[pfSense Support] Openvpn routering problem
hello, We upgraded our PFsense Machine from Beta 4 (built on Mon May 8 22:37:25 UTC 2006)to 1.0-RC1 (built on Mon May 8 22:37:25 UTC 2006)(cvs update)In Beta 4 our OPENVPN was working perfectly, but in 1.0RC1 we are getting some strange errors with the OPENVPN routing command (see below)? /var/etc/openvpn_server0.conf (this rules worked perfectin Beta 4) push "route 192.168.0.0 255.255.255.0"push "route 10.8.0.0 255.255.255.0"route 192.168.0.0 255.255.255.0route 10.8.0.0 255.255.255.0 system log (why not in openvpn-log?) Jun 9 07:08:25 openvpn[1986]: Initialization Sequence Completed Jun 9 07:08:25 openvpn[1986]: Initialization Sequence Completed Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link remote: [undef] Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link remote: [undef] Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link local (bound): [undef]:1194 Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link local (bound): [undef]:1194 Jun 9 07:08:25 openvpn[1986]: Listening for incoming TCP connection on [undef]:1194 Jun 9 07:08:25 openvpn[1986]: Listening for incoming TCP connection on [undef]:1194 Jun 9 07:08:25 openvpn[1986]: UID set to nobody Jun 9 07:08:25 openvpn[1986]: UID set to nobody Jun 9 07:08:25 openvpn[1986]: GID set to nobody Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1986]: GID set to nobody Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Jun 9 07:08:25 openvpn[1977]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Jun 9 07:08:25 openvpn[1977]: TUN/TAP device /dev/tun0 opened Jun 9 07:08:25 openvpn[1977]: TUN/TAP device /dev/tun0 opened
Re: [pfSense Support] Adding a user on Beta 4
/etc/master.passwd See manual page of pwd_mkdb for more instruction - Original Message - From: bablam [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, June 09, 2006 5:14 AM Subject: [pfSense Support] Adding a user on Beta 4 Good evening all, I have successfully installed openbgp on my beta4 pfsense. I am, however, having a bear of a time creating the bgpd user. I am used to have the standard comand line admin tools for adding and removing users. I have added the appropriate lines to the /etc/master.passwd and /etc/passwd. I have no idea if I must or how to modify the /etc/master.passwd.db, /etc/pwd.db or /etc/spwd.db. Anyone run across this? Any feedback would rock. Thanks. Wade B -- Wade B - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Openvpn routering problem
Halloa Henk, Toch een paar opmerkingen: ik zou dit soort mailtjes niet meer versturen vanaf een KP emailaccount, vergeet niet dat deze dingen in google terechtkomen ik zou wat meer poort- en IP-informatie weg-x'sen. Wat denk jij hiervan? Groeten, Patrick Henk van Kester schreef: hello, We upgraded our PFsense Machine from Beta 4 (built on Mon May 8 22:37:25 UTC 2006) to 1.0-RC1 (built on Mon May 8 22:37:25 UTC 2006)(cvs update)In Beta 4 our OPENVPN was working perfectly, but in 1.0RC1 we are getting some strange errors with the OPENVPN routing command (see below)? /var/etc/openvpn_server0.conf (this rules worked perfectin Beta 4) push "route 192.168.0.0 255.255.255.0" push "route 10.8.0.0 255.255.255.0" route 192.168.0.0 255.255.255.0 route 10.8.0.0 255.255.255.0 system log (why not in openvpn-log?) Jun 9 07:08:25 openvpn[1986]: Initialization Sequence Completed Jun 9 07:08:25 openvpn[1986]: Initialization Sequence Completed Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link remote: [undef] Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link remote: [undef] Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link local (bound): [undef]:1194 Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link local (bound): [undef]:1194 Jun 9 07:08:25 openvpn[1986]: Listening for incoming TCP connection on [undef]:1194 Jun 9 07:08:25 openvpn[1986]: Listening for incoming TCP connection on [undef]:1194 Jun 9 07:08:25 openvpn[1986]: UID set to nobody Jun 9 07:08:25 openvpn[1986]: UID set to nobody Jun 9 07:08:25 openvpn[1986]: GID set to nobody Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1986]: GID set to nobody Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Jun 9 07:08:25 openvpn[1977]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Jun 9 07:08:25 openvpn[1977]: TUN/TAP device /dev/tun0 opened Jun 9 07:08:25 openvpn[1977]: TUN/TAP device /dev/tun0 opened - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Adding a user on Beta 4
I have looked at the man page and so far am having a hard time adding the user, I am looking at http://netbsd.gw.com/cgi-bin/man-cgi?pwd_mkdb+8+NetBSD-current http://netbsd.gw.com/cgi-bin/man-cgi?db+3+NetBSD-current. The comands I am trying to run are; pwd_mkdb -s 4 -u _bgpd -B /etc/spwd.db pwd_mkdb: line #1 too long pwd_mkdb: /etc/spwd.db: Inappropriate file type or format # pwd_mkdb -s 4 -u _bgpd -L usage: pwd_mkdb [-BCiLNp] [-d directory] [-s cachesize] [-u username] file # pwd_mkdb -s 4 -u _bgpd -L /etc/pwd.db pwd_mkdb: line #1 too long pwd_mkdb: /etc/pwd.db: Inappropriate file type or format # # pwd_mkdb -s 4 -u _bgpd -L /etc/master.passwd pwd_mkdb: corrupted entry pwd_mkdb: at line #27 pwd_mkdb: /etc/master.passwd: Inappropriate file type or format Not sure what I am doing wrong. -W On 6/9/06, Cimino Vittorio [EMAIL PROTECTED] wrote: /etc/master.passwd See manual page of pwd_mkdb for more instruction - Original Message - From: bablam [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, June 09, 2006 5:14 AM Subject: [pfSense Support] Adding a user on Beta 4 Good evening all, I have successfully installed openbgp on my beta4 pfsense. I am, however, having a bear of a time creating the bgpd user. I am used to have the standard comand line admin tools for adding and removing users. I have added the appropriate lines to the /etc/master.passwd and /etc/passwd. I have no idea if I must or how to modify the /etc/master.passwd.db, /etc/pwd.db or /etc/spwd.db. Anyone run across this? Any feedback would rock. Thanks. Wade B -- Wade B - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Wade B Integrity is more important than perception management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD Graphs
thanks.On 6/8/06, Fuchs, Martin [EMAIL PROTECTED] wrote: Hi ! go to diagnostics in the web-gui go to diagnostics - execute and remove the file /var/db/rrd/wan-queues.rrd [shell command: rm /var/db/rrd/wan-queues.rrd] after that enable rrd-logging again: [php execute: enable_rrd_graphing();] that should fix it... Martin Von: Ash VarmaGesendet: Do 08.06.2006 11:16An: pfSense Support ListBetreff: [pfSense Support] RRD Graphs VERSION:RELENG_1-SNAPSHOT-05-05-2006 built on Sat May 6 17:49:26 UTC 2006UPTIME:4 days, 16:47The RRD Graphs on my firewall have stopped displaying.Displayed fine when rebooted after the upgrade about 4 days ago.. Stopped about 2 days ago.. no graphs.. What can I do to disagnose and fix this.Thanks-- Ash Varma [EMAIL PROTECTED][EMAIL PROTECTED]The browser you can trust! Get Firefox and rediscover the web! http://www.getfirefox.com/ -- Ash Varma[EMAIL PROTECTED][EMAIL PROTECTED]The browser you can trust! Get Firefox and rediscover the web! http://www.getfirefox.com/
Re: [pfSense Support] Adding a user on Beta 4
bablam escribió: I have looked at the man page and so far am having a hard time adding the user, I am looking at http://netbsd.gw.com/cgi-bin/man-cgi?pwd_mkdb+8+NetBSD-current http://netbsd.gw.com/cgi-bin/man-cgi?db+3+NetBSD-current. The comands Wait! Don't use the NetBSD man page, use the FreeBSD manpage, www.freebsd.org/cgi/man.cgi Bye. -- Linux is for people who hate Windows, BSD is for people who love UNIX Social Engineer - Because there is no patch for human stupidity - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Adding a user on Beta 4
From console open shell (key number 8), try this: pw add user bgpd try... - Original Message - From: bablam [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, June 09, 2006 12:22 PM Subject: Re: [pfSense Support] Adding a user on Beta 4 I have looked at the man page and so far am having a hard time adding the user, I am looking at http://netbsd.gw.com/cgi-bin/man-cgi?pwd_mkdb+8+NetBSD-current http://netbsd.gw.com/cgi-bin/man-cgi?db+3+NetBSD-current. The comands I am trying to run are; pwd_mkdb -s 4 -u _bgpd -B /etc/spwd.db pwd_mkdb: line #1 too long pwd_mkdb: /etc/spwd.db: Inappropriate file type or format # pwd_mkdb -s 4 -u _bgpd -L usage: pwd_mkdb [-BCiLNp] [-d directory] [-s cachesize] [-u username] file # pwd_mkdb -s 4 -u _bgpd -L /etc/pwd.db pwd_mkdb: line #1 too long pwd_mkdb: /etc/pwd.db: Inappropriate file type or format # # pwd_mkdb -s 4 -u _bgpd -L /etc/master.passwd pwd_mkdb: corrupted entry pwd_mkdb: at line #27 pwd_mkdb: /etc/master.passwd: Inappropriate file type or format Not sure what I am doing wrong. -W On 6/9/06, Cimino Vittorio [EMAIL PROTECTED] wrote: /etc/master.passwd See manual page of pwd_mkdb for more instruction - Original Message - From: bablam [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, June 09, 2006 5:14 AM Subject: [pfSense Support] Adding a user on Beta 4 Good evening all, I have successfully installed openbgp on my beta4 pfsense. I am, however, having a bear of a time creating the bgpd user. I am used to have the standard comand line admin tools for adding and removing users. I have added the appropriate lines to the /etc/master.passwd and /etc/passwd. I have no idea if I must or how to modify the /etc/master.passwd.db, /etc/pwd.db or /etc/spwd.db. Anyone run across this? Any feedback would rock. Thanks. Wade B -- Wade B - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Wade B Integrity is more important than perception management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfsense beta-4 multiple ipsec clients from lan to wan
Hello all, We have setup one pfsense firewall, which have 2 wans, 3 dmzs and a lan. I have enabled ipsec and mobile clients on the firewall, and that works swell. I have not enabled advanced outbound nat, and the ipsec passthrough option is enabled. The problem is, that we have 3 computers behind the firewall which each have a software vpn client installed. When they try to connect to a remote vpn concentrator, the first computer will get through, but all the others will just wait to connect. I have made some tcpdumping on the different interfaces, and it seems that when the second computer tries to make a vpn connection, the firewall will leak the private IP address of the second computer onto the wan. But the first computer, will just go through fine and make a connection to the remote vpn concentrator. I have been using OpenBSD and pf before with the exactly same setup, with no trouble at all. So I was wondering what could be wrong, anyone with some ideas? Venlig hilsen Bo Rising Rasmussen sikkerheds konsulent / CISSP / MCP [EMAIL PROTECTED] cadesign rosensgade 26 8000 århus c tlf+45 8730 fax +45 8620 5484 dir +45 8620 5492 www.cadesign.dk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense beta-4 multiple ipsec clients from lan to wan
You'll need a rule for the remote networks that bypasses the load balance rule and just uses the default gateway. The way we have load balancing working with multiple wans bypasses the kernel routing table. --Bill On 6/9/06, Bo Rasmussen [EMAIL PROTECTED] wrote: Hello all, We have setup one pfsense firewall, which have 2 wans, 3 dmzs and a lan. I have enabled ipsec and mobile clients on the firewall, and that works swell. I have not enabled advanced outbound nat, and the ipsec passthrough option is enabled. The problem is, that we have 3 computers behind the firewall which each have a software vpn client installed. When they try to connect to a remote vpn concentrator, the first computer will get through, but all the others will just wait to connect. I have made some tcpdumping on the different interfaces, and it seems that when the second computer tries to make a vpn connection, the firewall will leak the private IP address of the second computer onto the wan. But the first computer, will just go through fine and make a connection to the remote vpn concentrator. I have been using OpenBSD and pf before with the exactly same setup, with no trouble at all. So I was wondering what could be wrong, anyone with some ideas? Venlig hilsen Bo Rising Rasmussen sikkerheds konsulent / CISSP / MCP [EMAIL PROTECTED] cadesign rosensgade 26 8000 århus c tlf+45 8730 fax +45 8620 5484 dir +45 8620 5492 www.cadesign.dk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Adding a user on Beta 4
pw add user bgpd worked as soon as I removed my manual enteries in /etc/passwd and /etc/master.passwd. Thanks everyone. -W On 6/9/06, Cimino Vittorio [EMAIL PROTECTED] wrote: From console open shell (key number 8), try this: pw add user bgpd try... - Original Message - From: bablam [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, June 09, 2006 12:22 PM Subject: Re: [pfSense Support] Adding a user on Beta 4 I have looked at the man page and so far am having a hard time adding the user, I am looking at http://netbsd.gw.com/cgi-bin/man-cgi?pwd_mkdb+8+NetBSD-current http://netbsd.gw.com/cgi-bin/man-cgi?db+3+NetBSD-current. The comands I am trying to run are; pwd_mkdb -s 4 -u _bgpd -B /etc/spwd.db pwd_mkdb: line #1 too long pwd_mkdb: /etc/spwd.db: Inappropriate file type or format # pwd_mkdb -s 4 -u _bgpd -L usage: pwd_mkdb [-BCiLNp] [-d directory] [-s cachesize] [-u username] file # pwd_mkdb -s 4 -u _bgpd -L /etc/pwd.db pwd_mkdb: line #1 too long pwd_mkdb: /etc/pwd.db: Inappropriate file type or format # # pwd_mkdb -s 4 -u _bgpd -L /etc/master.passwd pwd_mkdb: corrupted entry pwd_mkdb: at line #27 pwd_mkdb: /etc/master.passwd: Inappropriate file type or format Not sure what I am doing wrong. -W On 6/9/06, Cimino Vittorio [EMAIL PROTECTED] wrote: /etc/master.passwd See manual page of pwd_mkdb for more instruction - Original Message - From: bablam [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, June 09, 2006 5:14 AM Subject: [pfSense Support] Adding a user on Beta 4 Good evening all, I have successfully installed openbgp on my beta4 pfsense. I am, however, having a bear of a time creating the bgpd user. I am used to have the standard comand line admin tools for adding and removing users. I have added the appropriate lines to the /etc/master.passwd and /etc/passwd. I have no idea if I must or how to modify the /etc/master.passwd.db, /etc/pwd.db or /etc/spwd.db. Anyone run across this? Any feedback would rock. Thanks. Wade B -- Wade B - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Wade B Integrity is more important than perception management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Wade B Integrity is more important than perception management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] advanced outbound nat interfering with ipsec tunnel?
Hi, I just updated to latest releng_1 and it still has this same problem. I have a carp+dual wan setup and I'm trying to get outbound load balancing to work, but when I make changes to the advanced outbound nat rules to work towards getting load balancing to work, it causes my ipsec tunnel to stop getting packets. What I mean by that is that the ipsec tunnel still extablishes, but traceroutes to the tunnel return addresses on the public internet ( whereas they didn't with the previous outbound nat setting - and when ipsec was actually working ). Without further ado, here's what I changed the outbound nat rules to that caused it to stop working: iface: WAN2 src: 192.168.0.0/24 src port: * dst: ! 192.168.0.0/24 dst port: * nat addr: * ( no carp on WAN2 unfortunately ) nat port: * static port: no iface: WAN src: 192.168.0.0/24 src port: * dst: ! 192.168.0.0/24 dst port: * nat addr: x.x.218.245 ( my public wan carp ip ) nat port: * static port: no I don't have enough public ip's on WAN2 to carp it, however the ipsec tunnel is currently using WAN2's connection ( it's the only ip my client's router - the other end of the tunnel - is configured to accept ) The LAN firewall rule allowing outbound traffic is: iface: lan proto: * source: lan net port: * dest: * dest port: * gateway: x.x.231.154 ( WAN2's gateway - WAN's isp was having trouble yesterday ) I have just restored my router configuration (again) and my ipsec tunnel is working again. Here are the adv outbound nat rules that allow the tunnel to work: iface: WAN2 src: 192.168.0.96/31 src port: * dst: * dst port: * nat addr: * ( no carp on WAN2 unfortunately ) nat port: * static port: no iface: WAN src: 192.168.0.0/24 src port: * dst: * dst port: * nat addr: x.x.218.245 ( my public wan carp ip ) nat port: * static port: no I was told that in order for outbound load balancing to work correctly especially in combination with carp, you have to create two outbound nat rules, one for each wan. However, when I try to do this, it causes my vpn traffic to not get caught by the ipsec tunnel and is instead getting sent to the unencrypted internet ( as evidence by my tracert's ). What am I doing wrong, or have I possibly discovered a bug. Please advise, thank you. mail2web - Check your email from the web at http://mail2web.com/ . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] advanced outbound nat interfering with ipsec tunnel?
I answered this in another thread ([pfSense Support] pfsense beta-4 multiple ipsec clients from lan to wan) less than two hours ago. --Bill On 6/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I just updated to latest releng_1 and it still has this same problem. I have a carp+dual wan setup and I'm trying to get outbound load balancing to work, but when I make changes to the advanced outbound nat rules to work towards getting load balancing to work, it causes my ipsec tunnel to stop getting packets. What I mean by that is that the ipsec tunnel still extablishes, but traceroutes to the tunnel return addresses on the public internet ( whereas they didn't with the previous outbound nat setting - and when ipsec was actually working ). Without further ado, here's what I changed the outbound nat rules to that caused it to stop working: iface: WAN2 src: 192.168.0.0/24 src port: * dst: ! 192.168.0.0/24 dst port: * nat addr: * ( no carp on WAN2 unfortunately ) nat port: * static port: no iface: WAN src: 192.168.0.0/24 src port: * dst: ! 192.168.0.0/24 dst port: * nat addr: x.x.218.245 ( my public wan carp ip ) nat port: * static port: no I don't have enough public ip's on WAN2 to carp it, however the ipsec tunnel is currently using WAN2's connection ( it's the only ip my client's router - the other end of the tunnel - is configured to accept ) The LAN firewall rule allowing outbound traffic is: iface: lan proto: * source: lan net port: * dest: * dest port: * gateway: x.x.231.154 ( WAN2's gateway - WAN's isp was having trouble yesterday ) I have just restored my router configuration (again) and my ipsec tunnel is working again. Here are the adv outbound nat rules that allow the tunnel to work: iface: WAN2 src: 192.168.0.96/31 src port: * dst: * dst port: * nat addr: * ( no carp on WAN2 unfortunately ) nat port: * static port: no iface: WAN src: 192.168.0.0/24 src port: * dst: * dst port: * nat addr: x.x.218.245 ( my public wan carp ip ) nat port: * static port: no I was told that in order for outbound load balancing to work correctly especially in combination with carp, you have to create two outbound nat rules, one for each wan. However, when I try to do this, it causes my vpn traffic to not get caught by the ipsec tunnel and is instead getting sent to the unencrypted internet ( as evidence by my tracert's ). What am I doing wrong, or have I possibly discovered a bug. Please advise, thank you. mail2web - Check your email from the web at http://mail2web.com/ . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Openvpn routering problem
OpenVPN needs to run as root. There is a thread about this on the forum. On 6/9/06, Henk van Kester [EMAIL PROTECTED] wrote: hello, We upgraded our PFsense Machine from Beta 4 (built on Mon May 8 22:37:25 UTC 2006) to 1.0-RC1 (built on Mon May 8 22:37:25 UTC 2006 ) (cvs update) In Beta 4 our OPENVPN was working perfectly, but in 1.0RC1 we are getting some strange errors with the OPENVPN routing command (see below)? /var/etc/openvpn_server0.conf (this rules worked perfect in Beta 4) push route 192.168.0.0 255.255.255.0 push route 10.8.0.0 255.255.255.0 route 192.168.0.0 255.255.255.0 route 10.8.0.0 255.255.255.0 system log (why not in openvpn-log?) Jun 9 07:08:25 openvpn[1986]: Initialization Sequence Completed Jun 9 07:08:25 openvpn[1986]: Initialization Sequence Completed Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link remote: [undef] Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link remote: [undef] Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link local (bound): [undef]:1194 Jun 9 07:08:25 openvpn[1986]: TCPv4_SERVER link local (bound): [undef]:1194 Jun 9 07:08:25 openvpn[1986]: Listening for incoming TCP connection on [undef]:1194 Jun 9 07:08:25 openvpn[1986]: Listening for incoming TCP connection on [undef]:1194 Jun 9 07:08:25 openvpn[1986]: UID set to nobody Jun 9 07:08:25 openvpn[1986]: UID set to nobody Jun 9 07:08:25 openvpn[1986]: GID set to nobody Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1986]: GID set to nobody Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1 Jun 9 07:08:25 openvpn[1977]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Jun 9 07:08:25 openvpn[1977]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up Jun 9 07:08:25 openvpn[1977]: TUN/TAP device /dev/tun0 opened Jun 9 07:08:25 openvpn[1977]: TUN/TAP device /dev/tun0 opened - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RRD Graphs for OPT1 Wan Connection.
I have a dual wan setup using policy based routing. I have found the RRD graphs and really like them. Great job on these guys. These should help talking to an ISP or two I have noticed that the quality graphs for the OPT1 interface are not displaying. Do I have to enable this somewhere? I found the use_rrd_gateway option for the config.xml. Does this switch which interface it monitors or allow for providing a list to monitor? I can get traffic and packet graphs for this interface but not quality. This interface has static IPs and the WAN is DHCP. Does this make a difference? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD Graphs for OPT1 Wan Connection.
On 6/9/06, Robert Goley [EMAIL PROTECTED] wrote: I have a dual wan setup using policy based routing. I have found the RRD graphs and really like them. Great job on these guys. These should help talking to an ISP or two I have noticed that the quality graphs for the OPT1 interface are not displaying. Do I have to enable this somewhere? I found the use_rrd_gateway option for the config.xml. Does this switch which interface it monitors or allow for providing a list to monitor? I can get traffic and packet graphs for this interface but not quality. This interface has static IPs and the WAN is DHCP. Does this make a difference? Some graphs only support the primary WAN. This will not be resolved in 1.0 but hopefully in the future. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Small bug in FTP port forwading
On 6/7/06, Rajkumar S [EMAIL PROTECTED] wrote: Scott Ullrich wrote: I am pretty sure this was solved. Are you using an up to do date system? Run cvs_sync.sh releng_1 if you are on a full installation and please test again. Tried again, after cvs_sync same results. Okay, thanks. Any chance you know where the bug is? My day job just got a lot more hectic and I dont have a lot of time for pfSense at the moment. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD Graphs for OPT1 Wan Connection.
Thanks for the info. Is there somewhere I should add this to a wiki etc? Robert On Friday 09 June 2006 12:25, Scott Ullrich wrote: On 6/9/06, Robert Goley [EMAIL PROTECTED] wrote: I have a dual wan setup using policy based routing. I have found the RRD graphs and really like them. Great job on these guys. These should help talking to an ISP or two I have noticed that the quality graphs for the OPT1 interface are not displaying. Do I have to enable this somewhere? I found the use_rrd_gateway option for the config.xml. Does this switch which interface it monitors or allow for providing a list to monitor? I can get traffic and packet graphs for this interface but not quality. This interface has static IPs and the WAN is DHCP. Does this make a difference? Some graphs only support the primary WAN. This will not be resolved in 1.0 but hopefully in the future. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD Graphs for OPT1 Wan Connection.
faq.pfsense.com On 6/9/06, Robert Goley [EMAIL PROTECTED] wrote: Thanks for the info. Is there somewhere I should add this to a wiki etc? Robert On Friday 09 June 2006 12:25, Scott Ullrich wrote: On 6/9/06, Robert Goley [EMAIL PROTECTED] wrote: I have a dual wan setup using policy based routing. I have found the RRD graphs and really like them. Great job on these guys. These should help talking to an ISP or two I have noticed that the quality graphs for the OPT1 interface are not displaying. Do I have to enable this somewhere? I found the use_rrd_gateway option for the config.xml. Does this switch which interface it monitors or allow for providing a list to monitor? I can get traffic and packet graphs for this interface but not quality. This interface has static IPs and the WAN is DHCP. Does this make a difference? Some graphs only support the primary WAN. This will not be resolved in 1.0 but hopefully in the future. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RRD graph 48h is 30h
The graph Analysis for wan - 48h traffic only covers 30h. Well the axis labelling does, but the plot does seem to match the labelling. Whether the intention was for a 30h or 48h graph, I'd prefer a 48h one. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]