OpenVPN and 1.0-BETA1
-
_If you'd like to know my TODO-list, here it goes:
Fixes:
- check out the "restart-problem" you've told me._
Was addressed earlier in this thread, and in the patch.
- check out the "interface renumbering" bug and maybe look at the interface renumbering code in HEAD (thx @sullrich for the hint!), then decide whether to live with it or change it.
Still pending?
- find out the reason why TUN0 does not show up in the "Interfaces" menu.
This was addressed. There were modifications required for get_interface_list().
_Features (seem to be just webinterface issues):
- get OpenVPN in client mode working.
- get the "Client-specific configuration" working.
- get CRL lists working._
All of these are still outstanding as far as I know.
-
I moved it to guiconfig.inc which houses all of the other dirty file locations.
But this definition is needed by openvpn.inc. If openvpn.inc includes guiconfig.inc, wouldn't that make openvpn.inc require the user to authenticate? Cause openvpn.inc shouldn't require authentication, since it won't be called solely by the web interface, but also by the boot scripts.
-
Try it out and let me know. Thats how the rest of pfSense works.
-
WOW ;D
on 1.0-BETA1-TESTING-SNAPSHOT-2-5-06 the openvpn acting as a client is working for me. Thank you very much.kind regards,
-
So that leaves, what the interface renumbering bug in HEAD, right?
Looks like we may have OpenVPN in 1.0 yet. ;)
-
Yep let me backport it and post a testing image. Can you guys help me test this? It will involve deleting and recreating interfaces and ensuring that the rules and such follow the interfaces.
-
I'm game. I have a net4501 sitting here waiting to be abused, along with a WRAP coming in the mail, and a production box I bought from Hacom (good reference from around here!) with 3 gigabit interfaces. All of which I can do some testing on.
Bring it. ;)
-
on 1.0-BETA1-TESTING-SNAPSHOT-2-5-06 the openvpn acting as a client is working for me
No, it isn't. :S
Did you patch it? I tested it in an unpatched BETA1 and it screwed up the interfaces' configuration.
-
on 1.0-BETA1-TESTING-SNAPSHOT-2-5-06 the openvpn acting as a client is working for me
No, it isn't. :S
Did you patch it? I tested it in an unpatched BETA1 and it screwed up the interfaces' configuration.
Yep, thats the thing we are speaking of that needs to be backported. When you mess with the optional interfaces and move them around then the rules end up on the wrong optional interfaces, etc.
-
WRAP showed up today, so I have two embedded's to play around with. The hard drive-based production box should be here any day now. Just waiting. :)
-
Sounds good. I'll get the code merged over tomorrow sometime in preperation for some serious weekend testing.
-
:o
<think>wow. it's like seeing an avalanche coming down…</think>
In the last few days I've been working until late in the evening at my workplace - too many systems which "wreaked havoc", so I've had no time to do anything.
It seems like everybody's already busy working on it. So, is there anywhere I can help out?
Maybe I'll seem to be doing quite slow comparing to all of you, since I've got only evenings, weekends and holidays to "play around".
I hope you won't loose your patience with me...About testing: how can I keep up with the work which has been done in the meantime? Is there any FAQ how to get the latest version? (I have never done anything with CVS)
I've already got the VMWare Developer's edition - if that helps to shorten the process...Marc
-
Well, my hard drive-based production firewall showed up yesterday, so yay! here. :)
I need to get that vmware version one too, but I don't run windows. Only OSX on my desktops and freebsd on my servers…
My impression is that for 1.0 we just need to hunt down any problems with the interface re-numbering, and then we're golden. 1.1 is going to be a real treat. ::)
-
Interface renumbering code was just commited. I'm pressing a new image now.
Here's the new testing image: http://www.pfsense.com/~sullrich/OPENVPN_AND_DHCPD_TESTING_EDITION/pfSense-Full-Update-1.0-BETA1-TESTING-SNAPSHOT-2-10-06.tgz
Please test OpenVPN and test DHCP server as its now running in a chroot and as a non-root user for enhanced security.
-
I must just be totally losing it. I'm sure I remember seeing somewhere on the site how to build an arbitrary-sized pfsense embedded image from the full install, and for the life of me I can't recall where. I have a 64MB flash for the WRAP, and 512MB for the soekris (I thought I would be able to install packages and have logs write out over NFS…oops)
Point me in the right direction? ???
-
Maybe this will help: http://wiki.pfsense.com/wikka.php?wakka=FlashHowTo
Also, you can edit /etc/platform and change it to pfSense and it will convert to a full install. However I haven't tested either of these lately.
-
No, unfortunately that wasn't what I was talking about. That's presuming you already have a flash image, adn want to resize it. What you gave us (I presume?) is a cd iso. What I need is the instructions to go from cd iso to flash. I'm starting to wonder if it was't something like "install to a hard drive, dd to a file, then resize that file…."
-
What I gave was a full update for a already full install.
I'll create an embedded image soon and pop it in that directory.
-
Well, today's the day to be loading up the firewalls, so if you can post that embedded image that would be great. :)
The production box has no cd-rom drive, so I'm imagining the process for installation is to plug in a cd-rom drive, install 1.0-BETA1, then somehow apply the tgz that you posted here? (Don't suppose it's as simply as uploading that from the web interface, or tar xvzf after sftp'ing it to the firewall?)
These boxes will go into "production" this week. Oddly enough, these are development boxes, so having beta software isn't a big deal, however all basic firewalling functions MUST be stable enough that I can administer them 99% remote. These are only 20 minutes away instead of 3 hours, and I do have remote vnc and serial console capabilities, but downtime would be frowned upon, as it holds up the developers. planned downtime however (guys, I need to reboot the firewall in a half hour, down for 5 mins) is completely acceptable. I'm thinking if OpenVPN and opt interfaces are all that are at stake here, we should be fine on this, right?
-
Grrrrr…..
I have this hard drive system from Hacom. They bury the ide header on the main board, so I had to tear it apart to get to it to plug in the cd-rom. There's nothing available to power the cd-rom drive, so I had to crack open an external USB enclosure and use its power supply for the cd drive.
I boot up, go into setup, make sure usb keyboard is enabled (which it is, as I'm able to navigate the menus), but as soon as the freebsd menu comes up, I lose usb keyboard, which of course prevents me from choosing option 7, which is....
Boot FreeBSD with USB Keyboard.
D'oh. This is a paradox if I've ever seen one. There is a ps2 keyboard port header on the mainboard, but they didn't ship it with the adapter, which means I'll be spending my day hacking together an adapter. :( This sucks guys...is there a way to have usb keyboard enabled by default during boot?