Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update killed IPSec?

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    6
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _
      _igor_
      last edited by

      I had a working IPSec-tunnel from my iphone via pfSense.
      Today with updating to snap 2.0-BETA5 (i386) built on Tue Jan 25 06:07:53 EST 2011

      it ceased to work. My phone spits out a "server doesn't answer" after a long (something about 15-20sec) time.

      At the system-log this entry is confusing me:

      php: /vpn_ipsec.php: Error: Invalid certificate info for
php: /vpn_ipsec.php: Could not determine VPN endpoint for 'fonie'

      So i started racoon in debug-mode and got this: (reverse order)

      Jan 25 19:27:35 racoon: [fonie]: DEBUG2: 02070000 15000000 00000000 f04f0000 0a000e00 00000000 02008000 80000000 0300a000 a0000000 05000001 00010000 06008001 80010000 07000002 00020000 0800a000 a0000000 f9008000 80000000 fa00a000 a0000000 fb000800 00080000 09000f00 00000000 02084000 40000000 0308c000 c0000000 06082800 80000000 07082800 c0010000 0b040000 00080000 0c104000 00010000 16104000 00010000 f9085000 50000000
Jan 25 19:27:35 racoon: [fonie]: DEBUG: pk_recv: retry[0] recv()
Jan 25 19:27:35 racoon: [fonie]: INFO: 127.0.0.1[4500] used for NAT-T
Jan 25 19:27:35 racoon: [fonie]: INFO: 78.35.x.x[4500] used for NAT-T
Jan 25 19:27:35 racoon: [fonie]: NOTIFY: NAT-T is enabled, autoconfiguring ports
Jan 25 19:27:35 racoon: [fonie]: DEBUG: evaluating sainfo: loc='10.0.4.1', rmt='10.0.5.4', peer='ANY', id=1
Jan 25 19:27:35 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:27:35 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:27:35 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2:
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: XAuth pskey server(65002)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: SHA(2)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: AES-CBC(7)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: encklen=256
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: lifetime = 28800
Jan 25 19:27:35 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2:
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: pre-shared key(1)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: MD5(1)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: 3DES-CBC(5)
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: encklen=0
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:27:35 racoon: [fonie]: DEBUG2: lifetime = 3600
Jan 25 19:27:35 racoon: [fonie]: DEBUG: reading config file /var/etc/racoon.conf
Jan 25 19:25:59 racoon: [fonie]: INFO: unsupported PF_KEY message REGISTER
Jan 25 19:25:59 racoon: [fonie]: DEBUG: pk_recv: retry[0] recv()
Jan 25 19:25:59 racoon: [fonie]: INFO: 10.112.35.13[500] used for NAT-T
Jan 25 19:25:59 racoon: [fonie]: INFO: 127.0.0.1[500] used as isakmp port (fd=11)
Jan 25 19:25:59 racoon: [fonie]: INFO: 78.35.x.x[4500] used as isakmp port (fd=10)
Jan 25 19:25:59 racoon: [fonie]: NOTIFY: NAT-T is enabled, autoconfiguring ports
Jan 25 19:25:59 racoon: [fonie]: DEBUG: evaluating sainfo: loc='10.0.4.1', rmt='10.0.5.4', peer='ANY', id=1
Jan 25 19:25:59 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:25:59 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:25:59 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2:
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: XAuth pskey server(65002)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: SHA(2)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: AES-CBC(7)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: encklen=256
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: lifetime = 28800
Jan 25 19:25:59 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2:
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: pre-shared key(1)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: MD5(1)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: 3DES-CBC(5)
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: encklen=0
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:25:59 racoon: [fonie]: DEBUG2: lifetime = 3600
Jan 25 19:25:59 racoon: [fonie]: DEBUG: reading config file /var/etc/racoon.conf
Jan 25 19:25:00 racoon: [fonie]: INFO: unsupported PF_KEY message REGISTER
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: 02070000 15000000 00000000 5c100000 0a000e00 00000000 02008000 80000000 0300a000 a0000000 05000001 00010000 06008001 80010000 07000002 00020000 0800a000 a0000000 f9008000 80000000 fa00a000 a0000000 fb000800 00080000 09000f00 00000000 02084000 40000000 0308c000 c0000000 06082800 80000000 07082800 c0010000 0b040000 00080000 0c104000 00010000 16104000 00010000 f9085000 50000000
Jan 25 19:25:00 racoon: [fonie]: DEBUG: get pfkey REGISTER message
Jan 25 19:25:00 racoon: [fonie]: DEBUG: pk_recv: retry[0] recv()
Jan 25 19:25:00 racoon: [fonie]: INFO: 10.112.35.13[4500] used as isakmp port (fd=14)
Jan 25 19:25:00 racoon: [fonie]: INFO: 127.0.0.1[500] used as isakmp port (fd=11)
Jan 25 19:25:00 racoon: [fonie]: INFO: 10.0.4.1[500] used as isakmp port (fd=0)
Jan 25 19:25:00 racoon: [fonie]: DEBUG: my interface: 10.112.35.13 (em0)
Jan 25 19:25:00 racoon: [fonie]: DEBUG: getsainfo params: loc='ANONYMOUS', rmt='ANONYMOUS', peer='NULL', id=2
Jan 25 19:25:00 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:25:00 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2:
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: XAuth pskey server(65002)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: SHA(2)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: AES-CBC(7)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: encklen=256
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: lifetime = 28800
Jan 25 19:25:00 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2:
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: pre-shared key(1)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: MD5(1)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: 3DES-CBC(5)
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: encklen=0
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:25:00 racoon: [fonie]: DEBUG2: lifetime = 3600
Jan 25 19:25:00 racoon: [fonie]: DEBUG: reading config file /var/etc/racoon.conf
Jan 25 19:24:07 racoon: [fonie]: DEBUG: get pfkey REGISTER message
Jan 25 19:24:07 racoon: [fonie]: INFO: 10.112.35.13[4500] used as isakmp port (fd=14)
Jan 25 19:24:07 racoon: [fonie]: INFO: 127.0.0.1[4500] used for NAT-T
Jan 25 19:24:07 racoon: [fonie]: INFO: 78.35.x.x[4500] used for NAT-T
Jan 25 19:24:07 racoon: [fonie]: INFO: 78.35.x.x[500] used as isakmp port (fd=9)
Jan 25 19:24:07 racoon: [fonie]: DEBUG: my interface: 10.0.4.1 (gre0)
Jan 25 19:24:07 racoon: [fonie]: DEBUG: evaluating sainfo: loc='10.0.4.1', rmt='10.0.5.4', peer='ANY', id=1
Jan 25 19:24:07 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:24:07 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:24:07 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2:
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: XAuth pskey server(65002)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: SHA(2)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: AES-CBC(7)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: encklen=256
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: lifetime = 28800
Jan 25 19:24:07 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2:
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: pre-shared key(1)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: MD5(1)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: 3DES-CBC(5)
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: encklen=0
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:24:07 racoon: [fonie]: DEBUG2: lifetime = 3600
Jan 25 19:24:07 racoon: [fonie]: DEBUG: reading config file /var/etc/racoon.conf
Jan 25 19:23:45 racoon: [fonie]: DEBUG: sub:0xbfbfe554: 10.0.5.4/32[0] 10.0.4.1/32[0] proto=any dir=in
Jan 25 19:23:45 racoon: [fonie]: DEBUG: get pfkey X_SPDADD message
Jan 25 19:23:45 racoon: [fonie]: DEBUG: db :0x28748288: 10.112.35.0/27[0] 10.112.35.13/32[0] proto=any dir=in
Jan 25 19:23:45 racoon: [fonie]: DEBUG: sub:0xbfbfe554: 10.112.35.0/27[0] 10.112.35.13/32[0] proto=any dir=in
Jan 25 19:23:45 racoon: [fonie]: DEBUG: pk_recv: retry[0] recv()
Jan 25 19:23:45 racoon: [fonie]: DEBUG: get pfkey REGISTER message
Jan 25 19:23:45 racoon: [fonie]: DEBUG: pk_recv: retry[0] recv()
Jan 25 19:23:45 racoon: [fonie]: INFO: 127.0.0.1[4500] used as isakmp port (fd=12)
Jan 25 19:23:45 racoon: [fonie]: INFO: 78.35.x.x[4500] used for NAT-T
Jan 25 19:23:45 racoon: [fonie]: NOTIFY: NAT-T is enabled, autoconfiguring ports
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: parse successed.
Jan 25 19:23:45 racoon: [fonie]: DEBUG: getsainfo params: loc='ANONYMOUS', rmt='ANONYMOUS', peer='NULL', id=2
Jan 25 19:23:45 racoon: [fonie]: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
Jan 25 19:23:45 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2:
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: XAuth pskey server(65002)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: SHA(2)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: AES-CBC(7)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: encklen=256
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: lifetime = 28800
Jan 25 19:23:45 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2:
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: pre-shared key(1)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: MD5(1)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: 3DES-CBC(5)
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: encklen=0
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:23:45 racoon: [fonie]: DEBUG2: lifetime = 3600
Jan 25 19:23:45 racoon: [fonie]: DEBUG: reading config file /var/etc/racoon.conf
Jan 25 19:19:27 racoon: [fonie]: DEBUG: pk_recv: retry[0] recv()
Jan 25 19:19:27 racoon: [fonie]: INFO: 78.35.x.x[4500] used as isakmp port (fd=8)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: parse successed.
Jan 25 19:19:27 racoon: [fonie]: DEBUG: getsainfo params: loc='ANONYMOUS', rmt='ANONYMOUS', peer='NULL', id=2
Jan 25 19:19:27 racoon: [fonie]: DEBUG: getsainfo params: loc='10.0.4.1', rmt='10.0.5.4', peer='NULL', id=1
Jan 25 19:19:27 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: SHA(2)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: AES-CBC(7)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:19:27 racoon: [fonie]: DEBUG: hmac(modp1024)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2:
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: pre-shared key(1)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: 1024-bit MODP group(2)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: MD5(1)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: 3DES-CBC(5)
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: p:1 t:1
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: encklen=0
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: lifebyte = 0
Jan 25 19:19:27 racoon: [fonie]: DEBUG2: lifetime = 3600
Jan 25 19:19:27 racoon: [fonie]: INFO: Resize address pool from 0 to 1
Jan 25 19:19:27 racoon: [fonie]: DEBUG: reading config file /var/etc/racoon.conf
Jan 25 19:19:27 racoon: [fonie]: DEBUG: call pfkey_send_register for IPCOMP
Jan 25 19:19:27 racoon: [fonie]: DEBUG: call pfkey_send_register for ESP
Jan 25 19:19:27 racoon: [fonie]: DEBUG: call pfkey_send_register for AH
Jan 25 19:19:27 racoon: [fonie]: INFO: Reading configuration from "/var/etc/racoon.conf"
Jan 25 19:19:27 racoon: [fonie]: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
Jan 25 19:19:27 racoon: [fonie]: INFO: @(#)ipsec-tools 0.7.3 (http://ipsec-tools.sourceforge.net)
      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If your IPsec setup was using certificates, check your certificate manager and make sure all your CAs and certs are still there.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • _
          _igor_
          last edited by

          No. I'm using only PSK. No certs used.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            A little odd that it printed 'invalid certificate info' then. Still might be worth looking at.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • _
              _igor_
              last edited by

              Thats what i did. Entered at all IPsec-pages, reviewed settings which were all the same, saved all pages, same thing. All this happened wit the mentioned update. Other thing is that disabling IPsec and enabling doesn't restart racoon. I have to boot the whole machine to get it running after any config-change. If not, it doesn't even react on connections from outside. Reboot helps to get a new connection which is seen by racoon

              1 Reply Last reply Reply Quote 0
              • _
                _igor_
                last edited by

                Tested again the whole config. No errors present nor seen by me.
                Updated today with latest snap. still no IPsec.

                Jan 26 14:21:34	php: /vpn_ipsec.php: Error: Invalid certificate info for
Jan 26 14:21:34	php: /vpn_ipsec.php: Could not determine VPN endpoint for 'fonie'

                Yes, the line "Invalid cert…" ends just like you see.

                here is my racoon.conf. No cert-entries.

                # This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

listen
{
	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
	isakmp 78.35.x.x [500];
	isakmp_natt 78.35.x.x [4500];
}

mode_cfg
{
	auth_source system;
	group_source system;
	pool_size 1;
	network4 10.112.36.1;
	netmask4 255.255.255.252;
	dns4 10.112.35.13;
	default_domain "hier.local";
	split_dns "hier.local";
	save_passwd on;
}

remote 87.y.y.y                                            ---> remote fixed IP

{
	ph1id 1;
	exchange_mode aggressive;
	my_identifier address 78.35.x.x;              ---> actual WAN-IP
	peers_identifier address 87.y.y.y;             ---> remote fixed IP
	ike_frag on;
	generate_policy = off;
	initial_contact = on;
	nat_traversal = on;

	support_proxy on;
	proposal_check claim;

	proposal
	{
		authentication_method pre_shared_key;
		encryption_algorithm 3des;
		hash_algorithm md5;
		dh_group 2;
		lifetime time 3600 secs;
	}
}

remote anonymous
{
	ph1id 2;
	exchange_mode aggressive;
	my_identifier address 78.35.x.x;   ---> actual WAN-IP
	peers_identifier fqdn "zuhus";
	ike_frag on;
	generate_policy = unique;
	initial_contact = off;
	nat_traversal = on;

	dpd_delay = 60;
	dpd_maxfail = 5;
	support_proxy on;
	proposal_check claim;

	proposal
	{
		authentication_method xauth_psk_server;
		encryption_algorithm aes 256;
		hash_algorithm sha1;
		dh_group 2;
		lifetime time 28800 secs;
	}
}

sainfo address 10.0.4.1 any address 10.0.5.4 any
{
	remoteid 1;
	encryption_algorithm 3des;
	authentication_algorithm hmac_sha1;
	pfs_group 2;
	lifetime time 3600 secs;
	compression_algorithm deflate;
}

sainfo   anonymous
{
	remoteid 2;
	encryption_algorithm aes 256, aes 192, aes 128;
	authentication_algorithm hmac_sha1;

	lifetime time 3600 secs;
	compression_algorithm deflate;
}

                I think i will downgrade to the snap from 01/22 and see if it works again.

                Thats really strange!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.