Re: [pfSense] Captive Portal REDIRURL$ / missing

2013-02-28 Thread Frank Richter 

On 02/27/13 14:10, Jim Pingle wrote:

On 2/27/2013 6:23 AM, Frank Richter wrote:
   

I'm using Version: *2.0.2-RELEASE * (amd64) and the captive portal is
using https.
 

That's already been fixed in 2.0.3 images, and discussed several times
on the forum with workarounds/fixes. You can upgrade to a 2.0.3 snapshot
(check the forum for links) or if you look in the commit history for the
pfSense RELENG_2_0 branch on github you can find and apply the fix.

Jim
   


Thanks Jim for the hint.

I added the / in /usr/local/captiveportal/index.php

header(Location: https://{$ourhostname}/index.php?redirurl=; . 
urlencode(http://{$orig_host}*/*{$orig_request};));

header(Location: http://{$ourhostname}/index.php?redirurl=; . 
urlencode(http://{$orig_host}*/*{$orig_request};));

and it's working nicely now.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] CF-card test method?

2013-02-28 Thread Luigi Provale 

Hi all,
 I suspect my CF-card is broken (after 2 year of use on alix board), 
what method should i use to test it?

Thanks in advance.
Luigi.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] OpenVPN causes pfsense to lose access to Internet

2013-02-28 Thread Doug Sampson 
Hello-

I'm having a problem with the OpenVPN configuration. Each time I attempt to set 
up OpenVPN on pfsense, I no longer can ping 8.8.8.8.

Here's what I did.

I imported the pfsense certificate authority certificate and key (ca.crt  
ca.key) into the Cert Manager CA Authority tab from our older Linux-based 
router which used easyrsa to generate those certificates/keys. Then I went to 
the client certificate tab and imported Firewall.crt  Firewall.key from our 
Linux-based router to a 'Firewall' certificate entry. I also imported a client 
certificate and key into a new client certificate entry called DougSampson. 

I went to the OpenVPN configuration and imported the contents of the ta.key 
into the TLS-Authentication box. For the Peer Certificate Authority I chose the 
Firewall Certificate Authority certificate (ca.crt in this case) and for the 
Peer Certificate Revocation List I chose the Firewall Certificate Authority 
entry (we didn't employ a CRL list on our Linux-based router). For the Server 
Certificate, I chose the Firewall server certificate (in this case, the 
Firewall.crt) for the Server Certificate box. I chose 1024 bits for the DH 
Parameter Length. We had a dh1024.pem file from our Linux-based router but 
didn't know where to put it- there's no box for selecting the dh1024.pem file. 
It currently sits in the /root/easyrsa4pfsense/keys folder. POSTSCRIPT: I now 
notice 'dh /etc/dh-parameters.1024' in server1.conf. Should I replace the 
contents of that file with the contents from the 
/root/easyrsa4pfsense/keys/dh1024.pem?

The contents of server1.conf is as follows:

dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 69.xxx.xxx.xxx
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push route 192.168.101.0 255.255.255.0
push dhcp-option DOMAIN dawnsign.com
push dhcp-option DNS 192.168.101.1
push dhcp-option DNS 192.168.101.4
push dhcp-option DNS 192.168.101.7
push dhcp-option DNS 192.168.101.254
push dhcp-option NTP 192.168.101.254
push dhcp-option NTP 192.168.101.4
push dhcp-option WINS 192.168.101.4
client-to-client
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.1024
crl-verify /var/etc/openvpn/server1.crl-verify 
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
passtos
persist-remote-ip
float
push route 192.168.102.0 255.255.255.0

Content of client.ovpn:

client
dev tun
proto udp
remote 69.xxx.xxx.xxx 1194
resolve-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert DougSampson.crt
key DougSampson.key
tls-auth ta.key 1
comp-lzo
verb 3

The client config file worked just fine with our existing Linux-based router 
running OpenVPN.

Now when I try to connect, it fails with a TLS handshake error. Here is what 
the openvpn.log spits out:

Feb 28 10:07:05 pfsense openvpn[11729]: event_wait : Interrupted system call 
(code=4)
Feb 28 10:07:05 pfsense openvpn[11729]: /usr/local/sbin/ovpn-linkdown ovpns1 
1500 1542 10.0.8.1 10.0.8.2 init
Feb 28 10:07:05 pfsense openvpn[11729]: SIGTERM[hard,] received, process exiting
Feb 28 10:07:05 pfsense openvpn[48656]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 
[SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] 
built on Aug  6 2012
Feb 28 10:07:05 pfsense openvpn[48656]: NOTE: the current --script-security 
setting may allow this configuration to call user-defined scripts
Feb 28 10:07:05 pfsense openvpn[48656]: Control Channel Authentication: using 
'/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Feb 28 10:07:05 pfsense openvpn[48656]: TUN/TAP device /dev/tun1 opened
Feb 28 10:07:05 pfsense openvpn[48656]: do_ifconfig, tt-ipv6=0, 
tt-did_ifconfig_ipv6_setup=0
Feb 28 10:07:05 pfsense openvpn[48656]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 
mtu 1500 netmask 255.255.255.255 up
Feb 28 10:07:05 pfsense openvpn[48656]: /usr/local/sbin/ovpn-linkup ovpns1 1500 
1542 10.0.8.1 10.0.8.2 init
Feb 28 10:07:05 pfsense openvpn[50174]: UDPv4 link local (bound): 
[AF_INET]69.xxx.xxx.xxx:1194
Feb 28 10:07:05 pfsense openvpn[50174]: UDPv4 link remote: [undef]
Feb 28 10:07:05 pfsense openvpn[50174]: Initialization Sequence Completed
Feb 28 10:08:06 pfsense openvpn[50174]: OVPN client IP Addr:51681 Re-using 
SSL/TLS context
Feb 28 10:08:06 pfsense openvpn[50174]: OVPN client IP Addr:51681 LZO 
compression initialized
Feb 28 10:09:06 pfsense openvpn[50174]: OVPN client IP Addr:51681 TLS Error: 
TLS key negotiation failed to occur within 60 seconds (check your network 
connectivity)
Feb 28 10:09:06 pfsense openvpn[50174]: OVPN client IP Addr:51681 TLS Error: 
TLS handshake

[pfSense] Problems with DHCP failover

2013-02-28 Thread Jerome Alet 
Hi,

We've just upgraded our two-nodes failover cluster to 2.1BETA1 built on
Thu Feb 28 04:29:38 EST 2013, because we encountered problems with DHCP
failover not being in state normal / normal for some interfaces.

Searching the web, I've found this link which might be related :

  http://redmine.pfsense.org/issues/1730

When trying to find filter rules matching ports 519 or 520 in
/tmp/rules.debug as described in this bug report, there's no match at
all.

As far as I understand the answer to this bug report, the required rules
should be automatically added.

Is this to be expected or is there a problem somewhere ?

TIA

--
Jérôme Alet - jerome.a...@univ-nc.nc - Direction du Système d'Information
  Université de la Nouvelle-Calédonie - BPR4 - 98851 NOUMEA CEDEX
   Tél : +687 290081  Fax : +687 254829
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list