Did you actually install the ISO?  There are no ports files, the packages system uses binary packages.

And cvs_sync.sh has been disabled so you really should start a different thread as this is no longer related.

Thx for the infos

I'm not going to set it up right now, but was just thinking about… it's better to know if it is possible before buying hardware ;-).

@prodius:

Hi,

Short question. Is it possible to save the configuration to a cf disk in the appliance? I know you can download the config, but that's not enough. Every change made to the firewall should be written directly to a cf disk. Or should we create a cronjob to do this??

We're planning to use a full installation on a hard disk in an appliance we put together. Those machines will replace a bunch of commercial firewalls (netasq) at our custumers sites. Why you might think? Great features (multi wan, failover, etc) without any extra costs. If you search the same functionality with a commercial product…

Thx.

All you should need to do is disklabel, newfs, mount the CF over /cf and update /etc/fstab.  Some FreeBSD administration experience is helpful here of course ;)  You might be able to get away with the CF being FAT32 here and just mount that in /cf.

–Bill

@mastrboy:

If im not totally wrong here it is not authpf that does the actual authentication, it's the SSH daemon, so you could configure the SSH daemon to authenticate against pam_ldap or similear i guess.

Correct, authpf doesn't do the authentication.  It does require a TTY though and that requires more access than I'm willing to give my users.  OpenBSD did the right thing as far as it being part of their core OS (and handling authentication), however I disagree with the implementation for pfSense.  It needs a utility that can be deployed to the desktop and doesn't require anything more than an authentication prompt on the firewall (which can obviously be handed off to radius, ldap, whatever).

–Bill

ohhh right sorry no prob.  Putty does work now thanks

Please be a bit more specific. What kind of WAN do you have? What's in front of your pfSense WAN interface? What state is the NIC in if the connection is lost? Found a way to recover from this situation without rebooting? Anything in the systemlogs?

@sullrich:

This was a bug.  He had spaces and special characters in the interface description names and we where not checking for this during upgrade.

Once I installed some code to scrub this everything is fine after import.

yea, because he is THE MAN. sqaushin bugs is fun, especially since i am successfully using pfsense now. :-)

maybe something teel me what is going wrong with this…
please. :)

$ netstat -m
412/488/900 mbufs in use (current/cache/total)
407/337/744/4800 mbuf clusters in use (current/cache/total/max)
401/239 mbuf+clusters out of packet secondary zone in use (current/cache)
0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/0 9k jumbo clusters in use (current/cache/total/max)
0/0/0/0 16k jumbo clusters in use (current/cache/total/max)
918K/796K/1714K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
1/19/1456 sfbufs in use (current/peak/max)
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile
0 calls to protocol drain routines

I've still this information on syslog

/syslogd: sendto: No buffer space available/

Martin

Bump?

Modem's IP is 192.168.1.254, sets all clients hooked to it to have an IP of 192.168.1.1 (By setting the DHCP range from 192.168.1.1 to 192.168.1.1, because the damn modem doesn't want to do anything BUT DHCP). Router's IP is 192.168.2.1, and sers all clients hooked to it to have an IP of 192.168.2.x. Firewall Rules allow everything, NAT is as suggested above. WLAN is bridged to LAN. WAN is set to Static with it's IP being 192.168.1.1 and gateway being 192.168.1.254.

Can't access the modem on 192.168.1.1 or 192.168.1.254. Can't ping, and can't get an internet connection.

I'm completely at lost as to what I'm not doing right.

Thanks for the notification.

I just commited a fix to work around this bug.

Broadcast will not work cause you need to configure OpenVPN to use TAP interfaces, ethernet layer VPN.

Also, make sure you're not pinging from your OpenVPN gateway to the other side, but rather from a client in the local LAN to a client in the local WAN.

Oh, and make sure you're not doing anything stupid (like firewalling yourself).

One example can be found here:  http://forum.pfsense.org/index.php/topic,682.msg10895.html#msg10895

Btw, check if you have 2 DHCP servers running. In that case a client requesting a lease will randomly get one from the one or the other (the one that answers the current request faster wins). In that case you might see clients hopping between IPs too.

@cheech:

LIVE CD. RC1. I will go to RC2 today but it's odd because this box wasn't doing this before and I have 3 other boxes with same config+hardware at same site. I wander if I delete the rrd file on the floppy?

Also, how much RAM?

–Bill

You can create all the other connections in the same manner, its highly likely that if one connection fails, e.g. C1 to C2 that either C1 to S or C2 to S will also fail.

Alternatively you can try configuring OSLR above the OpenVPN connections.  You probably need to specify each connection as a different network so regular routing doesn't go through the VPN directly.