• Bypass firewall rules for traffic on the same interface settings

    4
    0 Votes
    4 Posts
    1k Views
    C

    That's normal behavior for every stateful firewall, after rebooting (if you don't have HA in place) you'll block traffic from connection states that were killed by the reboot but are still active and attempted to be used elsewhere. Devices will figure that out quickly and re-establish, it's safe to ignore.

  • Stray " i "

    2
    0 Votes
    2 Posts
    924 Views
    jimpJ

    Pushed a fix, thanks!

  • 2.1.5 to 2.2 beta issues

    11
    0 Votes
    11 Posts
    2k Views
    G

    pmed you a link to my 2.1.5 the other is what i an running and when i went to mondays snaphot it has a hang issue with each upgrade

  • Dashboard: DNS reverse resolver still broken?

    3
    0 Votes
    3 Posts
    977 Views
    S

    I get this when resolving IPv6 in firewall logs

    dns_reverse.PNG
    dns_reverse.PNG_thumb

  • Tinc (1.0.24 v1.2.1) not working on 2.2beta

    1
    0 Votes
    1 Posts
    715 Views
    No one has replied
  • Syslog format

    8
    0 Votes
    8 Posts
    3k Views
    B

    Thanks again, jimp.

  • 2.2 Beta and VMware Tools

    1
    0 Votes
    1 Posts
    876 Views
    No one has replied
  • Ipsec gui looses ph2 params

    6
    0 Votes
    6 Posts
    1k Views
    T

    Ok, deleted the config, error msgs gone.

    Did set up a new mobile ipsec config, works with WAN or GW Group addresses. As soon as i change the Interface to the Carp VIrtual IP it stops working (same way i did with openvpn).

  • DHCP & Carp

    2
    0 Votes
    2 Posts
    1k Views
    T

    btw. dhcp leases for the lan segment sync to both fws, but the status puzzles me:

    dhcp_lan (LAN) recover 2014/09/29 18:37:09 unknown-state 2014/09/29 18:37:09
    dhcp_opt3 (GUESTS) recover 2014/09/29 18:37:09 unknown-state 2014/09/29 18:37:09

    except the timestamp same on both machines

  • GUI: System Logs - Settings

    1
    0 Votes
    1 Posts
    648 Views
    No one has replied
  • DNSforwarder & Carp

    2
    0 Votes
    2 Posts
    881 Views
    T

    Upd: Setting to all interfaces works on all interfaces, so just selective binding seems to be a problem

  • Cannot force update check?

    2
    0 Votes
    2 Posts
    756 Views
    ?

    Grmbl. Nevermind this post.
    Just found out that choosing a update location under Updater Settings holds the Stable release 2.1.x URL.
    Changed it with the Beta update URL and now it works.

  • Zmq did not load correctly. Removing from php.ini

    2
    0 Votes
    2 Posts
    756 Views
    P

    Here is more error information I found:

    [2.2-BETA][root@apu22.localdomain]/tmp(9): cat PHP_errors.log [28-Sep-2014 10:38:41 Asia/Kathmandu] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libzmq.so.1" not found, required by "zmq.so" in Unknown on line 0
  • Procedure for 2.2 image burning to memstick

    2
    0 Votes
    2 Posts
    816 Views
    M

    Tried it again a couple of times, ran into the same problem.

    I decided to dd if=/dev/zero of=/dev/sdb bs=16k
    and then re-dd the same image.

    Worked this time.

    Recommend people move along and don't spend time on this.

  • Port Forwarding doesn't work.

    10
    0 Votes
    10 Posts
    2k Views
    I

    I am having the same issue. We use Port forwarding on a DSL WAN connection (MTU of 1492) and we cannot pass traffic.

  • Web Configurator Broken?

    9
    0 Votes
    9 Posts
    2k Views
    arrmoA

    Hi,

    FYI, with a clean install everything was working. Then I went to BandwidthD from the service menu, clicked Save to enable it (as it wasn't running, even though it was enabled) … so Save with no settings changes. Immediately the Web GUI was broken again ... :(.

    Thoughts?

    Thanks!

  • Pfsense 2.2 MIPS?

    14
    0 Votes
    14 Posts
    4k Views
    ?

    any update to this?

  • Squid3 binary squid-3.1.22_1-amd64.pbi missing

    4
    0 Votes
    4 Posts
    2k Views
    C

    looks like i found the answer why

    https://forum.pfsense.org/index.php?topic=81892.msg449020#msg449020

  • Mobile IPSec: no peer config found

    3
    0 Votes
    3 Posts
    4k Views
    A
    # This file is automatically generated. Do not edit config setup         uniqueids = yes         charondebug="" conn con1         aggressive = yes         fragmentation = yes         keyexchange = ikev1         reauth = no         rekey = no         reqid = 1         installpolicy = yes         type = tunnel         dpdaction = clear         dpddelay = 10s         dpdtimeout = 60s         auto = add         left = #.#.#.#         right = %any         leftid = #.#.#.#         ikelifetime = 86400s         lifetime = 28800s         rightsourceip = 172.22.24.0/24         rightsubnet = 172.22.24.0/24         leftsubnet = 172.22.22.0/24         ike = 3des-sha1-modp1024!         esp = aes256-sha1,aes192-sha1,aes128-sha1!         leftauth = psk         rightauth = psk

    I noticed that the peer ID info is in the config, but there isn't anywhere to set it in the GUI.

            <ipsec><preferoldsa><client><enable><user_source>Local Database</user_source>                         <group_source>none</group_source>                         <pool_address>172.22.24.0</pool_address>                         <pool_netbits>24</pool_netbits>                         <net_list><dns_server1>pfsenselanip</dns_server1>                         <dns_server2>8.8.8.8</dns_server2></net_list></enable></client>                 <enable><mobilekey><ident>any</ident>                         <pre-shared-key>presharedkey</pre-shared-key></mobilekey>                 <mobilekey><ident>allusers</ident>                         <pre-shared-key>presharedkey</pre-shared-key></mobilekey>                 <mobilekey><ident>my@mailaddress.com</ident>                         <pre-shared-key>presharedkey</pre-shared-key></mobilekey>                 <phase1><ikeid>1</ikeid>                         <iketype>ikev1</iketype>                         <interface>wan</interface>                         <mobile><mode>aggressive</mode>                         <protocol>inet</protocol>                         <myid_type>myaddress</myid_type>                         <myid_data><peerid_type>fqdn</peerid_type>                         <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm>                         <hash-algorithm>sha1</hash-algorithm>                         <dhgroup>2</dhgroup>                         <lifetime>86400</lifetime>                         <pre-shared-key><private-key><certref><caref><authentication_method>pre_shared_key</authentication_method>                         <nat_traversal>on</nat_traversal>                         <reauth_enable><rekey_enable><dpd_delay>10</dpd_delay>                         <dpd_maxfail>5</dpd_maxfail></rekey_enable></reauth_enable></caref></certref></private-key></pre-shared-key></peerid_data></myid_data></mobile></phase1>                 <phase2><ikeid>1</ikeid>                         <uniqid>54224312bae13</uniqid>                         <mode>tunnel</mode>                         <localid><type>lan</type></localid>                         <remoteid><type>mobile</type></remoteid>                         <protocol>esp</protocol>                         <encryption-algorithm-option><name>aes</name>                                 <keylen>auto</keylen></encryption-algorithm-option>                         <hash-algorithm-option>hmac_sha1</hash-algorithm-option>                         <pfsgroup>0</pfsgroup>                         <lifetime>28800</lifetime></phase2></enable></preferoldsa></ipsec>
  • 0 Votes
    13 Posts
    4k Views
    bmeeksB

    @rcfa:

    @BBcan177:

    I think rcfa is asking if he can see the data stream like in wireshark to see what data link types are in his network?

    Kind of both. Since I'm not familiar with low-level IP/network programming, I wasn't even aware of these Data Link Types. So when it first was said that it can't handle DLT_NULL I assumed that some interfaces just don't set a type (hence NULL), and that the software isn't able to handle that case.

    From the code snippet however, it seems that there might be an (arbitrary?) number of DLTs, and that the software handles certain specific types, which seem to be DLT_RAW, DLT_EN10MB, 9, 11, 13, 113

    Knowing that, the question is, given the various links I have (IPSec, OpenVPN, GRE tunnels, LAGG, etc.) how can I know (without trying to dissect source code), what link types these have, and thus, if the software will or won't work with them…

    Start a tcpdump capture on each interface and then quickly stop it.  The data link type will be printed in the header information tcpdump prints when it starts.

    Bill

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.