I'm sorry but I think  I'm a little far from you, I'm in Chile, so could be to expensive for me to send a card to you.

I tried now with a Linksys PCI WiFi card, and it works, I set up it in AP mode, but it doesnt work as AP, its visible, I can conect to it, it provides IP via DHCP, but no routing and is not possible to connect to PFsense BOX by this interface, this is the configuration:

<opt1><descr>WiFi</descr>
  <if>ral0</if> <wireless><standard>11g</standard>
  <mode>hostap</mode>
  <protmode>off</protmode>
  <ssid>PF</ssid>
  <channel>1</channel>
  <authmode><txpower>99</txpower>
  <distance>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
  <wpa_mode>2</wpa_mode>
  <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
  <wpa_pairwise>CCMP TKIP</wpa_pairwise>
  <wpa_group_rekey>60</wpa_group_rekey>
  <wpa_gmk_rekey>3600</wpa_gmk_rekey>
  <passphrase>12345678</passphrase>
  <ext_wpa_sw><enable></enable></ext_wpa_sw></macaddr_acl></wpa></distance></authmode></wireless>
  <enable><spoofmac><ipaddr>172.27.101.1</ipaddr>
  <subnet>24</subnet></spoofmac></enable></opt1>

Regards
Alfredo

@jlepthien:

Can I also open up tickets when I find a bug? Or is it better if I post in the forum first to confirm it and wait for someone to open a ticket?

For something this blatant, it's fine to open a ticket yourself. For issues that are not well defined (i.e. not "Do X, Y, Z and you get ABC error"), post here first.

Should be fixed in newer snaps.

Sorry for being sooooooooo late …
it's workink since july..
many thanks

you can unlock the ssh lockout by typing
#pfctl -t sshlockout -T flush
from the webgui command page

@EddieA:

With option 2, Disable acpi, I get EXACTLY the same results as trying to boot pfSense.

So, booting with acpi disabled, it looks like even a "vanilla" FreeBSD can't cope.

Agreed, that one should be pursued with FreeBSD.

@EddieA:

But, with the Default, option 1, it boots into the OS cleanly.

But, for a normal boot, it looks like something in the tailoring, for pfSense, is the issue.

I think this one belongs to pfSense.

Cheers.

All but one of the packages need to be updated, I wouldn't expect any of them to work at this point other than OpenVPN Client Export.

What specifically are you trying to do?

CARP IPs are added under Firewall > Virtual IPs as always

And on that same page there is a CARP Settings tab, just like on 1.2.x

There is also Status > CARP as before

I was absolutely sure the keys were identical, but I had to pull one of the 2.0 boxes due to flakiness at our office and go back to an SG there for the time being.

@jlepthien:

If you have a good understanding of IPSec then you will get the tunnels up and running. We have connected our WatchGuards to almost every kind of other firewall system with success. Sometimes it needs some "tuning" but most of the time all "enterprise" products have the same settings so it is not a big deal…

Sometimes it's just the terminology between endpoint identifier types.

Yes, thanks for the info Fr3d! Learn something new every day. Who knows, maybe that will come in useful for me someday!

I think so. I created a new internal CA and then created a certificate using that CA. Then in the OpenVPN configuration, I have that CA and certificate selected. I also generated a cert for my user using that CA.

Simply installing and enabling siproxd did not fix the issue.  I had to turn off the static port map for port 5060 and everything works now.

Firewall->NAT->Manual Outbound NAT rule generation and then click on the rule for port 5060 and uncheck Static Port.

I'll try to edit it with PC-BSD.
;)

@carpa:

update :

running version pfSense-2.0-ALPHA-2g-20091213-1725-nanobsd-upgrade now

just tested again, and can now give more specific details about the L7-block issue :

-blocking a L7 protocol works, until the firewall blocks a not by the L7 matched traffic (which it shouldn't , like established http traffic as shown in the first post)
-when this happens, one can establish a connection with the blocked L7 protocol.

I've stumbled with this same issue also for a long time. Is this problem already fixed?

BR,

Tommi

@RagnaBaby:

Simultaneous client connection limit Maximum state entries per host Maximum new connections / per second State Timeout in seconds

Hello,

Got interested in using these. What kind on values would you recommend for 15/2 Mbps connection with ~ 50 users?

BR,

Tommi

Because it hasn't been added. It won't be for 2.0.