Hello, i'm in the same situation, is this possible ? does somebody know ?

Looks a bug for me…. actually I already open a bug report a year ago but nobody even check... :(

OMG. Install the damned package from the package manager. There you have the GUI. (And kindly uninstall what you installed manually before that, or you'll have two broken copies of the same monster that doesn't belong on firewalls…)

I've found that pressing clear log also restores the list for me as well.

This is off-topic, but I've been running the server portion of OpenVPN at the remote offices, listening on the failover gateway, and running the clients at the central site.

I add this to the client config at the central site:

remote rmt.fai.ovr.con pporrtt;
keepalive 1 4;

Seems to work pretty well.

Total time to failover = failover timeout configured on gateway group + failover timeout configured by the keepalive statement on the client

I believe the above OpenVPN timeout is set to 4 seconds

First of Kudos, respect and props to 'marcelloc' for the amazing package

For those who still cannot get it working please remember follow the instructions for your version 32 bit or 64 bit

32 bit

Reinstall Sarg Pkg

rm -rf /usr/local/sarg-reports

ln -s /usr/pbi/sarg-i386/local/sarg-reports /usr/local/sarg-reports

64 bit

Reinstall Sarg Pkg

rm -rf /usr/local/sarg-reports

ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports

I have two pfsense severs - "pf2" normal and "pf1" with this little problem.

Registration (may be "connection"?) you can see on remote NUT server by "upsc -c upsname". For UPS with pf2 I see one connection/registration, for pf1 - two.
Processes on "bad" server:

[2.2.4-RELEASE][root@pf1]/root: ps auxw | grep ups
root    78028  0.0  0.0  18832  2416  -  Is    5:25PM    0:00.00 /usr/local/sbin/upsmon ups11@192.168.99.32
root    78081  0.0  0.0  18832  2420  -  Is    5:25PM    0:00.00 /usr/local/sbin/upsmon ups11@192.168.99.32
uucp    78366  0.0  0.0  18832  2444  -  S    5:25PM    0:01.93 /usr/local/sbin/upsmon ups11@192.168.99.32
uucp    78642  0.0  0.0  18832  2448  -  S    5:25PM    0:01.89 /usr/local/sbin/upsmon ups11@192.168.99.32
root    98879  0.0  0.0  18876  2380  0  S+  11:37AM    0:00.00 grep ups
[2.2.4-RELEASE][root@pf1]/root:

On "good" server:

[2.2.4-RELEASE][root@pf2]/root: ps auxw | grep ups
root    39209  0.0  0.1  18832  2548  -  Is  18Sep15      0:00.00 /usr/local/sbin/upsmon ups10@192.168.99.32
uucp    39236  0.0  0.1  18832  2576  -  S    18Sep15      1:33.76 /usr/local/sbin/upsmon ups10@192.168.99.32
root    64213  0.0  0.1  18876  2376  0  S+  11:40AM      0:00.00 grep ups
[2.2.4-RELEASE][root@pf2]/root:

Your are right, I want to understand the logic was to build the app into pfsense, don't know the idea to have a local director.
Once u setup bacula with this requirement, my bacula director is not able to grab the backup from pfsense, I got the error:

'26-Oct 10:13 bacula-dir JobId 33027: Start Backup JobId 33027, Job=MBX-PFSENSEMBX.2015-10-26_10.13.05_53
26-Oct 10:13 bacula-dir JobId 33027: Using Device "FileStorage"
26-Oct 10:13 bacula-fd JobId 33027: Fatal error: Authorization key rejected by Storage daemon.
Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION00260000000000000000 for help.
26-Oct 10:13 bacula-dir JobId 33027: Fatal error: Bad response to Storage command: wanted 2000 OK storage
, got 2902 Bad storage'

Did u get the same error message?

Your fix is working?

Thanks.

I have neither of those set and just use the resolver in pfsense for all my dns, both for pfsense itself and clients on my network..  And have no problems downloading packages..

Same problem here. After installing pfSense 2.2.4 "fresh" (on a Intel Core2Duo 2.5GHz white box with 1GByte RAM), the Package manager is not able to download the OpenVPN Client export utility in my case. Tried this and other packages over several days, the same result every time.

Using the download links mentioned in any of the error messages in a browser, I can download all packages without a problem. An example link:  https://files.pfsense.org/packages/10/All/zip-3.0_1-amd64.pbi

There is no proxy on my own network and the command TRACERT (Windows, sew me ;)) shows no apparent proxies or DNS problems either. My topology is a simple one: internet <<>> pfSense router <<>> unmanaged switch <<>> my computer

The provided links point to *.pbi files only. Where can I find alternatives for manual installation?

The titles of posts in the pfSense forum from sections 'OpenVPN' and 'Installation and Upgrades' do not look to cover the problem. However, that is the general inability of people to describe their problem concisely.

A forum search using term "cannot download" resulted in this https://forum.pfsense.org/index.php?topic=100128.msg557921#msg557921, but that doesn't work either.

*Edit:
The solution mentioned at the link above is only half of the solution. There are 2 check boxes on the mentioned pfSense 2.2.4 configuration page. The first one needs to be off/disabled, the second one needs to be on/enabled. After I did that, I was able to install packages.

The 1st checkbox in this case is called: Allow DNS server list to be overridden by DHCP/PPP on WAN
The 2nd checkbox in this case is called: Do not use the DNS Forwarder or Resolver as a DNS server for the firewall

pfSense_question.jpg
pfSense_question.jpg_thumb
pfSense_questionb.jpg
pfSense_questionb.jpg_thumb

I'll shorten your dilemma: The package never worked on pfSense 2.2.x :)

@brasilnut:

I had all of Asia blocked, and just recently try to open up (permit) South Korea.
I opened it by: opened the Asia tab - then unselected "Korea, Republic of-KR" - then pressed Save

After hitting "Save", follow that with a "Force Update" to get the changes to take effect. However, a "Force Reload" is better when you remove Lists or CCs…

Also, don't block the Inbound unless you have open WAN ports. And if you have open WAN ports, then protect only those open ports. Also its better to permit the few countries that you want instead of trying to block the world...

See the following two links:
https://forum.pfsense.org/index.php?topic=86212.msg548324#msg548324
https://forum.pfsense.org/index.php?topic=86212.msg553921#msg553921

not sure if is a squid problem or an very old pfsense bug that keep connection established before the off interval.

you can try an experiment and manual clear the firewall states for that IP and check if he still have access.

The miscalculated MPPE keys with TLS 1.2 issue has nothing to do with weak DH.

The best solution for weak DH is to configure your cipher_list directive in FreeRADIUS to one of the following two.

"EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1"

We can verify what this gives us via:

openssl ciphers -v "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1"

This gives:

"EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1:RSA+3DES+SHA1"

Again, the resultant set of cipher suites can be seen via:

openssl ciphers -v "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+AES+SHA384:EECDH+aRSA+AES+SHA384:EECDH+ECDSA+AES+SHA256:EECDH+aRSA+AES+SHA256:EECDH+ECDSA+AES+SHA1:EECDH+aRSA+AES+SHA1:RSA+AES+SHA256:RSA+AES+SHA1:RSA+3DES+SHA1"