Re: [pfSense Support] ipsec woes
On Fri, 9 May 2008 12:31:41 -0700 "David Rees" <[EMAIL PROTECTED]> wrote: > On Fri, May 9, 2008 at 2:01 AM, Jure Pečar <[EMAIL PROTECTED]> wrote: > > May 9 10:30:20 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does > > not already exist: "192.168.1.0/24[0] 192.168.111.0/24[0] proto=any dir=in" > > May 9 10:30:20 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does > > not already exist: "192.168.111.0/24[0] 192.168.1.0/24[0] proto=any dir=out" > > Oops. Loks like you have some sort of VPN definition error here. Are > you sure that the local/remote nets match on both ends? Also make sure > that you do not have any duplicate local/remote nets across all VPN > connectons defined on each firewall. This is what makes it interesting to me - office2 has no tunnels defined, just "allow mobile clients" enabled and all settings underneath as on office1. No subnets overlap, so things should "just work". I'll try to set up a tunnel at office2 back to office1 and see what I get. -- Jure Pečar http://jure.pecar.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: SOLVED [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Dear List and especially pfSense maintainers, Bill, Chris, Scott et al. I upgraded to 1.2 over a month ago. The above issue (and the earlier "pfSense hanging...") have not recurred since the upgrade. I was not aware of a particular fix that might have addressed this, however looking around it is clear zillions of code changes are noted, it seems very likely the issue was addressed. (since 1.2 RC2 clearly exhibited the problem) Another possibility is the ISP made a change that eliminated the issue. I feel the former is more likely an explanation. I suppose if I was keen I could put back in the old CF card with the previous 1.2 RC2 installation and I guess that might prove it either way. If that would help someone do let me know. I also note PPTP seems to connect much faster and reliably. It gives me great pleasure to express my gratitude to the people involved. Now that I have learned my away around it, (at a certain level that is!) I think pfSense is pretty cool. Kindest regards David Hingston
Re: [pfSense Support] ipsec woes
On Mon, 12 May 2008 11:14:20 +0200 Jure Pečar <[EMAIL PROTECTED]> wrote: > I'll try to set up a tunnel at office2 back to office1 and see what > I get. Nothing really - I just figured out that what I see in pfsense gui is not always what is in the config files. But after I manually fixed racoon.conf and psk.txt, I still couldn't get the tunnels up. So I declared ipsec as not useable and set up openvpn. It works from the firewall, but not from the clients on the LAN, which I is weird, becaure route exists in the routing table and there are no rules to block the traffic. Fun ... -- Jure Pečar http://jure.pecar.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense6 Dev
I looking around this problem and cpdup command don't exists inside the generated pfSense.iso the dev_bootstrap.sh have installed him into's system, but in the final iso version, the program simple don't exists. can somebody help ? I don't changed nothing in code, just run dev_bootstrap.sh Em Fri, 09 May 2008 14:33:27 -0300, Haika Tecnologia e Sistemas <[EMAIL PROTECTED]> escreveu: Hi for all. This is my first post in here, so, let's go. I try to generate the pfSense6 dev edition on freebsd 6.3 and when i test the pfSense.iso, i got this error when select '99' option to install. /scripts/lua_installer: /usr/local/sbin/dfuife_curses: not found. I have search in the google and there show that lik a bug ticket "close". So, what can be ? i build two times that iso trought build_deviso.sh the dev environment have been constructed with fetch -o - -q http://www.pfsense.com/~sullrich/tools/dev_bootstrap.sh | /bin/sh thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Usando o revolucionário cliente de correio do Opera: http://www.opera.com/mail/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] I should know better !
I'm not new to (almost) any form of 'computers' but I have no experience (as if that matters for anything) w/FreeBSD but do manage Linux networks at several locations. I have installed & configured the pfSense on a hard drive and have read over several of the tutorials, but I stall can't get a block of data through the 'box'. So, I'm asking. If I install a copy of (the stable) pfSense and properly designate the WAN & LAN interfaces, what else has to be done in order to get the machine to act as a NAT router (no firewall to begin with)? If I complete the 'Setup Wizard' (using the gui interface) should it work at that point? (I am aware that there is a checkbox the concerns private networks & that it has to be unchecked. See below.) I'm using a 500 mHz Celeron w/128M RAM with a Realtek 8139 chipset as 192.168.254.1 LAN interface and a 3Com 3C905B as 192.168.1.100 WAN interface. The hardware does work 'cause a version 3 of Vyatta works fine in the same environment. I hope that I haven't left out some info that is needed in order to answer my simple (?) question. Keith Steensma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense6 Dev
> I looking around this problem and cpdup command don't exists inside the > generated pfSense.iso I see this in the automatically-built pre-alpha snapshots as well. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Out of Office AutoReply: [pfSense Support] pfSense6 Dev
On Mon, May 12, 2008 at 8:24 AM, Hoos, Stephen <[EMAIL PROTECTED]> wrote: > > > > I am at Jury Duty. Really, guys. There's nothing more annoying than the automated responses one gets for sending mail to public lists. If you have an address subscribed to a public mailing list, here are a few suggestions to keep list nazis like myself from beating down your door: 1. If you MUST send an autoresponse, make sure you only send it if it is DIRECTLY to you. 2. NEVER attach one of the stupid "prove you are a human" milters to it. 3. Exchange just doesn't cut it. Top-posting, autoresponders, dim-witted filtering, HTML email... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] setting time
On May 10, 2008, at 11:16 AM, Dean Larson wrote: computer kept near perfect time before under different o/s. this seems real strange. A long long time ago, in a galaxy far far away, I had a box that ran 100% fine with linux under load. under FreeBSD and BSD/OS it would lock up randomly, and the clock would drift several minutes per day.ap You likely have faulty hardware. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] setting time
On May 10, 2008, at 4:13 PM, Chris Buechler wrote: 3) ACPI issues - try disabling ACPI, sometimes it causes time keeping issues. You can also selectively disable the ACPI timer device without turning ACPI off entirely. Add the following to your /boot/loader.conf file: debug.acpi.disabled="timer" You'll see a change at the beginning of your kernel boot messages like this: Timecounter "i8254" frequency 1193182 Hz quality 0 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 Timecounter "HPET" frequency 14318180 Hz quality 900 The "ACPI-fast" line will go away, and the kernel will then be forced to choose a different timekeeping method. You can verify your timekeeper with this command: sysctl sysctl kern.timecounter.hardware It will list one of the available Timecounter options, such as "HPET" or "ACPI-fast". By default, it picks the highest "quality" timer. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: Out of Office AutoReply: [pfSense Support] pfSense6 Dev
RB wrote: 1. If you MUST send an autoresponse, make sure you only send it if it is DIRECTLY to you. 2. NEVER attach one of the stupid "prove you are a human" milters to it. 3. Exchange just doesn't cut it. Top-posting, autoresponders, dim-witted filtering, HTML email... 4. And the [EMAIL PROTECTED]($&@# list admin needs to strip that kind of crap out of the list too one of these days. Oh, that's me. I'll get around to it eventually... :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Atheros 5212 throwing tons of errors
Good morning all, I have an Atheros 5212 in my PF running 1.2RC2. I am seeing anywhere from 500,000 to 1,000,000 errors on the interface per day. Anyone else see issues like this? It is wreaking havoc with basically all network connections. I have noticed that the auto select on the G channel setting does not work so well. Knowing that I used net stumbler to check out the active channels nearby and used one not currently in use by my neighbors. Still no love. I turned off baby monitors and 2.4Ghz phones and their base stations still no difference. I am not sure if it is a driver level issue, hardware or something else. If anyone has seen issues like this please let me know, thanks! Wade B -- Wade Blackwell "Integrity is often more painful and always more profitable than perception management" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Are you still running 1.0.1 or a 1.2-RC?
If so, please stop. pfSense 1.2 has been released now for a very long time and has been production ready since the day it hit the streets. If you're posting to this list having problems with a 1.2RC, before you go _any_ further with your issue, UPGRADE! You really have no excuse for not running 1.2 release. Do yourself a favor, and do the user community as a whole a favor by upgrading your installs to a release version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RE: Atheros 5212 throwing tons of errors
(heeding Gary's warning), Now on 1.2-RELEASE the box has been up 12 minutes and the ath0 interface has 1456 errors. Wade B Wade Blackwell "Integrity is often more painful and always more profitable than perception management" -Original Message- From: Wade Blackwell [mailto:[EMAIL PROTECTED] Sent: Monday, May 12, 2008 8:50 AM To: support@pfsense.com Subject: Atheros 5212 throwing tons of errors Good morning all, I have an Atheros 5212 in my PF running 1.2RC2. I am seeing anywhere from 500,000 to 1,000,000 errors on the interface per day. Anyone else see issues like this? It is wreaking havoc with basically all network connections. I have noticed that the auto select on the G channel setting does not work so well. Knowing that I used net stumbler to check out the active channels nearby and used one not currently in use by my neighbors. Still no love. I turned off baby monitors and 2.4Ghz phones and their base stations still no difference. I am not sure if it is a driver level issue, hardware or something else. If anyone has seen issues like this please let me know, thanks! Wade B -- Wade Blackwell "Integrity is often more painful and always more profitable than perception management" smime.p7s Description: S/MIME cryptographic signature
RE: [pfSense Support] RE: Atheros 5212 throwing tons of errors
I've had the same experience. It caused me to go to an external bridge/sp(Senao). I posted something but never got a response. Richard [EMAIL PROTECTED] -Original Message- From: Wade Blackwell [mailto:[EMAIL PROTECTED] Sent: Monday, May 12, 2008 11:32 AM To: support@pfsense.com Subject: [pfSense Support] RE: Atheros 5212 throwing tons of errors (heeding Gary's warning), Now on 1.2-RELEASE the box has been up 12 minutes and the ath0 interface has 1456 errors. Wade B Wade Blackwell "Integrity is often more painful and always more profitable than perception management" -Original Message- From: Wade Blackwell [mailto:[EMAIL PROTECTED] Sent: Monday, May 12, 2008 8:50 AM To: support@pfsense.com Subject: Atheros 5212 throwing tons of errors Good morning all, I have an Atheros 5212 in my PF running 1.2RC2. I am seeing anywhere from 500,000 to 1,000,000 errors on the interface per day. Anyone else see issues like this? It is wreaking havoc with basically all network connections. I have noticed that the auto select on the G channel setting does not work so well. Knowing that I used net stumbler to check out the active channels nearby and used one not currently in use by my neighbors. Still no love. I turned off baby monitors and 2.4Ghz phones and their base stations still no difference. I am not sure if it is a driver level issue, hardware or something else. If anyone has seen issues like this please let me know, thanks! Wade B -- Wade Blackwell "Integrity is often more painful and always more profitable than perception management" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense6 Dev
solved! installing that trought ports, or pkg_add, i just copy the /usr/local/bin/cpdup to the pfsense folder binarys. tested in vmware, everything is ok now. Runing pfSense_Dev.7 and pfSense_Dev.6 Em Mon, 12 May 2008 11:23:34 -0300, RB <[EMAIL PROTECTED]> escreveu: I looking around this problem and cpdup command don't exists inside the generated pfSense.iso I see this in the automatically-built pre-alpha snapshots as well. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Usando o revolucionário cliente de correio do Opera: http://www.opera.com/mail/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: SOLVED [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
On Mon, May 12, 2008 at 4:23 AM, Tortise <[EMAIL PROTECTED]> wrote: > The above issue (and the earlier "pfSense hanging...") have not recurred > since the upgrade. Good to hear, thanks for the update. > I was not aware of a particular fix that might have addressed this, however > looking around it is clear zillions of code changes are noted, it seems very > likely the issue was addressed. (since 1.2 RC2 clearly exhibited the > problem) It's been a while, but I don't recall anything that would have specifically fixed your issue. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RE: Atheros 5212 throwing tons of errors
Hello, there is a special build of pfSense 1.2 based on FreeBSD 6.3 instead of 6.2. A user in the forum said that he experiences much less problem with wireless. I downloaded it (see pfSense blog or the wireless section in the forum to get the link), I installed it on a box, but it is too early for me to say anything. It seems to be promising. I'll test it for at least two weeks 24/24h and I encourage you to do the same thing if you have no worry to test that build and to share your thoughts with us. Regards. --- Wade Blackwell <[EMAIL PROTECTED]> wrote: > (heeding Gary's warning), > Now on 1.2-RELEASE the box has been up 12 minutes > and the ath0 > interface has 1456 errors. __ Sent from Yahoo! Mail. A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RE: Atheros 5212 throwing tons of errors
On Mon, May 12, 2008 at 7:56 PM, tester <[EMAIL PROTECTED]> wrote: > Hello, > there is a special build of pfSense 1.2 based on > FreeBSD 6.3 instead of 6.2. A user in the forum said > that he experiences much less problem with wireless. Yeah try this: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfSense_RELENG_1_2/ and there is also a thread somewhere on the forum with someone who fixed this adjusting a sysctl, I don't recall the details and don't have time to look for it for at least a couple days. search and you should find it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
