OK, I got it updated with the correct image file now.

Hi Jimp,

problem occured again on current snapshots.

u cant change option System: Advanced: Miscellaneous -> "Prefer older IPsec SAs", The box is always checked after save + reload of page.

Its not possible to disable option.

How i can change variable on console?

cya

Figured it out.  The interface was supposed to be named OpenVPN, and some of the routing tables got messed up.  Its all fixed now.

We'll probably need a copy of the config to see if it's reproduceable in a lab/test environment. You can e-mail it to me at jimp (at) pfsense (dot) org.

As for restoring sections, you can't upload a whole config and choose to restore only a section - it expects to only find the specific section in the file uploaded. Try to backup a single section, look at the file, and test if restoring that single-section backup works.

I'm not sure if that's something that is planned to change yet or what, but that's how it's always worked.

Jimp, i am sorry, but on a fresh install, it does the error again and doesn't like the new install.  Even though the configuration is the same it still errors out with the config is incorrect.

@jimp:

Just change the monitor IPs to something external. I use 8.8.8.8 for wan, and 8.8.4.4 for wan2.

OK
found it under "System: Gateways: Edit gateway"
I knew there was an option when set to static IP but not for DHCP…

You might try a different port as a test, or check with your ISP to see what they might block.

Some ISPs filter common exploit vectors, and exposing your database port to the Internet is not a good idea in general.

I have a similar problem on 2.0 (running 2.0-BETA3 Built On: Sun Jul 25 20:23:39 EDT 2010) with SQUID 2.7.9_1

Please correct me if I'm wrong in my thinking of what this setting does. "Allow users on interface" automatically adds the IP range of the LAN adapter to the allowed ACL, and by switching this off it will check the 'allowed subnets' under 'access control'. This does not seem to be working as intended, and just blocks internet access. Am I missing something?

This is my problem, and maybe there is another interim solution.
I have a 2.0 proxy and had to set up a second proxy on running 1.2.3 with squidguard for filtering.
People that should be allowed to use the 2.0 proxy are on 10.10.10.0, and people that should use the 1.2.3 one is on 10.10.11.0. The ACL would obviously be perfect, but is it possible to set up a firewall rule to block the proxy port on the 2.0 box for the 2nd network range? I have tried setting up a rule, but I must be doing something wrong…

Thanks

I'm running 2.0-BETA4  (i386)
built on Thu Sep 9 19:39:18 EDT 2010
FreeBSD 8.1-RELEASE

I have LAN, WAN and OPT1 to OPT4 interfaces including a 3G modem and two wireless (WiFi) NICs. My WAN NIC gets its IP address by DHCP. It is a bit cranky about the physical connection and on a couple of reboots didn't detect carrier. Some time afterwards on one boot and after I had wiggled the cable a bit, the WAN NIC had an IP address but there was no default route in the pfSense box. Next time I rebooted the box the WAN NIC apparently got an IP address immediately and there was a default route (through the WAN interface).

I updated the version in the package to 2.1.3. We'll see how it goes. :-)

As someone that is somewhat knowledgeable, but by no means a networking expert, I can agree with SNA about the wizard.

I know a bit about networking and how to set up queues and such, enough to do really well in 1.2.3.  But the wizard in 2.0 is plain confusing, and over-complex.  While many people that use pfSense are extremely well-versed in networking and such, there are also many that are not.  When I first downloaded pfSense, I was really new, and read an article on how to put an old machine of mine to use ("Armor Your Palace" article).  Since then I've come a long way and learned quite a bit.

The difference between the wizards is extreme enough that when seeing the one for 2.0, I just looked at it for a few minutes.  Also there should not be more than one wizard.  It should be one wizard that is able to deal with the different combinations.  I would think (I'm not a coder so I'm guessing) that one wizard with SNA's idea would reduce coding (1 wizard instead of many), and IMHO would be much more intuitive and functional.

That error would not have existed on Sep 2-3 snapshots, only the snapshot from late on the 7th - the code for that did not exist before then.

It should be fixed on the snapshot up now.

It's unfortunately not the problem.  I have two pfSense.  One has no problem (Intel CPU), the other one has the problem (AMD CPU).
I'm also working for the ISP where I'm putting in place these pfSense.  It's a setup to filter trafic for WWW to grid computing infrastructure.  So we were testing a setup with big servers and nice hardware.  Network connectivity is not an issue.  It really look like a bug somewhere or a bad rules.  The ping suceeded to other IP and after the gateway is again available :'(.

i have the below in my config and systemlog shows the below and i have no clue if igmp proxy is working or no.

CropperCapture[1].jpg
CropperCapture[1].jpg_thumb
CropperCapture[2].jpg
CropperCapture[2].jpg_thumb

Hmmm, I'm having DNS-entries, because i want free DNS-services which don't change to advertising-pages on a not found website (I think this doesn't exist only in germany).

Now with update from 09/07 09/08 i have sometimes a graph, but only for some hours.

Seems to be with the gateways a problem, because graph is disappearing/showing garbage when gateway-terror begins… (http://forum.pfsense.org/index.php/topic,28156.0.html)

Next thing is a time-dilatation of 15mins between real-time and the graph.

Here some pics of the thing:

quality.gif
quality.gif_thumb
traffic.gif
traffic.gif_thumb

i saw this but thought it must just be me doing something crazy so i busted out the php comments again :(

this is tricky.

That is normal for a stateful firewall.

I've put in a fix for this, though it has limitations.  If you use an alias for redirect target port and destination port is not using that same alias, it can only use the first port or port range for redirect target port.