@MJK: In one thread, Scott indicated that the forthcoming pfSense 1.2 might be needed, because of some very recent tweaks to the CRON features. - Mike If you need - can use my code for define cron task pfSense 1.2 // setup cron tasks // original source from '/etc/inc/pfsense-utils.inc' function 'tdr_install_cron' // this function safe for other tasks // ***************************************************************************** // - $task_name: cron task name (for config identification) /for searching my cron tasks/ // - $options:   array=[0:minute][1:hour][2:mday][3:month][4:wday][5:who][6:cmd] // - $task_key:  cron command key for searching // - $on_off:    true-'on task', false-'off' task // required: $task_nameand $on_off // ***************************************************************************** define('FIELD_TASKNAME', 'task_name'); function ls_setup_cron($task_name, $options, $task_key, $on_off) {         global $config;         update_log("ls_setup_cron: start task_name=$task_name, task_key=$task_key, on_off=$on_off");         // check input params         if(!$task_name) {             update_log("ls_setup_cron: exit - uncomplete input params.");             return;         }         // search cron config settings         if(!$config['cron']['item']) {             update_log("ls_setup_cron: exit - 'config.xml'->[cron]->[items] not found.");             return;         }         // searching task         $x_name='';         $x=0;         foreach($config['cron']['item'] as $item) {             if($item[FIELD_TASKNAME] and $task_name and ($item[FIELD_TASKNAME]==$task_name)) {                update_log("ls_setup_cron: found cron task with name=$task_name on [$x_name].");                $x_name = $x;             }             $x++;         }         unset($x);         // install cron:         //  - if not found with such name and not found 'task_key', when install task         //  - if found task with such name, when renew this item (delete and add new with all check's)         // deinstall cron:         //  - deinstall only, if found such name         switch($on_off) {                 case true:                      if($task_key) {                           // searching task                           $x=0;                           $x_task='';                           foreach($config['cron']['item'] as $item) {                              if(strstr($item['command'], $task_key)) {                                 $x_task = $x;                                 update_log("ls_setup_cron: found cron task with key=$task_key on [$x].");                              }                              $x++;                           }                           unset($x);                           if($x_task and (!$x_name or ($x_task != $x_name))) { // other task with $task_key alredy installed                                    update_log("ls_setup_cron: can't add cron task, while such task exists $task_key");                                    break;                           } else {                               if(is_array($options)) {                                    // delete this item (by name)                                    if($x_name > 0)                                       unset($config['cron']['item'][$x_name]);                                    // and add new                                    $cron_item = array();                                    $cron_item[FIELD_TASKNAME] = $task_name;                                    $cron_item['minute']    = $options[0];                                    $cron_item['hour']      = $options[1];                                    $cron_item['mday']      = $options[2];                                    $cron_item['month']     = $options[3];                                    $cron_item['wday']      = $options[4];                                    $cron_item['who']       = $options[5];                                    $cron_item['command']   = $options[6];                                    // check options                                    if(!$cron_item['who']) $cron_item['who'] = "nobody";                                    $config['cron']['item'][] = $cron_item;                                    write_config("Installed cron task '$task_name' for 'lightsquid' package");                                    configure_cron();                                    // log                                    update_log("ls_setup_cron: add cron task '$task_name'='" . $cron_item['command'] . "'");                               }                           }                      } else                           // log                           update_log("ls_setup_cron: input prm 'task_key' not defined");                 break;                 case false:                           // delete cron task only with name $task_name                           if($x_name > 0) {                              unset($config['cron']['item'][$x_name]);                              write_config();                              // log                              update_log("ls_setup_cron: delete cron task '$task_name'");                           }                 break;         }         configure_cron();         update_log("ls_setup_cron: end"); }

All This bounty still open? I'll take a crack at it. Careful with the unmodified drivers at sangoma, if they're anything like the linux ones, above a certain version number the S518 goes into an endless retrain loop :( I'll take a looky at how to build freebsd based pfsense modules now. Regards The Sproggg

We just tested the new Frickin proxy with the newest snapshot, and it still does not appear to be functioning.  Has ANYONE gotten this to work yet?  My bounty still stands!  Thanks.

@sullrich: It should be creating the rules on the OPT interfaces behind the scenes but there is a bug preventing it.  I am aware of the bug but this week has been nonstop madness at my day job and other engagements that have prevented me from fixing it. There is any solutions now ?

Read OpenVPN documentation and setup a tunnel using a TAP interface instead of TUN.  I've been doing this for several customers for a while now.  I use pfSense for the firewalling and other features but everything I do with OpenVPN is done at the command line (excluding 1 point to point tunnel I have going on).  I admit it, switched (tap) vpns don't seem to scale well, and the OpenVPN documentation will tell you this, but currently, I have around 7 customers on one tap OpenVPN server with probably 5-6 machines at each location. If you want a VPN that acts just like a switch, go tap.

Great, thanks Ben

Yes of course :) I think about something like that. destination pf-d_kern { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/kernel"); }; destination pf-d_mesg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/messages"); }; destination pf-d_auth { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/secure"); }; destination pf-d_mail { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/maillog"); }; destination pf-d_uucp { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/spooler"); }; destination pf-d_boot { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/boot.log"); }; destination pf-d_emerg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/emerg.log"); }; destination pf-d_sshd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/sshd.log"); }; destination pf-d_pptpd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/pptpd.log"); }; destination pf-d_daemon { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/daemon.log"); }; destination pf-d_firewall { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/firewall.log"); }; filter pf-f_kern { facility(kern); }; filter pf-f_mesg { level(info) and not facility(mail,authpriv,kern,local7); }; filter pf-f_auth { facility(authpriv); }; filter pf-f_mail { facility(mail); }; filter pf-f_uucp { facility(uucp); }; filter pf-f_boot        { facility(local7); }; filter pf-f_emerg    { level(emerg); }; filter pf-f_sshd { program("sshd"); }; filter pf-f_pptpd      { match("pptpd"); }; filter pf-f_daemon { facility(daemon); }; filter pf-f_firewall { level(debug); };

I remember Scott talking about it, I guess he was just talking about the potential of doing so, not that it had been done.

@xibalba: how about running it within a jail? or maybe someone could make a package for a full on jail under pfSense? Please explain 'it' (Samba or Openfiler).

there is a working DSPAM package in pfSense HEAD. A backport to RELENG is in the works and I think its partially funded IMHO. Regarding CARP sync of DSPAM config settings I could use some test hardware to test syncing from from a CARP master to a CARP client. Regarding hardware I have to make the statement that USD $100 won't be appropriate. So I would like to encourage others to contribute as well. One final note: Without a detailed spec of your requirements this bounty is going nowhere! p.s. 50% of this bounty has to be payed up-front. Cheers Daniel S. Haischt

Wow, yeah that is one UGLY hack. OpenVPN isn't as daunting as it may seem at a glance. The info on doc.pfsense.org on setting it up is pretty good, I got mine setup in about 10 minutes following that, previously knowing nothing about OpenVPN.

Hello Scott and the others from the dev-team, sorry, i am not confident with the doormand or any other portknocking solutions. sorry for the additional expenditure. Sorry, maybe we are search for a cool solution a little bit later. I kill the bounty. heiko

Your environment setting is exactly what I have done for my company.  I have posted the diagram on the forum.  Here is the url of the diagram if you want to look at it. http://forum.pfsense.org/index.php?action=dlattach;topic=3555.0;attach=657;image http://forum.pfsense.org/index.php/topic,3555.0.html You can follow the instructions from the online documentation to get the ideas of how to set it up.  It's not really step by step but it's the base.  If you need help with your setup, please PM me and I will try to create a howto document for you.

Since this bounty has been completed, I am closing this thread.  Post again in a new thread.

@hoba: I'm closing this bounty as the original poster got it working and the feature already was there. Hoba and I will still split the bounty however ;-P  Glad it worked for ya, have fun! –Bill

Hi, i just wanted to mention that there exists a Port and a Package for FReebsd, maybe this could make the work easier. http://www.freshports.org/security/vpnc Maybe now someone is willing to create a package Regards

Please be a lot more specific with your bounty.  What kind of access does your DMZ server require?  How is squid to be configured? Transparently?  You're asking for telnet access? To what exactly?  Please revisit your bounty and be more specific with your needs.

I almost forgot hoba!  He did a lot of the initial troubleshooting and agreed that I wasn't just a n00b who didn't RTFM (this time). Thanks hoba! Martin

As the developer who was going to take on this bounty is not going to be available to work on it in the time frame I wanted, and no other developers are currently interested in doing this bounty, I'm redacting it.  Thanks.