Yes. I agree with billm. It would be very bad to use individual ID's with git. The concept of git just does not make sense with ID's in the file. Instead this would definitely make it much less flexible. If you want to know the ID of a file you better install git on your own and check out the respective version.

@kapara:

When I check the box to enable IPSEC VPN and click save I get the following error:

Fatal error: Cannot break/continue 1 level in /etc/inc/vpn.inc on line 1489

Then GUI locks up.  After a couple of minutes I log back in.  The enable check box is checked and I am able to setup VPN tunnel

This should be fixed now.  Thanks

–Bill

Hi
thanks for update !
pfSense-Full-Update-2.0-ALPHA-ALPHA-20090208-0149

Openvpn tunnel 1 and 2 ok !
if add third tunnel , inactivity timeout again !

Feb 9 18:14:00 openvpn[29054]: UDPv4 link remote: [undef] Feb 9 18:14:00 openvpn[29054]: UDPv4 link local (bound): 83.20x.x.x:1196 Feb 9 18:14:00 openvpn[29054]: Preserving previous TUN/TAP instance: ovpns3 Feb 9 18:14:00 openvpn[29054]: LZO compression initialized Feb 9 18:14:00 openvpn[29054]: Re-using SSL/TLS context Feb 9 18:13:58 openvpn[29054]: SIGUSR1[soft,ping-restart] received, process restarting Feb 9 18:13:58 openvpn[29054]: [ovpnnat] Inactivity timeout (--ping-restart), restarting Feb 9 18:12:57 openvpn[29054]: Initialization Sequence Completed Feb 9 18:12:56 openvpn[29054]: [ovpn] Peer Connection Initiated with 90.xx.xx.xx:2061

up : all tunnel down : inactivity timeout after 12 hours

Hello,

It's been there since Mon Jan 19 18:12:20 EST 2009 built at least. Those messages are annoying but seems to be harmless so the developers would see it a low priority. WAN portion of RRD graphs are also gone too.

And, no new snaps so far since 20090201-1341.tgz

cheers,

@xbipin:

isnt it simple enough to edit /etc/platform and just add "pfsense" to convert it to full version and "embedded" to back again to embedded version

Why would that fix the issue of the Image running out of room?  It would just be a full version of pfsense with a small partition

@elctor: You can configure the traffic shaper on ANY rule that is present under Firewall->Rules.
You are just a very basic user to all advanced features that are on 2.0.
The Floating tab is there to allow you to create rules with out direction or that apply to any interface and some such(but that is not for you :). On any rule you create on 2.0 if you have created queues(configured the traffic shaper) you can assign a queue to it and it will show.
If you payed more attention you will see there is a column on the rule summary that says traffic shaper and shows the queues.

I will not comment anymore on this it just you need to read more.

Ok, Little more information to make this actually a useful post.

I am running the above listed version. This is my setup.

I have 2 pf-sense systems running a total of 6 network interfaces.
2 interfaces are for wan (wanA / wanB)
1 interface is for office-lan
1 interface has vlans for ServerLan1 / ServerLan2
1 interface is for pfsync (direct link)
1 interface is for management (if i have to plug in directly for one reason or another).

It appears that when setting pfsense to sync as listed in this guide.
    * Building a fully redundant Cluster with 2 pfSense-systems between WAN/LAN with CARP & pfSync / fSense CARP & pfSync failover-simulation
http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm

We are able to sync some things such as the firewall state table. No other information appears to be syncing to the other system.

However, it appears that after manually exporting the config from system 1 (pfbox-a) then importing it into system 2 (pfbox-b) and making the needed changes to Ip addresses/carp braudcast/sync/etc… We are able to see "Failover" with the carp but are still not syncing any config changes. Any changes to VIP's, Rules, IPSEC, CARP/etc aren't changing.

On system boot the states do sync from one system to the other and vice versa so that appears to be working. Also, we see a message saying that openVPN is syncing up. Im not exactly sure if this is true because we arent using openVPN (yet) but it is also the only message we see on boot claiming to be preforming a sync.

When sniffing the network traffic on the pf-sync interface i can see packets going back and forth and on the firewall i have an allow ALL rule set. It dose not appear to be throwing out any packets at this point. It just seems that it is not sending all of the data we want it to. We have even tried setting it to sync only one thing (alias/rules/etc..) and no matter which single thing we are trying to sync it appears that nothing is being sent to the 2nd box.

We have tried this same config on the "Stable" release and it appears to be properly syncing data from one system to the other. It just seems that this is a problem with the 2.x UNSTABLE versions.

Please let me know if anyone else is having this problem or if you have any suggestions. We have even tried to do a "Forced Sync" via the command line and it appears to not do anything more than we have seen before already.

-E

Ok I went into System > Advanced > System Tuneables

On this I enabled  net.inet6.ip6.redirect = 1

went into shell and killed that process and now it's at a nominal load

here

You can't right now. When that changes, we'll announce it.

To what end?  Obviously you don't want a firewall with this setup?  What is your ideal traffic flow.  A diagram may help my understanding.  I'm not sure how will the bridge function is working.  It would seem that the bridge crashes on reboot loosing their DHCP information and server function.  I have tried bridging multiple LAN ports and the bridge can no longer access the internet after reboot.  You can see my work and the advice of others here.  http://forum.pfsense.org/index.php/topic,12101.msg73547.html#msg73547

I have experienced this problem with rule generation as well. Also when creating rules, if I set state type to none, the rule will still be created with keep state. It will also always set the flags S/SA option even when no specific protocol is specified(although I don't know if pf will ignore this if the packet isn't TCP).

I can't speak to having Squid bound to the WAN interface, however your issue with everything being blocked via LAN seems like it would be related to the "Allow users on interface" tick box.  Click the box, press save, try the proxy from the LAN.  If that doesn't work, untick it, hit save, then tick it again, and hit save again.  For some reason, the setting needs to be cleared out after certain installs.

Might I ask why you were trying to use Squid on the WAN side?

Not yet, but it will be moving to FreeBSD 8-CURRENT at some point which has wider driver support (I don't know if that exact card is supported).

@samu:

thanks, I can see packages now. I was hoping to see Freenas package. I read somewhere it would be available in 2.0

It used to be in the branch that was going to be 2.0, but that was years ago, it's been abandoned. It won't be available in the foreseeable future.

It's fixed.

Here is another update,

It would seem my bridge failed.  I added another bridge to test the 2 on board realtek gigabit cards which are 8110 series if memory serves.  They didn't work under pfsense 1.2.  Anyway, the first time I rebooted the router, the bridges lost their ip address and DHCP servers.  I set them back up from the counsel and was able to get into the web gui but was unable to restore internet access.  I'm not quite sure why that is but I would guess its a glitch unless that was what "pfil_member = 0 and pfil_bridge = 1 was suppose to do".  To trouble shoot a bit more, I went back to a setting with a single bridge with network ports I knew should work.  After the first reboot, the same thing happened.

Further more, with 2 bridges set up, my CPU was pegged.  However, I cant blame this on the bridge or pfsense.  I suspect that was a problem with the realtek network cards.  Just so you know my setup, I'm running pfsense on a jetway j7f4e1g2.  It has a via c7.  In the pci slot, I'm running a dlink 4port 10/100 network card.

Out of curiosity, is there another place I should be posting this experience where it may be beneficial to the developers?

Anyway, I think I have had enough for one night.  Frustration is starting to get the better of me.  I'll keep watching this post and if any ideas strike me, I'll test them out and post my findings.
-V

@itsmorefun:

to fix: add a "&" in url : package.xmlid=0 become package.xml&id=0

Thank you for this fix!!  I've been able to access the FreeSwitch config's, by editing the address after error.  However, I'm at a loss to find the file within which I might change this line, permanently…  Any hints?