So far so good on today's snapshot.  I will update if anything happens with all of my config info.

Thanks for catching that. I commited a fix: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/94d455da18258787132860d8ee203a3523a7d9b3

thanks Jim! Yeah, I wont be setting that up on the router

I was looking for it too much time without sucess, many other Firewall systems have this feature avaible by default at devices from Juniper,Cisco or Firtinet hardware vendors and Vyatta or Astaro as software vendors dont know why authors and developers dont put it avaible as a feature without necesitie of make any hack into the SO. Please ermal can you tell me how to do it? I need to copy Diffserv bit from clear packet to encrypted one (IPSEC tunnels)and reverse. If I cant do it, I will have to change firewall distro to vyatta to support VoIP of my Alcatel PBX. Many thanks

This patch is now useless since port alias support was implemented. Thanks :) This also means that what some people asked for in this thread is now possible.

Yes, this seems to be a pretty common thing. Somehow at the moment the package system on pfsense is not properly synced with the pkg system for freebsd. I believe the main dev team for pfsense is aware of this and its in the cue to be fixed. In the interim, you can find out what packages are installed on your system by typing in a shell #pkg_info ... ... bandwidthd-2.0.1_4  Tracks bandwidth usage by IP address ... ... Look for the version of nmap you have installed in the list that you end up with after running pkg_info. Then type # pkg_delete nmap_#.# # pkg_add nmap where #.# are the previously installed version. This will install all the required dependent libraries and packages…probably. It doen't work perfectly for ntop, but has fixed several other packages for me. Dave

I'm sad to report some problem we have with 0.8 that we did not have with a snapshot from the week before. I'm using x509 with a unique cert assigned to each of ~ 10 mobile peers. I had to switch from using asn1 dn for id on both sides to using the server's ip on one side and asn1 dn on the client to get through phase1 - I don't know why that happened (forgot to grab logs of that) Now i have all the mobile client connected again with one fairly minor problem (detailed below) At a site with two clients behind the same NAT, when one gets DPDed (i'm makin' it a verb dammit) the other sa gets deleted 10 seconds later. Should this go upstream? Feb 16 20:44:32 cujo racoon: [96.233.121.193] INFO: DPD: remote (ISAKMP-SA spi=1b1561a52a7ee073:72a9610bf3426989 ) seems to be dead. Feb 16 20:44:32 cujo racoon: INFO: purging ISAKMP-SA spi=1b1561a52a7ee073:72a9610bf3426989. Feb 16 20:44:32 cujo racoon: INFO: generated policy, deleting it. Feb 16 20:44:32 cujo racoon: INFO: purged IPsec-SA spi=2355238107. Feb 16 20:44:32 cujo racoon: INFO: purged IPsec-SA spi=181612763. Feb 16 20:44:32 cujo racoon: INFO: purged ISAKMP-SA spi=1b1561a52a7ee073:72a9610bf3426989. Feb 16 20:44:33 cujo racoon: INFO: ISAKMP-SA deleted 216.177.7.226[4500]-96.233.121.193[4500] spi:1b1561a52a7ee0 73:72a9610bf3426989 Feb 16 20:44:42 cujo racoon: INFO: generated policy, deleting it. Feb 16 20:44:42 cujo racoon: INFO: purged IPsec-SA proto_id=ESP spi=698705967. Feb 16 20:44:42 cujo racoon: INFO: purging ISAKMP-SA spi=61974f5574b5226a:6b9d10203bcb3a5d. Feb 16 20:44:42 cujo racoon: INFO: purged IPsec-SA spi=67173315. Feb 16 20:44:42 cujo racoon: INFO: purged ISAKMP-SA spi=61974f5574b5226a:6b9d10203bcb3a5d. Feb 16 20:44:43 cujo racoon: INFO: ISAKMP-SA deleted 216.177.7.226[4500]-96.233.121.193[28505] spi:61974f5574b5226a:6b9d10203bcb3a5d

Committed that regex to mainline. Should eventually make it into snapshots: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/3e8b3cccab55f02be654ba342ac9d0e02c719d78

Who said it's a typo? The change was on Valentine's Day… could be a heart beat, could be musical. ;-) Next snap should be back to normal though.

Thanks. I honestly thought that I had tried 10.1.35.0/24 before I did a post but maybe it was before I resolved a FW rule and didn't go back to it. Things seem to be working now. Thanks for making me look at it again!

@jimp: gosign, Were any of your gateways set to default? Can you edit /usr/local/www/system_gateways_edit.php and change the code on line 210 to instead read: if (isset($config['gateways']['gateway_item'][$i]['defaultgw'])) unset($config['gateways']['gateway_item'][$i]['defaultgw']); will do later today, i got my 1.2.3 Install back online at the moment. WAN1 was set as the default GW. Also, if it's been a while since you have made any gateway changes, you may need to edit and save each gateway without changing anything first, to ensure they are all in the proper format. It was a week old fresh 2.0 install and i never changed anything there. i only created a GW-Failover group to check 2.0 multi-WAN failover but never really used it.

Yes, working as before, thank you.

Working on it :-) Another NetGate deploy tomorrow, just assembled it tonight with the Feb 15th snapshot. It may still be beta5 or beat5, but I'm still putting it into production for contract customers where we have a lot of control and ease of access should anything go wrong :-)

Update to the new snapshot that's up now, give it another try.

Honestly unless you're hosting a game you should be ok. Make sure your outbound under NAT is set to automatic. @jigglywiggly: That's the thing I have static ports setup for everything. Let me double check.

I, too, am noticing that no LAN rules get created, just a few snapshots ago (circa new years?) would create the LAN rules, what gives? -Andy