I added a note to the upgrade guide that users may want to uninstall packages first when going from 1.2.x to 2.0. There are some packages that cause problems and there's no way to go back and change existing installs to fix that, by the time the new version is running it's too late in some instances (though we've worked around that as much as possible).

I have tried that command already. That didn't work.

I figured out the issue. Not sure if it's something to do with the latest snapshots or Squid itself. Pretty sure its not Squid as this issue never came up in builds before April 10th.
When you install Squid the directory /var/squid/cache is deprived of system rights on "write" to a degree that Squid cannot crate the sub directories and fails to start.

What I did was.. installed Squid, configured it, rebooted. Squid fails to start on first reboot. Deleted /var/squid/cache directory through File Manager and then went into packages and did a Squid "reinstall" package. This time the reinstall creates the cache directory with the correct access permissions. Reboot again to ensure everything is in order.

I had one question on the level of Squid configuration. Please shed some light on this.

I have 4GB RAM and 120GB hdd.

What would be the best performance settings in Squid Cache Mgmt for..

Hard disk cache size = ? (I have it at 3000MB) HArd Disk cache system = ? ( I have aufs) Memory cache size = ? (I have 1000MB) Minimum object size = ? (default 0 is fine??) Maximum object size = ? (I have 256KB) Level 1 subdirectories = ? (I have it at 16, should I go for more? If so how much?) Memory replacement policy = ? (I have Heap LFUDA)
8 ) Cache replacement policy = ? (I have Heap LFUDA)

Ok I'll try to go with the outbound rule, thanks

I was refering to changing the MAC of the client dependant on which VLAN it is.

Yeah, I understood it that way, and you are right it would solve it. However.. aside from the fact that my iPhone might not have that type of script capability ;D it really does not matter provided there is no potential error to be had. I never use the same device at the same time on both nets (of course!) so I am happy to see it listed twice now I understand why it happens.

Its only for testing anyway- the reserved ip locks to an unrestricted bandwidth setting, and the other "unreserved" ip adopts the network-wide bandwidth limits (ie. what the students get).

I will try and find an early morning where I can experiment a little with the LAN / VLAN config as you suggest.
Thanks again for your care and advice. All seems to be well now!

Mike.

I think I remember seeing CRL messages in my logs as well. It probably tries to check CRL upon client connection to see if user certificate has not been revoked. As long as you don't revoke certificates I would not worry about this.

Sweetsauce.  Thanks for helping on such an awesome project!

Looks like ermal already checked in a fix. Try out a snapshot from tomorrow and see how it goes.

I will do that tonight and I will watch it and let you guys know if I still have issues.

Finally i managed to build iso. if some one need pptp path thrue and pptp server i can place it on ftp. starting from today i go to make daily builds. i need help with test.

That has to be secured at the switch (layer 2) level.

That, or use static arp and hardcode everyone's MAC address.

I did the same.

Added a line to 'usbdevs' and a line to 'u3g.c', compiled the PFsense kernel and installed it on my box.
But the Huawei K4505 will only see 2 disks (1 CDrom and 1 flashdisk). No serial ports what so ever.

Are you sure these are the only changes you made to enable youre K4505 on PFsense?

thanks,
bas

Assign yourself a static IP matching the new LAN subnet or make the change to DHCP @ console. It's maybe a lack of convenience but you're informed to update the DHCP, they probably expect you to know that traffic will not get routed to a different subnet without a gateway. (If you change the LAN IP to 192.168.0.1/24, and you're still using the previous subnet (say 192.168.1.1/24), then you'll make requests to a gateway (because you're trying to send traffic on a different subnet) that no longer exists and your traffic goes nowhere.

@sidhupf:

DHCP range change does not take BEFORE applying the LAN IP change. Never get the chance to change DHCP range after applying cuz the system becomes unresponsive. Also tried disabling DHCP which changing LAN IP - same unresponsiveness. Have NOT been able to find a solution to this.

It depends on the product.
I did not say it IS a bug but that it is a feature.

You have to learn a product before judging it, and i do not think the way a product you are used to does things should apply to all other products!
pfSense applies rules twice once a packet is incoming and once when the packet is leaving an interface hence the behavior you are seeing.
Furthermore, you are configuring pfSense so its trying to do what you told it to.

after hours of hours of trying to fix the nat with the xbox i never solved the problem so what i did was i changed the Xbox to use DHCP and not static ip and enabled UPNP since UPNP does not work with static ip don't know exactly why anyway so now it works the way i do not want it to work but it works :)

Thanks for all suggestions unfortantly none of them did work except for the UPNP part but i had to use DHCP for my xbox to have it to work :)

I can confirm that both L2TP and PPTP is working for me using Acrobit SIP clients. I'm using Nexus S, rooted, running stock 2.3.4. I was not able to connect with L2TP before as I think it was not automatically opening L2TP ports on the WAN interface as with PPTP.

I am highly grateful for the feedback. Thank you.

Thanks!

Hi

I tried a snapshot in the beginning of this week, but I ran into other problems.  There were strange problems with openvpn which prevented our vpn tunnels to become connected, so I reverted back as I was unable to find the cause for openvpn not working.