As a temporary workaround you can edit /usr/local/www/interfaces_ppps_edit.php, change line 431 from this:

$serialports = pfSense_get_modem_devices();

And replace it with this:

$serialports = glob("/dev/cua?[0-9]{,.[0-9]}", GLOB_BRACE);

See if that lets it through.

pfSense 2.1 doesn't use .tbz packages, and they aren't fetched from freebsd.org.

We use PBI packages, and bandwidthd is working last I knew.

You probably did more harm to your system than good by adding the package in that way.

The key does not belong to the CA but to your certificate. Just import the CA without a private key.

ca => CA certificate
cert => User certificate
key => User private key
tls-auth => TLS static key

http://www.packtpub.com/article/new-features-of-openvpn-2-1-and-2-2

You just need to add a block rule for any protocol, destination 224.0.0.13, with no logging. No need to disable the logging of the default block rule, that overrides it.

Hi tojaktoty & daplumber,

have either of you two had any success installing zfs as the filesystem on a pfsense installation in the meantime? I would be very interested in getting it going on my home setup :)

If helps, i'm using:
Alix 2D13.
The CF card i'm using: http://ec.transcendusa.com/product/ItemDetail.asp?ItemID=TS1GCF100I

In setup bios motherboard is set UDMA mode (against LBA).

UPDATE

Today i tried the same process but in the i386 version - same problems.

After that i tried installing squid and HAVP (because of the clamav part) letting HAVP disabled, and after reboot i no longer had those errors in PHP_error.log.

Now the thing is complaining that it can't open or create the log file.

Error opening/creating log file. (check ownership and access rights). I am running as nobody and I am trying to open /var/log/dansguardian/access.log

Tried modifiing the permissions of /var/log/dansguardian/access.log but still i get the same error both in system logs as when i try to start dansguardian from the console.

Any help??

Adding some logs to help diagnose issue

aaa.aaa.aaa.aaa is the LAN IP for pfSense
xxx.xxx.xxx.xxx is my WAN IP
yyy.yyy.yyy.yyy is my iphone's provider IP
zzz.zzz.zzz.zzz is the internal LAN IP for the PPTP client

Aug 15 00:32:48 pptps: [pt0] LCP: state change Closing --> Initial Aug 15 00:32:48 pptps: [pt0] LCP: LayerFinish Aug 15 00:32:48 pptps: [pt0] LCP: Down event Aug 15 00:32:48 pptps: [pt0] link: DOWN event Aug 15 00:32:48 pptps: [pt0] PPTP call terminated Aug 15 00:32:48 pptps: pptp0-0: killing channel Aug 15 00:32:48 pptps: pptp0: killing connection with yyy.yyy.yyy.yyy 54108 Aug 15 00:32:48 pptps: pptp0: ctrl connection closed by peer Aug 15 00:32:48 pptps: [pt0] LCP: state change Stopping --> Closing Aug 15 00:32:48 pptps: [pt0] LCP: Close event Aug 15 00:32:48 pptps: [pt0] link: CLOSE event Aug 15 00:32:48 pptps: [pt0] LCP: SendTerminateAck #5 Aug 15 00:32:48 pptps: [pt0] LCP: rec'd Terminate Request #3 (Stopping) Aug 15 00:32:48 pptps: [pt0] LCP: LayerDown Aug 15 00:32:48 pptps: [pt0] LCP: SendTerminateAck #4 Aug 15 00:32:48 pptps: [pt0] AUTH: Cleanup Aug 15 00:32:48 pptps: [pt0] CCP: state change Closing --> Initial Aug 15 00:32:48 pptps: [pt0] CCP: LayerFinish Aug 15 00:32:48 pptps: [pt0] CCP: Down event Aug 15 00:32:48 pptps: [pt0] IPCP: state change Closing --> Initial Aug 15 00:32:48 pptps: [pt0] closing link "pt0"... Aug 15 00:32:48 pptps: [pt0] No NCPs left. Closing links... Aug 15 00:32:48 pptps: [pt0] IPCP: LayerFinish Aug 15 00:32:48 pptps: [pt0] IPCP: Down event Aug 15 00:32:48 pptps: [pt0] CCP: LayerDown Aug 15 00:32:48 pptps: [pt0] error writing len 8 frame to bypass: Network is down Aug 15 00:32:48 pptps: [pt0] CCP: SendTerminateReq #2 Aug 15 00:32:48 pptps: [pt0] CCP: state change Opened --> Closing Aug 15 00:32:48 pptps: [pt0] CCP: Close event Aug 15 00:32:48 pptps: [pt0] IFACE: Down event Aug 15 00:32:48 pptps: [pt0] IPCP: LayerDown Aug 15 00:32:48 pptps: [pt0] error writing len 8 frame to bypass: Network is down Aug 15 00:32:48 pptps: [pt0] IPCP: SendTerminateReq #4 Aug 15 00:32:48 pptps: [pt0] IPCP: state change Opened --> Closing Aug 15 00:32:48 pptps: [pt0] IPCP: Close event Aug 15 00:32:48 pptps: [pt0] Bundle up: 0 links, total bandwidth 9600 bps Aug 15 00:32:48 pptps: [pt0] AUTH: Accounting data for user blablabla: 227 seconds, 2936 octets in, 4160 octets out Aug 15 00:32:48 pptps: [pt0] LCP: state change Opened --> Stopping Aug 15 00:32:48 pptps: [pt0] LCP: rec'd Terminate Request #2 (Opened) Aug 15 00:29:07 pptps: [pt0] IFACE: Up event Aug 15 00:29:07 pptps: xxx.xxx.xxx.xxx -> zzz.zzz.zzz.zzz Aug 15 00:29:07 pptps: [pt0] IPCP: LayerUp Aug 15 00:29:07 pptps: [pt0] IPCP: state change Ack-Sent --> Opened Aug 15 00:29:07 pptps: IPADDR xxx.xxx.xxx.xxx Aug 15 00:29:07 pptps: [pt0] IPCP: rec'd Configure Ack #3 (Ack-Sent) Aug 15 00:29:06 pptps: IPADDR xxx.xxx.xxx.xxx Aug 15 00:29:06 pptps: [pt0] IPCP: SendConfigReq #3 Aug 15 00:29:06 pptps: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Aug 15 00:29:06 pptps: [pt0] IPCP: rec'd Configure Reject #2 (Ack-Sent) Aug 15 00:29:06 pptps: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Aug 15 00:29:06 pptps: IPADDR xxx.xxx.xxx.xxx Aug 15 00:29:06 pptps: [pt0] IPCP: SendConfigReq #2 Aug 15 00:29:05 pptps: [pt0] IPCP: state change Req-Sent --> Ack-Sent Aug 15 00:29:05 pptps: SECDNS 8.8.8.8 Aug 15 00:29:05 pptps: PRIDNS aaa.aaa.aaa.aaa Aug 15 00:29:05 pptps: IPADDR zzz.zzz.zzz.zzz Aug 15 00:29:05 pptps: [pt0] IPCP: SendConfigAck #2 Aug 15 00:29:05 pptps: SECDNS 8.8.8.8 Aug 15 00:29:05 pptps: PRIDNS aaa.aaa.aaa.aaa Aug 15 00:29:05 pptps: zzz.zzz.zzz.zzz is OK Aug 15 00:29:05 pptps: IPADDR zzz.zzz.zzz.zzz Aug 15 00:29:05 pptps: [pt0] IPCP: rec'd Configure Request #2 (Req-Sent) Aug 15 00:29:05 pptps: [pt0] rec'd unexpected protocol IPV6CP, rejecting Aug 15 00:29:05 pptps: SECDNS 8.8.8.8 Aug 15 00:29:05 pptps: PRIDNS aaa.aaa.aaa.aaa Aug 15 00:29:05 pptps: IPADDR zzz.zzz.zzz.zzz Aug 15 00:29:05 pptps: [pt0] IPCP: SendConfigNak #1 Aug 15 00:29:05 pptps: NAKing with 8.8.8.8 Aug 15 00:29:05 pptps: SECDNS 0.0.0.0 Aug 15 00:29:05 pptps: NAKing with aaa.aaa.aaa.aaa Aug 15 00:29:05 pptps: PRIDNS 0.0.0.0 Aug 15 00:29:05 pptps: NAKing with zzz.zzz.zzz.zzz Aug 15 00:29:05 pptps: IPADDR 0.0.0.0 Aug 15 00:29:05 pptps: [pt0] IPCP: rec'd Configure Request #1 (Req-Sent) Aug 15 00:29:05 pptps: Decompress using: mppc (MPPE(128 bits), stateless) Aug 15 00:29:05 pptps: Compress using: mppc (MPPE(128 bits), stateless) Aug 15 00:29:05 pptps: [pt0] CCP: LayerUp Aug 15 00:29:05 pptps: [pt0] CCP: state change Ack-Rcvd --> Opened Aug 15 00:29:05 pptps: 0x01000040:MPPE(128 bits), stateless Aug 15 00:29:05 pptps: MPPC Aug 15 00:29:05 pptps: [pt0] CCP: SendConfigAck #2 Aug 15 00:29:05 pptps: 0x01000040:MPPE(128 bits), stateless Aug 15 00:29:05 pptps: MPPC Aug 15 00:29:05 pptps: [pt0] CCP: rec'd Configure Request #2 (Ack-Rcvd) Aug 15 00:29:04 pptps: [pt0] CCP: state change Req-Sent --> Ack-Rcvd Aug 15 00:29:04 pptps: 0x01000040:MPPE(128 bits), stateless Aug 15 00:29:04 pptps: MPPC Aug 15 00:29:04 pptps: [pt0] CCP: rec'd Configure Ack #1 (Req-Sent) Aug 15 00:29:04 pptps: [pt0] IPCP: rec'd Terminate Ack #1 (Req-Sent) Aug 15 00:29:04 pptps: 0x01000040:MPPE(128 bits), stateless Aug 15 00:29:04 pptps: MPPC Aug 15 00:29:04 pptps: [pt0] CCP: SendConfigNak #1 Aug 15 00:29:04 pptps: 0x01000060:MPPE(40, 128 bits), stateless Aug 15 00:29:04 pptps: MPPC Aug 15 00:29:04 pptps: [pt0] CCP: rec'd Configure Request #1 (Req-Sent) Aug 15 00:29:04 pptps: 0x01000040:MPPE(128 bits), stateless Aug 15 00:29:04 pptps: MPPC Aug 15 00:29:04 pptps: [pt0] CCP: SendConfigReq #1 Aug 15 00:29:04 pptps: [pt0] CCP: state change Starting --> Req-Sent Aug 15 00:29:04 pptps: [pt0] CCP: Up event Aug 15 00:29:04 pptps: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Aug 15 00:29:04 pptps: IPADDR xxx.xxx.xxx.xxx Aug 15 00:29:04 pptps: [pt0] IPCP: SendConfigReq #1 Aug 15 00:29:04 pptps: [pt0] IPCP: state change Starting --> Req-Sent Aug 15 00:29:04 pptps: [pt0] IPCP: Up event Aug 15 00:29:04 pptps: [pt0] CCP: LayerStart Aug 15 00:29:04 pptps: [pt0] CCP: state change Initial --> Starting Aug 15 00:29:04 pptps: [pt0] CCP: Open event Aug 15 00:29:04 pptps: [pt0] IPCP: LayerStart Aug 15 00:29:04 pptps: [pt0] IPCP: state change Initial --> Starting Aug 15 00:29:04 pptps: [pt0] IPCP: Open event Aug 15 00:29:04 pptps: [pt0] Bundle up: 1 link, total bandwidth 64000 bps Aug 15 00:29:04 pptps: [pt0] LCP: authorization successful Aug 15 00:29:04 pptps: [pt0] CHAP: sending SUCCESS len:42 Aug 15 00:29:04 pptps: Reply message: S=6755F6CB45EC2F39B77C5202F5D7A7C69A9EC717 Aug 15 00:29:04 pptps: Response is valid Aug 15 00:29:04 pptps: [pt0] CHAP: ChapInputFinish: status undefined Aug 15 00:29:04 pptps: [pt0] AUTH: Auth-Thread finished normally Aug 15 00:29:04 pptps: [pt0] AUTH: INTERNAL returned undefined Aug 15 00:29:04 pptps: [pt0] AUTH: Trying INTERNAL Aug 15 00:29:04 pptps: [pt0] AUTH: Auth-Thread started Aug 15 00:29:04 pptps: Name: "blablabla" Aug 15 00:29:04 pptps: [pt0] CHAP: rec'd RESPONSE #1 Aug 15 00:29:04 pptps: [pt0] LCP: LayerUp Aug 15 00:29:04 pptps: [pt0] CHAP: sending CHALLENGE len:17 Aug 15 00:29:04 pptps: [pt0] LCP: auth: peer wants nothing, I want CHAP Aug 15 00:29:04 pptps: [pt0] LCP: state change Ack-Sent --> Opened Aug 15 00:29:04 pptps: AUTHPROTO CHAP MSOFTv2 Aug 15 00:29:04 pptps: MAGICNUM b2dd1f0a Aug 15 00:29:04 pptps: MRU 1500 Aug 15 00:29:04 pptps: PROTOCOMP Aug 15 00:29:04 pptps: ACFCOMP Aug 15 00:29:04 pptps: [pt0] LCP: rec'd Configure Ack #3 (Ack-Sent) Aug 15 00:29:03 pptps: AUTHPROTO CHAP MSOFTv2 Aug 15 00:29:03 pptps: MAGICNUM b2dd1f0a Aug 15 00:29:03 pptps: MRU 1500 Aug 15 00:29:03 pptps: PROTOCOMP Aug 15 00:29:03 pptps: ACFCOMP Aug 15 00:29:03 pptps: [pt0] LCP: SendConfigReq #3 Aug 15 00:29:03 pptps: MP SHORTSEQ Aug 15 00:29:03 pptps: MP MRRU 1600 Aug 15 00:29:03 pptps: [pt0] LCP: rec'd Configure Reject #2 (Ack-Sent) Aug 15 00:29:03 pptps: ENDPOINTDISC [802.1] 00 15 17 36 ca 1c Aug 15 00:29:03 pptps: MP SHORTSEQ Aug 15 00:29:03 pptps: MP MRRU 1600 Aug 15 00:29:03 pptps: AUTHPROTO CHAP MSOFTv2 Aug 15 00:29:03 pptps: MAGICNUM b2dd1f0a Aug 15 00:29:03 pptps: MRU 1500 Aug 15 00:29:03 pptps: PROTOCOMP Aug 15 00:29:03 pptps: ACFCOMP Aug 15 00:29:03 pptps: [pt0] LCP: SendConfigReq #2 Aug 15 00:29:01 pptps: [pt0] LCP: state change Req-Sent --> Ack-Sent Aug 15 00:29:01 pptps: ACFCOMP Aug 15 00:29:01 pptps: PROTOCOMP Aug 15 00:29:01 pptps: MAGICNUM 344d9d4f Aug 15 00:29:01 pptps: ACCMAP 0x00000000 Aug 15 00:29:01 pptps: [pt0] LCP: SendConfigAck #1 Aug 15 00:29:01 pptps: ACFCOMP Aug 15 00:29:01 pptps: PROTOCOMP Aug 15 00:29:01 pptps: MAGICNUM 344d9d4f Aug 15 00:29:01 pptps: ACCMAP 0x00000000 Aug 15 00:29:01 pptps: [pt0] LCP: rec'd Configure Request #1 (Req-Sent) Aug 15 00:29:01 pptps: ENDPOINTDISC [802.1] 00 15 17 36 ca 1c Aug 15 00:29:01 pptps: MP SHORTSEQ Aug 15 00:29:01 pptps: MP MRRU 1600 Aug 15 00:29:01 pptps: AUTHPROTO CHAP MSOFTv2 Aug 15 00:29:01 pptps: MAGICNUM b2dd1f0a Aug 15 00:29:01 pptps: MRU 1500 Aug 15 00:29:01 pptps: PROTOCOMP Aug 15 00:29:01 pptps: ACFCOMP Aug 15 00:29:01 pptps: [pt0] LCP: SendConfigReq #1 Aug 15 00:29:01 pptps: [pt0] LCP: state change Starting --> Req-Sent Aug 15 00:29:01 pptps: [pt0] LCP: Up event Aug 15 00:29:01 pptps: [pt0] link: origination is remote Aug 15 00:29:01 pptps: [pt0] link: UP event Aug 15 00:29:01 pptps: [pt0] PPTP: attaching to peer's outgoing call Aug 15 00:29:01 pptps: [pt0] LCP: LayerStart Aug 15 00:29:01 pptps: [pt0] LCP: state change Initial --> Starting Aug 15 00:29:01 pptps: [pt0] LCP: Open event Aug 15 00:29:01 pptps: [pt0] link: OPEN event Aug 15 00:29:01 pptps: [pt0] opening link "pt0"... Aug 15 00:29:01 pptps: [pt0] Accepting PPTP connection Aug 15 00:29:01 pptps: pptp0: attached to connection with yyy.yyy.yyy.yyy 54108 Aug 15 00:29:01 pptps: PPTP: Incoming control connection from yyy.yyy.yyy.yyy 54108 to xxx.xxx.xxx.xxx 1723

Although this line might be revealing the issue

Aug 15 00:29:05 pptps: [pt0] rec'd unexpected protocol IPV6CP, rejecting

I've temporarily removed IPv6 configuration from my WAN. That was enough for web to use IPv4 for package installation.

Pfsense has CARP for running two boxes in failover.

Instead of trying to reinvent the wheel, why not setup your two units the way pfsense was designed?

I'm surprised I didn't see it either, but no matter how much I clicked around on two separate VMs, it was always as it should have been.

I didn't try a fresh VM though. Anyhow, when it does work, it's the best thing since sliced bread. :-)

That doesn't have anything to do with fragment reassemble, it just also happens to match the rule number that blocked it, 1.

http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

Replying to myself to document a resolution….

Worked with Tier4 support to get this fix but turned out to be a problem with the DHCP server at the ISP not responding to unicast renewals.  They have corrected the problem with my regional server.

The second part of this is that the BOGONs rule was preventing the reciept of the packet which required a rule to allow traffic from this specific IP.

I still would like to find out a way to have the dhclient send only broadcasts (even if it breaks the RFC) in the event this problem arises in the future.

"there is no authentication because M$ designed it" - what an idiotic statement

Anyway - to the admins/devs, thank you! This seems to be working much better now and makes my life a lot easier.