Re: [pfSense] openvpn topology subnet with pfsense 2.2.6 server/2.3 client
On Apr 15, 2016 4:39 PM, "Joseph L. Casale"wrote: > > Does a facility exist to bypass the UI and invoke a static config for an openvpn server? > I do not see a means through the web ui to create a configuration which permits static > addressing in subnet mode? > > Thanks, > jlc > ___ This! They need to let this happen for all packages! ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] openvpn topology subnet with pfsense 2.2.6 server/2.3 client
Does a facility exist to bypass the UI and invoke a static config for an openvpn server? I do not see a means through the web ui to create a configuration which permits static addressing in subnet mode? Thanks, jlc ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Ambiguous gateway monitoring
On Fri, Apr 15, 2016 at 12:31 PM, Karl Fifewrote: > I'm bringing this up in the off chance that it is a bug. I think it might > be expected behavior but want to bounce it off a few others. > > I have an installation with two fiber uplinks. Each uplink has an IP on the > ISP's single WAN subnet (e.g. one single subnet, not a pair of tunnels). > This is a temporary configuration but in the meantime I observed the > following. > > In this configuration, the gateway monitoring's default settings use a > single gateway monitoring IP address (their DHCP default gateway). What I > observe is that ONE of the two interfaces will have 'unknown/pending' > gateway status. Obviously, the gateway monitoring ICMP messages for BOTH > interfaces are routing via only ONE of the two, leaving other gateway's > status unknown. > The issue isn't gateway monitoring, it's that you can't have the same subnet on multiple interfaces and can't have multiple WANs with the same gateway IP. There can only one one ARP cache entry for a given IP and it will be associated with only a single interface. It's a toss up as to which will work in that case. It's impossible to communicate with the same IP on two diff NICs. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pf2ad update to pfSense 2.3
Hello, Who wants to go now testing the pf2ad update to pfSense 2.3 can now apply the script with the following command: fetch -q -o - http://projetos.mundounix.com.br/pfsense/2.3/samba3/pf2ad.sh | sh The code versioning, can be followed: https://gitlab.mundounix.com.br/pfsense/pf2ad I have the support of the crowd with stipend (paypal) and/or time to coding. More info: http://pf2ad.mundounix.com.br/en/index.html Regards -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ ICQ: 2890831 / Gtalk: gustavo@gmail.com Blog: http://www.luizgustavo.pro.br ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Ambiguous gateway monitoring
I'm bringing this up in the off chance that it is a bug. I think it might be expected behavior but want to bounce it off a few others. I have an installation with two fiber uplinks. Each uplink has an IP on the ISP's single WAN subnet (e.g. one single subnet, not a pair of tunnels). This is a temporary configuration but in the meantime I observed the following. In this configuration, the gateway monitoring's default settings use a single gateway monitoring IP address (their DHCP default gateway). What I observe is that ONE of the two interfaces will have 'unknown/pending' gateway status. Obviously, the gateway monitoring ICMP messages for BOTH interfaces are routing via only ONE of the two, leaving other gateway's status unknown. QUESTIONS: 1. It's actually the NON-default interface (em2) that is being successfully monitored, NOT the default gateway interface (em1), so first of all if the monitoring service isn't clever enough to monitor its gateway on its own interface, shouldn't it be using the default interface? 2. While this specific configuration is temporary for us (fiber/link/transciever debugging), it seems that the gateway monitoring should in fact be clever enough to use its own in interface for monitoring its gateway address. Is that right? While unusual, I don't think there anything fundamentally wrong with this configuration, right? Thanks in advance. Smart-alecs only: Yes, The 'normal' configuration both fiber links is membership in a LAGG interface. Yes, I know default gateway monitoring will begin if I change the monitor address for the default gateway to a different subnet IP address (e.g. a public dns server). ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.
Hi, maybe the squid cache was a reason for this. 7 hours was really lomg, i had to stop myself from 'interrupting' it :D But now all runs smooth. Keep up the good work! Greetings Juergen Am 15.04.2016 um 08:38 schrieb Chris Buechler: > On Thu, Apr 14, 2016 at 1:57 PM, WebDawgwrote: >> On Thu, Apr 14, 2016 at 1:53 PM, J. Echter < >> j.ech...@echter-kuechen-elektro.de> wrote: >> >>> Am 14.04.2016 um 19:32 schrieb J. Echter: Hi, here, everything works as expected. :) But i have a upgrade running since round about 7 hours... I didn't check full backup before upgrade. 7 hours seem long... :) Is this still expected behaviour? Thanks J. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold >>> >>> seems normal, i have a reboot mail now :D >>> >>> >> I think I had this problem when I had a bunch of sarge reports and stuff. >> For some reason one of the upgrade steps was to look through the entire FS. > > It does an mtree on all the installed files, which can take quite some > time, but it goes through a specific list of files that are installed. > Having a huge number of files on the filesystem could slow it down > some. Hours is really excessive though. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense on vmware ESXi 6.0
> Le 15 avr. 2016 à 12:33, Mike Montgomerya écrit : > > I'm not positive, but I was always under the impression to only use the VX > net cards for Windows OS, I have always used the e1000 for Linux/pfsense. > Run several firewalls in esxi 5.1 and never any issues. Never needed tweak > anything at all, except for when I tried to do carp. I'll arrange some different tests later, but for now, VMXNET3 WAN, VMXNET3 LAN, the hosts have only 1 Gbps ethernet, I get ~850 Mbps in both directions through 'speedtest.net' (from a LAN windows server box) to some servers I know well. That's about only 15% less than wire-speed, even though there is the expected overhead of the virtualization. Not bad. Is it stable for long-term? Only time will tell me, but it looks steady for now. For fault-tolerance, I tend to think that CARP and dual virtualized pfSense (with affinity on different hosts), would be lighter than using vmware Fault Tolerance. That will be next week tests. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Status - Queues: is that a moving average on the last X minutes?
It looks to me the data displayed by Status - Queues is a kind of average over some time frame (maybe 1 minute, maybe more, don't know). Could this be shorter? Could the data be reported half-live, for instance one sample every 5 seconds with the data of those last 5 seconds, not taking into account any past traffic? When trying to assess the effectiveness of some settings, getting a more instantaneous queues usage might be more useful. Well, I think so. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense on vmware ESXi 6.0
I'm not positive, but I was always under the impression to only use the VX net cards for Windows OS, I have always used the e1000 for Linux/pfsense. Run several firewalls in esxi 5.1 and never any issues. Never needed tweak anything at all, except for when I tried to do carp. On Thu, Apr 14, 2016 at 6:02 PM, Olivier Masciawrote: > > Le 14 avr. 2016 à 23:54, WebDawg a écrit : > > > > https://blog.pfsense.org/?p=1716 > > > > They have an appliance you can purchase now. > > Eyes blinking. > And it's available through the pfSense Gold subscription which I have > signed for and renewed since it existed. Will check this. > > -- > Meilleures salutations, Met vriendelijke groeten, Best Regards, > Olivier Mascia, integral.be/om > > > ___ > I plan to throw pfSense into xen. I would like to know the answers to the questions you are asking anyways heh. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSnese 2.3 unresponsive on
On Wed, Apr 13, 2016 at 6:11 PM, Rosen Ilievwrote: > Hi guys, > > Just upgraded my embedded pfsense to 2.3. > I have problems getting to the box (web or ssh) it just time outs. > On the web I sometime I get Nginx 504, sometime, just nothing. > Eventually I got logged in, try to check what's going on. > I have open Diagnostics->System Activity page, and start monitoring the > network traffic. > > There is Java Script that updates the page content every 2.5, but actual > response in my case was more then 15 sec. > So I ended up with +20 pending requests to /diag_system_activity.php. > > I don't think that setInterval is a good option here. Especially when you > don't know how long it will take for the request to complete. > > My suggestion is to use setTimeout like this: > Yeah that's what 2.2.x and prior used. https://redmine.pfsense.org/issues/6166 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.
On Thu, Apr 14, 2016 at 1:57 PM, WebDawgwrote: > On Thu, Apr 14, 2016 at 1:53 PM, J. Echter < > j.ech...@echter-kuechen-elektro.de> wrote: > >> Am 14.04.2016 um 19:32 schrieb J. Echter: >> > Hi, >> > >> > here, everything works as expected. :) >> > >> > But i have a upgrade running since round about 7 hours... >> > >> > >> > I didn't check full backup before upgrade. >> > >> > 7 hours seem long... :) >> > >> > Is this still expected behaviour? >> > >> > Thanks >> > >> > J. >> > ___ >> > pfSense mailing list >> > https://lists.pfsense.org/mailman/listinfo/list >> > Support the project with Gold! https://pfsense.org/gold >> > >> >> seems normal, i have a reboot mail now :D >> >> > I think I had this problem when I had a bunch of sarge reports and stuff. > For some reason one of the upgrade steps was to look through the entire FS. It does an mtree on all the installed files, which can take quite some time, but it goes through a specific list of files that are installed. Having a huge number of files on the filesystem could slow it down some. Hours is really excessive though. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold