Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs
> Le 2 mai 2016 à 20:24, Olivier Mascia a écrit : > > I have a problem with IPv6 on a HA setup. > > With IPv4, it is OK. > >> IPv4 : >> VLAN MAC Address TypeAge Port >> Mod >> -+-+---+-+--+--- >> 2776 .5e00.0168dynamic 0 Veth5 >> 5 >> 2776 .5e00.0168dynamic 0 Po4 >> 6 >> Total MAC Addresses: 2 > > With IPv6 the MAC is reported active on both pfSense's (Veth5/Veth6 instead > of Veth5/Po4 as above). > >> IPv6 >> VLAN MAC Address TypeAge Port >> Mod >> -+-+---+-+--+--- >> 2776 .5e00.016adynamic 1 Veth5 >> 5 >> 2776 .5e00.016adynamic 2 Veth6 >> 6 >> Total MAC Addresses: 2 > > I proceeded for IPv6 as for IPv4. > > One IPv6 address for each WAN interface: > x:y:z:d8ff::2/64 and x:y:z:d8ff::3/64. > And a CARP virtual IP definition of x:y:z:d8ff::1/64 on WAN interface. > The VHID is 106. > > Pinging from outside either one of the WAN adresses looks good. > Pinging the CARP VIP loose packets at varying rate and captures show echo > requests packets arriving randomly on each WAN interface. > > The IPv4 part of that same setup works wonderfully. In case anybody would doubt what I'm seeing... Here is a ping from one remote location to the CARP VIPv6: 16 bytes from x:y:z:d8ff::1, icmp_seq=0 hlim=57 time=17.095 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=1 hlim=57 time=16.801 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=2 hlim=57 time=16.906 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=3 hlim=57 time=16.004 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=4 hlim=57 time=17.142 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=8 hlim=57 time=16.766 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=11 hlim=57 time=18.267 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=15 hlim=57 time=18.232 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=18 hlim=57 time=16.817 ms 16 bytes from x:y:z:d8ff::1, icmp_seq=22 hlim=57 time=18.129 ms ^C See the missing replies 5, 6, 7, 9, 12, 13, 14, 16, 17, 19, 20, 21 ? Now look the capture on the WAN of the BACKUP pfSense: 00:50:29.040856 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 5, length 16 00:50:30.040092 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 6, length 16 00:50:31.040665 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 7, length 16 00:50:33.041250 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 9, length 16 00:50:34.041469 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 10, length 16 00:50:36.040262 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 12, length 16 00:50:37.041530 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 13, length 16 00:50:38.041524 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 14, length 16 00:50:40.040628 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 16, length 16 00:50:41.041671 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 17, length 16 00:50:43.041429 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 19, length 16 00:50:44.041769 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 20, length 16 00:50:45.040738 IP6 2a02:578:85a0:101:78eb:bc6c:8ac4:efa3 > x:y:z:d8ff::1: ICMP6, echo request, seq 21, length 16 Those echo requests weren't lost for everybody. :( -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs
Sorry, top-posting this time. Capturing on WAN(x:y:z:d8ff::2/64), link-local = fe80::250:56ff:febf:7014 (is MASTER), I can see: 00:15:27.653423 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:7014 > ff02::12: ip-proto-112 36 00:15:28.663409 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:7014 > ff02::12: ip-proto-112 36 00:15:29.673410 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:7014 > ff02::12: ip-proto-112 36 00:15:30.683425 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:7014 > ff02::12: ip-proto-112 36 00:15:31.693405 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:7014 > ff02::12: ip-proto-112 36 00:15:32.703418 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:7014 > ff02::12: ip-proto-112 36 At the same time on WAN(x:y:z:d8ff::3/64), link-local = fe80::250:56ff:febf:3f5 (is BACKUP), I see: 00:15:27.196544 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:15:28.606544 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:15:30.016541 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:15:31.426541 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:15:32.836536 IP6 (hlim 255, next-header VRRP (112) payload length: 36) fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 I'm concerned about the source address being the BACKUP IPv6 link-local in those packets. Shouldn't they be the above :7014 instead of :3f5? With IPv4, that's one can see, the same source (the master) in those packets wether they're captured on master or backup. on x.y.z.130 WAN (master): 00:24:24.943397 IP 51.254.87.130 > 224.0.0.18: CARPv2-advertise 36: vhid=104 advbase=1 advskew=0 authlen=7 counter=10448678271752372706 00:24:25.953407 IP 51.254.87.130 > 224.0.0.18: CARPv2-advertise 36: vhid=104 advbase=1 advskew=0 authlen=7 counter=10448678271752372706 00:24:26.963397 IP 51.254.87.130 > 224.0.0.18: CARPv2-advertise 36: vhid=104 advbase=1 advskew=0 authlen=7 counter=10448678271752372706 on x.y.z.131 WAN (backup): 00:24:47.151981 IP 51.254.87.130 > 224.0.0.18: CARPv2-advertise 36: vhid=104 advbase=1 advskew=0 authlen=7 counter=10448678271752372706 00:24:48.162019 IP 51.254.87.130 > 224.0.0.18: CARPv2-advertise 36: vhid=104 advbase=1 advskew=0 authlen=7 counter=10448678271752372706 00:24:49.172016 IP 51.254.87.130 > 224.0.0.18: CARPv2-advertise 36: vhid=104 advbase=1 advskew=0 authlen=7 counter=10448678271752372706 What is it different with IPv6 (if that if) for these packets to stick their source address to the link-local? Or would it be that my BACKUP (according to /status_carp.php) do also advertise (which it shouldn't as BACKUP)? Indeed, if I halt the master, the backup switches to master role and look at the capture: 00:41:21.016506 IP6 fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:41:22.426501 IP6 fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:41:23.836499 IP6 fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:41:25.246504 IP6 fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 00:41:26.656497 IP6 fe80::250:56ff:febf:3f5 > ff02::12: ip-proto-112 36 The same as when it was backup... I think I start narrowing it a bit more here. But I'd do well with a gentle tap on the shoulder from one IPv6 / CARP guru from here... Must be some simple horrible configuration mistake... or a bug related to CARP IPv6 and in such case, if I can help gather whatever is needed to debug and fix it... -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 2 mai 2016 à 20:24, Olivier Mascia a écrit : > > I have a problem with IPv6 on a HA setup. > > With IPv4, it is OK. > >> IPv4 : >> VLAN MAC Address TypeAge Port >> Mod >> -+-+---+-+--+--- >> 2776 .5e00.0168dynamic 0 Veth5 >> 5 >> 2776 .5e00.0168dynamic 0 Po4 >> 6 >> Total MAC Addresses: 2 > > With IPv6 the MAC is reported active on both pfSense's (Veth5/Veth6 instead > of Veth5/Po4 as above). > >> IPv6 >> VLAN MAC Address TypeAge Port >> Mod >> -+-+---+-+--+--- >> 2776 .5e00.016adynamic 1 Veth5 >> 5 >> 2776 .5e00.016adynamic 2 Veth6 >> 6 >> Total MAC Addresses: 2 > > I proceeded for IPv6 as for IPv4. > > One IPv6 address for each WAN interface: > x:y
[pfSense] 2.3-REL /diag_packet_capture.php - bug or misleading behavior
The /diag_packet_capture.php allows to set Address Family to IPv6 Only and further Protocol to CARP. In such case it captures nothing (or rather filters out too much). To actually see the ip-proto-112 packets to ff02::12, one has to set Protocol to Any. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problems captive portal after upgrade from 2.2.6 to 2.3
Same problem with me, even refreshing on mobile devices does not do any good. I revert back to 2.2.6 From: List on behalf of daniel soto Sent: Monday, April 18, 2016 4:21 PM To: list@lists.pfsense.org Subject: [pfSense] problems captive portal after upgrade from 2.2.6 to 2.3 i have update to 2.3 ( a fantastic job) but in my case when i login in captive portal, the browser no redirect to web page ,i need update (F5) the web browser and then i have access to web page. i have tryed with iexplore, firefox, opera, chrome and with alls the web browser the results is the same thanks ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] [Bulk] Strange problem with HAProxy failing after WAN IP changes
Hi, Afaik, haproxy does not and did not reload on a wan-ip change on either pfSense version. There are a few options though. -make haproxy frontend listen on 'any' -or use a portforward to forward incoming traffic to 127.0.0.1 , haproxy could then be listening on localhost:80. Regards, PiBa-NL Op 2-5-2016 om 15:55 schreef Dominique Kaspar: Hi, we have a strange problem on our PFSense since we migrated to 2.3. We use the HAProxy package to enable external access to several of our webservices (webmail, taiga, wiki, kimai, owncloud) running on VMs in our LAN. In order to do that, we have configured several frontends as well as several backends, and all is working well - until the daily reset of the WAN IP happens (we get a dynamic IP from out provider): then, HAProxy just fails to do its job until we manually reload the service. It seems to me that PFSense 2.3 has changed the way it reloads the haproxy service after the WAN IP changes. Since this behavior is new to 2.3 (in 2.2.6, this worked out-of-the-box), I am fairly sure there is a configuration out there that can deal with this specific problem, but I can't seem to find it. Can someone point me in the correct direction? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs
I have a problem with IPv6 on a HA setup. With IPv4, it is OK. > IPv4 : > VLAN MAC Address TypeAge Port > Mod > -+-+---+-+--+--- > 2776 .5e00.0168dynamic 0 Veth5 > 5 > 2776 .5e00.0168dynamic 0 Po4 > 6 > Total MAC Addresses: 2 With IPv6 the MAC is reported active on both pfSense's (Veth5/Veth6 instead of Veth5/Po4 as above). > IPv6 > VLAN MAC Address TypeAge Port > Mod > -+-+---+-+--+--- > 2776 .5e00.016adynamic 1 Veth5 > 5 > 2776 .5e00.016adynamic 2 Veth6 > 6 > Total MAC Addresses: 2 I proceeded for IPv6 as for IPv4. One IPv6 address for each WAN interface: x:y:z:d8ff::2/64 and x:y:z:d8ff::3/64. And a CARP virtual IP definition of x:y:z:d8ff::1/64 on WAN interface. The VHID is 106. Pinging from outside either one of the WAN adresses looks good. Pinging the CARP VIP loose packets at varying rate and captures show echo requests packets arriving randomly on each WAN interface. The IPv4 part of that same setup works wonderfully. x.y.z.130/28 and x.y.z.131/28 CARP virtual IP of x.y.z.129/28 on WAN interface. The VHID is 104. No visible issue with simple pinging, no suspect packet captures, and no internetworking issues at all with IPv4. The direct link using opt1 on both boxes uses 172.16.0.2/24 and 172.16.0.3/24. The rules on that opt1 'sync' interfaces are setup according to the Book. One weird dumb question: would the opt1 'sync' interface also need IPv6 subnets in order for this to work? What could I do to help diagnose this further? Could it be a problem with 2.3-REL? I never had the opportunity to build and test such a setup with previous versions. I have support incidents purchased along with other pfSense hardware, but this is not on pfSense hardware but on VMs. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Site to Site VPN behind nat
On 5/2/2016 10:24 AM, Vick Khera wrote: On Sun, May 1, 2016 at 8:18 PM, Dane Reugger wrote: I've seen this done with Aruba but not sure it's possible with PfSense but if it is I would love a guide to get it going. Use OpenVPN. It doesn't care at all about the NAT. Many guides online for setting up whole network VPN over OpenVPN. On pfSense server, you create one "server" entry per remote LAN you want on its own dedicated port. Open up the firewall to allow connections and you're good to go. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ...Unless of course both sides are behind NAT. One side must public, or at least have a port forward from the public interface. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3_1 ?
> Le 2 mai 2016 à 16:19, Jason Hellenthal a écrit : > > Signé partie PGP > _1 would not be a development release. That would be a patch or an addendum > which I would assume handles the ntp security flaw patched in recent FreeBSD > security release. > > https://www.freebsd.org/security/advisories/FreeBSD-SA-16:16.ntp.asc > > On May 2, 2016, at 08:54, Olivier Mascia wrote: > > The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention of > it on pfsense.org. > Could it be that my system polls for dev branch releases and not only > released builds? > Or that the auto-update only revealed the beast before the blog on > pfsense.org? Indeed. Installed packages to be UPGRADED: pfSense: 2.3 -> 2.3_1 [pfSense] ntp: 4.2.8p6 -> 4.2.8p7 [pfSense] -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Site to Site VPN behind nat
On Sun, May 1, 2016 at 8:18 PM, Dane Reugger wrote: > I've seen this done with Aruba but not sure it's possible with PfSense but > if it is I would love a guide to get it going. > Use OpenVPN. It doesn't care at all about the NAT. Many guides online for setting up whole network VPN over OpenVPN. On pfSense server, you create one "server" entry per remote LAN you want on its own dedicated port. Open up the firewall to allow connections and you're good to go. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
On Mon, 2 May 2016 07:57:55 -0600 WebDawg wrote: > On May 2, 2016 1:56 AM, "Frans Meulenbroeks" > wrote: > > > > Hi, > > > > Has anyone experience using USB3 to ethernet adapters ? I need an extra > > interface but my HW (Intel NUC) does not have room for another card). > > Anything recommendable? > > > > Best regards, Frans. > > ___ > > If you can skip the USB stuff and enable vlans...in my opinion it is worth > it. Frans, I used for long time a Linksys USB2 NIC and was stable. It sometimes hangs, but it is fixable by ifconfig down/ip. but my main issue was some controllers changed the Id of the NIC on reboot (if you have more then one). The NIC was http://www.linksys.com/us/support-product?pid=01t8003KZrvAAG USB200M, can't tell the revision. matheus -- "We will call you Cygnus, the God of balance you shall be." ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3_1 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 _1 would not be a development release. That would be a patch or an addendum which I would assume handles the ntp security flaw patched in recent FreeBSD security release. https://www.freebsd.org/security/advisories/FreeBSD-SA-16:16.ntp.asc On May 2, 2016, at 08:54, Olivier Mascia wrote: The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention of it on pfsense.org. Could it be that my system polls for dev branch releases and not only released builds? Or that the auto-update only revealed the beast before the blog on pfsense.org? - -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold - -- Jason Hellenthal JJH48-ARIN -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJXJ2HxAAoJEDLu+wRc4KcIH7YH/0CI/esLfieYjH/n8JPAbOFg yeGf2hObYF8e3ygtWNTgYcdWZim9QjNW06YL+l3bMih7I9Fb0z/EHDud0IZG+c11 XLJy1CiBOWNbSfgbqt2ToYdneFaMZEqZH4sIMviFyCH5rJmV+ovjDBDlZh6tYiUO CrGnEW/4WORQpZ2rUwPHvYO69z133gE2X9vU3pPxA6rEXGfh6LtECFAntMea7lBh dYtathaKzLSbWDWywSqOJ5iJ1UdMKNt5NY+zagHLj+7KqfC/8AF40UYEusVooL5M 6ughJbFqR+4sh/R/nahHz1568L16j9ZjVwCv38SE3+k+qiaG7W+obsTUqUmoivw= =NsJm -END PGP SIGNATURE- ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] SSO WMI
Hi, I am looking for information about WMI SSO and how can I implement in pfsense .. Someone could get some help and more information, I believe that would be an ideal solution to implement without using packages such as Samba. I am willing to contribute to this project -- Gustavo Freitas ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
On May 2, 2016 1:56 AM, "Frans Meulenbroeks" wrote: > > Hi, > > Has anyone experience using USB3 to ethernet adapters ? I need an extra > interface but my HW (Intel NUC) does not have room for another card). > Anything recommendable? > > Best regards, Frans. > ___ If you can skip the USB stuff and enable vlans...in my opinion it is worth it. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] V2.3 & Letsencrypt
Hi List, Did anyone experienced any success with using LetsEncrypt certificates (and automatic ACME installation) on Pfsense V2.3 already ? In case of yes, would there be a good write-up available to get me started ? KR, Kamaradski ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.3_1 ?
The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention of it on pfsense.org. Could it be that my system polls for dev branch releases and not only released builds? Or that the auto-update only revealed the beast before the blog on pfsense.org? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Strange problem with HAProxy failing after WAN IP changes
Hi, we have a strange problem on our PFSense since we migrated to 2.3. We use the HAProxy package to enable external access to several of our webservices (webmail, taiga, wiki, kimai, owncloud) running on VMs in our LAN. In order to do that, we have configured several frontends as well as several backends, and all is working well - until the daily reset of the WAN IP happens (we get a dynamic IP from out provider): then, HAProxy just fails to do its job until we manually reload the service. It seems to me that PFSense 2.3 has changed the way it reloads the haproxy service after the WAN IP changes. Since this behavior is new to 2.3 (in 2.2.6, this worked out-of-the-box), I am fairly sure there is a configuration out there that can deal with this specific problem, but I can't seem to find it. Can someone point me in the correct direction? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
On 16-05-02 06:20 AM, Rafael Aquino wrote: De: "Frans Meulenbroeks" Has anyone experience using USB3 to ethernet adapters ? I need an extra interface but my HW (Intel NUC) does not have room for another card). Anything recommendable? Best regards, Frans. Hi there, I´ve tried once an USB Multi-function Lan Adapter (it´s also a UBS3 HUB) with PFSense, 2.2.x. I´ve connected the internet on it, and used onboard NIC as LAN Interface. I´ve experienced some strange behaviors, like some instability on the internet when traffic has raised. Some logs was showed on the screen by the time the problems occurred. It was a test to a client, so I´ve replaced the machine to solve those problems, but I believe I was using a cheap adapter (I can´t tell you the manufacturer, because it doesn´t say on it). In general, all USB ethernet adapters will be at least *slightly* unreliable, regardless of whether it's USB3 or USB2. Your best bet is: a) find one with a well-supported chipset in FreeBSD (this is *much* easier said than done, sorry...) b) connect it as close to the on-board USB hub as possible; on some motherboards, the USB ports around the case are not all equal; some are multiplexed via an extra internal (on-chip) hub while some aren't. The fewer hubs between the core chipset and the adapter, the better c) find a way to guarantee electrical and mechanical connection. Consider using LocTite(r) Blue or similar low-strength bonding agent on the USB port to secure against vibration and gravity. (Also consider that you can never get all of it off, so don't plan on re-using that port for anything else later.) d) disable all USB power management related settings in the BIOS -Adam ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
- Mensagem original - > De: "Frans Meulenbroeks" > Para: list@lists.pfsense.org > Enviadas: Segunda-feira, 2 de maio de 2016 4:56:49 > Assunto: [pfSense] USB3 to ethernet adaptor > Hi, > > Has anyone experience using USB3 to ethernet adapters ? I need an extra > interface but my HW (Intel NUC) does not have room for another card). > Anything recommendable? > > Best regards, Frans. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold Hi there, I´ve tried once an USB Multi-function Lan Adapter (it´s also a UBS3 HUB) with PFSense, 2.2.x. I´ve connected the internet on it, and used onboard NIC as LAN Interface. I´ve experienced some strange behaviors, like some instability on the internet when traffic has raised. Some logs was showed on the screen by the time the problems occurred. It was a test to a client, so I´ve replaced the machine to solve those problems, but I believe I was using a cheap adapter (I can´t tell you the manufacturer, because it doesn´t say on it). Good luck. Rafael Mentz Aquino raf...@lk6.com.br www.lk6.com.br ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense: first experience/first problem
You can turn off dhcp6 on the interfaces page On Mon, May 2, 2016, 02:55 Frans Meulenbroeks wrote: > Hi, > > Last weekend I started with pfsense and during that I immediately > encountered an issue that I would like to report here (assuming this is the > right place to do so). > > What happened was that after installing the WAN port got an IPv4 address > over DHCP but kept on spawning DHCPv6 requests at a rate that totally > swamped my network. > I'm not sure if it should be sending DHCPv6 requests at all after getting a > v4 address (there is no DHCPv6 server in my network), but in any case the > rate of the requests was way too fast. > > I managed to get rid of it by doing something like pfctl -d (forgot the > exact incantation, someone on irc suggested this); then after a pfctl -e > the issue was gone (maybe it would also be gone after a reboot, didn't try > that). > > This may be something someone wants to look into as it is a really bad > initial experience. > > Best regards, Frans. > > PS: is it possible to get access of the latest version of the book without > being a gold member? I'm a home user; not looking for a freebee but $ 99/yr > is a bit too steep for me especially now when I am still investigating > whether this is the right tool for me. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] USB3 to ethernet adaptor
Hi, Has anyone experience using USB3 to ethernet adapters ? I need an extra interface but my HW (Intel NUC) does not have room for another card). Anything recommendable? Best regards, Frans. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense: first experience/first problem
Hi, Last weekend I started with pfsense and during that I immediately encountered an issue that I would like to report here (assuming this is the right place to do so). What happened was that after installing the WAN port got an IPv4 address over DHCP but kept on spawning DHCPv6 requests at a rate that totally swamped my network. I'm not sure if it should be sending DHCPv6 requests at all after getting a v4 address (there is no DHCPv6 server in my network), but in any case the rate of the requests was way too fast. I managed to get rid of it by doing something like pfctl -d (forgot the exact incantation, someone on irc suggested this); then after a pfctl -e the issue was gone (maybe it would also be gone after a reboot, didn't try that). This may be something someone wants to look into as it is a really bad initial experience. Best regards, Frans. PS: is it possible to get access of the latest version of the book without being a gold member? I'm a home user; not looking for a freebee but $ 99/yr is a bit too steep for me especially now when I am still investigating whether this is the right tool for me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold