Re: [pfSense Support] pfSense 2.0 IPSec-VPN with Certs
On 03.08.2011 14:46, Fuchs, Martin wrote:
Hi !
Does anyone have mutual-RSA-IPSec VPN working with 2.0 ?
All settings I tried do not work, I always get errors:
racoon: ERROR: failed to get subjectAltName
racoon: ERROR:
racoon: ERROR: no peer's CERT payload found.
These errors are away as soon as I use PSKs, so I think it hust have
something to do with the generated certs...
Any ideas ?
Regards,
Martin
I've generated a CA and use it to make certificate for server and users.
software from shrew.net as a client
remote anonymous
{
ph1id 1;
exchange_mode aggressive;
my_identifier asn1dn ;
peers_identifier asn1dn ;
ike_frag on;
generate_policy = unique;
initial_contact = off;
nat_traversal = on;
certificate_type x509 cert-1.crt cert-1.key;
ca_type x509 ca-1.crt;
dpd_delay = 10;
dpd_maxfail = 5;
support_proxy on;
proposal_check claim;
passive on;
proposal
{
authentication_method xauth_rsa_server;
encryption_algorithm 3des;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}
--
Dan Cândea
Does God Play Dice?
RE: [pfSense Support] pfSense 2.0-RC1 installation problem
From: madhu_sek...@mahindrasatyam.com To: support@pfsense.com Date: Fri, 29 Apr 2011 05:02:12 + Subject: [pfSense Support] pfSense 2.0-RC1 installation problem Dear Support Team Greetings. I have downloaded pfSense-2.0-RC1-i386-20110226-1530.iso and tried to install it in Virtual PC. After selecting LAN and WAN interfaces and while formatting the hard drive it is giving the following error. And installation is not completing properly. Can you help me in this regard. Regards Madhu Sekhar DISCLAIMER: This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated. I don't know anything specific about this problem, but I have always had lots of problems running *BSD or Linux in Virtual PC, especially *BSDs. I would recommend trying Virtual Box...it seems to work much better with *nix-like systems. attachment: image002.jpgattachment: image003.jpg
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
Op 11-4-2011 22:46, Paul Mather schreef: On Apr 11, 2011, at 12:19 PM, Vick Khera wrote: Funnily enough, I had tried OpenVPN in this environment quite a while ago (not with pfSense, though) but gave up because I couldn't get Tunnelblick working smoothly. I don't remember exactly what problems I was having, but I think routing and private DNS resolution seem to ring a bell. Has the Tunnelblick client improved in the last two years or so? Viscosity works really well for me. No issues resuming from sleeping or hibernating either. Split DNS works fine too. I figured folks would suggest using OpenVPN instead of IPsec. :-) I had hoped to avoid doing that because I want to minimise the amount of third-party client software I need to deploy. Plus, I don't know how well-supported OpenVPN is on devices such as the iPad and iPhone. But, There is no support for OpenVPN on the idevices. Blame apple for not including tun tap support in their ios. My suggestion would be to contact Apple on getting that supported. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Apr 11, 2011, at 4:07 PM, RB wrote: I'm actually pretty interested in the fact that on the surface it looks like 2.0 can support the OS X 10.6 native Cisco VPN client out of the box. Has anyone had any success doing so? OpenVPN and Viscosity/Tunnelblick are nice, but not having to pay $9/client and not installing additional software is even more so. The latter aspect is what motivates me to try and get IPsec working fully. :-) I have had some success with the built-in Cisco IPSec client, with problems documented here: http://www.mail-archive.com/support@pfsense.com/msg21912.html. I am using Mutual PSK + Xauth with AES-256 and SHA-1 in my Phase 1 proposal. I have two Phase 2 entries: one for each private network behind the pfSense gateway. In the mode-cfg section of the Mobile Clients section I provide a private DNS default domain and DNS server to clients. This split DNS appears to work well. I've been able to connect from Mac OS X 10.6 systems and iPhones/iPod Touches. Unfortunately, the setup only appears to work properly when clients are connecting from behind a NAT (i.e., when IPsec NAT-T is being used). I'm new to pfSense, so I'm not sure whether the problem lies with my configuration or with the Mac OS X client side. :-( Going to try testing this week. I'd be very interested in hearing if you manage to get non NAT-T connections working. Cheers, Paul. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Mon, Apr 11, 2011 at 4:46 PM, Paul Mather p...@gromit.dlib.vt.eduwrote: Plus, I don't know how well-supported OpenVPN is on devices such as the iPad and iPhone. But, in the absence of it works for me responses for IPsec on Mac OS X, I may just have to try it. :-) iOS does not have OpenVPN built in. I never looked to see if some app provides it, but I highly doubt it. IPsec has been known to work with IPsecuritas. It is just hit-or miss. For us, it worked for some people but not others, and pretty much everyone here was using Comcast as their ISP (including the main office). I think we determined that consumer-grade Verizon DSL was blocking IPsec for some bizarre reason, but my memory is fuzzy on the specifics.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Tue, Apr 12, 2011 at 11:21 AM, Vick Khera vi...@khera.org wrote: iOS does not have OpenVPN built in. I never looked to see if some app provides it, but I highly doubt it. one more point... the only VPN we've ever succeeded with iOS devices is the PPTP client, but that's just not a very secure thing. I don't think the Cisco client works with pfSense IPSec server.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
Am 12.04.2011 um 17:21 schrieb Vick Khera: On Mon, Apr 11, 2011 at 4:46 PM, Paul Mather p...@gromit.dlib.vt.edu wrote: Plus, I don't know how well-supported OpenVPN is on devices such as the iPad and iPhone. But, in the absence of it works for me responses for IPsec on Mac OS X, I may just have to try it. :-) iOS does not have OpenVPN built in. I never looked to see if some app provides it, but I highly doubt it. IPsec has been known to work with IPsecuritas. It is just hit-or miss. For us, it worked for some people but not others, and pretty much everyone here was using Comcast as their ISP (including the main office). I think we determined that consumer-grade Verizon DSL was blocking IPsec for some bizarre reason, but my memory is fuzzy on the specifics. OpenVPN will not be available in appstore as it is GPL and this licence is not compatible with iOS (see the discussion about vlc in iOS). So maybe thats why nobody is willing to migrate it to iOS. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
Am 12.04.2011 17:21, schrieb Vick Khera: On Mon, Apr 11, 2011 at 4:46 PM, Paul Mather p...@gromit.dlib.vt.eduwrote: Plus, I don't know how well-supported OpenVPN is on devices such as the iPad and iPhone. But, in the absence of it works for me responses for IPsec on Mac OS X, I may just have to try it. :-) iOS does not have OpenVPN built in. I never looked to see if some app provides it, but I highly doubt it. IPsec has been known to work with IPsecuritas. It is just hit-or miss. For us, it worked for some people but not others, and pretty much everyone here was using Comcast as their ISP (including the main office). I think we determined that consumer-grade Verizon DSL was blocking IPsec for some bizarre reason, but my memory is fuzzy on the specifics. for a jailbreaked iPhone you can have a OpenVPN client. i don't know if there's one for a non jailbreaked. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
I have IPSec from my iPhone To pfsense here... Have a look at the Forums. It took some Time but now it works... Am 12.04.2011 um 17:24 schrieb Vick Khera vi...@khera.orgmailto:vi...@khera.org: On Tue, Apr 12, 2011 at 11:21 AM, Vick Khera mailto:vi...@khera.orgvi...@khera.orgmailto:vi...@khera.org wrote: iOS does not have OpenVPN built in. I never looked to see if some app provides it, but I highly doubt it. one more point... the only VPN we've ever succeeded with iOS devices is the PPTP client, but that's just not a very secure thing. I don't think the Cisco client works with pfSense IPSec server.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin martin.fu...@trendchiller.com wrote: I have IPSec from my iPhone To pfsense here... Have a look at the Forums. It took some Time but now it works... I found in the forum that it requires pfSense 2.0. Does that still stand true? And do you configure it via pfSense GUI or a manual hack to the racoon config file? I don't find a definitive answer on the forum at all, just a bunch of try this try that and speculation followed by a bunch of doesn't work for me and works for me, sorta. The closest I've found is http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 Is that the current state of the art for iPhone - pfSense VPN? It seems to be in conflict with how I want mobile client settings for my road warrior network VPNs, such as my home office. Ie, I do not want to have a virtual address pool for those connections.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Apr 12, 2011, at 3:17 PM, Vick Khera wrote: On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin martin.fu...@trendchiller.com wrote: I have IPSec from my iPhone To pfsense here... Have a look at the Forums. It took some Time but now it works... I found in the forum that it requires pfSense 2.0. Does that still stand true? And do you configure it via pfSense GUI or a manual hack to the racoon config file? I don't find a definitive answer on the forum at all, just a bunch of try this try that and speculation followed by a bunch of doesn't work for me and works for me, sorta. The closest I've found is http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 Is that the current state of the art for iPhone - pfSense VPN? It seems to be in conflict with how I want mobile client settings for my road warrior network VPNs, such as my home office. Ie, I do not want to have a virtual address pool for those connections. I have used pfSense 2.0 to set up up an IPsec VPN usable from an iPod Touch, which I believe uses the same client as the iPhone and iPad. I used pretty much the setup from the link you give above. In my case, my Phase 2 has Local Network of type Network and the address is that of my pfSense LAN (whereas the forum post uses Local Network Type None). (I actually have two Phase 2 entries, the one just described and another that is the same except the address is 10.0.0.0/24, to allow VPN access to that private network reachable from the pfSense LAN.) I did all configuration via the pfSense GUI. The setup routes all traffic for the network behind the pfSense gateway (172.23.23.0/24 and 10.0.0.0/24) over the IPsec VPN; other traffic goes out as per normal. Split DNS works, and private DNS hostnames are resolved correctly. The VPN works fine when NAT-T is in use. (The same config doesn't work for my office Mac, which is not behind a NAT.) I also tried the L2TP server in pfSense 2.0 today with the Mac OS X L2TP VPN client but couldn't even get it to connect. :-( Cheers, Paul. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
I use 2.0 and configure via GUI only, no hacks. The only Problem is the users privilege as a local user - Admin works for me so far, but a ticket is already opened. The local user is for xauth. Am 12.04.2011 um 21:18 schrieb Vick Khera vi...@khera.orgmailto:vi...@khera.org: On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin mailto:martin.fu...@trendchiller.commartin.fu...@trendchiller.commailto:martin.fu...@trendchiller.com wrote: I have IPSec from my iPhone To pfsense here... Have a look at the Forums. It took some Time but now it works... I found in the forum that it requires pfSense 2.0. Does that still stand true? And do you configure it via pfSense GUI or a manual hack to the racoon config file? I don't find a definitive answer on the forum at all, just a bunch of try this try that and speculation followed by a bunch of doesn't work for me and works for me, sorta. The closest I've found is http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 Is that the current state of the art for iPhone - pfSense VPN? It seems to be in conflict with how I want mobile client settings for my road warrior network VPNs, such as my home office. Ie, I do not want to have a virtual address pool for those connections.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
That's strange, my config works with NAT-T too, but i never had problems with non-natted, natted or any other network. Am 12.04.2011 um 21:46 schrieb Paul Mather p...@gromit.dlib.vt.edu: On Apr 12, 2011, at 3:17 PM, Vick Khera wrote: On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin martin.fu...@trendchiller.com wrote: I have IPSec from my iPhone To pfsense here... Have a look at the Forums. It took some Time but now it works... I found in the forum that it requires pfSense 2.0. Does that still stand true? And do you configure it via pfSense GUI or a manual hack to the racoon config file? I don't find a definitive answer on the forum at all, just a bunch of try this try that and speculation followed by a bunch of doesn't work for me and works for me, sorta. The closest I've found is http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 Is that the current state of the art for iPhone - pfSense VPN? It seems to be in conflict with how I want mobile client settings for my road warrior network VPNs, such as my home office. Ie, I do not want to have a virtual address pool for those connections. I have used pfSense 2.0 to set up up an IPsec VPN usable from an iPod Touch, which I believe uses the same client as the iPhone and iPad. I used pretty much the setup from the link you give above. In my case, my Phase 2 has Local Network of type Network and the address is that of my pfSense LAN (whereas the forum post uses Local Network Type None). (I actually have two Phase 2 entries, the one just described and another that is the same except the address is 10.0.0.0/24, to allow VPN access to that private network reachable from the pfSense LAN.) I did all configuration via the pfSense GUI. The setup routes all traffic for the network behind the pfSense gateway (172.23.23.0/24 and 10.0.0.0/24) over the IPsec VPN; other traffic goes out as per normal. Split DNS works, and private DNS hostnames are resolved correctly. The VPN works fine when NAT-T is in use. (The same config doesn't work for my office Mac, which is not behind a NAT.) I also tried the L2TP server in pfSense 2.0 today with the Mac OS X L2TP VPN client but couldn't even get it to connect. :-( Cheers, Paul. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
I'm very happily using OpenVPN with Viscosity and TunnelBlick (clients) on many Mac 10.5-10.7 machines. I'm currently using 1.2.3 at the perimeter and a 2.0 box to manage my certs (which I hope to roll over to the perimeter box once we upgrade for the sake of being able to download the pre-loaded installers in 2.0). The only issues I've hit at all are related to the crappy Samba implementation in 10.6 and below. The test 10.7 machines are a dream. The users love how transparent and easy the VPN is. Mike McLaughlin On Mon, Apr 11, 2011 at 8:19 AM, Paul Mather p...@gromit.dlib.vt.eduwrote: I believe my previous message on this topic ( http://www.mail-archive.com/support@pfsense.com/msg21912.html) may have been a victim of tl;dr. So, in hope of better success, I will restate my problem in a more positive light: Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? Is anything special needed on the pfSense side? I have tried both the built-in Cisco IPSec client and also IPSecuritas on Mac OS X, with mixed results. Usually the IPsec VPN will only work via NAT-T. For the non-NAT-T case, the VPN doesn't appear to be able to route traffic, and just keeps accumulating SAD entries and losing SPD entries on the pfSense side. I haven't tried L2TP---can anyone report success using the built-in L2TP client in Mac OS X 10.5 onwards? (I have tried updating my pfSense installation via the 2.0 nightly builds, but to no avail. It still doesn't work.) Any help is gratefully appreciated. Cheers, Paul. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Mon, Apr 11, 2011 at 11:19 AM, Paul Mather p...@gromit.dlib.vt.eduwrote: Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? Is anything special needed on the pfSense side? I *used* to use IPsecuritas but it was alway finicky. I finally made the switch for all of the roaming clients to OpenVPN using Tunnelblick and everything has been much, much more stable. I still use IPsec for my fixed end-point tunnels between offices, and that works solidly. All such endpoints are pfSense. Unless you have some hard requirement to use IPSec for your mobile clients, give OpenVPN a try.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
Install the open VPN client package on 2.0 - two clicks and you're done ! Viscosity is your best bet. So straightforward, your grandma could do It. ;-) Le 11 avr. 2011 à 18:19, Vick Khera a écrit : On Mon, Apr 11, 2011 at 11:19 AM, Paul Mather p...@gromit.dlib.vt.edu wrote: Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? Is anything special needed on the pfSense side? I *used* to use IPsecuritas but it was alway finicky. I finally made the switch for all of the roaming clients to OpenVPN using Tunnelblick and everything has been much, much more stable. I still use IPsec for my fixed end-point tunnels between offices, and that works solidly. All such endpoints are pfSense. Unless you have some hard requirement to use IPSec for your mobile clients, give OpenVPN a try. –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
On Apr 11, 2011, at 12:19 PM, Vick Khera wrote: On Mon, Apr 11, 2011 at 11:19 AM, Paul Mather p...@gromit.dlib.vt.edu wrote: Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? Is anything special needed on the pfSense side? I *used* to use IPsecuritas but it was alway finicky. I finally made the switch for all of the roaming clients to OpenVPN using Tunnelblick and everything has been much, much more stable. I still use IPsec for my fixed end-point tunnels between offices, and that works solidly. All such endpoints are pfSense. Unless you have some hard requirement to use IPSec for your mobile clients, give OpenVPN a try. Funnily enough, I had tried OpenVPN in this environment quite a while ago (not with pfSense, though) but gave up because I couldn't get Tunnelblick working smoothly. I don't remember exactly what problems I was having, but I think routing and private DNS resolution seem to ring a bell. Has the Tunnelblick client improved in the last two years or so? I figured folks would suggest using OpenVPN instead of IPsec. :-) I had hoped to avoid doing that because I want to minimise the amount of third-party client software I need to deploy. Plus, I don't know how well-supported OpenVPN is on devices such as the iPad and iPhone. But, in the absence of it works for me responses for IPsec on Mac OS X, I may just have to try it. :-) Cheers, Paul.
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
I'm actually pretty interested in the fact that on the surface it looks like 2.0 can support the OS X 10.6 native Cisco VPN client out of the box. Has anyone had any success doing so? OpenVPN and Viscosity/Tunnelblick are nice, but not having to pay $9/client and not installing additional software is even more so. Going to try testing this week. RB On Mon, Apr 11, 2011 at 14:02, bsd b...@todoo.biz wrote: Install the open VPN client package on 2.0 - two clicks and you're done ! Viscosity is your best bet. So straightforward, your grandma could do It. ;-) Le 11 avr. 2011 à 18:19, Vick Khera a écrit : On Mon, Apr 11, 2011 at 11:19 AM, Paul Mather p...@gromit.dlib.vt.edu wrote: Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? Is anything special needed on the pfSense side? I *used* to use IPsecuritas but it was alway finicky. I finally made the switch for all of the roaming clients to OpenVPN using Tunnelblick and everything has been much, much more stable. I still use IPsec for my fixed end-point tunnels between offices, and that works solidly. All such endpoints are pfSense. Unless you have some hard requirement to use IPSec for your mobile clients, give OpenVPN a try. –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Op 6-3-2011 23:26, Bao Ha schreef: Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( It is not. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. Why are you shipping cheap CF cards without wear levelling? I have run a full install on a Lexar 1GB CF for over 4 years before the CF card died. I've also run into the CF without wear levelling issue. Get a proper CF card. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Hi Seth, On Mon, Mar 7, 2011 at 12:05 AM, Seth Mos seth@dds.nl wrote: Op 6-3-2011 23:26, Bao Ha schreef: Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( It is not. I have had three systems with corrupted flash memory: two with the Kingston 4GB Elite Pro, one with a 4GB flash drive. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. Why are you shipping cheap CF cards without wear levelling? We used to offer a choice of CF or DOM.The DOM has industrial-strength wear-leveling. It was also better since in the early days, our systemboards choked on DMA with faster CF cards. Nobody wants DOM! I did not rule out that Kingston's quality may have dropped significantly. If that is the case, I'll switch to a different brand name. I have run a full install on a Lexar 1GB CF for over 4 years before the CF card died. I've also run into the CF without wear levelling issue. Get a proper CF card. We have been shipping more than a thousand systems with Kingston CF since 2006 with no corrupted flash memory. What ever killed the two Kingston Elite pro 4GB CFs within two weeks will also kill a DOM or industrial CF, maybe not in weeks or months, but probably within a year. Bao Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
On Sun, Mar 6, 2011 at 5:05 PM, Bao Ha b...@hacom.net wrote: Something happened in BETA5 and it was carried into RC1, up to today snapshot: 20110306-0859. I see this in my embedded BETA5 install at home (I should upgrade soon to RC1 I suppose...) I see no significant amount of writing to it. There are no extra packages installed and all it does is basic NAT + firewall + IPsec VPN. It is a fairly generic CF card too. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Someone already made a bugreport http://redmine.pfsense.org/issues/1279 http://redmine.pfsense.org/issues/1279 ;) _ Van: Bao Ha [mailto:b...@hacom.net] Verzonden: zondag 6 maart 2011 23:06 Aan: customersupp...@pfsense.org CC: support@pfsense.com Onderwerp: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem Something happened in BETA5 and it was carried into RC1, up to today snapshot: 20110306-0859. The file system in nanobsd version is now mounted fully RW, see the following mount command: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): mount /dev/ufs/pfsense0 on / (ufs, local) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local) devfs on /var/dhcpd/dev (devfs, local) ... I believe they are supposed to be mounted read-only or at least RW with NOATIME. We have had at least two systems running pfSense 2.0 BETA5 and RC1 RMAed back with suspected hardware problems, causing corruption of compact flash memory. We think the root cause of this problem is due to the filesystems mounted fully RW in the compact flash. We plan to distribute the following temporary fix to our custmers who want to run pfSense 2.0: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): cat /usr/local/etc/rc.d/hacom.sh #!/bin/sh # hacom.sh - BCH 3/6/2011 # Temprorary fix to mount the filesystem Read-Only to avoid destroying flash memory PLATFORM=`/bin/cat /etc/platform` if [ $PLATFORM = nanobsd ]; then /sbin/mount -u -oro /; /sbin/mount -u -onoatime /cf fi ... Appreciate if someone look into this problem. I have also CCed this message to support@pfsense.com to notify others currently using pfSense 2.0 RC1 nanobsd version of the danger to flash memory. Thanks. Bao -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( Unfortunately, mounting RW without NOATIME will pounce on the compact flash everytime a READ is made. It will kill the CF sooner or later. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. I am loosing my hair and sleeps, thinking one of our most reliable systems being shipped since 2006 is having compatibility issues with pfSense 2.0. I am hoping that this is the real cause. And I can stop a flood of support issues. Bao On Sun, Mar 6, 2011 at 2:12 PM, Bart Grefte b...@ravenslair.nl wrote: Someone already made a bugreport http://redmine.pfsense.org/issues/1279 ;) -- *Van:* Bao Ha [mailto:b...@hacom.net] *Verzonden:* zondag 6 maart 2011 23:06 *Aan:* customersupp...@pfsense.org *CC:* support@pfsense.com *Onderwerp:* [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem Something happened in BETA5 and it was carried into RC1, up to today snapshot: 20110306-0859. The file system in nanobsd version is now mounted fully RW, see the following mount command: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): mount /dev/ufs/pfsense0 on / (ufs, local) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local) devfs on /var/dhcpd/dev (devfs, local) ... I believe they are supposed to be mounted read-only or at least RW with NOATIME. We have had at least two systems running pfSense 2.0 BETA5 and RC1 RMAed back with suspected hardware problems, causing corruption of compact flash memory. We think the root cause of this problem is due to the filesystems mounted fully RW in the compact flash. We plan to distribute the following temporary fix to our custmers who want to run pfSense 2.0: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): cat /usr/local/etc/rc.d/hacom.sh #!/bin/sh # hacom.sh - BCH 3/6/2011 # Temprorary fix to mount the filesystem Read-Only to avoid destroying flash memory PLATFORM=`/bin/cat /etc/platform` if [ $PLATFORM = nanobsd ]; then /sbin/mount -u -oro /; /sbin/mount -u -onoatime /cf fi ... Appreciate if someone look into this problem. I have also CCed this message to support@pfsense.com to notify others currently using pfSense 2.0 RC1 nanobsd version of the danger to flash memory. Thanks. Bao -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932 -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
RE: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Hi Bao, You're welcome :) I've read that, but not sure if that is actually true in all cases. Wow, that is fast! I doubt pfSense writes so much in that time the CF-cards start dieing, although I might be wrong. Could be the (lack of?) quality of the CF-cards combined with that problem that is causing them to fail so fast. (This is just me thinking out loud.) Out of curiosity, why ship systems with an OS that is still beta? Well, RC1 now, but still Not sure if this will help, but maybe adding /etc/rc.conf_mount_ro to a script that runs during boot-up will do some good. It's the command to mount read-only. I still have to add that one and /etc/rc.conf_mount_rw to the script that makes an IPv6 tunnel on my pfSense v1.2.3 system, since the script needs to write something during the boot of pfSense when the script is started but can't do that because of RO filesystem Hope this problem will be solved soon! With regards, Bart _ Van: Bao Ha [mailto:b...@hacom.net] Verzonden: zondag 6 maart 2011 23:26 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( Unfortunately, mounting RW without NOATIME will pounce on the compact flash everytime a READ is made. It will kill the CF sooner or later. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. I am loosing my hair and sleeps, thinking one of our most reliable systems being shipped since 2006 is having compatibility issues with pfSense 2.0. I am hoping that this is the real cause. And I can stop a flood of support issues. Bao On Sun, Mar 6, 2011 at 2:12 PM, Bart Grefte b...@ravenslair.nl wrote: Someone already made a bugreport http://redmine.pfsense.org/issues/1279 http://redmine.pfsense.org/issues/1279 ;) _ Van: Bao Ha [mailto:b...@hacom.net] Verzonden: zondag 6 maart 2011 23:06 Aan: customersupp...@pfsense.org CC: support@pfsense.com Onderwerp: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem Something happened in BETA5 and it was carried into RC1, up to today snapshot: 20110306-0859. The file system in nanobsd version is now mounted fully RW, see the following mount command: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): mount /dev/ufs/pfsense0 on / (ufs, local) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local) devfs on /var/dhcpd/dev (devfs, local) ... I believe they are supposed to be mounted read-only or at least RW with NOATIME. We have had at least two systems running pfSense 2.0 BETA5 and RC1 RMAed back with suspected hardware problems, causing corruption of compact flash memory. We think the root cause of this problem is due to the filesystems mounted fully RW in the compact flash. We plan to distribute the following temporary fix to our custmers who want to run pfSense 2.0: ... [2.0-RC1][admin@pfHacom.localdomain]/root(1): cat /usr/local/etc/rc.d/hacom.sh #!/bin/sh # hacom.sh - BCH 3/6/2011 # Temprorary fix to mount the filesystem Read-Only to avoid destroying flash memory PLATFORM=`/bin/cat /etc/platform` if [ $PLATFORM = nanobsd ]; then /sbin/mount -u -oro /; /sbin/mount -u -onoatime /cf fi ... Appreciate if someone look into this problem. I have also CCed this message to support@pfsense.com to notify others currently using pfSense 2.0 RC1 nanobsd version of the danger to flash memory. Thanks. Bao -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932 -- Best Regards. Bao C. Ha Hacom - Embedded Systems and Appliances http://www.hacom.net voice: (714) 564-9932
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
On Sun, March 6, 2011 19:26, Bao Ha wrote: Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( Unfortunately, mounting RW without NOATIME will pounce on the compact flash everytime a READ is made. It will kill the CF sooner or later. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. I am loosing my hair and sleeps, thinking one of our most reliable systems being shipped since 2006 is having compatibility issues with pfSense 2.0. I am hoping that this is the real cause. And I can stop a flood of support issues. I see this in a 4g nano image, but is no problem as I use microdrive. so, in case when this be corrected, how can I make it this way ? is the nano image the best for a microdrive soekris ? I want the full pc install just using serial instead of vga. thanks, matheus -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 : 512MB images have no use anymore ?
On Sun, Feb 6, 2011 at 2:19 PM, Michel Servaes mic...@mcmc.be wrote: Hi, Have posted it on the forum too, I think that the 512MB images have no use anymore. Yesterday I tried to update to the latest snapshot, but it told me that the file was corrupted. When checking into SSH, I saw that only 43MB was free on the CF card. (this can't store a 63MB image obviously). I have not a single package installed. The image sizes are fluctuating quite a bit while debug options are added/removed, etc. The final release should be small enough to function on 512 MB. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0, upgrade to this morning's snap problem
On Mon, Jan 24, 2011 at 7:42 PM, Dimitri Rodis dimit...@integritasystems.com wrote: After an upgrade to this morning’s snap, I received the following after the upgrade/reboot (it’s what’s on my PuTTY atm): Syncing OpenVPN settings...done. Starting syslog...done. Configuring firewall..done. Starting PFLOG...done. Setting up gateway monitors...done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting OpenNTP time client...done. Starting DHCP service...done. Starting DNS forwarder...done. Configuring firewall..done. kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x8 fault code = supervisor read, page not present instruction pointer = 0x20:0xc094d130 stack pointer = 0x28:0xc27d1b84 frame pointer = 0x28:0xc27d1ba4 code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 11 (swi4: clock) trap number = 12 panic: page fault cpuid = 0 Uptime: 25s Cannot dump. Device not defined or unavailable. Automatic reboot in 15 seconds - press a key on the console to abort -- Press a key on the console to reboot, -- or switch off the system now. If you have a bridge setup please upgrade to the 2nd next snapshot. -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfSense 2.0, upgrade to this morning's snap problem
On Mon, Jan 24, 2011 at 7:42 PM, Dimitri Rodis dimit...@integritasystems.com wrote: After an upgrade to this morning's snap, I received the following after the upgrade/reboot (it's what's on my PuTTY atm): Syncing OpenVPN settings...done. Starting syslog...done. Configuring firewall..done. Starting PFLOG...done. Setting up gateway monitors...done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting OpenNTP time client...done. Starting DHCP service...done. Starting DNS forwarder...done. Configuring firewall..done. kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x8 fault code = supervisor read, page not present instruction pointer = 0x20:0xc094d130 stack pointer = 0x28:0xc27d1b84 frame pointer = 0x28:0xc27d1ba4 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= resume, IOPL = 0 current process = 11 (swi4: clock) trap number = 12 panic: page fault cpuid = 0 Uptime: 25s Cannot dump. Device not defined or unavailable. Automatic reboot in 15 seconds - press a key on the console to abort -- Press a key on the console to reboot, -- or switch off the system now. If you have a bridge setup please upgrade to the 2nd next snapshot. -- Ermal I did have ports bridged on this device, yes. For some reason, the device would still not boot even if I booted back to the original slice using the boot menu on the console---I ended up having to reflash my CF card and then it booted (but the config is still default). Then again, I don't know that I rebooted ever since I configured the bridge Thanks Ermal. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0, upgrade to this morning's snap problem
On Mon, Jan 24, 2011 at 11:42 AM, Dimitri Rodis dimit...@integritasystems.com wrote: After an upgrade to this morning’s snap, I received the following after the upgrade/reboot (it’s what’s on my PuTTY atm): This looks a lot like what's being discussed here, although I don't see the em driver implicated in your output: http://forum.pfsense.org/index.php/topic,31721.0.html db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On Thu, Jan 13, 2011 at 2:07 AM, Maik Heinelt m...@vegasystems.com wrote: On 2011/01/13 9:20, Chris Buechler wrote: On Wed, Jan 12, 2011 at 1:43 PM, Charles N Wyble char...@knownelement.com wrote: Same here. No PPPOE support. It works fine for the vast majority, there are some edge cases that don't work and we don't know why yet at this point. Send logs, it doesn't work isn't helpful. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. I just would like to make it working! How about that idea? Maik That can be helpful too. Please provide the setup and details to me privately so i can give a look. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On Wed, Jan 12, 2011 at 8:07 PM, Maik Heinelt m...@vegasystems.com wrote: Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. That would be ideal, was going to ask for that but generally you can't get Internet access to a box that can't connect to the Internet. :) If you have another means of getting it on the Internet, that'd be great. Contact Ermal off list with info. Alternatively, for others who can't provide such access, getting a pcap of the PPPoE attempts would be helpful, the logs aren't showing much in this case. Running: tcpdump -i xx0 -s 0 -w /tmp/pppoe.pcap where xx0 is your physical WAN interface (em0, re0, whatever it may be). Let that run for a few minutes and hit ctrl-c to break out, then go to DiagnosticsCommand and paste /tmp/pppoe.pcap in the file download box, and email that file to me and/or Ermal off list. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On 2011/01/14 2:50, Chris Buechler wrote: On Wed, Jan 12, 2011 at 8:07 PM, Maik Heineltm...@vegasystems.com wrote: Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. That would be ideal, was going to ask for that but generally you can't get Internet access to a box that can't connect to the Internet. :) If you have another means of getting it on the Internet, that'd be great. Contact Ermal off list with info. Alternatively, for others who can't provide such access, getting a pcap of the PPPoE attempts would be helpful, the logs aren't showing much in this case. Running: tcpdump -i xx0 -s 0 -w /tmp/pppoe.pcap where xx0 is your physical WAN interface (em0, re0, whatever it may be). Let that run for a few minutes and hit ctrl-c to break out, then go to DiagnosticsCommand and paste /tmp/pppoe.pcap in the file download box, and email that file to me and/or Ermal off list. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Chris, I will prepare a pfsense box, today and if you would like to debug it, I would appreciate it. We have more than one Internet lines, here, so I'm able to share the box one one Internet connection via SSH and connect it to our spare one. But I would like to be in the office, while you are on that machine. Just to be sure, weird things are going on, there! ;) If you are interest, I will send you the connecting data on your personal email account. Maik attachment: maik.vcf- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On Wed, Jan 12, 2011 at 3:18 AM, Maik Heinelt m...@vegasystems.com wrote: These days, I want to give verson 2.0 a try, but it doesn't really work for me. Till now, we used pfsense 1.2.3 and our PPPoE configuration worked without any trouble. But if I setup pfsense 2.0 Beta 5 with exact the same settings, I'm always not able to reach internet. The interface page in pfsense always show down mark for both, Status and PPPoE. Also if I click the Connect button, short time later, it shows up and after reload the page, it change back to down. I'm sure, I use correct configuration for our ISP. Any hint? What do your mpd logs show? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On 2011/01/12 17:22, Chris Buechler wrote: On Wed, Jan 12, 2011 at 3:18 AM, Maik Heineltm...@vegasystems.com wrote: These days, I want to give verson 2.0 a try, but it doesn't really work for me. Till now, we used pfsense 1.2.3 and our PPPoE configuration worked without any trouble. But if I setup pfsense 2.0 Beta 5 with exact the same settings, I'm always not able to reach internet. The interface page in pfsense always show down mark for both, Status and PPPoE. Also if I click the Connect button, short time later, it shows up and after reload the page, it change back to down. I'm sure, I use correct configuration for our ISP. Any hint? What do your mpd logs show? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Here are my PPP logs: Jan 1 09:13:56 ppp: [wan_link0] LCP: Down event Jan 1 09:13:56 ppp: [wan_link0] Link: reconnection attempt 50 in 3 seconds Jan 1 09:13:59 ppp: [wan_link0] Link: reconnection attempt 50 Jan 1 09:13:59 ppp: [wan_link0] PPPoE: Connecting to 'OCN' Jan 1 09:14:08 ppp: [wan_link0] PPPoE connection timeout after 9 seconds Jan 1 09:14:08 ppp: [wan_link0] Link: DOWN event Jan 1 09:14:08 ppp: [wan_link0] LCP: Down event Jan 1 09:14:08 ppp: [wan_link0] Link: reconnection attempt 51 in 1 seconds Jan 1 09:14:09 ppp: [wan_link0] Link: reconnection attempt 51 Jan 1 09:14:09 ppp: [wan_link0] PPPoE: Connecting to 'OCN' Jan 1 09:14:18 ppp: [wan_link0] PPPoE connection timeout after 9 seconds Jan 1 09:14:18 ppp: [wan_link0] Link: DOWN event Jan 1 09:14:18 ppp: [wan_link0] LCP: Down event Jan 1 09:14:18 ppp: [wan_link0] Link: reconnection attempt 52 in 2 seconds Jan 1 09:14:20 ppp: [wan_link0] Link: reconnection attempt 52 Jan 1 09:14:20 ppp: [wan_link0] PPPoE: Connecting to 'OCN' Jan 1 09:14:29 ppp: [wan_link0] PPPoE connection timeout after 9 seconds Jan 1 09:14:29 ppp: [wan_link0] Link: DOWN event Jan 1 09:14:29 ppp: [wan_link0] LCP: Down event Jan 1 09:14:29 ppp: [wan_link0] Link: reconnection attempt 53 in 1 seconds Jan 1 09:14:30 ppp: [wan_link0] Link: reconnection attempt 53 Cable is connected (I just plugged the cable out of the other router and plugged into the WAN Port of pfsense 2.0) WAN port is configured on VR1 and this is on our alix board the middle port. Thanks Maik attachment: maik.vcf- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/12/2011 12:30 AM, Maik Heinelt wrote: On 2011/01/12 17:22, Chris Buechler wrote: On Wed, Jan 12, 2011 at 3:18 AM, Maik Heineltm...@vegasystems.com wrote: These days, I want to give verson 2.0 a try, but it doesn't really work for me. Same here. No PPPOE support. Till now, we used pfsense 1.2.3 and our PPPoE configuration worked without any trouble. Same here. But if I setup pfsense 2.0 Beta 5 with exact the same settings, I'm always not able to reach internet. Yep. The interface page in pfsense always show down mark for both, Status and PPPoE. Same here. Also if I click the Connect button, short time later, it shows up and after reload the page, it change back to down. Same. - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNLfZTAAoJEMvvG/TyLEAt6MoQAMUaBpcEgj9CKSMOT9oBuVXE 2V1CZ76O3WwodxMZ0Q1XlJWT/1C9t3NCSOvcZftseoiB+wUOiSP3EGf3rL4UBUxp nthORfvyf+AR1Fb/QLQ79DEdJQuPqT5STlKGXYW11sw93XQqqWhHT70lozCHVBGY iBUEeVDSzA0Ce0S7sd/VY37r9U4yFAO+ChQc9NkDLLqglbah8XOVrwcLzekf5pGx MjKQ94/2XvoIzNz4nhc7SxdNpwyNS5v+/eAOa3uhr9ubnwzJFjVGUlQ4jNkTBCLY mJGKNZwZxuH6D2DU2DqNHF2KZsJFOvTsDSOBAW9BjrJ08MKKVOymSBx/mppPpNkE IBQ0AyzMtx/jVae6RPaoGg+ZCagGOEvwL8afkA8Ou8ImnuHmyX0u5d6R0qVIt8h0 +hHF/vk6D3NyyE2jM+f53BTgrpuzO561iBvcvfFTCdhxGnmUF3KIKSd5ky+nJ066 6L0DNcu2z/tDMLhAzICBVqEhAs1u4Ez6ZTP98p3IFZAMsqozMijXtUtGjd/LJ/AC vHOCfpG6SC7NWl5bmqxNUnjbu4CRFU4DkZqblRv4shvsBvizjSBesYXpJKlSBoOy UZO3t8aWPALwiLGgx0XcFr+5jfsPIXBJSHXn46TDJORyRskdCjghoqlS6zohHLEU KShiab3cKXtpsgg+bwn+ =GsBm -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On 2011/01/13 3:43, Charles N Wyble wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/12/2011 12:30 AM, Maik Heinelt wrote: On 2011/01/12 17:22, Chris Buechler wrote: On Wed, Jan 12, 2011 at 3:18 AM, Maik Heineltm...@vegasystems.com wrote: These days, I want to give verson 2.0 a try, but it doesn't really work for me. Same here. No PPPOE support. Till now, we used pfsense 1.2.3 and our PPPoE configuration worked without any trouble. Same here. But if I setup pfsense 2.0 Beta 5 with exact the same settings, I'm always not able to reach internet. Yep. The interface page in pfsense always show down mark for both, Status and PPPoE. Same here. Also if I click the Connect button, short time later, it shows up and after reload the page, it change back to down. Same. - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNLfZTAAoJEMvvG/TyLEAt6MoQAMUaBpcEgj9CKSMOT9oBuVXE 2V1CZ76O3WwodxMZ0Q1XlJWT/1C9t3NCSOvcZftseoiB+wUOiSP3EGf3rL4UBUxp nthORfvyf+AR1Fb/QLQ79DEdJQuPqT5STlKGXYW11sw93XQqqWhHT70lozCHVBGY iBUEeVDSzA0Ce0S7sd/VY37r9U4yFAO+ChQc9NkDLLqglbah8XOVrwcLzekf5pGx MjKQ94/2XvoIzNz4nhc7SxdNpwyNS5v+/eAOa3uhr9ubnwzJFjVGUlQ4jNkTBCLY mJGKNZwZxuH6D2DU2DqNHF2KZsJFOvTsDSOBAW9BjrJ08MKKVOymSBx/mppPpNkE IBQ0AyzMtx/jVae6RPaoGg+ZCagGOEvwL8afkA8Ou8ImnuHmyX0u5d6R0qVIt8h0 +hHF/vk6D3NyyE2jM+f53BTgrpuzO561iBvcvfFTCdhxGnmUF3KIKSd5ky+nJ066 6L0DNcu2z/tDMLhAzICBVqEhAs1u4Ez6ZTP98p3IFZAMsqozMijXtUtGjd/LJ/AC vHOCfpG6SC7NWl5bmqxNUnjbu4CRFU4DkZqblRv4shvsBvizjSBesYXpJKlSBoOy UZO3t8aWPALwiLGgx0XcFr+5jfsPIXBJSHXn46TDJORyRskdCjghoqlS6zohHLEU KShiab3cKXtpsgg+bwn+ =GsBm -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Good to hear, I'm not the only one with this problem. But better would be, if someone could help to solve this problem. We would like to use pfsense 2.0 for VPN usage, but without a working PPPoE functionality, pfsense is not usable for us and any other person with PPPoE connection. Maik attachment: maik.vcf- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On Wed, Jan 12, 2011 at 1:43 PM, Charles N Wyble char...@knownelement.com wrote: Same here. No PPPOE support. It works fine for the vast majority, there are some edge cases that don't work and we don't know why yet at this point. Send logs, it doesn't work isn't helpful. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On 2011/01/13 9:20, Chris Buechler wrote: On Wed, Jan 12, 2011 at 1:43 PM, Charles N Wyble char...@knownelement.com wrote: Same here. No PPPOE support. It works fine for the vast majority, there are some edge cases that don't work and we don't know why yet at this point. Send logs, it doesn't work isn't helpful. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You might didn't notice, but I already send logs in my second mail! Maik attachment: maik.vcf- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On 2011/01/13 9:20, Chris Buechler wrote: On Wed, Jan 12, 2011 at 1:43 PM, Charles N Wyble char...@knownelement.com wrote: Same here. No PPPOE support. It works fine for the vast majority, there are some edge cases that don't work and we don't know why yet at this point. Send logs, it doesn't work isn't helpful. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. I just would like to make it working! How about that idea? Maik attachment: maik.vcf- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
?-Original Message- From: Sean Cavanaugh Sent: Wednesday, December 22, 2010 7:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? ?that helped out a lot. now I at the point of where it is fully set up but I cannot seem to get any response from the DHCPv6 server. I am installing wireshark on another comp to make sure my desktop is even sending out the requests. Verified with wireshark that the DHCPv6 requests are going out but I am not seeing any response from pfsense for them. DHCP Log shows (blanked out part of address): Dec 23 07:18:36 dhcpd: Listening on Socket/14/em1/2001:470:7:XXXx::/64 Dec 23 07:18:36 dhcpd: Sending on Socket/14/em1/2001:470:7:::/64 and no other DHCPv6 entries em1 is my LAN connection - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
Hi Sean, Op 23-12-2010 14:01, Sean Cavanaugh schreef: ?-Original Message- From: Sean Cavanaugh Sent: Wednesday, December 22, 2010 7:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? Verified with wireshark that the DHCPv6 requests are going out but I am not seeing any response from pfsense for them. DHCP Log shows (blanked out part of address): Dec 23 07:18:36 dhcpd: Listening on Socket/14/em1/2001:470:7:XXXx::/64 Dec 23 07:18:36 dhcpd: Sending on Socket/14/em1/2001:470:7:::/64 Thanks for helping out with this, I've had a heck of a time troubleshooting this in my test setup and had been unable to verify it's operation. I do have rtadvd configured to tell the hosts to use managed e.g. dhcp for ipv6 configuration, but it always falls back to autoconfig. and no other DHCPv6 entries I think I need to add other firewall rules for traffic to leave the pfsense box, specifically for dhcp v6. I am not sure what rules I exactly need for that. What I have not tried yet is disabling pf using pf -d. Maybe that dhcp succeeds without pf in between. I think that dhcp v6 uses port 567 but I'm unsure. Your help in troubleshooting is greatly appreciated. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
?-Original Message- From: Seth Mos Sent: Thursday, December 23, 2010 8:13 AM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? Hi Sean, Op 23-12-2010 14:01, Sean Cavanaugh schreef: ?-Original Message- From: Sean Cavanaugh Sent: Wednesday, December 22, 2010 7:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? Verified with wireshark that the DHCPv6 requests are going out but I am not seeing any response from pfsense for them. DHCP Log shows (blanked out part of address): Dec 23 07:18:36 dhcpd: Listening on Socket/14/em1/2001:470:7:XXXx::/64 Dec 23 07:18:36 dhcpd: Sending on Socket/14/em1/2001:470:7:::/64 Thanks for helping out with this, I've had a heck of a time troubleshooting this in my test setup and had been unable to verify it's operation. I do have rtadvd configured to tell the hosts to use managed e.g. dhcp for ipv6 configuration, but it always falls back to autoconfig. and no other DHCPv6 entries I think I need to add other firewall rules for traffic to leave the pfsense box, specifically for dhcp v6. I am not sure what rules I exactly need for that. What I have not tried yet is disabling pf using pf -d. Maybe that dhcp succeeds without pf in between. I think that dhcp v6 uses port 567 but I'm unsure. Your help in troubleshooting is greatly appreciated. Regards, Seth -- -- I did realize that by default there is a LAN rule to allow all IPv4 out. I created an equivalent IPv6 rule and BAM I got DHCP to work. now I am just verifying the rest of the setup. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
?Update:: I have IPv6 successfully running up to the pfsense box and I can ping out as far as the Server IPv6 address but cannot get anything beyond that. Destination Net Unreachable I will dig deeper into it this afternoon . - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
Op 21-12-2010 22:50, Sean Cavanaugh schreef: ?ok. I got past the gitsync by hitting enter and letting it actually continue. now after the sync I get the nice error Parse error: syntax error, unexpected T_SL in /etc/inc/vslb.inc on line 291 Oops my bad. I merged up with the current 2.0 code and I butched the merge. Fixed. this shows up in both console mode and in the web interface as well as shuts down all firewall services. I also noticed that lighty and apinger are still the wrong versions and don't include ipv6. To replace lighty and apinger. cd /usr/local/sbin fetch http://iserv.nl/files/pfsense/apinger fetch http://iserv.nl/files/pfsense/lighttpd cd /usr/local/lib/lighttpd fetch http://iserv.nl/files/pfsense/lighty.so.tgz tar -xzf lighty.so.tgz restart webconfigurator using option 11. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
?that helped out a lot. now I at the point of where it is fully set up but I cannot seem to get any response from the DHCPv6 server. I am installing wireshark on another comp to make sure my desktop is even sending out the requests. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
Op 21-12-2010 1:52, Sean Cavanaugh schreef: after that, it asks if I want to sync with master which doesn’t do anything. It says press enter if done. Press enter. ;-) The procedure for entering custom urls is that you enter it the 1st time, accept and then press enter to signal it to start. After that it should promptly start syncing. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
?ok. I got past the gitsync by hitting enter and letting it actually continue. now after the sync I get the nice error Parse error: syntax error, unexpected T_SL in /etc/inc/vslb.inc on line 291 this shows up in both console mode and in the web interface as well as shuts down all firewall services. completed on snapshot of 2.0-BETA4 from yesterday - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
IPv6 support does not get in pfSense till v2.1 pfSense itself does not offer support (yet), the underlying OS (FreeBSD 7.2 in my case) does :) - I managed to get an IPv6 tunnel working in pfSense 1.2.3, while the clients hooked up to my network can use that tunnel. Bart -Oorspronkelijk bericht- Van: Xavier Beaudouin [mailto:k...@oav.net] Verzonden: maandag 20 december 2010 18:45 Aan: support Onderwerp: [pfSense Support] pfSense 2.0 BETA4 : IPv6? Hi there, I have update my gateway from m0n0wall to pfSense 2.0 BETA4 to make a better and faster gateway (moved from a wrap to a amd 4020e)... But I have saw that Beta 2.0 should have IPv6 support but no luck I didn't found it... Cheers and happy xmas. Xavier - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ NOD32 5718 (20101220) Informatie __ Dit bericht is gecontroleerd door het NOD32 Antivirus Systeem. http://www.nod32.nl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
There is a post in the forum, to my git branch and instructions for support on 2.0 BETA http://iserv.nl/files/pfsense/ipv6/ I'm currently using it in production on a carp cluster and appears to work fine for basic firewalling. Regards, Seth Op 20 dec 2010, om 20:19 heeft Bart Grefte het volgende geschreven: IPv6 support does not get in pfSense till v2.1 pfSense itself does not offer support (yet), the underlying OS (FreeBSD 7.2 in my case) does :) - I managed to get an IPv6 tunnel working in pfSense 1.2.3, while the clients hooked up to my network can use that tunnel. Bart -Oorspronkelijk bericht- Van: Xavier Beaudouin [mailto:k...@oav.net] Verzonden: maandag 20 december 2010 18:45 Aan: support Onderwerp: [pfSense Support] pfSense 2.0 BETA4 : IPv6? Hi there, I have update my gateway from m0n0wall to pfSense 2.0 BETA4 to make a better and faster gateway (moved from a wrap to a amd 4020e)... But I have saw that Beta 2.0 should have IPv6 support but no luck I didn't found it... Cheers and happy xmas. Xavier - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ NOD32 5718 (20101220) Informatie __ Dit bericht is gecontroleerd door het NOD32 Antivirus Systeem. http://www.nod32.nl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
?-Original Message- From: Seth Mos Sent: Monday, December 20, 2010 2:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? There is a post in the forum, to my git branch and instructions for support on 2.0 BETA http://iserv.nl/files/pfsense/ipv6/ following these instructions, I am unable to download the .git file to start the sync. Current repository is http://gitweb.pfsense.org/pfsense/mainline.git Please select which branch you would like to sync against: master 2.0 development branch RELENG_1_2 1.2* release branch build_commit The commit originally used to build the image Or alternatively you may enter a custom RCS branch URL (HTTP). http://gitweb.pfsense.org/pfsense/pfSense-smos.git NOTE: http://gitweb.pfsense.org/pfsense/pfSense-smos.git was not found. Is this a custom GIT URL? [y]? --- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
On Mon, Dec 20, 2010 at 6:53 PM, Sean Cavanaugh millenia2...@hotmail.com wrote: ?-Original Message- From: Seth Mos Sent: Monday, December 20, 2010 2:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? There is a post in the forum, to my git branch and instructions for support on 2.0 BETA http://iserv.nl/files/pfsense/ipv6/ following these instructions, I am unable to download the .git file to start the sync. Current repository is http://gitweb.pfsense.org/pfsense/mainline.git Please select which branch you would like to sync against: master 2.0 development branch RELENG_1_2 1.2* release branch build_commit The commit originally used to build the image Or alternatively you may enter a custom RCS branch URL (HTTP). http://gitweb.pfsense.org/pfsense/pfSense-smos.git NOTE: http://gitweb.pfsense.org/pfsense/pfSense-smos.git was not found. Is this a custom GIT URL? [y]? That's just telling you it's not one of the official URLs, just tell it yes. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
That's just telling you it's not one of the official URLs, just tell it yes. after that, it asks if I want to sync with master which doesn’t do anything. - Or alternatively you may enter a custom RCS branch URL (HTTP). http://gitweb.pfsense.org/pfsense/pfSense-smos.git NOTE: http://gitweb.pfsense.org/pfsense/pfSense-smos.git was not found. Is this a custom GIT URL? [y]? y Checkout which branch [master]? Add a custom RCS branch URL (HTTP) to merge in or press enter if done. -- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense 2.0 - WAN_PPPoE_static ?
Not sure what you are requesting. I do static PPPoE all the time. The carrier assigns a static to your login. It has nothing to do with a router function unless I am missing something. --Original Message-- From: drova...@kaluga-gov.ru To: support@pfsense.com ReplyTo: support@pfsense.com Subject: [pfSense Support] Pfsense 2.0 - WAN_PPPoE_static ? Sent: Dec 3, 2010 4:26 AM WAN_PPPoE static ip address it is planned in the new version? Please, make it! Roman. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Kevin Tollison Sent from my Blackberry - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
Resurrecting an old thread. I just tried installing pfSense 2.0 embedded on a new box. It's not working and of course I don't have a serial port on any PC around me. Guess what I DO have ... VGA and a keyboard. Are there any plans to get VGA support added soon-ish? Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] [pfSense 2.0] Queue not available in rules editor
I'm playing a bit with the traffic shaper and noticed that if I edit a firewall rule, only none is available for Ackqueue/Queue. In the rule summary, the queues are displayed (e.g. qACK/qOthersLow). Thus if I try to edit a rule generated by the traffic shaper wizard, the queues are lost. Fixed on: 2.0-BETA4 (i386) built on Wed Nov 10 00:37:42 EST 2010 FreeBSD 8.1-RELEASE-p1 Thank you :-) Regards, Cyril - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] [pfSense 2.0] Queue not available in rules editor
I noticed that a week or so ago and posted it in the forums with no response. I know it worked correctly 2-3 weeks ago. All the queues seem to get built, but nothing shows in the Queue view in the shaper or firewall rules. It also seems traffic only makes it to the default queue when you look at Queue Status. I also found an error in my system logs related to it. Look for my post in 2.0 Feedback called Traffic Shaper Broken IIRC. --Original Message-- From: Cyril Jaquier To: support@pfsense.com ReplyTo: support@pfsense.com Subject: [pfSense Support] [pfSense 2.0] Queue not available in rules editor Sent: Nov 6, 2010 1:36 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, First of all, I'm a new pfSense user since Friday and really like it so far :-) Thanks to all developers and contributors. I'm playing a bit with the traffic shaper and noticed that if I edit a firewall rule, only none is available for Ackqueue/Queue. In the rule summary, the queues are displayed (e.g. qACK/qOthersLow). Thus if I try to edit a rule generated by the traffic shaper wizard, the queues are lost. Am I doing something wrong? Should I report this bug? Version: 2.0-BETA4 (i386) built on Thu Nov 4 18:55:36 EDT 2010 System: Alix board Scheduler type for the queues: PRIQ Thank you. Cyril Jaquier -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzVkiUACgkQlYy8cEwUMaQ7agCgggvSJrh5JLmX9uYM6kE8wXfp CdUAn3ynGFQyYhX+ypIXPWeNVSnshZwy =m08T -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Kevin Tollison Sent from my Blackberry
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
If anyone comes across this on the archives, due to the lack of a compiler et all I found no way to achieve compiling SA on pfSense (probably could have compiled in on a FreeBSD box and moved everything over but that seems too arse-about-tit to me). I have virtualized pfSense on a CentOS box and run Exim and SA on the host machine, I didn't find a way around this but I'm all ears for future reference if anyone does find a way to achieve this :) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 21/10/10 14:23, James Bensley wrote: If anyone comes across this on the archives, due to the lack of a compiler et all I found no way to achieve compiling SA on pfSense pfsense is based on freebsd 7.2, get a copy here... ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/7.2-RELEASE/ you can, if you're masochistic, use pkg_add -r to download and install packages, having set your environment appropriately, e.g. in tcsh setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/7.2-RELEASE/packages/Latest/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
argh, sorry, I didn't see the 2.0 bit... don't know which version it uses, but the same would apply, use pkg_add and if needed set the env var so it can find the package repository. but I would advise grabbing the appropriate version of freebsd and using that as a build platform rather than kludging pfsense install? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 21 October 2010 15:07, Paul Mansfield it-admin-pfse...@taptu.com wrote: argh, sorry, I didn't see the 2.0 bit... don't know which version it uses, but the same would apply, use pkg_add and if needed set the env var so it can find the package repository. but I would advise grabbing the appropriate version of freebsd and using that as a build platform rather than kludging pfsense install? Sadly, no SA build available in the repo's (well, no spamd spamc anyway, I think the perl scrips where there though) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
So, one step at a time is always a good approach, and I am falling down at the first step ;) Its proving awkward to even compile Spam Assassin so I can try it in a jail as pfSense doesn't have the 'make' command in it, it shows up in the the FreeBSD ports but I can't compile the source without 'make' its self (which seems silly including a command which requires you to have it already built before you can build it? And also why not include 'make' anyway, it seems like such a trivial command to have?) So, has any one got any pointers as to how I can tackle this? -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Hi, Yeah if you can run VMware ESXi on the box and then run whatever VMs you need, that's a good solution. Or you can look at the jailctl package and run a full jail for spamassassin and whatever else you want to throw on it. This is in production at one site atleast, a all in one wonder with VMs. The ESX box has just 1 network plug to the outside network, it runs 2 VMs for a carp setup and a virtual switch network where the server VMs run. It's done so perfectly well for over a year now. The carp is there so that firmware upgrades don't break connectivity. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Op 13-10-2010 23:55, James Bensley schreef: Thank you too all for your input. I think running two VMs on top of the host OS (although it would be nice) is too much overhead for my liking given the spec of the box. I like the sound of jailctl, I will give this a go and report back my findings ;) Approach it not from the overhead part, but from the flexible part. If, at some point, they require another server solution that wasn't available before you can setup a new VM instead. Since your budget is 0 to begin with that might not be such a bad starting point. VMs also allow for easy updates, upgrades and snapshots. That is, a firmware/software update gone wrong can easily rolled back. I've had a few awful experiences with home built all in one linux machines. And upgrades then tended to break everything at once. Joy. Depends on the person, skills and luck involved ofcourse. My all in one wonder is a Dell Optiplex 755 with a C2D 2.33Ghz and 8GB ram. A rather modest ESX machine if I say so myself. It runs ESXi 3.5 still. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 10/13/2010 1:37 PM, James Bensley wrote: Hi List, I would like to put Spam Assassin on a pfSense 2.0 box and I see that here (http://www.pfsense.com/packages/pkg_config.xml) it is listed as a package to install but doesn't show up in my package list on my 2.0 box, is this the package list for 1.2.3 perhaps? If so, is there any intention of making a package for it or am I better off just installing Spam Assassin onto my pfSense box manually? Any tips or points would be greatly appreciated :) You'd be better of installing SpamAssassin on a box that isn't a secure firewall. :-) Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 13 October 2010 19:00, Jim Pingle li...@pingle.org wrote: You'd be better of installing SpamAssassin on a box that isn't a secure firewall. :-) Sadly the isn't an option for me, I'm setting up a network edge box to run pfSense, SpamAssassin, ClamAV, Squid and Squidgaurd to filter all traffic in and out bound and I have no other boxes to achieve this with so I'm going for an all in wonder :) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
- Original Message - From: James Bensley jwbens...@gmail.com To: support@pfsense.com Sent: Wednesday, October 13, 2010 2:22:00 PM Subject: Re: [pfSense Support] pfSense 2.0 and SpamAssassin On 13 October 2010 19:00, Jim Pingle li...@pingle.org wrote: You'd be better of installing SpamAssassin on a box that isn't a secure firewall. :-) Sadly the isn't an option for me, I'm setting up a network edge box to run pfSense, SpamAssassin, ClamAV, Squid and Squidgaurd to filter all traffic in and out bound and I have no other boxes to achieve this with so I'm going for an all in wonder :) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You may want to look at untangle then. http://www.untangle.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Oct 13, 2010, at 7:37 PM, James Bensley wrote: Hi List, I would like to put Spam Assassin on a pfSense 2.0 box and I see that here (http://www.pfsense.com/packages/pkg_config.xml) it is listed as a package to install but doesn't show up in my package list on my 2.0 box, is this the package list for 1.2.3 perhaps? LONG before that (that's the 6.x package list, about 5-6 years ago). That package never worked, was started and not even remotely close to functional. You're in for a whole lot of work if you want to finish that. The code is still in git though, knock yourself out. But I would never run that on a firewall regardless with its security track record. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 13 October 2010 19:30, Gordon Russell russ...@clarkecounty.gov wrote: You may want to look at untangle then. http://www.untangle.com I have seen that before but sadly this isn't an option either, we are a non-profit and although they do discounted prices my budget is £0.00.. Thats why I previously mentioned that I didn't have another box I could separate these services over, the box we are running pfSense on was a greatly appreciated donation. On 13 October 2010 19:38, Chris Buechler cbuech...@gmail.com wrote: But I would never run that on a firewall regardless with its security track record. I see, this wasn't something I was aware off, I had contemplated running it as a virtual machine on the pfSense box and given your comments on security this might possibly elude such security flaws however I am unaware of any security flaws (because I'm new to spam assassin and need to do some homework first!) but I don't think I like the idea of running a VM on top of pfSense I would rather run SA along side it on the same box. *scratches head* I could virtualise /both/ pfSense and SA on the same box as separate VMs??!?...again I'd rather not...or would I? Noodle baker! -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Oct 13, 2010, at 9:10 PM, James Bensley wrote: *scratches head* I could virtualise /both/ pfSense and SA on the same box as separate VMs??!?...again I'd rather not...or would I? Noodle baker! Yeah if you can run VMware ESXi on the box and then run whatever VMs you need, that's a good solution. Or you can look at the jailctl package and run a full jail for spamassassin and whatever else you want to throw on it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Wed, Oct 13, 2010 at 08:38:38PM +0200, Chris Buechler wrote: On Oct 13, 2010, at 7:37 PM, James Bensley wrote: Hi List, I would like to put Spam Assassin on a pfSense 2.0 box and I see that here (http://www.pfsense.com/packages/pkg_config.xml) it is listed as a package to install but doesn't show up in my package list on my 2.0 box, is this the package list for 1.2.3 perhaps? LONG before that (that's the 6.x package list, about 5-6 years ago). That package never worked, was started and not even remotely close to functional. You're in for a whole lot of work if you want to finish that. The code is still in git though, knock yourself out. But I would never run that on a firewall regardless with its security track record. How about putting that stuff in a jail on the pfSense box? -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
- Original Message - From: James Bensley jwbens...@gmail.com To: support@pfsense.com Sent: Wednesday, October 13, 2010 3:10:00 PM Subject: Re: [pfSense Support] pfSense 2.0 and SpamAssassin On 13 October 2010 19:30, Gordon Russell russ...@clarkecounty.gov wrote: You may want to look at untangle then. http://www.untangle.com I have seen that before but sadly this isn't an option either, we are a non-profit and although they do discounted prices my budget is £0.00.. Thats why I previously mentioned that I didn't have another box I could separate these services over, the box we are running pfSense on was a greatly appreciated donation. The base version of untangle is free and will do everything you are looking for. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Wed, Oct 13, 2010 at 9:20 PM, Gordon Russell russ...@clarkecounty.gov wrote: The base version of untangle is free Aside from the hardware, with its considerable bloat, the hardware available may not be able to accommodate that scenario. Though if the hardware can run ESXi, putting it on a VM to do only spam (assuming that's possible, I'm not entirely sure), and only directing mail through it without putting it inline, should make that a non-factor. Then even if it is extremely slow it won't really matter. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
- Chris Buechler cbuech...@gmail.com wrote: On Wed, Oct 13, 2010 at 9:20 PM, Gordon Russell russ...@clarkecounty.gov wrote: The base version of untangle is free Aside from the hardware, with its considerable bloat, the hardware available may not be able to accommodate that scenario. Though if the hardware can run ESXi, putting it on a VM to do only spam (assuming that's possible, I'm not entirely sure), and only directing mail through it without putting it inline, should make that a non-factor. Then even if it is extremely slow it won't really matter. I was just suggesting to the OP that there is free software out there to achieve his goals -- which is more of a UTM than pure firewall scenario. In the OP's words he needs to: run pfSense, SpamAssassin, ClamAV, Squid and Squidgaurd to filter all traffic in and out bound Why cobble together a VM scenario to do that, when there is packaged, simple, free software achieve his ends? I don't know that a VM'ed scenario would be any less resource intensive than untangle. It would certainly be a more challenging learning experience for one to set up though. PFsense is a great firewall platform, and Chris you do a great job with it.. I'm not knocking it in any way, just suggesting to the OP that another platform may be better suited to his needs (and experience level). - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Thank you too all for your input. I think running two VMs on top of the host OS (although it would be nice) is too much overhead for my liking given the spec of the box. I like the sound of jailctl, I will give this a go and report back my findings ;) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Wed, Oct 13, 2010 at 10:41 PM, Gordon Russell russ...@clarkecounty.gov wrote: Why cobble together a VM scenario to do that, when there is packaged, simple, free software achieve his ends? I don't know that a VM'ed scenario would be any less resource intensive than untangle. It would certainly be a more challenging learning experience for one to set up though. Yes it would definitely require a lot more expertise, but it is a way to get more out of the same hardware if it's not a screaming fast box and that hardware is the only option. You can scale down the resources Untangle can have at the ESX level and if you're only pushing mail through it that won't have any noticeable performance impact on the environment. If you don't have that expertise or the time to get it, getting that expertise at the $0 budget likely isn't going to happen. Jails are a much faster, lower overhead, means of virtualization if you want to go the DIY route to build the anti-spam setup yourself. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0: L7 container and floating rules
Is there another place where to ask such questions? Regards, Tonino Il 09/09/2010 11:20, Tonix (Antonio Nati) ha scritto: I'm trying to understand better these two new features: L7 layer I cannot see where these container can be created, and if they apply only to shaping or if they can be used for rules. Apart the entry in Rules - Advanced features, I do not see any other menu where create/modify/delete L7 containers. Is it possible to have a better understanding of this feature? Floating rules. As far as I understand, potentially this is very useful, but with a lot of limits. From my point of view, having more public sublans on different interfaces, this is the place where to place rules for permitting POP. SMTP, HTTP, etc, going to a single sublan, permitting WAN and all other public sublan to access those services (and writing each rule once only, instead of one time for each interface). But, in this way, I cannot give customers control of floating IP, as these rules are not binded to a specific interface. Am I missing something? Thinking loud... Would have been better to have a different way to implement such feature? For each interface (from the FW point of view): * zone for outgoing rules (what it is permitted from the rest of the world) * zone for incoming rules (what is permitted from this sublan) All outgoing zones should be evaluated before incoming zones. For a total control, before the outgoing zone, there could be another deny zone, where to deny only incoming packets, despite of other interfaces permissions. Thanks for any help/consideration. Tonino -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it
Re: [pfSense Support] PFsense 2.0 roadmap
Thanks... I see no dates at all. About 2.0, I see no documentation around. Is there a list where to ask for 2.0 features explained? I see a lot of new things, sometimes hard to understand. Thanks, Tonino Il 07/09/2010 23:58, Jim Pingle ha scritto: On 9/7/2010 5:08 AM, Tonix (Antonio Nati) wrote: Is there any updated roadmap for pfsense 2.0? When stable version is planned to be released? Closest thing to a roadmap is here: http://redmine.pfsense.org/projects/pfsense/roadmap The release will happen when it's ready, but hopefully that translates to sometime later this year. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFsense 2.0 roadmap
On Wed, Sep 8, 2010 at 11:42 AM, Tonix (Antonio Nati) to...@interazioni.it wrote: Thanks... I see no dates at all. About 2.0, I see no documentation around. Is there a list where to ask for 2.0 features explained? Generally speaking, the forum is where most discussion around 2.0 happens, from what I have seen. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFsense 2.0 roadmap
On 9/8/10 10:42 AM, Tonix (Antonio Nati) wrote: Thanks... I see no dates at all. | When stable version is planned to be released? Tonino [snip snip] The release will happen when it's ready, but hopefully that translates to sometime later this year. Jim This when is 2.0 being released as stable? is a question I often want to ask but then stop myself because it has been addressed many times. We all want it sooner than later. This is the impact lack of funds has on schedules. Let's pledge some money to get it done faster, I'm in for USD 50. Would someone like to organize a collection? Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFsense 2.0 roadmap
On 9/8/2010 1:42 PM, Tonix (Antonio Nati) wrote: http://redmine.pfsense.org/projects/pfsense/roadmap Thanks... I see no dates at all. Correct. No dates. It will be ready when it's ready. :) About 2.0, I see no documentation around. Is there a list where to ask for 2.0 features explained? I see a lot of new things, sometimes hard to understand. The doc wiki has a lot of information, but I do need to update some of the articles. On every screen in 2.0 there is a help link (?). It takes you to the wiki page that has information about the feature or section you are using. You can get a list of 2.0-specific articles here: http://doc.pfsense.org/index.php/Category:2.0 There is info on 2.0 in more pages than that, but those tend to be for the new features or things that didn't exist yet in 1.2.x. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFsense 2.0 roadmap
On 9/7/2010 5:08 AM, Tonix (Antonio Nati) wrote: Is there any updated roadmap for pfsense 2.0? When stable version is planned to be released? Closest thing to a roadmap is here: http://redmine.pfsense.org/projects/pfsense/roadmap The release will happen when it's ready, but hopefully that translates to sometime later this year. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
Hi, Op 4-8-2010 17:40, Curtis Maurand schreef: On 8/3/2010 11:15 AM, Eugen Leitl wrote: You could probably mitigate some of the writes to disk by having the logging sent to a syslog server elsewhere inside the house that is using traditional write media. That should lengthen the life of the SSD at least until the next generation of SSD comes along that has no write limitations. Really, the whole SSD write issue is not too relevant based on the size of your SSD drive/CF card. It is widely known that flash has limited write cycles, 10.000 is common for current MLC flash. So if you have a 8GB flash card, of which 200MB is allocated by a pfSense image that leaves ~7.5GB free unused cells. The wear levelling in Flash Drives and CF cards will use these unused cells to spread the writes. What this effectively means is that the with 10k write cycles per cell the actual longevity is multiplied by a factor of 7.5. The situation with even larger ssd drives is even better. You install pfSense to a 40GB Intel X25-V, which effectively means that you won't live long enough to see it fail. Do note, that if you ever write the device from start to end that this negates the wear levelling. It then only has the spare cells on the drive or card to remap blocks (~7%). On that note, my much used 1GB lexar 133x CF card I bought when I joined the pfSense project in late 2005 is still fine after running pfSense versions from pre 1.0 to current 2.0BETA4. It's been reflashed a lot, and it's always been running a full install. Because then I can gitsync the installation. According to the pessimists the card should have stopped working atleast 3 years ago. Luckily the world isn't so grim. The CF cards I purchased with a few Alix systems at work though, they stopped working within 3 months. That was with the embedded image that doesn't write to the CF. Which leads me to believe they were exceptionally bad. The Kingston 8GB premium cards in there appear to be perfectly fine. It also seems to have rid them from lockups. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On 05/08/10 07:53, Seth Mos wrote: Do note, that if you ever write the device from start to end that this negates the wear levelling. It then only has the spare cells on the drive or card to remap blocks (~7%). does freeBSD support trim with SSDs? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
Op 5-8-2010 16:44, Paul Mansfield schreef: On 05/08/10 07:53, Seth Mos wrote: Do note, that if you ever write the device from start to end that this negates the wear levelling. It then only has the spare cells on the drive or card to remap blocks (~7%). does freeBSD support trim with SSDs? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org as of Freebsd 8.1 it is. read the following: http://www.freebsd.org/releases/8.1R/relnotes-detailed.html#DISKS regards, -- ___ Johan Hendriks Schavemaker Transport Tel: +31 (0)251 229098 Fax: +31 (0)251 212016 email: j.hendr...@schavemaker.com web: http://www.schavemaker.com ___ Confidentiality Notice: The information in this document may be confidential. It is intended only for the use of the named recipient. If you are not the intended recipient, please notify me immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. ___ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Thu, Aug 5, 2010 at 9:09 AM, Johan Hendriks j.hendr...@schavemaker.com wrote: does freeBSD support trim with SSDs? as of Freebsd 8.1 it is. read the following: http://www.freebsd.org/releases/8.1R/relnotes-detailed.html#DISKS Very interesting. I see this in the latest build log for 2.0: Thu Aug 5 03:00:22 EDT 2010 -|- pfSense version: 8 Thu Aug 5 03:00:22 EDT 2010 -|- FreeBSD branch: RELENG_8_1 So does that mean we're on version 8 or 8.1? I'm about to move to an SSD install with squid and trim would be nice. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Aug 5, 2010, at 5:20 PM, David Burgess wrote: On Thu, Aug 5, 2010 at 9:09 AM, Johan Hendriks j.hendr...@schavemaker.com wrote: does freeBSD support trim with SSDs? as of Freebsd 8.1 it is. read the following: http://www.freebsd.org/releases/8.1R/relnotes-detailed.html#DISKS Very interesting. I see this in the latest build log for 2.0: Thu Aug 5 03:00:22 EDT 2010 -|- pfSense version: 8 Thu Aug 5 03:00:22 EDT 2010 -|- FreeBSD branch: RELENG_8_1 So does that mean we're on version 8 or 8.1? I'm about to move to an SSD install with squid and trim would be nice. db 8.1-RELEASE(+Patches and security things). releng_8 would be 8-stable, which will be 8.2, 8.3 etc. Cheers Remko -- /\ Best regards,| re...@freebsd.org \ / Remko Lodder | re...@efnet Xhttp://www.evilcoder.org/| / \ ASCII Ribbon Campaign| Against HTML Mail and News - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On 8/3/2010 11:15 AM, Eugen Leitl wrote: On Tue, Aug 03, 2010 at 09:22:41AM -0500, Karl Fife wrote: We're going to build up just such a system in just a few months after we close a couple of open projects. Has anyone done this already, have experience to share? I'm running 3 pfSense full installation on flash/SSDs. One is an ALIX system with SLC CF flash, one is a SuperMicro Atom rackmount with 4 (or 8?) SLC Transcend SSD, and one uses Intel 80 GByte 2nd gen SSD. No issues so far. P.S. I'm watching http://doc.pfsense.org/index.php/Is_there_IPv6_support_available as of today I have native IPv6 support now. Yay! You could probably mitigate some of the writes to disk by having the logging sent to a syslog server elsewhere inside the house that is using traditional write media. That should lengthen the life of the SSD at least until the next generation of SSD comes along that has no write limitations. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Tue, Aug 3, 2010 at 10:22 AM, Karl Fife karlf...@gmail.com wrote: If you want to run the full version on embedded, there are lots of SSD's these days with wear-leveling subsystems to address the write endurance issue of nand flash memory. Some SSD's (such as Intel's newest SSD family) even take it a step further by adding extra blocks to swap out when a block becomes exhausted. Intel's version apparently also does something like S.M.A.R.T., but instead of monitoring the length and growth rate of the master defect table, the SSD equivalent of SMART instead monitors the pool of spares and can inform the OS when a disk failure is in approaching. Many of us have hard-won experience indicating that SMART is pretty crappy (because growth characteristics of the master defect table are in fact only loosely correlated with actual disk failure), but I suspect that the SSD equivalent will provide a reliable prediction. I tend to think we're at the dawn of a new era in storage. With SSD's low-power fanless ITX systems, it seems like the line between 'full' and 'embedded' is becoming a bit fuzzy. SSD is considerably different than CF, SSDs should be treated like a hard drive. The SMART capabilities added to 2.0 work nicely on SSD from what I've seen thus far. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
If you want to run the full version on embedded, there are lots of SSD's these days with wear-leveling subsystems to address the write endurance issue of nand flash memory. Some SSD's (such as Intel's newest SSD family) even take it a step further by adding extra blocks to swap out when a block becomes exhausted. Intel's version apparently also does something like S.M.A.R.T., but instead of monitoring the length and growth rate of the master defect table, the SSD equivalent of SMART instead monitors the pool of spares and can inform the OS when a disk failure is in approaching. Many of us have hard-won experience indicating that SMART is pretty crappy (because growth characteristics of the master defect table are in fact only loosely correlated with actual disk failure), but I suspect that the SSD equivalent will provide a reliable prediction. I tend to think we're at the dawn of a new era in storage. With SSD's low-power fanless ITX systems, it seems like the line between 'full' and 'embedded' is becoming a bit fuzzy. We're going to build up just such a system in just a few months after we close a couple of open projects. Has anyone done this already, have experience to share? -Karl - Original Message - From: Chris Buechler cbuech...@gmail.com To: support@pfsense.com Sent: Monday, August 02, 2010 10:17 PM Subject: Re: [pfSense Support] PFSENSE 2.0 On Mon, Aug 2, 2010 at 11:10 PM, Jeppe Øland jol...@gmail.com wrote: On Mon, Aug 2, 2010 at 7:47 AM, Vick Khera vi...@khera.org wrote: none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. I know the embedded version tries to write as little as possible on the drive in order to increase the longevity of CF cards etc. Does the full version do this? No, it's not relevant on hard drives. In other words, *don't* run the full version on embedded hardware :-) Some people do, I know of systems running full installs on CF for years with no trouble (I also know of people killing the CF in a matter of months). If you care about the life of your CF, yeah I wouldn't recommend it. I would never do it on a critical system. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Tue, Aug 03, 2010 at 09:22:41AM -0500, Karl Fife wrote: We're going to build up just such a system in just a few months after we close a couple of open projects. Has anyone done this already, have experience to share? I'm running 3 pfSense full installation on flash/SSDs. One is an ALIX system with SLC CF flash, one is a SuperMicro Atom rackmount with 4 (or 8?) SLC Transcend SSD, and one uses Intel 80 GByte 2nd gen SSD. No issues so far. P.S. I'm watching http://doc.pfsense.org/index.php/Is_there_IPv6_support_available as of today I have native IPv6 support now. Yay! -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. On Sat, Jul 31, 2010 at 4:17 AM, Anil Garg garg_art2...@yahoo.com wrote: I think VGA with embedded is now major convenience issue.
Re: [pfSense Support] pfSense 2.0 Beta4 on
Am 01.08.2010 22:01, schrieb Chris Buechler: You're using polling, so that's to be expected. Thanks for hte hint! fabiana smime.p7s Description: S/MIME Cryptographic Signature
Re: [pfSense Support] PFSENSE 2.0
Vick - Newer hardware tend to have VGA because chipset manufacturers (Intel/Nvidia etc) can throw in a VGA on cheap. If you polled random 100 people they will all tell you hooking up a monitor is easier. The whole purpose of pfsense is providing an ease of use. It appears m0n0wall now has VGA and hopeflly pf will too. Its a stretch to claim universe resembles *your* collection of embedded boxes. In circa 2010 even die hard geeks will agree that for majority of people, including geeks, having VGA interface is easier. I have a huge respect for leaders like you, who make such strong vibrant pfsense community possible. However, I will be less than honest if I did not wholeheartedly disagreed. Because I am a fan of pfsense, I eagerly hope that VGA interface will bubble up to top when folks have some spare bandwidth. I will be patient till then. Anil Garg +1 408-221-7725 From: Vick Khera vi...@khera.org To: support@pfsense.com Sent: Mon, August 2, 2010 7:47:30 AM Subject: Re: [pfSense Support] PFSENSE 2.0 none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. On Sat, Jul 31, 2010 at 4:17 AM, Anil Garg garg_art2...@yahoo.com wrote: I think VGA with embedded is now major convenience issue.
Re: [pfSense Support] PFSENSE 2.0
On Mon, Aug 2, 2010 at 7:47 AM, Vick Khera vi...@khera.org wrote: none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. I know the embedded version tries to write as little as possible on the drive in order to increase the longevity of CF cards etc. Does the full version do this? Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Mon, Aug 2, 2010 at 10:13 PM, Jeppe Øland jol...@gmail.com wrote: On Mon, Aug 2, 2010 at 7:47 AM, Vick Khera vi...@khera.org wrote: none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. I know the embedded version tries to write as little as possible on the drive in order to increase the longevity of CF cards etc. Does the full version do this? No, it's not relevant on hard drives. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Mon, Aug 2, 2010 at 7:47 AM, Vick Khera vi...@khera.org wrote: none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. I know the embedded version tries to write as little as possible on the drive in order to increase the longevity of CF cards etc. Does the full version do this? No, it's not relevant on hard drives. In other words, *don't* run the full version on embedded hardware :-) Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
On Mon, Aug 2, 2010 at 11:10 PM, Jeppe Øland jol...@gmail.com wrote: On Mon, Aug 2, 2010 at 7:47 AM, Vick Khera vi...@khera.org wrote: none of the devices on which I run embedded even *have* VGA, so I disagree. If you have a full system, just run the full release. I know the embedded version tries to write as little as possible on the drive in order to increase the longevity of CF cards etc. Does the full version do this? No, it's not relevant on hard drives. In other words, *don't* run the full version on embedded hardware :-) Some people do, I know of systems running full installs on CF for years with no trouble (I also know of people killing the CF in a matter of months). If you care about the life of your CF, yeah I wouldn't recommend it. I would never do it on a critical system. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 Beta4 on
Am 01.08.2010 02:02, schrieb Chris Buechler: On Sat, Jul 31, 2010 at 4:55 PM, Fabian Abplanalp fabian.abplan...@bug.ch wrote: Am 31.07.2010 22:52, schrieb Chris Buechler: Maybe. Maybe not. Impossible to say based on your description, system is what's using the CPU, so if you're pushing a decent amount of traffic then yeah it's probably normal. Current traffic is low (WAN in 56Kbps/out 700kbps)... Even with no traffic, CPU is always at 25%. How can I find out what's using the 25%? top -S Hmm, that gives me: last pid: 53275; load averages: 1.00, 1.00, 1.00up 0+12:01:36 10:29:04 156 processes: 7 running, 120 sleeping, 29 waiting CPU: 0.0% user, 0.0% nice, 25.0% system, 0.3% interrupt, 74.7% idle Mem: 28M Active, 11M Inact, 59M Wired, 156K Cache, 22M Buf, 1896M Free Swap: 4096M Total, 4096M Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 11 root4 171 ki31 0K32K RUN 0 34.5H 305.47% idle 18 root1 171 ki-6 0K 8K CPU00 717:45 100.00% idlepoll Fabian smime.p7s Description: S/MIME Cryptographic Signature
Re: [pfSense Support] pfSense 2.0 Beta4 on
On Sun, Aug 1, 2010 at 4:29 AM, Fabian Abplanalp fabian.abplan...@bug.ch wrote: Am 01.08.2010 02:02, schrieb Chris Buechler: On Sat, Jul 31, 2010 at 4:55 PM, Fabian Abplanalp fabian.abplan...@bug.ch wrote: Am 31.07.2010 22:52, schrieb Chris Buechler: Maybe. Maybe not. Impossible to say based on your description, system is what's using the CPU, so if you're pushing a decent amount of traffic then yeah it's probably normal. Current traffic is low (WAN in 56Kbps/out 700kbps)... Even with no traffic, CPU is always at 25%. How can I find out what's using the 25%? top -S Hmm, that gives me: last pid: 53275; load averages: 1.00, 1.00, 1.00 up 0+12:01:36 10:29:04 156 processes: 7 running, 120 sleeping, 29 waiting CPU: 0.0% user, 0.0% nice, 25.0% system, 0.3% interrupt, 74.7% idle Mem: 28M Active, 11M Inact, 59M Wired, 156K Cache, 22M Buf, 1896M Free Swap: 4096M Total, 4096M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 4 171 ki31 0K 32K RUN 0 34.5H 305.47% idle 18 root 1 171 ki-6 0K 8K CPU0 0 717:45 100.00% idlepoll You're using polling, so that's to be expected. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
I found a serial cable at Fry's but you guys are going to laugh at my sorry state... I don't have a single laptop at home that has a serial port. Perhaps my work docking station will haveHad I known this I would have purchased USB to serial... I think VGA with embedded is now major convenience issue. Anil Garg +1 408-221-7725 - Original Message From: Anil Garg garg_art2...@yahoo.com To: support@pfsense.com Sent: Fri, July 30, 2010 9:30:10 AM Subject: Re: [pfSense Support] PFSENSE 2.0 Thanks Vick. I can wait for a week if its so cheap and costs me just a few clicks. Woo Hoo!! Anil Garg +1 408-221-7725 - Original Message From: Vick Khera vi...@khera.org To: support@pfsense.com Sent: Fri, July 30, 2010 9:14:28 AM Subject: Re: [pfSense Support] PFSENSE 2.0 On Thu, Jul 29, 2010 at 11:54 PM, Anil Garg garg_art2...@yahoo.com wrote: I also hadn't heard of usb to serial and so will go look for that as well next time I am at best buys... Not so likely to find it there... I get them online from here: http://www.dealextreme.com/details.dx/sku.5859 They work just great plugged into a FreeBSD and MacOS X host. I'm sure they'll work in windows, and likely linux. I've driven them at 115200 baud with no problems. Buy a handful at that price! :-) They are a chinese company and ship directly from there, but the stuff usually arrives within a week. I've bought lots of stuff from them. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
