hm, makes sense :)

I have seen this happen before, usually when someone incorrectly used proxy arp VIPs on the master which sync'd to the slave as empty entries.

The DHCP server code needs a little better logic though in that regard, though. I thought I committed a fix for this when I found the issue, I don't see it now.

I checked the outbound nat rules… I never entered any so the only rule at hand is the default.  It was however set to manual outbound NAT rule generation (as shown in the first post above) and I changed that to Automatic outbound NAT rule generation and then rebooted the system and..... hold on... it's comin up.... darn near there.... hot damn!!! It's workin.

Thanks a bunch cmb.  I really appreciate your assistance.  What I have set up is a partial virtual environment making a half dozen of our physical servers all virtual with a virtual pfsense on the same power server.  I will continue to work with and test this until such time 2.0 is released for live use and will report any issues that may arise.

For anyone interested I'm using vmware's ESXi 4.1 on a dual xeon MT 3.4ghz 8gb server and thus far... I'm pretty darned tickled.

Thanks again cmb.

Your client config's TLS is wrong. Compare it to what the OpenVPN Client Export package exports, which is correct.

@cmb:

Probably because you're blocking DNS. Those services likely work, you just don't have DNS to reach them.

Thanks for the replay, i was thinking that the DNS settings and dns forwarder is enough no need for further rule adjustment .

Any way i created default block rule and activated log on it and found out that the HAVP transparent porxy blocked on the designated port which is 3128 , i just added this port to alias i have created and now its works smooth.
Thanks

Looks good!

Thanks  ;D

Also, be aware if you're traffic shaping and you're using secure pop3-s / smtp-s, you'll need to add those rules in the TS otherwise, regular mail will be faster than email.

after doing that, what next, meaning now how do i do a site survey find the remote access point and connect to it using its password?

That's traffic you shouldn't see blocked, looks like possibly you have asymmetric routing, which will break stateful filtering and cause things like that. Is there another path between the two networks?

I´m not sure.. but they could be as I have Idle Timeout configured for 10 Minutes and Hard Timeout to 180 minutes.

If you just needed a port forward on OpenVPN and you are only running a single OpenVPN server (or if you want it on all), it is actually now one of the options available on port forwards (available on all NAT rules actually).

Hi,

I need to dial PPTP to the ISP.
In my testing environment I only have WAN and Wi-Fi for LAN, so I set WAN to DHCP, created another interface (OPT1) on the PPPs tab and configured it to PPTP. I also uncommented the code you mentioned, but nothing happens.

I see the "connect" button on the "interfaces" status, and when pressed - nothing happens, no logged events, nothing.

By the way, OPT1 is disabled, if I enable it - it becomes a regular interface with PPTP configured, while it complaints that I entered invalid IP for remote PPTP server (I enter a hostname), and that kind of thing I could always do - no need for PPPs tab.

Am I doing something wrong?

@twan:

Well, multi-wan worked great on 1.2.3 with the same gateway on all interfaces. Will this not work any more? Or what do i need to do to make that work?

No it didn't, that has never been a supported configuration. pf's route-to must send traffic to a unique gateway IP for each WAN. It won't work correctly any other way. If you have multiple WANs with the same gateway only one will get used at a time, though which one can vary.

Great. Thank you for the help.

Nice.  ;D That's not in our code, and doesn't actually break anything, so we'll leave well enough alone.

@MrHorizontal:

I was asking whether load balancing be achieved at Layer 2 (ie MAC addresses/interfaces) instead of Layer 3 (ie IP addresses and gateways), without using LAGG?

No. Since it's going to be the same MAC, it's unpredictable which interface will see it first.

Thanks.

I added the option now.  But it seems my computers aren't getting the NETBIOS part.  Or there is something changed in dhcp service.

When I try to ping to my computers, all of them referred to hostname.localdomain and returned IP address as 67.215.65.132 (which is belonged to OpenDNS that I used); not their internal IP addresses (192.168.x.x).

Before switched to version 2.0, pfSense 1.2.3 I could just reference my computers and printer with their hostname (NETBOIS name).  Especially to my printer, my driver is setup with referencing to its NETBIOS name; now I should changed to its IP address.

One more note.  All my computers/printer are using static mapping of the dhcp service from pfSense.

Any suggestion?

-Raylund

yes

Thanks jimp.