Yes, just replace the file from a vanilla installation.

It looks like hard disk corruption at first glance.  Voodoo.

@craigdrown:

Hi Aldo,
just local auth for now. Will get freeradius going once we get this sorted.
The auth is no problem. Client gets an ip in the specified range the the server ip address as the gateway, but the clients are getting a blank entry for a subnet (even though a submet is entered in pfsense)- this seems a problem, otherwise won't all ips be treated as local and not go via the gateway?
Thanks for your help
Cheers,
Craig

i dont really understand your question.

netmask should be 255.255.255.255 on pppoe clients with gateway of pppoe server ip.

No idea, but I'm missing exactly the same thing.

Did you have any luck with it yet?

You can disable the console menu on the advanced page. You can't require a login at this time.

Anyone that has physical access to your firewall can bypass even disabling the console menu (by removing hardware if nothing else), physical access is game over. Your firewall has to be in a secure physical environment to be secure.

Any HIDS on a firewall isn't going to be as useful as HIDS on actual accessible systems (like servers). Network IDS/IPS is much more important and relevant on a firewall. We may add some sort of HIDS package in the (maybe distant) future though.

@StefanS:

That may probably be correct in principle in such a way, however already differently saw.
We have at present a 2Mbit synchron connection, here had i already DoS.
From 2008 we will have 8Mibt synchron and i think that becomes with DoS not better.

It's the same whether you have 2 Mb or 8 Mb or 50 Mb. Every script kiddie on earth has enough bots under their control to DoS a connection of 50 Mb or less off of the Internet. Many have enough to DoS a 1 Gb connection or more.

In this type of scenario, your firewall, no matter what it is, can't help you. Your pipe coming from your ISP is overloaded, it doesn't matter what you do with the traffic once it gets to your end of the pipe, your connection is useless. Your ISP has to handle DoS attacks on their side of your connection so your connection isn't overloaded with the DoS traffic. There isn't anything you can do about it on your end, it's too late at that point.

Re: CA management, yes, eventually, though no work is currently happening in this area. If you start a bounty, it may get done faster.

Re: shaping with VPN, not possible at this time, but some changes are in the works that may allow this in a future release.

Re: mobile user, not sure on that one.

You should try upgrading
http://pfsense.basis06.com/download//updates/pfSense-Full-Update-1.2-BETA-1.tgz

if you disable the shaper, you may see the problem disappear, let us know.

Any memory or CPU bottleneck ?

Where do you live, maybe you can get some local language support.

If you bridge the interface, it won't get NAT'ed.

Or if you just want to route, enable Advanced Outbound NAT with no NAT rules.

What heiko suggested is a bit extreme unless you don't want to do any filtering whatsoever.

/usr/local/etc/rc.d/

Ok, i solved the problem …

I had to define another alias for a single port-RANGE.

Mixed, eg. Ports: 5001,5002,5010:5100 does not work !
for the Range i must define a new alias

Anyway thanks for your help !

MBChris
(Marking thread as solved)

OK.  Thanks.  :)

You cannot.  It is built into the kernel that we build.

The active / passive mode has to be set up in your ftp-server…

Upgrade to recent snapshot.

Just downloaded a new snapshot tonight and it appears to work now on my embedded platform.. Thanks!

@firestar:

I've updated the firmware of the testbox to:

1.2-BETA-1-TESTING-SNAPSHOT-05-11-2007
built on Mon May 14 11:30:09 EDT 2007

I noticed these lines in the System logs-OpenVPN:

openvpn[304]: Use --help for more information. openvpn[304]: Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_client0.conf:14: remote (2.0.6) openvpn[300]: Use --help for more information. openvpn[300]: Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_server0.conf:14: lport (2.0.6)

I never used or configured VPN/OpenVPN and in the other pfSense machine running the stable 1.0.1 version, the system log is obviously blank. Maybe a bug in snapshots?

This was a previous bug that has been fixed but the only way to fix it is to remove the blank entries from config.xml.

To do this enter the pfSense PHP shell and run these commands:

unset($config['installedpackages']["openvpnserver"]['config']);
unset($config['installedpackages']["openvpnclient"]['config']);
write_config();
exit

Thank you! That's very helpfully !!

Leander