Re: [pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread WebDawg 
On Thu, Apr 14, 2016 at 6:02 PM, Olivier Mascia  wrote:

> > Le 14 avr. 2016 à 23:54, WebDawg  a écrit :
> >
> > https://blog.pfsense.org/?p=1716
> >
> > They have an appliance you can purchase now.
>
> Eyes blinking.
> And it's available through the pfSense Gold subscription which I have
> signed for and renewed since it existed. Will check this.
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>
>
> ___
>

I plan to throw pfSense into xen.  I would like to know the answers to the
questions you are asking anyways heh.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread Ryan Coleman 

> On Apr 14, 2016, at 4:54 PM, WebDawg  wrote:
> 
> https://blog.pfsense.org/?p=1716 
> 
> They have an appliance you can purchase now.

That’s why they killed the VM download… ::smdh::

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread Steve Yates 
I don't have VMWare-specific insight.  But, we're doing this on another 
platform, with CARP syncing between the pfSense VMs.  I would consider using a 
VLAN to isolate the Internet traffic from the servers.  Depending on the amount 
of traffic there are settings for the number of firewall states and such but 
unless you're expecting a super high number of connections I would probably 
just turn it on and check the settings periodically.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent: Thursday, April 14, 2016 4:41 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] pfSense on vmware ESXi 6.0

Hello,

I'm looking for advices and best practices when running pfSense (this time it 
will be 2.3) in a vmware VM.  I'm offered to move some resources to a virtual 
datacenter made of dedicated hardware hosts in clusters, running ESXi 6.0 and 
vSphere.  I have access to such an infrastructure for the next 3 weeks.  I have 
used pfSense in a number of devices and hosts, but never inside a VM, except 
for experimenting with configurations of pfSense itself.

I could build up a pfSense 2.3 VM without real difficulties.  Installing the 
integration tools was easy through the included package.  Now, what are the 
pitfalls I should look for?  Any shared vmware experience from you will 
undoubtedly help fine tuning this.

For now the pfSense VM I configured has these resources: OS declared to vSphere 
is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB RAM, 10 GB HD, 
2 network adapters. I'm generally resources-conservative but I could allow much 
more if it makes sense.

For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3.  I have 
set them for VMXNET 3 but without background about this being the 
right-thing-to-do or not. At least it seems to work but I still need to stress 
test the VM (traffic-wise) a little bit.

Are there tunings inside pfSense which you could recommend / not live without, 
based on your experience inside vmware virtual machines?

Network interfaces settings? All are set for their default pfSense values, 
which means TCP segmentation offloading and large receive offloading are 
disabled. Would it make sense to enable those?

Thanks for any insight you might want to share.

--
Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, 
integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread WebDawg 
On Thu, Apr 14, 2016 at 4:40 PM, Olivier Mascia  wrote:
>
> Hello,
>
> I'm looking for advices and best practices when running pfSense (this
time it will be 2.3) in a vmware VM.  I'm offered to move some resources to
a virtual datacenter made of dedicated hardware hosts in clusters, running
ESXi 6.0 and vSphere.  I have access to such an infrastructure for the next
3 weeks.  I have used pfSense in a number of devices and hosts, but never
inside a VM, except for experimenting with configurations of pfSense itself.
>
> I could build up a pfSense 2.3 VM without real difficulties.  Installing
the integration tools was easy through the included package.  Now, what are
the pitfalls I should look for?  Any shared vmware experience from you will
undoubtedly help fine tuning this.
>
> For now the pfSense VM I configured has these resources: OS declared to
vSphere is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB
RAM, 10 GB HD, 2 network adapters. I'm generally resources-conservative but
I could allow much more if it makes sense.
>
> For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3.
I have set them for VMXNET 3 but without background about this being the
right-thing-to-do or not. At least it seems to work but I still need to
stress test the VM (traffic-wise) a little bit.
>
> Are there tunings inside pfSense which you could recommend / not live
without, based on your experience inside vmware virtual machines?
>
> Network interfaces settings? All are set for their default pfSense
values, which means TCP segmentation offloading and large receive
offloading are disabled. Would it make sense to enable those?
>
> Thanks for any insight you might want to share.
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>

https://blog.pfsense.org/?p=1716

They have an appliance you can purchase now.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread Olivier Mascia 
Hello,

I'm looking for advices and best practices when running pfSense (this time it 
will be 2.3) in a vmware VM.  I'm offered to move some resources to a virtual 
datacenter made of dedicated hardware hosts in clusters, running ESXi 6.0 and 
vSphere.  I have access to such an infrastructure for the next 3 weeks.  I have 
used pfSense in a number of devices and hosts, but never inside a VM, except 
for experimenting with configurations of pfSense itself.

I could build up a pfSense 2.3 VM without real difficulties.  Installing the 
integration tools was easy through the included package.  Now, what are the 
pitfalls I should look for?  Any shared vmware experience from you will 
undoubtedly help fine tuning this.

For now the pfSense VM I configured has these resources: OS declared to vSphere 
is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB RAM, 10 GB HD, 
2 network adapters. I'm generally resources-conservative but I could allow much 
more if it makes sense.

For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3.  I have 
set them for VMXNET 3 but without background about this being the 
right-thing-to-do or not. At least it seems to work but I still need to stress 
test the VM (traffic-wise) a little bit.

Are there tunings inside pfSense which you could recommend / not live without, 
based on your experience inside vmware virtual machines?

Network interfaces settings? All are set for their default pfSense values, 
which means TCP segmentation offloading and large receive offloading are 
disabled. Would it make sense to enable those?

Thanks for any insight you might want to share.

-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] openvpn topology subnet with pfsense 2.2.6 server/2.3 client

2016-04-14 Thread Joseph L. Casale 
I have a 2.2.6 appliance with a server running topology subnet with a pool
defined (172.31.1.0/24) which has "Address Pool" unchecked and a ccd for
a client with a 'push "ifconfig 172.31.1.42 255.255.255.0"' directive.

When a 2.3 client connects, it simply takes the next ip after server. In the 
logs
I see my desired ifconfig followed immediately by the auto-generated ifconfig
for the consecutive ip, 172.31.1.2.

openvpn[14229]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 
255.255.0.0,route-gateway 172.31.1.1,topology subnet,ping 10,ping-restart 
60,ifconfig 172.31.1.42 255.255.255.0,ifconfig 172.31.1.2 255.255.255.0'

How do I stop the server from pushing an ifconfig directive outside the one
defined in the ccd? I assumed unsetting "Address Pool" was required, but it
does not make a difference?

Thanks,
jlc
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSnese 2.3 unresponsive on

2016-04-14 Thread Rosen Iliev 



WebDawg wrote on 4/14/2016 8:54 AM:

On Wed, Apr 13, 2016 at 6:11 PM, Rosen Iliev  wrote:


Hi guys,

Just upgraded my embedded pfsense to 2.3.
I have problems getting to the box (web or ssh) it just time outs.
On the web I sometime I get Nginx 504, sometime, just nothing.
Eventually I got logged in, try to check what's going on.
I have open Diagnostics->System Activity page, and start monitoring the
network traffic.

There is Java Script that updates the page content every 2.5, but actual
response in my case was more then 15 sec.
So I ended up with +20 pending requests to /diag_system_activity.php.

I don't think that setInterval is a good option here. Especially when you
don't know how long it will take for the request to complete.

My suggestion is to use setTimeout like this:


//


Regards,

Rosen



What device are you using?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


It's  VIA Eden Processor  500MHz (500.03-MHz 686-class CPU) brick.

I'm attaching dmesg.

Rosen
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.3-RELEASE #5 05adf0a(RELENG_2_3_0): Mon Apr 11 19:14:12 CDT 2016

root@ce23-i386-builder:/builder/pfsense-230/tmp/obj/builder/pfsense-230/tmp/FreeBSD-src/sys/pfSense_wrap_vga
 i386
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: VIA Eden Processor  500MHz (500.03-MHz 686-class CPU)
  Origin="CentaurHauls"  Id=0x6d0  Family=0x6  Model=0xd  Stepping=0
  
Features=0xa7c9bbff
  Features2=0x4181
  AMD Features=0x10
  VIA Padlock Features=0xffcc
real memory  = 1073741824 (1024 MB)
avail memory = 999239680 (952 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: 
random:  initialized
ioapic0  irqs 0-23 on motherboard
wlan: mac acl policy registered
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in 
/boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xc083efc0, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in 
/boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc083f070, 0) error 1
iwi_monitor: You need to read the LICENSE file in 
/usr/share/doc/legal/intel_iwi/.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 
in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc083f120, 0) error 1
kbd1 at kbdmux0
cryptosoft0:  on motherboard
padlock0:  on motherboard
acpi0:  on motherboard
acpi0: Power Button (fixed)
cpu0:  on acpi0
attimer0:  port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atrtc0:  port 0x70-0x73 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_button0:  on acpi0
acpi_button1:  on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
agp0:  on hostb0
agp0: aperture size is 128M
pcib1:  at device 1.0 on pci0
pci1:  on pcib1
vgapci0:  mem 
0xf400-0xf7ff,0xfb00-0xfbff irq 16 at device 0.0 on pci1
vgapci0: Boot video device
rl0:  port 0xf600-0xf6ff mem 0xfdfff000-0xfdfff0ff 
irq 16 at device 5.0 on pci0
miibus0:  on rl0
rlphy0:  PHY 0 on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:30:18:4b:a7:96
rl1:  port 0xf400-0xf4ff mem 0xfdffe000-0xfdffe0ff 
irq 17 at device 6.0 on pci0
miibus1:  on rl1
rlphy1:  PHY 0 on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: Ethernet address: 00:30:18:4b:a7:95
rl2:  port 0xf800-0xf8ff mem 0xfdffd000-0xfdffd0ff 
irq 18 at device 7.0 on pci0
miibus2:  on rl2
rlphy2:  PHY 0 on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX,

Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.

2016-04-14 Thread WebDawg 
On Thu, Apr 14, 2016 at 1:53 PM, J. Echter <
j.ech...@echter-kuechen-elektro.de> wrote:

> Am 14.04.2016 um 19:32 schrieb J. Echter:
> > Hi,
> >
> > here, everything works as expected. :)
> >
> > But i have a upgrade running since round about 7 hours...
> >
> >
> > I didn't check full backup before upgrade.
> >
> > 7 hours seem long... :)
> >
> > Is this still expected behaviour?
> >
> > Thanks
> >
> > J.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
>
> seems normal, i have a reboot mail now :D
>
>
I think I had this problem when I had a bunch of sarge reports and stuff.
For some reason one of the upgrade steps was to look through the entire FS.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.

2016-04-14 Thread J. Echter 
Am 14.04.2016 um 19:32 schrieb J. Echter:
> Hi,
> 
> here, everything works as expected. :)
> 
> But i have a upgrade running since round about 7 hours...
> 
> 
> I didn't check full backup before upgrade.
> 
> 7 hours seem long... :)
> 
> Is this still expected behaviour?
> 
> Thanks
> 
> J.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> 

seems normal, i have a reboot mail now :D
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.

2016-04-14 Thread J. Echter 
Hi,

here, everything works as expected. :)

But i have a upgrade running since round about 7 hours...


I didn't check full backup before upgrade.

7 hours seem long... :)

Is this still expected behaviour?

Thanks

J.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSnese 2.3 unresponsive on

2016-04-14 Thread WebDawg 
On Wed, Apr 13, 2016 at 6:11 PM, Rosen Iliev  wrote:

> Hi guys,
>
> Just upgraded my embedded pfsense to 2.3.
> I have problems getting to the box (web or ssh) it just time outs.
> On the web I sometime I get Nginx 504, sometime, just nothing.
> Eventually I got logged in, try to check what's going on.
> I have open Diagnostics->System Activity page, and start monitoring the
> network traffic.
>
> There is Java Script that updates the page content every 2.5, but actual
> response in my case was more then 15 sec.
> So I ended up with +20 pending requests to /diag_system_activity.php.
>
> I don't think that setInterval is a good option here. Especially when you
> don't know how long it will take for the request to complete.
>
> My suggestion is to use setTimeout like this:
>
> 
> // function getcpuactivity() {
> $.ajax(
> '/diag_system_activity.php',
> {
> method: 'post',
> data: {
> getactivity: 'yes'
> },
> dataType: "html",
> success: function (data) {
> $('#xhrOutput').html(data);
> +  setTimeout('getcpuactivity()', 2500);
> },
> }
> );
> }
>
> events.push(function() {
> -setInterval('getcpuactivity()', 2500);
> +   setTimeout('getcpuactivity()', 2500);
> getcpuactivity();
> });
> //]]>
> 
>
> Regards,
>
> Rosen
>
>
What device are you using?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3.1 -> 2.3 ?

2016-04-14 Thread Olivier Mascia 
> Le 14 avr. 2016 à 02:55, Chris Buechler  a écrit :
> 
>> Hello,
>> 
>> I had a 2.3 RC installed and (mistakenly) let it auto-upgrade some hours 
>> ago. It went straight to some 2.3.1 DEV instead of 2.3 REL as I  expected 
>> (my mistake). Is there any appropriate way to come back to 2.3 REL other 
>> than rebuilding it from scratch?
>> 
> 
> Yes, check here.
> https://forum.pfsense.org/index.php?topic=109690.0


Worked perfect.  I'm back on:

"
2.3-RELEASE (amd64) 
built on Mon Apr 11 18:10:34 CDT 2016 
FreeBSD 10.3-RELEASE 

The system is on the latest version.
"

Thanks!
-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3 - webConfigurator Fails

2016-04-14 Thread David White 
Hah! Point taken. The motherboard has 2003 as the date it goes by when it
POSTS.

The motherboard is a VT133, it has a Phoenix BIOS, and the CPU is a VIA
EZRA 800mhz. This looks accurate: https://en.wikipedia.org/wiki/VIA_C3

It runs great, even as a VPN server! I was thinking about replacing it,
though, as I need to setup some more memory & CPU-intensive packages.

If my business has a good month, maybe I'll bit the bullet and get
something new. The joys of being self employed...

On Wed, Apr 13, 2016 at 8:31 PM, Jim Thompson  wrote:

>
> > On Apr 13, 2016, at 7:10 PM, Chris Buechler  wrote:
> >
> > On Wed, Apr 13, 2016 at 5:46 PM, David White 
> wrote:
> >> I just upgraded to 2.3, and internet seems to be working fine, but the
> >> webConfigurator is failing.
> >>
> >> pfSense is running on some older x86 hardware. Checking the system.log,
> I
> >> see this entry:
> >>
> >> php-cgi: rc.bootup: The command '/usr/local/sbin/nginx -c
> >> /var/etc/nginx-webConfigurator.conf' returned exit code '1', the output
> was
> >> 'PANIC: unprotected error in call to Lua API (CPU not supported)'
> >>
> >
> > That appears to mean your CPU's lacking CMOV support. You're the first
> > to run into that. What CPU is it? Must be really ancient to be lacking
> > CMOV support, something like a Pentium I or AMD K6. Talking CPUs from
> > the ‘90s.’
>
> And the early to mid 1990s at that.  CMOVcc came in with P6
> microarchitecture.
> First CPU to ship with it was Pentium Pro in Nov 1995.
>
> https://en.wikipedia.org/wiki/P6_(microarchitecture) <
> https://en.wikipedia.org/wiki/P6_(microarchitecture)>
>
> Possible that OP has a AMD CPU newer than this.
>
> Chris’ comments about being able to recover something that does support
> CMOVcc still apply.
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
David White
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold