pfSense Digest

There apparently is a card floating around using the 82573 chipset.   Somehow this card has its EEPROM programmed incorrectly and can conflict with the newer driver that is in FreeBSD 6.2.   The driver version is 6.6.6 and in my opinion the version number fits absolutely correctly.

Here is a blurb from Jack Vogel, the FreeBSD EM driver maintainer:

“There is also a hardware eeprom issue on systems with an 82573
type NIC on SOME systems. There is a utility to fix that, if you
have a problem, and have that NIC email me and I can send that
out to you.”

To make a long story short if you have this card visit this URL for fixing instructions.  For more information see this thread.

The ALIX board, WRAP replacement from PC Engines, is now available. Netgate has them in stock, as does PC Engines. Both Netgate and PC Engines are long time supporters of the project.

Order link for PC Engines.

If you’re in the US, Netgate will get it to you faster. I’ve ordered many WRAP boards from them, and just ordered some ALIX boards. Great folks at Netgate, highly recommended.

ALIX Board
Silver case
Red case
Black case
CF card
Power supply

If you’d like to add wireless:

Wireless card
Pigtail
Antenna – any of the RP-SMA antennas will work with the linked pigtail

The price for a complete setup without wireless is $185 USD, about $40 cheaper than a complete WRAP setup cost! This is a substantially more powerful setup than the WRAP.

Nice review from someone unrelated to the project.

“In the end, pfSense is ultimately the best choice overall and provides the best value of all we have looked at today.”

Note there are now two upgrade files – Full and Embedded. Use the Full upgrade file for hard drive installs, and the embedded file for upgrading embedded installs.

We attempted prior to the 1.2-RC3 release to combine these into a single upgrade file, but this caused problems on embedded upgrades so we had to split them up.

1.2-RC3 has been released! Here is a list of bug fixes in this new version:

• IPSEC Carp rules cleanup
• IPSEC stability worksarounds for > 150 tunnels
• Only reload webConfiguration from System -> Advanced when cert changes
• Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
• Do not allow sticky connection bit to be set if pppoe is enabled. Ticket #1319
• Disable firmware upgrade for embedded and cdrom and suggest using the console option to upgrade. Ticket #1433
• Recompile MPD with MSS/dial-on-demand patches (also fixes idle timeout bug) Obtained-from: http://svn.m0n0.ch/wall/tags/release-1.3b3/build/patches/packages/mpd.patch
• Fix CP not sending Acct-Session-Time to Radius during accounting update Ticket #1434
• Work around heavy network activity issues. [20070116, update 20070212] Systems with very heavy network activity have been observed to have some problems with the kernel memory allocator. Symptoms are processes that get stuck in zonelimit state, or system livelocks. One partial workaround for this problem is to add the following line to /boot/loader.conf and reboot: kern.ipc.nmbclusters=”0″
• Bump lighttpd to 1.4.18
• Show wireless nodes regardless if we can deterimine BSS value.
• IPSEC tunnel endpoint highlighting in system logs
• Show the IPSEC interface as a option for the traffic graph.
• Add RRD Settings page.
• Make it possible to disable RRD graphs. Bump config so it’s on by default if it wasn’t already.
• Correctly set reflection timeout for all protocols.
• Restart snmp services after LAN IP changes Ticket #1453
• Bump miniupnpd version to RC9 -add multiple interface support
• Speedup ARP page by using diag_dhcp_leases.php page code for parsing the dhcpd.leases file
• Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless card and a ethernet card on a laptop to share the same ip address
• Do not allow DHCP server to be enabled when DHCP relay is enabled, and vice versa Ticket #1488
• IPSEC keep alive pinger using the wrong source IP address Ticket #1482
• Failover DHCP Server in 10 seconds as opposed to 60 seconds

1.2-RC3 will appear at a mirror near you very soon. Please let us know what you think on the forum or mailing list.

Update: more than half of the mirrors have these files now, if you try one that doesn’t have the files, try another. They’ll all be updated within 24 hours.