What is the current status of 802.11n support in the 2.1.x builds?

The most recent information I can find is that there are some supported cards, but due to freebsd limitations 802.11n rates are not supported.  Not sure if that is for older versions, or still holds true?

This started when I installed the latest snapshot (I was previously on a very old snapshot from several months ago).

I noticed I lost internet connectivity on my "WIFI" interface.   

I can ping my lan net now which should be blocked now too.

I have my Wifi subnet setup as 10.10.10.x and LAN as 192.168.0.x

My only rules on WIFI were:
Block WIFI net from hitting 10.10.10.1 TCP 80 (Prevent wireless clients from getting web gui)
Allow WIFI net to * !LAN net (Allow wireless clients everywhere, except the LAN subnet).

After deleting and re-adding my rules I can now get everywhere from WIFI.


Hopefully this wasn't too long winded. 

The slingbox is basically embedded into the Dish reciever.  It's off the LAN interface, same network as my desktop PC's.

Thats why I'm so confused..   

I'm really scratching my head here.  Probably missing something really simple..

I just installed the slingbox (watch video remotely) on my Dish receiver.  I can stream video fine from my Wifi network, but when I try to watch from my LAN network, I get about 10-15 seconds in and it freezes.  When it freezes, I find these firewall log entries.

I'm not 100% sure how Slingbox works, but it seems to set the connection up thru the internet, but the streaming gets setup directly between the two devices.


I have a pretty much stock setup PFSense 2 (latest snapshot) box with 3 interfaces.

WAN: DHCP
LAN:  192.168.0.0/24
WIFI: 10.10.10.0/24

192.168.0.230 - Desktop PC
192.168.0.150 - Dish receiver


The explanation for the entries is

Code:

The rule that triggered this action is:

@1 scrub in on vr1 all fragment reassemble
@1 block drop in log all label "Default deny rule"

Log entries

Code:

block Jul 10 09:23:43 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:23:33 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
block Jul 10 09:23:32 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:FPA
block Jul 10 09:23:30 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:23:28 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:FA
block Jul 10 09:23:27 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
block Jul 10 09:23:27 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
block Jul 10 09:23:25 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
block Jul 10 09:23:24 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
block Jul 10 09:23:24 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:23:24 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
block Jul 10 09:23:23 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
block Jul 10 09:23:23 LAN 192.168.0.230:2981 192.168.0.150:5101 TCP:PA
block Jul 10 09:23:23 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:FA
block Jul 10 09:23:18 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:23:18 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:23:17 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:23:17 LAN 192.168.0.230:2983 192.168.0.150:5101 TCP:A
block Jul 10 09:22:52 LAN 192.168.0.230:2932 192.168.0.150:5101 TCP:R

FWIW, Here is how I'm doing this now with iptables..

Again this is on a RH box with both interfaces setup as a bridge.

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    DNAT       tcp  -- 0.0.0.0/0          0.0.0.0/0           tcp dpt:80 to:xxx.xxx.xxx.xxx:88

Where xxx.xxx.xxx.xxx is my webserver I'm redirecting my users to.

I'm trying to set up pfsense as transparent bridge to use on a public network.

DHCP, and ICMP needs to be able to pass, and then I want to redirect all outbound
http requests to a public webserver in order display a message to users.

Much like a captive portal that has no exit.

I've been able to make this work sans the redirection..  Is this even possible?

bump

Any takers?

Just came up with something!

If I tell my client to connect to 10.10.10.1 (pfsense WIFI ip), it connects.

But why does it fail to connect from wifi if I use my wan IP to connect to it?
Better yet why does Ubuntu work when using the public address but not XP?

When I upgraded to 2.0, the built in PPTP server worked flawlessly for me.

On 4/19/11 I upgraded to the latest snapshot.

Sometime shortly after this my phone and laptop (windows) quit connecting via WIFI.
They will still connect via an outside connection however.

Also worth noting, if I dual boot my laptop into Ubuntu the VPN connects fine via WIFI.

I just updated to the latest snapshot today (4/25/11) and still have the same issue.

(Below is my PPTP raw log from a failed connection 10.10.10.x is my wifi network)

Apr 25 12:09:36    pptps: pptp0: killing connection with 10.10.10.100 1505
Apr 25 12:09:36    pptps: pptp0: closing connection with 10.10.10.100 1505
Apr 25 12:09:36    pptps: [pt0] LCP: state change Closed --> Initial
Apr 25 12:09:36    pptps: [pt0] LCP: Down event
Apr 25 12:09:36    pptps: [pt0] LCP: state change Stopped --> Closed
Apr 25 12:09:36    pptps: [pt0] LCP: Close event
Apr 25 12:09:36    pptps: [pt0] link: DOWN event
Apr 25 12:09:36    pptps: [pt0] PPTP call terminated
Apr 25 12:09:36    pptps: pptp0-0: killing channel
Apr 25 12:09:36    pptps: pptp0-0: clearing call
Apr 25 12:09:36    pptps: [pt0] LCP: LayerFinish
Apr 25 12:09:36    pptps: [pt0] LCP: state change Req-Sent --> Stopped
Apr 25 12:09:36    pptps: [pt0] LCP: parameter negotiation failed
Apr 25 12:09:36    pptps: [pt0] LCP: not converging
Apr 25 12:09:36    pptps: CALLBACK 6
Apr 25 12:09:36    pptps: ACFCOMP
Apr 25 12:09:36    pptps: PROTOCOMP
Apr 25 12:09:36    pptps: MAGICNUM 31e607f1
Apr 25 12:09:36    pptps: MRU 1400
Apr 25 12:09:36    pptps: [pt0] LCP: rec'd Configure Request #5 (Req-Sent)
Apr 25 12:09:35    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:35    pptps: MP SHORTSEQ
Apr 25 12:09:35    pptps: MP MRRU 1600
Apr 25 12:09:35    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:35    pptps: MAGICNUM e643676a
Apr 25 12:09:35    pptps: MRU 1500
Apr 25 12:09:35    pptps: PROTOCOMP
Apr 25 12:09:35    pptps: ACFCOMP
Apr 25 12:09:35    pptps: [pt0] LCP: SendConfigReq #76
Apr 25 12:09:33    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:33    pptps: MP SHORTSEQ
Apr 25 12:09:33    pptps: MP MRRU 1600
Apr 25 12:09:33    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:33    pptps: MAGICNUM e643676a
Apr 25 12:09:33    pptps: MRU 1500
Apr 25 12:09:33    pptps: PROTOCOMP
Apr 25 12:09:33    pptps: ACFCOMP
Apr 25 12:09:33    pptps: [pt0] LCP: SendConfigReq #75
Apr 25 12:09:32    pptps: CALLBACK 6
Apr 25 12:09:32    pptps: [pt0] LCP: SendConfigRej #4
Apr 25 12:09:32    pptps: CALLBACK 6
Apr 25 12:09:32    pptps: ACFCOMP
Apr 25 12:09:32    pptps: PROTOCOMP
Apr 25 12:09:32    pptps: MAGICNUM 31e607f1
Apr 25 12:09:32    pptps: MRU 1400
Apr 25 12:09:32    pptps: [pt0] LCP: rec'd Configure Request #4 (Req-Sent)
Apr 25 12:09:31    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:31    pptps: MP SHORTSEQ
Apr 25 12:09:31    pptps: MP MRRU 1600
Apr 25 12:09:31    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:31    pptps: MAGICNUM e643676a
Apr 25 12:09:31    pptps: MRU 1500
Apr 25 12:09:31    pptps: PROTOCOMP
Apr 25 12:09:31    pptps: ACFCOMP
Apr 25 12:09:31    pptps: [pt0] LCP: SendConfigReq #74
Apr 25 12:09:29    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:29    pptps: MP SHORTSEQ
Apr 25 12:09:29    pptps: MP MRRU 1600
Apr 25 12:09:29    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:29    pptps: MAGICNUM e643676a
Apr 25 12:09:29    pptps: MRU 1500
Apr 25 12:09:29    pptps: PROTOCOMP
Apr 25 12:09:29    pptps: ACFCOMP
Apr 25 12:09:29    pptps: [pt0] LCP: SendConfigReq #73
Apr 25 12:09:28    pptps: CALLBACK 6
Apr 25 12:09:28    pptps: [pt0] LCP: SendConfigRej #3
Apr 25 12:09:28    pptps: CALLBACK 6
Apr 25 12:09:28    pptps: ACFCOMP
Apr 25 12:09:28    pptps: PROTOCOMP
Apr 25 12:09:28    pptps: MAGICNUM 31e607f1
Apr 25 12:09:28    pptps: MRU 1400
Apr 25 12:09:28    pptps: [pt0] LCP: rec'd Configure Request #3 (Req-Sent)
Apr 25 12:09:27    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:27    pptps: MP SHORTSEQ
Apr 25 12:09:27    pptps: MP MRRU 1600
Apr 25 12:09:27    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:27    pptps: MAGICNUM e643676a
Apr 25 12:09:27    pptps: MRU 1500
Apr 25 12:09:27    pptps: PROTOCOMP
Apr 25 12:09:27    pptps: ACFCOMP
Apr 25 12:09:27    pptps: [pt0] LCP: SendConfigReq #72
Apr 25 12:09:25    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:25    pptps: MP SHORTSEQ
Apr 25 12:09:25    pptps: MP MRRU 1600
Apr 25 12:09:25    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:25    pptps: MAGICNUM e643676a
Apr 25 12:09:25    pptps: MRU 1500
Apr 25 12:09:25    pptps: PROTOCOMP
Apr 25 12:09:25    pptps: ACFCOMP
Apr 25 12:09:25    pptps: [pt0] LCP: SendConfigReq #71
Apr 25 12:09:24    pptps: CALLBACK 6
Apr 25 12:09:24    pptps: [pt0] LCP: SendConfigRej #2
Apr 25 12:09:24    pptps: CALLBACK 6
Apr 25 12:09:24    pptps: ACFCOMP
Apr 25 12:09:24    pptps: PROTOCOMP
Apr 25 12:09:24    pptps: MAGICNUM 31e607f1
Apr 25 12:09:24    pptps: MRU 1400
Apr 25 12:09:24    pptps: [pt0] LCP: rec'd Configure Request #2 (Req-Sent)
Apr 25 12:09:23    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:23    pptps: MP SHORTSEQ
Apr 25 12:09:23    pptps: MP MRRU 1600
Apr 25 12:09:23    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:23    pptps: MAGICNUM e643676a
Apr 25 12:09:23    pptps: MRU 1500
Apr 25 12:09:23    pptps: PROTOCOMP
Apr 25 12:09:23    pptps: ACFCOMP
Apr 25 12:09:23    pptps: [pt0] LCP: SendConfigReq #70
Apr 25 12:09:21    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:21    pptps: MP SHORTSEQ
Apr 25 12:09:21    pptps: MP MRRU 1600
Apr 25 12:09:21    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:21    pptps: MAGICNUM e643676a
Apr 25 12:09:21    pptps: MRU 1500
Apr 25 12:09:21    pptps: PROTOCOMP
Apr 25 12:09:21    pptps: ACFCOMP
Apr 25 12:09:21    pptps: [pt0] LCP: SendConfigReq #69
Apr 25 12:09:21    pptps: CALLBACK 6
Apr 25 12:09:21    pptps: [pt0] LCP: SendConfigRej #1
Apr 25 12:09:21    pptps: CALLBACK 6
Apr 25 12:09:21    pptps: ACFCOMP
Apr 25 12:09:21    pptps: PROTOCOMP
Apr 25 12:09:21    pptps: MAGICNUM 31e607f1
Apr 25 12:09:21    pptps: MRU 1400
Apr 25 12:09:21    pptps: [pt0] LCP: rec'd Configure Request #1 (Req-Sent)
Apr 25 12:09:19    pptps: CALLBACK 6
Apr 25 12:09:19    pptps: [pt0] LCP: SendConfigRej #0
Apr 25 12:09:19    pptps: CALLBACK 6
Apr 25 12:09:19    pptps: ACFCOMP
Apr 25 12:09:19    pptps: PROTOCOMP
Apr 25 12:09:19    pptps: MAGICNUM 31e607f1
Apr 25 12:09:19    pptps: MRU 1400
Apr 25 12:09:19    pptps: [pt0] LCP: rec'd Configure Request #0 (Req-Sent)
Apr 25 12:09:19    pptps: ENDPOINTDISC [802.1] 00 0d b9 1d 9a b0
Apr 25 12:09:19    pptps: MP SHORTSEQ
Apr 25 12:09:19    pptps: MP MRRU 1600
Apr 25 12:09:19    pptps: AUTHPROTO CHAP MSOFTv2
Apr 25 12:09:19    pptps: MAGICNUM e643676a
Apr 25 12:09:19    pptps: MRU 1500
Apr 25 12:09:19    pptps: PROTOCOMP
Apr 25 12:09:19    pptps: ACFCOMP
Apr 25 12:09:19    pptps: [pt0] LCP: SendConfigReq #68
Apr 25 12:09:19    pptps: [pt0] LCP: state change Starting --> Req-Sent
Apr 25 12:09:19    pptps: [pt0] LCP: Up event
Apr 25 12:09:19    pptps: [pt0] link: origination is remote
Apr 25 12:09:19    pptps: [pt0] link: UP event
Apr 25 12:09:19    pptps: [pt0] PPTP: attaching to peer's outgoing call
Apr 25 12:09:19    pptps: [pt0] LCP: LayerStart
Apr 25 12:09:19    pptps: [pt0] LCP: state change Initial --> Starting
Apr 25 12:09:19    pptps: [pt0] LCP: Open event
Apr 25 12:09:19    pptps: [pt0] link: OPEN event
Apr 25 12:09:19    pptps: [pt0] opening link "pt0"...
Apr 25 12:09:19    pptps: [pt0] Accepting PPTP connection
Apr 25 12:09:19    pptps: pptp0: attached to connection with 10.10.10.100 1505
Apr 25 12:09:19    pptps: PPTP: Incoming control connection from 10.10.10.100 1505 to xxx.xxx.xxx.xxx 1723

I'm having a brain fart and no amount of googling seems to be helping.

Can someone give me the nmap syntax to check if GRE is being allowed?  (Nmap 4.11)

I thought it was -sO, but that isn't helping..

(I'm trying to test my firewall rules from outside)

Bingo, updating to the latest snapshot made it show up!  Thanks!

That would explain it!  It's not there yet! 

I assume I can just go to firmware, auto upgrade.  Are the latest snapshots considered "stable" enough for home use? 

I must be totally blind, I've been over every tab and option under system > advanced and can't find that option.      

Which tab should it be under, in advanced?     (/system_advanced_admin.php) ?

This somewhat of a crosspost (sorry) of my thread in the PPTP section.

Some of what I've read on the forum leads me to believe we can modify the automatically created VPN rules in the GUI.

For example:  I only want to allow incoming PPTP connections from specific IP's/networks.

Crosspost here:  http://forum.pfsense.org/index.php/topic,35561.0.html