Re: [pfSense] previous / older pfSense release image files
>>> On Jul 28, 2016, at 1:50 PM, Jim Pingle li...@pingle.org wrote: >>> https://atxfiles.pfsense.org/mirror/downloads/old/ Thanks Jim! Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Cloning pfSense Repo
Should I be able to clone the pfSense repo and host it locally? Should I be able to set the repo url in pfSense to point to this? Also, I have no experience making package but sometimes I have to hack an init.d script in, can I do that with a package? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] previous / older pfSense release image files
On 07/13/2016 05:06 AM, Herwig Unterrichter wrote: > I am having troubles finding a certain older pfsense release, in particular > 2.2.4, the memstick am64 image. > > Is there some kind of archive server where i can get access to all previous > releases? https://atxfiles.pfsense.org/mirror/downloads/old/ Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] IPSec log comments
On Thu, Jul 28, 2016 at 11:19 AM, Paul Galati wrote: > I noted installed packages > I backed up my configuration xml, 2.2.4 > I replaced hard disk with SSD > Installed fresh 32-bit 2.3.2 > Installed packages > imported config > > The 3 openvpn clients logged back in with no problem and tunneled VOIP phones > logged back in as well. My guest network was unable to reach the internet > until I added a line to rules. Not quite sure why it worked with 2.2.4 but > did not in 2.3.2. Nonetheless, the pass !LAN statement worked. The only > things I am noticing so far is that when I change any preference in the > dashboard, the traffic graphs fall back to only showing the WAN traffic. > Resetting the traffic graph prefs works until I change a different dashboard > pref. > > The more important is the IPSec log file. The only IPSec config is the > mobile client. Here is what I am seeing in the the log when no one is > connected. > > > Jul 28 12:01:08 charon > 14[CFG] vici client 891 disconnected > Jul 28 12:01:08 charon > 14[CFG] vici client 891 requests: list-sas > Jul 28 12:01:08 charon > 10[CFG] vici client 891 registered for: list-sa > Jul 28 12:01:08 charon > 14[CFG] vici client 891 connected > Jul 28 12:01:02 charon > 08[CFG] vici client 890 disconnected > Jul 28 12:01:02 charon > 08[CFG] vici client 890 requests: list-sas > Jul 28 12:01:02 charon > 08[CFG] vici client 890 registered for: list-sa > Jul 28 12:01:02 charon > 14[CFG] vici client 890 connected > Jul 28 12:00:51 charon > 14[CFG] vici client 889 disconnected > Jul 28 12:00:51 charon > 08[CFG] vici client 889 requests: list-sas > Jul 28 12:00:51 charon > 08[CFG] vici client 889 registered for: list-sa > Jul 28 12:00:51 charon > 08[CFG] vici client 889 connected > Jul 28 12:00:44 charon > 08[CFG] vici client 888 disconnected > Jul 28 12:00:44 charon > 09[CFG] vici client 888 requests: list-sas > Jul 28 12:00:44 charon > 12[CFG] vici client 888 registered for: list-sa > Jul 28 12:00:44 charon > 12[CFG] vici client 888 connected > Jul 28 12:00:28 charon > 12[CFG] vici client 887 disconnected > Jul 28 12:00:28 charon > 09[CFG] vici client 887 requests: list-sas > Jul 28 12:00:28 charon > 09[CFG] vici client 887 registered for: list-sa > Jul 28 12:00:28 charon > 07[CFG] vici client 887 connected > > What might be generating these log messages? The IPsec status page and dashboard widget, when your logging level is higher than default. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] CARP/DHCP
On Thu, Jul 28, 2016 at 8:10 AM, scorpions floripa wrote: > Good Morning > > > The dhcp in secondary carp is even distributing IP with the active > master . Anyone know how to solve this ? > It's not a problem, that's how it's supposed to work. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] IPSec log comments
I noted installed packages I backed up my configuration xml, 2.2.4 I replaced hard disk with SSD Installed fresh 32-bit 2.3.2 Installed packages imported config The 3 openvpn clients logged back in with no problem and tunneled VOIP phones logged back in as well. My guest network was unable to reach the internet until I added a line to rules. Not quite sure why it worked with 2.2.4 but did not in 2.3.2. Nonetheless, the pass !LAN statement worked. The only things I am noticing so far is that when I change any preference in the dashboard, the traffic graphs fall back to only showing the WAN traffic. Resetting the traffic graph prefs works until I change a different dashboard pref. The more important is the IPSec log file. The only IPSec config is the mobile client. Here is what I am seeing in the the log when no one is connected. Jul 28 12:01:08 charon 14[CFG] vici client 891 disconnected Jul 28 12:01:08 charon 14[CFG] vici client 891 requests: list-sas Jul 28 12:01:08 charon 10[CFG] vici client 891 registered for: list-sa Jul 28 12:01:08 charon 14[CFG] vici client 891 connected Jul 28 12:01:02 charon 08[CFG] vici client 890 disconnected Jul 28 12:01:02 charon 08[CFG] vici client 890 requests: list-sas Jul 28 12:01:02 charon 08[CFG] vici client 890 registered for: list-sa Jul 28 12:01:02 charon 14[CFG] vici client 890 connected Jul 28 12:00:51 charon 14[CFG] vici client 889 disconnected Jul 28 12:00:51 charon 08[CFG] vici client 889 requests: list-sas Jul 28 12:00:51 charon 08[CFG] vici client 889 registered for: list-sa Jul 28 12:00:51 charon 08[CFG] vici client 889 connected Jul 28 12:00:44 charon 08[CFG] vici client 888 disconnected Jul 28 12:00:44 charon 09[CFG] vici client 888 requests: list-sas Jul 28 12:00:44 charon 12[CFG] vici client 888 registered for: list-sa Jul 28 12:00:44 charon 12[CFG] vici client 888 connected Jul 28 12:00:28 charon 12[CFG] vici client 887 disconnected Jul 28 12:00:28 charon 09[CFG] vici client 887 requests: list-sas Jul 28 12:00:28 charon 09[CFG] vici client 887 registered for: list-sa Jul 28 12:00:28 charon 07[CFG] vici client 887 connected What might be generating these log messages? Googling did not bring anything specific on what it is or how it might be settled down, if it can be. Thanks for your time. P ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] previous / older pfSense release image files
>>> On Jul 13, 2016, at 7:41 AM, Kevin Tollison ktolli...@gmail.com wrote: >>> Go to the mirrors and look for a folder called 'old'. They are all there. This would appear to be no longer be the case. Looking for download 2.3.1 for memstick and none of the searched mirrors have an old folder; I do see plenty of references to it on my Google searching. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] CARP/DHCP
Good Morning The dhcp in secondary carp is even distributing IP with the active master . Anyone know how to solve this ? Thankyou ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] DNS-forwarder through OpenVPN "stopped working" with 2.3.2
Hi again, > From: Philipp Tölke [mailto:philipp.toe...@fos4x.de] > Sent: 27 July, 2016 16:01 > >> Check the system routing table. From the sound of the errors, it would >> appear that the firewall routing table does not include a route back to >> the VPN client subnet. > > Interesting: The routing table has an entry for the VPN network: > > DestinationGatewayFlags Netif Expire > [...] > 10.1.2.0/2410.1.2.2 UGS ovpns2 > 10.1.2.2 link#16UH ovpns2 > > But since the OpenVPN is configured as "net30" the gateway 10.1.2.2 is > not on the same network as most of the querying systems... > > Why has this worked until yesterday? So I dug into this issue some more; the other VPN-Servers all use "subnet" and not "net30" and DNS works. The other VPN-Servers all have routes looking like this: 10.1.0.0/2410.1.0.1 UGS ovpns1 10.1.0.1 link#15UHS lo0 10.1.0.2 link#15UH ovpns1 Changing the route of the net30-VPN to be like the routes of my other VPN-Servers: 10.1.2.0/2410.1.2.1 UGS ovpns2 10.1.2.1 link#16UHS lo0 10.1.2.2 link#16UH ovpns2 Does not help with my issue. Even adding the peer-to-peer configuration of a host to the interface: ifconfig ovpns2 10.1.2.181 10.1.2.182 netmask 255.255.255.255 alias Has not enabled DNS resolving. Resolving using another DNS-Server in my internal net works so this is not a firewall-issue. Is there anything I can do short of rolling out another DNS-Server? Thanks for the help! Philipp ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] DNS-forwarder through OpenVPN "stopped working" with 2.3.2
Hi all, Hi Jim, Thanks for your fast reply! > From: Jim Pingle > Sent: 27 July, 2016 15:37 > > On 07/27/2016 08:45 AM, Philipp Tölke wrote: >> since the update to 2.3.2 yesterday our external devices do not get >> DNS-Replies anymore. > > What version was this firewall running previously? 2.3.1 or 2.3.0. >> We have configured the DNS-Forwarder to listen on the interface and >> sockstat show it's listening on *:53. We have a rule allowing >> everything to pass to "self" on port 53. >> >> With tcpdump I can see that the queries reach the firewall but no >> responses get send out. >> >> The log of the DNS-Forwarder shows many entries like "Jul 27 14:36:22 >> dnsmasq 83840 failed to send packet: Host is down". >> >> Is this a known problem? Is there anything I can do? > > Check the system routing table. From the sound of the errors, it would > appear that the firewall routing table does not include a route back to > the VPN client subnet. Interesting: The routing table has an entry for the VPN network: DestinationGatewayFlags Netif Expire [...] 10.1.2.0/2410.1.2.2 UGS ovpns2 10.1.2.2 link#16UH ovpns2 But since the OpenVPN is configured as "net30" the gateway 10.1.2.2 is not on the same network as most of the querying systems... Why has this worked until yesterday? Cheers, Philipp ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Alerts
Thank you! 2016-07-27 10:41 GMT-03:00 Jim Pingle : > On 07/27/2016 07:47 AM, Luis G. Coralle wrote: > > Hello everyone. > > Someone knows how pfsense considered an alert? They can be customized? > > There is list? > > There isn't an official list, but it's not very long. Usually > emergency-level events or events at the very least that require the > attention of an administrator, such as: > > * config.xml missing or unreadable > * SSH keys on the firewall changed > * GEOM Mirror drive status changed (e.g. degraded or rebuilt) > * Firewall ruleset failing to load > * XMLRPC communication errors for HA configurations > * RAM too low to properly run pfSense > * Problems with the configuration that were not rejected in previous > versions but are invalid (Alias names consisting of only numbers, > removed features that were deactivated like L7) > * Virtual IP addresses that cannot be applied to interfaces > * DHCP configuration problems that prevent the service from starting > > There are a couple others but that's the bulk of them. At the moment > there is not a way to customize the list. > > Jim > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- Luis G. Coralle ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] script updates / partial automation
Hi all out of an issue I had the idea to automatize (not full / partly interactive) my updates of pfsenses is there any special thing to do - or does it be enough to script some templates etc with. pfSense-upgrade -c pkg clean pkg update pkg upgrade reboot pfSense-upgrade -d Idea is also to update packages as well many thanks to all br Stephan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] yesterday update to 2.3.2 has not worked - these machines now can not update any more
Hi tnx to Ivo - this has worked well: pkg clean pkg update pkg upgrade reboot Chris hint has not worked - but after Ivos hints all went well. Afterwards I did also: /root: pfSense-upgrade -d >>> Updating repositories metadata... Updating pfSense-core repository catalogue... pfSense-core repository is up-to-date. Updating pfSense repository catalogue... pfSense repository is up-to-date. All repositories are up-to-date. :-) by some units it was blocked to update kernel from pf v2.3.1.5 to v.2.3.2. reboot and doing upper commands again helbed out many thanks to all br Stephan Besten Dank. Freundliche Grüsse, WolfSec-Support WolfSec Postanschrift: Swiss Post Box: 104213 Zürcherstrasse 161 CH-8010 Zürich Office ZH: Seestrasse 59 CH-8708 Männedorf http://www.wolfsec.ch 2016-07-28 5:56 GMT+02:00 Chris Buechler : > On Wed, Jul 27, 2016 at 8:53 AM, WolfSec-Support > wrote: > > Hi Jim > > > > Many thanks for your hint. > > Well it is still not working. > > > > See: > > > Updating repositories metadata... > > Updating pfSense-core repository catalogue... > > pfSense-core repository is up-to-date. > > Updating pfSense repository catalogue... > > Fetching meta.txz: . done > > Fetching packagesite.txz: ... done > > pkg: > > > https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz > : > > Operation timed out > > Unable to update repository pfSense > > > > May something else was broken in update progress ? > > > > No, there were some server issues at that time which caused some > timeouts like you got there. It's been fixed since this morning > shortly after your message here, give it another shot and I'm sure > it'll be fine. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
