• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

First pre-production test

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
1 Posts 1 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fastcon68
    last edited by Aug 21, 2008, 2:30 AM

    The last few days, I have been working with the alpha.  I mirrored my enitre configuration over to the test box.  After getting everything set up and running I mopvpe it over to take the place of my production server just to see if everything would come up.

    I could not get out of the firewall at all.  I could not ping out or even browse to any sites.  I don't fully understand why it's not working.  here are a few of the logs from the firewall:

    Aug 21 01:54:05 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 01:54:05 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 208.17.66.193 ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 01:54:10 check_reload_status: reloading filter

    Aug 21 01:57:32 kernel: arp: xxx.xxx.xxx.xxx is on fxp1 but got reply from 00:02:3b:02:79:b4 on fxp0

    Aug 21 01:57:37 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 208.17.66.193 ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 01:57:37 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 208.17.66.193 ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 01:58:07 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 01:58:07 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 01:58:12 check_reload_status: reloading filter

    Aug 21 02:01:21 kernel: fxp0: link state changed to DOWN

    Aug 21 02:01:23 kernel: fxp0: link state changed to UP

    Aug 21 02:01:49 kernel: fxp1: link state changed to DOWN

    Aug 21 02:01:56 kernel: fxp1: link state changed to UP

    Aug 21 02:02:09 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    Aug 21 02:02:09 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

    While I looking fopr a new job, I might as well keep testing and trying this out.  Once it's gets out of alpha it's going to be the cat's meow of firewall products.  There is not doubt it.  This project is heading in the right direction.

    I really love what has been done to the IP-SEC section.  it makes it much easier to configure.

    I support a few of these in the field and keep a spare in my car in case a customer firewall goes out.  I intend to keep using this and will be testing, as much as possible.
    RC

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received