I saw a similar thing in the logs for a different file but in a slightly earlier version of the pfsense beta.

https://forum.pfsense.org/index.php?topic=84540.msg463798#msg463798

Nov 25 17:17:52    ppp: OpenConfFile: Can't open file '/var/etc/mpd_wan.conf': No such file or directory
Nov 25 17:17:52    ppp: OpenConfFile: Can't open file '/var/etc/mpd_wan.conf': No such file or directory

Dont know if they are connected, but in my case even though it shows in the log no file or directory, the file did exist and had been used previously by the firewall to log on as it was the ppp login details for pppoe, so whether there is some underlying bug maybe at the OS level which is causing a few problems with file/folder access I dont know. Might be a case of one to watch out for.

fwiw.

@piz0t:

Can you add it to the future todo list:

That's a general architectural issue which will be addressed as part of a larger effort to improve service handling in the future, not opening tickets along those lines currently.

Ah, yeah if you shrink the window that much, yeah it'll wrap. That's much smaller than you'd typically use, sounded more like the stale CSS issue. Phones and tablets auto-change to a different theme since the default isn't usable with touchscreens.

New snapshot building now including those fixes, will be out later today. Can gitsync or manually apply the change hmh noted to fix that issue in the mean time.

No, no verb in advanced directives, but I found the problem.

I have both an openvpn client (PIA) and server set up.  Verbosity was set to 'none' in one, but the other was set to '3'.  Sorry for the noise.

I do not understand this can you provide screenshots and some logs based on this?

@jimp:

Rules for the WAN for IPsec have been created by default in the background for many years (Since 1.2 at least). When mobile IPsec is setup it has to allow from anywhere since the clients can connect from anywhere.

These rules can be disabled under System > Advanced on the Firewall/NAT tab, check "Disable all auto-added VPN rules"

Before you check that box, add your own rules to pass ESP, udp/500 and udp/4500 on the WAN, but you can also add block rules to prevent some from reaching the port.

Excellent. Thanks. I'll give it a go.

@cmb:

You're not binding to localhost, so it fails when you tell it to use localhost.

That should skip 127.0.0.1 being added to resolv.conf in that circumstance to avoid breaking with such misconfigurations.

That problem is fixed.

While there, I also added input validation so if you have the system configured in such a way that 127.0.0.1 would normally end up in resolv.conf, it forces you to pick Localhost in the bindings list in Unbound or check "Do not use the DNS Forwarder as a DNS server for the firewall" to allow it to be omitted.

@ermal:

In pfsense for this there is a reconnection feature on pppoe.
Otherwise seems the ISP never notifies that the link needs to renew its ip address.

Can you show logs of the pppoe during the problem?

I've had a look around for such a setting but cant see one. Any clues where I might find this?

I've looked in Interfaces, Assign, PPP tab, selected the PPP but nothing like this in the entries on that page.
Cant see anything on the WAN interface either unless you mean the Periodic Reset which is off at the moment? I did use to use this, but the ISP sometimes resets the connection within an hour so that option falls down when I have to wait 23hrs for a reset if I'm not in front of the firewall.

Did you try to let pfSense perform the PPPoE authentication.

Yes pf is doing the pppoe, the firewall/router is just bridging to the wan.

txt file is attached showing the ppoe log.

Theres a few examples in the log file of drops, but one time that did drop the connection was at 25th Nov @ 17:17, it reconnects at 17:24 when I do the Wan, Save Apply trick.

Dont know if these mpd_wan.conf message is pertinent? I've copied the mpd_wan.conf file below.

Nov 25 17:17:52 ppp: process 97708 terminated
Nov 25 17:17:52 ppp: can't read configuration for "pppoeclient"
Nov 25 17:17:52 ppp: OpenConfFile: Can't open file '/var/etc/mpd_wan.conf': No such file or directory
Nov 25 17:17:52 ppp: OpenConfFile: Can't open file '/var/etc/mpd_wan.conf': No such file or directory
Nov 25 17:17:52 ppp: process 92994 terminated
Nov 25 17:17:52 ppp: [wan_link0] Link: Shutdown
Nov 25 17:17:52 ppp: [wan] Bundle: Shutdown
Nov 25 17:17:51 ppp: waiting for process 92994 to die…
Nov 25 17:17:51 ppp: process 97708 started, version 5.7 (root@pfsense-22-amd64-builder 12:58 18-Nov-2014)

mpd_wan.conf

set web close

default:
pppoeclient:
create bundle static wan
set bundle enable ipv6cp
set iface name pppoe0
set iface route default
set iface disable on-demand
set iface idle 0
set iface enable tcpmssfix
set iface up-script /usr/local/sbin/ppp-linkup
set iface down-script /usr/local/sbin/ppp-linkdown
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp enable req-pri-dns
set ipcp enable req-sec-dns
#log -bund -ccp -chat -iface -ipcp -lcp -link

create link static wan_link0 pppoe
set link action bundle wan
set link disable multilink
set link keep-alive 10 60
set link max-redial 0
set link disable chap pap
set link accept chap pap eap
set link disable incoming
set link mtu 1432
set auth authname "myusername@myisp.com"
set auth password mypasswordgoeshere
set pppoe service ""
set pppoe iface ue0
open

UK ISP who has stated they use 1432 for their mtu setting.

Thanks for having a look at this.

ppoelog.txt

I'm not trying to be annoying, but if you really like having that option enabled by default, it still seems safest to change the text to say "username" instead of "X.509 common name".  I like things to be easy for noobs, since I am one. :)

that's a connection whose state was removed (maybe from before a reboot) and the host is still trying to use it. Doubt that's actually a problem.

reloading dashboard can seem to cause this

Working like a charm now. Thanks

Decided to avoid the whole situation by just discontinuing use of openvpn client on pfSense and running it straight on a virtual machine where I needed the tunnel… as it stands it seems when your tunnel has strange dynamic port forwarding requirements, there is no easy non-hack way to change the firewall via scripts to update the port.

I have the same card in my ITX server, don't feel bad, I can't even get drivers installed for the bluetooth portion in Windows Server 2012 R2…

I can't tell you precisely because I don't use Xen but when you setup a VM it gives you a choice as which NIC type to use, emulated or paravirtual. Try using emulated em NICs instead.

https://forum.pfsense.org/index.php?topic=84255.0

Steve

Fixed thx for reporting.

laurpaum - can you share some sanitized screenshots of your config.  I wrestled  with this and finally gave up and went to OpenVPN.  Could not get 2.2 and iOS 8.1 to work…  :(

All is well - a Mon 24 Nov 64-bit snapshot has appeared.