Hi, @ermal: It is present in 2.0 that's why i said it is present. though all you need is find it on 2.0 code and enter manually in 1.2.3 since its just php modification and you do not need to rebuild the whole system. I downloaded a 2.0 snapshot (pfSense-2.0-ALPHA-ALPHA-20090923-1117.iso, based on FreeBSD 8.0), and unfortunatly, the feature I talked about (max-src-conn) is not included. There is : marking/matching options (news to 2.0) max-src-node (already in 1.2) max-src-states (already in 1.2) max-src-conn-rates (already in 1.2) state timeout However, with your advices, I was able to easily add this feature. For 1.2, in /etc/inc/filter.inc and /usr/local/www/firewall_rules_edit.php For 2.0, in /etc/inc/filter.inc, /usr/local/www/firewall_rules_edit.php, and /usr/local/www/firewall_rules.php It is really trivial. May it be interresting for the project that I try to submit the patch in rcs.pfsense.org ? (http://devwiki.pfsense.org/SubmittingPatches). Best regards, Pierre

Why would you need it? Even web-interface is slightly broken in this old snapshot. Apparently it is not good for development as what you have in GIT is much more fresh.

;D OK, got no responses or help but I found a way to make it work. Since I didn't get any direction from those in the know, I'm surprised that I didn't even get a single response to this thread… oh well. - PLEASE let me know if there is any problem anyone can see with going about this in the way that I have. What I wanted was to get the newer 2.1 RC version of the OpenVPN daemon on a pfSense 1.2.3 RC2 nano embedded installation. First off - I started with a fresh install of pfSense 1.2.3 RC2 nano (August 31st snapshot) and installed the OpenVPN Enhancements 1.0 package to get additional options in the web config that I wanted. I then completed the OpenVPN configuration and verified that I had a working tunnel with certificate authentication. Then I completed the following: 1. SSH to firewall  a. access shell  b. exec /etc/rc.conf_mount_rw to remount root filesystem as read-write mode.  c. exec pkg_add -r openvpn-devel (this took a while)  d. exec /etc/rc.conf_mount_ro to remount root filesystem back to read-only mode. 2. Reboot firewall (don't know if this should be needed but my web console stopped responding until I did this) 3. SSH to firewall  a. access shell  b. exec openvpn --version to verify that I now have OpenVPN 2.1 RC15 installed. 4. From pfSense webConfig  a. Now OpenVPN service fails to start - checked logs and found that an additional security option was needed for custom scripting.    i. Added --script-security 2; to the custom options text-box in OpenVPN config page.  b. Verified that daemon starts and tunnel again works. -- Now - finally for the option I wanted to use. 5. Again from pfSense webConfig OpenVPN config page.  a. Add the additional custom configuration to the text-box.    i. Added --port-share 10.255.255.10 443;      (Line now reads: --script-security 2; --port-share 10.255.255.10 443;)  b. Saved configuration. (this should cause the OpenVPN process to reload it's config) 6. Testing:  a. Pointed web browser to https://my-external-ip and successfully was passed to my web server content  b. Used my external test client and connected to my-external-ip port 443 with no changes to my configuration except the port number. Success! I now have an embedded pfSense firewall with a single external IP and am sharing TCP:443 between OpenVPN and my web service without having to use an additional system as I was previously. Granted to all that noticed - The 2.1 RC15 version of OpenVPN is Pre Release Code and they say not to use it for production environments. Saying that I have used the 2.1 RC train for quite some time on my home network without any issues whatsoever - including this port-share option. Again - if you know of ANY reason why what I did was against best practices please let me know! One caveat I can see is that I'm now using the openvpn-devel package - if I use a pfSense package in the future that re-installs or upates the 'openvpn' package it may overwrite my daemon binaries in which case I'd have to reinstall the openvpn-devel package. Other than that I'm using the standard pfSense / OpenVPN Enhancements 1.0 configuration methods so I think I'll be safe. I hope my spending time on this helps someone else down the line. I'm sure this method could be used for other services as well. As I understand it in fact one could install any FreeBSD package they wanted as long as they configure that package to not need read-write access to the root filesystem and understand that /var will be cleaned when the system reboots. To get around this one might be able to use cheap USB storage or network storage for stateful storage for non-critical services... I digress - I'm sure someone has a thread on that elsewhere on this site.

maybe something to do with the file being locked/unlocked?

@steelmanot: I'm following this guide http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso … What is the problem here ? This article has been updated recently and the problem mentioned by you was solved. Try to follow the procedure again.

Splendid, thanks for the info.

I committed the havp widget into Dashboard v0.8.4, should be on the package server momentarily.

Actually FreeBSD with the right hardware can do it but pfSense does not support any such types of links.

from the php code: echo "$timing|" . $ifinfo['inbytes'] . "|" . $ifinfo['outbytes'] . "\n"; meaning 'time|inbytes|outbytes' if you pick an interface that doesnt exist, it gives you only the time.  try using 'wan' or 'lan' instead. you could use this every easily to write a monitoring program, or you could use snmp as well.

I am trying to build a new one with the new instruction http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso.  but every time i build i get following errors. Kernel build for pfSense.7 started on Sun Aug  9 15:51:47 PKST 2009 –------------------------------------------------------------ ===> pfSense.7 mkdir -p /usr/obj.pfSense/usr/pfSensesrc/src/sys stage 1: configuring the kernel cd /usr/pfSensesrc/src/sys/i386/conf;  PATH=/usr/obj.pfSense/usr/pfSensesrc/src/tmp/legacy/usr/sbin:/usr/obj.pfSense/usr/pfSensesrc/src/tmp/legacy/usr/bin:/usr/obj.pfSense/usr/pfSensesrc/src/tmp/legacy/usr/games:/usr/obj.pfSense/usr/pfSensesrc/src/tmp/usr/sbin:/usr/obj.pfSense/usr/pfSensesrc/src/tmp/usr/bin:/usr/obj.pfSense/usr/pfSensesrc/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin  config  -d /usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense.7  /usr/pfSensesrc/src/sys/i386/conf/pfSense.7 WARNING: duplicate option SCHED_ULE' encountered. WARNING: duplicate option GEOM_LABEL' encountered. WARNING: duplicate option DEV_WLAN' encountered. WARNING: duplicate device wlan' encountered. WARNING: duplicate option DEV_WLAN_WEP' encountered. WARNING: duplicate device wlan_wep' encountered. WARNING: duplicate option DEV_WLAN_CCMP' encountered. WARNING: duplicate device wlan_ccmp' encountered. WARNING: duplicate option DEV_WLAN_TKIP' encountered. WARNING: duplicate device wlan_tkip' encountered. WARNING: duplicate option DEV_WLAN_AMRR' encountered. WARNING: duplicate device wlan_amrr' encountered. WARNING: duplicate option DEV_WLAN_SCAN_AP' encountered. WARNING: duplicate device wlan_scan_ap' encountered. WARNING: duplicate option DEV_WLAN_SCAN_STA' encountered. WARNING: duplicate device wlan_scan_sta' encountered. WARNING: duplicate option DEV_ATH' encountered. WARNING: duplicate device ath' encountered. WARNING: duplicate option DEV_ATH_HAL' encountered. WARNING: duplicate device ath_hal' encountered. WARNING: duplicate option AH_SUPPORT_AR5416' encountered. WARNING: duplicate option DEV_ATH_RATE_SAMPLE' encountered. WARNING: duplicate device ath_rate_sample' encountered. WARNING: duplicate option DEV_AN' encountered. WARNING: duplicate device an' encountered. WARNING: duplicate option DEV_AWI' encountered. WARNING: duplicate device awi' encountered. WARNING: duplicate option DEV_RAL' encountered. WARNING: duplicate device ral' encountered. WARNING: duplicate option DEV_WI' encountered. WARNING: duplicate device wi' encountered. WARNING: duplicate option DEV_BPF' encountered. WARNING: duplicate device bpf' encountered. WARNING: duplicate option DEV_UBSA' encountered. WARNING: duplicate device ubsa' encountered. WARNING: duplicate option DEV_UCOM' encountered. WARNING: duplicate device ucom' encountered. WARNING: duplicate option DEV_UPLCOM' encountered. WARNING: duplicate device uplcom' encountered. WARNING: duplicate option DEV_ any idea?

I followed the instructions on DevelopersBootStrapAndDevIso, using the building a custom pfSense image, however, it says command not found soon after I enter command ./cvsup_bsdinstaller.sh Is the DevelopersBootStrapAndDevIso current for the most recent pfSense developers ISO build? Am I missing something here? Any help would be greatly appreciated.

That'll depend on when it gets into FreeBSD.

Are there no Users/Devs using the DevISO ?

Which fix?! mine was a suggestion :). Either way i will see this later on.