OK, this is now fixed in CVS. Expect this fix in the next release. --Bill
On 10/3/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > upgrade.tgz is a safe bet if you have a full install. upgrade.tgz is > used by the BSD Installer to have an easy upgrade path although that > may be slated for removal since it can be somewhat confusing. > > If you care to spend a few minutes to try a few things, it may be very > helpful: > > Save a copy of /tmp/rules.debug from the version that does not work > and downgrade back to 0.84. Send /tmp/rules.debug from both 0.84 and > and the version that doesn't work to us so we can inspect it. > > Thanks! > > On 10/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > At 02:28 PM 10/3/2005, Scott Ullrich wrote: > > >On 10/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > All- > > > > > > > > Today I upgraded my Wrap .84 to .86 via the Mini-Wrap Upgrade file. > > > > > > > > My Cisco VPN (software client on my laptop to connect to my office) no > > > > longer connects. > > > > > > > > Logs from the pfsense firewall (forwarded to a server via syslog) show > > > > that > > > > ISAKMP is being blocked inbound. With PFSense .84, I never had to have a > > > > NAT port-forward for UDP/500. > > > > > > > > ==========snip=========== > > > > > > > > Oct 3 14:23:09 192.168.0.1 pf: 39. 806905 rule 146/0(match): block in > > > > on > > > > sis1: 65.215.72.34.500 > 64.142.26.224.500: [|isakmp] > > > > > > > > ==========snip=========== > > > > > > > > Even setting up a port-forward for UDP/500 doesn't work. > > > > > > > > Any ideas? > > > > > >Very interesting. I looked back through the commits from 0.84 -> 0.86 > > >but I honestly don't see anything that altered the rules except for > > >aliases. How are you allowing the traffic out (from the LAN > > >interface I would guess)? > > > > My laptop is on the LAN, and I am allowing all outbound traffic. > > > > I used the upgrade .tgz, is that supported at this time? Or was I jumping > > the gun? > > > > I can try a full install of .86, or go back to a full install of .84. I > > have a small Wrap box I have to take apart whenever I do a full install, so > > I'll take your best hint at the moment. Anything in particular I can post > > here from my rules.debug? > > > > > > > > -- > > [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
