[pfSense] Squid not logging traffic
I just noticed squid is not logging all traffic. The last few nights I've used plex on my roku connected to my friends server. The only thing showing in light squid for my roku is the calls home to the roku domain. Not of the traffic from streaming movies all night was recorded. I believe netflix does the same thing. Am i missing something? If i watch the pfsense dashboard I can see the traffic on the rrd graphs. Sent from my U.S. Cellular® Smartphone ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2-RELEASE now available!
Tim lists@... writes: The Update worked like charm. Many thanks to the devs for all the great work! Now I started to install packages and get the following error after installing HAVP: Warning: file_put_contents(/usr/local/etc/havp/havp_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/havp.inc on line 604 This error occurs on top of the HAVP-config-pages. Regards Tim Chris Buechler cmb@... hat am 24. Januar 2015 um 03:24 geschrieben: Details on the blog: https://blog.pfsense.org/?p=1546 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold I got this same error message. I freshly installed pfsense 2.2, no upgrade. HAVP was the first package I installed, and i got the same error! There is no such folder in my system: /usr/local/etc/havp... I enabled the http-proxy server from antivirus config. Do I still need to install Squid or something else? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense 2.2 Strongswan rekeying issues
Hi all, We are experiencing a number of issues with IPSEC tunnels rekeying. We see the following in the IPSEC log : Feb 15 17:30:45 4slgbmernfw01 charon: 13[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:30:50 4slgbmernfw01 charon: 14[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:30:54 4slgbmernfw01 charon: 09[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:30:59 4slgbmernfw01 charon: 09[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:31:04 4slgbmernfw01 charon: 15[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify This is not always for the same connection but does happen frequently and has made release 2.2 almost unusable for us. We have to issue ipsec down con xxx and ipsec up con xxx to reset the tunnel. I have had a brief look at the strongswan website and they seem to be indicating an issue and have a patch. Has this/when will this patch be incorporated into pfsense (strongswan issue819 seems to be a close match) We either need to get this fixed or revert back to using racoon …. Mark Relf Principal Consultant [cv_certified_engineer.gif] 4sl Group, 4 Snow Hill, London EC1A 2DJ t: +44 (0) 203 307 1053 m: +44 (0) 7868 842548 w: www.4sl.comhttp://www.4sl.com/ e: mark.r...@4sl.commailto:mark.r...@4sl.com Planned away dates: None [cid:B6E3BF5B-11F0-473A-897C-46E683E08B0B] [2013 Tech Track 100 logo - smaller] Legal Disclaimer: The information in this email and any attachment is confidential and may also be privileged. If you have received this message in error please notify the sender and delete the message and attachments from your system immediately. You are not entitled to retain, copy or use this email for any purpose, nor disclose all or any part of its content to any other person. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] captive portal doesn´t work after upgrade to 2.2
- Mensaje reenviado - good morning. first of all to thank for the fabulous work that the team pfsense . My problem is this , after upgrading to version 2.2 from 2.1.5 . access to captive portal does not work. My configuration is as follows . the captive portal runs on a dedicated interface with a virtual ip carp , which use as gateway users. I have seen that the ip virutal carp is not added to ipfw rules that facilitate access to the login page this are the ipfw rules that actually i can see 65310 allow ip from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } in 65311 allow ip from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to any out 65312 allow icmp from { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } to any out icmptypes 0 65313 allow icmp from any to { 255.255.255.255 or 10.128.0.7 or 10.128.0.7 } in icmptypes 8 the first ip 10.128.0.7 should be 10.128.0.2 wich is the ip virtual carp 10.128.0.2 --- ip virtual carp 10.128.0.7 --- phisycal ip interface I tried to manually put the rules and it works perfectly , but of course, this process should be automatic. also I have seen that: before in version 2.1.5 em3: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether xx:xx:xx:xx:xx:xx inet 10.128.0.7 netmask 0x broadcast 10.128.0.255 media: Ethernet autoselect (1000baseT full-duplex) status: active lan_vip15: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 10.128.0.2 netmask 0x carp: MASTER vhid 15 advbase 1 advskew 200 now in version 2.2 em3: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether xx:xx:xx:xx:xx:xx inet 10.128.0.7 netmask 0xff00 broadcast 10.128.0.255 inet 10.128.0.2 netmask 0xff00 broadcast 10.128.0.255 vhid 15 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active carp: BACKUP vhid 15 advbase 1 advskew 0 this is a possible cause of this issue. before in ipfw_context captive: em3,lan_vip15, now in ipfw zone list captive: em3, any comment would be fantastic. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense bind package
Hi, I am having problems configuring HA configuration for bind DNS service on two pfsense 2.2 servers. Servers synchronize all configuration, except bind. My zones are all slave, primary server is behind pfsense cluster, so I want configuration on both pfsense servers to be identical. Package has Sync tab, but I am not sure how to configure it properly for my case. Also in panel Resulting zone config file each slave zone displays unprintable characters. It looks more like binary zone dump, instead of zone config. I have version 9.9.6P1_3 pkg v 0.3.6. Thanks, Vadym ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense 2.2 Strongswan rekeying issues
On Sun, Feb 15, 2015 at 12:37 PM, Mark Relf mark.r...@4slgroup.com wrote: Hi all, We are experiencing a number of issues with IPSEC tunnels rekeying. We see the following in the IPSEC log : Feb 15 17:30:45 4slgbmernfw01 charon: 13[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:30:50 4slgbmernfw01 charon: 14[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:30:54 4slgbmernfw01 charon: 09[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:30:59 4slgbmernfw01 charon: 09[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify Feb 15 17:31:04 4slgbmernfw01 charon: 15[IKE] con1000|1080 received INVALID_ID_INFORMATION error notify This is not always for the same connection but does happen frequently and has made release 2.2 almost unusable for us. We have to issue ipsec down con xxx and ipsec up con xxx to reset the tunnel. I have had a brief look at the strongswan website and they seem to be indicating an issue and have a patch. Has this/when will this patch be incorporated into pfsense (strongswan issue819 seems to be a close match) One of our community members opened that strongswan 819 ticket when it's at least a mix of two completely different problems, and not a good description of what might be happening there. I can't seem to find a replicable circumstance that produces that issue. Do you have multiple phase 2 entries on a single phase 1? What is the remote endpoint you're connecting to? The only confirmed issue where I'm aware of a specific cause is a problem in the Cisco Unity plugin that can be triggered when rekeying with certain configurations in place on the Cisco end. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Squid not logging traffic
On Mon 16 Feb 2015 03:53:55 NZDT +1300, Brian Caouette wrote: I just noticed squid is not logging all traffic. The last few nights I've used plex on my roku connected to my friends server. The only thing showing in light squid Are you talking about squid or light squid? Aren't they different packages? Squid logs the number of bytes transferred, which means it can write the log entry only after the connection is closed the time stamps seems to be the one of when the log entry was written, not when the connection was opened. When is a streaming connection closed? Perhaps more to the point, what port does the stream use? Is it one handled by squid in the first place? Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold