Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First pre-production test

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastcon68
      last edited by

      The last few days, I have been working with the alpha.  I mirrored my enitre configuration over to the test box.  After getting everything set up and running I mopvpe it over to take the place of my production server just to see if everything would come up.

      I could not get out of the firewall at all.  I could not ping out or even browse to any sites.  I don't fully understand why it's not working.  here are a few of the logs from the firewall:

      Aug 21 01:54:05 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 01:54:05 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 208.17.66.193 ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 01:54:10 check_reload_status: reloading filter

      Aug 21 01:57:32 kernel: arp: xxx.xxx.xxx.xxx is on fxp1 but got reply from 00:02:3b:02:79:b4 on fxp0

      Aug 21 01:57:37 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 208.17.66.193 ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 01:57:37 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 208.17.66.193 ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 01:58:07 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 01:58:07 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 01:58:12 check_reload_status: reloading filter

      Aug 21 02:01:21 kernel: fxp0: link state changed to DOWN

      Aug 21 02:01:23 kernel: fxp0: link state changed to UP

      Aug 21 02:01:49 kernel: fxp1: link state changed to DOWN

      Aug 21 02:01:56 kernel: fxp1: link state changed to UP

      Aug 21 02:02:09 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      Aug 21 02:02:09 php: : There were error(s) loading the rules: /tmp/rules.debug:189: rule label too long (max 63 chars) /tmp/rules.debug:190: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [189]: pass out on $WAN route-to ( fxp1 xxx.xxx.xxx.xxx ) proto esp from any to xxx.xxx.xxx.xxx keep state label "IPsec: Ourfirends Company.net VPN Connection - outbound esp proto"

      While I looking fopr a new job, I might as well keep testing and trying this out.  Once it's gets out of alpha it's going to be the cat's meow of firewall products.  There is not doubt it.  This project is heading in the right direction.

      I really love what has been done to the IP-SEC section.  it makes it much easier to configure.

      I support a few of these in the field and keep a spare in my car in case a customer firewall goes out.  I intend to keep using this and will be testing, as much as possible.
      RC

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.