Re: [pfSense] iphone roaming client stopped routing
On Wed, Jul 1, 2015 at 12:25 PM, Vick Khera vi...@khera.org wrote: With pfSense 2.2.3, the iPhone connects to the pfSense firewall to negotiate the VPN. The status seems to be normal and as far as I can tell all the IPSec bits are in order. Nothing unexpected in the logs. SAD and SPD look fine to me. For the list archives: there is a bug in 2.2.3 using AES-256 encryption with hardware accelerated crypto via AES-NI kernel module. Disabling the latter (and rebooting) solves the problem. 2.2.4 will fix this, hopefully soon. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Issues with 2.2.x and Alix devices
Hello, I had no success restoring 2.2.x (2.2.2 or 2.2.3) proper installers or updaters to 2 different Alix devices. 2.1.5 is installing fine, and then update works OK. I haven’t tested yet the devices with serial cables to see where they stop. Anyone faced this? Best regards Kostas ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Issues with IPsec and 2.2.3
Ahh good to know - that would explain the other thing I was experiencing but decided no to pursue right away. On Jul 6, 2015, at 9:49 AM, Vick Khera vi...@khera.org wrote: On Sun, Jul 5, 2015 at 12:03 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to negotiate on a previously-functioning IPsec configuration. Only change I can determine right now is the updated OS of the firewall to CURRENT. I had the issue with iPhone IPSec connection not routing any packets, but negotiating properly otherwise. It turns out there is a bug in 2.2.3 with respect to using AES-256 encryption and having the AES-NI hardware acceleration enabled. Release 2.2.4 expected soon will fix this. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Lightsquid
Has anyone else notice lightsquid no longer updates according to schedule since update to 2.2.3? If i click refresh now all is well but it doesn't follow the configuration of hourly. I've tried 10 minites, 20, 30 as well. Only manual updates are working. Brian Caouette(207) 212-6560 Visit my websites:www.djbrianc.uswww.proprintmaine.comwww.realtruth.biz and Michelle's:www.msphotographymaine.comwww.ltaphoto.com ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Upgrade 2.2.2-2.2.3 and OpenVPN Client Export Utility
On Fri, Jul 3, 2015 at 3:16 AM, Микаел Бак mikael@yandex.ru wrote: Hi list, I run pfsense nanobsd (1g) on an old PC Engines ALIX board with 256MB RAM. After upgrading to v2.2.3 my only installed package OpenVPN Client Export Utility and its dependencies disappeared. I tried to reinstall it, but no success. From the syslog: kernel: tar: Error opening archive: Failed to open '/usr/local/pkg/openvpn-client-export-2.3.6.tgz' php: rc.bootup: Successfully installed package: OpenVPN Client Export Utility. php: rc.bootup: Finished installing package OpenVPN Client Export Utility [snip] php: rc.bootup: Finished reinstalling all packages. php-fpm[83412]: /pkg_mgr_install.php: Beginning package installation for OpenVPN Client Export Utility . [snip] php-fpm[83412]: /pkg_mgr_install.php: Failed to install package: OpenVPN Client Export Utility. What's logged in the snipped part? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] FTP issues on 1:1
Using 1:1 has turned most of my knowledge in pfSense completely useless. I feel like a beginner again. FTP worked on port 21. But for security reasons I do not want it there so I moved it to port 9000. ProFTPd is set up for Masquerading on its 1:1 IP, passive ports are dictated in the conf (49500-52500) and configured as such in the Firewall Rules. Firewall Rules also have port 8999-9001 open for the FTP server. FTP works internal to the network so the issue isn’t in the configuration of ftp server but in the configuration of the firewall. Thoughts? — Ryan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] FTP issues on 1:1
On 7/6/2015 7:59 PM, Ryan Coleman wrote: Using 1:1 has turned most of my knowledge in pfSense completely useless. I feel like a beginner again. FTP worked on port 21. But for security reasons I do not want it there so I moved it to port 9000. ProFTPd is set up for Masquerading on its 1:1 IP, passive ports are dictated in the conf (49500-52500) and configured as such in the Firewall Rules. Firewall Rules also have port 8999-9001 open for the FTP server. FTP works internal to the network so the issue isn’t in the configuration of ftp server but in the configuration of the firewall. Seems the actual question/problem statement is missing. What exactly isn't working? Did you actually change the binding port in ProFTPd or did you redirect 21 to 9000 with a port forward? If you mix 1:1 NAT and port forwards you will find a couple things you may not expect due to the way pf works and how NAT happens before firewall rules: 1. Port forwards override 1:1 NAT, which is good for doing what you want -but- 2. If you forward a different port (e.g. 9000 to 21) your rule still passes to the local IP on port 21 so BOTH ports are actually accessible. In other words, you can't relocate a port and block access to the original port. Changing the binding in ProFTPd to 9000 should work around that. If that's what you did, then your rule would pass to the local IP on port 9000. If that doesn't help, give us a bit more detail about the exact NAT and firewall rules you have and what isn't working as expected. Include firewall logs, states for the test connections, and perhaps a packet capture. Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Issues with IPsec and 2.2.3
On Sun, Jul 5, 2015 at 12:03 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to negotiate on a previously-functioning IPsec configuration. Only change I can determine right now is the updated OS of the firewall to CURRENT. I had the issue with iPhone IPSec connection not routing any packets, but negotiating properly otherwise. It turns out there is a bug in 2.2.3 with respect to using AES-256 encryption and having the AES-NI hardware acceleration enabled. Release 2.2.4 expected soon will fix this. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold