Check /tmp/rules.debug before and after your change, see if anything looks different.

Might be too late for 2.2, but we'll look into it for 2.2.1

https://redmine.pfsense.org/issues/4239

The main problem is they aren't a part of the normal OS install of FreeBSD but have to be built separately so they don't come automatically.

The firewall states are still not being reset properly in the version pfSense-memstick-2.2-RC-amd64-20150116-1153.img.

Disable the Cisco Unity plugin in VPN - IPsec - Advanced settings

That's the problem then… :)

No problem. I might have a bit of fun with some Nepali translation some day - a language based on a  completely different script might be a fun way to mess up all the displays  ;)
Let me know if you find other places where things go wrong. I suspect there are other places where the Apply button will not display if the language translation work is only part complete.
In a few days I will have a go at standardizing that code better - of course any further changes like that will end up in 2.2.1 or later… but should be easy to GitSync or apply with System Patches for those who care about the language selections.

I am running pfSense 2.2 on 2 separate Hyper-V 2012R2 servers and I never had any problems with installation and config of pfSense 2.2. Did you select the correct network adapter for your WAN interface?

Having the management operating system available on the WAN interface can be dangerous.

@Cino:

are you using the SSL option in dans? I have it running on a test box but i dont use SSL with it… try a link to /usr/lib/libssl.so.6 or /lib/libssl.so.6... do them one at a time and if it doesn't work, remove the link

Tried those combinations as well…. no go. Not using SSL

The ftp proxy/helper is not part of 2.2  Clients behind pfsense talking to ftp on say the public internet and using passive do not require any sort of helper/proxy in pfsense.  When you talk to server using passive, it tells you the IP to talk too. So unless your blocking outbound ports this would never be a problem.

clients using active would require helper.  Since the ftp server makes the connection back to the client - so the helper would open the ports and quite often change the IP given by the client to the public one.

Now if your running server behind pfsense and your clients are on the public internet - then yes you would need the helper..  Or you can manually setup the server to give its public IP not a local one, and use specific ports for the passive connection that you forward on pfsense.

From other posts on the board and the bug report does not seem like helper will be back until atleast 2.2.1 if at all..

See this thread https://forum.pfsense.org/index.php?topic=86703.0
It has bug report url and info about how to work around it via firewall forwards, etc.

Yes you'll need ports open for the data connection. Problem is passive FTP ports are server-defined, and could be any of a wide range (1024 through 65535). So where you want to keep egress rules tight, you'll probably want to force FTP use through a proxy (like Squid) only.

I well, I ran out of things to try to get IPSEC working reliably.

Given up and used OpenVPN instead - same functionality but the system stays up. 5 1/2 hours uptime so far which is way more than I managed with IPSEC on 2.2 on this system.  I can live with that workaround for now.

Cheers
Jon

Either you're filling the entire drive, or it's dying.
https://doc.pfsense.org/index.php/Filesystem_Full_/_Out_of_Inode_Errors

Having multiple sites seeing the same thing, and seeing the same thing after putting in a diff SSD, doesn't necessary narrow it down. It's rare, but we have seen instances of people buying SSDs in bulk where the entire lot of 50-100 were bad and would fail along those lines after running for a handful of days. A power cycle would make it last a few more days. Eventually those were confirmed with the manufacturer to be a defective lot.

To the sites that still use it – you would hope atleast it was ftps, which breaks the helper anyway.  The helper is need it 2 setups.. Where your wanting your client behind pfsense to use a active connection to public server.  Or your running server behind pfsense and you want to allow passive clients.

If client use passive no helper needed, if your running server you would hope you were running ftps anyway which would of required the manual firewall rules anyway because helper could not see the traffic to fix up.  So I don't really see this as  loss of anything of real function..  And you really shouldn't be using ftp anyway ;)

annoyingly I created a new vm with 20gb this time instead of 8gb…and I'm seeing the same error through the logs.

/tmp: write failed, filesystem is full

repeating over and over

I used the default quick/easy install mode for this, it looks like it gave /tmp a 19mb partition?

note: I'm seeing this /tmp full error on the first reboot after I did an auto update in the webgui (from dec. 10 2.2 to latest 2.2) I guess I'll try a newer live cd iso for my next install?

edit: It seems to have gotten past this issue, that error repeated for a few minutes but I left it running while I was grabbing a new iso and setting up a new vm...and it booted fully and started working as normal.

feature instead of bug? lol

I am just using the local DB and the authentication test in the diagnostics works. I restarted the OpenVPN service and created a different test user with only letters and numbers in the password and got the same error.

Running out of ideas, I updated to the latest build (Fri Jan 16 07:51:08 CST 2015) and when it came back online it started working again. I am not sure if it was something in the update or the reboot that fixed the issue, but all is good now.

Thanks.

Hi

I was wondering if anyone else has experienced the above issues with traffic shaping on lagg interface?
Please see attached image of dashboard showing no states after reboot until traffic shaper is removed.

Thanks in advance

Andy

PFSense.PNG
PFSense.PNG_thumb

Thanks Chris. I don't really understand how pbi work but adding links seem to do the trick.