It's intended to be the # of days between refreshes.

The code will check the age of the file, if it's more than <x>days old, it downloads a new copy. (or it will once I put the cron job in)

For now to force an update just edit the alias and save it without making changes, that should always download a fresh copy.</x>

2.0 has e-mail notifications but as far as I know, there are no packages that support sending notifications in this way.

I've just upgraded to pfSense-Full-Update-2.0-BETA1-20100421-2213 and gitsync'd to catch up.

The last activity column seems to be working now but I'll test further tonight and report back, Ill update the open ticket for this issue too.

Thank you

Slam

@arriflex:

That is what I have done. It's certainly not a crucial situation for me, and I didn't know any better when I did it back in the 1.2 release when I first started with pfSense. That it worked then, and didn't now is the only reason I brought it up.

Thanks again, sorry to distract from more pressing matters.

Any chance you still have a config backup and a CD around for 1.2 that you could toss on a spare box and see what is different about its dhcpd.conf that caused it to work? (Perhaps they were quoted or put in some other way)

It may have been an older version of ISC-DHCPD that allowed it, but I suppose it's possible something else changed in how the config was written. There was about a two-year gap between 1.2 and 1.2.3.

As wallabybob pointed out, hostnames should start with a letter, so the numeric hostnames are invalid. But if that is the case then the GUI should also be rejecting those as invalid hostnames.

Ok, it worked now, but I do not know what I did different. Will run a few test to find out what it could have been, I suspect siproxy being installed created some issues…?

It could be something related to your network card(s) then, what type of network cards do you have? (Usually indicated by the device name under Interfaces > (assign))

Efonne ans jimp thanks for your attentions ,now validations working,I installed new snap and add to URL alias same string(httt://www.google.com).

Here is error output:

The following input errors were detected:

* You must provide a valid URL.

these r the systemlog entries related to schedules

Apr 21 22:00:03 php: : The command '/sbin/pfctl -y 4bc82e06afa09' returned exit code '1', the output was 'pfctl: DIOCKILLSCHEDULE: Permission denied' Apr 21 22:00:03 php: : The command '/sbin/pfctl -y 4bc82e06afa09' returned exit code '1', the output was 'pfctl: DIOCKILLSCHEDULE: Permission denied' Apr 21 22:00:03 php: : The command '/sbin/pfctl -y 4bc82e06afa09' returned exit code '1', the output was 'pfctl: DIOCKILLSCHEDULE: Permission denied' Apr 21 22:00:03 php: : The command '/sbin/pfctl -y 4bc82e06afa09' returned exit code '1', the output was 'pfctl: DIOCKILLSCHEDULE: Permission denied' Apr 21 22:00:03 php: : The command '/sbin/pfctl -y 4bc82e06afa09' returned exit code '1', the output was 'pfctl: DIOCKILLSCHEDULE: Permission denied'

well that certainly explains the error then …. thanks =)

My work has not gone into the main source tree yet, though I think it was almost approved at one point (I think I didn't commit it yet because no one else had tested it, to the best of my knowledge).  The implementation in my source tree does fully support aliases, since it is done in pf instead of redirecting to a port handled by an external program.

I may need to rework it a bit because of some conflicting code that may be making its way into the main source tree.  My code doesn't currently conflict with what is in the main source tree, but I think I'd rather work through the conflicts in my code than make the others work through the conflicts that my code would have with theirs.

@cmb:

If you aren't familiar with IPsec and tunnel vs. transport mode, phase 1 and 2, etc. it's not something you'll be able to successfully deploy right now. Hang tight and check the status of that ticket on occasion, once we determine how to best handle the IPsec portion and get that implemented it will be easy to work with.

Thanks for the quick reply cmb.

Will keep an eye on the progress and looking forward to trying it out.

Just recently stumbled on pfSense. It's a very impressive accomplishment for whoever is doing all this work !

Jay

Hi there,

yes it is true I am using L2TP without IPSEC (we have wireless links and we are using EAP with WPA2 Enterprise , so we don`t need additional encrypting)

The Changes are made:

we use different Ports for the radius Server, so I added them.
we don`t want to offer any kind of compression so we disabled it completly.

the new mpd.conf for l2tp looks like this

l2tp:         load l2tp0         load l2tp1         load l2tp2         load l2tp3         load l2tp4         load l2tp5         load l2tp6         load l2tp7         load l2tp8         load l2tp9         load l2tp10 ........ ..... l2tp1:         new l2tp1 l2tp1         set ipcp ranges 10.65.31.1/32 10.65.254.1/32         load l2tp_standard l2tp2:         new l2tp2 l2tp2         set ipcp ranges 10.65.31.1/32 10.65.254.2/32         load l2tp_standard ...... l2tp_standard:         set bundle disable multilink       # set bundle enable compression         #set bundle yes crypt-reqd         set ipcp yes vjcomp         # set ipcp ranges 131.188.69.161/32 131.188.69.170/28         #set ccp yes mppc         set iface disable on-demand         #set iface enable proxy-arp         set iface enable tcpmssfix         set iface idle 0         set iface up-script /usr/local/sbin/l2tp-linkup         set iface down-script /usr/local/sbin/vpn-linkdown         set link yes acfcomp protocomp         set link no pap chap         set link enable chap-msv2         set link mtu 1420         set link keep-alive 60 660         set link fsm-timeout 15         set ipcp dns 10.64.1.1 10.64.1.235         set radius server 10.64.1.235 "our secret passwd" 1860 1861         set radius retries 3         set radius timeout 10         set auth enable radius-auth         set radius me 10.64.1.1         set auth enable radius-ac

so I tried to increase the keep alive timeouts and tried to set the link fsm-timeout to 15 (2 is std.)
but nevertheless our connections are dropping from time to time (avergage every 30 minutes)

any ideas about the connection drops?

any1 to confirm this?

known issue, there is a ticket open: http://redmine.pfsense.org/issues/show/337

@xbipin:

when rules r out of the schedule period, the icon turns red and on mouse over says traffic matching this is being denied so i guess that needs to be changed now.

Opened a ticket on that, thanks.

solved on the 18th april snapshot but i still see these in the system log

Apr 18 13:33:18 php: : The command 'route add -host 195.229.252.33' returned exit code '1', the output was 'route: writing to routing socket: Invalid argument add host 195.229.252.33: Invalid argument' Apr 18 13:33:18 php: : The command 'route add -host 195.229.252.33' returned exit code '1', the output was 'route: writing to routing socket: Invalid argument add host 195.229.252.33: Invalid argument' Apr 18 13:34:06 php: : The command '/sbin/sysctl net.inet.flowtable.enable=0' returned exit code '1', the output was 'sysctl: unknown oid 'net.inet.flowtable.enable''