[pfSense Support] Static Routes
Afternoon all. We am running pfsense 1.2.3-RELEASE and having issues with a couple remote sites. We have a few static route statements. Each of them are actually part of the same subnet and go to the same gateway. We prefer to have each subnet routed individually because it is easier to track in the event of a security related incident, BOTS, etc Does this release have any issues with the amount of static routes it can handle at one time? Are there issues with a /20 subnet being routed out a specific interface? Thank you Dwane
[pfSense Support] RE: Static Routes
Thank you. Guess that answers that theory. From: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] Sent: Tuesday, July 19, 2011 1:25 PM To: support@pfsense.com Subject: [pfSense Support] RE: Static Routes I have a 1.2.3-RELEASE box with 32 static routes on it. No issues! Nathan From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, July 19, 2011 11:16 AM To: 'support@pfsense.com' Subject: [pfSense Support] Static Routes Afternoon all. We am running pfsense 1.2.3-RELEASE and having issues with a couple remote sites. We have a few static route statements. Each of them are actually part of the same subnet and go to the same gateway. We prefer to have each subnet routed individually because it is easier to track in the event of a security related incident, BOTS, etc Does this release have any issues with the amount of static routes it can handle at one time? Are there issues with a /20 subnet being routed out a specific interface? Thank you Dwane
[pfSense Support] Logout button - captive portal
Good afternoon all. We use the following version and it has been rather stable. 1.2.3-RELEASE built on Sun Dec 6 23:21:36 EST 2009 My issue is when authenticate, you can do whatever you have been authorized. But when you have completed and click the logout button, it just sits there. You can click it and click it and it will not go away. However, I did notice that I was logged out from the pfsense box which is a good thing. How do we get the button to disappear or to possibly show something that will state that you have been disconnected. Thank you Dwane
[pfSense Support] Certificate
Is PfSense Version 1.2.3 capable of handling 2048 bit certificate? Or does it need to be 1024 bit? Dwane
RE: [pfSense Support] Certificate
Thank you. That answers my question. Dwane From: Carlos Vicente [mailto:cjpvice...@gmail.com] Sent: Tuesday, June 21, 2011 11:36 AM To: support@pfsense.com Subject: Re: [pfSense Support] Certificate You can create 2048 bits certificates (OpenVPN), all you need is to change that specific line on the vars file before creating the certificates On Tue, Jun 21, 2011 at 4:54 PM, Atkins, Dwane P atki...@uthscsa.edumailto:atki...@uthscsa.edu wrote: Is PfSense Version 1.2.3 capable of handling 2048 bit certificate? Or does it need to be 1024 bit? Dwane -- * http://www.sebastiaoguerra.com http://www.atelierdamoto.com http://www.blocoa3.comhttp://www.blocoa3.com/ -- Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e destinados, exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este e-mail por erro, por favor, contacte-nos. Obrigado. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify us. Antes de imprimir este e-mail pense se necessita mesmo de o fazer
[pfSense Support] Captive Portal Redirection
I am experiencing an issue again where the Captive Portal is not redirecting automatically. WE can web into http://pfsense.domain.local:8000 and it will redirect. However, if we just click on a browser and go to a homepage, it will not redirect. I have seen this before and thought I had the documentation to fix it, but that is not so. Dwane
[pfSense Support] RE: Captive Portal Redirection
I found my error. My fault - -- it was a typo. Dwane From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Friday, June 17, 2011 10:38 AM To: support@pfsense.com Subject: [pfSense Support] Captive Portal Redirection I am experiencing an issue again where the Captive Portal is not redirecting automatically. WE can web into http://pfsense.domain.local:8000 and it will redirect. However, if we just click on a browser and go to a homepage, it will not redirect. I have seen this before and thought I had the documentation to fix it, but that is not so. Dwane
[pfSense Support] Release all unused DHCP leases.
Is there a way to release all unused DHCP addresses without a reboot?
[pfSense Support] RE: Release all unused DHCP leases.
Can I do this by restarting the DHCP services? I have lowered the default and maximum leased times. Any ideas? From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, March 23, 2011 11:22 AM To: 'support@pfsense.com' Subject: [pfSense Support] Release all unused DHCP leases. Is there a way to release all unused DHCP addresses without a reboot?
RE: [pfSense Support] RE: Release all unused DHCP leases.
So is there no way to edit and get rid of all offline lease that have not reached their max lease time? Thank you, Dwane From: Adam Thompson [mailto:athom...@athompso.net] Sent: Wednesday, March 23, 2011 12:47 PM To: support@pfsense.com Subject: RE: [pfSense Support] RE: Release all unused DHCP leases. Could you explain, please what you mean by ‘release all unused DHCP addresses’? Once you’ve changed DHCP server parameters, nothing actually changes until the client next renews its lease, so what I think you’re after… is an automatic process that takes up to 2*previous-max-lease-time. You could reboot every single DHCP client, which barring broken DHCP client implementations (Win95, notably) should accomplish your goal. -Adam From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, March 23, 2011 11:27 To: 'support@pfsense.com' Subject: [pfSense Support] RE: Release all unused DHCP leases. Can I do this by restarting the DHCP services? I have lowered the default and maximum leased times. Any ideas? From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, March 23, 2011 11:22 AM To: 'support@pfsense.com' Subject: [pfSense Support] Release all unused DHCP leases. Is there a way to release all unused DHCP addresses without a reboot?
[pfSense Support] DHCP server settings
We recently lowered our DHCP lease time to the default of 2 hours. After a couple hours, I was checking the DHCP leases and see some that have a difference of 2 hours from the Start and End time. However, there are some that have a 24 hour difference. Is there a way to completely clear out the DHCP lease time and restart the DHCP server. These leases started almost 3 hours after I had modified the default lease time. Thanks Dwane
[pfSense Support] RE: DHCP server settings
I am not trying to spam mail, but should we set the maximum lease time as well? It is currently at default. Dwane From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, March 15, 2011 10:34 AM To: 'support@pfsense.com' Subject: [pfSense Support] DHCP server settings We recently lowered our DHCP lease time to the default of 2 hours. After a couple hours, I was checking the DHCP leases and see some that have a difference of 2 hours from the Start and End time. However, there are some that have a 24 hour difference. Is there a way to completely clear out the DHCP lease time and restart the DHCP server. These leases started almost 3 hours after I had modified the default lease time. Thanks Dwane
RE: [pfSense Support] RE: DHCP server settings
Thank you, Adam. We had the DHCP default lease time set to 4 hours and the Maximum lease time was set to the default of 24 hours. So we lowered the default lease to 2 hours and left the maximum lease at 24 hours. What this tells me is that with the default lease, it will do another DHCP negotiation at the ½ life or in this case an hour. The maximum lease time says that 10.10.10.10 will only be allowed to lay claim to that lease for one day. Is this a correct assumption? Should I lower the maximum lease time as well? Thanks Dwane From: Adam Thompson [mailto:athom...@athompso.net] Sent: Tuesday, March 15, 2011 12:05 PM To: support@pfsense.com Subject: RE: [pfSense Support] RE: DHCP server settings Yes. Many clients will automatically ask for longer lease times than your default. -Adam From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, March 15, 2011 10:36 To: 'support@pfsense.com' Subject: [pfSense Support] RE: DHCP server settings I am not trying to spam mail, but should we set the maximum lease time as well? It is currently at default. Dwane From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, March 15, 2011 10:34 AM To: 'support@pfsense.com' Subject: [pfSense Support] DHCP server settings We recently lowered our DHCP lease time to the default of 2 hours. After a couple hours, I was checking the DHCP leases and see some that have a difference of 2 hours from the Start and End time. However, there are some that have a 24 hour difference. Is there a way to completely clear out the DHCP lease time and restart the DHCP server. These leases started almost 3 hours after I had modified the default lease time. Thanks Dwane
[pfSense Support] Issues with Captive Portal
We have established a connection via a remote site using a GRE tunnel. We can establish connectivity to the inside interface of the pfsense device. The redirect does not appear to be happening. The web page continues to timeout. We have tried everything I could think of. Today we tried to connect via port 8000 with both the FQDN and the IP address. Neither worked. We have not tried to remove the CP pages we inserted to just see if we can get the standard CP page to come up. Also if you use IE, you can see the DNS FQDN of the site in the lower bar of the web page. I am stuck. I have searched the pfsense archives and have tried some things. Is there a troubleshooting guideline I can follow? Any suggestions would be helpful at this point. Thanks Dwane
[pfSense Support] Captive Portal redirect issues
Not intending to spam---I just wasn't sure the first one went to the proper email address. Good day all. I need some troubleshooting assistance. I am using pfsense 1.2.3 to go across a GRE tunnel. My set up is pfsense device-local router-distant router-user. From the user device, I can actually web into the inside interface of the pfsense device. However, I cannot seem to get the Captive Portal to redirect? I am sure it is some check box, but is there a test or a troubleshooting guideline, I can complete to possibly narrow down my issue? Thank you Dwane
RE: [pfSense Support] Buttons or menu options
It is 1.2.3 REL. It has been going on a lot on test boxes. It is a pretty standard config since we use the pfsense device as a Captive Portal. Thank you Dwane -Original Message- From: Vick Khera [mailto:vi...@khera.org] Sent: Wednesday, February 02, 2011 7:00 AM To: support@pfsense.com Subject: Re: [pfSense Support] Buttons or menu options On Tue, Feb 1, 2011 at 4:07 PM, Atkins, Dwane P atki...@uthscsa.edu wrote: The latest was http://10.10.10.10/reboot.php. I clicked on the reboot menu option and it gave me source code. Is there a way to stop this? stop clicking buttons? :) what version are you running, and what did you to to break it? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Buttons or menu options
Good afternoon all. When I click on certain buttons or options, I will get the source code instead of results. The latest was http://10.10.10.10/reboot.php. I clicked on the reboot menu option and it gave me source code. Is there a way to stop this? Dwane
[pfSense Support] Slow Captive Portal pages
We are experiencing some extremely slow captive portal pages. Are there any tweaks we might make that will speed this up? If we take the same test machine and put it on another network, all web pages come up quickly. This is just the initial redirect page. Thank you Dwane
[pfSense Support] Captive Portal
We are wondering if there is any information available that explains in detail how the Captive Portal on pfsense works? We know it's function, but we are wondering what is happening behind the scene? Any documentation would be nice. Thank you Dwane
[pfSense Support] multiple GRE tunnels via Captive Portal
Our intent is to configure multiple remote sites with wireless to use GRE tunneling back to an optional interface on a pfsense cluster and authenticate via a Captive Portal. Our tunnel will consist of one OPT interface on pfsense tunneling to a router or layer 3 switch. I have a test bed set up with an end-user, going through an access switch to a layer 3 device (where the tunnel is active and actually appears to work) to another layer3 device to the LAN interface of the pfsense device where the GRE tunnel ends at interface OPT1. From the end-user, I can ping the LAN interface of the CP and by using the tracert function, it goes through the tunnel. Our issue is getting the Captive Portal to redirect. We are using 2.0-BETA4 (i386) built on Mon Sep 27 04:12:19 EDT 2010 FreeBSD 8.1-RELEASE-p1 http://172.31.180.3/ When a web page is called, it will with pass me to the web page if local or timeout if remote. The reason for a timeout if we call www.pfsense.orghttp://www.pfsense.org is that we do not have any nat set up at this time. When we go to www.uthscsa.eduhttp://www.uthscsa.edu, we get a web page. I have cleared cache and arp on the end-user device but this still continues. Does anyone have any ideas? Remember we would like to do this with multiple GRE tunnels as well. Thank you Dwane
[pfSense Support] Captive Portal Issues
Good afternoon. I am trying to install pfSense-2.0-BETA4-20100915-0900.iso to just run a captive portal. I am having issues even getting the captive portal to work. When I initiate a web page, I should get something requesting authentication. Instead, I get the web page requested if it is internal, but the page will timeout if it is external. Are there checkboxes that need to be checked or unchecked to just have the pfsense default login appear? Thanks Dwane
[pfSense Support] redirect issues with pfsense 2.0 captive portal
We are doing some testing with pfsense 2.0 BETA, pfSense-2.0-BETA4-20100906-2129.iso. The Server is a Dell PowerEdge R200. We were having issues. We can see the user talking to DNS, but we cannot see DNS come back in. We have the DNS servers defined in the General Setup and also have ensure that both the 10.x.x.x (private side user and default gateway subnet) and the 172.31.x.x/29 (public side) are permitted to access the DNS servers. Did some research and one pfsense users said they reset to Factory default, which I did and reconfigured the device as oppose to restoring it. Once done and prior to adding certificates, I could get the captive portal login page. I added our certificate, key and intermediate certificate and check the Enable HTTPS Login. At this point, pfsense appears to have stopped communicating with the DNS server. On the test Captive Portal user machine, I could no longer accomplish a NSLOOKUP. It appears that pfsense has stopped authorizing access to the DNS devices coming back. Is there a way to fix this? Has anyone experienced this issue before on pfsense 2.0 Beta? I am not sure I explained this very well so if there is more information needed, please let me know. Dwane
RE: [pfSense Support] pfSense 1.2.3 - Squid + Active Directory
Good morning. Are you sure it is cn=Domain Users and not Users? I had an issue with another product and when I used an LDAP software to check my compatibility, I found I was trying to map to Domain Users instead of Users. Plus, do you need to =% after the sAMAccountName? Hope this helps. Dwane -Original Message- From: Dominic [mailto:dominic@gmail.com] Sent: Monday, August 30, 2010 7:26 AM To: support@pfsense.com Subject: [pfSense Support] pfSense 1.2.3 - Squid + Active Directory Hi, I am trying to setup pfSense to authenticate against a Windows 2003 AD machine and so far have been unsuccessful. I've currently configured the squid authentication as follows: LDAP Version 3 Authentication Server: IP of the AD machine Authentication Port:Blank LDAP server user DN: cn=administrator,cn=Domain Users,dc=domain,dc=net LDAP password: Password for administrator account LDAP base domain:dc=domain,dc=net LDAP search filter: sAMAccountName=% All I get when trying to browse is the popup prompting for username and password but this fails. I'ved tried using domain.net\username and just username in the field but it just prompts again for the user/pass. Can anyone advise as to whether I may have gone wrong or where I could find a log file that shows the errors encountered? Thank you, Dominic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense Captive Portal and Motorola BackFlip
I have a user who has a Motorola Backflip. It comes up with the Captive Portal pages, but afterward authenticating, he receives a 411 - Length required error page. Has anyone dealt with this before? Thank you and while search the DHCP login, I noticed I had some users who END times on DHCP were 1969/12/31 at 17:59. I am still searching the forums for this as well. Thank you Dwane
RE: [pfSense Support] pfSense Captive Portal and Motorola BackFlip
I have the user seeing if they can download Dolphin. Yeah, I recognized the dates and knew they were close to the Unix Epoch, but why would they be the release times for DHCP address. Do you think it is time for a reboot? -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Wednesday, August 25, 2010 1:48 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense Captive Portal and Motorola BackFlip On Wed, Aug 25, 2010 at 12:05 PM, Atkins, Dwane P atki...@uthscsa.edu wrote: I have a user who has a Motorola Backflip. It comes up with the Captive Portal pages, but afterward authenticating, he receives a 411 - Length required error page. Has anyone dealt with this before? Never heard of that happening. 411 means The server refuses to accept the request without a defined Content- Length. The client MAY repeat the request if it adds a valid Content-Length header field containing the length of the message-body in the request message. No properly functioning browser should send such a request, it isn't HTTP 1.1 compliant. Seems to be common to some other Android devices, and a wide range of sites, if you search on it. Its browser is broken. Hacking the source to disable HTTP 1.1 in lighttpd should work around that, but could cause any number of other issues. Something that broken on the phone has probably been fixed I presume, see if there is an update for the phone available. Thank you and while search the DHCP login, I noticed I had some users who END times on DHCP were 1969/12/31 at 17:59. I am still searching the forums for this as well. I believe that's the date on leases that don't expire (that's shortly before the Unix epoch) but not completely sure. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Captive Portal Multi-Interface Capabilities
In the release notes for pfsense 2.0, it is mentioned that multi -interface capabilities will be a new feature. Is there a link or can someone better explain the terminology to us? Does this mean that if we have one interface on a pfsense 2.0 server, we can have multiple Vlans trunked to that port. Or does it mean that it supports multiple Network interface cards? If someone can better explain this to me and I maybe a how-to on how to use it. Thanks Dwane
[pfSense Support] Intermediate Certs
Good afternoon, Does the Captive Portal/Web server now support intermediate CAs or do we still need to modify the system.inc or ssl.ca-file = /var/etc/CA_issuing.crt in /var/etc/lighty-CaptivePortal-SSL.conf? We are using pfsense rel 1.2.3 now. Thank you Dwane
[pfSense Support] RE: Intermediate Certs
http://forum.pfsense.org/index.php/topic,22088.0.html I think I found my own answer. Will this ever be a part of pfsense or will we need to continue to modify these files each upgrade? From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Thursday, June 03, 2010 12:22 PM To: 'support@pfsense.com' Subject: [pfSense Support] Intermediate Certs Good afternoon, Does the Captive Portal/Web server now support intermediate CAs or do we still need to modify the system.inc or ssl.ca-file = /var/etc/CA_issuing.crt in /var/etc/lighty-CaptivePortal-SSL.conf? We are using pfsense rel 1.2.3 now. Thank you Dwane
[pfSense Support] Preload upgrade
Is there a way to preload an upgrade on a device and then have it do it's install and reboot later? In other words, can I copy the new release to a particular directory on a pfSense device and then ssh and execute script and then have it reboot with a saved configuration? Thank you Dwane
[pfSense Support] pfSense 1.2.3 RC3 and a power outage
Good morning, Saturday, we had a power outage in a closet where some of our networking and wireless gear is housed. This closet was also the location of one of our major pfSense Captive portal devices. We could not get this device back online. When I arrived on station this morning, I restored another server and put it in place. Everything is up and in normal operation now, but when I looked at the older pfSense device, I found that the interfaces where set back to factory default settings. The entire configuration is gone. After we looked at some articles, it was discovered that the OS cannot find the Symlink for the directory that houses the config.xml. We would like to know if there is going to be issues in upcoming versions? If so, would it be possible that once the config is modified, that it is not only created in directory that gets corrupted, but also into a boot directory. If it cannot, we would at least to be able to access the assigned IPs. Since this happened on the weekend, we were all in different areas of the city and by being able to access the interfaces would've been able to completely restore the system with minimal downtime. Thank you. Dwane
RE: [pfSense Support] Upgrade pfSense version 1.2.3. RC1 on Dell R200 server
Chris, The main issue we have is that the Captive Portal does not seem to want to redirect. I am going to try and reload the device to see if that will help. Thank you Dwane -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Monday, August 10, 2009 6:13 PM To: support@pfsense.com Subject: Re: [pfSense Support] Upgrade pfSense version 1.2.3. RC1 on Dell R200 server On Mon, Aug 10, 2009 at 8:23 AM, Atkins, Dwane Patki...@uthscsa.edu wrote: We are trying to install, and upgrade, from 1.2 RELEASE and 1.2.3 to 1.2.3 RC1. We are using Dell R200s. I am not sure if I possibly got a bad download or the R200 needs a different snapshot? We are loading with the multiple processor option. What problem are you having? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Upgrade pfSense version 1.2.3. RC1 on Dell R200 server
We are trying to install, and upgrade, from 1.2 RELEASE and 1.2.3 to 1.2.3 RC1. We are using Dell R200s. I am not sure if I possibly got a bad download or the R200 needs a different snapshot? We are loading with the multiple processor option. Thank you Dwane
[pfSense Support] Redirect to Captive Portal is not working
We are experiencing an issue where the redirection has stopped working for Captive Portal. WE have a series of pfsense devices set up the same way and this one just decided to stop. Yesterday, we upgraded to 1.2.3 RC1 to see if that corrected the issue. I also removed and reinstalled all the CP pages. Neither fixed the issue. Does anyone have anything we can look at on the device? We can http into both inside and outside interfaces with no issues. We do get an DHCP address served from the pfSense device. Any help would be appreciated. Dwane
RE: [pfSense Support] upgrading a certain snapshot
I am guessing I can do this with a firmware upgrade? I am not going on about 10 minutes. Can someone please give me an idea of how long this upgrade should take? I am using the following to upgrade per our latest conversation. pfSense-Full-Update-1.2.3-20090407-1323.tgz. If I click on anything, I get a display of a hard drive stating that an upgrade is in progress and the system will reboot once completed. Any ideas? Dwane -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Friday, April 10, 2009 1:56 PM To: support@pfsense.com Subject: Re: [pfSense Support] upgrading a certain snapshot On Fri, Apr 10, 2009 at 2:47 PM, Atkins, Dwane P atki...@uthscsa.edu wrote: We are trying to do a test upgrade using the snapshot, pfSense-1.2.3-20090407-1035.img.gz. It took over 1 hour and 10 minutes and the upgrade still had not completed. The current version of the device is 1.2-RELEASE built on Thu Apr 10 21:08:03 EDT 2008. You need to use the full update file. You can go straight from 1.2 to 1.2.3. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] upgrading a certain snapshot
We are trying to do a test upgrade using the snapshot, pfSense-1.2.3-20090407-1035.img.gz. It took over 1 hour and 10 minutes and the upgrade still had not completed. The current version of the device is 1.2-RELEASE built on Thu Apr 10 21:08:03 EDT 2008. Our question is, do we need to be at a certain version prior to executing a firmware upgrade from the Web gui? Should it take over an hour to accomplish this task? Thanks for your help
[pfSense Support] Errors in lighttpd.error.log
We have been having to accomplished numerous reboots on a pfsense device and we are trying to understand why. I am looking at the lighttpd.error.log now and have discovered errors that I am not sure where they are coming from. (connections.c.290) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (connections.c.606) connection closed: write failed on fd 11 (connections.c.262) SSL: -1 5 54 Connection reset by peer (mod_fastcgi.c.1768) connect failed: Connection refused on unix:/tmp/php-fastcgi.socket-0 (mod_fastcgi.c.2956) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 193 (mod_fastcgi.c.3568) all handlers for /index.php on .php are down. (mod_fastcgi.c.2769) fcgi-server re-enabled: unix:/tmp/php-fastcgi.socket-0 (request.c.1153) request-size too long: 2147479552 - 413 I am looking through the forum now but we would like to see if we can take steps to prevent these errors from happening. We get these errors on both release 1.2.3 and 1.2.1 RC2. Thanks for your help Dwane
[pfSense Support] Captive Portal Issues
We have been running pfSense as a Captive Portal for quite sometime. Lately, our flenses have had services that were locking up. You could view items on the GUI, but could not execute a Captive Portal lookup or a Halt System or Reboot System. And if you ssh'ed into the system, you could not execute either or a web configurator restart either. On the particular system we had this happen to lately, we were using 1.2.1-RC2 and have had it happen on 1.2.2. We did recently upgrade to 1.2.3-PRERELEASE-TESTING-VERSION and have not had it up long enough to determine if this version had the same issue. This is the error that was in the /var/log/ lighttpd.error.log 2009-03-03 09:04:58: (mod_fastcgi.c.2956) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 192 2009-03-03 09:04:59: (mod_fastcgi.c.3568) all handlers for /index.php on .php are down. This was on the monitor hooked up to the pfSense device IPFW: IPV6 - Unknown Extension Header(10), ext 2 IPFW: IPV6 - Unknown Extension Header(5), ext 2 Thanks
RE: [pfSense Support] Captive Portal Issues
My apologies that should say our pfsenses and not our flenses From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, March 03, 2009 10:30 AM To: support@pfsense.com Subject: [pfSense Support] Captive Portal Issues We have been running pfSense as a Captive Portal for quite sometime. Lately, our flenses have had services that were locking up. You could view items on the GUI, but could not execute a Captive Portal lookup or a Halt System or Reboot System. And if you ssh'ed into the system, you could not execute either or a web configurator restart either. On the particular system we had this happen to lately, we were using 1.2.1-RC2 and have had it happen on 1.2.2. We did recently upgrade to 1.2.3-PRERELEASE-TESTING-VERSION and have not had it up long enough to determine if this version had the same issue. This is the error that was in the /var/log/ lighttpd.error.log 2009-03-03 09:04:58: (mod_fastcgi.c.2956) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 192 2009-03-03 09:04:59: (mod_fastcgi.c.3568) all handlers for /index.php on .php are down. This was on the monitor hooked up to the pfSense device IPFW: IPV6 - Unknown Extension Header(10), ext 2 IPFW: IPV6 - Unknown Extension Header(5), ext 2 Thanks
RE: [pfSense Support] Issues with upgrade to pfsense version 1.2.2
The captive portal page was locked up. It appears that there was a php issue around 11:00 or so. Scott, where would I find the 1.2.3 release? Thanks to all that responded. Dwane -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Thursday, February 12, 2009 1:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] Issues with upgrade to pfsense version 1.2.2 On Thu, Feb 12, 2009 at 2:05 PM, Atkins, Dwane P atki...@uthscsa.edu wrote: We upgraded to pfSense version 1.2.2 today around 0530. It seems to have upgraded just fine and personnel started logging into the CaptivePortal and I tested it as well and it worked as expected. However, around 11:30 when I was doing a follow-up, I went to the CaptivePortal area to see how many folks we had logged on and it was locked up. What was locked up? What do you mean by locked up? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Intermediate CA issue
Awhile we had an issue where we had to modify the system.inc so that we could add the line $lighty_config .= ssl.ca-file = \/path/to/my/cert/mycert.pem\\n\n; Did this get fixed in recent releases? If not, are there plans to make corrections? thank you, Dwane Dwane Atkins Senior Network Analyst IMS-System Network Operations University of Texas Health Science Center at San Antonio Tel: 210-567-0158 http://ims.uthscsa.edu http://ims.uthscsa.edu/
RE: [pfSense Support] Really need some help
Is the 1.2.2 going to be a full release or is it RC1? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
On the 1.2.1 upgrade is there specific hardware requirements? What is the recommended hardware requirement? Did I miss that in my readings? -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Wednesday, January 07, 2009 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
I am sorry. I am running 1.2.1 RC2 Dwane -Original Message- From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, January 07, 2009 12:39 PM To: support@pfsense.com Subject: RE: [pfSense Support] Really need some help On the 1.2.1 upgrade is there specific hardware requirements? What is the recommended hardware requirement? Did I miss that in my readings? -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Wednesday, January 07, 2009 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Really need some help
1.2.1-RC2 built on Wed Nov 19 22:22:11 EST 2008 Dwane -Original Message- From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Wednesday, January 07, 2009 12:39 PM To: support@pfsense.com Subject: RE: [pfSense Support] Really need some help On the 1.2.1 upgrade is there specific hardware requirements? What is the recommended hardware requirement? Did I miss that in my readings? -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Wednesday, January 07, 2009 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help I'm not sure about an RC installation but when 1.2.1 was recently released, I simply did an upgrade with no problems at all from 1.2. The system rebooted and all services came online as expected, except slightly faster IIRC. :-) Before upgrading, make sure you download a backup of your config file and keep reinstallation media handy in case you need to do a bare-metal installation. On my recent upgrades from 1.2, I had an install CD for 1.2 (original platform) as well as 1.2.1 (upgraded platform) to be sure. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Dwane P Atkins atki...@uthscsa.edu wrote: And while I am on the upgrade subject, does the list recommend a complete reinstall, using the LiveCD or a upgrade using the pfSense GUI? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Wednesday, January 07, 2009 12:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Really need some help Is there a reason you haven't upgraded? Especially since 1.2 was released well over a year ago, and now 1.2.1 is up with increased support. Before chasing down issues down rabbit holes, I would encourage you to consider upgrading, especially when 1.2.2 is released here in the next few days. Atkins, Dwane P wrote: We have 1.2 RC2 installed on a Dell server. Periodically, it locks up solid. You can web into it, but when you go to see how many users there are on the Captive Portal, it locks up. It will show you the number of users but will not display the list. Can I look for a log somewhere that will give me this error message? I have not upgraded to the full version yet. Any help would be greatly appreciated. Dwane *Dwane Atkins* *Senior Network Analyst* *IMS-System Network Operations* *University of Texas Health Science Center at San Antonio* *Tel: 210-567-0158* *http://ims.uthscsa.edu http://ims.uthscsa.edu/* !DSPAM:4964eea115801830115539! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Captive portal locking up?
Yes, that was the message I saw. I am going to upgrade to 1.2.1 RC2. This is what most are using now, correct? Thank you Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2008 8:06 PM To: support@pfsense.com Subject: Re: [pfSense Support] Captive portal locking up? On Tue, Dec 2, 2008 at 3:27 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: We are currently using 1.2 RC1 on a Dell Power Edge R200 and 1.2 Release on a Dell Power Edge 860. In the last couple of weeks, the devices has stopped working for those who are NOT already connected. If you are connected, you maintain the capability to gain access. Each time I have gone to the device, we receive and error message: IPFW2; Ipv6- unknown extension number (5), ext-hd eq 2 You sure that's the exact message? That would make you the only person to ever get that message on FreeBSD or pfSense - google doesn't know about it. Any other potentially relevant messages in your logs? For lack of any better ideas, I would try upgrading one to 1.2.1 to see if that makes any difference. Might be some kind of odd ipfw issue that doesn't exist in FreeBSD 7.0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense 1.2.1 RC1 Time Zone
Good morning, I loaded this software on a new server. Then I restored the latest configuration from the old server. On our Captive Portal, I noticed that the it was Time +5 hours. Of course, I checked the Time Zone and it was not set to ./America/Chicago like it should've been. So I set it as well as configuring our NTP server. However, when I went back at looked at users who had logged on to the Captive Portal, the times were still set at a +5. Is there a way to resolve this issue without rebooting or have done something wrong? Thanks Dwane Dwane Atkins Senior Network Analyst IMS-System Network Operations University of Texas Health Science Center at San Antonio Tel: 210-567-0158 http://ims.uthscsa.edu http://ims.uthscsa.edu/
RE: [pfSense Support] DHCP services
Does anyone have a recommendation for the DHCP default lease time? We have a Captive Portal Idle Timeout of 30 minutes and a Hard timeout of 720 minutes. Our DHCP lease is 43300 seconds or a little more than 12 hours. We do want our students to log in a bunch of times, but we do not want them to keep an IP address for hours after they stop using it. We have been told to change make the default lease time more than our captive portal session. What would happen if we change the default lease time on the DHCP server to 7200 second and left the rest? How would this affect the users? Thanks Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 4:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] DHCP services On Tue, Aug 26, 2008 at 2:08 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Will I have to change all my routing to make these changes? I want to do 202.0 - 205.250. Hard to say, depends on how this is configured in other parts of your network. If you expect to use a /21, your interface has to be a part of that /21 network. You can't assign IPs that are out of the local subnet, which is what you were trying to do. If your entire internal network is private and everything outside that network is public you won't need to do anything but change your internal interface's subnet. If you have private IP space routed to you from other parts of your campus network and do not use NAT, you'll need to make sure the routing is configured appropriately on the WAN side network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DHCP services
Is there a way that once a person has logged out of the Captive Portal, it will release the DHCP address? Thanks -Original Message- From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2008 3:05 PM To: support@pfsense.com Subject: RE: [pfSense Support] DHCP services Does anyone have a recommendation for the DHCP default lease time? We have a Captive Portal Idle Timeout of 30 minutes and a Hard timeout of 720 minutes. Our DHCP lease is 43300 seconds or a little more than 12 hours. We do want our students to log in a bunch of times, but we do not want them to keep an IP address for hours after they stop using it. We have been told to change make the default lease time more than our captive portal session. What would happen if we change the default lease time on the DHCP server to 7200 second and left the rest? How would this affect the users? Thanks Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 4:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] DHCP services On Tue, Aug 26, 2008 at 2:08 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Will I have to change all my routing to make these changes? I want to do 202.0 - 205.250. Hard to say, depends on how this is configured in other parts of your network. If you expect to use a /21, your interface has to be a part of that /21 network. You can't assign IPs that are out of the local subnet, which is what you were trying to do. If your entire internal network is private and everything outside that network is public you won't need to do anything but change your internal interface's subnet. If you have private IP space routed to you from other parts of your campus network and do not use NAT, you'll need to make sure the routing is configured appropriately on the WAN side network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DHCP services
What is the Maximum lease time on the DHCP server? It say that the lease time is for clients that ask for a specific expiration time. Should that be set as well? Thank you Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2008 8:54 PM To: support@pfsense.com Subject: Re: [pfSense Support] DHCP services On Thu, Sep 4, 2008 at 4:04 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Does anyone have a recommendation for the DHCP default lease time? We have a Captive Portal Idle Timeout of 30 minutes and a Hard timeout of 720 minutes. Our DHCP lease is 43300 seconds or a little more than 12 hours. We do want our students to log in a bunch of times, but we do not want them to keep an IP address for hours after they stop using it. We have been told to change make the default lease time more than our captive portal session. What would happen if we change the default lease time on the DHCP server to 7200 second and left the rest? How would this affect the users? Your lease will need to be a little longer than your hard timeout. Otherwise if the lease expired and someone else were to get it and the previous user didn't log out, the new user won't have to authenticate until the hard timeout. There isn't any way to release a DHCP lease when a user logs out. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DHCP services
Is there a way to force release of a DHCP address? Or is there a way to stop the iPhone, iPods and Blackberry's from automatically requesting a DHCP address? Thank you -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 4:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] DHCP services On Tue, Aug 26, 2008 at 2:08 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Will I have to change all my routing to make these changes? I want to do 202.0 - 205.250. Hard to say, depends on how this is configured in other parts of your network. If you expect to use a /21, your interface has to be a part of that /21 network. You can't assign IPs that are out of the local subnet, which is what you were trying to do. If your entire internal network is private and everything outside that network is public you won't need to do anything but change your internal interface's subnet. If you have private IP space routed to you from other parts of your campus network and do not use NAT, you'll need to make sure the routing is configured appropriately on the WAN side network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DHCP services
We want to release all offline addresses in the DHCP Leases. Can we manually release these? -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 4:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] DHCP services On Tue, Aug 26, 2008 at 2:08 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Will I have to change all my routing to make these changes? I want to do 202.0 - 205.250. Hard to say, depends on how this is configured in other parts of your network. If you expect to use a /21, your interface has to be a part of that /21 network. You can't assign IPs that are out of the local subnet, which is what you were trying to do. If your entire internal network is private and everything outside that network is public you won't need to do anything but change your internal interface's subnet. If you have private IP space routed to you from other parts of your campus network and do not use NAT, you'll need to make sure the routing is configured appropriately on the WAN side network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DHCP services
Recently, I added some IPs to our pfSense device. I made the change 10.10.202.0/23 and made it 10.10.202.0/22. BUT---when I went to change my DHCP service from 10.10.202.10 - 10.10.203.250 to 10.10.202.10 - 10.10.205.250, it said I was out of range and would that the available subnets were 10.10.200.0 - 10.10.203.0. How do I get it to dole out the DHCP address I want to dole out instead of the ones that were chosen for me? Thanks Dwane Dwane Atkins Senior Network Analyst IMS-System Network Operations University of Texas Health Science Center at San Antonio Tel: 210-567-0158 http://ims.uthscsa.edu http://ims.uthscsa.edu/
RE: [pfSense Support] DHCP services
Arne, Will I have to change all my routing to make these changes? I want to do 202.0 - 205.250. I do not want to make anymore changes than what is needed. Thanks Dwane From: Arne de Bree [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 1:03 PM To: support@pfsense.com Subject: RE: [pfSense Support] DHCP services 10.10.202/22 has a subnet host address range from 10.10.200.1 - 10.10.203.254. The upper half of your DHCP range falls outside the subnet and is therefore not allowed. Increase the subnet to a /21, which will result in 10.10.207.254 as the upper host address limit, if you need that upper half of the range. Gr, Arne From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: dinsdag 26 augustus 2008 19:49 To: support@pfsense.com Subject: [pfSense Support] DHCP services Recently, I added some IPs to our pfSense device. I made the change 10.10.202.0/23 and made it 10.10.202.0/22. BUT---when I went to change my DHCP service from 10.10.202.10 - 10.10.203.250 to 10.10.202.10 - 10.10.205.250, it said I was out of range and would that the available subnets were 10.10.200.0 - 10.10.203.0. How do I get it to dole out the DHCP address I want to dole out instead of the ones that were chosen for me? Thanks Dwane Dwane Atkins Senior Network Analyst IMS-System Network Operations University of Texas Health Science Center at San Antonio Tel: 210-567-0158 http://ims.uthscsa.edu http://ims.uthscsa.edu/
RE: [pfSense Support] DHCP services
Arne, The problem is that t he lower half is already being used. Does anyone have anyway of correcting this issue? And how will it affect our pfSense device right now? Thank you, Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 1:09 PM To: support@pfsense.com Subject: RE: [pfSense Support] DHCP services Arne, Will I have to change all my routing to make these changes? I want to do 202.0 - 205.250. I do not want to make anymore changes than what is needed. Thanks Dwane From: Arne de Bree [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 1:03 PM To: support@pfsense.com Subject: RE: [pfSense Support] DHCP services 10.10.202/22 has a subnet host address range from 10.10.200.1 - 10.10.203.254. The upper half of your DHCP range falls outside the subnet and is therefore not allowed. Increase the subnet to a /21, which will result in 10.10.207.254 as the upper host address limit, if you need that upper half of the range. Gr, Arne From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: dinsdag 26 augustus 2008 19:49 To: support@pfsense.com Subject: [pfSense Support] DHCP services Recently, I added some IPs to our pfSense device. I made the change 10.10.202.0/23 and made it 10.10.202.0/22. BUT---when I went to change my DHCP service from 10.10.202.10 - 10.10.203.250 to 10.10.202.10 - 10.10.205.250, it said I was out of range and would that the available subnets were 10.10.200.0 - 10.10.203.0. How do I get it to dole out the DHCP address I want to dole out instead of the ones that were chosen for me? Thanks Dwane Dwane Atkins Senior Network Analyst IMS-System Network Operations University of Texas Health Science Center at San Antonio Tel: 210-567-0158 http://ims.uthscsa.edu http://ims.uthscsa.edu/
RE: [pfSense Support] Disable SSH to the private side interface
Thanks to all for their help. This is what I will attempt to do. Dwane -Original Message- From: RB [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 4:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] Disable SSH to the private side interface My question to all would be that since the DHCP address range and the Lan interface are on the same subnet, would using rules to deny SSH do us any good? Would the layer 2 access allow connection to the interface and basically bypass the firewall rules or do rules get checked prior to allowing access? If you check the Disable webGUI anti-lockout rule checkbox I outlined earlier, your LAN will be treated as another default-deny interface (like OPT interfaces) and will require rules to allow clients connectivity*. Unless configured to bridge (and act as a filtering bridge) pfSense generally operates at layer 3. This means that although clients may be able to ARP your LAN interface or pass it various bits of L2 traffic, they cannot bypass the layer-3 restrictions set up by the firewall. The Bypass firewall rules for traffic on the same interface bit was a red herring and should be disregarded at this point. If in fact the Lan Rule does not apply, is there a way that I can stop users from being able to ssh to the Lan or Wan interface? See above. Since the interface will be default-deny you'd actually have to set up a rule to allow clients to SSH. Even further, you're also probably going to have to set up rules to allow clients to reach DNS on the pfSense box and any other services (like captive portal) it may be providing. Including getting out to the internet. See the following (rather paranoid) set of rules: http://imagebin.ca/view/jI-5sz.html * - There is one caveat: pfSense always has a rule to allow DHCP traffic on the LAN interface, regardless of disabling the anti-lockout rule. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Disable SSH to the private side interface
Is there a way that I can disable SSH from my private side address to the default gateway or in this case, the LAN address? Can I do it via a Linux command? In other words, if my LAN interface is 10.6.5.8 and my DHCP (private side) addresses are 10.6.5.10 - .100. I want to ensure that those addresses cannot SSH into the private side address. Thank you Dwane Atkins 210-567-0158 [EMAIL PROTECTED]
RE: [pfSense Support] Disable SSH to the private side interface
Ron, Thanks for the quick answer. I have a LAN rule that I assumed stated deny tcp any Lan Interface eq ssh. If the DHCP address and the lan gateway are in the same subnet, it doesn't appear to work. Another question about Firewall Rules are do they read for top to bottom? I have put these denies above the permit ip any any statement in the Lan rules. Am I doing something wrong? Dwane -Original Message- From: Ron Blanchett [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 1:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] Disable SSH to the private side interface Just add a reject or drop rule on the lan interface Specify a source range and make the destination address your lan interface address and the port 22. Simple as that. -Ron On Tue, Jul 1, 2008 at 2:07 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Is there a way that I can disable SSH from my private side address to the default gateway or in this case, the LAN address? Can I do it via a Linux command? In other words, if my LAN interface is 10.6.5.8 and my DHCP (private side) addresses are 10.6.5.10 - .100. I want to ensure that those addresses cannot SSH into the private side address. Thank you Dwane Atkins 210-567-0158 [EMAIL PROTECTED] -- Ronald Reagan - Recession is when a neighbour loses his job. Depression is when you lose yours. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Disable SSH to the private side interface
Proto Source Port Destination Port Gateway Schedule Description http://172.31.180.2/firewall_rules_edit.php?if=lanafter=-1 http://172.31.180.2/?if=lanact=toggleid=11 TCP * * LAN address 22 (SSH) * No SSH from inside to Lan address http://172.31.180.2/firewall_rules_edit.php?id=11 http://172.31.180.2/firewall_rules.php?act=delif=lanid=11 http://172.31.180.2/firewall_rules_edit.php?dup=11 http://172.31.180.2/?if=lanact=toggleid=12 TCP * * WAN address 22 (SSH) * Disallow SSH to Wan route http://172.31.180.2/firewall_rules_edit.php?id=12 http://172.31.180.2/firewall_rules.php?act=delif=lanid=12 http://172.31.180.2/firewall_rules_edit.php?dup=12 http://172.31.180.2/?if=lanact=toggleid=13 * LAN net * * * * Default LAN - any -Original Message- From: Ron Blanchett [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 1:27 PM To: support@pfsense.com Subject: Re: [pfSense Support] Disable SSH to the private side interface Yes rules reas top to bottom. Please attach a copy of your rule as it is displayed in on the Lan fw tab. this will help in finding the problem with the rule. -Ron On Tue, Jul 1, 2008 at 2:20 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Ron, Thanks for the quick answer. I have a LAN rule that I assumed stated deny tcp any Lan Interface eq ssh. If the DHCP address and the lan gateway are in the same subnet, it doesn't appear to work. Another question about Firewall Rules are do they read for top to bottom? I have put these denies above the permit ip any any statement in the Lan rules. Am I doing something wrong? Dwane -Original Message- From: Ron Blanchett [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 1:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] Disable SSH to the private side interface Just add a reject or drop rule on the lan interface Specify a source range and make the destination address your lan interface address and the port 22. Simple as that. -Ron On Tue, Jul 1, 2008 at 2:07 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Is there a way that I can disable SSH from my private side address to the default gateway or in this case, the LAN address? Can I do it via a Linux command? In other words, if my LAN interface is 10.6.5.8 and my DHCP (private side) addresses are 10.6.5.10 - .100. I want to ensure that those addresses cannot SSH into the private side address. Thank you Dwane Atkins 210-567-0158 [EMAIL PROTECTED] -- Ronald Reagan - Recession is when a neighbour loses his job. Depression is when you lose yours. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Steven Wright - A lot of people are afraid of heights. Not me, I'm afraid of widths. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] image001.gifimage002.gifimage003.gifimage004.gifimage005.gifimage006.gif
RE: [pfSense Support] Disable SSH to the private side interface
My question to all would be that since the DHCP address range and the Lan interface are on the same subnet, would using rules to deny SSH do us any good? Would the layer 2 access allow connection to the interface and basically bypass the firewall rules or do rules get checked prior to allowing access? Does this make sense? If in fact the Lan Rule does not apply, is there a way that I can stop users from being able to ssh to the Lan or Wan interface? Thanks Dwane -Original Message- From: Ron Blanchett [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 2:26 PM To: support@pfsense.com Subject: Re: [pfSense Support] Disable SSH to the private side interface I stand twice corrected, thank you for correcting my misunderstanding of this option. On Tue, Jul 1, 2008 at 3:00 PM, Chris Buechler [EMAIL PROTECTED] wrote: Ron Blanchett wrote: I think we would be looking more for Advanced - Misc - Bypass firewall rules for traffic on the same interface. No, that's for use with static routes because of the asymmetric routing you tend to end up with in those situations breaks stateful filtering. Disabling the anti-lockout rule is necessary to block access to the LAN IP from internal networks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Diogenes - What I like to drink most is wine that belongs to others. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Your suggestion worked like a champ and the iso installed without any flaws. Thank you all for your advice. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 6:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: Chris, My apologies. Which file should I download. I did the pfSense.iso.gz, however it would not allow me to unzip this using winzip. that's the right file. I just downloaded it and it opens and extracts fine with WinRAR, and it's the same file a number of other people have used. Winzip should work fine as well. Might want to try downloading the file again. If you're using IE, try Firefox or something else, IE tends to hose gz files for some people. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Unable to install pfSense 1.2 LiveCD
I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly These are a few of the errors. Others include: TEST_UNIT_READY SET MULTI SET FEATURES TRANSFER MODE. ad4 76298 MB WDC WD800AAJ5-18TDA 01.004 at ata2master UDMA33. I am looking through the archives now. Any help would be appreciated. Thank you, Dwane
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
David, We do not get to a point of kernel installation. Dwane From: David Meireles [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:18 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Why on a so powerfull machine!? I think that you'll be wasting hardware ressources doing that setup... Anyway, do you get to the point of the instalation where you choose your kernel? Qua, 2008-05-07 às 16:15 -0500, Atkins, Dwane P escreveu: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly These are a few of the errors. Others include: TEST_UNIT_READY SET MULTI SET FEATURES TRANSFER MODE. ad4 76298 MB WDC WD800AAJ5-18TDA 01.004 at ata2master UDMA33. I am looking through the archives now. Any help would be appreciated. Thank you, Dwane
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Thank you, Chris. I could get to the point where it brought the reboot screen. I chose to reboot into safemode where we saw an issue with IRQ 6 which is the embedded SATA IRQ. However, it did allow to start the install process of pfSense. I will try this tomorrow. Thank you for all your help. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Chris, My apologies. Which file should I download. I did the pfSense.iso.gz, however it would not allow me to unzip this using winzip. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
I will try that as well. Thanks all Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 5:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Couple other suggestions: -Disable ACPI -make sure the BIOS is up to date. and other items here may help if all else fails. http://devwiki.pfsense.org/BootTroubleShooting Atkins, Dwane P wrote: Thank you, Chris. I could get to the point where it brought the reboot screen. I chose to reboot into safemode where we saw an issue with IRQ 6 which is the embedded SATA IRQ. However, it did allow to start the install process of pfSense. I will try this tomorrow. Thank you for all your help. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SSL configuration with Captive Portal
No, I added it correctly. From: Dziuk, Fred J [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 1:49 PM To: support@pfsense.com Subject: RE: [pfSense Support] SSL configuration with Captive Portal Dwane, Did you add blah.crt instead of ca-cert.crt??? This could be a problem. Fred From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 1:46 PM To: support@pfsense.com Subject: [pfSense Support] SSL configuration with Captive Portal I was looking at a couple of links on the website about this. http://forum.pfsense.org/index.php/topic,2966.0.html http://forum.pfsense.org/index.php?topic=7146.msg40522 We created a file called ca-cert.crt I copied the file to /var/etc I have edited the /var/etc/lighty-CaptivePortal-SSL.conf with ssl.ca-file = blah.crt I saved the configuration file. I then went to the gui interface and clicked Status-Services and clicked the restart icon for Ligghtpd. Once clicked, I waited and waited. The gui would never refresh and then you could not web into the pfSense device unless it was rebooted. Of course, once rebooted the modifications to the /var/etc/lighty-CaptivePortal-SSL.conf were eliminated. I am now using 1.2 RC5 for this. Can anyone help me at least to get the lighttpd service restarted? Is the a CLI command.? I tried to do a service lighttpd restart, but that is not a valid command. Thank you Dwane
[pfSense Support] SSL configuration with Captive Portal
I was looking at a couple of links on the website about this. http://forum.pfsense.org/index.php/topic,2966.0.html http://forum.pfsense.org/index.php?topic=7146.msg40522 We created a file called ca-cert.crt I copied the file to /var/etc I have edited the /var/etc/lighty-CaptivePortal-SSL.conf with ssl.ca-file = blah.crt I saved the configuration file. I then went to the gui interface and clicked Status-Services and clicked the restart icon for Ligghtpd. Once clicked, I waited and waited. The gui would never refresh and then you could not web into the pfSense device unless it was rebooted. Of course, once rebooted the modifications to the /var/etc/lighty-CaptivePortal-SSL.conf were eliminated. I am now using 1.2 RC5 for this. Can anyone help me at least to get the lighttpd service restarted? Is the a CLI command.? I tried to do a service lighttpd restart, but that is not a valid command. Thank you Dwane
RE: [pfSense Support] SSL configuration with Captive Portal
My apologies. At the bottom of the /var/etc/lighty-CaptivePortal-SSL.conf file, I input the following command, ssl.ca-file = /var/etc/ca-cert.crt. Thanks Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 1:46 PM To: support@pfsense.com Subject: [pfSense Support] SSL configuration with Captive Portal I was looking at a couple of links on the website about this. http://forum.pfsense.org/index.php/topic,2966.0.html http://forum.pfsense.org/index.php?topic=7146.msg40522 We created a file called ca-cert.crt I copied the file to /var/etc I have edited the /var/etc/lighty-CaptivePortal-SSL.conf with ssl.ca-file = blah.crt I saved the configuration file. I then went to the gui interface and clicked Status-Services and clicked the restart icon for Ligghtpd. Once clicked, I waited and waited. The gui would never refresh and then you could not web into the pfSense device unless it was rebooted. Of course, once rebooted the modifications to the /var/etc/lighty-CaptivePortal-SSL.conf were eliminated. I am now using 1.2 RC5 for this. Can anyone help me at least to get the lighttpd service restarted? Is the a CLI command.? I tried to do a service lighttpd restart, but that is not a valid command. Thank you Dwane
[pfSense Support] Snapshots
I am trying to connect to the following url http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/ Is there a problem with this? Thank you Dwane Dwane Atkins 210-567-0158 [EMAIL PROTECTED]
[pfSense Support] Issue with Captive Portal Security Certificate
I have installed a VeriSign certificate on the Captive Portal. It works well with Firefox and Safari, but seems to have issues with Internet Explorer 6 and 7.0 . I was getting the There is a problem with this websites security certificate. Click here to close Continue to this web site (Not recommended) Or More information. If you click on the continue, it will take you right in. After doing some research, we noticed that the VeriSign intermediate CA had expired. There is an updated version on the website, but this would mean asking a group of users to update this one particular certificate. It was explained to me that I could possibly piggyback this VeriSign certificate and the captive portal certificate together? Is this possible? Can someone please explain how to accomplish this task? Thanks Dwane
[pfSense Support] 1.2RC3 update
We are confused as to which is the upgrade we need to do for the latest firmware. Is it the Full-and-embedded update or is it just the full update? Thanks Dwane Atkins 210-567-0158 [EMAIL PROTECTED]
RE: [pfSense Support] 1.2RC3 update
I see it when I go to pfsense.org, I go to download pfsense in the left window pane, and then under Upgrading the Previous Version, I click on updates. Then I click on a mirrored site, normally the one out of Seattle. Then I see the one that says pfSense-Embedded-Update-1.2-RC3.tgz , not full and embedded as I stated. Sorry. And I also see the one that states, pfSense-Full-Update-1.2-RC3.tgz http://pfsense.untouchable.net/updates/pfSense-Full-Update-1.2-RC3.tgz Which one do I use if I want to just upgrade my system? Thanks Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 9:40 AM To: support@pfsense.com Subject: Re: [pfSense Support] 1.2RC3 update Atkins, Dwane P wrote: We are confused as to which is the upgrade we need to do for the latest firmware. Is it the Full-and-embedded update or is it just the full update? Where are you seeing a Full-and-embedded file? There shouldn't be any of those around anymore for RC3, it's split into two files. Use the full update for full installs, embedded for embedded installs. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] image001.gif
RE: [pfSense Support] 1.2RC3 update
Thank you, Sean. From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 10:01 AM To: support@pfsense.com Subject: RE: [pfSense Support] 1.2RC3 update If you have an embedded system (running off a CompactFlash card) use the embedded update. If you are running a full install (i.e, running from HDD and have packages installed) then use full update. -Sean From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 3:51 PM To: support@pfsense.com Subject: RE: [pfSense Support] 1.2RC3 update I see it when I go to pfsense.org, I go to download pfsense in the left window pane, and then under Upgrading the Previous Version, I click on updates. Then I click on a mirrored site, normally the one out of Seattle. Then I see the one that says pfSense-Embedded-Update-1.2-RC3.tgz , not full and embedded as I stated. Sorry. And I also see the one that states, pfSense-Full-Update-1.2-RC3.tgz http://pfsense.untouchable.net/updates/pfSense-Full-Update-1.2-RC3.tgz Which one do I use if I want to just upgrade my system? Thanks Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 9:40 AM To: support@pfsense.com Subject: Re: [pfSense Support] 1.2RC3 update Atkins, Dwane P wrote: We are confused as to which is the upgrade we need to do for the latest firmware. Is it the Full-and-embedded update or is it just the full update? Where are you seeing a Full-and-embedded file? There shouldn't be any of those around anymore for RC3, it's split into two files. Use the full update for full installs, embedded for embedded installs. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] image001.gif
[pfSense Support] Release notes for 1.2 RC3
Where would I find out what was changed in the pfsense 1.2 RC3?
[pfSense Support] Release Notes for pfSense-1.2-RC3
Where would I find the release notes for this? I have looked on the web page and it is not readily available. Thanks Dwane
[pfSense Support] modifying swap space
Good afternoon all. We were wondering if there was a way that one could modify the swap space from say 512 MB to 1024 MB on the fly with maybe a reboot? We were getting swap file errors on 1.0.1. Thanks Dwane Dwane Atkins 210-567-0158 mailto:[EMAIL PROTECTED]
RE: [pfSense Support] modifying swap space
Scott, So are you saying to change the maximum concurrent session to 1? Or am I reading this wrong? By the way, we are running 1.0.1. Thanks Dwane -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 05, 2007 1:33 PM To: support@pfsense.com Subject: Re: [pfSense Support] modifying swap space On 9/5/07, Atkins, Dwane P [EMAIL PROTECTED] wrote: Scott, Can you explain what a virus might do to pfSense? The captive portal is a pass thru device. We are doing 15-20 mbps of traffic with about 35-40 percent CPU, but the swap is nearly zero. Ensure that you are limiting connections per client to the portal as viruses will commonly try to access the internet (port 80) and redirect to the captive portal which invokes PHP. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] modifying swap space
The Maximum concurrent session? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 05, 2007 3:33 PM To: support@pfsense.com Subject: Re: [pfSense Support] modifying swap space On 9/5/07, Atkins, Dwane P [EMAIL PROTECTED] wrote: Scott, So are you saying to change the maximum concurrent session to 1? Or am I reading this wrong? By the way, we are running 1.0.1. Thanks This setting is not available in 1.0.1. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] modifying swap space
Thank you. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 05, 2007 3:45 PM To: support@pfsense.com Subject: Re: [pfSense Support] modifying swap space On 9/5/07, Atkins, Dwane P [EMAIL PROTECTED] wrote: Scott and all, I guess my one question would be, is if the pfSense is a basic pass-through device, what would've caused the swap space to failed even in the event of a virus? Does each packet get stored and then forwarded? And in that case, inundate the swap file? If a client has a virus and is probing the internet on port 80 then each of the requests gets filtered into PHP where the login page is shown. If you have too many of these occurring you can exhaust your ram without the new option to limit the connection count. We have since changed the device to 1.2 RC2. We had some issues. We had to actually reload from scratch and build the configuration from scratch since we didn't actually have it backed up. And that was OK. It meant if there was something screwed up in the config, it was gone. Do you recommend that we set the maximum concurrent connection to 1 or 2? Or should we leave it at default? Depends on the splash page and if images are involved, etc. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Issues with pfSense and Captive Portal
Good day. Thank you for the help you have given us in our initial usage of pfSense. We are however experiencing some issues with pfSense 1.0.1 in general and also have a CaptivePortal pre-authentication issue. First issue: I have a particular machine that is capable of going anywhere on the interenet and has yet to authenticate via the CaptivePortal. If this machine can do this, I am sure there are others. The device will show up in the DHCP lease but there is no way to give cancel their connection in 1.0.1. And the device does not show up in the CaptivePortal page at all. Second and biggest issue: We have particular users who run Safari, Firefox, and IE 7 that our initial captive portal page will allow them to authenticate our Acceptable Use Page (AUP) and then once they click Accept, it brings up the AUP again. If they log in again, it repeats the action. We have discovered that in IE, you can check the Check for new Page on each attempt and that will correct it. We have Empty/Deleted Cache and this does not work. Has anyone seen this before and if corrected, what was the fix action? Thank you Dwane
[pfSense Support] RE: Issues with pfSense and Captive Portal
My apologies. I may not have been totally clear on the second issue. It appears that the authentication process does complete. It is just that when you call up a browser, the Acceptable Use Policy comes up again. It looks like an issue there maybe an issue with caching or potentially the redirection with these web browsers. Any help would be appreciated. Dwane From: Atkins, Dwane P Sent: Friday, August 31, 2007 8:36 AM To: 'support@pfsense.com' Subject: Issues with pfSense and Captive Portal Good day. Thank you for the help you have given us in our initial usage of pfSense. We are however experiencing some issues with pfSense 1.0.1 in general and also have a CaptivePortal pre-authentication issue. First issue: I have a particular machine that is capable of going anywhere on the interenet and has yet to authenticate via the CaptivePortal. If this machine can do this, I am sure there are others. The device will show up in the DHCP lease but there is no way to give cancel their connection in 1.0.1. And the device does not show up in the CaptivePortal page at all. Second and biggest issue: We have particular users who run Safari, Firefox, and IE 7 that our initial captive portal page will allow them to authenticate our Acceptable Use Page (AUP) and then once they click Accept, it brings up the AUP again. If they log in again, it repeats the action. We have discovered that in IE, you can check the Check for new Page on each attempt and that will correct it. We have Empty/Deleted Cache and this does not work. Has anyone seen this before and if corrected, what was the fix action? Thank you Dwane
RE: [pfSense Support] Restarting Webconfigurator
I just wanted to answer some questions on this. At one point, we did use the same config, but we rebuilt it later with a newly constructed config. We completed the certificates two different way and two different times. We did it with OpenSSL and copied and pasted them over. Yes, we did ensure that the copy was done correctly. Also, we used the create your own certificate option that comes packaged with pfSense. We had the same issues. Here are some questions fro you about this. Is there a way to look and see if there are certificates out there and possibly remove them and reinsert them? This does work if you delete the certificates from the advanced function and just use http. Thanks Dwane mailto:[EMAIL PROTECTED]
RE: [pfSense Support] Issues with system-advanced/certification issues.
I am just curious if anyone else has any thoughts on this matter. We have just left it as http and no certs which works fine, but is not exactly as secure as we would like. Is there something I could've possibly missed. I have test from 1.0.1 to 1.2 RC2 with the same results on different machines. All Dells. A Dell PowerEdge 1850, 1650 and a GX150. Thanks for everyone's help. Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 10:03 AM To: support@pfsense.com Subject: RE: [pfSense Support] Issues with system-advanced/certification issues. I did a little more testing and if I remove the certs in the System-Advanced function and set the webGUI protocol to http (or https) in the System- General Setup, it works without failure. Still doing some more checking. Where would I find the source code for pfSense so that we can possibly trace down the issue ourselves? Thank you for everyone's help. Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 21, 2007 9:29 AM To: support@pfsense.com Subject: RE: [pfSense Support] Issues with system-advanced/certification issues. Another question I have as far as certificates go for pfSense, we use a private IP address for the WAN. When we create the certificates using OpenSSL for Windows, we use the IP address as the Common Name (CN). Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the IP address OK? Thanks Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 4:52 PM To: support@pfsense.com Subject: [pfSense Support] Issues with system-advanced/certification issues. Good afternoon, I just installed 1.2RC2. I wanted to see if our issue was resolved concerning when we have self-signed (or self generated certificates), and we click on System-Advanced, it will conclude every session on the Captive Portal. Personnel have to re-authenticate in order to regain connectivity. These are the scenarios that I performed today and each of them came up with the same error about the webConfigurator certificates have changed. Tried with System-General Setup-webGUI protocol set to http, self-signed certs, System-Advanced- webGUI SSL, generated from OpenSSL intalled and I received this error Tried with System-General Setup-webGUI protocol set to https, self-signed cert, in System-Advanced- webGUI SSL, generated from OpenSSL installed and still receive the same error. Tried with System-General Setup-webGUI protocol set to http, no self signed certs in the System-Advanced- webGUI SSL certificate/key and it does not conclude connectivity on the CaptivePortal. Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 20 16:31:50 check_reload_status: reloading filter Is there an issue with creating self-signed certificate using OpenSSL and pfSense? Can someone explain the Create Certificate automatically link on the System-Advanced- webGUI SSL certificate/key? Thank you all for your help. Dwane mailto:[EMAIL PROTECTED]
RE: [pfSense Support] Issues with system-advanced/certification issues.
I did a little more testing and if I remove the certs in the System-Advanced function and set the webGUI protocol to http (or https) in the System- General Setup, it works without failure. Still doing some more checking. Where would I find the source code for pfSense so that we can possibly trace down the issue ourselves? Thank you for everyone's help. Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 21, 2007 9:29 AM To: support@pfsense.com Subject: RE: [pfSense Support] Issues with system-advanced/certification issues. Another question I have as far as certificates go for pfSense, we use a private IP address for the WAN. When we create the certificates using OpenSSL for Windows, we use the IP address as the Common Name (CN). Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the IP address OK? Thanks Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 4:52 PM To: support@pfsense.com Subject: [pfSense Support] Issues with system-advanced/certification issues. Good afternoon, I just installed 1.2RC2. I wanted to see if our issue was resolved concerning when we have self-signed (or self generated certificates), and we click on System-Advanced, it will conclude every session on the Captive Portal. Personnel have to re-authenticate in order to regain connectivity. These are the scenarios that I performed today and each of them came up with the same error about the webConfigurator certificates have changed. Tried with System-General Setup-webGUI protocol set to http, self-signed certs, System-Advanced- webGUI SSL, generated from OpenSSL intalled and I received this error Tried with System-General Setup-webGUI protocol set to https, self-signed cert, in System-Advanced- webGUI SSL, generated from OpenSSL installed and still receive the same error. Tried with System-General Setup-webGUI protocol set to http, no self signed certs in the System-Advanced- webGUI SSL certificate/key and it does not conclude connectivity on the CaptivePortal. Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 20 16:31:50 check_reload_status: reloading filter Is there an issue with creating self-signed certificate using OpenSSL and pfSense? Can someone explain the Create Certificate automatically link on the System-Advanced- webGUI SSL certificate/key? Thank you all for your help. Dwane mailto:[EMAIL PROTECTED]
RE: [pfSense Support] Issues with system-advanced/certification issues.
Another question I have as far as certificates go for pfSense, we use a private IP address for the WAN. When we create the certificates using OpenSSL for Windows, we use the IP address as the Common Name (CN). Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the IP address OK? Thanks Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 4:52 PM To: support@pfsense.com Subject: [pfSense Support] Issues with system-advanced/certification issues. Good afternoon, I just installed 1.2RC2. I wanted to see if our issue was resolved concerning when we have self-signed (or self generated certificates), and we click on System-Advanced, it will conclude every session on the Captive Portal. Personnel have to re-authenticate in order to regain connectivity. These are the scenarios that I performed today and each of them came up with the same error about the webConfigurator certificates have changed. Tried with System-General Setup-webGUI protocol set to http, self-signed certs, System-Advanced- webGUI SSL, generated from OpenSSL intalled and I received this error Tried with System-General Setup-webGUI protocol set to https, self-signed cert, in System-Advanced- webGUI SSL, generated from OpenSSL installed and still receive the same error. Tried with System-General Setup-webGUI protocol set to http, no self signed certs in the System-Advanced- webGUI SSL certificate/key and it does not conclude connectivity on the CaptivePortal. Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 20 16:31:50 check_reload_status: reloading filter Is there an issue with creating self-signed certificate using OpenSSL and pfSense? Can someone explain the Create Certificate automatically link on the System-Advanced- webGUI SSL certificate/key? Thank you all for your help. Dwane mailto:[EMAIL PROTECTED]
RE: [pfSense Support] Issues with system-advanced/certification issues.
Even using the Create certificates automatically on the System-Advanced Functions tab concludes connectivity via the Captive Portal. Any ideas? Are we the only ones having this issue? Please be advised that if you check and it is an issue with your pfSense as well, then your user could possibly be disconnected. Thank you all again, Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 21, 2007 9:29 AM To: support@pfsense.com Subject: RE: [pfSense Support] Issues with system-advanced/certification issues. Another question I have as far as certificates go for pfSense, we use a private IP address for the WAN. When we create the certificates using OpenSSL for Windows, we use the IP address as the Common Name (CN). Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the IP address OK? Thanks Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 4:52 PM To: support@pfsense.com Subject: [pfSense Support] Issues with system-advanced/certification issues. Good afternoon, I just installed 1.2RC2. I wanted to see if our issue was resolved concerning when we have self-signed (or self generated certificates), and we click on System-Advanced, it will conclude every session on the Captive Portal. Personnel have to re-authenticate in order to regain connectivity. These are the scenarios that I performed today and each of them came up with the same error about the webConfigurator certificates have changed. Tried with System-General Setup-webGUI protocol set to http, self-signed certs, System-Advanced- webGUI SSL, generated from OpenSSL intalled and I received this error Tried with System-General Setup-webGUI protocol set to https, self-signed cert, in System-Advanced- webGUI SSL, generated from OpenSSL installed and still receive the same error. Tried with System-General Setup-webGUI protocol set to http, no self signed certs in the System-Advanced- webGUI SSL certificate/key and it does not conclude connectivity on the CaptivePortal. Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 20 16:31:50 check_reload_status: reloading filter Is there an issue with creating self-signed certificate using OpenSSL and pfSense? Can someone explain the Create Certificate automatically link on the System-Advanced- webGUI SSL certificate/key? Thank you all for your help. Dwane mailto:[EMAIL PROTECTED]
[pfSense Support] Issues with system-advanced/certification issues.
Good afternoon, I just installed 1.2RC2. I wanted to see if our issue was resolved concerning when we have self-signed (or self generated certificates), and we click on System-Advanced, it will conclude every session on the Captive Portal. Personnel have to re-authenticate in order to regain connectivity. These are the scenarios that I performed today and each of them came up with the same error about the webConfigurator certificates have changed. Tried with System-General Setup-webGUI protocol set to http, self-signed certs, System-Advanced- webGUI SSL, generated from OpenSSL intalled and I received this error Tried with System-General Setup-webGUI protocol set to https, self-signed cert, in System-Advanced- webGUI SSL, generated from OpenSSL installed and still receive the same error. Tried with System-General Setup-webGUI protocol set to http, no self signed certs in the System-Advanced- webGUI SSL certificate/key and it does not conclude connectivity on the CaptivePortal. Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 20 16:31:50 check_reload_status: reloading filter Is there an issue with creating self-signed certificate using OpenSSL and pfSense? Can someone explain the Create Certificate automatically link on the System-Advanced- webGUI SSL certificate/key? Thank you all for your help. Dwane Dwane Atkins 210-567-0158 mailto:[EMAIL PROTECTED]
[pfSense Support] Restarting Webconfigurator
As I have submitted before, we are unable to utilize the System-advanced tab because it knocks everyone off the Captive Portal and cause them to reauthenticate again. We receive the following message: php[408]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator I have tried to upgrade to 1.2 RC1 through the firmware upgrade option. Today, I actually did a complete reinstall of the OS using the 1.2 RC1 image. Nothing seems to resolve the issue. It looks like this is a known issue and I was wondering what the proper process was to report a bug and also what the process is to report proposed enhancements as well? Thank you all for your help Dwane
RE: [pfSense Support] Restarting Webconfigurator
Tim, Thanks. We have tried both. And still have the same issues. Dwane -Original Message- From: Tim Nelson [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 4:22 PM To: support@pfsense.com Subject: Re: [pfSense Support] Restarting Webconfigurator If the problem seems to lie with the certificates, have you tried using standard HTTP instead of HTTPS to see if the problem persists? Tim Nelson Technical Consultant Rockbochs Inc. Atkins, Dwane P wrote: Yes, I did reimport my .xml. It is just if we go to the System-Advanced Option. What would cause this? The certificate and keys are self-generated. Some said they had this issue before, but 1.2 RC1 corrected it. The rest is pretty much default. Thank you and I will look into this. Dwane *From:* Fuchs, Martin [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, August 15, 2007 4:13 PM *To:* support@pfsense.com *Subject:* AW: [pfSense Support] Restarting Webconfigurator Did you reimport your config.xml ? Perhaps it's broken somehow... I cannot see this problem with all my systems i have installed and that are quite some... *Von:* Atkins, Dwane P [mailto:[EMAIL PROTECTED] *Gesendet:* Mittwoch, 15. August 2007 22:42 *An:* support@pfsense.com *Betreff:* [pfSense Support] Restarting Webconfigurator As I have submitted before, we are unable to utilize the System-advanced tab because it knocks everyone off the Captive Portal and cause them to reauthenticate again. We receive the following message: php[408]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator I have tried to upgrade to 1.2 RC1 through the firmware upgrade option. Today, I actually did a complete reinstall of the OS using the 1.2 RC1 image. Nothing seems to resolve the issue. It looks like this is a known issue and I was wondering what the proper process was to report a bug and also what the process is to report proposed enhancements as well? Thank you all for your help Dwane - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Restarting Webconfigurator
Yes, I did reimport my .xml. It is just if we go to the System-Advanced Option. What would cause this? The certificate and keys are self-generated. Some said they had this issue before, but 1.2 RC1 corrected it. The rest is pretty much default. Thank you and I will look into this. Dwane From: Fuchs, Martin [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 4:13 PM To: support@pfsense.com Subject: AW: [pfSense Support] Restarting Webconfigurator Did you reimport your config.xml ? Perhaps it's broken somehow... I cannot see this problem with all my systems i have installed and that are quite some... Von: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 15. August 2007 22:42 An: support@pfsense.com Betreff: [pfSense Support] Restarting Webconfigurator As I have submitted before, we are unable to utilize the System-advanced tab because it knocks everyone off the Captive Portal and cause them to reauthenticate again. We receive the following message: php[408]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator I have tried to upgrade to 1.2 RC1 through the firmware upgrade option. Today, I actually did a complete reinstall of the OS using the 1.2 RC1 image. Nothing seems to resolve the issue. It looks like this is a known issue and I was wondering what the proper process was to report a bug and also what the process is to report proposed enhancements as well? Thank you all for your help Dwane
RE: [pfSense Support] Restarting Webconfigurator
Tell me if this sounds sensible. I will be out of pocket tomorrow. On Friday, I will install 1.2 RC1. I am then going to create, from scratch, a new configuration. If it still happens, then I am unsure of what the issue is. Thank you for everyone's help. Dwane -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 4:34 PM To: support@pfsense.com Subject: Re: [pfSense Support] Restarting Webconfigurator On 8/15/07, Scott Ullrich [EMAIL PROTECTED] wrote: On 8/15/07, Atkins, Dwane P [EMAIL PROTECTED] wrote: Tim, Thanks. We have tried both. And still have the same issues. Run this from a shell: /etc/rc.conf_mount_rw fetch -o /usr/local/www/system_advanced.php http://www.pfsense.com/~sullrich/system_advanced.php.txt /etc/rc.conf_mount_ro And report back. Thanks! Disregard this, on further inspection the code was correct and I cannot duplicate this issue either (same as Martin). Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Restarting the webconfigurator
Does anyone have any ideas what would cause this to happen? From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Monday, August 13, 2007 5:00 PM To: support@pfsense.com Subject: RE: [pfSense Support] Restarting the webconfigurator Tested 1.2RC1 and once we went to System-Advanced, received Aug 13 16:53:51 php: : Creating rrd update script Aug 13 16:53:43 check_reload_status: webConfigurator restart in progress Aug 13 16:53:40 php[407]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. So it is still happening. Right now, we are just staying away from this tab. Thanks Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, August 13, 2007 1:22 PM To: support@pfsense.com Subject: Re: [pfSense Support] Restarting the webconfigurator Atkins, Dwane P wrote: We are running pfSense 1.0.1 and seem to run into a snag each time we go to the System-Advanced and just peruse through it. If we go into this area, it logs everyone off the captive portal and give us this error. At first, I thought maybe it was because I had some self-generated certs loaded, but yet did not have require HTTPS usage in the web gui. However, I tested it with HTTPS required and it still gives us the same error. Is this a known bug? Is there a fix for this? almost certainly a 1.0.1 bug that's fixed in 1.2RC1. upgrade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Restarting the webconfigurator
We are running pfSense 1.0.1 and seem to run into a snag each time we go to the System-Advanced and just peruse through it. If we go into this area, it logs everyone off the captive portal and give us this error. At first, I thought maybe it was because I had some self-generated certs loaded, but yet did not have require HTTPS usage in the web gui. However, I tested it with HTTPS required and it still gives us the same error. Is this a known bug? Is there a fix for this? Thanks Dwane Aug 13 09:06:41 php: : Creating rrd update script Aug 13 09:06:34 check_reload_status: webConfigurator restart in progress Aug 13 09:06:29 php[408]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 13 09:06:09 php: : Creating rrd update script Aug 13 09:06:00 check_reload_status: webConfigurator restart in progress Aug 13 09:05:57 php[408]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator.
RE: [pfSense Support] Restarting the webconfigurator
Tested 1.2RC1 and once we went to System-Advanced, received Aug 13 16:53:51 php: : Creating rrd update script Aug 13 16:53:43 check_reload_status: webConfigurator restart in progress Aug 13 16:53:40 php[407]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. So it is still happening. Right now, we are just staying away from this tab. Thanks Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, August 13, 2007 1:22 PM To: support@pfsense.com Subject: Re: [pfSense Support] Restarting the webconfigurator Atkins, Dwane P wrote: We are running pfSense 1.0.1 and seem to run into a snag each time we go to the System-Advanced and just peruse through it. If we go into this area, it logs everyone off the captive portal and give us this error. At first, I thought maybe it was because I had some self-generated certs loaded, but yet did not have require HTTPS usage in the web gui. However, I tested it with HTTPS required and it still gives us the same error. Is this a known bug? Is there a fix for this? almost certainly a 1.0.1 bug that's fixed in 1.2RC1. upgrade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Updates
Since I am new at this, I was not sure that the firmware update was the way to go for snapshots. I appreciate all the help. Dwane -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, August 10, 2007 5:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] Updates On 8/10/07, Atkins, Dwane P [EMAIL PROTECTED] wrote: I am trying to update a snapshot. When doing so, I do it from the console or ssh in. I hit the option 8. I type in fetch -o /tmp/firmware.tgz http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/updates/pfSense-Full-An d-Embedded-Update-1.2-TESTING-SNAPSHOT-07-21-2007.tgz After a little waiting, it times out. Am I suppose to allow FTP? Is this the proper way to install or at least gain access to the snapshot? After I get it downloaded, I will execute the /etc/rc.firmware pfSenseupgrade /tmp/firmware.tgz. Will this do the trick? Thanks Dwane Why are you not using System - Firmware? Simply download the .tgz file to your desktop and upload it to the webConfigurator. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Updates
I am trying to update a snapshot. When doing so, I do it from the console or ssh in. I hit the option 8. I type in fetch -o /tmp/firmware.tgz http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/updates/pfSense-Full-An d-Embedded-Update-1.2-TESTING-SNAPSHOT-07-21-2007.tgz After a little waiting, it times out. Am I suppose to allow FTP? Is this the proper way to install or at least gain access to the snapshot? After I get it downloaded, I will execute the /etc/rc.firmware pfSenseupgrade /tmp/firmware.tgz. Will this do the trick? Thanks Dwane
