• Snort is not reconfigured

    Locked
    1
    0 Votes
    1 Posts
    898 Views
    No one has replied
  • Ntp_intres.request: permission denied

    Locked
    14
    0 Votes
    14 Posts
    16k Views
    M

    I have also updated to a snapshot which has the lines moved - unfortunately not a real improvement.
    I have tried switching to direct IPv4 addresses which seems to work, so yet the problem somewhere lies with DNS.

    As I used to add a CNAME to our DCs (ntp1 and ntp2) I don't know if it's related to the usage of that yet.
    I'lld try to add a host override too locally to see if it's taking too long for the local resolver to get an answer.

  • Cannot Define Table Bogonsv6

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    N

    On my main system which does not exhibit the issue the default max table entries is 200000.
    This system is an old DELL Insprion 5100 notebook with 2GB RAM.

    On the system that exhibited the problem the default max table entries was only 100000.
    That system is an i3 NUC with 8GB RAM.

    I'm thinking there is a problem with the default size calculation.  Perhaps a variable that needs to be a larger data type.

  • DHCP static ARP new column, what is it?

    Locked
    8
    0 Votes
    8 Posts
    2k Views
    P

    With WiFi and LAN bridged, the pfSense software is not going to be examining the detail of packets between WiFi and LAN. It will simply be forwarding packets back and forth between the 2 interfaces,  so that they look like one. It will only be when pfSense talks to the client itself that the static ARP comes into play.

  • Q: How often do the ports get rebuilt?

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    jimpJ

    building in a jail doesn't work last I knew. It used to take several patches to the jail system to allow things we need to work properly. I'm not sure what the current state is though.

    As nice as that sounds, it's probably not really all that necessary except from a theoretical/unit testing type perspective. In reality most builders keep going indefinitely and don't need much prodding. The case with pcre would be unnoticed by someone who didn't update their ports tree or rebuild pfPorts. We could have kept building with what we had indefinitely, but the ports would have been outdated.

    In our colo we do have several "base" VMs that we clone from when making new builders, but they can also get a little stale now and then.

  • Crash report bandwidthd. No Graph

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    J

    Ok,

    Well I bit the bullet and did a complete reinstall of pfsense i386 dec 8 build and restored my configuration. This has seemed to fix the bandwidthd problem of viewing the graphs.

    Conclusion.. upgrading from the stable 2.01 build to the 2.1 nightly build can cause issues. I suspect as mentioned in my other post

    http://forum.pfsense.org/index.php/topic,56788.0.html

    that it has to do width multiple versions of the same dependency files ie:png or libconv

  • 0 Votes
    4 Posts
    2k Views
    C

    Sounds like we're missing input validation to prevent unsupported configs in the underlying relayd, you can't have v6 on one side and v4 on the other.

  • Squid3 on 2.1

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    Q

    HI. Using of the the latest snapshots i'm getting some security and browsing issues with the latest pfsense snapshots and squid3 package.

    I have to say that latest pfSense snapshots look and work even better than pfSense 2.0.1 so i'm using the latest snapshots for production environment even if tons of people want to suggest me not to.

    The only issue i'm having is with Squid3 installed from pfSense packages.
    No matter what setting i put i always have issues logging into facebook. Sometimes it does logs in but then it doesn't work properly. Sometimes even shows me other clients facebook walls but soon it requires me to log in.
    That means that i can actually have a preview of other facebook walls that belong to other people without logging into theirs.

    Sometimes it just tries to log in but then facebook tells me i have cookies turned off!

    Below this i pasted the squid setting i have been using for several months and worked always good.

    A nice gentleman in this forum told me to set dns_v4_first on; (default is off) to make sure https works fine in IPv4 networks but no matter if dns_v4_first is on or off the facebook login issue is still there.

    GMAIL, HOTMAIL and other HTTPS websites didn't work at all until november 2012 when somebody fixed the latest squid package. Now it works with GMAIL, Hotmail and stuff but with facebook there are still issues. Maybe there are problems with other https websites as well but i could not test squid3 as much to find out more.

    This is my squid configuration setting: please tell me if there is something that could affect HTTPS compatibility and caching efficiency.
    Note that this is the most aggressive caching config i could set for squid.
    It always worked fine until i used the latest squid3 packages.
    It also works fine with squid 2.7 and Lusca cache.

    refresh_pattern -i .$ 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http:// 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://. 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.-* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://... 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...-* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://....net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://..org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.gg.in.th 99999 999999% 99999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://.org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www.....net 99999 999999% 99999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www....net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www...org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^http://www..org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://www..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i ^https://www.*.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(3g2|3gp|asf|asx|avi|divx|flv|iff|ifo|m3u|m4a|m4v|mov|mpa|mpeg|mpe|qt|qtm|viv|mpg|ogg|rm|rmvb|scr|swf|vob|wmv|x-flv|xvid)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate override-lastmod store-stale;
    refresh_pattern -i .(aif|aiff|amr|cda|mid|wav|wma|midi|au|ram|ra|snd|mp2|mp3|mp4)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(3dm|ai|ani|art|bmp|cdr|cdt|cmf|cur|drw|dwg|dxf|eps|eps2|gif|icl|icm|ico|indd|jpeg|jpg|jpe|max|pct|pcx|png)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(ps|psd|psp|qxd|qxp|rels|svg|tga|thm|tif|tiff|wmf|wrl|xbm|xcf|xif|yuv|pnm|pbm|pgm|ppm|rgb|xpm|xwd|pic|pict)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(accdb|bfc|cbr|chm|csv|db|dbf|doc|docx|dot|hlp|kml|Kmz|lab|log|mdb|msg|odt|ost|pages|pdb|pdf|pps|txt|ppt|pptx|pst|pub|rtf|wpd|wps|wri|xlr|xls|xlsx|xlt)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(app|bat|cmd|com|exe|gadget|msi|pif|vb|wsf|torrent)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(8bi|bin|cat|cpl|dbx|dll|drv|gam|hex|hqx|lnk|nes|plugin|reg|rom|sav|sys|xll)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(arj|sit|zip|rar|rgz|psf|lzh|lha|cab|tar|tgz|gz|Z|wp|wp5|7z|pkg|rpm|sea|sitx|tar.gz|zipx|prn|srf|tex|latax|gpf|upd|jar|bz2|gzip|ace|kf|a[0-9][0-9]|r[0-9][0-9])$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(fnt|fon|otf|ttf)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(dmg|iso|toast|vcd)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(api|bas|c|cbl|class|cpp|cs|dtd|fla|java|m|pl|py|vbx)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(bak|bup|cdl|cfg|dat|deb|dss|dvf|efx|emf|eml|gho|gpx|ini|key|keychain|m4b|m4p|mcd|mim|mswmm|ori|prf|ptb|qbb|qbw|raw|sdf|ses|sql|ss|tmp|uue|uxx|vcf|xml|xsl|xtm)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i .(ht|htm|html|shtml|xhtml|css|js|jsp|asp|cer|cgi|csr|part|php|phtml|rss)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern ^gopher: 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern ^ftp: 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern . 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
    refresh_pattern -i (/cgi-bin/|?)$ 0 0% 0;
    tcp_outgoing_address 127.0.0.1;
    max_filedescriptors 65536;
    quick_abort_min 0 KB;
    quick_abort_max 0 KB;
    quick_abort_pct 0;
    ie_refresh off;
    client_db off;
    range_offset_limit 0;
    reload_into_ims on;
    retry_on_error on;
    via off;
    refresh_all_ims on;
    half_closed_clients off;
    vary_ignore_expire on;
    strip_query_terms on;
    server_persistent_connections on;
    ipcache_size 16384;
    fqdncache_size 16384;
    log_fqdn off;
    positive_dns_ttl 999 hours;
    negative_dns_ttl 999 hours;
    negative_ttl 999 hours;
    dns_v4_first on;
    pipeline_prefetch on;
    maximum_object_size_in_memory 384 KB;

  • 0 Votes
    1 Posts
    2k Views
    No one has replied
  • OpenVPN and routing

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    R

    Ok, my fault, i misunderstood your post.

    If i have time this w-e, i'll try to use the latest x64 image with my config and see if it works and if the gateway is showing.

  • Not reset interface when adding VLAN

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    D

    It is only one port card Gigabit ethernet

  • Disable interface without delete the configuration

    Locked
    3
    0 Votes
    3 Posts
    808 Views
    GruensFroeschliG

    I'm not sure if that's what you want to do, but did you try the checkbox
    Interfaces –> name_of_interface --> "Enable Interface"

    All rules for this interface won't be deleted and are still there if you enable the interface again.

  • Upcoming ipsec-tools 0.8.1

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    D

    Something seems to be moving afterall in the ipsec-tools front:

    http://sourceforge.net/mailarchive/forum.php?thread_name=20121212115419.1e94b02b%40vostro&forum_name=ipsec-tools-devel

    The patches applied since the original mail are:

    2012-08-29  Timo Teras <timo.teras@…>* src/racoon/isakmp_inf.c: From Roman Hoog Antink <rha@...>:
              Accept DPD messages with cookies also in reversed order for
              compatiblity. At least Cisco 836 running IOS 12.3(8)T does this.

    * src/racoon/oakley.c: From Roman Hoog Antink <rha@...>: add
              remote's IP address to the "certificate not verified" error message.

    * src/racoon/oakley.c: From Roman Hoog Antink <rha@...>: do not
              print unnecessary warning about non-verified certificate when using
              raw plain-rsa.

    * src/racoon/isakmp.c: From Rainer Weikusat
              <rweikusat@...>: Release unused phase2 of
              passive remotes after acquire.

    * src/racoon/isakmp.c: From Wolfgang Schmieder
              <wolfgang.schmieder@...>: setup phase1 port properly.

    * src/racoon/: cfparse.y, cftoken.l, racoon.conf.5: Allow inherited
              remote blocks without additional remote statements to be specified
              in a simpler way. patch by Roman Hoog Antink<rha@...></rha@...></wolfgang.schmieder@...></rweikusat@...></rha@...></rha@...></rha@...></timo.teras@…>

    According to the discussion, there are two last patches to be committed any day now:

    Attached patch is a somewhat smarter X509 subject name compare.
    X509 names may contain entries with different encodings (like UTF-8)
    The old code (some copy from the ancient openssl 0.9.7 release)
    did not handle that.
    The new code does only handle stripping of the wildcards from the name
    and let openssl do the compare of all non wildcard entries…

    And another patch to check that building ipsec-tools is done with a reasonably recent OpenSSL 0.9.7 or newer

  • Mon Dec 10 18:06:55 EST 2012 : problem when reloading filters and CARP

    Locked
    1
    0 Votes
    1 Posts
    690 Views
    No one has replied
  • 2.1: NAT port forwarding problems (am i dumb or what?!)

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    ?

    Thanks for your help wallabybob and cmb!

    Your were right, IP was private. Luckily, for my current provider (www.drei.at) it is possivly to change from a private to a public IP just by setting this in your account options online. Interestingly "Open Internet" ist set to OFF as default… Found this information after browsing some local UMTS forums.

    Now the NAT and firewall rule work as expected.

  • Add interface : not reset all interfaces (and CARP)

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    D

    Here is the issue : https://redmine.pfsense.org/issues/2715

    Thanks !

  • Latest Version

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    R

    Thanks for the reply. I do realize there can be multiple builds daily. I should have specified that I tried updating multiple times from my current version to the version listed. I'm just going to try to update to today's latest build. I assumed it would eventually sort itself out, but I did want to let the community know what was going on. =)

  • RADVD and CARP and DNS

    Locked
    1
    0 Votes
    1 Posts
    887 Views
    No one has replied
  • It doesn't reboot from GUI or console

    Locked
    10
    0 Votes
    10 Posts
    3k Views
    B

    @johnnybe:

    Halt from GUI or console doesn't work as well. I still need to press the power button off/on.

    I note proxy_monitor.sh. Try uninstalling squid and test. Then try installing the squid3 package instead.

  • MOVED: Floating rules: outbound block rules not silently dropping packets

    Locked
    1
    0 Votes
    1 Posts
    716 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.