[pfSense] php logging settings broken
I'm getting this problem, only with version 2.2.5 https://redmine.pfsense.org/issues/4520 I had turned up the debug level on some items now I can't get them back to 'Control' Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.2.5 console problem
Hi I've done a factory reset and upgrade to 2.2.5 and having used the console to access the resulting machine I rebooted, I can't talk to the console any more, the network is not yet setup correctly (but moved off default) so I can't get into it at all. If I reboot there is initial output on the console (putty) showing the initial menu, options 1 to 6 but nothing after that How can I undo whatever I've done? or just factory reset Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] carp fails after restore
Hi I'm running 1.2.3 (failed upgrade story to come) following a restore, all carp is not working. If I change an address to proxy-arp it works but I need carp for vpn termination Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
Hi Chris I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think is the same box as your first link, if you can install onto here easily and frequently then it must be me doing something wrong, aaagh Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 23 October 2014 10:17, Chris Bagnall pfse...@lists.minotaur.cc wrote: I'm suffering in my efforts to install 2.1.5 onto my box, so can I change the box? A proven hardware platform, available in the UK with at least 6 physical network ports, I can probably justify buying. Suggestions anyone? We’ve used these: http://linitx.com/product/fx5624-intel-celeronm-600mhz-6-nic-firewallrouter-platform-2xgigalan-4x10100/12508 and these: http://linitx.com/product/fx5625-intel-atom-18ghz-8-nic-firewallrouter-platform-8-intel-gigalan/13468 Pretty frequently with pfSense and not had any problems. Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
I'm trying to do a full install onto HDD, but I never get that far, I have been unable to get the box to boot pfsense from stick or cd so that I can install onto the HDD I did try a CF card, that started to boot but immediatley hung I thought there was a very large restriction in packages using CF compared to HDD, is that not the case (I'm coming from 1.2.3 so this might have changed) Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 23 October 2014 10:32, Chris Bagnall pfse...@lists.minotaur.cc wrote: I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think is the same box as your first link, if you can install onto here easily and frequently then it must be me doing something wrong, aaagh Certainly looks like the same unit. Are you trying to install onto a CF card (those units have a CF slot) or are you trying to do a full install onto an SSD or HDD? Most of ours are done using the embedded install using a CF card, as follows: - download 32-bit embedded image *with* VGA console - use dd on a Linux or Mac system to write it to a suitable CF card (instructions on pfSense wiki) - insert CF card and boot box - configure interfaces from command line in the usual manner In the several dozen we’ve deployed, I don’t think any of them have been more complicated than that. Of the two failures we’ve had in several years, both have been down to a dodgy CF card, not the unit itself. Hope that helps. Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
my aim in using the CF card was to see if there was any functionality I need missing I run a mixed environment but I don't have a unix machine with a CF drive Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 23 October 2014 11:13, Chris Bagnall pfse...@lists.minotaur.cc wrote: I thought there was a very large restriction in packages using CF compared to HDD, is that not the case (I'm coming from 1.2.3 so this might have changed) That may well be true - I must confess I’m of the school of thought that a firewall/router should do firewalling and routing, and not a lot else, so my experience with packages is at best limited :-) I did try a CF card, that started to boot but immediatley hung I’ve had that on occasion - nearly always down to an incorrectly (or incomplete) written CF card. I don’t know what OS environment you’re used to using day-to-day, but in my experience I could never persuade the windows physdiskwrite utility to work reliably on Win7. If you’re not using a *nix machine to write your CF card, I’d strongly suggest doing so if you can. Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] trying to install
Hi Thanks for that link, none of it seems to apply as the box is not booting from the media at all, says there is not a bootable media present Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 21 October 2014 17:02, compdoc comp...@hotrodpc.com wrote: I can boot from usb that has a different disto (centos) Have you had a look at: https://doc.pfsense.org/index.php/Boot_Troubleshooting I've seen some people that have had to set the kern.cam.boot_delay ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfsense h/w
I'm suffering in my efforts to install 2.1.5 onto my box, so can I change the box? A proven hardware platform, available in the UK with at least 6 physical network ports, I can probably justify buying. Suggestions anyone? Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] trying to install
vga/keyboard it goes through the bios boot stuff and just stops or asks me to put a boot media in the drive (its already present) if using disk, just ignores the usb stick the boot process doesn't get far enough to enter that or any setting Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 22 October 2014 15:47, Matt Smith mgsm...@netgate.com wrote: Are you trying to boot using a VGA/keyboard or connected to a serial port? Do you see anything happening on the console? Or nothing at all? As someone mentioned previously, kern.cam.boot_delay needs to be set to a higher value when booting over USB. If you use a memstick image instead of the LiveCD, this is set automatically. On Oct 22, 2014, at 9:10 AM, Nick Upson n...@telensa.com wrote: well the filename is pfSense-LiveCD-2.1.5-RELEASE-i386-20140825-0744.iso so I don't think thats the problem Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 22 October 2014 14:55, Ryan Coleman ryan.cole...@cwis.biz wrote: Stupid question time: You're not trying to put a 64-bit installer into a 32-bit system, are you? That error was common when I didn't pay attention to my CPU type and had a mix of 32- and 64-bit machines. On 10/22/2014 6:14 AM, Nick Upson wrote: Hi Thanks for that link, none of it seems to apply as the box is not booting from the media at all, says there is not a bootable media present Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252 %2B44%20%280%29%201799%20533252, support hotline +44 (0) 1799 399200 %2B44%20%280%29%201799%20399200 On 21 October 2014 17:02, compdoc comp...@hotrodpc.com wrote: I can boot from usb that has a different disto (centos) Have you had a look at: https://doc.pfsense.org/index.php/Boot_Troubleshooting I've seen some people that have had to set the kern.cam.boot_delay ___ List mailing listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
thanks for the suggestion but The web page at *http://onset.eu/ http://onset.eu/* might be temporarily down or it may have moved permanently to a new web address. Error code: ERR_NAME_RESOLUTION_FAILED Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 22 October 2014 16:06, Jim Thompson j...@smallworks.com wrote: Talk to onset.eu. -- Jim On Oct 22, 2014, at 9:32 AM, Nick Upson n...@telensa.com wrote: I'm suffering in my efforts to install 2.1.5 onto my box, so can I change the box? A proven hardware platform, available in the UK with at least 6 physical network ports, I can probably justify buying. Suggestions anyone? Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
I'm asking for suggestions that fit those criteria, except for the pfsense-proven my present box fits it Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 22 October 2014 16:50, compdoc comp...@hotrodpc.com wrote: A proven hardware platform, available in the UK with at least 6 physical network ports, I can probably justify buying Not much info. Got an url for that? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] trying to install
I've been trying to install 2.1.5 into a http://www.mini-itx.com/store/~FX5624 using the instructions here https://doc.pfsense.org/index.php/Installing_pfSense#pfSense_Installation_and_Configuration I want to use the LiveCD so I can install onto a harddrive in the box, enabling me to add a wider choice of add-on packages, so I understand. I've tried several ways to write the .iso to disk (different software, drive, disks) or stick but they won't boot (tried usb-attached dvd, sata-attached dvd, different cables disks) and stick. I wrote the nano version to a flash card which gets to: Loading /boot/defaults/load.conf / and sits there I had 1.2.3 running ok here before, has the software changed such that I won't run on this box? Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] trying to install
I can boot from usb that has a different disto (centos) yes I'm burning the iso not copying it I've had it boot centos from a dvd using a sata-dvd drive Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 21 October 2014 16:45, compdoc comp...@hotrodpc.com wrote: I've been trying to install 2.1.5 into a http://www.mini-itx.com/store/~FX5624 The specs look ok. I would think it supports most 'nix distros. Unfortunately, that website doesn’t say if it supports booting from USB. Does the manual say it can? I've tried several ways to write the .iso to disk I like to be sure about what people are saying. You're not trying to copy the iso file onto a cd or disk? You're using burning software, right? Can you boot your FX5624 with other live cd's, like Ubuntu or freebsd, etc? Or maybe try booting memtest86. That’s small and boots quickly, and it's always good to test the ram. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] upgrade from 1.2.3
Thanks for the input everyone, you confirmed my thoughts. I'll build a 2.x system on replacment hardware, manually copy the config (unless I can restore from the original ?) and swop them over Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 7 October 2014 20:29, Chris Buechler c...@pfsense.com wrote: On Tue, Oct 7, 2014 at 9:54 AM, Nenhum_de_Nos math...@eternamente.info wrote: I have 2.0.3 amd64, is it safe to upgrade to 2.1.5 ? In the case above, should him first upgrade to 2.0.x, then to a newer version ? You're better off going straight from 1.x to 2.1.5 than stopping at any point in between if you're going to upgrade in place. On Tue, Oct 7, 2014 at 9:25 AM, Jim Thompson j...@netgate.com wrote: We've seen a lot of instances where the hw has run for years, but has developed silent, undiagnosed issues (bad blocks, mostly). The upgrade doesn't cause a failure, but it gets blamed. Yeah that's old enough it's likely to run into that type of upgrade issue, where a reboot would have done the same. Given the age of the hardware, it'd be prudent to restore the 1.2.3 config to a new system with 2.1.5, and swap the hardware to upgrade. Don't power off the old system until you're confident in the new, just unplug its NICs, which should make it as safe as possible to switch back. While it might work, I'm absolutely certain we've never tested upgrading from 1.2.3 to 2.1.5. It's definitely not well tested. I've done at least a handful of 1.2.3 to 2.1x upgrades, though none to 2.1.5 it should be the same in that regard. If it's not a complex system, which anything still running 1.x at this point almost certainly isn't, it should work. For risk reduction, I probably wouldn't upgrade anything 5+ years old in place, for hardware reliability reasons. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] VIP,MAC Arp
Hi I'll try to make this as short as possible without leaving important information I've been running a pfsense 1.2 box for several years, all is fine. I now need to have an additional WAN connection which will be made up of 3 adsl lines bonded by a firebrick. From the POV of the pfsense its just a very good adsl connection. We have a new /27 range to go with this new installation and here is the problem, external ping/connectivity to the new IPs doesn't work except one the .225 address, it seems the firebrick requires ARP in order to route them. I have setup several different Virtual IPs (tried different types, individually and as a range) and they don't work, the firebrick ARP table only contains the .255 with a MAC address, the rest don't have one and so are not used (I'm told). How can I configure the VIP's so that they will all have a pseudo-MAC and hence work. Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] ipsec tunnel closes
I'm running 1.2.3 I have an IPsec tunnel to another site, which closes unless there is traffic I want it up 24/7 so I put a remote IP in the keep alive, automatically ping host section of the setup. It still behaves the same way. Is this to be expected (known bug or something) or have I done something wrong? Nick Upson ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] ipsec tunnel closes
Nick Upson On 19 December 2011 14:55, Jochem de Waal joc...@caresoft.nl wrote: ** ** ** ** I'm running 1.2.3 I have an IPsec tunnel to another site, which closes unless there is traffic I want it up 24/7 so I put a remote IP in the keep alive, automatically ping host section of the setup. It still behaves the same way. Is this to be expected (known bug or something) or have I done something wrong? Nick Upson ** ** *Van:* list-boun...@lists.pfsense.org [mailto: list-boun...@lists.pfsense.org] *Namens *Nick Upson *Verzonden:* maandag 19 december 2011 15:49 *Aan:* pfSense support and discussion *Onderwerp:* [pfSense] ipsec tunnel closes ** ** Hi Nick, ** ** We have many IPSEC tunnels to our customers using pfSense 1.2.3 and also on 2.0 without any problems. What could be the problem in your case is the lifetime of phase 1 and 2*** * Try setting phase 1 to 28800 and phase 2 to 3600. This should be the same on both sides. ** ** Cheers, Jochem ** ** ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi, my settings are the other way round, I'm not sure about the other end ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] ipsec tunnel closes
Nick Upson On 19 December 2011 15:00, Ian Bowers iggd...@gmail.com wrote: On Mon, Dec 19, 2011 at 9:49 AM, Nick Upson n...@telensa.com wrote: I'm running 1.2.3 I have an IPsec tunnel to another site, which closes unless there is traffic I want it up 24/7 so I put a remote IP in the keep alive, automatically ping host section of the setup. It still behaves the same way. Is this to be expected (known bug or something) or have I done something wrong? Nick Upson ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Please post your encryption domain (which networks are encrypted on both sides) and which IP you are pinging. Also, what type of device does the VPN terminate on the other end? I have a couple ideas ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list local subnet 10.0.0.0/8 remote subnet 192.168.118.0/24 ping 192.168.118.6 no idea what device is on the other end, sorry ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] redirect outgoing
On 23 September 2011 13:46, Jesse Vollmar vollm...@gmail.com wrote: On Fri, Sep 23, 2011 at 8:40 AM, Nick Upson n...@telensa.com wrote: On 22 September 2011 16:41, Jesse Vollmar vollm...@gmail.com wrote: On Thu, Sep 22, 2011 at 11:00 AM, Nick Upson n...@telensa.com wrote: Hi, I must be missing something, all I want is: all outgoing traffic to 192.168.x.y goes out WAN2 except 192.168.111.x 192.168.112.x which goes out the IPSEC interface (which is attached to WAN1) tracert from my desktop actually show this correctly as WAN2 with my present setup but visit anywhere that shows the IP I'm coming from and its WAN1 using 1.2.3 There needs to be a firewall rule that specifies the gateway you want to send the traffic out. I've currently put one in place that specifies the source must be my PC address (to avoid affecting others). If I go to http://www.whatismyip.com/ or similiar it tells me the wrong IP, tracerte on my PC (win7) tells me it went out the correct IP, I'm confused -- Nick Upson ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Sounds like it still isn't going out the correct gateway. Can you post the IP of the computer you are testing from and the firewall rule that is supposed to send packets out the correct gateway? my IP is 10.0.0.108, the rule is 'any' everywhere except source (my IP) and gateway (the IP address I want it to go out of) logging is enabled and says that this rule is used for my outgoing traffic -- Nick Upson ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] redirect outgoing
On 23 September 2011 13:53, Nick Upson n...@telensa.com wrote: On 23 September 2011 13:46, Jesse Vollmar vollm...@gmail.com wrote: On Fri, Sep 23, 2011 at 8:40 AM, Nick Upson n...@telensa.com wrote: On 22 September 2011 16:41, Jesse Vollmar vollm...@gmail.com wrote: On Thu, Sep 22, 2011 at 11:00 AM, Nick Upson n...@telensa.com wrote: Hi, I must be missing something, all I want is: all outgoing traffic to 192.168.x.y goes out WAN2 except 192.168.111.x 192.168.112.x which goes out the IPSEC interface (which is attached to WAN1) tracert from my desktop actually show this correctly as WAN2 with my present setup but visit anywhere that shows the IP I'm coming from and its WAN1 using 1.2.3 There needs to be a firewall rule that specifies the gateway you want to send the traffic out. I've currently put one in place that specifies the source must be my PC address (to avoid affecting others). If I go to http://www.whatismyip.com/ or similiar it tells me the wrong IP, tracerte on my PC (win7) tells me it went out the correct IP, I'm confused -- Nick Upson ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Sounds like it still isn't going out the correct gateway. Can you post the IP of the computer you are testing from and the firewall rule that is supposed to send packets out the correct gateway? my IP is 10.0.0.108, the rule is 'any' everywhere except source (my IP) and gateway (the IP address I want it to go out of) logging is enabled and says that this rule is used for my outgoing traffic ok now I'm REALLY confused, http://www.whatismyip.com/ now reports the correct address, and I hadn't changed anything since the last time I looked -- Nick Upson ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list