upgrade.tgz is a safe bet if you have a full install. upgrade.tgz is used by the BSD Installer to have an easy upgrade path although that may be slated for removal since it can be somewhat confusing.
If you care to spend a few minutes to try a few things, it may be very helpful: Save a copy of /tmp/rules.debug from the version that does not work and downgrade back to 0.84. Send /tmp/rules.debug from both 0.84 and and the version that doesn't work to us so we can inspect it. Thanks! On 10/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > At 02:28 PM 10/3/2005, Scott Ullrich wrote: > >On 10/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > All- > > > > > > Today I upgraded my Wrap .84 to .86 via the Mini-Wrap Upgrade file. > > > > > > My Cisco VPN (software client on my laptop to connect to my office) no > > > longer connects. > > > > > > Logs from the pfsense firewall (forwarded to a server via syslog) show > > > that > > > ISAKMP is being blocked inbound. With PFSense .84, I never had to have a > > > NAT port-forward for UDP/500. > > > > > > ==========snip=========== > > > > > > Oct 3 14:23:09 192.168.0.1 pf: 39. 806905 rule 146/0(match): block in on > > > sis1: 65.215.72.34.500 > 64.142.26.224.500: [|isakmp] > > > > > > ==========snip=========== > > > > > > Even setting up a port-forward for UDP/500 doesn't work. > > > > > > Any ideas? > > > >Very interesting. I looked back through the commits from 0.84 -> 0.86 > >but I honestly don't see anything that altered the rules except for > >aliases. How are you allowing the traffic out (from the LAN > >interface I would guess)? > > My laptop is on the LAN, and I am allowing all outbound traffic. > > I used the upgrade .tgz, is that supported at this time? Or was I jumping > the gun? > > I can try a full install of .86, or go back to a full install of .84. I > have a small Wrap box I have to take apart whenever I do a full install, so > I'll take your best hint at the moment. Anything in particular I can post > here from my rules.debug? > > > > -- > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
