I'm experiencing a similar issue after installing the upgrade today… and by looking at the System Logs: Firewall the Source and Destinations are all backwards For example when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.

@cmb: The user's cert must be from the same CA as the OpenVPN server is using. That's the only other scenario I can think of that makes it not show there. That was it.  Thanks!

Thanks, shrew client works very well! I set up my ipsec vpn all from china and now i'm using the shrew client on my win 7 laptop and bypassing all this great firewall of china crap. No twitter to follow sullrich, blah. Cheers!

It s OK since the version 2.0-BETA4-(i386) built on Sat Aug 14 10:17:14 EDT 2010 Good jobs Thx

Interfaces will drop when you add one at interfaces>assign, though I'm seeing 6-8 seconds or so. The longer delay, and what seems like a delay in a different area, is likely MLPPP related. Doubt if that will change for 2.0 release, though that depends on gnhb likely, he may know how to fix it.

Technically, no, but the port used is also the port selected for the management interface, which all run on 127.0.0.1, hence allowing that would create a number of complications. There needs to be an alternative for that in the future without breaking the Status page, that's a pretty involved change though so the ticket has been postponed to a future release.

Deleted *.rrd in /var/db/rrd/ clicked "save" in rrd-settings page: The error-output has become smaller, but still no luck: php: /status_rrd_graph_settings.php: RRD create failed exited with 1, the error is: /libexec/ld-elf.so.1: /usr/local/lib/libfreetype.so.9: unsupported file layout Did a kill -15 for updaterrd.sh en repeated the above step, still the same error. :(

@cmb: @elvisnld: By one system, you mean one pfsense firewall?. I know i can't make it a redundant pfsense ' cluster' this way, we stepped away from that approach because of difficulties with VRRP on the wan from the isp,  not pfsense's fault as we know, thank you Cisco and IETF  ::) You can still use CARP where your provider is using VRRP (though it may create some log noise on both sides, it will work perfectly fine), just make sure you're using different VHIDs. I read that in the book, but i wasn't brave or skilled enough at that time.  :P @elvisnld: If i want to use Haproxy on my pfsense fw to LB to my lan-based servers what is the way to go for the vips? carp? Which ever you want, if you have one it doesn't matter which you use. ok, clear. Kewl, this i aparentlly didn't fully understand from the book then, now i do The information here: http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F should be updated a bit then. it's a bit misleading.  But thank you very much for explaining it!

It'll work but you'll have to blow away your RRD data, the data from 32 bit won't work on 64. Run:  rm -rf /var/db/rrd*  after the upgrade and hit Save on the settings tab of RRD to fix

Those instructions can't be used on 2.0. Bridging is built in, though I don't know it's been tested yet.

It works for me on a snapshot from today. Perhaps it was a part of what you were entering as the gateway name or description?

Whatever subnet is accessible from remote can be used to any interface in the pfSense. So i think its the cable modem lan subnet. I dont really know whats your exact setup so im just guessing. Regards

That is not how they work. The tiers are for failover. In your first scenario, OPT1 would be used if WAN died. OPT2 would be used if both WAN and OPT1 died. The second scenario is correct. WANs on the same tier are round-robin connection balanced.

With that box checked, the rules are "first match wins" as in the processing stops when a match is found. If you uncheck that box, the rules only apply if no other rules match that connection. Only floating rules offer that option. Rules on LAN, WAN, etc, automatically have that option behind the scenes - the first match always wins on those lists.

Does the driver show up in dmesg? We have to add code to show the crypto devices in the dashboard, and I'm not sure we've seen one of those yet. You can try some of the openssl tests shown here: http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported

You may have caught a bad snapshot after a rather large gettext merge made a few incorrect changes. Most of them should be fixed now, try a new snapshot.

Nope it just caught in a loop writing rubbish to the file. This was a machine error not pfsense.

I am too Junior to design. Also, I really want PfSense to be better on all aspects than everyone else. And above is my honest opinion, try it yourself to see…

hi, I have been checking this out further.  I have the carp on the bridge0, because the wan ip of the server is defined on the bridge0 interface in pfsense.  So I can not move the carp ip to one of the two joined interfaces as they don't have an ip assigned. Should I ignore this error, If so will this logging be removed in the release version as it fills up the tty and makes it unusable? Or should I configure this in another way? Thanks

That is also covered on the Doc wiki: http://doc.pfsense.org/index.php/Full_install_on_Netgate_Hamakua