[pfSense Support] Re: hostap question(s)
Gil Freund wrote:
> Platform:
> RELENG_1_SNAPSHOT_03-10-2006 On Wrap
> Wireless (Philips/IBM):
> ath0: mem 0x8000-0x8000 irq 12 at device 13.0 on pci0
> ath0: Ethernet address: 00:05:4e:47:c2:b6
> ath0: mac 5.6 phy 4.1 5ghz radio 1.7 2ghz radio 2.3
>
> I have three local networks:
> sis0: 192.168.1.0
> sis2: 192.168.2.0
> ath0: 192.168.3.0
> All with DHCP services.
>
> Systems connected to the sis interfaces have no issue acquiring a DHCP
> address.
>
> From the wireless I can only associate using WPA (which is OK, for the time
> being), but not using WEP (for older systems).
Follow up:
DHCP works if I use WPA. Does this make any sense?
Gil
>
> Once the system does associate, it does not acquire an address from the DHCP.
> I
> see no errors in the system log or any blocks on the firewall log. Netstat
> shows:
> udp4 0 0 *.bootps *.*
> and ps shows:
> dhcpd 21576 0.0 1.5 2152 1784 ?? INs 7:16PM 0:00.00
> /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dh
> cat of /var/dhcpd/etc/dhcpd.conf:
> subnet 192.168.1.0 netmask 255.255.255.0 {
> pool {
> range 192.168.1.10 192.168.1.100;
> }
> option routers 192.168.1.1;
> option domain-name-servers 192.168.1.1;
> }
> subnet 192.168.2.0 netmask 255.255.255.0 {
> pool {
> range 192.168.2.10 192.168.2.100;
> }
> option routers 192.168.2.1;
> option domain-name-servers 192.168.2.1;
> }
> subnet 192.168.3.0 netmask 255.255.255.0 {
> pool {
> range 192.168.3.10 192.168.3.100;
> }
> option routers 192.168.3.1;
> option domain-name-servers 192.168.3.1;
> }
>
> Any ideas?
>
> Thanks
>
> Gil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] hostap question(s)
Platform:
RELENG_1_SNAPSHOT_03-10-2006 On Wrap
Wireless (Philips/IBM):
ath0: mem 0x8000-0x8000 irq 12 at device 13.0 on pci0
ath0: Ethernet address: 00:05:4e:47:c2:b6
ath0: mac 5.6 phy 4.1 5ghz radio 1.7 2ghz radio 2.3
I have three local networks:
sis0: 192.168.1.0
sis2: 192.168.2.0
ath0: 192.168.3.0
All with DHCP services.
Systems connected to the sis interfaces have no issue acquiring a DHCP address.
>From the wireless I can only associate using WPA (which is OK, for the time
being), but not using WEP (for older systems).
Once the system does associate, it does not acquire an address from the DHCP. I
see no errors in the system log or any blocks on the firewall log. Netstat
shows:
udp4 0 0 *.bootps *.*
and ps shows:
dhcpd 21576 0.0 1.5 2152 1784 ?? INs 7:16PM 0:00.00
/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dh
cat of /var/dhcpd/etc/dhcpd.conf:
subnet 192.168.1.0 netmask 255.255.255.0 {
pool {
range 192.168.1.10 192.168.1.100;
}
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
pool {
range 192.168.2.10 192.168.2.100;
}
option routers 192.168.2.1;
option domain-name-servers 192.168.2.1;
}
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
range 192.168.3.10 192.168.3.100;
}
option routers 192.168.3.1;
option domain-name-servers 192.168.3.1;
}
Any ideas?
Thanks
Gil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: IPSec Broken in 95.8 Embedded?
Scott Ullrich wrote: > Nothing really has changed to cause this. My tunnels are up fine. > > Scott > Same on 0.96.2 on wrap: Dec 13 10:00:50 racoon: DEBUG: msg 1 not interesting Dec 13 10:00:49 racoon: DEBUG: msg 1 not interesting Dec 13 10:00:35 racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or directory Dec 13 10:00:35 racoon: DEBUG: get pfkey X_SPDDUMP message Dec 13 10:00:35 racoon: INFO: fe80::20d:b9ff:fe02:c49c%sis0[500] used as isakmp port (fd=15) Dec 13 10:00:35 racoon: INFO: 192.168.30.254[500] used as isakmp port (fd=14) Dec 13 10:00:35 racoon: INFO: fe80::20d:b9ff:fe02:c49d%sis1[500] used as isakmp port (fd=13) Dec 13 10:00:35 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=12) Dec 13 10:00:35 racoon: INFO: ::1[500] used as isakmp port (fd=11) Dec 13 10:00:35 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=10) Dec 13 10:00:35 racoon: INFO: fe80::20d:b9ff:fe02:c49c%ng0[500] used as isakmp port (fd=9) Dec 13 10:00:35 racoon: INFO: 192.117.108.61[500] used as isakmp port (fd=8) Dec 13 10:00:35 racoon: DEBUG: 8 addrs are configured successfully Dec 13 10:00:35 racoon: DEBUG: configuring default isakmp port. Dec 13 10:00:35 racoon: DEBUG: my interface: xxx.xxx.xxx.xxx (ng0) Dec 13 10:00:35 racoon: DEBUG: my interface: fe80::20d:b9ff:fe02:c49c%ng0 (ng0) Dec 13 10:00:34 racoon: DEBUG: my interface: fe80::1%lo0 (lo0) Dec 13 10:00:34 racoon: DEBUG: my interface: ::1 (lo0) Dec 13 10:00:34 racoon: DEBUG: my interface: 127.0.0.1 (lo0) Dec 13 10:00:34 racoon: DEBUG: my interface: fe80::20d:b9ff:fe02:c49d%sis1 (sis1) Dec 13 10:00:34 racoon: DEBUG: my interface: 192.168.30.254 (sis0) Dec 13 10:00:34 racoon: DEBUG: my interface: fe80::20d:b9ff:fe02:c49c%sis0 (sis0) Dec 13 10:00:34 racoon: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. Dec 13 10:00:34 racoon: DEBUG: hmac(modp1024) Dec 13 10:00:34 racoon: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. Dec 13 10:00:34 racoon: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. Dec 13 10:00:34 racoon: DEBUG: reading config file /var/etc/racoon.conf Dec 13 10:00:34 racoon: DEBUG: call pfkey_send_register for IPCOMP Dec 13 10:00:34 racoon: DEBUG: call pfkey_send_register for ESP Dec 13 10:00:34 racoon: DEBUG: call pfkey_send_register for AH Dec 13 10:00:34 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/) Dec 13 10:00:34 racoon: INFO: @(#)ipsec-tools 0.6 (http://ipsec-tools.sourceforge.net) > On 12/11/05, Gil Freund <[EMAIL PROTECTED]> wrote: > >>Scott Ullrich wrote: >> >>>Nothing has changed so double check everything and reboot both endpoints. >>> >>>On 12/11/05, John Cianfarani <[EMAIL PROTECTED]> wrote: >>> >>> >>>> >>>> >>>> >>>>Was using Ipsec tunnels both standard and mobile clients in 94.10 with it >>>>working fine. >>>> >>>>After the upgrade to 95.8 (also tried 95.4) tunnels will no longer come up. >>>> >>>>I did notice that there is no SPD defined anymore, I don't know if that is a >>>>cosmetic issue or a no policies are actually being applied. >>>> >>>>But I found this in the the IPSec Log >>>> >>>> >>>> >>>>Dec 11 13:41:18 racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or >>>>directory >>>> >>>>Dec 11 13:41:18 racoon: DEBUG: get pfkey X_SPDDUMP message >>>> >>>> >>>> >>>>As always if you need any moew logs/debug let me know. >> >>Same here. IPSEC tunnel failed in 05.4 (Pfsense<->Netscreen). Works fine in >>0.94.12 >> >> >>>> >>>> >>>> >>>> >>>>Thanks >>>> >>>>John >> >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: IPSec Broken in 95.8 Embedded?
Scott Ullrich wrote: > Nothing has changed so double check everything and reboot both endpoints. > > On 12/11/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > >> >> >> >> >>Was using Ipsec tunnels both standard and mobile clients in 94.10 with it >>working fine. >> >>After the upgrade to 95.8 (also tried 95.4) tunnels will no longer come up. >> >>I did notice that there is no SPD defined anymore, I don't know if that is a >>cosmetic issue or a no policies are actually being applied. >> >>But I found this in the the IPSec Log >> >> >> >>Dec 11 13:41:18 racoon: DEBUG: pfkey X_SPDDUMP failed: No such file or >>directory >> >>Dec 11 13:41:18 racoon: DEBUG: get pfkey X_SPDDUMP message >> >> >> >>As always if you need any moew logs/debug let me know. Same here. IPSEC tunnel failed in 05.4 (Pfsense<->Netscreen). Works fine in 0.94.12 >> >> >> >> >> >>Thanks >> >>John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: [pfSense 0.88/0.90] Atheros card not bound to driver
Marc A. Volovic wrote: > Added to table. > > Quoth Gil Freund: > > >>Looks Ok. I tried (all Atheros 5212): >>Make 0.880.900.93 >> === === === >>Askey Problem OK OK >>Gigabyte GN-WIAG02Problem Problem OK Spoken too soon See attached dmesg output. This is on a 0.90 upgraded to 0.93. Seems OK on a full 0.93 install. >>Philips (IBM OEM) OK OK OK > > TP-Link TL-WN660G Problem Problem OK > TP-Link TL-WN560G Problem Problem OK > P.S. Hardware is PC-Engine Wrap Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-RC1 #1: Sun Oct 30 20:41:50 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/pfSense_wrap.6 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Geode(TM) Integrated Processor by National Semi (266.65-MHz 586-class CPU) Origin = "Geode by NSC" Id = 0x540 Stepping = 0 Features=0x808131 real memory = 134217728 (128 MB) avail memory = 121913344 (116 MB) wlan: mac acl policy registered ath_hal: 0.9.16.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413, DFS) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface cpu0 on motherboard pcib0: pcibus 0 on motherboard pci0: on pcib0 pci0: at device 13.0 (no driver attached) pci0: at device 13.1 (no driver attached) pci0: at device 13.2 (no driver attached) pci0: at device 13.3 (no driver attached) pci0: at device 13.4 (no driver attached) pci0: at device 13.5 (no driver attached) pci0: at device 13.6 (no driver attached) pci0: at device 13.7 (no driver attached) sis0: port 0x1400-0x14ff mem 0x8008-0x80080fff irq 10 at device 14.0 on pci0 sis0: Silicon Revision: DP83816A miibus0: on sis0 ukphy0: on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto sis0: Ethernet address: 00:0d:b9:02:c4:98 sis1: port 0x1800-0x18ff mem 0x800c-0x800c0fff irq 9 at device 15.0 on pci0 sis1: Silicon Revision: DP83816A miibus1: on sis1 ukphy1: on miibus1 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto sis1: Ethernet address: 00:0d:b9:02:c4:99 sis2: port 0x1c00-0x1cff mem 0x8010-0x80100fff irq 11 at device 16.0 on pci0 sis2: Silicon Revision: DP83816A miibus2: on sis2 ukphy2: on miibus2 ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto sis2: Ethernet address: 00:0d:b9:02:c4:9a Geode GPIO@ = f400 Geode PC Engines WRAP.1C/1D/1E v1.tinyBIOS V1.4a (C)1997-2005 isab0: port 0xf400-0xf43f,0xf600-0xf63f at device 18.0 on pci0 isa0: on isab0 pci0: at device 18.1 (no driver attached) atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 18.2 on pci0 ata0: on atapci0 ata1: on atapci0 pci0: at device 18.3 (no driver attached) Geode CBA@ 0x9000 Geode rev: 06 03 Timecounter "Geode" frequency 2700 Hz quality 1000 pci0: at device 18.5 (no driver attached) pmtimer0 on isa0 orm0: at iomem 0xe-0xe7fff on isa0 ppc0: parallel port not found. sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A, console sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled RTC BIOS diagnostic error 80 Timecounters tick every 1.000 msec Fast IPsec: Initialized Security Association Processing. ad0: FAILURE - SETFEATURES SET TRANSFER MODE status=51 error=4 ad0: 244MB at ata0-master BIOSPIO Trying to mount root from ufs:/dev/ad0a sis0: link state changed to UP sis1: link state changed to DOWN sis2: link state changed to DOWN bridge0: Ethernet address: ac:de:48:e7:86:13 pflog0: promiscuous mode enabled pfSense# - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: [pfSense 0.88/0.90] Atheros card not bound to driver
Scott Ullrich wrote: > I have heard reports that the newer HAL in later versions makes some > ATH cards work that are not reliably probed. > > Please try: http://www.pfsense.com/~sullrich/?M=D Looks Ok. I tried (all Atheros 5212): Make0.880.900.93 === === === Askey Problem OK OK Gigabyte GN-WIAG02 Problem Problem OK Philips (IBM OEM) OK OK OK > > Scott > > > On 11/11/05, Marc A. Volovic <[EMAIL PROTECTED]> wrote: > >>Hello. >> >> I am experiencing a peculiar phenomenon - on a WRAP.1 board (BIOS 1.08), >>a TP-Link TL-WN660G card is NOT bound to driver on a cold boot (i.e. power >>cycle) - and therefore not used. The card IS detected, HAL is reported >>(version 0.9.14.9), but driver remains unbound and card is reported as "not >>claimed". >> >> On subsequent reboots (i.e. console/web ui generated boots), the card is >>detected but IS bound to the driver and is, therefore, usable. >> >> Initially, I suspected both the card and the WRAP. Subsequent tests, with >>other Mini-PCI Atheros cards and other WRAP boards (I have access to a >>number of both), proves that the behaviour is repeatable. >> >> Linux does not exhibit similar behavior, with HAL 0.9.16.3 being detected >>and driver (ath_pci 0.9.4.5) bound every boot, cold or warm, on the very >>same boards and the very same Atheri cards (plural of Atheros, how ;-)... >> >> Has anyone seen similar behaviour? What can cause this and how can I >>provide more pertinent information to check this issue. I readily admit >>that my BSD experience is dated (SunOS 4.1), and I am trying to bootstrap >>my memory into a more functional mode (among other stuff to be able to >>build local versions of the embedded images). >> >> Thanks! >> >> Marc >> >>-- >>---MAV >>Marc A. Volovic [EMAIL PROTECTED] >>Swiftouch, LTD +972-544-676764 >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] g_vfs_done():ad0a[WRITE(offset=28090368, length=8192)]error = 1
Hi, I have been seeing the above message sporadically both on a WRAP and RouterBoard 200. They seem to appear only when a MiniPCI (Atheros) is installed and and activated. I have tried several CF cards and re flashed them (from a Windows Machine). A second WRAP, which does not have a MiniPCI card does not display those messages. I can see not other issue in performance. I am using Ver 0.90. Thanks Gil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
