Okay that is what I was going to do but I just wanted to verify before I proceeded, thanks for the fast responses!

If you have a serial port on your computer and a null modem cable, you should be able to access the console menu and re-setup the LAN IP.  Other configuration changes you've made will not be lost.

Alternatively, you will need to depress the reset switch while booting the unit.  This will wipe the box to factory defaults.

vincom -  Yes; I was using this browser to talk to the previous firewall at this IP.  Deleting the certificate for this IP did the trick.  Good catch!  Thank you.

It might be, but it would be very awkward and may not work 100% – I have never tried it, but I know links can often have JS issues and the GUI package install process uses a fair amount of it.

Thanks a lot for the tips. I am getting who-has ARP requests hitting pfsense from the front end DSL modem. I statically assigned 192.168.0.2 to the pfsense MAC addr "which is the same as the front end modem's" and it was listed as unknown in the modem's DHCP reservation list and then.. wallah! It got named pfSense dynamically. I am still having issues getting to the front end modem from the pfSense router though..

pfSense interface list:

WAN ipv4 192.168.0.2/24

LAN ipv4 192.168.1.1/24

It seems I am making headway though! About to go poke around in the pfSense web UI and disable the firewall to see if that is causing issues, though I cannot get into the web interface at this time via the address it should be on "192.168.1.1"…..

Have a look at this thread:
http://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592

Steve

The LiveCD install works great on VMware, I've run it for years that way.

I've had similar experiences with 2.1. I upgraded my 2.0.3 installation to 2.1, and it cannot get a DHCP address on the WAN. A fresh install had the same issues. Tried on several different systems, and none were able to get a DHPC address. Re-installed 2.0.3, and the WAN works fine.

The host OS should not be able to see the WAN NIC if it is bridged to the pfSense VM as you've seen. You can't have more than one OS attempting to control the IP properties of the NIC.
IT would be best to have the IP settings on the WAN NIC set to 'none' in Windows but there isn't an option for that. Instead if you look at the WAN NIC properties it lists the protocols being used by the NIC. It should list 'virtual box' something (I can't remember exactly what it's called) that's the only protocol required. If you want you can disable the other protocols so that Viirtual Box is the only thing that can use that NIC. However, if it ain't broke….  ;)

Steve

Well spotted.  :)
That's very odd. Just to certain which image exactly was it you used the first time? Did you use the same image the second time?

Steve

ok thanks.  since the clean install of 2.1 vga nano, i haven't had the apinger issue yet.  ill keep u posted. thank you

@eleanor:

Hi,

I would like to know what are best practices regarding running Snort on PFsense and using PFsense as FW as well as IDS solution. I instlalled and configured Snort on pfsense without a problem, but Snort has put my interfaces in promiscous mode (WAN inteface as well as LAN interface), thus making them unreachable. Therefore I couldn't connect with VPN to the pfsense anymore and I had to manually reset snort.

Not sure I understand what you mean by "unreachable".  I use Snort on three interfaces (WAN, LAN and DMZ) and have no problem using the OpenVPN package for client connections.

@eleanor:

What are best practices to run Snort on pfsense?

Thank you

Most folks run it on the WAN interface using a combination of Snort VRT and Emerging Threats rules.  My personal recommendation is to run it on both the WAN and LAN interfaces with different rules on each.  For the WAN, I used the ET-CIARMY, ET-RBN and other block list rules containing known poor reputation IPs.  For the LAN side, I use the Snort VRT "Balanced IPS Policy" combined with some of the Emerging Threats Trojan and Worm rules.

Bill

Hi,

i can confirm this problem, i also had this when upgrading to 2.1.
There seems to be one urgent bug inside of pfsense 2.1 regarding this.
i tried all configurations to fix this also to change some kernel parameter but nothing seemed to help, only to downgrade back to 2.01!

i could notice thate the outbound settings couldn´t configure /32 subnet but only bigger subnets that would result in confusing when finding the correct outbound ip in case you have multiple ips but need to set outbound for every ip (/32) in my opinion.

kind regards,
barnaba

thanks stephenw10 you are hero of of 2013, great minds think alike I was thinking since internet was not working (ports 3/4) I decided to go back to square one and copy the pfsense settings within interface & firewall rules just to see if internet can work but I did so without the openVPN settings which it did prove to work just fine.

I noticed on OPT1/2 I left it on LAN Subnet under Source, how on earth did you figure out my Source setting was incorrect ?

I set it to OPT1 subnet and did the same for OPT2 after reading your post, plugged in ports 3/4 and it popped up with internet connection.

Added my OpenVPN settings and retried just now under Lan and ports 2/3/4 all working fine under my VPN provider :D

I have further defaulted the gateway dns servers and assigned private servers instead so I do not get IP or DNS leaks, also paused OpenVPN and tested if it works !

I have saved the xml 4x

I have renamed my pfsense box to Johnpoz under General Setup but it came back with an error which I ignored

Relax I am messing around :P, thanks to all you guys including johnpoz I got there with a bit of testing and playing around I was surprised that most of the advanced and basic settings can be ignored or left on default… wish I knew that well before getting into pfsense. Next I will consider poe/switch to add more devices !

Merry Xmas all

There's an option to do it in System: Advanced: Miscellaneous:
You have to reboot to see the change.

Steve

Your WAN is getting a private IP in 192.168.1.0/24 - so  guess you have plugged it in to the internet modem/router that then goes to your ISP. That is fine for now while learning. Later you probably want to put the internet modem/router into bridge mode so it passes through the real internet IP to pfSense.
Your problem is likely that your LAN is also 192.168.1.0/24 subnet (e.g. LAN IP 192.168.1.1). Having the same IPs on WAN and LAN side won't work. Run the wizard again and specify a different subnet for the LAN - pick another more obscure number in 192.168 - e.g. 192.168.42.1/24