The function guess_interface_from_ip seems to be what I was looking for.

Yep that is all present in 2.0

@esullender:

Using a samba share I copied the ISO out to my host (Win) system. I then setup a new VM and mounted this ISO. The pfSense boot screen showed up (so far so good!)..  BUT I get the following error (when loading the liveCD version):   /libexec/ld-elf.so.1: Shared object "libipx.so.4" not found, required by "ifconfig"

Having the exact same problem here…I also built the image myself following the Wiki, mounting the new .iso in VMWare and getting the "libipx.so.4" error message.

What to do? Can anyone help?

found why:
the file to edit is pkg_config.7.xml …

@dvserg:

@chyly0707:

I mean that my os is windows.
when OS is freebsd,i can do it.

Git for windows can help you ?

I mean i won't use git!
I only want to get source code!

using freebsd box  and install git

refer to :

http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso
http://devwiki.pfsense.org/CreatingAnAppliance

my nanobsd.img custom with it, its working and stable

Wow, no-one cares that the development ISO has been broken for over a month?

Its in 2.0.

Thanks. yes, now fine works.
I need developer iso, but error following the attachmed picture ;

builddevisoerror.JPG
builddevisoerror.JPG_thumb

When I sign up with a gmail account it works fine, so must be something wrong with my email server setup.  Issue resolved.
Josh

Hi,

@ermal:

It is present in 2.0 that's why i said it is present.

though all you need is find it on 2.0 code and enter manually in 1.2.3 since its just php modification and you do not need to rebuild the whole system.

I downloaded a 2.0 snapshot (pfSense-2.0-ALPHA-ALPHA-20090923-1117.iso, based on FreeBSD 8.0), and unfortunatly, the feature I talked about (max-src-conn) is not included. There is :

marking/matching options (news to 2.0) max-src-node (already in 1.2) max-src-states (already in 1.2) max-src-conn-rates (already in 1.2) state timeout

However, with your advices, I was able to easily add this feature.

For 1.2, in /etc/inc/filter.inc and /usr/local/www/firewall_rules_edit.php For 2.0, in /etc/inc/filter.inc, /usr/local/www/firewall_rules_edit.php, and /usr/local/www/firewall_rules.php

It is really trivial.

May it be interresting for the project that I try to submit the patch in rcs.pfsense.org ? (http://devwiki.pfsense.org/SubmittingPatches).

Best regards,
Pierre

Why would you need it? Even web-interface is slightly broken in this old snapshot. Apparently it is not good for development as what you have in GIT is much more fresh.

;D
OK, got no responses or help but I found a way to make it work.

Since I didn't get any direction from those in the know, I'm surprised that I didn't even get a single response to this thread… oh well. - PLEASE let me know if there is any problem anyone can see with going about this in the way that I have.

What I wanted was to get the newer 2.1 RC version of the OpenVPN daemon on a pfSense 1.2.3 RC2 nano embedded installation.

First off - I started with a fresh install of pfSense 1.2.3 RC2 nano (August 31st snapshot) and installed the OpenVPN Enhancements 1.0 package to get additional options in the web config that I wanted. I then completed the OpenVPN configuration and verified that I had a working tunnel with certificate authentication.

Then I completed the following:
1. SSH to firewall
 a. access shell
 b. exec /etc/rc.conf_mount_rw to remount root filesystem as read-write mode.
 c. exec pkg_add -r openvpn-devel (this took a while)
 d. exec /etc/rc.conf_mount_ro to remount root filesystem back to read-only mode.
2. Reboot firewall (don't know if this should be needed but my web console stopped responding until I did this)
3. SSH to firewall
 a. access shell
 b. exec openvpn --version to verify that I now have OpenVPN 2.1 RC15 installed.
4. From pfSense webConfig
 a. Now OpenVPN service fails to start - checked logs and found that an additional security option was needed for custom scripting.
   i. Added --script-security 2; to the custom options text-box in OpenVPN config page.
 b. Verified that daemon starts and tunnel again works.
-- Now - finally for the option I wanted to use.
5. Again from pfSense webConfig OpenVPN config page.
 a. Add the additional custom configuration to the text-box.
   i. Added --port-share 10.255.255.10 443;
     (Line now reads: --script-security 2; --port-share 10.255.255.10 443;)
 b. Saved configuration. (this should cause the OpenVPN process to reload it's config)
6. Testing:
 a. Pointed web browser to https://my-external-ip and successfully was passed to my web server content
 b. Used my external test client and connected to my-external-ip port 443 with no changes to my configuration except the port number.

Success! I now have an embedded pfSense firewall with a single external IP and am sharing TCP:443 between OpenVPN and my web service without having to use an additional system as I was previously.

Granted to all that noticed - The 2.1 RC15 version of OpenVPN is Pre Release Code and they say not to use it for production environments. Saying that I have used the 2.1 RC train for quite some time on my home network without any issues whatsoever - including this port-share option.

Again - if you know of ANY reason why what I did was against best practices please let me know!

One caveat I can see is that I'm now using the openvpn-devel package - if I use a pfSense package in the future that re-installs or upates the 'openvpn' package it may overwrite my daemon binaries in which case I'd have to reinstall the openvpn-devel package. Other than that I'm using the standard pfSense / OpenVPN Enhancements 1.0 configuration methods so I think I'll be safe.

I hope my spending time on this helps someone else down the line. I'm sure this method could be used for other services as well.

As I understand it in fact one could install any FreeBSD package they wanted as long as they configure that package to not need read-write access to the root filesystem and understand that /var will be cleaned when the system reboots. To get around this one might be able to use cheap USB storage or network storage for stateful storage for non-critical services... I digress - I'm sure someone has a thread on that elsewhere on this site.

maybe something to do with the file being locked/unlocked?

@steelmanot:

I'm following this guide http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso
…

What is the problem here ?

This article has been updated recently and the problem mentioned by you was solved. Try to follow the procedure again.