[pfSense Support] Atheros wifi card: warnings in system logs...

[tester tester]

Hello,
In the last week I read hese warnings in the system
logs:

[Code]

Jun 17 02:36:42 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/2 Group with unexpected replay counter
Jun 17 02:35:40 last message repeated 8 times
Jun 17 02:27:40 last message repeated 2 times
Jun 17 02:25:40 hostapd: ath0: STA  WPA: group key
handshake completed (RSN)
Jun 17 02:24:40 hostapd: ath0: STA  WPA: group key
handshake completed (RSN)
Jun 17 02:24:20 hostapd: ath0: STA  WPA: pairwise key
handshake completed (RSN)
Jun 17 02:24:19 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:24:19 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:24:18 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:24:18 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:24:17 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:24:15 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:24:13 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:24:13 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:24:10 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:24:09 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:24:09 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:24:06 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:24:06 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:24:05 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:24:05 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:24:03 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:24:02 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:24:02 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:24:00 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:24:00 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:24:00 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:23:57 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:23:56 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:23:56 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:23:53 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:23:52 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:23:52 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:23:52 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/2 Group with unexpected replay counter
Jun 17 02:23:49 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/2 Group with unexpected replay counter
Jun 17 02:23:49 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:23:47 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:23:47 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:23:45 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/2 Group with unexpected replay counter
Jun 17 02:23:44 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:23:43 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:23:43 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:23:42 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/2 Group with unexpected replay counter
Jun 17 02:22:40 hostapd: ath0: STA  WPA: group key
handshake completed (RSN)
Jun 17 02:22:03 hostapd: ath0: STA  WPA: pairwise key
handshake completed (RSN)
Jun 17 02:22:03 last message repeated 9 times
Jun 17 02:22:02 hostapd: ath0: STA  WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jun 17 02:22:02 hostapd: ath0: STA  IEEE 802.11:
associated
Jun 17 02:22:00 hostapd: ath0: STA  IEEE 802.11:
deassociated
Jun 17 02:22:00 hostapd: ath0: STA  IEEE 802.11:
deauthenticated due to local deauth request
Jun 17 02:21:58 last message repeated 2 times
Jun 17 02:21:57 hostapd: ath0: STA WPA: received
EAPOL-Key 2/4 Pairwise with unexpected replay counter

[/CODE]

I've been using WPA2-PSK AES with an Atheros 5212 PCI
card on a x86 machine running pfSense 1.0.1.
What does 'ath0: STA WPA: received EAPOL-Key x/x
Pairwise with unexpected replay counter' mean? It
appears every hour. :(
Is a problem on the client side (Windows XP SP2) or on
the server side (hostapd)?
I've tried to run pfSense Beta 1.2 LiveCD (not the
latest CVS) but it complains about WDMA2 used by the
harddisk drive (pfSense 1.0.1 set it as PIO4 instead).
What should I do? Daily updated 1.2 Betas have updated
atheros driver than the stable 1.0.1 version and WDMA2
bug fixed?
I can't understand why it happens. It is a wifi card
based on Atheros 5212 card and it should work on
FreeBSD for sure.

Thanks.






___ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo!

[pfSense Support] Debugging hostapd

[tester tester]

How can I get detailed debug data from hostapd? I've been using pfSense also as 
an access-point.
I have some trouble with wireless and debugging can help me to understand the 
problem better.

Thanks!

  
-

-
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail

[pfSense Support] Enable ssh access on WAN

[tester tester]

Hello,
As subject, I want ask you two questions:

1) is it possible to enable ssh access on WAN? If yes,
how?

2) is it possible to change port number on WAN side to
keep out automated ip-scanner?

Thank you in advance!

Regards.


  ___ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: 
http://it.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] RE: Enable ssh access on WAN

[tester tester]

Hello,

--- David Strout <[EMAIL PROTECTED]> wrote:
> On an added note ... if you "really" need sshd to
> listen on specific interfaces you can manually
> edit /etc/ssh/sshd_config and add a ListenAddress
> directive, then restart sshd.
> 
> Here's how:
[CUT]
I've followed your instructions and I had to change
some commands.

> THEN EDIT THE SSHD CONFIG
I had this idea: have standard port no. 22 for trusted
LAN and a non-standard port for untrusted WAN (e.g
Internet). I read the man documentation and I changed
/etc/ssh/sshd_config by adding these three lines:

# additional SSH port
Port xyz
ListenAddress aa.bb.cc.dd  

...where aa.bb.cc.dd is a LAN IP

> SAVE THE FILE AND FIND THE PID FOR SSHD:
> !! NOTE !!
> DO NOT use "pkill -HUP sshd" or you WILL knock
> yourself off the box. 
pkill didn't work on my pfSense. I had to use:

$kill -s HUP x

Next step I have to do is to add an entry in Firewall
Rules & NAT. Note that I haven't checked if it works
yet!

The main problem I've seen while I was trying this
customization on the pfSense test machine is that
sshd_config loses changes on next reboot. What I have
to modify to make those changes permanent?

> ADDITIONAL NOTES:
> If ssh is enabled on the WAN (NOT AT ALL
> recommended !!!)
An additional access to the pfSense machine from WAN
poses a security risk, especially if not well
configured, but I've the need to have an additional
way to manage the pfSense machine even if all PCs in
network are shutdown.

> use keys.
Do you mean the following lines in sshd_config?

# from /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

In this case the problem seems to be these settings
are inherited by the ssh LAN port, too. It would be
useful to have two config files, so ssh LAN port
accepts both password & public key, whilst ssh WAN
port accepts public key only. But the main trouble is
to find out how to make changes permanent in
sshd_config on next reboot.

Thank you for your support!


  ___ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: 
http://it.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: [pfSense Support] RE: Enable ssh access on WAN

[tester tester]

Hello,

--- David Strout <[EMAIL PROTECTED]> wrote:

> Changes to this file are overwritten on every
> reboot or change to the Advanced settings page w/
> a save.  I suspect this will not be addressed in
> future releases as this is a one-off request and
> really has no real applicability ... IMHO. 

I think there is a file or script used as 'prototype'.
If I modify it, I can add those three lines and get
the desired result. Unluckily I don't know which is
the exact filename and its path. Maybe somebody who
knows 'pfSense Internals' better than me. ;-)
In this way I do not have to worry if pfSense is
shutdown or rebooted.

> No, follow the instructions on public_key
> authentication ... a good source is PuTTY's site.
I'll take a look. SSH is pretty new to me.
 
> You'd have to run dual daemons in that case, one
> for LAN and one for WAN ... I don't see that
> happening.
It was only a though. If there is no need to modify
those two lines as you said, I don't need this
solution.

Thank you again!


  ___ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: 
http://it.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: [pfSense Support] RE: Enable ssh access on WAN

[tester tester]

Hello,

--- Bill Marquette <[EMAIL PROTECTED]> ha
scritto:
> /etc/sshd - you'll of course have to modify it again
> after upgrade.

I am looking for the file which automatically
generates sshd_config on next reboot. If somebody
knows, let me know it. :-)

> --Bill
Regards


  ___ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: 
http://it.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: [pfSense Support] RE: Enable ssh access on WAN

[tester tester]

Hello,

--- Bill Marquette <[EMAIL PROTECTED]> ha
scritto:

> If you choose to ignore my suggestion, then you'll
> never find the file
> you are looking for.
Excuse me, I don't know why, but I don't read
carefully your reply, maybe the hurry or the lack of
enlightenment in webmail reader...

Thank you all for your support!


  ___ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today 
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Custom script on embedded image

[tester tester]

Hello,
you should take a look at docs about creating pfSense
from source files. I've never done this before.
Somebody else might help you better, I hope...

Regards

--- Luca Peduto <[EMAIL PROTECTED]> wrote:

> Hi all,
> is it possible to add a custom script on embedded
> image? In which way?
> I need to execute this script when an openvpn tunnel
> is up and/or down.


  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

[tester]

Few ISPs (especially home users offers) reset their
connection every 24h. I don't live in New Zealand, so
I don't know Telstraclear Network, but are you really
sure is it an equipment issue or a line problem (e.g.
interferences, etc...)?
If you can, try another cable modem.

Bye!

--- Tortise <[EMAIL PROTECTED]> wrote:

> I was not surprised that the Motorola 5100 cable
> modem on the Telstraclear Network in New Zealand
> also lost connectivity within the 
> first 24 hours of operation. For pfSense the 5100
> seems no more compatible than the 5101.  Given there
> seem to be no reports of 
> people having problems on other networks with these
> modems, what is it about the Telstraclear cable
> network?
> Kind regards
> David Hingston



  ___ 
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good  
http://uk.promotions.yahoo.com/forgood/environment.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] How to schedule shutdown and box heartbeat

[tester]

Hello,
I've two problems since I updated pfSense box to the
latest version (1.2 RC2).

1) To schedule 'planned' shutdowns I used to edit
/etc/crontab by using vi through a ssh shell, but now
it seems to be a bad habit, because pfSense overwrites
it at the next reboot. I've found out I have to edit
the config.xml. Is it right? 

1b) Regarding 'unplanned' shutdowns: for example, if I
need to shutdown or reboot the pfSense box once at
8:00PM without the need to edit critical systems file,
I thought to use the AT unix utility, but I don't
understand what syntax I have to use. Can you help me?

2) Does pfSense offer a heartbeat feature? I explain
better: think to the same feature offered by Windows
NT based operating systems, which shows in the Event
Viewer when the system boot ups and shutdowns. How can
I track such activities in a plain text log file?

Thank you in advance both for support and the great
product pfSense is!




  ___ 
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good  
http://uk.promotions.yahoo.com/forgood/environment.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] How to schedule shutdown and box heartbeat

[tester]

Hello,

--- Srdjan <[EMAIL PROTECTED]> wrote:
> echo "/my/command/path" | at "16:45" (or "now + 15
> min" etc)
This was the command I typed from the shell:

echo "shutdown -r now" | at "xx:yy"

It seems it won't be executed at xx:yy
I've done a search on the net and according to FreeBSD
Man Pages, 'at' command is composed of several
subcommands (such as atd,atq,atrm,atrun) which seem to
be missing in current pfSense's implementation.
If you read here:
 it
says:
"Note that at is implemented through the cron(8)
daemon by calling
atrun(8) every five minutes.  This implies that the
granularity of at
might not be optimal for every deployment.  If a finer
granularity is
needed, the system crontab at /etc/crontab needs to be
changed".
So I opened /etc/crontab, but atrun entry is missing.
Has 'at' been stripped away from pfSense build, since
its components (e.g atrun, etc...) are missing?
I don't know if something changed and those man pages
are updated or not.

Regarding heartbeat's feature, I thought to run a
custom script during the FreeBSD startup and its
shutdown, but I don't know how this unix OS works.

> Cheers,
> Srdjan
Thanks to all of you!



  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] How to schedule shutdown and box heartbeat

[tester]

Hello,

--- Jonathan Horne <[EMAIL PROTECTED]> wrote:

> why not just use the built-in features of the
> shutdown command? 
I didn't think about it :)

 > if you are editing files, i would assume you are
logged in on a terminal anyway:
> shutdown -r 1800
> 
I did a test, it works as "ad interim" solution,
because there is a banner message which appears every
X seconds, so I have to run the command when I'm sure
to have finished all tasks through the shell.
However I am curious to hear opinion from pfSense
developers about the broken 'at' command in current
implementation (1.2 RC2). Just for knowledge: to
restore it, is the only way to recompile pfSense from
its source files by modifying some settings? 
I could be wrong, but I'd prefer the 'at' solution a
lot.

> if you just want to know how long since last
> reboot...  type 'uptime'.
My aim is to get a plain text log file stored on the
CF containing boot up and shutdown timestamps (the
so-called 'heartbeat'). Uptime and system logs from
webConfigurator go lost at the next reboot or
shutdown.

> cheers,
> -- 
> Jonathan Horne
Thanks!


  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Poor DNS performances and websurfing...

[tester]

Hello,
In the last week I noticed poor DNS performances and
obviously web surfing suffers, too.
This is the output from a PC configured to use the IP
address of the main pfSense machine:

$time nslookup www.google.com

nslookup can take from 0.022s to 5.004s or even
10.04s!
I have to click twice or three times a link in a web
page to successfully connect to it without timeout
error.
Bandwidth from the ISP seems to be OK.
I noticed if a PC download near at the max speed from
a HTTP page, DNS performance becomes worst. I didn't
experience this behaviour in the previous release of
pfSense. Previous one seemed to handle better a high
load.
Maybe a re-installation of pfSense (1.2RC2) can
improve this situation or some network settings have
been changed in the latest release?
Notice that no P2P programs were or are running.

I heard about BIND: does pfSense already offer its
features?

I've a further question to pfSense's developer about
the 'at' command: is it broken in the 1.2RC-2 version
(see message entitled: "How to schedule shutdown and
box heartbeat")?

Thanks.


  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Bizarre behavior on vmWare workstation

[tester]

--- Angelo Turetta <[EMAIL PROTECTED]>
wrote:
> Anyone else noticing a similar behavior?
Yes.

> Is there some workaround, apart from remembering to
mute the speaker before booting pfSense?
I think it is affected by setting 'kern.hz' you find
in the boot loader variables (/boot/loader.conf).


  ___ 
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good  
http://uk.promotions.yahoo.com/forgood/environment.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Flash UPNP attack

[tester]

Hello,
as subject, being worried I'd like to know if
pfSense's UPNP implementation is also affected: should
I disable UPNP?

If you still don't know it, read 'Flash UPnP Attack
FAQ' at
http://www.gnucitizen.org/blog/flash-upnp-attack-faq

Bye



  ___
Support the World Aids Awareness campaign this month with Yahoo! For Good 
http://uk.promotions.yahoo.com/forgood/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Traffic Shaper on a new config

[tester]

Hello,
I am building a new system with new hardware and I
think the better thing is to trash the old config and
do a new one. I'd like to try Traffic Shaper, but I
get little information and I've lots of doubts,
especially regarding its limits and possible side
effects on daily usage. I'd really appreciate if you
can say me your experience about it. I have a 2Mbps
DSL and pfSense works also as a wifi access point. P2P
is used. I notice that when a HTTP download go to the
max speed, DNS is slow and surfing on web pages can
lead to Time out errors. Can traffic shaping improve
its response?
Is it better to configure NAT/Firewall first and then
Traffic Shaper or I don't have to care to?

Thank you!


  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Doubt about link state changed in System Logs

[tester]

Hello,
I've noticed those lines in syslogs after an ATA
adapter rebooted while it was connected to an optional
interface:

php: : Not a valid interface action ""
php: : Processing -
php: : Not a valid interface action ""
php: : Processing start -
php: : Hotplug event detected for vr2 but ignoring
since interface is not set for DHCP
php: : Processing vr2 - start
check_reload_status: rc.linkup starting
kernel: vr2: link state changed to UP
kernel: vr2: link state changed to DOWN

Is it ok 'Not a valid interface action ""' or is it a
bug?

Regards


  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] PPPoE gets disconnected on WAN port

[tester]

Hello,
sometimes PPPoE gets disconnected on WAN port of my
pfSense's box and I have to click several times (at
least twenty ones) on Reconnect button in
'webConfigurator-Status-Interfaces-WAN'. I want ask
you two things are still unclear to me:

1- does pfSense automatically attempt to reconnect
PPPoE itself? If not, is it possible to add
auto-reconnect mechanism by using for example a script
or tuning a config file? Because it is annoying when
Internet connection drops and you are hundreds miles
away and nobody can restart pfSense.

2- where I can read why PPPoE got disconnected? I saw
no entry about it in System Logs and I'm curious to
understand if there is a problem with my box or it is
the ISP which renew my dynamic IP.

I'm using 1.2RC4 on embedded platform. I didn't update
to the final 1.2 yet, but if something related to
PPPoE has been changed, tell me and I update the box,
otherwise I'd prefer not to touch it at the moment.

Thank you!


  ___ 
Yahoo! For Good helps you make a difference  

http://uk.promotions.yahoo.com/forgood/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] PPPoE gets disconnected on WAN port

[tester]

--- Francois-Alexandre St-Onge Aubut
<[EMAIL PROTECTED]> wrote:

> BAD MTU
So my MTU set as 1492 by default is wrong? I don't
experience problems and disconnections don't occur
always, but at least once a week. Should I change to
1500? How can I be sure to set the right MTU?

Regarding other questions, I have to assume yes as
answers to the first one?

Thanks



  __
Sent from Yahoo! Mail.
A Smarter Inbox http://uk.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] RE: Atheros 5212 throwing tons of errors

[tester]

Hello,
there is a special build of pfSense 1.2 based on
FreeBSD 6.3 instead of 6.2. A user in the forum said
that he experiences much less problem with wireless. I
downloaded it (see pfSense blog or the wireless
section in the forum to get the link), I installed it
on a box, but it is too early for me to say anything.
It seems to be promising. I'll test it for at least
two weeks 24/24h and I encourage you to do the same
thing if you have no worry to test that build and to
share your thoughts with us.

Regards. 

--- Wade Blackwell <[EMAIL PROTECTED]> wrote:

> (heeding Gary's warning),
>   Now on 1.2-RELEASE the box has been up 12 minutes
> and the ath0
> interface has 1456 errors.


  __
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] RE: Atheros 5212 throwing tons of errors

[tester]

Waiting Chris's answer, I tell you I've used the
latest one (see date) to do a full update on a box
from 1.2rc4 to this special build. I don't know
further details, but it seems to work at the moment
(note that I haven't done extensive tests yet, so
surprise might be behind the corner).

Bye!

--- Wade Blackwell <[EMAIL PROTECTED]> wrote:

> Chris,
> I noticed there were two images in this
> directory. Besides one
> being a day newer than the other what is the
> difference and should I
> pick one over the other? Thanks.
> 
>  Wade B
> 
> On Mon, May 12, 2008 at 6:01 PM, Chris Buechler
> <[EMAIL PROTECTED]> wrote:
> > On Mon, May 12, 2008 at 7:56 PM, tester
> <[EMAIL PROTECTED]> wrote:
> >> Hello,
> >>  there is a special build of pfSense 1.2 based on
> >>  FreeBSD 6.3 instead of 6.2. A user in the forum
> said
> >>  that he experiences much less problem with
> wireless.
> >
> > Yeah try this:
> >
>
http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfSense_RELENG_1_2/
> >
> > and there is also a thread somewhere on the forum
> with someone who
> > fixed this adjusting a sysctl, I don't recall the
> details and don't
> > have time to look for it for at least a couple
> days. search and you
> > should find it.
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> 
> 
> 
> -- 
> Wade Blackwell
> 
> "Integrity is often more painful and always more
> profitable than
> perception management"
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 



  __
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Update firmware and backup RRD graph data

[tester]

Hello,
Tomorrow I'm going to update an embedded box from
1.2rc4 to the final 1.2.
How can I backup RRD graph data? I don't want to lost
statistics about traffic (sent/received data)
exchanged in these months and so on.
Is there a way to do it since built-in update feature
offered by webConfigurator seems to be broken on
embedded platform?

Thanks


  __
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Re: atheros / ath driver

[tester]

--- Ermal Luçi <[EMAIL PROTECTED]> wrote:
> 
> Are you by any chance running the traffic shaper on
> the atheros interface?
> If yes, disabling it does help anyhow?
I don't think Traffic Shaper is related to this issue.
For example, I've two boxes: both of them have at
least one Atheros interface and they have Traffic
Shaper disabled. However, I see strange warnings in
the System Logs regarding "EAPOL-Key 2/2 Group with
unexpected replay counter" and frequent
connections/disconnections. This happened with pfSense
based on Freebsd 6.2. Now I'm trying the special build
based on FreeBSD 6.3 and things seems to be better.
Lots of users complain about IN/OUT errors, but I'd
like to ask them if you see strange warnings in your
System Logs about wifi. It would be very useful to
know.
 
> Ermal
Bye!


  __
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Unable to use latest embedded snapshots on ALIX

[tester]

Hello,
today I've tried to install the special build of pfSense based on FreeBSD 6.3, 
because the 'Full install' version showed several wireless improvement on an 
old atx computer with an Atheros wifi pci card.
I have to say I'm using ALIX with pfSense-1.2rc4 since February 2008 
successfully. When I bought this box I had to update its BIOS to v.0.99 and it 
works great.
Once reflashed with new firmware, the Alix box is able to boot, but it enters 
in an endless question loop, because it seems to be some problem regarding 
network interfaces as you can see:

[---CUT---]

Creating symlinks..done.
Launching PHP init system... done.
Initializing.. done.
Starting device manager (devd)...done.
Loading configuration..done.

Network interface mismatch -- Running interface assignment option.

Valid interfaces are:

vr0 XX:XX:XX:XX:XX:XX
vr1 XX:XX:XX:XX:XX:XX
vr2 XX:XX:XX:XX:XX:XX
ath0XX:XX:XX:XX:XX:XX

Do you want to set up VLANs first?
If you are not going to use VLANs, or only for optional interfaces, you should 
say no here and use the webConfigurator to configure VLANs later, if required.

Do you want to set up VLANs now [y|n]?

[---CUT---]

I answer no by pressing 'n' and I hit enter, but it always asks the same 
question. I'm forced to switch off power and reflash the old CF's content.

What does "Network interface mismatch -- Running interface assignment option" 
exactly mean?
Alix box has "VIA VT6105M Rhine III" with three 10/100 ethernet ports as 
onboard network card.
I've also tried to install latest snapshots, including 
'pfSense-20080709-1940.img.gz', but the same problem happens anyway.
I'm used to do CF dump when I'm going to install new builds, so that I easily 
restored the old content (pfSense 1.2rc4) and now the Alix board is working 
well again.
As far as you know, is there any known problem with latest builds?
Are you able to install and correctly use latest snapshot (pfSense 1.2.1) on an 
Alix board?

To troubleshoot I've saved system messages during booting and compared them:

[pfSense 1.2rc4 (it is old but working well)]
vr0:  port 0x1000-0x10ff mem 
0xe000-0xe0ff irq 10 at device 9.0 on pci0
vr0: Ethernet address: 00:0d:b9:13:4a:6c
vr1:  port 0x1400-0x14ff mem 
0xe004-0xe00400ff irq 11 at device 10.0 on pci0
vr1: Ethernet address: 00:0d:b9:13:4a:6d
vr2:  port 0x1800-0x18ff mem 
0xe008-0xe00800ff irq 12 at device 11.0 on pci0
vr2: Ethernet address: 00:0d:b9:13:4a:6e


[pfSense 1.2.1]
vr0:  port 0x1000-0x10ff mem 
0xe000-0xe0ff irq 10 at device 9.0 on pci0
vr0: Quirks: 0x2
vr0: using obsoleted if_watchdog interface
vr0: Ethernet address: 00:0d:b9:13:4a:6c
vr0: [ITHREAD]
vr1:  port 0x1400-0x14ff mem 
0xe004-0xe00400ff irq 11 at device 10.0 on pci0
vr1: Quirks: 0x2
vr1: using obsoleted if_watchdog interface
vr1: Ethernet address: 00:0d:b9:13:4a:6d
vr1: [ITHREAD]
vr2:  port 0x1800-0x18ff mem 
0xe008-0xe00800ff irq 12 at device 11.0 on pci0
vr2: Quirks: 0x2
vr2: using obsoleted if_watchdog interface
vr2: Ethernet address: 00:0d:b9:13:4a:6e
vr2: [ITHREAD]

Something seems to go wrong, but I don't know what 
'quirks','ITHREAD','obsoleted if_watchdog' mean.
Have you got the chance to try latest embedded snapshots on your ALIX hardware?

Hope to be useful

Regards


  __
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at 
Yahoo! http://uk.docs.yahoo.com/ymail/new.html

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] HOWTO install pfSense on ALIX board with 2,5" SSD HDD

[tester]

--- On Thu, 14/8/08, Bastian Schern <[EMAIL PROTECTED]> wrote:
> The installation of Embedded Version on a CF-Card is no
> problem. But how 
> to install it on a SSD HDD?
You should follow the virtual machine approach. Attach the SSD HD to a normal 
PC and then install pfSense on it by using a virtual machine, such as VMWare. I 
don't know if putting a pfSense Full Install on a SSD HD can be a good idea 
(how writing cycles do they support? I think more than a classical CF, but 
always limited with a continuous writing).


Send instant messages to your online friends http://uk.messenger.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Help to make my pfSense fully working with VoIP

[tester]

First of all I thank pfSense's team for your work. I've been using pfSense 
since 2007 and I never came back.

I upgraded my configuration to pfSense 1.2.2 months ago and it is still running 
with this release.
However, my Alix box is often unable to receive Voip calls.
Traffic shaper is disabled and I'm not interested to turn on it at the moment, 
because I experienced more problem than benefits when I tried it in the past.
These are interfaces:

WAN -> PPPoE modem
LAN -> LAN network (192.168.1.0/24)
OPT1 -> FritzBox

OPT1 is bridged with LAN interface.

I'm able to make outgoing calls (VoIP to landlines), but I'm unable to receive 
them (VoIP to my VoIP number). When I change something in Rules and I apply 
changes, it seems to work, but after an outgoing VoIP to VoIP call, it doesn't 
work anymore.

I've also turned on Static ports for ports 5060 and 5061.

I don't know what to do. It became painful to manage VoIP at home due to this 
problem. Can you help me?

Moreover, I've noticed this strange thing in System logs which is unrelated to 
issue about VoIP:

Sep 12 11:50:26 kernel: vr1: link state changed to UP
Sep 12 11:50:24 kernel: vr1: link state changed to DOWN

Is this a known problem belonging to 1.2.2 release? It occurs every 5 to 20 
minutes randomly. vr1 is the WAN interface.
Do you advice to upgrade to 1.2.3 which is in a PRERELEASE-TESTING stage? What 
is more stable snapshot?




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Help to make my pfSense fully working with VoIP

[tester]

Hello Chris Buechler,

--- On Sat, 12/9/09, Chris Buechler  wrote:
> From: Chris Buechler 
> Subject: Re: [pfSense Support] Help to make my pfSense fully working with VoIP
> To: support@pfsense.com
> Date: Saturday, 12 September, 2009, 11:19 PM

> Likely one of 3 things here (I'm guessing #2)
> http://doc.pfsense.org/index.php/VoIP_Configuration
> 
> The link state is likely from vr bugs in 7.0 that are fixed
> in 7.1 and
> 7.2. For that reason, and #2 above, go with the latest
> 1.2.3 snapshot.

Today I've tried snapshot pfSense-1.2.3-1G-20090913-0939-nanobsd.img.gz, then 
updated to pfSense-1.2.3-1G-20090914-0214-nanobsd-upgrade.img.gz but I have two 
problems.

Serial console and System logs got flooded with this error message:
"kernel: ath0: stuck beacon; resetting (bmiss count 4)"

System console showed:

Sep 14 15:37:02 hostapd: ath0: STA WPA: group key handshake completed (RSN)
Sep 14 15:36:52 last message repeated 16 times
Sep 14 15:36:21 kernel: ath0: stuck beacon; resetting (bmiss count 4)
Sep 14 15:36:13 check_reload_status: rc.linkup starting
Sep 14 15:36:09 kernel: vr1: link state changed to UP
Sep 14 15:36:07 kernel: vr1: link state changed to DOWN

It seems link state bug affecting vr interface is still found in latest 
snapshots. Wasn't it fixed?
Moreover, wifi doesn't work correctly: once a station got associated to the AP, 
it is unable to surf on the net.
I'm curious if any Alix owner experiences same issues.

I havne't found a sticky thread with issue affecting Nanobsd build in forum. 
Did I miss it?

I tried 1.2.3-RC1-embedded which seems to be old (23 April 2009) and I've also 
tried to update it by using pfSense-Embedded-Update-1.2.3-20090914-0132.tgz but 
it seems update isn't working on embedded. A further error about vr interface 
has been shown in System logs (tx/rx error and resetting interface).

I lost several hours with no improvements. I came back to 1.2.2. I will wait 
for next snapshots when these issues get fixed for sure.

Regards






-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Help to make my pfSense fully working with VoIP

[tester]

--- On Mon, 14/9/09, Chris Buechler  wrote:

> From: Chris Buechler 
> Subject: Re: [pfSense Support] Help to make my pfSense fully working with VoIP
> To: support@pfsense.com
> Date: Monday, 14 September, 2009, 7:56 PM
> 
> Wireless in FreeBSD 7.2 seems to have a lot of regressions
> from earlier versions.
Bad news to me :'(

> Yes it is, that message is normal during boot, I thought
> previously
> that was randomly coming up while in operation.
I left my Alix with Nanobsd build running for 45 minutes and doing something on 
the net and those messages about vr1 interface occurs during normal operation, 
not only during booting.

> You can't upgrade the old embedded.
Is Embedded now replaced by NanoBSD? Will Embedded platform die shortly?
I didn't find recent snapshots with embedded platform.

I hope things will get fixed (vr and wifi), otherwise I won't switch to NanoBSD 
builds in a short time. That's a pity, because it seems to be a very  
interesting new generation for embedded devices like mine. :-\

Thanks




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org