS
QoS WORKS
NRPE WORKS (after reinstallation, some bugs left)
CPU load (especially when it comes to HW interrupts) is a bit
(but not significant) lower than it was while running C120.
RAM consumption stays at the same level. Entropy is ~ 400 bits
higher. Kernel reports two interesting log lines on boot:
19:02:35 kernel: alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106-gcm-aesni))
18:57:49 kernel: xt_geoip: loading out-of-tree module taints kernel.
Just for the records. :-)
Systems seems to be safe against Spectre/Meltdown:
/sys/devices/system/cpu/vulnerabilities/meltdown:
Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:
Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:
Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:
Mitigation: Full generic retpoline
In case any issues occur within the next time, I'll let you know.
Excellent work so far!
Thanks, and best regards,
Peter Müller
--
"We don't care. We don't have to. We're the Phone Company."
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-06-29 17:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <012c01d40e59$94d51de0$be7f59a0$@ministc.com>
2018-06-27 21:07 ` PFire 2.21 Peter Müller
2018-06-28 10:41 ` Michael Tremer
2018-06-28 20:51 ` Paul Titjen
2018-06-29 17:26 ` Peter Müller [this message]
2018-06-29 20:55 ` IPFire 2.21 test report Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4b191285-03f9-6b48-0080-0e2729ea4a86@link38.eu \
--to=peter.mueller@link38.eu \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox