Re: [pfSense Support] pfsense 1.2.1 wizard bug
Chris Buechler wrote: Yeah, 1.2.2 is coming sometime this week to fix that and 3 other things that have been fixed since 1.2.1. Ok, I have one additional bug (at least I'm considering that as bug). When creating port forwarding and also adding automatically apporpriate firewall rules and then deleting that port forward rule, the firewall rules are not deleted. I see that as possible security problem. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Zabbix Agent package on 1.2.1
Hi folks, Still one day behind (jet lag from Paris, France)… Anyway I am using Zabbix in production on FreeBSD Servers (6.3p7 - 6.4p1 - 7.0p7) since a couple of month… and I have a very precise overview of what's working and what's broken. The main problem with zabbix (server and client) is that the startup script does not work correctly, in fact the process stays in memory (shared memory) without beeing removed on stop. This can be easily seen using command such as these: # /usr/local/etc/rc.d/zabbix_agentd start # /usr/local/etc/rc.d/zabbix_agentd status # /usr/local/etc/rc.d/zabbix_agentd stop # /usr/local/etc/rc.d/zabbix_agentd status This will quite obviously start and stop zabbix with a little check between the two to see if everything is ok. The second status will show no processes but if you try to start It again, well, It simply won't!! Took me a while to realize why, in fact the process is still loaded in shared memory. You can check that with this command: # ipcs Message Queues: T ID KEY MODEOWNERGROUP Shared Memory: T ID KEY MODEOWNERGROUP m 131073 2052509788 --rw-rw-rw- zabbix zabbix Semaphores: T ID KEY MODEOWNERGROUP s 196611 2052509788 --rw-rw-rw- zabbix zabbix To make a clean stop just issue these commands: # ipcrm -S 2052509788 # ipcrm -M 2052509788 # ipcs The numbers following the -S and -M have to be taken from the output of the ipcs command. ipcs should show you no process at all now. You will then be able to start It properly. A bit of tuning then to increase the shared memory (generaly needed in the first place)… # sysctl -w kern.ipc.shmall=16384 This is the unfortunate way of running zabbix (client server) on FreeBSD. Beside these startup / memory related problem, I have had no particular problem with any aspect of the product… Tunning is needed to suit your precise need, but this is done in a much easier way than on any other products I have tested (including: Nagios, Hobbit)… The details / analysis obtained with zabbix are quite impressive. I would really love to see hobbit on PFSense… I don't know if this will be corrected anytime soon, I have warned the person in charge of the port, but so far nothing has been done (I am unfortunately not good enough to dig in the code and correct these problems)… Sincerly yours. Le 6 janv. 09 à 20:20, Gary Buckmaster a écrit : Is there anyone here who is actually using Zabbix in production and monitoring FreeBSD boxes with it? I know it looks like a shiny toy, but I'm telling you that the reality is far less. The monitoring is limited at best for linux, and almost completely unusable without major customization for FreeBSD. I agree that having a nice centralized monitoring system to use with pfSense would be nice, but our extensive experience evaluating Zabbix led us to the conclusion that it's not ready for prime time. Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] mail archives
http://www.pfsense.org/index.php?option=com_contenttask=viewid=66Itemid=71 the link to mail-archive doesn't work for the support or discussion lists moreover, if you enable javascript on the mail-archive site it gives and XSS danger warning! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Zabbix Agent package on 1.2.1
Rainer Duffner wrote: From what I could see, once you install the agent, Zabbix was able to figure out most of the services by itself. This is especially true for disks, CPU-load, memory and interfaces that are IMO quite timeconsuming to setup in Nagios. I quite liked munin for that; I use it at home and it's very good for a small number of servers*. Munin is absolutely trivial to set up, and writing plugins is actually quite enjoyable. And Cacti has no way of setting up and managing dozens or hundreds of similar services at once, last time I looked. yes, cacti really needs a copy this host feature, and better, a bulk-add. * yes, I am sad. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfsense 1.2.1 wizard bug
I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Wednesday, January 07, 2009 2:44 AM To: support@pfsense.com Subject: Re: [pfSense Support] pfsense 1.2.1 wizard bug On Wed, Jan 7, 2009 at 2:20 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: I reinstalled my two machines and on both times the initial setup wizard asked for wan IP-s, but did not save the address. Later, when checking WAN interface configuration, the IP address field was empty, but gateway was filled correctly. Yeah, 1.2.2 is coming sometime this week to fix that and 3 other things that have been fixed since 1.2.1. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Dual WAN failover not working
Hi! I have dual pfsense 1.2.1, LAN interface, WAN and OPT1, last two are different ISP's. I have configured 3 carp interfaces and gateway failover for load balancer. I only need failover, not load balancing. Tried with one and two failover pools with no success. When WAN isp is disconnected, no switching to OPT1 isop occurs, thought i can see in logs that OPT1 is considered working: slbd[23449]: ICMP poll succeeded for xxx.xxx.115.18, marking service UP and the same is indicated by web interface Online as well. Still no traffic goes out through OPT1!? I hope somebody can help me with this, as I understand there must be people who have similar and working setup and pfsense should have that ability. --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Secondary IP range for WAN LAN
Hello, I have requested and obtained from my hosting company an new range of public IPs. How can I configure PFSense to use these knowing that they will be routed on the same physical cable as my previous IPs (WAN if) ? In other word the WAN Interface will have to have two IPs… and my firewall is configured as a transparent filtering bridge. This means that the IPs will also have to be available on the LAN if. Any clue on how to realize that will be welcome. Thanks for your support. Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
Christopher Iarocci wrote: I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. shouldn't the bogon list be auto-updated? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 5:16 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: Ok, I have one additional bug (at least I'm considering that as bug). When creating port forwarding and also adding automatically apporpriate firewall rules and then deleting that port forward rule, the firewall rules are not deleted. I see that as possible security problem. That's by design. There is a feature request open suggesting an improvement there. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 8:22 AM, Christopher Iarocci ciaro...@tfop.net wrote: I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. No reason that should have taken hours, always check your firewall logs when something doesn't work. The list is auto updated monthly if your firewall can get to the Internet. Clean installs aren't immediately updated. Send me what IP was listed there that shouldn't be and I'll make sure it isn't in the list. Every time I've checked on that for someone else, it had been removed months prior and their firewall didn't have DNS configured so it couldn't update. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Secondary IP range for WAN LAN
On Wed, Jan 7, 2009 at 9:34 AM, bsd b...@todoo.biz wrote: Hello, I have requested and obtained from my hosting company an new range of public IPs. How can I configure PFSense to use these knowing that they will be routed on the same physical cable as my previous IPs (WAN if) ? In other word the WAN Interface will have to have two IPs… and my firewall is configured as a transparent filtering bridge. This means that the IPs will also have to be available on the LAN if. You don't configure them on pfSense for a bridge, aside from allowing whatever traffic you want in your firewall rules. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] DMZ to LAN access
Hello, I have a LAN that have 192.168.2.0/24 and DMZ (second LAN) with 192.168.4.0/24 How can I access LAN from DMZ? pfsense 1.2 - dual WAN configuration. Thank you in advance for answers. -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
Peter Todorov wrote: Hello, I have a LAN that have 192.168.2.0/24 http://192.168.2.0/24 and DMZ (second LAN) with 192.168.4.0/24 http://192.168.4.0/24 How can I access LAN from DMZ? pfsense 1.2 - dual WAN configuration. Thank you in advance for answers. -- честността не е порок Typically this is inadvisable from a security standpoint. However, in order to allow it, create firewall rules on your DMZ interface with the destination IP of the machine(s) you want to send to. !DSPAM:4964d6b815801234511312! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Really need some help
On Wed, Jan 7, 2009 at 10:07, Atkins, Dwane P atki...@uthscsa.edu wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. I've encountered this issue when I have a large number of live users, also with the DHCP page. The pages in question aren't designed to scale well over 1000 users and could probably use a revamp. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Really need some help
Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
Is the 1.2.2 going to be a full release or is it RC1? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Really need some help
I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
On the 1.2.1 upgrade is there specific hardware requirements? What is the recommended hardware requirement? Did I miss that in my readings? -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Wednesday, January 07, 2009 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
I am sorry. I am running 1.2.1 RC2 Dwane -Original Message- From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, January 07, 2009 12:39 PM To: support@pfsense.com Subject: RE: [pfSense Support] Really need some help On the 1.2.1 upgrade is there specific hardware requirements? What is the recommended hardware requirement? Did I miss that in my readings? -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Wednesday, January 07, 2009 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
1.2.1-RC2 built on Wed Nov 19 22:22:11 EST 2008 Dwane -Original Message- From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, January 07, 2009 12:39 PM To: support@pfsense.com Subject: RE: [pfSense Support] Really need some help On the 1.2.1 upgrade is there specific hardware requirements? What is the recommended hardware requirement? Did I miss that in my readings? -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Wednesday, January 07, 2009 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Really need some help
On Wed, Jan 7, 2009 at 1:08 PM, Atkins, Dwane P atki...@uthscsa.edu wrote: Is the 1.2.2 going to be a full release or is it RC1? Full release, only 4 changes. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs Jan 7 19:20:11 mpd: pptp0: killing connection with 24.XX.XX.XXX:58149 Jan 7 19:20:11 mpd: [pt0] LCP: Down event Jan 7 19:20:11 mpd: [pt0] link: DOWN event Jan 7 19:20:11 mpd: [pt0] device is now in state DOWN Jan 7 19:20:11 mpd: [pt0] device: DOWN event in state DOWN Jan 7 19:20:11 mpd: [pt0] LCP: phase shift ESTABLISH -- DEAD Jan 7 19:20:11 mpd: [pt0] LCP: state change Closed -- Initial Jan 7 19:20:11 mpd: [pt0] LCP: Down event Jan 7 19:20:11 mpd: [pt0] link: DOWN event Jan 7 19:20:11 mpd: [pt0] device is now in state DOWN Jan 7 19:20:11 mpd: [pt0] device: DOWN event in state CLOSING Jan 7 19:20:11 mpd: [pt0] LCP: state change Stopped -- Closed Jan 7 19:20:11 mpd: [pt0] LCP: Close event Jan 7 19:20:11 mpd: [pt0] link: CLOSE event Jan 7 19:20:11 mpd: [pt0] device is now in state CLOSING Jan 7 19:20:11 mpd: [pt0] device: CLOSE event in state CLOSING Jan 7 19:20:11 mpd: [pt0] closing link pt0... Jan 7 19:20:11 mpd: [pt0] bundle: CLOSE event in state OPENED Jan 7 19:20:11 mpd: [pt0] device is now in state CLOSING Jan 7 19:20:11 mpd: [pt0] IFACE: Close event Jan 7 19:20:11 mpd: pptp0: closing connection with 24.XX.XX.XXX:58149 Jan 7 19:20:11 mpd: [pt0] IFACE: Close event Jan 7 19:20:11 mpd: [pt0] IPCP: LayerFinish Jan 7 19:20:11 mpd: [pt0] IPCP: state change Starting -- Initial Jan 7 19:20:11 mpd: [pt0] IPCP: Close event Jan 7 19:20:11 mpd: [pt0] IFACE: Close event Jan 7 19:20:11 mpd: [pt0] PPTP call terminated Jan 7 19:20:11 mpd: pptp0-0: killing channel Jan 7 19:20:11 mpd: pptp0-0: clearing call Jan 7 19:20:11 mpd: [pt0] device: CLOSE event in state UP Jan 7 19:20:11 mpd: [pt0] LCP: LayerFinish Jan 7 19:20:11 mpd: [pt0] LCP: parameter negotiation failed Jan 7 19:20:11 mpd: [pt0] LCP: LayerFinish Jan 7 19:20:11 mpd: [pt0] LCP: state change Req-Sent -- Stopped Jan 7 19:20:09 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:09 mpd: MP SHORTSEQ Jan 7 19:20:09 mpd: MP MRRU 1600 Jan 7 19:20:09 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:09 mpd: MAGICNUM 44d69474 Jan 7 19:20:09 mpd: MRU 1500 Jan 7 19:20:09 mpd: PROTOCOMP Jan 7 19:20:09 mpd: ACFCOMP Jan 7 19:20:09 mpd: [pt0] LCP: SendConfigReq #10 Jan 7 19:20:07 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:07 mpd: MP SHORTSEQ Jan 7 19:20:07 mpd: MP MRRU 1600 Jan 7 19:20:07 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:07 mpd: MAGICNUM 44d69474 Jan 7 19:20:07 mpd: MRU 1500 Jan 7 19:20:07 mpd: PROTOCOMP Jan 7 19:20:07 mpd: ACFCOMP Jan 7 19:20:07 mpd: [pt0] LCP: SendConfigReq #9 Jan 7 19:20:05 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:05 mpd: MP SHORTSEQ Jan 7 19:20:05 mpd: MP MRRU 1600 Jan 7 19:20:05 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:05 mpd: MAGICNUM 44d69474 Jan 7 19:20:05 mpd: MRU 1500 Jan 7 19:20:05 mpd: PROTOCOMP Jan 7 19:20:05 mpd: ACFCOMP Jan 7 19:20:05 mpd: [pt0] LCP: SendConfigReq #8 Jan 7 19:20:03 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:03 mpd: MP SHORTSEQ Jan 7 19:20:03 mpd: MP MRRU 1600 Jan 7 19:20:03 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:03 mpd: MAGICNUM 44d69474 Jan 7 19:20:03 mpd: MRU 1500 Jan 7 19:20:03 mpd: PROTOCOMP Jan 7 19:20:03 mpd: ACFCOMP Jan 7 19:20:03 mpd: [pt0] LCP: SendConfigReq #7 Jan 7 19:20:01 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:01 mpd: MP SHORTSEQ Jan 7 19:20:01 mpd: MP MRRU 1600 Jan 7 19:20:01 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:01 mpd: MAGICNUM 44d69474 Jan 7 19:20:01 mpd: MRU 1500 Jan 7 19:20:01 mpd: PROTOCOMP Jan 7 19:20:01 mpd: ACFCOMP Jan 7 19:20:01 mpd: [pt0] LCP: SendConfigReq #6 Jan 7 19:19:59 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:19:59 mpd: MP SHORTSEQ Jan 7 19:19:59 mpd: MP MRRU 1600 Jan 7 19:19:59 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:19:59 mpd: MAGICNUM 44d69474 Jan 7 19:19:59 mpd: MRU 1500 Jan 7 19:19:59 mpd: PROTOCOMP Jan 7 19:19:59 mpd: ACFCOMP Jan 7 19:19:59 mpd: [pt0] LCP: SendConfigReq #5 Jan 7 19:19:57 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:19:57 mpd: MP SHORTSEQ Jan 7 19:19:57 mpd: MP MRRU 1600 Jan 7 19:19:57 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:19:57 mpd: MAGICNUM 44d69474 Jan 7 19:19:57 mpd: MRU 1500 Jan 7 19:19:57 mpd: PROTOCOMP Jan 7 19:19:57 mpd: ACFCOMP Jan 7 19:19:57 mpd: [pt0] LCP: SendConfigReq #4 Jan 7 19:19:55 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:19:55 mpd: MP SHORTSEQ Jan 7 19:19:55 mpd: MP MRRU 1600 I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in
RE: [pfSense Support] pfsense 1.2.1 wizard bug
173.2.245.101 Upon going to diagnostics--ping, I put in google.com as the host and it resolved and returned pings. I believe my firewall can access the internet. I can say that I discovered the problem about 12 hours after the firewall was up and running. I'm not sure if that was enough time for the bogon networks to update. Maybe there should be a way force the update? Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Wednesday, January 07, 2009 10:33 AM To: support@pfsense.com Subject: Re: [pfSense Support] pfsense 1.2.1 wizard bug On Wed, Jan 7, 2009 at 8:22 AM, Christopher Iarocci ciaro...@tfop.net wrote: I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. No reason that should have taken hours, always check your firewall logs when something doesn't work. The list is auto updated monthly if your firewall can get to the Internet. Clean installs aren't immediately updated. Send me what IP was listed there that shouldn't be and I'll make sure it isn't in the list. Every time I've checked on that for someone else, it had been removed months prior and their firewall didn't have DNS configured so it couldn't update. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 7:56 PM, Christopher Iarocci ciaro...@tfop.net wrote: 173.2.245.101 173.* doesn't exist in the bogons file. Upon going to diagnostics--ping, I put in google.com as the host and it resolved and returned pings. I believe my firewall can access the internet. I can say that I discovered the problem about 12 hours after the firewall was up and running. I'm not sure if that was enough time for the bogon networks to update. Maybe there should be a way force the update? Run /etc/rc.update_bogons from the console or a SSH session. It'll sleep for a while then update. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Thu, Jan 8, 2009 at 11:29 AM, Christopher Iarocci ciaro...@tfop.net wrote: I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs Apparently there are three major bugs being fixed in 1.2.2, this may be one of them. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Wed, Jan 7, 2009 at 8:55 PM, Morgan Reed morgan.s.r...@gmail.com wrote: On Thu, Jan 8, 2009 at 11:29 AM, Christopher Iarocci ciaro...@tfop.net wrote: I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs Apparently there are three major bugs being fixed in 1.2.2, this may be one of them. They aren't major, aside from the setup wizard issue they're rare edge cases or minor things. PPTP isn't one. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Thu, Jan 8, 2009 at 12:59 PM, Chris Buechler cbuech...@gmail.com wrote: They aren't major, aside from the setup wizard issue they're rare edge cases or minor things. PPTP isn't one. *shrug* commenting based on what I've seen about the place, admittedly I haven't actually read the changelog... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Couple OpenNTPd Ticket Comments Fix
I just commented on http://cvstrac.pfsense.org/tktview?tn=1859,4 with a fix. Hopefully this can sneak into 1.2.2 after the fix is confirmed. Also, Ticket http://cvstrac.pfsense.org/tktview?tn=1617,36 appears to be fixed in 1.2.1 (which I also commented on) -Dave - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Couple OpenNTPd Ticket Comments Fix
On Wed, Jan 7, 2009 at 8:04 PM, Chris Buechler c...@pfsense.org wrote: On Wed, Jan 7, 2009 at 10:24 PM, David Rees dree...@gmail.com wrote: I just commented on http://cvstrac.pfsense.org/tktview?tn=1859,4 with a fix. Hopefully this can sneak into 1.2.2 after the fix is confirmed. It was already built, but it was built literally minutes before today's FreeBSD security advisories. The OpenSSL one is potentially applicable with OpenVPN, so it's being rebuilt with the updates. I believe it's building as I'm writing this, so it's likely there will not be any additional changes in 1.2.2. No worries, not a major bug as there is a workaround, but would be nice to get into the 1.2 branch for the next release. Cheers Dave - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Couple OpenNTPd Ticket Comments Fix
On Wed, Jan 7, 2009 at 8:12 PM, David Rees dree...@gmail.com wrote: On Wed, Jan 7, 2009 at 8:04 PM, Chris Buechler c...@pfsense.org wrote: On Wed, Jan 7, 2009 at 10:24 PM, David Rees dree...@gmail.com wrote: I just commented on http://cvstrac.pfsense.org/tktview?tn=1859,4 with a fix. Hopefully this can sneak into 1.2.2 after the fix is confirmed. It was already built, but it was built literally minutes before today's FreeBSD security advisories. The OpenSSL one is potentially applicable with OpenVPN, so it's being rebuilt with the updates. I believe it's building as I'm writing this, so it's likely there will not be any additional changes in 1.2.2. No worries, not a major bug as there is a workaround, but would be nice to get into the 1.2 branch for the next release. It's not a complete fix, anyway. It actually breaks that other ticket. :-( I'll look at it more when I get a chance. -Dave - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Couple OpenNTPd Ticket Comments Fix
On Wed, Jan 7, 2009 at 11:15 PM, David Rees dree...@gmail.com wrote: It's not a complete fix, anyway. It actually breaks that other ticket. :-( I'll look at it more when I get a chance. That's exactly what I was afraid of, it would break something else. :) We're confident in the fixes that are coming. changes listed here: http://cvstrac.pfsense.org/rptview?rn=38 those above Set version to 1.2.1 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Couple OpenNTPd Ticket Comments Fix
On Wed, Jan 7, 2009 at 8:15 PM, David Rees dree...@gmail.com wrote: On Wed, Jan 7, 2009 at 8:12 PM, David Rees dree...@gmail.com wrote: On Wed, Jan 7, 2009 at 8:04 PM, Chris Buechler c...@pfsense.org wrote: On Wed, Jan 7, 2009 at 10:24 PM, David Rees dree...@gmail.com wrote: I just commented on http://cvstrac.pfsense.org/tktview?tn=1859,4 with a fix. Hopefully this can sneak into 1.2.2 after the fix is confirmed. It was already built, but it was built literally minutes before today's FreeBSD security advisories. The OpenSSL one is potentially applicable with OpenVPN, so it's being rebuilt with the updates. I believe it's building as I'm writing this, so it's likely there will not be any additional changes in 1.2.2. No worries, not a major bug as there is a workaround, but would be nice to get into the 1.2 branch for the next release. It's not a complete fix, anyway. It actually breaks that other ticket. :-( I'll look at it more when I get a chance. OK, here's a tested fix. Seems to work on my system. Looks like you applied the other fix already, this patch should apply over it. -Dave status_services.php.patch Description: Binary data - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org