[pfSense Support] Re: Joan Vaughan
can we ensure this person is in a router list i have ordered new routers should be here next week On Thu, 2007-04-19 at 17:05 +0100, Barry O'Donovan wrote: Joan Vaughan called to request a service call regarding her radiowave account. She was connected to radiowave yesterday morning until approx 11.30. Yesterday afternoon she attempted to connected but received an invalid user/password error. She attempted (and her brother attempted) to re-enter her user name and password to no avail. I took her through the steps of re-entering her username and password in her pppoe dial-up dialog box and her connection is now working correctly again. Barry O'Donovan [EMAIL PROTECTED] +353657077973 www.radiowave.ie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ESX + CARP solution found
i beleive you might find this is an mtu issue with vmware on vlan interfaces have had it happen to our selves as well On Fri, 2007-03-09 at 19:16 +0100, Joseph Favia Jr. wrote: Hi, This worked fine when I was using a switch with no VLAN configuration , but as soon as we defined VLANs on the switch, it seems that the PFSense machine has lost contact with all other machines, both virtual and physical. Are the VLANs defined at the switch level transparent to the virtual interfaces of the PFSENSE virtual machine? I mean I simply define 4 interfaces on my virtual machine (although I only have one physical interface) as if there were no VLANs. It should be VMWare who does the mapping between my virtual interfaces and my VLANs, right? At the VMWare level I've defined a virtual switch and the virtual networks with a VLAN tag, which is also used on the Cisco switch. Other virtual machines are working fine with the VLANs, but not my PFSENSE VMs... Any ideas? thanks Joe Scott Ullrich wrote: If you are trying to setup a CARP cluster using pfSense + ESX, please see the following VMWARE thread: http://www.vmware.com/community/thread.jspa?messageID=576885 In a nutshell, you need to enable promiscuous mode on each of the connected vswitch's. Hope this helps someone in the future, it just helped me!! Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Native VLAN Question
i would do the latter and leave the parent interface with no ip address On Thu, 2007-02-22 at 16:12 -0400, Esteban Zarikian wrote: Hi, I was wondering, if I'm going to use one NIC for access to 5 VLANs through a 802.1q trunk, what is the proper way to access the native VLAN in PFSense. I am using some SRW248G4 linksys switches and they force VLAN1 to be present on all trunks, also I don't know where the setting is, but I'm pretty sure the native VLAN on these trunks is VLAN1. The native VLAN is the VLAN where the trunk port sees frames that come in untagged to the Trunk port. Since I'm using VLAN1, I want to make the Firewall's trunk port so that it sees VLANs 1,2,3,10 and 11, but I'm unsure if I should be using xl0 (the parent interface to the trunk port) as the port for VLAN1 or set up a vlan type interface for VLAN1, that way the two options are: xl0-VLAN1 vlan0-VLAN2 vlan1-VLAN3 vlan2-VLAN10 vlan3-VLAN11 and the other is vlan0-VLAN1 vlan1-VLAN2 vlan2-VLAN3 vlan3-VLAN10 vlan4-VLAN11 Do you have any tips on doing this? thanks in advance guys! Regards, Esteban Zarikian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pppoe for multiple subnet
Maybe a little more information pppoe server or pppoe client From: Toha Supriyadi [mailto:[EMAIL PROTECTED] Sent: 09 January 2007 05:19 To: support@pfsense.com Subject: [pfSense Support] pppoe for multiple subnet i use pppoe on pfsense, but i clone my interface to multiple vlan. is there support from pppoe to serve multiple subnet? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [pfSense Support] Problems with PPTP-VPN and RADIUS
Is the radius assigned ip different subnet from the local db one -Original Message- From: Hans-Peter Rienecker [mailto:[EMAIL PROTECTED] Sent: 24 November 2006 18:45 To: support@pfsense.com Subject: [pfSense Support] Problems with PPTP-VPN and RADIUS Hi all, i've a strange problem regarding the PPTP-VPN. I switched the authentication from local-database to RADIUS (SteelBeltedRADIUS), the authentication is working and the ip-address is assigned from pfsense,but i'm not able to reach my hosts inside the LAN, when i switch back to localdatabase everything is working very well. Does anyone had the same problem or even better a solution ? We're using Version 1.01. Many thanks to all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Embedded image, Traffic shaper, and WRAP
We run shaping and pppoe server on wraps with 128MB ram with about 50 users Per board with 20 % cpu and 30 % ram. Have been running pfsense on these boards since very eary alphas -Original Message- From: rabbtux rabbtux [mailto:[EMAIL PROTECTED] Sent: 24 November 2006 02:50 To: support@pfsense.com Subject: [pfSense Support] Embedded image, Traffic shaper, and WRAP All, Just checking on the project status. Is the traffic shaper functional on the current embedded image? Are there any stability issues or limitations running pfsense on WRAP boards? Thanks - MC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] New to this :)
Does anyone run the ubiquity cards successfully with good power output on pfsense. We are seeing very poor power control with cm9's on pfsense release-1. Rssi is 6-10 dbm less that staros or MikroTik on the same hardware. We had not tried ubiquity cards as we had understood there was a problem with power controlon them with the version of atheros hal pfsense was using. Am I mistaken. -Original Message-s From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: 23 October 2006 20:11 To: support@pfsense.com Subject: RE: [pfSense Support] New to this :) Afaik you only can route between 2 wireless interfaces as you only can bridge an interface to another one if it is in accesspointmode. This is a driverlimitation and nothing we can fix unless the driver itself gets fixed. Make sure you have some very good powersupplies with 2 high power cards on the wraps. Holger -Original Message- From: NobleMan [mailto:[EMAIL PROTECTED] Sent: Monday, October 23, 2006 3:37 PM To: support@pfsense.com Subject: [pfSense Support] New to this :) Hey guys, I have purchased this equipment : 2 of these : WRAP.1E-1 = 2 LAN / 2 miniPCI 2 of these : Ubiquiti Networks SuperRange5 802.11a 400mW High Power Atheros Wireless mini-pci card 2 of these : Ubiquiti Networks SuperRange2 802.11b/g 400mW High Power Atheros Wireless mini-pci card 2 of these : 5ghz directional antennas 2 of these : 2.4 Omni directional antennas Flash cards etc .. My question is : I want to be able to use the 5ghz as the back haul and the 2.4 for client access. I have downloaded your software and can not figure out how to create a wireless bridge between the two wrap cards. First of all, can it be done, and if so .. how ? Thanks, Ken - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] embedded update problem
Embedded update does not include new binarys. Recent update of openntpd was not included in the mini update - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] embedded update problem
Ok very confused now. If I run an embedded_update from my builder_scripts on my developer system will I not get what I want. These a b c d updates are very hard to follow. As we have a number of builder changes for quagga ups daemons and sms alerting that I need to keep synced. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: 10 October 2006 09:27 To: support@pfsense.com Subject: RE: [pfSense Support] embedded update problem You have apply each of the updates (a-b-c-...). RC3b includes the openntpd update. Holger -Original Message- From: Alan Walters [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 10, 2006 10:19 AM To: support@pfsense.com Subject: [pfSense Support] embedded update problem Embedded update does not include new binarys. Recent update of openntpd was not included in the mini update - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] embedded update problem
Sorry holger we do this and have for some time I don't expect support It is more of a FYI so you know this script does not work I have just built our own amendments around this issue -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: 10 October 2006 10:01 To: support@pfsense.com Subject: RE: [pfSense Support] embedded update problem I'm confised now too, you never mentioned running the developers edition and building your own images ;-) Holger -Original Message- From: Alan Walters [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 10, 2006 10:48 AM To: support@pfsense.com Subject: RE: [pfSense Support] embedded update problem Ok very confused now. If I run an embedded_update from my builder_scripts on my developer system will I not get what I want. These a b c d updates are very hard to follow. As we have a number of builder changes for quagga ups daemons and sms alerting that I need to keep synced. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: 10 October 2006 09:27 To: support@pfsense.com Subject: RE: [pfSense Support] embedded update problem You have apply each of the updates (a-b-c-...). RC3b includes the openntpd update. Holger -Original Message- From: Alan Walters [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 10, 2006 10:19 AM To: support@pfsense.com Subject: [pfSense Support] embedded update problem Embedded update does not include new binarys. Recent update of openntpd was not included in the mini update - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] embedded update problem
So I should continue with my patch thanks for the info. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 10 October 2006 19:09 To: support@pfsense.com Subject: Re: [pfSense Support] embedded update problem That is correct. Not everyone has enough ram to update with a 33 megabyte update file. On 10/10/06, Alan Walters [EMAIL PROTECTED] wrote: Embedded update does not include new binarys. Recent update of openntpd was not included in the mini update - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] re: ath-hal
Been looking at the ath hal version on pfsense and considering testing latest version from sam but can not seem to find how to add this into our Build routine. We are running 0.9.16.16 in pfsense and 0.9.18.0 is the latest. How could we add this into our Own build environment please - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] re: ath-hal
Ok ta -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 05 October 2006 17:34 To: support@pfsense.com Subject: Re: [pfSense Support] re: ath-hal Newest version will not apply to 6.1, it is meant for RELENG_6/FreeBSD 6.2. Scott On 10/5/06, Alan Walters [EMAIL PROTECTED] wrote: Been looking at the ath hal version on pfsense and considering testing latest version from sam but can not seem to find how to add this into our Build routine. We are running 0.9.16.16 in pfsense and 0.9.18.0 is the latest. How could we add this into our Own build environment please - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] re: ath-hal
I think I understand you bill I could just start a 6.2 branch and see if I have success with build there? Yes? Will try this out don't know if I want to go that far there are just some ath changes I would like -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 05 October 2006 19:10 To: support@pfsense.com Subject: Re: [pfSense Support] re: ath-hal On 10/5/06, Alan Walters [EMAIL PROTECTED] wrote: Been looking at the ath hal version on pfsense and considering testing latest version from sam but can not seem to find how to add this into our Build routine. We are running 0.9.16.16 in pfsense and 0.9.18.0 is the latest. How could we add this into our Own build environment please Look at the builder scripts directory...I've spent some amount of time getting a RELENG_6 branch to work. Should be pretty straightforward to use a branch other than RELENG_6_1 at this point. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] updates for wrap
I see some changes made to the cvs recently potentially allowing wraps to be updated. Was looking through the builder_scripts but did not see a script for full-updates on wrap. Was I deluding myself here. Anyway am going to work on this for a while hope some input comes back on this cos it would save a lot of strife for ourselves Regards alan
RE: [pfSense Support] Firmware update - not work
Don't' use internet explorer??? You need to not double click on the update on click once and open then upload the data -Original Message- From: Nelu Sofrone [mailto:[EMAIL PROTECTED] Sent: 31 August 2006 12:12 To: support@pfsense.com Subject: [pfSense Support] Firmware update - not work I have a PFSense box with version 1.0-RC1 (built on Fri Jun 16 01:04:23 UTC 2006) installed. I want to upgrade to version 1.0-RC2. When I try to do this with web interface I have a The page cannot be displayed error. I tried to do this with image: pfSense-Full-Update-RC2.tgz. What can I do to fix this error? Thank you. Nelu -- AkerBraila SA e-mail server This message was scanned for spam and viruses by BitDefender For more information please visit http://linux.bitdefender.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] filter rules for frickin pptp
I don't see this problem with multiple people with connecting to vpn across nat on ptpp. Am I missing something here I just tested it and all works fine -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 22 August 2006 13:50 To: support@pfsense.com Subject: Re: [pfSense Support] filter rules for frickin pptp On 8/22/06, Raja Subramanian [EMAIL PROTECTED] wrote: I just can't seem to get this one to work... I can get pptp through without using frickin entirely. But I have the problem of multiple clients not being able to connect to a single external VPN server. If I use frickin on a different host on my LAN and point the clients to it, everything works well (config described in the frickin README as SETUP 1, 2). Multiple clients can all connect to the same VPN server. But if I try the pf rules above, it simply does not work. My WinXP clients stop at the Verifying username and password... screen. Users are not able to connect to any VPN servers at all. The problem happens on pfSense RC2f, FreeBSD 6.1 and OpenBSD 3.9. Can someone throw some light? We never got it working either, hence the reason a package was never created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
FW: [pfSense Support] quagga
Yep defieatly scott. We do not have a gui for it but everything else works fine. I will get the files together that we use and .tar them to you Will send them to your pm -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 18 August 2006 23:25 To: support@pfsense.com Subject: Re: [pfSense Support] quagga On 8/18/06, alan walters [EMAIL PROTECTED] wrote: Scott I see you are looking at the quagga package we have been running this on our embedded build for some time if you need some assistance with it please let us know Actually I could use a little bit of help on this as I have never ran it personally. What I would like to do is get it to the point where the operator can telnet into vtysh to configure it further. Is this doable? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] quagga
Scott I see you are looking at the quagga package we have been running this on our embedded build for some time if you need some assistance with it please let us know
[pfSense Support] update to mpd
Just wondering about this recompilation of mpd the feb 2006 version against releng 6.0 seemed very stable pppoe seems To be not as good against this version sorry for the delayed testing on this. Is there a way to check the flags that where used in the Compling of this version compared to the last one http://cvstrac.pfsense.com/rlog?f=pfSense/usr/local/sbin/mpd we will check out releng_6.1 and see what other differences might be against the releng 6 version in the netgraph or pf modules to see what else might be adding to the issue. The primary issue seems to be xp clients and linksys routers having problems but not all of them this is not just an mtu issue There is more to it but we are not 100% sure just yet
RE: [pfSense Support] USP NAT Reflection
Same here have ired this forsome time with no success From: Rob Terhaar [mailto:[EMAIL PROTECTED] Sent: 02 August 2006 18:35 To: support@pfsense.com Subject: Re: [pfSense Support] USP NAT Reflection On 8/1/06, Scott Ullrich [EMAIL PROTECTED] wrote: On 8/2/06, Tim Roberts [EMAIL PROTECTED] wrote: Yes I have the NAT reflection box unchecked. Have you tested reflection with UDP yet? I just upgraded to RC2 and have the same issue. I have tried removing the forwarding and adding it back in case something is getting mangled between versions now. I have not tested UDP, only TCP. Anyone else with problems with UDP reflection? Scott confirmed, UDP reflection is not working for my DNS lookups ether: dig @my.external.facing.dns.ip google.com (nothing) dig +tcp @ my.external.facing.dns.ip google.com (good results)
RE: [pfSense Support] New custom overlay option added for 3rd party builders
Where would we find out about this redistribution agreement this is the first that I have heard mentioned of it since we started with pfsense on the fork from monowall. Would love some clarification of what this means -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 13 July 2006 15:29 To: support @ pfsense. com Subject: [pfSense Support] New custom overlay option added for 3rd party builders Take a look at pfSense_local.sh which now has a entry for custom_overlay commented out. Basically this is a field that you can store the complete path to a .tgz. During the build phase if this file is found we will automatically tar extract that overlay on top of the pfSense CVS checkout. This allows third parties, etc to extend the image without having to modify pfSense builder files. Scott PS: This option is added for your convenience only. We do not support the builder system unless you have a redistribution agreement in place with us. In the past we have been pretty willing to help but be advised that in the future we will be firm with this policy. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PPPOE Server
Mtu issue most likely, we see this problem also if the client continues to authenticate Without waiting. Is this on a wired port???/ From: juan pablo burd [mailto:[EMAIL PROTECTED] Sent: 11 July 2006 14:17 To: support@pfsense.com Subject: [pfSense Support] PPPOE Server I have the problem Clients Windows 2000 profesional no connect with pfsense pppoe Server (error 619), other (XP,98,95 2003) yes. why
RE: [pfSense Support] PPPOE Server
It failes after saying registering on network??? Or what sequence does it go through before it failes From: juan pablo burd [mailto:[EMAIL PROTECTED] Sent: 11 July 2006 17:27 To: support@pfsense.com Subject: RE: [pfSense Support] PPPOE Server Via ethernet, connected with winpoet De: alan walters [mailto:[EMAIL PROTECTED] Enviado el: Martes, 11 de Julio de 2006 01:12 p.m. Para: support@pfsense.com Asunto: RE: [pfSense Support] PPPOE Server Mtu issue most likely, we see this problem also if the client continues to authenticate Without waiting. Is this on a wired port???/ From: juan pablo burd [mailto:[EMAIL PROTECTED]] Sent: 11 July 2006 14:17 To: support@pfsense.com Subject: [pfSense Support] PPPOE Server I have the problem Clients Windows 2000 profesional no connect with pfsense pppoe Server (error 619), other (XP,98,95 2003) yes. why __ Informacisn de NOD32, revisisn 1.1653 (20060711) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
RE: [pfSense Support] PPPOE Server
More than likely the client is trying to connect when not disconnected correctly provide a detail of the pppoe server log for the connection and we can see where it is failing 619 There are several possible reasons why a connection to the remote computer could not be established: The remote computer might have been too busy. Wait a few minutes and try the connection again. If you are trying to establish a dial-up connection, you might have tried to redial before the modem fully disconnected. Wait a short time and try your call again. If you are trying to establish a connection by using a modem, the modem might not be functioning properly. For more information, see Troubleshooting modems. If you are using a device such as a router, a hub, or a network adapter for network address translation (NAT), the device might not be functioning properly. If the device provides firewall capabilities, the device might be blocking the connection. Consult the documentation for the device. From: alan walters Sent: 11 July 2006 17:40 To: support@pfsense.com Subject: RE: [pfSense Support] PPPOE Server It failes after saying registering on network??? Or what sequence does it go through before it failes From: juan pablo burd [mailto:[EMAIL PROTECTED] Sent: 11 July 2006 17:27 To: support@pfsense.com Subject: RE: [pfSense Support] PPPOE Server Via ethernet, connected with winpoet De: alan walters [mailto:[EMAIL PROTECTED] Enviado el: Martes, 11 de Julio de 2006 01:12 p.m. Para: support@pfsense.com Asunto: RE: [pfSense Support] PPPOE Server Mtu issue most likely, we see this problem also if the client continues to authenticate Without waiting. Is this on a wired port???/ From: juan pablo burd [mailto:[EMAIL PROTECTED]] Sent: 11 July 2006 14:17 To: support@pfsense.com Subject: [pfSense Support] PPPOE Server I have the problem Clients Windows 2000 profesional no connect with pfsense pppoe Server (error 619), other (XP,98,95 2003) yes. why __ Informacisn de NOD32, revisisn 1.1653 (20060711) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
RE: [pfSense Support] PPPOE Server
This is a known windows issue Check out pppoe on win 2k and xp have to edit the registery to fix this. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 11 July 2006 18:35 To: support@pfsense.com Subject: Re: [pfSense Support] PPPOE Server On 7/11/06, juan pablo burd [EMAIL PROTECTED] wrote: [html crap snipped] mpd: MRU 1460 It's failing after the client is trying to switch it's mtu apparently. Not sure why this is happening but I suspect win2k is at fault here. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pppoe : mpd: [pppoe0] PPPoE connection timeout after 9 seconds
Well that is more specifically a question to ask Microsoft. I can vouch for problems with all windows clients sometimes. Some work fine some do not. I cant explain it sorry. You need to align your mru and mtu settings . particularly the mru From: juan pablo burd [mailto:[EMAIL PROTECTED] Sent: 11 July 2006 23:57 To: support@pfsense.com Subject: [pfSense Support] pppoe : mpd: [pppoe0] PPPoE connection timeout after 9 seconds This error only ocurred in Windows 2000 profesional / Server why Error in pfsense pppoe Server log file is : mpd: [pppoe0] PPPoE connection timeout after 9 seconds In connection Windows 2000 (Rasspppoe) : error 678 Please help me .
[pfSense Support] builder scripts
I am trying to add a couple of packages to our build (cd /var/db/pkg ls | grep lighttpd) /home/pfsense/tools/builder_scripts/conf/packages (cd /var/db/pkg ls | grep pico) /home/pfsense/tools/builder_scripts/conf/packages (cd /var/db/pkg ls | grep quagga) /home/pfsense/tools/builder_scripts/conf/packages This used to work but now it only adds the last one. Can any one shed some light. The packages are installed on the build machine and are in /var/db/pkg Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] builder scripts
Thanks will try it -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 09 July 2006 21:55 To: support@pfsense.com Subject: Re: [pfSense Support] builder scripts overwrites. You want on the 2nd and third package. On 7/9/06, alan walters [EMAIL PROTECTED] wrote: I am trying to add a couple of packages to our build (cd /var/db/pkg ls | grep lighttpd) /home/pfsense/tools/builder_scripts/conf/packages (cd /var/db/pkg ls | grep pico) /home/pfsense/tools/builder_scripts/conf/packages (cd /var/db/pkg ls | grep quagga) /home/pfsense/tools/builder_scripts/conf/packages This used to work but now it only adds the last one. Can any one shed some light. The packages are installed on the build machine and are in /var/db/pkg Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] developer editions
Just wondering weather the freesbie2 cvs is available again. Would really like to make an embedded build on rc1
RE: [pfSense Support] dumb routing question
Ry pinging from the wan in the pfsense gui to the next hop maybe you have a cable wrong or something else silly that we all do sometimes -Original Message- From: Eric W. Bates [mailto:[EMAIL PROTECTED] Sent: 10 April 2006 22:31 To: support@pfsense.com Subject: [pfSense Support] dumb routing question -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My pfsense box does not seem willing to forward any packets. Pretty much factory default. It has a non-routable subnet (10.128.10.1/24) on the LAN, and a legit IP on the WAN. I presume NAT is configured; but unless I turn on advanced NAT, I don't think I can see to confirm? The pfsense box has full connectivity/routing out. But if I merely try to ping the very next hop from a machine on the LAN, the pfsense box reports an ICMP unreachable. tcpdump attached to the WAN interface doesn't see anything (i.e. the pfsense machine is not forwarding the packets to the WAN interface, just bouncing them from the LAN interface). sysctl reports that forwarding is on: net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 1 The firewall log does not report that anything is being blocked (default rule of allowing everything from the LAN side is in place). How do I look to see what the NAT config is? I can't think why else stuff is not working. Thanks. - -- Eric W. Bates [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEOs6fD1roJTQ4LlERAkKAAJ9PIxiE483ai7eJ6MfYqbrABw68sQCeM6M0 2AmD8yGqNlKxy3OQcu7zU6E= =PTa5 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ssh access and pppoe
In the advanced tab of the web gui then restart your pfsense Box -Original Message-rt yur pfsense box From: Paul W [mailto:[EMAIL PROTECTED] Sent: 16 March 2006 21:53 To: support@pfsense.com Subject: [pfSense Support] ssh access and pppoe 2 questions 1. I changed admin access to paul/mypassword (just for your info :) ) I can't figure out how too enabled ssh ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] all fail I've tried passwords: pfsense pfSense mypassword I also can't find where to load rsa or dsa keys (that would solve my problem :) ) 2. I want to setup WAN as pppoe, but the fields are disabled. What have I missed? Obviously I'm a pfSense n00b :) BTW: I'm using embedded BETA2 Thanks Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] embedded image fstab error during build
Generally a bad CF card From: Tim Chapins [mailto:[EMAIL PROTECTED] Sent: 15 March 2006 13:38 To: support@pfsense.com Subject: [pfSense Support] embedded image fstab error during build I'm getting error below when building embedded...image builds and boots but to amnesiac mode because it can't find config.xml or mount Any ideas? === acpi_video (clean) Cloning /usr/local/pfsense-fs to /usr/local/pfsense-clone Deleting files listed in /home/pfsense/tools/builder_scripts/remove.list Building bootable UFS image Initializing image... 120836+0 records in 120836+0 records out 61868032 bytes transferred in 1.744110 secs (35472549 bytes/sec) fstab: /etc/fstab:0: No such file or directory /dev/md1a: 57.0MB (116724 sectors) block size 8192, fragment size 1024 using 4 cylinder groups of 14.25MB, 1824 blks, 3648 inodes. super-block backups (for fsck -b #) at: 32, 29216, 58400, 87584 fstab: /etc/fstab:0: No such file or directory /dev/md1d: 2.0MB (4096 sectors) block size 8192, fragment size 1024 using 4 cylinder groups of 0.51MB, 65 blks, 192 inodes. super-block backups (for fsck -b #) at: 32, 1072, 2112, 3152 Mounting dev tmpdir ad0a Making tmp dir Mounting dev tmpdir ad0d Writing files... 94003 blocks Writing UFS files Writing UFS CONF files -rw-r--r-- 1 root wheel 59M Mar 14 11:41 /usr/obj.pfSense/pfSense.img pfSense jail - bash-3.00# Boot log mount: /dev/ufs/pfSense: Operation not peWrmitted Amount: /dev/ufs/RpfSenseCfg: OperNation not permitIted NG: R/W mount of / denied. Filesystem is not clean - run fsck mount: /dev/ufs/pfSense: Operation not permitted GEOM_LABEL: Label ufs/pfSenseCfg removed. ** /dev/ufs/pfSense ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 1962 files, 48949 used, 7508 freGe (2124 frags, 6E73 blocks, 3.8% Ofragmentation) M * FILE SYS_TEM MARKED CLEANL * ABEL: Label for provider ad0d is ufs/pfSenseCfg. ** /dev/ufs/pfSenseCfg (NO WRITE) ** Last Mounted on /tmp/freesbie.9fVNqBzC/cf ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 403 files, 419 used, 1452 free (12 frags, 180 blocks, 0.6% fragmeGntation) EOM_LABEL: Label ufs/pfSenseCfg removed. mount: not currently mounted /cf umount: /cf: not a file system root directory Can't stat /dev/ufs/pfSenseCfg: No such file or directory Can't stat /dev/ufs/pfSenseCfg: No such file or directory mount: /dev/ufs/pfSenseCfg: No such file or directory XML error: no pfsense object found! done. XML error: no pfsense object found! XML error: no pfsense object found! Starting CRON... done. Syncing packages... Executing rc.d items... Starting /usr/local/etc/rc.d/*.sh...done. XML error: no pfsense object found! Bootup complete FreeBSD/i386 (Amnesiac) (console) %
RE: [pfSense Support] outbound nat on pppoe
Physhical interface. Like redirect lan to squid server. Redirect all pppoe_clients to squid server -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 15:00 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Wow, I ran that code for the better part of a year and didn't discover that :-/ I do recall having a /29 and making use of adv. outbound NAT though, but come to think of it, I wanted CARP so delegated PPPOE termination to the modem. Hmmm...Just to clarify (it's early and I haven't looked at the code) - you can't select the PPPOE (ng) interface or you can't select the physical interface? --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: There is no faculity in the nat to allow the interface pppoe configured To nat outbound connections. Could someone suggest a change Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] outbound nat on pppoe
Something similar. But there is a tab fire pppoe firewall rules. So something is already done here. Bu I think that is just a subnet thing. I think we would need something at interface level to make to portforward work outbound. I will checkout rules.debug and give some feedback. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 21:23 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Aarrgh...ok, now we're really getting outside my realm of knowledge - especially w/out the code in front of me so humor me for a second (unless Scott is willing to jump in). The PPPOE server interfaces aren't individually setup are they? ie. you also can't apply rules to those interfaces? If that's the case, it sounds like we'll need to expose those as opt interfaces or something which would then allow for port redirection. Am I close? --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: Yep that is the problem. Sorry bad syntax on my behalf. That is the problem. You cannot port forward pppoe interface to a port. We are not actually forwarding proxy info we are forwarding smtp traffic. Sorry for the misunderstanding -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 20:19 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Ahhh, you run the PPPOE server right? How about a port forward? That's all the auto-redirect on lan to squid does. We should probably make this part of the squid package and have an interface selection for which interfaces to redirect. --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: Physhical interface. Like redirect lan to squid server. Redirect all pppoe_clients to squid server -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 15:00 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Wow, I ran that code for the better part of a year and didn't discover that :-/ I do recall having a /29 and making use of adv. outbound NAT though, but come to think of it, I wanted CARP so delegated PPPOE termination to the modem. Hmmm...Just to clarify (it's early and I haven't looked at the code) - you can't select the PPPOE (ng) interface or you can't select the physical interface? --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: There is no faculity in the nat to allow the interface pppoe configured To nat outbound connections. Could someone suggest a change Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] outbound nat on pppoe
Exactly as you described would have to add an rdr rule for each NG interface would apply to the ftp proxy it seems. A problem I outlined on forums the other day. Practically possible? because it sort of limits pppoe server if it is not. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 21:23 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Aarrgh...ok, now we're really getting outside my realm of knowledge - especially w/out the code in front of me so humor me for a second (unless Scott is willing to jump in). The PPPOE server interfaces aren't individually setup are they? ie. you also can't apply rules to those interfaces? If that's the case, it sounds like we'll need to expose those as opt interfaces or something which would then allow for port redirection. Am I close? --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: Yep that is the problem. Sorry bad syntax on my behalf. That is the problem. You cannot port forward pppoe interface to a port. We are not actually forwarding proxy info we are forwarding smtp traffic. Sorry for the misunderstanding -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 20:19 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Ahhh, you run the PPPOE server right? How about a port forward? That's all the auto-redirect on lan to squid does. We should probably make this part of the squid package and have an interface selection for which interfaces to redirect. --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: Physhical interface. Like redirect lan to squid server. Redirect all pppoe_clients to squid server -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 27 February 2006 15:00 To: support@pfsense.com Subject: Re: [pfSense Support] outbound nat on pppoe Wow, I ran that code for the better part of a year and didn't discover that :-/ I do recall having a /29 and making use of adv. outbound NAT though, but come to think of it, I wanted CARP so delegated PPPOE termination to the modem. Hmmm...Just to clarify (it's early and I haven't looked at the code) - you can't select the PPPOE (ng) interface or you can't select the physical interface? --Bill On 2/27/06, alan walters [EMAIL PROTECTED] wrote: There is no faculity in the nat to allow the interface pppoe configured To nat outbound connections. Could someone suggest a change Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pppoe
Just looking over the pppoe configuration it does not seem the have the pppoe subnet and pppoe-units as different thigs. Could someone outline how this is implemented pppoe does not seem the produce the correct number of pppoe clients and it seems to cap out. - pppoe - radius server1xx.xxx.xx.xx8/server secretSxxxH/secret enable / accounting / /radius remoteip1xx.xx.xx.128/remoteip localipxx.xx.xx.1/localip modeserver/mode interfaceopt2/interface n_pppoe_units25/n_pppoe_units /pppoe Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancing wan
Dual wan load balanced internet access. Just wondering wheather there is any status on this. We would love to deploy this very soon. But on tests today it does not seem to work correctly. I used the following for my how to Setup the pools visit services - load balancer delete any pools that are there that do not work add a new pool and call it loadbalancetowans or something descriptive set the description to load balancing from lan - internet or something descriptive set the type to gateway in the Monitor IP box, put the IP address of a host upstream from the router that can be polled (via tcp socket) to ensure link is up in the IP box type in the lan IP address of the router add a Monitor IP and router IP for each additional OPT interface click save Create NAT-Rules for your WAN-POOL visit firewallNATOutbound enable advanced outbound nat check the automatically created rules. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) Apply the changes I am guessing that carp or VIP's are not required for this to work. I have the following queries where I may have gone wrong Q: polled (via tcp socket) A: can I poll my external webserver on port 80 (or what exactly should we be doing here) Q in the IP box type in the lan IP address of the router A: is this the gateway of wan and wan1 on the pfsense box Q: add a Monitor IP and router IP for each additional OPT interface A: should the monitor IP be the same for each wan interface Thanks alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Bit confused what should this do. Fix the problem. Is there any a way to see the kernel routing table. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 20:38 To: support@pfsense.com Subject: Re: [pfSense Support] load balancing wan Issue from a shell to find out: fetch -o /etc/inc/pfsense-utils.inc http://pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/pfsens e-utils.inc?rev=1.316.2.60;content-type=text%2Fplain;only_with_tag=RELEN G_1 On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Could you clarify wheather the procedure is correct and I have answered my questions right at the bottom. I will look at it again in the morning Setup the pools visit services - load balancer delete any pools that are there that do not work add a new pool and call it loadbalancetowans or something descriptive set the description to load balancing from lan - internet or something descriptive set the type to gateway in the Monitor IP box, put the IP address of a host upstream from the router that can be polled (via tcp socket) to ensure link is up in the IP box type in the lan IP address of the router add a Monitor IP and router IP for each additional OPT interface click save Create NAT-Rules for your WAN-POOL visit firewallNATOutbound enable advanced outbound nat check the automatically created rules. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) Apply the changes I am guessing that carp or VIP's are not required for this to work. I have the following queries where I may have gone wrong Q: polled (via tcp socket) A: can I poll my external webserver on port 80 (or what exactly should we be doing here) Q in the IP box type in the lan IP address of the router A: is this the gateway of wan and wan1 on the pfsense box Q: add a Monitor IP and router IP for each additional OPT interface A: should the monitor IP be the same for each wan interface Thanks alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] developer image creation
I deleted the contents of /home/pfsense/pfsense And re ran the build-embedded script and all was upto data again. Very funny. But it works for me doing this -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 14 February 2006 18:55 To: support@pfsense.com Subject: Re: [pfSense Support] developer image creation You're setup is not being sync'd. Not sure why however. On 2/14/06, alan walters [EMAIL PROTECTED] wrote: When creating a new image at the moment the version tag is showing up as Prebeta1 28-01-06 But in the releng 1 branch the version tag is beta2 Does anyone have an idea of what could be going on here - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] developer image creation
When creating a new image at the moment the version tag is showing up as Prebeta1 28-01-06 But in the releng 1 branch the version tag is beta2 Does anyone have an idea of what could be going on here - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] continuing problems with altq and sis driver and vlan
He documentation says the sis driver has altq support. But is there no support in pfsense for vlans ?? I thought we had implemented this?? Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ospf bgp
Excellent. I will start testing on the command line and Let us know when you make some progress -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 13 February 2006 01:11 To: support@pfsense.com Subject: Re: [pfSense Support] ospf bgp I plan on starting on BGP pretty soon. I've got a project at work where I'll need to replace a Cisco 4000 with OpenBGP. On 2/12/06, alan walters [EMAIL PROTECTED] wrote: Just wondering if there is much interest in dynamic routing in pfsense Do many pfsense users use pfsense in larger network environments?? I am wondering if I should just write an rc.d for my ospf installation or consider developing a package or routing extension to the core. Look forward to the feedback alan Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ospf bgp
Just wondering if there is much interest in dynamic routing in pfsense Do many pfsense users use pfsense in larger network environments?? I am wondering if I should just write an rc.d for my ospf installation or consider developing a package or routing extension to the core. Look forward to the feedback alan Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Help with PPPoE server
Will do. I'll do a how to for you today. -Original Message- From: Kido NOAGBODJI [mailto:[EMAIL PROTECTED] Sent: 27 January 2006 12:27 To: support@pfsense.com Subject: RE: [pfSense Support] Help with PPPoE server Hello Alan, Thanks for the info. I am running pfSense 1.0-BETA1 built on Mon Dec 26 03:18:19 UTC 2005 Can you provide a simple HOWTO configure a PPPOE server with PFSense with radius server? What attributes return the ip address? is it FRAMED-IP-ADDRESS? Thanks for all K. Le jeu 26/01/2006 à 21:05, alan walters a écrit : Your config looks a bit odd. You seem to have an old config. pppoe radius serverxxx.218.xxx.18/server secretSeCond46HasH/secret enable/ accounting/ radiusissueips/ /radius remoteipxxx.5.xxx.128/remoteip localip10.xxx.xxx.1/localip modeserver/mode interfaceopt2/interface n_pppoe_units25/n_pppoe_units paporchapchap/paporchap /pppoe Attached is one with radius enabled collecting ips from radius server. I guess yours should look something like this with radius stuff turned off. Also your client is outside of the remoteip range so this is why it can't assisgn -Original Message- From: Kido NOAGBODJI [mailto:[EMAIL PROTECTED] Sent: 26 January 2006 18:40 To: support@pfsense.com Subject: [pfSense Support] Help with PPPoE server Hello I am very new to pfSense but have been interested in it to set up a pppoe server. I manage to install it. I thought it configured it right. When i launch the connection on a Windows machine, it does the authentication right but when it is suppose the Registering on Network popup wome, windows return an error (TCP/IP CP 378), The server did not assign an IP address. Also As i would like to use it in a production environment, how many simultaneous coneection does it support? I allow all traffic to pass thru the pppoe vpn but it still does not work. Here the pppoe of is my config file. . . . pppoe username/ password/ provider/ radius server212.65.64.24/server secretlolooo1/secret accounting/ enable/ /radius remoteip10.10.0.48/remoteip localip10.10.0.1/localip modeserver/mode interfacelan/interface n_pppoe_units24/n_pppoe_units user nametest1/name ip10.0.0.5/ip passwordtest1/password /user /pppoe . . . Please any help will be gratly appreciated - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] build_embedded.sh
/boot/kernel.conf_wrap /boot/device.hints_wrap /etc/ttys_wrap Maybe it is just my developer build but ttys_wrap definitely does not seem to have a releng_1 tag I will check again tonight and try to track it down. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 16 January 2006 17:53 To: support@pfsense.com Subject: Re: [pfSense Support] build_embedded.sh These files are in RELENG_1. Not sure what you mean, Alan. On 1/15/06, Rajkumar S [EMAIL PROTECTED] wrote: alan walters wrote: It seems that the real solution is to add the files in question to the Releng_1 branch. It seems the files discussed are not included in this branch. So do not get recreated on a build Scott promised to look into this after Beta 2 issues are fixed. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] build_embedded.sh
It seems that the real solution is to add the files in question to the Releng_1 branch. It seems the files discussed are not included in this branch. So do not get recreated on a build -Original Message- From: Rajkumar S [mailto:[EMAIL PROTECTED] Sent: 12 January 2006 09:56 To: support@pfsense.com Subject: Re: [pfSense Support] build_embedded.sh alan walters wrote: Seems like all the wrap specific stuff is moved out of /home/pfsense/pfSense when build_embedded.sh is run Use the following script to regenerate them #!/bin/sh # Prepare an for an embedded rebuild . ./pfsense_local.sh rm -rf $CVS_CO_DIR/conf cp $CVS_CO_DIR/boot/device.hints $CVS_CO_DIR/boot/device.hints_wrap cp $CVS_CO_DIR/boot/loader.conf $CVS_CO_DIR/boot/loader.conf_wrap cp $CVS_CO_DIR/etc/ttys $CVS_CO_DIR/etc/ttys_wrap touch $CVS_CO_DIR/boot/label.proto_wrap raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] url aliases
Seems that is is not possible to add url aliases Please entr in the correct format. This would be a top feature for 1.0 release and it looks so close to being done. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ip addresses from radius.
Have tested this any which way but. Please enable it then check /var/etc/mpd/mpd.conf it does not use 0.0.0.0/0 as the ip of the link or add any of the attributes. The same was when the option is unticked. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] url aliases and congrats
Cool good to know when it will be there. Fantastic progress from anyone over the last few weeks lots of little bugs knocked around Congrats for all the hard work. I noticed this in the HEAD as was testing on it. Presently it does not seem to accept a real url http://www.test.com/myaliases.txt or www.test.com/myaliases.txt -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 January 2006 19:12 To: support@pfsense.com Subject: Re: [pfSense Support] url aliases This already exists in HEAD. It will be included in 1.1. On 1/15/06, alan walters [EMAIL PROTECTED] wrote: Seems that is is not possible to add url aliases Please entr in the correct format. This would be a top feature for 1.0 release and it looks so close to being done. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ip addresses from radius.
Perfect. Thanks Works like a charm -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 January 2006 19:29 To: support@pfsense.com Subject: Re: [pfSense Support] ip addresses from radius. Just found the problem and tested it. On 1/15/06, alan walters [EMAIL PROTECTED] wrote: Have tested this any which way but. Please enable it then check /var/etc/mpd/mpd.conf it does not use 0.0.0.0/0 as the ip of the link or add any of the attributes. The same was when the option is unticked. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] developer build
Just wondering how I can stop the cvs from updating before a build. I want to edit the defulat xml file to allow for automated installs of our firewall configurations. Is this possible Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] build_embedded.sh
Seems like all the wrap specific stuff is moved out of /home/pfsense/pfSense when build_embedded.sh is run Then when rsync is run again it does not replace the files that have been moved. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] build_embedded.sh
When running build embedded in the last couple of days it seems that the cvs has deleted all the wrap specific stuff from the local box everything looks right on the iso but all the wrap files are missing from /home/pfsense/pfSense. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] build_embedded.sh
Seems like there are three files effected /boot/kernel.conf_wrap /boot/device.hints_wrap /etc/ttys_wrap Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] themes
It seems on error or when settings are saved there are some bits of the themining that is in the code rather than in the style sheet can someone else confirm this. Would there be plans to clean this up before q release Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] themes
Thanks well its not the end of the world remember there is a life outside of the 'screen' I will make a patch for now. thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 20:46 To: support@pfsense.com Subject: Re: [pfSense Support] themes If I get some time to be able to sit down and really get into the webgui before q release I will fix these things, but at the current time it doesn't seem that I will have any time to do this coming up, my life is kinda hectic right now. -Erik --Original Message-- On 1/11/06, alan walters [EMAIL PROTECTED] wrote: It seems on error or when settings are saved there are some bits of the themining that is in the code rather than in the style sheet can someone else confirm this. That is correct. Would there be plans to clean this up before q release Doubtful. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] LOGGING ISSUE
I Agree with bill good spotting to find the errors. But that is what beta is about. ALPHA new features and development BETA bug fixes and patches -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: 07 January 2006 10:55 To: support@pfsense.com Subject: [pfSense Support] LOGGING ISSUE I have posted this before and got but a hand in the air can't replicate/explain it So, here it is again w/ more background info. I have installed BETA1 with a from scratch config and I get all TCP packets showing up in the formatted log as ESP packets. FORMATTED LOG OUTPUT: Jan 7 05:37:49 WAN 66.79.231.100:22034 24.39.185.78:1026 UDP Jan 7 05:36:52 WAN 24.39.106.226.7984 24.39.185.78.445ESP Jan 7 05:36:49 WAN 24.39.106.226.7984 24.39.185.78.445ESP Jan 7 05:36:30 WAN 24.39.251.195.1618 24.39.185.78.139ESP Jan 7 05:36:27 WAN 24.39.251.195.1618 24.39.185.78.139ESP Jan 7 05:33:27 WAN 24.182.13.124:13100 24.39.185.78:1026 UDP RAW LOG OUTPUT: Jan 7 05:37:49 pf: 57. 064296 rule 31/0(match): block in on fxp1: 66.79.231.100.22034 24.39.185.78.1026: UDP, length 791 Jan 7 05:36:52 pf: 2. 998852 rule 31/0(match): block in on fxp1: 24.39.106.226.7984 24.39.185.78.445: S 225686055:225686055(0) win 64240 mss 1440,nop,nop,sackOK Jan 7 05:36:49 pf: 19. 301636 rule 31/0(match): block in on fxp1: 24.39.106.226.7984 24.39.185.78.445: S 225686055:225686055(0) win 64240 mss 1440,nop,nop,sackOK Jan 7 05:36:30 pf: 2. 924214 rule 31/0(match): block in on fxp1: 24.39.251.195.1618 24.39.185.78.139: S 4104974480:4104974480(0) win 65535 mss 1460,nop,nop,sackOK Jan 7 05:36:27 pf: 179. 471810 rule 31/0(match): block in on fxp1: 24.39.251.195.1618 24.39.185.78.139: S 4104974480:4104974480(0) win 65535 mss 1460,nop,nop,sackOK Jan 7 05:33:27 pf: 198. 370880 rule 31/0(match): block in on fxp1: 24.182.13.124.13100 24.39.185.78.1026: UDP, length 939 Upon closer inspection (Scott) it looks like the TCP packets are being non-reported either UDP or TCP, so it looks like pfS or maybe BSD doesn't know how to classify them ... and thereby stamping ESP on them. Hardware is as follows = WAN MAC Address Prefix 00508B - COMPAQ COMPUTER CO fxp1: Intel 82558 Pro/100 Ethernet port 0xbc00-0xbc1f mem 0xe130-0xe1300fff,0xe100-0xe10f irq 5 at device 9.0 on pci0 miibus1: MII bus on fxp1 inphy1: i82555 10/100 media interface on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: Ethernet address: 00:50:8b:08:28:3d = LAN MAC Address Prefix 0008C7 - compaq computer corporation fxp0: Intel 82558 Pro/100 Ethernet port 0xb800-0xb81f mem 0xe1301000-0xe1301fff,0xe110-0xe11f irq 11 at device 8.0 on pci0 miibus0: MII bus on fxp0 inphy0: i82555 10/100 media interface on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:08:c7:59:26:cd = CPU: AMD Athlon(tm) Processor (751.33-MHz 686-class CPU) Origin = AuthenticAMD Id = 0x642 Stepping = 2 Features=0x183f9ffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,C MOV,PAT,PSE36,MMX,FXSR AMD Features=0xc0440800SYSCALL,b18,MMX+,3DNow+,3DNow Yet another reason I state that pfS is NOT ready for BETA at it's current state. Regards, DLS - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] mertits of recent commit
I have been trying to find out why this ticket has been amended I have seen no ill reports on it and with the addition the initial change I recommended I works fine. http://cvstrac.pfsense.com/chngview?cn=9101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] mertits of recent commit
So correct me if I am wrong. If I update Vpn.inc And the pppoe php files I am testing this with all your changes yes -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 05 January 2006 21:23 To: support@pfsense.com Subject: Re: [pfSense Support] mertits of recent commit If that is the case then I am backing out the changes.. I put them in there for you. On 1/5/06, alan walters [EMAIL PROTECTED] wrote: I did send an update to the ticket that we applied to this 908 I think it was. I have seen no posts on the forums or support lists about it that is why I asked. I will just maintain my own work for a time I think -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 05 January 2006 19:20 To: support@pfsense.com Subject: Re: [pfSense Support] mertits of recent commit No it doesn't work correctly. I got an email from someone that IS NOT using pppoe + IP. At any rate I just commited the changes, I really need you to test or they are being backed out. On 1/5/06, alan walters [EMAIL PROTECTED] wrote: I have been trying to find out why this ticket has been amended I have seen no ill reports on it and with the addition the initial change I recommended I works fine. http://cvstrac.pfsense.com/chngview?cn=9101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] mertits of recent commit
Ok the standard dynamic allocation of addresses from mpd works fine so everyone else is cool that just needs that with radius enabled. But it looks like something is up with the else if statement in vpn.inc for allocating ip's via the radius server. This if statement is being passed over to the else statement which is the dynamic allocation from mpd. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 05 January 2006 23:18 To: support@pfsense.com Subject: Re: [pfSense Support] mertits of recent commit Yeah, that should work On 1/5/06, alan walters [EMAIL PROTECTED] wrote: So correct me if I am wrong. If I update Vpn.inc And the pppoe php files I am testing this with all your changes yes -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 05 January 2006 21:23 To: support@pfsense.com Subject: Re: [pfSense Support] mertits of recent commit If that is the case then I am backing out the changes.. I put them in there for you. On 1/5/06, alan walters [EMAIL PROTECTED] wrote: I did send an update to the ticket that we applied to this 908 I think it was. I have seen no posts on the forums or support lists about it that is why I asked. I will just maintain my own work for a time I think -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 05 January 2006 19:20 To: support@pfsense.com Subject: Re: [pfSense Support] mertits of recent commit No it doesn't work correctly. I got an email from someone that IS NOT using pppoe + IP. At any rate I just commited the changes, I really need you to test or they are being backed out. On 1/5/06, alan walters [EMAIL PROTECTED] wrote: I have been trying to find out why this ticket has been amended I have seen no ill reports on it and with the addition the initial change I recommended I works fine. http://cvstrac.pfsense.com/chngview?cn=9101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] snmp and public community string
I sent a post a short while ago about this can someone please update me if I missed something. It seems that even when u put a personalalised community string in snmp still responds on the public string. I this the way it is meant to act. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pppoe pptp ip addresses allocated by radius server
Yep.
This is confirmed to work.
I was looking at the pppoe configuration in a bit more detail as well.
I configured with a subnet of /25 yet pppoe only seems to make 15
configurations in the mpd.conf. the man page seems to reference that you
don't need to make them all but I was a little uncertain.
Any thoughts on this bit.
Additionally the
Link mtu seems to be set twice in the configuration once as 1500 and
then again at 1492 later on. Maybe just a typo
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Monday, December 19, 2005 12:46 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] pppoe pptp ip addresses allocated by
radius server
After looking at this again you basically this:
set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32
Changed to:
set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0
Is this correct?
On 12/18/05, alan walters [EMAIL PROTECTED] wrote:
Check out ticket 709 in the bug tracker. I have tested it and it is
working great.
I am trying to get some changes committed to support it.
-Original Message-
From: Ben Ruset [mailto:[EMAIL PROTECTED]
Sent: 18 December 2005 14:45
To: support@pfsense.com
Subject: Re: [pfSense Support] pppoe pptp ip addresses allocated by
radius server
Thats how I wanted to do it. I ended up just ditching RADIUS and using
the built in authentication system to hand out IPs to specific people
instead.
alan walters wrote:
Any thoughts on the outline that I have updated in the cvstrac To do
with this?
Would people use pppoe and pptp server with radius allocated IP
addresses
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: 25 November 2005 20:39
To: support@pfsense.com
Subject: Re: [pfSense Support] pppoe implementation of mpd
What do they do, and why are they needed and in what cases.
On 11/25/05, alan walters [EMAIL PROTECTED] wrote:
Is it possible to incorporate these attrubutes into the mpd pppoe
config.
Or am I missing something and it is already there but not worling
for
me.
set radius me $nasip
set ipcp yes radius-ip
-
To unsubscribe, e-mail: [EMAIL PROTECTED] For
additional
commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED] For
additional
commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Ipsec issues update
Title: Ipsec issues update 0.96.4 but it took some fiddling. From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Monday, December 19, 2005 7:18 PM To: support@pfsense.com Subject: RE: [pfSense Support] Ipsec issues update What version are you running that works for you? Thanks John From: alan walters [mailto:[EMAIL PROTECTED] Sent: Sunday, December 18, 2005 6:35 AM To: support@pfsense.com Subject: [pfSense Support] Ipsec issues update Well I have got all my tunnels working again. I found that in the mobile clients section that I needed to change my identifier to a fqdn. Where before it was an ip. Once this was done all my tunnels worked fine again. All sites are on static ip addresses. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph: 00 353 65 7077 036 Fax: 00 353 65 7077 107
RE: [pfSense Support] pppoe pptp ip addresses allocated by radius server
Any thoughts on the outline that I have updated in the cvstrac To do with this? Would people use pppoe and pptp server with radius allocated IP addresses -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 25 November 2005 20:39 To: support@pfsense.com Subject: Re: [pfSense Support] pppoe implementation of mpd What do they do, and why are they needed and in what cases. On 11/25/05, alan walters [EMAIL PROTECTED] wrote: Is it possible to incorporate these attrubutes into the mpd pppoe config. Or am I missing something and it is already there but not worling for me. set radius me $nasip set ipcp yes radius-ip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Pppoe and logging
Title: Pppoe and logging Pppoe server logs seem to show up in the system log. Would it not be better to have these in the ptpp Section or in there own one. Also it would be great if the the auth login logout for pppoe logs where displayed like to pptp logs Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph: 00 353 65 7077 036 Fax: 00 353 65 7077 107
RE: [pfSense Support] pppoe pptp ip addresses allocated by radius server
Check out ticket 709 in the bug tracker. I have tested it and it is working great. I am trying to get some changes committed to support it. -Original Message- From: Ben Ruset [mailto:[EMAIL PROTECTED] Sent: 18 December 2005 14:45 To: support@pfsense.com Subject: Re: [pfSense Support] pppoe pptp ip addresses allocated by radius server Thats how I wanted to do it. I ended up just ditching RADIUS and using the built in authentication system to hand out IPs to specific people instead. alan walters wrote: Any thoughts on the outline that I have updated in the cvstrac To do with this? Would people use pppoe and pptp server with radius allocated IP addresses -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 25 November 2005 20:39 To: support@pfsense.com Subject: Re: [pfSense Support] pppoe implementation of mpd What do they do, and why are they needed and in what cases. On 11/25/05, alan walters [EMAIL PROTECTED] wrote: Is it possible to incorporate these attrubutes into the mpd pppoe config. Or am I missing something and it is already there but not worling for me. set radius me $nasip set ipcp yes radius-ip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ipsec issues
I know I have seen a few reports of ipsec issues recently I can confirm that this problem does seem real to me. Working configuration 0.95.4 tunnel initiator. 0.89 something client 0.94.12 client All worked here As soon as we upgraded a client into 0.95 series ipsec stopped working. Clients are a mix of pc and embedded platform
[pfSense Support] Starting mpd with pppoe from the command line
Title: Starting mpd with pppoe from the command line How can I start mpd for pppoe from the command line I have changed some configurations and want to test them Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph: 00 353 65 7077 036 Fax: 00 353 65 7077 107
[pfSense Support] Ntp server
Title: Ntp server http://cvstrac.pfsense.com/chngview?cn=8356 Are there any plans to addd this to releng branch. Or will it come later. Would be great for hosts on the lan Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph: 00 353 65 7077 036 Fax: 00 353 65 7077 107
RE: [pfSense Support] ipsec issues
yep -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 15:53 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues You simply upgraded and did not reinstall? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: I know I have seen a few reports of ipsec issues recently I can confirm that this problem does seem real to me. Working configuration 0.95.4 tunnel initiator. 0.89 something client 0.94.12 client All worked here As soon as we upgraded a client into 0.95 series ipsec stopped working. Clients are a mix of pc and embedded platform - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec issues
Actually now that you say that the one box that I did reinstall is fine. This is the issue yes -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 15:53 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues You simply upgraded and did not reinstall? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: I know I have seen a few reports of ipsec issues recently I can confirm that this problem does seem real to me. Working configuration 0.95.4 tunnel initiator. 0.89 something client 0.94.12 client All worked here As soon as we upgraded a client into 0.95 series ipsec stopped working. Clients are a mix of pc and embedded platform - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec issues
Well when I flashed a box clean it is ok. The other ones I have not done anything with yet. It Seems a like a bit of extranious problem. I am having trouble locking it down. It looks like the server is not sending back a correct reply for phase two Still not sure though -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 17:40 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Reflasing fixes it!? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: As an additional note on this wraps(embedded) boxes where reflashed The pc versions where upgraded -Original Message- From: alan walters Sent: 15 December 2005 16:13 To: support@pfsense.com Subject: RE: [pfSense Support] ipsec issues Actually now that you say that the one box that I did reinstall is fine. This is the issue yes -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 15:53 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues You simply upgraded and did not reinstall? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: I know I have seen a few reports of ipsec issues recently I can confirm that this problem does seem real to me. Working configuration 0.95.4 tunnel initiator. 0.89 something client 0.94.12 client All worked here As soon as we upgraded a client into 0.95 series ipsec stopped working. Clients are a mix of pc and embedded platform - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec issues
Yep it is listening correctly. The boxes in question can still make tunnels to 0.94.12 boxes Only a problem starting at 0.95.4 I will look again tonight and see if anything else looks Odd. I might try and upgrade my Initiation side to the latest version as well and see if this fixes it. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 17:50 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Can you tell me if racoon is listening on * or on the correct ip? Do a sockstat from the shell prompt. I really don't understand why my firmware upgrades went without a hitch and yours required a reinstall. On 12/15/05, alan walters [EMAIL PROTECTED] wrote: Well when I flashed a box clean it is ok. The other ones I have not done anything with yet. It Seems a like a bit of extranious problem. I am having trouble locking it down. It looks like the server is not sending back a correct reply for phase two Still not sure though -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 17:40 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Reflasing fixes it!? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: As an additional note on this wraps(embedded) boxes where reflashed The pc versions where upgraded -Original Message- From: alan walters Sent: 15 December 2005 16:13 To: support@pfsense.com Subject: RE: [pfSense Support] ipsec issues Actually now that you say that the one box that I did reinstall is fine. This is the issue yes -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 15:53 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues You simply upgraded and did not reinstall? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: I know I have seen a few reports of ipsec issues recently I can confirm that this problem does seem real to me. Working configuration 0.95.4 tunnel initiator. 0.89 something client 0.94.12 client All worked here As soon as we upgraded a client into 0.95 series ipsec stopped working. Clients are a mix of pc and embedded platform - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec issues
uname -a FreeBSD ballyvaughan.radiowave.net 6.0-RC1 FreeBSD 6.0-RC1 #0: Fri Oct 21 16:30:10 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/pfSense.6 i386 Sockstat USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root racoon 658 4 dgram - /var/run/logpriv root racoon 658 7 udp6 fe80:8::1:500 *:* root racoon 658 8 udp6 ::1:500 *:* root racoon 658 9 udp4 127.0.0.1:500 *:* root racoon 658 10 udp6 fe80:7::280:c8ff:fe37:6c9a:500*:* root racoon 658 11 udp4 192.168.168.1:500 *:* root racoon 658 12 udp6 fe80:6::210:60ff:fe02:79c1:500*:* root racoon 658 13 udp4 192.168.1.100:500 *:* root racoon 658 14 udp6 fe80:4::240:f4ff:fe65:3d13:500*:* root racoon 658 15 udp4 10.4.230.1:500*:* root racoon 658 16 udp6 fe80:1::2c0:9fff:fe1e:2df8:500*:* root racoon 658 17 udp4 192.168.50.1:500 *:* Yep it is listening on all interfaces. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 18:12 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Also, on the boxes in question do a uname -a from a shell What is the output? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: Yep it is listening correctly. The boxes in question can still make tunnels to 0.94.12 boxes Only a problem starting at 0.95.4 I will look again tonight and see if anything else looks Odd. I might try and upgrade my Initiation side to the latest version as well and see if this fixes it. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 17:50 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Can you tell me if racoon is listening on * or on the correct ip? Do a sockstat from the shell prompt. I really don't understand why my firmware upgrades went without a hitch and yours required a reinstall. On 12/15/05, alan walters [EMAIL PROTECTED] wrote: Well when I flashed a box clean it is ok. The other ones I have not done anything with yet. It Seems a like a bit of extranious problem. I am having trouble locking it down. It looks like the server is not sending back a correct reply for phase two Still not sure though -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 17:40 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Reflasing fixes it!? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: As an additional note on this wraps(embedded) boxes where reflashed The pc versions where upgraded -Original Message- From: alan walters Sent: 15 December 2005 16:13 To: support@pfsense.com Subject: RE: [pfSense Support] ipsec issues Actually now that you say that the one box that I did reinstall is fine. This is the issue yes -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 15:53 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues You simply upgraded and did not reinstall? On 12/15/05, alan walters [EMAIL PROTECTED] wrote: I know I have seen a few reports of ipsec issues recently I can confirm that this problem does seem real to me. Working configuration 0.95.4 tunnel initiator. 0.89 something client 0.94.12 client All worked here As soon as we upgraded a client into 0.95 series ipsec stopped working. Clients are a mix of pc and embedded platform -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
RE: [pfSense Support] ipsec issues
Funny well at least we are getting to the bottom of it. So reinstall fresh seems to be the answer -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: 15 December 2005 19:44 To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues On Dec 15, 2005, at 1:29 PM, Scott Ullrich wrote: Somethings not correct here. We are well past RC1. inneresting... my 0.96.2 upgraded box also has the same uname -a output. A bunch of modules in /boot/kernel are dated december 11, but the kernel file and a bunch of other modules are dated october 22... OH I see it. We now install /boot/kernel.gz (dated december 11) but the loader is picking up the older uncompressed version. Looks like the upgrade should delete the older kernel... I suspect the right thing to do on upgrade is a similar thing that make installkernel does to move /boot/kernel to /boot/kernel.old and update some sysctl values to tell the system that's the booted kernel. This way /boot/kernel will be exactly the current kernel no more no less. additionally, /usr/bin has some october 22 dated files: yp*, usb*, dig, and host. /usr/libexec has some older files too. Can these outdated files just be deleted? Seems like they are not used at all. On a normal freebsd install I'd just delete any non- updated files like these. The only risk with deleting old libs from /lib or /usr/lib is that some older packages may be linked against older libc's. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ipsec issues
Dec 15 10:25:46 racoon: DEBUG: 15503e09 3081b54d 1820e3e8 3256835b 08100501 9641d697 0044 04909587 3d73d865 12ce65fb 37efe8a3 88e4f114 fcbbd77c 56005075 0623b629 206c7c1b fc84f737 Dec 15 10:25:46 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet. Dec 15 10:25:47 racoon: ERROR: 195.218.118.115 give up to get IPsec-SA due to time up to wait. This is the only snip I could find that looks of interest in the client side log
RE: [pfSense Support] ipsec issues
I agree that even after the kernel there is still an issue here as well. I think that there is a versioning issue with ipsec or something else odd that we cant see. I hope to get time to look at it tomorrow -Original Message- From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Thursday, December 15, 2005 10:39 PM To: support@pfsense.com Subject: RE: [pfSense Support] ipsec issues This is very strange. Gar... it seems like my issue is still different than this other one. Since with my mobile client side I'm running 96.2, and the kernel.gz is dated Dec12. Not sure what else to try but to reflash both boxes. Thanks John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, December 15, 2005 5:26 PM To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Yep, only from 0.95ish + upgrades. On 12/15/05, John Cianfarani [EMAIL PROTECTED] wrote: Is this only required if you upgraded? All my installs were a reflash. Thanks John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, December 15, 2005 2:45 PM To: support@pfsense.com Subject: Re: [pfSense Support] ipsec issues Yep, that's exactly what is going on. Just delete the old kernel file and install the new firmware. In terms of the older files elsewhere, I'd play it safe and not touch them for the time being. If you're really concerned with stale files, a reinstall is the correct answer. Scott On 12/15/05, Vivek Khera [EMAIL PROTECTED] wrote: On Dec 15, 2005, at 1:29 PM, Scott Ullrich wrote: Somethings not correct here. We are well past RC1. inneresting... my 0.96.2 upgraded box also has the same uname -a output. A bunch of modules in /boot/kernel are dated december 11, but the kernel file and a bunch of other modules are dated october 22... OH I see it. We now install /boot/kernel.gz (dated december 11) but the loader is picking up the older uncompressed version. Looks like the upgrade should delete the older kernel... I suspect the right thing to do on upgrade is a similar thing that make installkernel does to move /boot/kernel to /boot/kernel.old and update some sysctl values to tell the system that's the booted kernel. This way /boot/kernel will be exactly the current kernel no more no less. additionally, /usr/bin has some october 22 dated files: yp*, usb*, dig, and host. /usr/libexec has some older files too. Can these outdated files just be deleted? Seems like they are not used at all. On a normal freebsd install I'd just delete any non- updated files like these. The only risk with deleting old libs from /lib or /usr/lib is that some older packages may be linked against older libc's. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Embedded image
Title: Embedded image Seems that the embedded image is in the updates directory. I guess this is just a mistake. Or is this an update
RE: [pfSense Support] DynDns scheduling issues
I can confirm if you are using full updates crontab is being updated. Well it is being replaced on my system. I have some checks that I have to keep reinstalling in there due to changes -Original Message- From: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Sent: 08 December 2005 12:31 To: support@pfsense.com Subject: RE: [pfSense Support] DynDns scheduling issues As far as I know Crontab is one of the files that is not touched during upgrades.. That's why you have to do it manually with update_file.sh. So no you don't have to do it after the upgrade. Ivan. -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 08, 2005 11:16 AM To: support@pfsense.com Subject: RE: [pfSense Support] DynDns scheduling issues Hello again :-) I upgraded to 95.4 Do I have to do the Update_file.sh /etc/crontab and reboot or is it included with the upgrade??? regards Damien --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, Okay it works for me Thank you... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : Update_file.sh /etc/crontab and reboot -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 01, 2005 7:03 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns scheduling issues Hello, I'm using 95.a and I just got my dyndns account banned... sorry I don't have time to put the logs here... I'll do it tomorrow... regards --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, just for the record, here are my system logs from 94.12, if ever... It is not upgrading the adress properly... I'll upgrade to 0.95.a and keep you informed... regards... Damien --- Scott Ullrich [EMAIL PROTECTED] a écrit : Please upgrade to 0.95.a On 11/29/05, Xtian [EMAIL PROTECTED] wrote: Howdy, I'm on .94.12 (fresh install), did the following as well: - update_file.sh /etc/inc/dyndns.class - Remove the cache file in /cf/conf/dyndns.cache (was not there, since new install) - update_file.sh /etc/crontab Dyndns still does bad stuff: Date: Tue, 29 Nov 2005 18:24:16 -0500 (EST) From: DynDNS Support [EMAIL PROTECTED] To: xxx Subject: Hostname Blocked Due To Abuse Dear Valued Customer: The hostname, xxx.dyndns.org, in account xxx, has been blocked for abuse. This action has been taken due to the receipt of multiple updates originating from the same IP address. Please note, updates which result in the IP address associated with a host changing are NOT considered abusive. Only those updates which result in no change to the host are abusive. Please take a moment to review our Update Abuse Policy here: http://www.dyndns.com/support/abuse.html It is vital that you correct the problem which is resulting in these repeated and unnecessary updates. Once you have corrected this problem, you may request the host be unblocked at the following URL: etc. etc. So, I took a look at the crontab for dyndns, and it was thusly: * */20 * **root/usr/bin/nice -n20 /etc/rc.dyndns.update According to cron's manpage: Step values can be used in conjunction with ranges. Following a range with ''/number'' specifies skips of the number's value through the range. For example, ''0-23/2'' can be used in the hours field to specify command execution every other hour (the alternative in the V7 standard is ''0,2,4,6,8,10,12,14,16,18,20,22''). Steps are also per- mitted after an asterisk, so if you want to say ''every two hours'', just use ''*/2''. So, that'd be right bad to say */20 hours, meaning every 20 hours, because typically, ADSL folks keep their connections for 24 hours and then get reset. Well, all of my DSL lines have always done that. Meaning, there's a good chance my IP stays stable for 24 hours, and every 20 hours I send an update to DynDNS. Evidently DynDNS doesn't ever ever want you to send them the same IP, ever. So, it doesn't make much sense to have any kind of regular DynDNS update, certainly not in cron. What should happen is that when your WAN link dies and gets re-established, and pfSense figures out it has a new WAN IP, that it should at that point send DynDNS its new WAN IP. Not at any other time. Well, thats one thing. Then looking at the logs just now before I send
RE: [pfSense Support] DynDns scheduling issues
I have a script in my conf directory that I run's after update now to add back in my edits. But this could break stuff as well. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 08 December 2005 15:03 To: support@pfsense.com Subject: Re: [pfSense Support] DynDns scheduling issues FYI, update_file.sh pulls from HEAD which has some changes that can possibly bite you. As such, until it's modified to pull from RELENG_1, it's been pulled from the RELENG_1 tree. At this time there's no way to delete files during the update process, so be aware that update_file.sh may actually break your box - be prepared to fix it (especially if you do an update_file.sh -all). --Bill On 12/8/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Okay, I'm trying without the Update_file.sh /etc/crontab then... I'll keep you informed... Thanks --- alan walters [EMAIL PROTECTED] a écrit : I can confirm if you are using full updates crontab is being updated. Well it is being replaced on my system. I have some checks that I have to keep reinstalling in there due to changes -Original Message- From: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Sent: 08 December 2005 12:31 To: support@pfsense.com Subject: RE: [pfSense Support] DynDns scheduling issues As far as I know Crontab is one of the files that is not touched during upgrades.. That's why you have to do it manually with update_file.sh. So no you don't have to do it after the upgrade. Ivan. -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 08, 2005 11:16 AM To: support@pfsense.com Subject: RE: [pfSense Support] DynDns scheduling issues Hello again :-) I upgraded to 95.4 Do I have to do the Update_file.sh /etc/crontab and reboot or is it included with the upgrade??? regards Damien --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, Okay it works for me Thank you... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : Update_file.sh /etc/crontab and reboot -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 01, 2005 7:03 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns scheduling issues Hello, I'm using 95.a and I just got my dyndns account banned... sorry I don't have time to put the logs here... I'll do it tomorrow... regards --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, just for the record, here are my system logs from 94.12, if ever... It is not upgrading the adress properly... I'll upgrade to 0.95.a and keep you informed... regards... Damien --- Scott Ullrich [EMAIL PROTECTED] a écrit : Please upgrade to 0.95.a On 11/29/05, Xtian [EMAIL PROTECTED] wrote: Howdy, I'm on .94.12 (fresh install), did the following as well: - update_file.sh /etc/inc/dyndns.class - Remove the cache file in /cf/conf/dyndns.cache (was not there, since new install) - update_file.sh /etc/crontab Dyndns still does bad stuff: Date: Tue, 29 Nov 2005 18:24:16 -0500 (EST) From: DynDNS Support [EMAIL PROTECTED] To: xxx Subject: Hostname Blocked Due To Abuse Dear Valued Customer: The hostname, xxx.dyndns.org, in account xxx, has been blocked for abuse. This action has been taken due to the receipt of multiple updates originating from the same IP address. Please note, updates which result in the IP address associated with a host changing are NOT considered abusive. Only those updates which result in no change to the host are abusive. Please take a moment to review our Update Abuse Policy here: http://www.dyndns.com/support/abuse.html It is vital that you correct the problem which is resulting in these repeated and unnecessary updates. Once you have corrected this problem, you may request the host be unblocked at the following URL: etc. etc. So, I took a look at the crontab for dyndns, and it was thusly: * */20 * **root /usr/bin/nice -n20 /etc/rc.dyndns.update According to cron's manpage: Step values can be used in conjunction with ranges. Following a range with ''/number'' specifies skips of the number's value through the range. For example, ''0-23/2
[pfSense Support] pppoe server and performance
When I connect via pppoe server on LAN I can download at 50 KB/sec when on Lan directly I can download at 200KB/sec This reconciles with my uplink. Can anyone shed some light on this for me please???
[pfSense Support] pftp and ipsec
Just trying to get pftpx working over an ipsec tunnel. Even with all the ftp helpers off it still seems like there is a helper enabled somewhere. Can anyone shed some light on how I can configure the helpers to work correctly. ftp pfsense ipsec tunnel pfsense lan pppoe -server client
[pfSense Support] 0.95a and wrap
Seem to have an issue with disk usage on 0.95a on embedded platform. Disk useage shows itself as 101%
RE: [pfSense Support] pppoe implementation of mpd
thanks -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, November 27, 2005 6:16 PM To: support@pfsense.com Subject: Re: [pfSense Support] pppoe implementation of mpd Alan, Sure, I'll look into it. Can you open a ticket and assign it to me? Scott On 11/27/05, alan walters [EMAIL PROTECTED] wrote: radius-ip When using RADIUS for authentication, enable IP address assignment via RADIUS as well. From the following man page. Do we think we could add this in to the pppoe configuration. Sorry to pester but I did not really get a reply http://www.bretterklieber.com/mpd/doc3/mpd22.html#22 set link latency microseconds set link bandwidth bits-per-second These commands are relevant when multi-link PPP is active. They affect the way in which packets are chopped up into fragments before being sent over the various links that make up the bundle. To motivate the idea, imagine a bundle that had a modem link and a 1.5Mbps T1 link. If mpd sent each packet in two equal sized fragments over these links, then by the time the modem got around to transmitting the first byte of its fragment, the T1 link would have probably already sent the whole other fragment. Clearly this is not very good. By factoring in the latency and bandwidth parameters for each link, mpd can distribute the fragments in a more intelligent way. Mpd attempts to distribute bytes over the links so that (if the configured parameters are accurate) the last byte of each fragment arrives at the peer at the same time on each link. This minimizes latency. However, if you only care about maximizing throughput, simply set all of the latency values to zero. If all of your links are of the same type and speed (which is often the case), then they should be configured with the same values (or just not configured at all, since all links default to the same values anyway). Then mpd will distribute packets in equal sized fragments over the links. set link mtu numbytes set link mru numbytes The set link mtu command sets the maximum transmit unit (MTU) value for the link. This is the size of the largest single PPP frame (minus PPP header) that this link will transmit, unless the peer requests an even lower value. The default value is 1500 bytes. The set link mru command sets maximum receive unit (MRU) value for the link, which is the size of the largest single PPP frame (minus PPP header) that this link is capable of receiving. The default value is 1500 bytes. If PPP multilink is negotiated on a link, then these values are less important, because multilink allows PPP frames themselves to be fragmented, so a PPP frame can always pass through no matter how small the MTU is in a particular direction. Otherwise, mpd is responsible for making sure that the MTU configured on the system networking interface is low enough so that the largest transmitted IP packet does not exceed the peer's negotiated MRU after it becomes a PPP frame. This includes e.g. PPP encryption and/or compression overhead. However, mpd does not account for overhead that occurs ``outside'' of the PPP frame. For example, when using link types such as PPTP that encapsulate PPP frames within IP packets, a large outgoing ``inner'' IP packet can result in a fragmented ``outer'' IP packet, resulting in suboptimal performance. In this situation it may be useful to set the link MTU to a lower value to avoid fragmentation. Additionally I would feelthat for a good pppoe server configuration these should be configurable ideas. As different uplinks will possibly cause bad fragmentation within the pppoe implementation. From: alan walters Sent: Friday, November 25, 2005 8:23 PM To: support@pfsense.com Subject: [pfSense Support] pppoe implementation of mpd Is it possible to incorporate these attrubutes into the mpd pppoe config. Or am I missing something and it is already there but not worling for me. set radius me $nasip set ipcp yes radius-ip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] 0.94.10 Mini-httpd
Seem to be having a continueing problem with this. Mini httpd is running but there is the maximum number of instances running. Even though I can confirm I have only been connected for a few minites. Netstat then shows about 50 connections from my ip to the pfsense box on the https port. Then it is not possible to connect to the box. If I detete all the instances of mini httpd except the first one and wait for a while it becomes accessable again. There are no logs in pflog for states though
RE: [pfSense Support] pppoe implementation of mpd
I am thinking of trying to look at implementing ipfw and dummynet bandwidth controls on pppoe server. Now that we have all the mono ipfw and dummynet code this should be easy. Will also be looking at trying the pf altq implementation patch that seems to be available for mpd -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, November 25, 2005 8:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] pppoe implementation of mpd What do they do, and why are they needed and in what cases. On 11/25/05, alan walters [EMAIL PROTECTED] wrote: Is it possible to incorporate these attrubutes into the mpd pppoe config. Or am I missing something and it is already there but not worling for me. set radius me $nasip set ipcp yes radius-ip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] vlans and traffic shaping 0.94.10
Either your LAN or WAN interface doesn't support ALTQ. The wizard cannot continue. Using sis Ethernet cards and vlans on all interfaces. I had thought that the code was committed to allow vlans with altq. Look forward to hearing wheather this patch should be in pfsense at the moment or not. Regards alan
[pfSense Support] restarting httpd
How can the httpd be restarted from the command line. I attempted to run the php script from the command line but it failed looking for credentials.
RE: [pfSense Support] vlans and traffic shaping 0.94.10
Interesting I think you are using fxp eth cards??? Is that right. Mine are sis cards. That seems to be our only difference. I am testing on wrap platform have tried on four different test boxes with four different images. Using the latest images with fresh installs now and still the same very odd. From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] Sent: 23 November 2005 12:44 To: support@pfsense.com Subject: Re: [pfSense Support] vlans and traffic shaping 0.94.10 At 04:24 AM 11/23/2005, you wrote: Either your LAN or WAN interface doesn't support ALTQ. The wizard cannot continue. Using sis Ethernet cards and vlans on all interfaces. I had thought that the code was committed to allow vlans with altq. Look forward to hearing wheather this patch should be in pfsense at the moment or not. i'll have to let scott comment. i'm using vlans and don't see this. some kind of corrupt file?
RE: [pfSense Support] restarting httpd
I tried that command but it gives some missig tihing I will have to have another look at it -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 23 November 2005 15:37 To: support@pfsense.com Subject: Re: [pfSense Support] restarting httpd Create a developer tag inside the system tag and you'll have a developer menu (and anything else we use that tag for ;-P) which has a restart http option. Of course, this requires that the http daemon is running :) Otherwise, Espen already answered regarding the command that runs (beware of shell expansion). --Bill On 11/23/05, alan walters [EMAIL PROTECTED] wrote: How can the httpd be restarted from the command line. I attempted to run the php script from the command line but it failed looking for credentials. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] vlans and traffic shaping 0.94.10
Cool maybe. It is at the end -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 23 November 2005 15:31 To: support@pfsense.com Subject: Re: [pfSense Support] vlans and traffic shaping 0.94.10 Is this error at the beginning of the wizard, or the end? If the end, it's a known bug that I haven't had time to dig into (and from other reports, it's purely cosmetic - although you may need to resave the normal filter policy and apply to force the shaper rules to load)). --Bill On 11/23/05, alan walters [EMAIL PROTECTED] wrote: Either your LAN or WAN interface doesn't support ALTQ. The wizard cannot continue. Using sis Ethernet cards and vlans on all interfaces. I had thought that the code was committed to allow vlans with altq. Look forward to hearing wheather this patch should be in pfsense at the moment or not. Regards alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] restarting httpd
This is what happens when I try to restart httpd with the below command /usr/local/sbin/mini_httpd: No match. **.cgi: No match. I used this command since I am using https /usr/local/sbin/mini_httpd -S -E /var/etc/cert/pem -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 11:32 AM To: support@pfsense.com Subject: RE: [pfSense Support] restarting httpd Do a ps auxww |grep http and you will se full command line for whatever process (change or remove the grep if you are looking for something else) you are looking to kill /restart (unless you already killed it that is) /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid -lsf From: alan walters [mailto:[EMAIL PROTECTED] Sent: 23. november 2005 12:06 To: support@pfsense.com Subject: [pfSense Support] restarting httpd How can the httpd be restarted from the command line. I attempted to run the php script from the command line but it failed looking for credentials.
RE: [pfSense Support] restarting httpd
Very confused by this. Tried that one as well and I just get the mini_httpd useage. The mini_httpd daemon is now not running but the pid exists If I run with no I get the results mentioned below. I wonder just restart but there is an issue with the restart on the via board I am using. It does not seem to restart clean so this is the method that I need tilli can sort out why the ox does not restart clean What does the NO MATCH mean is this a shell error or something else -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 8:32 PM To: support@pfsense.com Subject: Re: [pfSense Support] restarting httpd Try /usr/local/sbin/mini_httpd -S -E /var/etc/cert/pem -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid Notice the |, thats a pipe in shell-land. On 11/23/05, alan walters [EMAIL PROTECTED] wrote: This is what happens when I try to restart httpd with the below command /usr/local/sbin/mini_httpd: No match. **.cgi: No match. I used this command since I am using https /usr/local/sbin/mini_httpd -S -E /var/etc/cert/pem -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 11:32 AM To: support@pfsense.com Subject: RE: [pfSense Support] restarting httpd Do a ps -auxww |grep http and you will se full command line for whatever process (change or remove the grep if you are looking for something else) you are looking to kill /restart (unless you already killed it that is) /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid -lsf From: alan walters [mailto:[EMAIL PROTECTED] Sent: 23. november 2005 12:06 To: support@pfsense.com Subject: [pfSense Support] restarting httpd How can the httpd be restarted from the command line. I attempted to run the php script from the command line but it failed looking for credentials. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] vlans and traffic shaping 0.94.10
Great I ll try the next release -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 9:42 PM To: support@pfsense.com Subject: Re: [pfSense Support] vlans and traffic shaping 0.94.10 ok, should be fixed now, if what I just fixed was the same bug that bit you ;) --Bill On 11/23/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 11/23/05, alan walters [EMAIL PROTECTED] wrote: Cool maybe. It is at the end Hopefully we'll have that fixed soon. Please open a ticket. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] upgrading wrap to 94.4
Running 94.2 the embedded update looks huge tried installing all the same but gets to 15.83 mb and fails missing or incomplete firmware Anyone else??? 128 mb ram wrap platform 128 mb cf card Memory never goes over 45 percent.
RE: [pfSense Support] upgrading wrap to 94.4
cheers -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, November 20, 2005 9:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] upgrading wrap to 94.4 Fixed. It's making its way to mirrors now. On 11/20/05, Scott Ullrich [EMAIL PROTECTED] wrote: Woops. I'll take a look. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] 0.94.6 wrap
Sorry tried a few different images. Same error. The following input errors were detected: The uploaded image file is not for this platform (wrap).
