just checked /var/log/routing.log:
Oct 19 11:12:18 pfsense radvd[63803]: version 1.8.5 started
Oct 19 11:12:18 pfsense radvd[63803]: can't open /usr/local/etc/radvd.conf: No such file or directory
Oct 19 11:12:18 pfsense radvd[63803]: Exiting, permissions on conf_file invalid.
Oct 23 13:00:58 pfsense radvd[32884]: version 1.8.5 started
Oct 23 13:00:58 pfsense radvd[32884]: can't open /usr/local/etc/radvd.conf: No such file or directory
Oct 23 13:00:58 pfsense radvd[32884]: Exiting, permissions on conf_file invalid.
Oct 23 13:06:47 pfsense radvd[42472]: version 1.8.5 started
Oct 23 13:06:47 pfsense radvd[42472]: can't open /usr/local/etc/radvd.conf: No such file or directory
Oct 23 13:06:47 pfsense radvd[42472]: Exiting, permissions on conf_file invalid.

@daplumber:

Can someone who has Mobile clients working succesfully with IPSEC please share their Firewall rules config?

my client can connect from inside the NAT, and from outside when updating packages for some reason.

Take a look here:

http://forum.pfsense.org/index.php?PHPSESSID=eqvfsk9c6dar52lncgb39gc0s7&/topic,24752.msg130558/topicseen.html#msg130558

Hi Everyone,

After combing through all the Captive Portal code and countless hours of testing, here's what I found:

Due to the nature of the ipfw_context implementation, when running multiple captive portal zones at the same time, tasks such as login and prunning in one zone can be affected by / affect other zones. (i.e.: users logging in or being disconnected end up in limbo because the ipfw context was changed while adding/removing ipfw rules.

The way I decided to fix it was by reverting the execution lock logic back to what it was prior to the multi-zone captive portal implementation, applying one lock file for all zones. In addition to this, I've added a lock mechanism to the captiveportal_disconnect method to make sure that the disconnection occurs completely during prunning/manual disconnection.
Also, I've revised my previous fix to something more acceptable.

I would really appreciate if the devs could review this logic and apply it to the main trunk if it is an acceptable fix.

As a bonus, I've fixed another captive portal bug related to SSL certificates in different zones - the original code only allowed for one certificate.

Cheers,

Carlos

captiveportal.inc.txt
rc.prunecaptiveportal.txt

No. It's automatic, harmless, and is really not doing anything. It's not the cause of any problem you might have.

The stristr issue is due to $ip being blank in find_carp_interface. This has been reported in Redmine http://redmine.pfsense.org/issues/2645 and a fix proposed there. Someone who knows what the various forms of possible XML data structures in the CARP VIP section of the config can be could look at this and fix it. Pi Ba has proposed a solution that someone could review, test and commit.

I use "null", don't want to cache.
I just want to be able to block url's

deleting a limiter also results in this error with the latest snap

Fatal error: Call to undefined method dnpipe_class::GetName() in /usr/local/www/firewall_shaper_vinterface.php on line 101

Internet speed is definitely related to squid package.
And that while I did update the loader.conf and sysctr.conf which fixed speed before…
I tried version 2 and 3 but is not getting better  :(

I found what appears to be the problem. The following rouge line appeared in my config.

<mac_allow>00:00:00</mac_allow>

Other interfaces have the following line

<mac_allow>I think I have this fixed now. Thank you :)</mac_allow>

As a workaround Im using 1G image for 2G cards. The 1G image also works for my 1G cards. But the 2G image cannot auto upgrade on the 2G card.

In both cases Im using a Kingston SD Card

2G DP/N 0738M1
1G DP/N 0RX790

cheers - Thor

@jimp:

Should be OK now.

https://github.com/bsdperimeter/pfsense/commit/9e2822df05483a37c39cca3a5c993529d9245887

Thank you very much Jimp

I just delete "}" out from line 114 and now "Bulk import aliases from list" working again.

Doubt that would happen in time for 2.1 unless someone submits patches to do it.

Feel free to open a request on http://redmine.pfsense.org - just make sure the target is set to "future" and don't assign it to anyone.

I haven't heard of any updates so I ended up using an old Nortel BayStack 420 to do my VLAN and 802.1p tagging for data, left the ActionTec in place for TV. My network now looks like this:

ONT -> D-Link 10/100 Switch -> ActionTec (WAN internet turned off) VLAN 34/802.1p VI/4) -> Coax and Ethernet to Motorola Boxes                       |                                                        ^                       |                                                        | LAN port                       |                                                        | OPT1 DHCP (this is for management of the ActionTec,                       |                                                        | and I should be able to creatively route packets from Motorola boxes on my usual network)                       |                                                        ^                       -> BayStack Trunk port -> VLAN 35 untagged port -> pfSense box -> Usual network

And it actually works fine! :D

bandrich c331 3g modem..
http://www.bandrich.com/Data-Card_C330.html

The shortcuts for LAN subnet etc. do not currently expand to the 2 LAN subnets yet. That is not yet finished.

got similar problem, HANG + packet loss and need to reboot pfSense to make it work again.