Archive for 2007

So where is 1.2?

Saturday, December 29th, 2007

Sorry for the long delays. We have been working to make 1.2 the most fantastic release of pfSense yet. The delay has been caused by a number of very minor issues popping up but combined it has been enough to make us very cautious with this release.

Expect 1.2-RC4 sometime in the next couple of week and then we will test for a good week following up with the final release. So if all goes well, we should see 1.2 released around the 3rd week of January! Or even prior! Stay tuned…

Authentication work ongoing in HEAD and RELENG_1

Saturday, December 29th, 2007

Thanks to Centipede Networks it is now possible to login to pfSense RELENG_1 (development branch) via LDAP authentication !   In addition Centipede Networks sponsored bringing the multi user manager code from m0n0wall up to speed.  Expect to see some pretty nifty stuff in 1.3 that will surely be welcome to most pfSense admins.

If you have not checked out Centipede Networks you can find them at this URL.

Interest in a pfSense training course?

Wednesday, December 26th, 2007

We are considering proposing a tutorial at BSDCan 2008, and I want to gauge people’s interest in what Scott and I are currently discussing.

BSDCan offers 4 hour tutorials. We are considering putting together a 4 hour training course on pfSense, starting from an introduction and installation, and covering as much material as we possibly can in 4 hours. The tutorial cost in previous years was something like $50 USD, so even with travel expenses it’s still cheap. If we propose this and it’s accepted, it would be in May 2008 in Ottawa Canada.

Please leave a comment here or email me if you might be interested in attending this and/or have any suggestions on topics to be covered.

Using pfSense as a Server Only

Friday, December 7th, 2007

In this forum post, “rklopoto” describes how he runs pfSense WAN-less as only a DHCP server in an environment that already has a firewall. We didn’t think this was possible, it’s interesting what users run into!  :)

This isn’t the best solution as essentially a DHCP server appliance, but it works. And he has good reason to do so – a single consistent interface to train administrators to use.

You do need two interfaces in the box, though you can leave the WAN unplugged.  Then assign your LAN IP, and its default gateway as your WAN gateway. Just put in a fake/made up IP on a different subnet on the WAN page.

You can probably use a lot of different services in this fashion. Post a comment here, or on the forum or mailing list if you’ve done something like this.

1.2-RC3 and Intel EM cards (82573 Vidalia chipset)

Monday, November 26th, 2007

There apparently is a card floating around using the 82573 chipset.   Somehow this card has its EEPROM programmed incorrectly and can conflict with the newer driver that is in FreeBSD 6.2.   The driver version is 6.6.6 and in my opinion the version number fits absolutely correctly.

Here is a blurb from Jack Vogel, the FreeBSD EM driver maintainer:

“There is also a hardware eeprom issue on systems with an 82573
type NIC on SOME systems. There is a utility to fix that, if you
have a problem, and have that NIC email me and I can send that
out to you.”

To make a long story short if you have this card visit this URL for fixing instructions.  For more information see this thread.

ALIX boards now available

Saturday, November 17th, 2007

The ALIX board, WRAP replacement from PC Engines, is now available. Netgate has them in stock, as does PC Engines. Both Netgate and PC Engines are long time supporters of the project.

Order link for PC Engines.

If you’re in the US, Netgate will get it to you faster. I’ve ordered many WRAP boards from them, and just ordered some ALIX boards. Great folks at Netgate, highly recommended.

ALIX Board
Silver case
Red case
Black case
CF card
Power supply

If you’d like to add wireless:

Wireless card
Pigtail
Antenna – any of the RP-SMA antennas will work with the linked pigtail

The price for a complete setup without wireless is $185 USD, about $40 cheaper than a complete WRAP setup cost! This is a substantially more powerful setup than the WRAP.

Seven different BSD and Linux firewalls reviewed

Friday, November 16th, 2007

Nice review from someone unrelated to the project.

“In the end, pfSense is ultimately the best choice overall and provides the best value of all we have looked at today.”

1.2-RC3 Upgrade Note

Thursday, November 8th, 2007

Note there are now two upgrade files – Full and Embedded. Use the Full upgrade file for hard drive installs, and the embedded file for upgrading embedded installs.

We attempted prior to the 1.2-RC3 release to combine these into a single upgrade file, but this caused problems on embedded upgrades so we had to split them up.

1.2 Release Candidate 3 released!

Wednesday, November 7th, 2007

1.2-RC3 has been released! Here is a list of bug fixes in this new version:

  • IPSEC Carp rules cleanup
  • IPSEC stability worksarounds for > 150 tunnels
  • Only reload webConfiguration from System -> Advanced when cert changes
  • Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
  • Read the rest of this entry »

Using console upgrade

Sunday, October 28th, 2007

The firmware upgrade via the webGUI has issues from time to time. Right now it seems to be affected by a Lighttpd bug for some people, when they upgrade Lighttpd dies and hence the webGUI isn’t accessible (console option 11 restarts it).

The console upgrade was added a while back to work around difficulties when upgrading from the web interface. I prefer upgrading this way because I can just paste in the URL to the update file, and it downloads and installs automatically.

To use the console upgrade, enable SSH on the Advanced page, and use your SSH client of choice to log in (username root, password is your webGUI admin password).  From the console menu, select option 13. You can then select whether to update from a URL or a local file. You can also do this from the actual console of the machine, but most would probably prefer doing it remotely.