Re: [pfSense] pfSense 2.1.2 is released
How do you revoke a CA certifate? -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim Thompson Sent: Thursday, April 10, 2014 3:24 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] pfSense 2.1.2 is released https://blog.pfsense.org/?p=1253 pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1, and is primarily a security release. The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements: . pfSense-SA-14_04.openssl . FreeBSD-SA-14:06.openssl . CVE-2014-0160 (Heartbleed) . CVE-2014-0076 (ECDSA Flaw) Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use. Other Fixes . On packages that use row_helper, when user clicks on an add or delete button, the page scrolls to top. #3569 . Correct a typo on function name in Captive Portal bandwidth allocation. . Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale or invalid, and there is still a running instance. . Fix for CRL editing. Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. #3591 You will want to perform a full security audit of your pfSense installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL, etc. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense 2.1.2 is released
Excellent work!! -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim Thompson Sent: Thursday, April 10, 2014 3:24 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] pfSense 2.1.2 is released https://blog.pfsense.org/?p=1253 pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1, and is primarily a security release. The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements: . pfSense-SA-14_04.openssl . FreeBSD-SA-14:06.openssl . CVE-2014-0160 (Heartbleed) . CVE-2014-0076 (ECDSA Flaw) Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use. Other Fixes . On packages that use row_helper, when user clicks on an add or delete button, the page scrolls to top. #3569 . Correct a typo on function name in Captive Portal bandwidth allocation. . Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale or invalid, and there is still a running instance. . Fix for CRL editing. Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. #3591 You will want to perform a full security audit of your pfSense installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL, etc. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] DHCP and hostname
Just wondering if someone could explain to me why does the pfSense syslog show the host name (HP-SLVR in the output below) when requesting DHCP via the LAN segment, but no host name displayed when requesting via the wireless ? Feb 25 15:45:14 pfsense dhcpd: DHCPREQUEST for 10.168.255.117 (10.168.255.1) from 00:25:b3:b9:17:41 (HP-SLVR) via ste1 Feb 25 15:45:14 pfsense dhcpd: DHCPREQUEST for 10.168.255.117 (10.168.255.1) from 00:25:b3:b9:17:41 (HP-SLVR) via ste1 Feb 25 15:34:40 pfsense dhcpd: DHCPREQUEST for 10.168.15.152 from 00:22:fa:ba:67:22 via ste2_vlan15 Feb 25 15:34:40 pfsense dhcpd: DHCPREQUEST for 10.168.15.152 from 00:22:fa:ba:67:22 via ste2_vlan15 Thanks, Sam ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] package download stuck
Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/dansguardian-2.12.0.3-amd64.pb i ... 26% ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Pfsense Firewall complete halt
Since upgrading from 2.1RC1 to 2.1-Release I have been experiencing intermittent forwarding halts, I also noticed access the web gui is also halted, I'm however able to access the FW via SSH and console, restarting webconfigurator doesn't solve the problem, no error on the console screen, or any log files that I can see, rebooting the firewall always fixes the problem. In the past few weeks I've tried both i386 and x64 with the same problem, any suggestions on how to solve or better track this problem? Here is my current build: 2.1-RELEASE (amd64) built on Wed Sep 11 18:17:48 EDT 2013 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] General question
From: Michael D. Wood [mailto:m...@itsecuritypros.org] Sent: Tuesday, March 26, 2013 3:06 AM To: k_...@hotmail.com; 'pfSense support and discussion' Subject: RE: [pfSense] General question Did you try Christoph's suggestion while there was an established connection? Are you able to catch when the connection is made? If you still receive the logs and browsers are closed, it would lead me to believe it would be another source making the connection. What does TCPView show on the machine? http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx -- Michael D. Wood www.itsecuritypros.org -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of k_o_l Sent: Monday, March 25, 2013 4:53 PM To: 'pfSense support and discussion' Subject: Re: [pfSense] General question From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Christoph Hanle Sent: Monday, March 25, 2013 2:45 PM To: list@lists.pfsense.org Subject: Re: [pfSense] General question On 25.03.2013 19:30 k_o_l wrote: > > I see the issue even when all browser are shut down. > netstat -ano (Win) or -nlp on the source PC can bring you the solution. bye Christoph -Original Message- Nothing there, wireshark captures http sessions, but not sure what doing it since all my browsers are off. -Original Message- Found it, "Seagate Dashboard" thanks everyone for the help. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] General question
> -Original Message- > From: list-boun...@lists.pfsense.org [mailto:list- > boun...@lists.pfsense.org] On Behalf Of Ryan Rodrigue > Sent: Monday, March 25, 2013 4:18 PM > To: k_...@hotmail.com; 'pfSense support and discussion' > Subject: Re: [pfSense] General question > > > > > > -Original Message- > > From: list-boun...@lists.pfsense.org [mailto:list- > > boun...@lists.pfsense.org] On Behalf Of k_o_l > > Sent: Monday, March 25, 2013 3:53 PM > > To: 'pfSense support and discussion' > > Subject: Re: [pfSense] General question > > > > From: list-boun...@lists.pfsense.org [mailto:list- > > boun...@lists.pfsense.org] On Behalf Of Christoph Hanle > > Sent: Monday, March 25, 2013 2:45 PM > > To: list@lists.pfsense.org > > Subject: Re: [pfSense] General question > > > > On 25.03.2013 19:30 k_o_l wrote: > > > > > > > > I see the issue even when all browser are shut down. > > > > > netstat -ano (Win) or -nlp on the source PC can bring you the solution. > > > > bye > > Christoph > > -Original Message- > > > > Nothing there, wireshark captures http sessions, but not sure what > > doing it since all my browsers are off. > > > > > Perhaps some windows gadget that is in use. Does it show what PC you > are having the problems with? Unplug the network from that PC and see > if it still persist. It could be any number of apps they have > installed. I have even seen some of the browsers open http sessions. > > Sorry. I have seen some antiviruses open HTTP sessions. -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Rodrigue Sent: Monday, March 25, 2013 5:24 PM To: 'pfSense support and discussion' Subject: Re: [pfSense] General question No gadget not the antivirus, it's from one PC so yeah when the cable is unplugged no connection is made ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] General question
In my fw proxy logs I'm seeing a periodic connection form one of my PCs to facebook, flickr, and youtube around the same time, and it's happening every about 10 minutes, I have checked browser plugins, search for rouge software's, and scanned the pc to no avail. I was wondering if one of the members has a clue on what's going on. Here is an example of the log: [Fri Mar 22 22:06:44 2013].978 92 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - [Fri Mar 22 22:06:45 2013].295409 10.168.255.70 TCP_HIT/200 210140 GET http://www.flickr.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:06:45 2013].309424 10.168.255.70 TCP_MISS/200 111388 GET http://www.youtube.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:21:06 2013].802145 10.168.255.70 TCP_HIT/200 210140 GET http://www.flickr.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:21:06 2013].821165 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - [Fri Mar 22 22:21:07 2013].071415 10.168.255.70 TCP_HIT/200 111359 GET http://www.youtube.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:21:44 2013].928 92 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - [Fri Mar 22 22:21:44 2013].968131 10.168.255.70 TCP_MISS/200 210140 GET http://www.flickr.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:21:45 2013].232396 10.168.255.70 TCP_HIT/200 62 GET http://www.youtube.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:36:06 2013].779167 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - [Fri Mar 22 22:36:06 2013].961349 10.168.255.70 TCP_HIT/200 210140 GET http://www.flickr.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:36:07 2013].166555 10.168.255.70 TCP_MISS/200 110520 GET http://www.youtube.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:36:44 2013].901 92 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - [Fri Mar 22 22:36:45 2013].135326 10.168.255.70 TCP_HIT/200 111352 GET http://www.youtube.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:36:45 2013].168360 10.168.255.70 TCP_HIT/200 210140 GET http://www.flickr.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:51:06 2013].732166 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - [Fri Mar 22 22:51:06 2013].814248 10.168.255.70 TCP_MISS/200 210140 GET http://www.flickr.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:51:07 2013].032466 10.168.255.70 TCP_HIT/200 106375 GET http://www.youtube.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 text/html [Fri Mar 22 22:51:44 2013].838 93 10.168.255.70 TCP_MISS/302 0 GET http://www.facebook.com 10.168.255.70 DEFAULT_PARENT/127.0.0.1 - ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OpenVPN for iOS - Finally Available!
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim Pingle Sent: Thursday, January 17, 2013 2:48 PM To: list@lists.pfsense.org Subject: Re: [pfSense] OpenVPN for iOS - Finally Available! On 1/17/2013 2:11 PM, kol wrote: > Excellent news! I already have it up and running easy setup. What changes did you make to your VPN config(s) to make it work for you? So far I've managed to get it connected by hand editing the config and removing tls-remote, and using separate ca, cert, and key files instead of a .p12. But it connects and then immediately disconnects without logging and reason why. The server accepts it, but the client log just shows that it decided to disconnect. Maybe it hates the iPod touch I'm using ;-) I need to make another profile for the client export package now to make a config this thing likes, but it's a step forward. Jim -Original Message- I made no significant changes other than creating a different Cert for the iphone4s Sam ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OpenVPN for iOS - Finally Available!
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim Pingle Sent: Thursday, January 17, 2013 12:51 PM To: pfSense support and discussion Subject: Re: [pfSense] OpenVPN for iOS - Finally Available! On 1/17/2013 12:42 PM, Robert Guerra wrote: > Just came across the following that no doubt will be of interest to the PfSense community. > [snip] > OpenVPN Connect (App Store) > https://itunes.apple.com/us/app/openvpn-connect/id590379981 Excellent news! I'll have to try it out on my iPod touch and see how it works, and if it can easily take our exported configs like Android does. -Original Message- Excellent news! I already have it up and running easy setup. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list