[pfSense-discussion] PPPoE server mods
Hi, I hacked a quick mod for mpd/pppoe server to allow me to use pfsense as an access concentrator for dial-up users (via ethernet). Pfsense was perfectly capable of allowing access via pppoe / radius but was missing a way for the radius server to check if a particular user was still logged in. This is necessary because if the access server looses connection/resets etc, the radius server will contain active sessions that are stale. If the user tries to login (via another access server for example), the login will be denied because of the stale session. One way to prevent this is to have the radius server check the old access server. If the server cannot be accessed or the session is not active, the old session will be removed and a new session will be created. There're different ways to check if a user is logged (snmp being one, telnet etc being the others), but an easy way is to make a simple a server on a known port. Telnetting to this port shows currently logged users. My mod does exactly this: -) provides iface-up and iface-down scripts for mpd to keep track of the currently logged users. -) modifies filter.inc, vpn_pppoe.php and the mpd config generation script. -) provides a simple inetd-based server to list the users (separated from the inetd running on localhost for the nat reflection helpers). -) provides a script for freeradius to check if a particular user is logged on the access server. I have not provided this via a separate package because I want it to work on the embedded platform. I would like to know if these mods are interesting and could be included in the pfsense code ? Also, what is the best way to provide them (I have a patch-set ready). ? Paul.
[pfSense-discussion] freebsd ports vs pfsense ports
Working on mpd, I saw that there's a pfSense ports directory in /home/pfsense/tools I need to port some custom packages to pfSense, so how do I tell the build scripts to use my own port instead of the freebsd ones, or shall I just copy them to /usr/ports? Paul.
Re: [pfSense-discussion] Can pfSense be ported to Intel IXP425?
Further to the discussion early this month, and in specific reference to: http://www.mail-archive.com/discussion@pfsense.com/msg02110.html and noting the fact that the end of February is upon us. Work proceeds. Some of you may have noticed that the ixp42x support recently got MFC-ed to 6.2, nearly simultaneously we got the ability to boot the kernel out of the on-board flash chip (not the CF socket). pfSense has enough footprint that the CF socket is necessary, but the board does run FreeBSD 6.2 quite nicely now. The current efforts have been in making the requisite parts of the 'ports' collection either cross-compile (its ugly) or compile on a native target (a real Gateworks board) with disk via NFS. While 6.2 runs fine on both the 64MB and 128MB variants of the Gateworks board, compiling things such as Perl or Ruby (requisite for many ports) can consume as much as 160MB of combined ram+swap. And compiling on an ixp42x isn't as fast as you're likely used to if you use an Intel x86-like computer purchased in the last 6-7 years. In any case, the webserver is up and serving PHP pages as of early today (er, Tuesday), so a beta release of something very-much pfSense-like (I hesitate to call it 'pfSense' until Scott, Bill and Chris sign-off) should be out quite soon. Jim
Re: [pfSense-discussion] freebsd ports vs pfsense ports
On 2/28/07, Paul [EMAIL PROTECTED] wrote: Working on mpd, I saw that there's a pfSense ports directory in /home/pfsense/tools I need to port some custom packages to pfSense, so how do I tell the build scripts to use my own port instead of the freebsd ones, or shall I just copy them to /usr/ports? We have done this previously by hand but soon I will be altering FreeSBIE to automatically build the pfPorts tree so that the FreeBSD 7 and other architectures binaries get updated when we build an image. Unfortunately I do not have a timeframe as of yet. Scott
RE: [pfSense-discussion] Can pfSense be ported to Intel IXP425?
Thanks for the effort on this. I'm not much of a tester but my company does have some Gateworks boards that I can use. I can help test if you tell me what you want done. Richard Davis www.bizsyscon.com -Original Message- From: Jim Thompson [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 28, 2007 8:04 AM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] Can pfSense be ported to Intel IXP425? Further to the discussion early this month, and in specific reference to: http://www.mail-archive.com/discussion@pfsense.com/msg02110.html and noting the fact that the end of February is upon us. Work proceeds. Some of you may have noticed that the ixp42x support recently got MFC-ed to 6.2, nearly simultaneously we got the ability to boot the kernel out of the on-board flash chip (not the CF socket). pfSense has enough footprint that the CF socket is necessary, but the board does run FreeBSD 6.2 quite nicely now. The current efforts have been in making the requisite parts of the 'ports' collection either cross-compile (its ugly) or compile on a native target (a real Gateworks board) with disk via NFS. While 6.2 runs fine on both the 64MB and 128MB variants of the Gateworks board, compiling things such as Perl or Ruby (requisite for many ports) can consume as much as 160MB of combined ram+swap. And compiling on an ixp42x isn't as fast as you're likely used to if you use an Intel x86-like computer purchased in the last 6-7 years. In any case, the webserver is up and serving PHP pages as of early today (er, Tuesday), so a beta release of something very-much pfSense-like (I hesitate to call it 'pfSense' until Scott, Bill and Chris sign-off) should be out quite soon. Jim
Re: [pfSense-discussion] PPPoE server mods
Scott Ullrich wrote: http://wiki.pfsense.com/wikka.php?wakka=SubmittingPatches describes the process. I'll clean up my patch and submit it. Thank you for answering. Paul.