@mastrboy: If im not totally wrong here it is not authpf that does the actual authentication, it's the SSH daemon, so you could configure the SSH daemon to authenticate against pam_ldap or similear i guess. Correct, authpf doesn't do the authentication.  It does require a TTY though and that requires more access than I'm willing to give my users.  OpenBSD did the right thing as far as it being part of their core OS (and handling authentication), however I disagree with the implementation for pfSense.  It needs a utility that can be deployed to the desktop and doesn't require anything more than an authentication prompt on the firewall (which can obviously be handed off to radius, ldap, whatever). –Bill

ohhh right sorry no prob.  Putty does work now thanks

Please be a bit more specific. What kind of WAN do you have? What's in front of your pfSense WAN interface? What state is the NIC in if the connection is lost? Found a way to recover from this situation without rebooting? Anything in the systemlogs?

@sullrich: This was a bug.  He had spaces and special characters in the interface description names and we where not checking for this during upgrade. Once I installed some code to scrub this everything is fine after import. yea, because he is THE MAN. sqaushin bugs is fun, especially since i am successfully using pfsense now. :-)

maybe something teel me what is going wrong with this… please. :) $ netstat -m 412/488/900 mbufs in use (current/cache/total) 407/337/744/4800 mbuf clusters in use (current/cache/total/max) 401/239 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 918K/796K/1714K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 1/19/1456 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines I've still this information on syslog /syslogd: sendto: No buffer space available/ Martin

Bump? Modem's IP is 192.168.1.254, sets all clients hooked to it to have an IP of 192.168.1.1 (By setting the DHCP range from 192.168.1.1 to 192.168.1.1, because the damn modem doesn't want to do anything BUT DHCP). Router's IP is 192.168.2.1, and sers all clients hooked to it to have an IP of 192.168.2.x. Firewall Rules allow everything, NAT is as suggested above. WLAN is bridged to LAN. WAN is set to Static with it's IP being 192.168.1.1 and gateway being 192.168.1.254. Can't access the modem on 192.168.1.1 or 192.168.1.254. Can't ping, and can't get an internet connection. I'm completely at lost as to what I'm not doing right.

Thanks for the notification.

I just commited a fix to work around this bug.

Broadcast will not work cause you need to configure OpenVPN to use TAP interfaces, ethernet layer VPN. Also, make sure you're not pinging from your OpenVPN gateway to the other side, but rather from a client in the local LAN to a client in the local WAN. Oh, and make sure you're not doing anything stupid (like firewalling yourself).

One example can be found here:  http://forum.pfsense.org/index.php/topic,682.msg10895.html#msg10895

Btw, check if you have 2 DHCP servers running. In that case a client requesting a lease will randomly get one from the one or the other (the one that answers the current request faster wins). In that case you might see clients hopping between IPs too.

@cheech: LIVE CD. RC1. I will go to RC2 today but it's odd because this box wasn't doing this before and I have 3 other boxes with same config+hardware at same site. I wander if I delete the rrd file on the floppy? Also, how much RAM? –Bill

You can create all the other connections in the same manner, its highly likely that if one connection fails, e.g. C1 to C2 that either C1 to S or C2 to S will also fail. Alternatively you can try configuring OSLR above the OpenVPN connections.  You probably need to specify each connection as a different network so regular routing doesn't go through the VPN directly.

Robbyt, Thanks for the great doc! I think I successfully generated my keys and configured my PFsense box. The other side is an IPcop box with OpenVPN installed. I've tried to create it as the client. However, it just doesn't seem to ever open the VPN. On PFsense do I need to create any rules or setup NAT for port 1194? Does OpenVPN run on the WAN NIC? I feel like I'm missing a critical step here. Thanks -N

I've read everyone's suggestions, and i have tried them all, nothing seems to work for me.  When i was using ip-cop i had no problems.  I've got a linux box on one end and linux and windows at home.  obviously the 2 on the same network can see each other, but not the one thats at my work.  I've talked to my network guy, he says that all outbound is unregulated, so that shouldn't be the problem.  Any other ideas why this would be failing?

You are most likely talking about a VPN setup here. You need 3 tunnels to get this working. It's pretty easy. As the tunnel definitions only will match City1 <-> City2 City1 <-> City3 City1 <-> City4 there won't pass any traffic between city2, city3 or city4 whereas everybody can connect to citiy 1 and city1 can connect to all other cities. See http://doc.m0n0.ch/handbook/ipsec.html for how to configure this. It's exactly the same for pfSense.