Somantra's questions

• This has been an ongoing issue for a couple of weeks. The credit card terminal will lose the ability to connect to the processor server over SSL.

• The IP config looks correct, the DHCP lease looks legit and it appears to
  have connectivity to the Internet,
  but transactions will not complete.

• For a time we suspected a hardware failure, but the new terminal was fine for 3-4 days and then failed yesterday the same as the prior terminal.

• I can netcat right into the processor host plugged into the same Cisco 2950 as the card terminal.

• When the transaction is attempted I can see:

  Ethernet Session Error

  and then:

  Invalid address

• In the error log I see that the Debug Buffer states

  VfyCertChain: NOT Verified! Reason 2 (CERT_SIGNATURE_FAILURE) VfyCertChain: NOT Verified! Reason 1 (UNABLE_TO_GET_ISSUER_CERT) VerifyDataBundle ERROR 112 Bus App Signer VerifyDDLSysSig: ERROR NOT TCMS Bundle

• This was working yesterday, but today it does not work. This happened twice before in the past two weeks and never previously for 2+ years behind a lousy consumer router.

• I don't see any blocked traffic in the pf logs that matches either the processor host IP or the terminal IP.

• So it appears to be an issue with SSL Cert issuer verification but if I plug into my consumer router at home I have no issues completing transactions.

• I can easily renew the IP address on the terminal and it always reports connectivity.

• This particular model includes an IP Diagnostics utility which runs four tests:

  1. LAN Connection - Tests that Ethernet connection exists.
  2. Gateway Test - Tests that the GW is responsive(?)
  3. ISP Test - If there were a PPP connection directly involved, I might know what this tests exactly, as it stands no one can tell me what exactly is happening under the hood?
  4. Host Test - Tests that the connection to the processor server is successful(?)

• I have restored the pfsense config to a previously known-good point but this did not clear the card terminal issue.

So my question is:

Does anyone have any experience resolving a similar situation?

Some other thoughts I had were that I was too hasty in configuring a local instance of BIND or that I have misconfigured pfsense (DHCP Server possibly). I am pretty new to pfsense and credit card terminals.

I am about to deploy another nameserver in this workgroup environment of ~16 total clients (mostly XP & Windows 7) in the hopes that I just got something wrong there.

I am pretty desperate for fresh insight into this issue. This should be a non-issue in 7-10 days when we go to a different processing system, but until then the retail area is without a card reader and that makes small business owners very sad.

: (

Please help.

I am interested in utilizing the advertised feature set of the Asus RT-N16 (Print Server, File Server, WAP etc.), but I have heard negative things about the stock firmware. The word on the street seems to be, great hardware, bad firmware.

So my question is:

Is the stock firmware on the Asus RT-N16 going to be a liability for me as the IT administrator for a small office that despite my warnings, wants to do a fair chunk of their work on wi-fi?

I have already been preaching that critical operations don't belong on wi-fi, but that is another battle. For now I will try to appease and continue to preach. Any advice is much appreciated.

My suspicion is that I should not pass Go, just install DD-WRT, but I want to hear the voice of experience. Thanks in advance.

: (