$ setkey -D
213.xxx.xxx.xx 78.xxx.xx.xx
esp mode=any spi=3620357127(0xd7ca4407) reqid=16391(0x00004007)
E: aes-cbc  7686bf77 f62b0396 d41e52d4 65acc363
A: hmac-sha1  951974a6 81da8068 82e549bb 4d753766 0ff8689b
seq=0x00000183 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
diff: 4670(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
current: 271224(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 387 hard: 0 soft: 0
sadb_seq=7 pid=18139 refcnt=2
78.xxx.xx.xx 213.xxx.xxx.xx
esp mode=tunnel spi=128898573(0x07aed60d) reqid=16392(0x00004008)
E: aes-cbc  2a1bce17 3cdd25cb b29efca3 b9d46f1d
A: hmac-sha1  a5f03b30 158f7622 759d231a affa0159 d9bbdf42
seq=0x00000148 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
diff: 4670(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
current: 32597(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 328 hard: 0 soft: 0
sadb_seq=6 pid=18139 refcnt=1
213.xxx.xxx.xx 95.x.xx.xx
esp mode=any spi=81132314(0x04d5fb1a) reqid=16385(0x00004001)
E: aes-cbc  f7a70af4 58addc1a 584a8e6f 33b8bab4
A: hmac-sha1  bed0d0fd 37a90867 49efd159 3b5baa6d 631a8627
seq=0x000012fe replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
diff: 4851(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
current: 709808(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 4862 hard: 0 soft: 0
sadb_seq=5 pid=18139 refcnt=2
95.x.xx.xx 213.xxx.xxx.xx
esp mode=tunnel spi=223923227(0x0d58cc1b) reqid=16386(0x00004002)
E: aes-cbc  0b13ac84 23799226 acf6c001 b42c191f
A: hmac-sha1  9b24e11f 51f58595 1438b99a 874c678e 8f076aae
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
diff: 4851(s) hard: 28800(s) soft: 23040(s)
last:                    hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=4 pid=18139 refcnt=1
213.xxx.xxx.xx 78.xxx.xxx.xxx
esp mode=any spi=2785857967(0xa60cd1af) reqid=16389(0x00004005)
E: aes-cbc  2d8f8dc8 fd0edb39 5f487fc3 868cb40c
A: hmac-sha1  9e7861f2 6db71edb 97c85e2f eeb2d92a 7840d4e5
seq=0x000042aa replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
diff: 4852(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
current: 19091504(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 17066 hard: 0 soft: 0
sadb_seq=3 pid=18139 refcnt=2
78.xxx.xxx.xxx 213.xxx.xxx.xx
esp mode=tunnel spi=174727792(0x0a6a2270) reqid=16390(0x00004006)
E: aes-cbc  e95d38fd 59f37f5d 20d87b10 2994deac
A: hmac-sha1  51d83dfb 66de3f2e 9a80fc0d 720da3fd 6df1003c
seq=0x000032e6 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
diff: 4852(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
current: 3143780(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 13030 hard: 0 soft: 0
sadb_seq=2 pid=18139 refcnt=1
213.xxx.xxx.xx 78.xxx.xxx.xxx
esp mode=any spi=3295792916(0xc471cf14) reqid=16387(0x00004003)
E: aes-cbc  50de0576 3aa95c37 dba14263 57737455
A: hmac-sha1  dded9c1f 6b2135a8 60d934a5 a9d7a5a3 3ac9fcb5
seq=0x00003023 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
diff: 4855(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:00 2012 hard: 0(s) soft: 0(s)
current: 7009560(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 12323 hard: 0 soft: 0
sadb_seq=1 pid=18139 refcnt=2
78.xxx.xxx.xxx 213.xxx.xxx.xx
esp mode=tunnel spi=91025691(0x056cf11b) reqid=16388(0x00004004)
E: aes-cbc  8f05fb5d 766899c7 ab518e46 e438d3ec
A: hmac-sha1  e7d8fe13 6e9141d0 b219c538 cd66f662 e88604d3
seq=0x000031bb replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
diff: 4855(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:03 2012 hard: 0(s) soft: 0(s)
current: 1495084(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 12731 hard: 0 soft: 0
sadb_seq=0 pid=18139 refcnt=1

OK. I have join redmine and submit some suggestion. ;)

The root cause of the issue is the fact you're losing and regaining link multiple times in a second at times, and just frequently in general. Unless the NIC or what it's connecting to has broken, or you have a cabling issue, that would be a driver regression of some sort between FreeBSD 8.1 and 8.3 for ue. Switching back to 2.0 for a period of time would confirm or deny that.

…now I took the memstick image of the 2.1 snapshot and booted normally, which means I did not take the save option.
Formally for the hard disk installation of 2.1 I had to boot in safe mode, because in normal mode the boot did not succeed, maybe because of strange DMA errors with my hard disk.

But:
Now with booting from the memstick I already see the old well known error messages "re0: PHY read failed", which caused my machine to crash under 2.0.1 after approx. 2 days...

So with the installation of the 2.1 snapshot on the hard disk I have definetely the error

"ad0: FAILURE - READ_DMA status=51 <ready,dsc,error>error=84 <icrc,aborted>LBA=115113216
ad0: WARNING - READ_DMA UDMA ICRC error (retrying request) LBA=115113104
ad0: WARNING - READ_DMA UDMA ICRC error (retrying request) LBA=115113104"

and maybe the old well known error "re0: PHY read failed"

I will investigate further....

Markus
:'(</icrc,aborted></ready,dsc,error>

So, in case anyone else has installed the dev version and wants snort, the way I managed to get it installed is by uninstalling everything, then installing an older, TBZ based version from the shell, then installing the current package from the web UI.

pkg_add -r http://files.pfsense.com/packages/8/All/snort-2.9.0.5_1.tbz

I'm not sure if that's a good idea - it's still using the 2.9.0.5 binary - but it does in fact seem to work. I don't have a "categories" or "rules" tab in the snort configuration such as I see in documentation, but I don't know if that's normal or not.

@databeestje:

But that way you have a backup version you can always restore.

So, that UI is… challenging?

I click "restore" it says it's restoring, and that's it. No further feedback.

How is this supposed to work?

Split this off into its own topic since it's not related to the other, but worth discussing.

Not sure what's up with the crash reporter. It's done this before, last time it was a varnish config hiccup on one of our boxes. Not sure what's up with it at the moment.

(The break error you had in the older message was since solved, new snaps should be OK for that)

Not on embedded you wouldn't have. On a full install it always works fine. :-)

my recommendation is to use a old wireless router as a switch+accesspoint you can place convieniently.

disable dhcp on the old router and get good, fast and cheap wireless that you can place in the living room.

Ermal opened a ticket on this.
http://redmine.pfsense.org/issues/2349

I wasn't screaming, it was more a playful thing.

I'm using the AMD64 iso, all I get is a single usbus00 for interfaces when virtio is set for network of kvm.

I even edited the /boot/loader.conf and it doesn't do anything.

I believe we already have a checkbox for autoupdating the firewall rule logs.

Even a widget on the dashboard too.

Crash reporter

Crash report begins.  Anonymous machine information:

i386
8.3-RC2
FreeBSD 8.3-RC2 #1: Wed Apr  4 08:00:43 EDT 2012    root@FreeBSD_8.3_pfSense_2.1.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8

Crash report details:

PHP Errors:
[13-Jan-2003 14:05:39 UTC] PHP Parse error:  syntax error, unexpected $end, expecting T_VARIABLE or '$' in /usr/local/pkg/filer.inc on line 178

Filename: /var/crash/minfree
2048

The 8.1 HCL was probably correct when it was written. If you look at the man page it actually only supports AR5XXX chipsets.
The fact that it has attached to the ath driver (you have an ath0 device) shows that it is at least partly supported. Though reading this thread shows a similar level of support in 2.0.

The 5MHz antenna would make it practically useless at 2.4MHz but I would still expect to be able to 'see' it if you're very close, antennas are not perfect.

Steve

9/2011 is ages ago!
Unless you have a good reason use the latest snapshot from the snapshot server: http://snapshots.pfsense.org/

Good reasons include; some code update yesterday broke everything and was automatically included in the most recent build. This is unlikely but could happen, snapshots are for testing only!

Steve

Completely unrelated to this thread, and I don't work on that part. Keep issues in their own threads, please.

npf was still very much a dream last time I looked in on it, it was nowhere near capable enough (without commenting on the rest of NetBSD)… As for OpenBSD, I doubt that would ever happen.

While they do have some nice routing improvements over Free, their attitude toward projects based off of OpenBSD has not been very welcoming.

FreeBSD seems to still have the best possible combination of all factors involved. The others may edge it out in certain areas but they can't beat the total package.

sounds nice, maybe that works.

Chris, I was thinking that perhaps a pfsense build with the latest ipsec-tools cvs can be offered as a beta-testing option,  so that any pfsense users who reverted back to 1.2.3 due to ipsec issues can try it out… (I'm thinking about users like alexandrnew who wrote here that he's using pfsense 1.2.3 IPsec mobile with more than 400 clients)