[pfSense] pfSense 2.2 upgrade experiences
Hi, at first: thanks for the great work! 1) After trying to update my pfSense 2.1.5 (i386) to 2.2 over web-interface it reboots as expected... But this was all. The firewall was not working anymore. After a while inspecting the problem I fixed the config, so that it seems to run again. Now I've tried to update by console... so that I could finally find the problem. My disk was full and the update seems to stop somewhere in between :-( I wiped out the harddisk at all to reinstall it and use the config-backup. This is ok for me, but probably not for every one. Maybe it would be a good practise to check the free disk space before starting the upgrade. Even better would be if the installer check it, so that fools like me don't stumble on such an evident error-case :-) 2) I have 2 Phase 1 entries. One for a AVM Fritzbox (still working) an a second for android road warriors. Since the upgrade my android clients can connect anymore. Phase 1 and Phase 2 configurations was not changed since the upgrade. Was anything changed on the IPsec environment? Thanks, Claudio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense 2.2 upgrade experiences
Am 09.02.2015 um 09:53 schrieb Claudio Thomas: Hi, at first: thanks for the great work! 1) After trying to update my pfSense 2.1.5 (i386) to 2.2 over web-interface it reboots as expected... But this was all. The firewall was not working anymore. After a while inspecting the problem I fixed the config, so that it seems to run again. Now I've tried to update by console... so that I could finally find the problem. My disk was full and the update seems to stop somewhere in between :-( I wiped out the harddisk at all to reinstall it and use the config-backup. This is ok for me, but probably not for every one. Maybe it would be a good practise to check the free disk space before starting the upgrade. Even better would be if the installer check it, so that fools like me don't stumble on such an evident error-case :-) 2) I have 2 Phase 1 entries. One for a AVM Fritzbox (still working) an a second for android road warriors. Since the upgrade my android clients can connect anymore. Phase 1 and Phase 2 configurations was not changed since the upgrade. Was anything changed on the IPsec environment? Thanks, Claudio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold Hi, did you read https://doc.pfsense.org/index.php/Upgrade_Guide#IPsec_Changes already? Have a nice day ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
There's been a bug open for 14 days regarding the configuration issues: https://redmine.pfsense.org/issues/4307 I will try the packaged binaries again. On Feb 9, 2015, at 9:06 AM, Jeremy Porter jpor...@electricsheepfencing.com wrote: I'd just like to point out, that the Webui installs binaries via PBI into different locations, than the pkg installer does, and this is likely to cause problems mixing them. Installing packages via pkg that are already in the pfsenes package repo is likely to cause a lot of grief down the road. If the official package doesn't work, please open a ticket on https://redmind.pfsenes.org under Packages. There are a number of broken ones, we're working on getting fixed. On 2/8/2015 10:07 PM, Brady, Mike wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold — Dan Langille http://langille.org/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
Yes backups run successfully. Easiest thing to do while testing is to just run a status client command in bconsole. Once that works you should be good to go. On 2015-02-10 00:46, Dan Langille wrote: Before I go down that road again: by working, do you mean you've successfully run a backup? -- Dan Langille http://langille.org/ On Feb 8, 2015, at 11:07 PM, Brady, Mike mike.br...@devnull.net.nz wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
Status client was failing. That is what I spent hours upon. On Feb 9, 2015, at 11:19 AM, Brady, Mike mike.br...@devnull.net.nz wrote: Yes backups run successfully. Easiest thing to do while testing is to just run a status client command in bconsole. Once that works you should be good to go. On 2015-02-10 00:46, Dan Langille wrote: Before I go down that road again: by working, do you mean you've successfully run a backup? -- Dan Langille http://langille.org/ On Feb 8, 2015, at 11:07 PM, Brady, Mike mike.br...@devnull.net.nz wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold — Dan Langille http://langille.org/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
No mixed binaries were used in this endeavor. On Feb 9, 2015, at 9:06 AM, Jeremy Porter jpor...@electricsheepfencing.com wrote: I'd just like to point out, that the Webui installs binaries via PBI into different locations, than the pkg installer does, and this is likely to cause problems mixing them. Installing packages via pkg that are already in the pfsenes package repo is likely to cause a lot of grief down the road. If the official package doesn't work, please open a ticket on https://redmind.pfsenes.org under Packages. There are a number of broken ones, we're working on getting fixed. On 2/8/2015 10:07 PM, Brady, Mike wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold — Dan Langille http://langille.org/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
PLEASE NOTE: Once I removed the PBI binaries and tried pkg binaries, I was then able to run status client and run backups. This was done *without* modifying the configuration files on the client. On Feb 9, 2015, at 11:19 AM, Brady, Mike mike.br...@devnull.net.nz wrote: Yes backups run successfully. Easiest thing to do while testing is to just run a status client command in bconsole. Once that works you should be good to go. On 2015-02-10 00:46, Dan Langille wrote: Before I go down that road again: by working, do you mean you've successfully run a backup? -- Dan Langille http://langille.org/ On Feb 8, 2015, at 11:07 PM, Brady, Mike mike.br...@devnull.net.nz wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold — Dan Langille http://langille.org/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Triggering VPN connections
Is there a way that pfsense can auto connect a VPN connection on connection of a specific network by seeing what ip address is assigned to it? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.2-RELEASE (i386) - FTP passive mode broken
After pfSense upgrade to 2.2, clients' connection to FTP server is broken. On the server side we see that the server tells the client to connect to port in 5000-5050 range per our settings, but the client that is behind the upgraded pfSense see the server telling it to connect to ports in 15000-25000 range. Everything woks fine with 2.1.5 version Playing with System Advanced System Tunables tab, debug.pfftpproxy doesn't fix the issue. And debug.pfftpports tunable is missing. Workaround is to allow all ports to the FTP server IP. Does anybody experience the same issue and what is solution? Best regards, Sergii Cherkashyn ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
On 02/09/2015 11:30 AM, Dan Langille wrote: There's been a bug open for 14 days regarding the configuration issues: https://redmine.pfsense.org/issues/4307 I will try the packaged binaries again. FYI for others (Dan already knows from Twitter): Bacula should be OK now on 2.2, as of package version 1.0.6. The main problem was the paths being used for the various configuration file and startup script references. Once those were fixed up things seem to be OK. There is still some awkwardness in how to set the package GUI up but that's the same as it always was. Have to add two directors, one local for the firewall itself and another for the remote bacula server. There is still a lingering issue with the rc script not restarting properly but we're looking into that as well. Not as critical as the other issues at least. If anyone wants to work on making the GUI more intuitive, feel free to collaborate and submit some patches. Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
On Feb 9, 2015, at 2:10 PM, Jim Pingle li...@pingle.org wrote: On 02/09/2015 11:30 AM, Dan Langille wrote: There's been a bug open for 14 days regarding the configuration issues: https://redmine.pfsense.org/issues/4307 I will try the packaged binaries again. FYI for others (Dan already knows from Twitter): Bacula should be OK now on 2.2, as of package version 1.0.6. The main problem was the paths being used for the various configuration file and startup script references. Once those were fixed up things seem to be OK. There is still some awkwardness in how to set the package GUI up but that's the same as it always was. Have to add two directors, one local for the firewall itself and another for the remote bacula server. There is still a lingering issue with the rc script not restarting properly but we're looking into that as well. Not as critical as the other issues at least. If anyone wants to work on making the GUI more intuitive, feel free to collaborate and submit some patches. Thanks Jim. — Dan Langille http://langille.org/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2-RELEASE (i386) - FTP passive mode broken
On Feb 9, 2015, at 9:18 AM, Sergii Cherkashyn ser...@accurategroup.com wrote: After pfSense upgrade to 2.2, clients’ connection to FTP server is broken. On the server side we see that the server tells the client to connect to port in 5000-5050 range per our settings, but the client that is behind the 15000-25000 range. Everything woks fine with 2.1.5 version Playing with System Advanced System Tunables tab, debug.pfftpproxy doesn’t fix the issue. And debug.pfftpports tunable is missing. Workaround is to allow all ports to the FTP server IP. Does anybody experience the same issue and what is solution? https://doc.pfsense.org/index.php/Upgrade_Guide#FTP_Proxy ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
Short version of this post: I removed the pkg, tried PBI, didn't work, installed pkg, worked. Here is what I just tried: * pkg delete bacula-client * install bacula-client via webgui * copy my working configuration file: cp /usr/local/etc/bacula/bacula-fd.conf /usr/pbi/bacula-amd64/local/etc/bacula-fd.conf * /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/pbi/bacula-amd64/local/etc/bacula-fd.conf *status client=bast-fd Connecting to Client bast-fd at bast.int.unixathome.org:9102 Failed to connect to Client bast-fd. You have messages. *m 09-Feb 17:05 bacula-dir JobId 0: Fatal error: Unable to authenticate with File daemon at bast.int.unixathome.org:9102. Possible causes: Passwords or names not the same or Maximum Concurrent Jobs exceeded on the FD or FD networking messed up (restart daemon). Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION0026 for help. * To go back to the pkg binaries: * delete the PBI bacula via the webui * confirm it is no longer running / installed: ps auwx | grep bacula root 44932 0.0 0.4 61028 7748 - Ss4:58PM 0:00.02 /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/local/etc/bacula/bacula-fd.conf root 71389 0.0 0.1 18884 2376 0 S+5:06PM 0:00.00 grep bacula [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: Oh, it's still running after PBI removal. kill it: [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: kill -TERM 44932 [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: ps auwx | grep bacula root 68728 0.0 0.1 18884 2376 0 S+5:11PM 0:00.00 grep bacula [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: Yes, it's really gone: ls -l /usr/local/sbin/bacula-fd ls: /usr/local/sbin/bacula-fd: No such file or directory And the conf file is still there, good: ls -l /usr/local/etc/bacula/bacula-fd.conf -rw-r- 1 bacula bacula 493 Feb 8 22:17 /usr/local/etc/bacula/bacula-fd.conf Now it's dead. Let's install via pkg: pkg install bacula-client Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Checking integrity... done (0 conflicting) The following 2 packages will be affected (of 0 checked): New packages to be INSTALLED: bacula-client: 7.0.5_2 lzo2: 2.08_1 The process will require 1 MiB more space. Proceed with this action? [y/N]: y [1/2] Installing lzo2-2.08_1... [1/2] Extracting lzo2-2.08_1: 100% [2/2] Installing bacula-client-7.0.5_2... === Creating users and/or groups. Using existing group 'bacula'. Using existing user 'bacula'. [2/2] Extracting bacula-client-7.0.5_2: 100% Message for bacula-client-7.0.5_2: NOTE: Sample files are installed in /usr/local/etc/bacula: bconsole.conf.sample, bacula-fd.conf.sample It's back: ls -l /usr/local/sbin/bacula-fd -rwxr-xr-x 1 root wheel 225067 Jan 28 12:46 /usr/local/sbin/bacula-fd Start it: [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/local/etc/bacula/bacula-fd.conf [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: ps auwx | grep bacula root 50020 0.3 0.4 54288 7256 - Ss5:14PM 0:00.01 /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/local/etc/bacula/bacula-fd.conf root 50266 0.0 0.1 18884 2376 0 S+5:14PM 0:00.00 grep bacula [2.2-RELEASE][ad...@bast.int.unixathome.org]/root: and test it: *status client=bast-fd Connecting to Client bast-fd at bast.int.unixathome.org:9102 bast-fd Version: 7.0.5 (28 July 2014) amd64-portbld-freebsd10.0 freebsd 10.0-RELEASE-p9 Daemon started 09-Feb-15 17:14. Jobs: run=0 running=0. Heap: heap=0 smbytes=186,074 max_bytes=186,221 bufs=52 max_bufs=53 Sizes: boffset_t=8 size_t=8 debug=0 trace=0 mode=0,0 bwlimit=0kB/s Running Jobs: Director connected at: 09-Feb-15 17:14 No Jobs running. Terminated Jobs: JobId LevelFiles Bytes Status FinishedName === 198845 Full 6115.6 K OK 08-Feb-15 23:07 bast_pfsense_config.xml 198850 Incr 1113.5 K OK 09-Feb-15 05:55 bast_pfsense_config.xml * On Feb 9, 2015, at 11:19 AM, Brady, Mike mike.br...@devnull.net.nz wrote: Yes backups run successfully. Easiest thing to do while testing is to just run a status client command in bconsole. Once that works you should be good to go. On 2015-02-10 00:46, Dan Langille wrote: Before I go down that road again: by working, do you mean you've successfully run a backup? -- Dan Langille http://langille.org/ On Feb 8, 2015, at 11:07 PM, Brady, Mike mike.br...@devnull.net.nz wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced.
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
Thanks for the update Jim. It does now work, after some messing around. But, the required messing around may well have been required due to the messing around that I had done previously, so your mileage may vary. What I did: 1) Reinstall the package in the GUI 2) Delete and redo the the configuration on the GUI 3) ssh on to the pfsense box and kill the running bacula-fd. This was still there from before the reinstall! Stopping/restarting in the GUI silently did nothing. For reference the running process should be: /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/pbi/bacula-amd64/etc/bacula/bacula-fd.conf mine was still: /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/local/etc/bacula/bacula-fd.conf I have now done this on two machines and status client command in bconsole connects for both. I haven't done a backup yet. On 2015-02-10 08:10, Jim Pingle wrote: On 02/09/2015 11:30 AM, Dan Langille wrote: There's been a bug open for 14 days regarding the configuration issues: https://redmine.pfsense.org/issues/4307 I will try the packaged binaries again. FYI for others (Dan already knows from Twitter): Bacula should be OK now on 2.2, as of package version 1.0.6. The main problem was the paths being used for the various configuration file and startup script references. Once those were fixed up things seem to be OK. There is still some awkwardness in how to set the package GUI up but that's the same as it always was. Have to add two directors, one local for the firewall itself and another for the remote bacula server. There is still a lingering issue with the rc script not restarting properly but we're looking into that as well. Not as critical as the other issues at least. If anyone wants to work on making the GUI more intuitive, feel free to collaborate and submit some patches. Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense 2.2 upgrade experiences
On 09.02.2015 10:20, J. Echter wrote: Am 09.02.2015 um 09:53 schrieb Claudio Thomas: Hi, at first: thanks for the great work! 1) After trying to update my pfSense 2.1.5 (i386) to 2.2 over web-interface it reboots as expected... But this was all. The firewall was not working anymore. After a while inspecting the problem I fixed the config, so that it seems to run again. Now I've tried to update by console... so that I could finally find the problem. My disk was full and the update seems to stop somewhere in between :-( I wiped out the harddisk at all to reinstall it and use the config-backup. This is ok for me, but probably not for every one. Maybe it would be a good practise to check the free disk space before starting the upgrade. Even better would be if the installer check it, so that fools like me don't stumble on such an evident error-case :-) 2) I have 2 Phase 1 entries. One for a AVM Fritzbox (still working) an a second for android road warriors. Since the upgrade my android clients can connect anymore. Phase 1 and Phase 2 configurations was not changed since the upgrade. Was anything changed on the IPsec environment? Thanks, Claudio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold Hi, did you read https://doc.pfsense.org/index.php/Upgrade_Guide#IPsec_Changes already? Hi, yes... the iPsec config for android is exactly as described in the HowTo https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To. Because of this I've assumed, that my configuration is not a unusual configuration. To the other points in the upgrade guide: - I also have only one phase 2 entry for each Phase 1 entry. - Prefer old IPsec SAs is disabled. - I've checked both phase 1 modes (main/aggressive) without any difference, so I let it on aggressive mode as described in HowTo. - glxsb Crypto: Encryption is AES 128 only, so this should not be a reason to fail. - My mobile client does not need to use ipsec for main internet traffic. - pfSense has a public IP and ist connected directly to the internet. My Identifier is My IP address, but also tested IP address with any changes. The peer identifier is a user destinguishes name, because peers may have a private IP address. Both exactly as described in the HowTo. I've rechecked the HowTo to see if something has changed over the years: - Phase 1: Policy Generation: Unique and Proposal Checking: Strict are missing in actual Configurations Options. - On Android: I've no option to set Pre-Shared Key Type: text. I can only set the IPsec Pre-shared Key directly (android 4.4.2). I don't have an option Identity Type: User FQDN. I don't have the option Internal Subnet IP. But all used devices has run without this 3 options at all, so I would wonder is this is the problem. I've annexed a log of a connection test. I've tried a connection with a Samsung tabled 4.4.2 (with private ip 10.x.x.x) to the WAN IP of the pfSense Computer. The visible IP address is translated NAT-IP of the mobile device. summarising: I can not find an error. I've checked the HowTo and the Upgrade Guide. Any suggestion which IP Sec debug-level I could increase to search for the problem? Thanks, Claudio Feb 9 11:17:57 charon: 12[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ] Feb 9 11:17:57 charon: 12[IKE] 23 received FRAGMENTATION vendor ID Feb 9 11:17:57 charon: 12[IKE] received FRAGMENTATION vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received NAT-T (RFC 3947) vendor ID Feb 9 11:17:57 charon: 12[IKE] received NAT-T (RFC 3947) vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 9 11:17:57 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 9 11:17:57 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received draft-ietf-ipsec-nat-t-ike-00 vendor ID Feb 9 11:17:57 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received XAuth vendor ID Feb 9 11:17:57 charon: 12[IKE] received XAuth vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received Cisco Unity vendor ID Feb 9 11:17:57 charon: 12[IKE] received Cisco Unity vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 received DPD vendor ID Feb 9 11:17:57 charon: 12[IKE] received DPD vendor ID Feb 9 11:17:57 charon: 12[IKE] 23 80.187.100.247 is initiating a Aggressive Mode IKE_SA Feb 9 11:17:57 charon: 12[IKE] 80.187.100.247 is initiating a Aggressive Mode IKE_SA Feb 9 11:17:57 charon: 12[CFG] looking for XAuthInitPSK peer configs matching A.B.C.D...80.187.100.247[vpnus...@example.net] Feb 9 11:17:57 charon: 12[CFG] selected peer config con1 Feb 9 11:17:57 charon: 12[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ] Feb 9
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
Before I go down that road again: by working, do you mean you've successfully run a backup? -- Dan Langille http://langille.org/ On Feb 8, 2015, at 11:07 PM, Brady, Mike mike.br...@devnull.net.nz wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] captive portal doesn´t work after upgrade to 2.2
good morning.
first of all to thank for the fabulous work that the team pfsense .
My problem is this , after upgrading to version 2.2 from 2.1.5 .
access to captive portal does not work.
My configuration is as follows .
the captive portal runs on a dedicated interface with a virtual ip carp , which
use as gateway users.
I have seen that the ip virutal carp is not added to ipfw rules that facilitate
access to the login page
this are the ipfw rules that actually i can see
65310 allow ip from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } in
65311 allow ip from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to any out
65312 allow icmp from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to any
out icmptypes 0
65313 allow icmp from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } in
icmptypes 8
the first ip 10.128.0.7 should be 10.128.0.2 wich is the ip virtual carp
10.128.0.2 --- ip virtual carp
10.128.0.7 --- phisycal ip interface
I tried to manually put the rules and it works perfectly , but of course, this
process should be automatic.
also I have seen that:
before in version 2.1.5
em3: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu
1500
options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM
ether xx:xx:xx:xx:xx:xx
inet 10.128.0.7 netmask 0x broadcast 10.128.0.255
media: Ethernet autoselect (1000baseT full-duplex)
status: active
lan_vip15: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500
inet 10.128.0.2 netmask 0x
carp: MASTER vhid 15 advbase 1 advskew 200
now in version 2.2
em3: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu
1500
options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM
ether xx:xx:xx:xx:xx:xx
inet 10.128.0.7 netmask 0xff00 broadcast 10.128.0.255
inet 10.128.0.2 netmask 0xff00 broadcast 10.128.0.255 vhid 15
nd6 options=21PERFORMNUD,AUTO_LINKLOCAL
media: Ethernet autoselect (1000baseT full-duplex)
status: active
carp: BACKUP vhid 15 advbase 1 advskew 0
this is a possible cause of this issue.
before in ipfw_context
captive: em3,lan_vip15,
now in ipfw zone list
captive: em3,
any comment would be fantastic.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2
I'd just like to point out, that the Webui installs binaries via PBI into different locations, than the pkg installer does, and this is likely to cause problems mixing them. Installing packages via pkg that are already in the pfsenes package repo is likely to cause a lot of grief down the road. If the official package doesn't work, please open a ticket on https://redmind.pfsenes.org under Packages. There are a number of broken ones, we're working on getting fixed. On 2/8/2015 10:07 PM, Brady, Mike wrote: The Webui binaries are working for me when I do what I said in the forum post that I referenced. On 2015-02-09 15:02, Dan Langille wrote: On Feb 8, 2015, at 8:45 PM, Brady, Mike mike.br...@devnull.net.nz wrote: It isn't you or the binaries. I also think it's the binaries. The configuration and startup scripts are just broken and have been for a while. Even prior to 2.2. I agree those are broken. However, I am unable to get the webui packages binaries to work. However, installing via pkg works fine, with the same configuration file. https://forum.pfsense.org/index.php?topic=85265.0 It was broken long before that. :) https://forum.pfsense.org/index.php?topic=66385.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
