Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Eero Volotinen 
Take look of this how to:

https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel

adding site is simple, just replicate site A with different lan addressing.

Eero

2017-11-23 8:19 GMT+02:00 Eero Volotinen :

> Hi Ryan,
>
> Ipsec is the way you want to go. We have multiple sites connecting our HQ
> running sg-8860 with similar setup.
>
> Please note that you need different ip ranges on each site. (for example
> site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with
> 192.168.4.0/24)
>
> --
> Eero
>
> 2017-11-22 19:34 GMT+02:00 Ryan Coleman :
>
>> I want to pass the entire traffic from a few locations through one master.
>>
>> I have one site working. But when I try to connect the second site it
>> kills the first.
>>
>> I have IPSec for some basic network connections as a backup for the
>> moment that allows me to get to customer servers but I want to run all my
>> traffic because… Comcast.
>>
>> I have Gig Fiber at the headend, bandwidth is not an issue.
>>
>> Does anyone have a tried/tested example of getting either OpenVPN full
>> tunnel working on a (multiple sites)-to-(one site) or an IPSec
>> configuration example that would allow for 100% routing?
>>
>> My guinea pig is my home network. I have one customer that is also on
>> Comcast that is using the full site-to-site tunnel and I cannot afford to
>> drop during store hours.
>>
>> Thanks!
>>
>> —
>> Ryan
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Eero Volotinen 
Hi Ryan,

Ipsec is the way you want to go. We have multiple sites connecting our HQ
running sg-8860 with similar setup.

Please note that you need different ip ranges on each site. (for example
site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with 192.168.4.0/24
)

--
Eero

2017-11-22 19:34 GMT+02:00 Ryan Coleman :

> I want to pass the entire traffic from a few locations through one master.
>
> I have one site working. But when I try to connect the second site it
> kills the first.
>
> I have IPSec for some basic network connections as a backup for the moment
> that allows me to get to customer servers but I want to run all my traffic
> because… Comcast.
>
> I have Gig Fiber at the headend, bandwidth is not an issue.
>
> Does anyone have a tried/tested example of getting either OpenVPN full
> tunnel working on a (multiple sites)-to-(one site) or an IPSec
> configuration example that would allow for 100% routing?
>
> My guinea pig is my home network. I have one customer that is also on
> Comcast that is using the full site-to-site tunnel and I cannot afford to
> drop during store hours.
>
> Thanks!
>
> —
> Ryan
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Ryan Coleman 
I’m doing keys… I figured that might be the root issue… 

Thanks! 

> On Nov 22, 2017, at 11:54 AM, Doug Lytle  wrote:
> 
 I have one site working. But when I try to connect the second site it 
 kills the first.
> 
> I don't have anything written up, but I have this set up at home.  Three 
> remote sites connect to me.
> 
> You need to make sure you issue different certificates to each end point, if 
> you're sharing certs, you'll disconnect the first when trying to connect the 
> second.
> 
> Doug
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Doug Lytle 
>>> I have one site working. But when I try to connect the second site it kills 
>>> the first.

I don't have anything written up, but I have this set up at home.  Three remote 
sites connect to me.

You need to make sure you issue different certificates to each end point, if 
you're sharing certs, you'll disconnect the first when trying to connect the 
second.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread WebDawg 
I have done site to site vpns and usually you have to add some static
routes and check firewall rules.

On Wed, Nov 22, 2017 at 11:34 AM, Ryan Coleman  wrote:
> I want to pass the entire traffic from a few locations through one master.
>
> I have one site working. But when I try to connect the second site it kills 
> the first.
>
> I have IPSec for some basic network connections as a backup for the moment 
> that allows me to get to customer servers but I want to run all my traffic 
> because… Comcast.
>
> I have Gig Fiber at the headend, bandwidth is not an issue.
>
> Does anyone have a tried/tested example of getting either OpenVPN full tunnel 
> working on a (multiple sites)-to-(one site) or an IPSec configuration example 
> that would allow for 100% routing?
>
> My guinea pig is my home network. I have one customer that is also on Comcast 
> that is using the full site-to-site tunnel and I cannot afford to drop during 
> store hours.
>
> Thanks!
>
> —
> Ryan
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4.2 release

2017-11-22 Thread Steve Yates 
They emailed partners, since we got an email yesterday afternoon.  It just came 
out since I upgraded a router to 2.4.1 overnight Monday night.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Coleman
Sent: Wednesday, November 22, 2017 10:50 AM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] pfSense 2.4.2 release

Tis. And it works. I’m surprised I didn’t get a notification.

> On Nov 22, 2017, at 3:30 AM, Doug Lytle  wrote:
> 
> I just noted that it's out.
> 
> pfSense 2.4.2 
> 
> 
> Doug
> 
> 
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4 consistently crashes daily

2017-11-22 Thread WebDawg 
The bridging may need tested and filed as a bug.

On Wed, Nov 22, 2017 at 11:15 AM, Liwei  wrote:
> On Thu, 23 Nov 2017 at 00:38 WebDawg  wrote:
>
>> I am glad that you seemed to have resolved it, does the serial port
>> get the standard kernel messages...
>>
>
> It isn't really solved though as I have to take our bridged VPNs offline.
>
> Yes it does, but nothing relevant gets spewed out of the serial port before
> the panic comes up. The first sign I can see on the serial port of things
> going wrong is the kernel panic itself.
>
>
>>
>> usually you log in and tail some log files
>>
>
> Got it
>
>
>>
>> (bridging our oVPN tap interfaces to the main and private LANs)
>>
>> This was bridging done in pfSense right?
>>
>
> That's right.
>
>
>>
>> On Wed, Nov 22, 2017 at 8:07 AM, Liwei  wrote:
>> > On Tue, 21 Nov 2017 at 01:08 WebDawg  wrote:
>> >
>> >> It should work though.  A great many people virtualize pfSense:
>> >>
>> >> https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
>> >>
>> >> Here is some more information:
>> >>
>> >> https://doc.pfsense.org/index.php/VirtIO_Driver_Support
>> >> https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
>> >> https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox
>> >>
>> >> I know what it is like to ask for support and see people stop helping
>> >> because something is virtualized.  I have seen bad code fail in
>> >> virtualization situations only to here 'do not virtualize'.
>> >>
>> >> From what I know, BSD has trouble with NIC interfaces and such.  Do
>> >> you have any limiters or QOS installed?  I would take a look at the
>> >> nic interfaces first.  Can you actively monitor the log to look for
>> >> errors once the VM is booted?
>> >>
>> >> I virtualized pfSense on proxmox about a year ago and BSD hated the
>> >> cpu timers and such.  I would get so many issues from it until I
>> >> figured it out but everything was plain as day in the kernel messages
>> >> that were outputted.
>> >>
>> >> There is an ova file available via the gold subscription:
>> >>
>> >> https://doc.pfsense.org/index.php/VMware_Appliance
>> >>
>> >> You need to get more information for me to help further.  It would be
>> >> great to get a copy of some logs.
>> >>
>> >> Here is a XenServer thread:
>> >> https://forum.pfsense.org/index.php?topic=88467
>> >>
>> >> Last time I virtualized the big deal was hvm nic vs pvhvm NIC.  You
>> >> could do limiters on one (I think hvm) but the NIC's become CPU bound
>> >> because of how HVM works.  I could only push like 10-30 mbits out of
>> >> an i3 processor.
>> >>
>> >> I do not know if this has been solved, or if it is solvable.  pfSense
>> >> follows FreeBSD so most of the fixes for this come from FreeBSD,
>> >> though pfSense had/has some of its own kernel hacks.
>> >>
>> >>
>> >>
>> > Hi Vick, thanks for the assistance, nonetheless!
>> >
>> > Hi WebDawg,
>> > Yeah, I guessed as much that the problem should be on my side,
>> because
>> > something this fatal should already be widely reported.
>> >
>> > I don't have any limiters or QoS set. I've set up logging of the
>> serial
>> > port so at least I know what are the events leading up to the crash.
>> > Nothing interesting though, it just... happens. How do I set up log
>> > monitoring? My guess is I'll probably have to turn on remote syslog and
>> log
>> > over. Will set up when I get the chance.
>> >
>> > The odd thing is this is a 7+ years old setup (but we did do a fresh
>> > install of 2.3 when we upgraded hardware 1+ years ago), and we never had
>> > any serious issues. In fact it was purring along nicely on 2.3 since it
>> was
>> > first installed, until we upgraded to 2.4.
>> >
>> > I'm pretty confident of the hardware since it is only a year old, the
>> > other VMs are not having any issues, and reverting to 2.3 works fine.
>> Thus
>> > based on a hunch I decided to remove a couple of bridge interfaces
>> > (bridging our oVPN tap interfaces to the main and private LANs) when I
>> sent
>> > my first email to the list.
>> >
>> > The crashes haven't occurred since then for 2 days. I'm not sure if
>> it
>> > is a coincidence or not, but it does seem like my configuration may be
>> > triggering some bug. Or I may have mis-configured something.
>> >
>> > I'll continue to iterate things around to narrow down the problem,
>> but
>> > given that I have to wait a few days after each change to be sure on
>> > whether it crashes or not, any suggestion is very welcome!
>> >
>> > Warm regards,
>> > Liwei
>> > --
>> > Clear Skies,LiweiCo-Founder, CTO
>> >
>> > TinyMOS
>> >
>> >
>> >  
>> >  
>> >
>> > 21 Heng Mui Keng Terrace, Level 1 The Hangar, Singapore 119613
>> > ___
>> > pfSense

Re: [pfSense] pfSense 2.4 consistently crashes daily

2017-11-22 Thread Liwei 
On Thu, 23 Nov 2017 at 00:38 WebDawg  wrote:

> I am glad that you seemed to have resolved it, does the serial port
> get the standard kernel messages...
>

It isn't really solved though as I have to take our bridged VPNs offline.

Yes it does, but nothing relevant gets spewed out of the serial port before
the panic comes up. The first sign I can see on the serial port of things
going wrong is the kernel panic itself.


>
> usually you log in and tail some log files
>

Got it


>
> (bridging our oVPN tap interfaces to the main and private LANs)
>
> This was bridging done in pfSense right?
>

That's right.


>
> On Wed, Nov 22, 2017 at 8:07 AM, Liwei  wrote:
> > On Tue, 21 Nov 2017 at 01:08 WebDawg  wrote:
> >
> >> It should work though.  A great many people virtualize pfSense:
> >>
> >> https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
> >>
> >> Here is some more information:
> >>
> >> https://doc.pfsense.org/index.php/VirtIO_Driver_Support
> >> https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
> >> https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox
> >>
> >> I know what it is like to ask for support and see people stop helping
> >> because something is virtualized.  I have seen bad code fail in
> >> virtualization situations only to here 'do not virtualize'.
> >>
> >> From what I know, BSD has trouble with NIC interfaces and such.  Do
> >> you have any limiters or QOS installed?  I would take a look at the
> >> nic interfaces first.  Can you actively monitor the log to look for
> >> errors once the VM is booted?
> >>
> >> I virtualized pfSense on proxmox about a year ago and BSD hated the
> >> cpu timers and such.  I would get so many issues from it until I
> >> figured it out but everything was plain as day in the kernel messages
> >> that were outputted.
> >>
> >> There is an ova file available via the gold subscription:
> >>
> >> https://doc.pfsense.org/index.php/VMware_Appliance
> >>
> >> You need to get more information for me to help further.  It would be
> >> great to get a copy of some logs.
> >>
> >> Here is a XenServer thread:
> >> https://forum.pfsense.org/index.php?topic=88467
> >>
> >> Last time I virtualized the big deal was hvm nic vs pvhvm NIC.  You
> >> could do limiters on one (I think hvm) but the NIC's become CPU bound
> >> because of how HVM works.  I could only push like 10-30 mbits out of
> >> an i3 processor.
> >>
> >> I do not know if this has been solved, or if it is solvable.  pfSense
> >> follows FreeBSD so most of the fixes for this come from FreeBSD,
> >> though pfSense had/has some of its own kernel hacks.
> >>
> >>
> >>
> > Hi Vick, thanks for the assistance, nonetheless!
> >
> > Hi WebDawg,
> > Yeah, I guessed as much that the problem should be on my side,
> because
> > something this fatal should already be widely reported.
> >
> > I don't have any limiters or QoS set. I've set up logging of the
> serial
> > port so at least I know what are the events leading up to the crash.
> > Nothing interesting though, it just... happens. How do I set up log
> > monitoring? My guess is I'll probably have to turn on remote syslog and
> log
> > over. Will set up when I get the chance.
> >
> > The odd thing is this is a 7+ years old setup (but we did do a fresh
> > install of 2.3 when we upgraded hardware 1+ years ago), and we never had
> > any serious issues. In fact it was purring along nicely on 2.3 since it
> was
> > first installed, until we upgraded to 2.4.
> >
> > I'm pretty confident of the hardware since it is only a year old, the
> > other VMs are not having any issues, and reverting to 2.3 works fine.
> Thus
> > based on a hunch I decided to remove a couple of bridge interfaces
> > (bridging our oVPN tap interfaces to the main and private LANs) when I
> sent
> > my first email to the list.
> >
> > The crashes haven't occurred since then for 2 days. I'm not sure if
> it
> > is a coincidence or not, but it does seem like my configuration may be
> > triggering some bug. Or I may have mis-configured something.
> >
> > I'll continue to iterate things around to narrow down the problem,
> but
> > given that I have to wait a few days after each change to be sure on
> > whether it crashes or not, any suggestion is very welcome!
> >
> > Warm regards,
> > Liwei
> > --
> > Clear Skies,LiweiCo-Founder, CTO
> >
> > TinyMOS
> >
> >
> >  
> >  
> >
> > 21 Heng Mui Keng Terrace, Level 1 The Hangar, Singapore 119613
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the

Re: [pfSense] pfSense 2.4 consistently crashes daily

2017-11-22 Thread Liwei 
On Thu, 23 Nov 2017 at 00:05 Steve Yates  wrote:

> Any chance it had a 32 bit install and you manually upgraded to 64?  I
> believe pfSense recommends a wipe and reinstall in that case.
>
> --
>
> Steve Yates
> ITS, Inc.
>

Nope, it had always been on 64-bit. We also did a wipe and reinstall last
year on 2.3.


>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Liwei
> Sent: Wednesday, November 22, 2017 8:08 AM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] pfSense 2.4 consistently crashes daily
>
> On Tue, 21 Nov 2017 at 01:08 WebDawg  wrote:
>
> > It should work though.  A great many people virtualize pfSense:
> >
> > https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
> >
> > Here is some more information:
> >
> > https://doc.pfsense.org/index.php/VirtIO_Driver_Support
> > https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
> > https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox
> >
> > I know what it is like to ask for support and see people stop helping
> > because something is virtualized.  I have seen bad code fail in
> > virtualization situations only to here 'do not virtualize'.
> >
> > From what I know, BSD has trouble with NIC interfaces and such.  Do
> > you have any limiters or QOS installed?  I would take a look at the
> > nic interfaces first.  Can you actively monitor the log to look for
> > errors once the VM is booted?
> >
> > I virtualized pfSense on proxmox about a year ago and BSD hated the
> > cpu timers and such.  I would get so many issues from it until I
> > figured it out but everything was plain as day in the kernel messages
> > that were outputted.
> >
> > There is an ova file available via the gold subscription:
> >
> > https://doc.pfsense.org/index.php/VMware_Appliance
> >
> > You need to get more information for me to help further.  It would be
> > great to get a copy of some logs.
> >
> > Here is a XenServer thread:
> > https://forum.pfsense.org/index.php?topic=88467
> >
> > Last time I virtualized the big deal was hvm nic vs pvhvm NIC.  You
> > could do limiters on one (I think hvm) but the NIC's become CPU bound
> > because of how HVM works.  I could only push like 10-30 mbits out of
> > an i3 processor.
> >
> > I do not know if this has been solved, or if it is solvable.  pfSense
> > follows FreeBSD so most of the fixes for this come from FreeBSD,
> > though pfSense had/has some of its own kernel hacks.
> >
> >
> >
> Hi Vick, thanks for the assistance, nonetheless!
>
> Hi WebDawg,
> Yeah, I guessed as much that the problem should be on my side, because
> something this fatal should already be widely reported.
>
> I don't have any limiters or QoS set. I've set up logging of the serial
> port so at least I know what are the events leading up to the crash.
> Nothing interesting though, it just... happens. How do I set up log
> monitoring? My guess is I'll probably have to turn on remote syslog and log
> over. Will set up when I get the chance.
>
> The odd thing is this is a 7+ years old setup (but we did do a fresh
> install of 2.3 when we upgraded hardware 1+ years ago), and we never had
> any serious issues. In fact it was purring along nicely on 2.3 since it was
> first installed, until we upgraded to 2.4.
>
> I'm pretty confident of the hardware since it is only a year old, the
> other VMs are not having any issues, and reverting to 2.3 works fine. Thus
> based on a hunch I decided to remove a couple of bridge interfaces
> (bridging our oVPN tap interfaces to the main and private LANs) when I sent
> my first email to the list.
>
> The crashes haven't occurred since then for 2 days. I'm not sure if it
> is a coincidence or not, but it does seem like my configuration may be
> triggering some bug. Or I may have mis-configured something.
>
> I'll continue to iterate things around to narrow down the problem, but
> given that I have to wait a few days after each change to be sure on
> whether it crashes or not, any suggestion is very welcome!
>
> Warm regards,
> Liwei
> --
> Clear Skies,LiweiCo-Founder, CTO
>
> TinyMOS
>
>
>  
>  
>
> 21 Heng Mui Keng Terrace, Level 1 The Hangar, Singapore 119613
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
-- 
Clear Skies,LiweiCo-Founder, CTO

TinyMOS


 
 

21 Heng Mui

Re: [pfSense] pfSense 2.4.2 release

2017-11-22 Thread Ryan Coleman 
Tis. And it works. I’m surprised I didn’t get a notification.

> On Nov 22, 2017, at 3:30 AM, Doug Lytle  wrote:
> 
> I just noted that it's out.
> 
> pfSense 2.4.2 
> 
> 
> Doug
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4 consistently crashes daily

2017-11-22 Thread WebDawg 
I am glad that you seemed to have resolved it, does the serial port
get the standard kernel messages...

usually you log in and tail some log files

(bridging our oVPN tap interfaces to the main and private LANs)

This was bridging done in pfSense right?

On Wed, Nov 22, 2017 at 8:07 AM, Liwei  wrote:
> On Tue, 21 Nov 2017 at 01:08 WebDawg  wrote:
>
>> It should work though.  A great many people virtualize pfSense:
>>
>> https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
>>
>> Here is some more information:
>>
>> https://doc.pfsense.org/index.php/VirtIO_Driver_Support
>> https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
>> https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox
>>
>> I know what it is like to ask for support and see people stop helping
>> because something is virtualized.  I have seen bad code fail in
>> virtualization situations only to here 'do not virtualize'.
>>
>> From what I know, BSD has trouble with NIC interfaces and such.  Do
>> you have any limiters or QOS installed?  I would take a look at the
>> nic interfaces first.  Can you actively monitor the log to look for
>> errors once the VM is booted?
>>
>> I virtualized pfSense on proxmox about a year ago and BSD hated the
>> cpu timers and such.  I would get so many issues from it until I
>> figured it out but everything was plain as day in the kernel messages
>> that were outputted.
>>
>> There is an ova file available via the gold subscription:
>>
>> https://doc.pfsense.org/index.php/VMware_Appliance
>>
>> You need to get more information for me to help further.  It would be
>> great to get a copy of some logs.
>>
>> Here is a XenServer thread:
>> https://forum.pfsense.org/index.php?topic=88467
>>
>> Last time I virtualized the big deal was hvm nic vs pvhvm NIC.  You
>> could do limiters on one (I think hvm) but the NIC's become CPU bound
>> because of how HVM works.  I could only push like 10-30 mbits out of
>> an i3 processor.
>>
>> I do not know if this has been solved, or if it is solvable.  pfSense
>> follows FreeBSD so most of the fixes for this come from FreeBSD,
>> though pfSense had/has some of its own kernel hacks.
>>
>>
>>
> Hi Vick, thanks for the assistance, nonetheless!
>
> Hi WebDawg,
> Yeah, I guessed as much that the problem should be on my side, because
> something this fatal should already be widely reported.
>
> I don't have any limiters or QoS set. I've set up logging of the serial
> port so at least I know what are the events leading up to the crash.
> Nothing interesting though, it just... happens. How do I set up log
> monitoring? My guess is I'll probably have to turn on remote syslog and log
> over. Will set up when I get the chance.
>
> The odd thing is this is a 7+ years old setup (but we did do a fresh
> install of 2.3 when we upgraded hardware 1+ years ago), and we never had
> any serious issues. In fact it was purring along nicely on 2.3 since it was
> first installed, until we upgraded to 2.4.
>
> I'm pretty confident of the hardware since it is only a year old, the
> other VMs are not having any issues, and reverting to 2.3 works fine. Thus
> based on a hunch I decided to remove a couple of bridge interfaces
> (bridging our oVPN tap interfaces to the main and private LANs) when I sent
> my first email to the list.
>
> The crashes haven't occurred since then for 2 days. I'm not sure if it
> is a coincidence or not, but it does seem like my configuration may be
> triggering some bug. Or I may have mis-configured something.
>
> I'll continue to iterate things around to narrow down the problem, but
> given that I have to wait a few days after each change to be sure on
> whether it crashes or not, any suggestion is very welcome!
>
> Warm regards,
> Liwei
> --
> Clear Skies,LiweiCo-Founder, CTO
>
> TinyMOS
>
>
>  
>  
>
> 21 Heng Mui Keng Terrace, Level 1 The Hangar, Singapore 119613
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4 consistently crashes daily

2017-11-22 Thread Steve Yates 
Any chance it had a 32 bit install and you manually upgraded to 64?  I believe 
pfSense recommends a wipe and reinstall in that case.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Liwei
Sent: Wednesday, November 22, 2017 8:08 AM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] pfSense 2.4 consistently crashes daily

On Tue, 21 Nov 2017 at 01:08 WebDawg  wrote:

> It should work though.  A great many people virtualize pfSense:
>
> https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
>
> Here is some more information:
>
> https://doc.pfsense.org/index.php/VirtIO_Driver_Support
> https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
> https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox
>
> I know what it is like to ask for support and see people stop helping
> because something is virtualized.  I have seen bad code fail in
> virtualization situations only to here 'do not virtualize'.
>
> From what I know, BSD has trouble with NIC interfaces and such.  Do
> you have any limiters or QOS installed?  I would take a look at the
> nic interfaces first.  Can you actively monitor the log to look for
> errors once the VM is booted?
>
> I virtualized pfSense on proxmox about a year ago and BSD hated the
> cpu timers and such.  I would get so many issues from it until I
> figured it out but everything was plain as day in the kernel messages
> that were outputted.
>
> There is an ova file available via the gold subscription:
>
> https://doc.pfsense.org/index.php/VMware_Appliance
>
> You need to get more information for me to help further.  It would be
> great to get a copy of some logs.
>
> Here is a XenServer thread:
> https://forum.pfsense.org/index.php?topic=88467
>
> Last time I virtualized the big deal was hvm nic vs pvhvm NIC.  You
> could do limiters on one (I think hvm) but the NIC's become CPU bound
> because of how HVM works.  I could only push like 10-30 mbits out of
> an i3 processor.
>
> I do not know if this has been solved, or if it is solvable.  pfSense
> follows FreeBSD so most of the fixes for this come from FreeBSD,
> though pfSense had/has some of its own kernel hacks.
>
>
>
Hi Vick, thanks for the assistance, nonetheless!

Hi WebDawg,
Yeah, I guessed as much that the problem should be on my side, because
something this fatal should already be widely reported.

I don't have any limiters or QoS set. I've set up logging of the serial
port so at least I know what are the events leading up to the crash.
Nothing interesting though, it just... happens. How do I set up log
monitoring? My guess is I'll probably have to turn on remote syslog and log
over. Will set up when I get the chance.

The odd thing is this is a 7+ years old setup (but we did do a fresh
install of 2.3 when we upgraded hardware 1+ years ago), and we never had
any serious issues. In fact it was purring along nicely on 2.3 since it was
first installed, until we upgraded to 2.4.

I'm pretty confident of the hardware since it is only a year old, the
other VMs are not having any issues, and reverting to 2.3 works fine. Thus
based on a hunch I decided to remove a couple of bridge interfaces
(bridging our oVPN tap interfaces to the main and private LANs) when I sent
my first email to the list.

The crashes haven't occurred since then for 2 days. I'm not sure if it
is a coincidence or not, but it does seem like my configuration may be
triggering some bug. Or I may have mis-configured something.

I'll continue to iterate things around to narrow down the problem, but
given that I have to wait a few days after each change to be sure on
whether it crashes or not, any suggestion is very welcome!

Warm regards,
Liwei
-- 
Clear Skies,LiweiCo-Founder, CTO

TinyMOS


 
 

21 Heng Mui Keng Terrace, Level 1 The Hangar, Singapore 119613
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread ibrahim uçar 
Well also I just want to say that if you don't have a router or another
device between your pfsense and users like below scenario just leave it
blank :)


ISP > pfSense > Users




--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Wed, Nov 22, 2017 at 6:47 PM, ibrahim uçar  wrote:

> *I have never used ...*
>
>
>
>
> --
>
> *İbrahim UÇAR*
>
> Blogger |  https://lifeoverlinux.com 
>
> On Wed, Nov 22, 2017 at 6:47 PM, ibrahim uçar 
> wrote:
>
>> I really don't know how works Mac filtering options. I have ever used
>> before this option. If someone knows what really do this option then they
>> can tell you via mail.
>>
>> Just leave it blank if you don't need it. Usually this option not using.
>>
>>
>>
>>
>> --
>>
>> *İbrahim UÇAR*
>>
>> Blogger |  https://lifeoverlinux.com 
>>
>> On Wed, Nov 22, 2017 at 5:52 PM, 3y3lop <3y3...@gmail.com> wrote:
>>
>>> Ibrahim,
>>>
>>> & How to Macc Filtering, whether to check on or leave blank?  Thank's.
>>>
>>> Regards,
>>> Cyclop
>>>
>>> On Wed, Nov 22, 2017 at 23:29 ibrahim uçar  wrote:
>>>
>>> > Yes, This option mostly comes disable at captive portal. So you need to
>>> > enable it by clicking on it.
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> >
>>> > *İbrahim UÇAR*
>>> >
>>> > Blogger |  https://lifeoverlinux.com 
>>> >
>>> > On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote:
>>> >
>>> > > Hii All,
>>> > >
>>> > > Thank You for informastion?
>>> > >
>>> > > Question:
>>> > > Does it have to be checked? on Concurrent users logins?,
>>> > >
>>> > > Regards
>>> > > cyclop
>>> > >
>>> > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho 
>>> > > wrote:
>>> > >
>>> > > > Thanks Ibrahim
>>> > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > > Regards.
>>> > > >
>>> > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar <
>>> ucribra...@gmail.com>
>>> > > > wrote:
>>> > > >
>>> > > > > No sir, I only know this solution to solve that problem, I hope
>>> > someone
>>> > > > > knows another solution to help you :)
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > > --
>>> > > > >
>>> > > > > *İbrahim UÇAR*
>>> > > > >
>>> > > > > Blogger |  https://lifeoverlinux.com 
>>> > > > >
>>> > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <
>>> > kleb.li...@gmail.com
>>> > > >
>>> > > > > wrote:
>>> > > > >
>>> > > > > > Thanks Ibrahim...
>>> > > > > >
>>> > > > > > Do you know if this is only way to do this ?
>>> > > > > > Because this option "Disable Concurrent user logins" it is
>>> fine but
>>> > > I'd
>>> > > > > > like that the first one had the "voucher+mac" and nobody can't
>>> > > connect
>>> > > > > > after.
>>> > > > > >
>>> > > > > >
>>> > > > > > Thanks again.
>>> > > > > >
>>> > > > > >
>>> > > > > > Regards.
>>> > > > > >
>>> > > > > >
>>> > > > > >
>>> > > > > >
>>> > > > > >
>>> > > > > >
>>> > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <
>>> > ucribra...@gmail.com
>>> > > >
>>> > > > > > wrote:
>>> > > > > >
>>> > > > > > > If you don't want to many users login with the same same
>>> voucher
>>> > or
>>> > > > > > > username and password, you should enable the "Concurrent
>>> users
>>> > > > logins"
>>> > > > > > > option. After that everyone will login captive portal with
>>> their
>>> > > own
>>> > > > > > > voucher or username and password.
>>> > > > > > >
>>> > > > > > >
>>> > > > > > >
>>> > > > > > >
>>> > > > > > >
>>> > > > > > >
>>> > > > > > > --
>>> > > > > > >
>>> > > > > > > *İbrahim UÇAR*
>>> > > > > > >
>>> > > > > > > Blogger |  https://lifeoverlinux.com <
>>> http://lifeoverlinux.com>
>>> > > > > > >
>>> > > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
>>> > > > kleb.li...@gmail.com
>>> > > > > >
>>> > > > > > > wrote:
>>> > > > > > >
>>> > > > > > > > Hello,
>>> > > > > > > >
>>> > > > > > > >
>>> > > > > > > >  In my Captive Portal I have many people share the
>>> same
>>> > > > > > > voucher...
>>> > > > > > > > Any idea to resolve this case ?
>>> > > > > > > >
>>> > > > > > > > Big problem for us
>>> > > > > > > >
>>> > > > > > > >
>>> > > > > > > > Best Regards
>>> > > > > > > > --
>>> > > > > > > >
>>> > > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
>>> > > > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
>>> > > **LPIC-1  |
>>> > > > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell
>>> CLA
>>> > 11 *
>>> > > > > *|* *
>>> > > > > > > > Novell
>>> > > > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
>>> > > > > > > > ___
>>> > > > > > > > pfSense mailing list
>>> > > > > > > > https://lists.pfsense.org/mailman/listinfo/list
>>> > > > > > > > Support the project with Gold! https://pfsense.org/gold
>>> > > > > > > >
>>> > > > > > > ___
>>> > >

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread ibrahim uçar 
*I have never used ...*




--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Wed, Nov 22, 2017 at 6:47 PM, ibrahim uçar  wrote:

> I really don't know how works Mac filtering options. I have ever used
> before this option. If someone knows what really do this option then they
> can tell you via mail.
>
> Just leave it blank if you don't need it. Usually this option not using.
>
>
>
>
> --
>
> *İbrahim UÇAR*
>
> Blogger |  https://lifeoverlinux.com 
>
> On Wed, Nov 22, 2017 at 5:52 PM, 3y3lop <3y3...@gmail.com> wrote:
>
>> Ibrahim,
>>
>> & How to Macc Filtering, whether to check on or leave blank?  Thank's.
>>
>> Regards,
>> Cyclop
>>
>> On Wed, Nov 22, 2017 at 23:29 ibrahim uçar  wrote:
>>
>> > Yes, This option mostly comes disable at captive portal. So you need to
>> > enable it by clicking on it.
>> >
>> >
>> >
>> >
>> > --
>> >
>> > *İbrahim UÇAR*
>> >
>> > Blogger |  https://lifeoverlinux.com 
>> >
>> > On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote:
>> >
>> > > Hii All,
>> > >
>> > > Thank You for informastion?
>> > >
>> > > Question:
>> > > Does it have to be checked? on Concurrent users logins?,
>> > >
>> > > Regards
>> > > cyclop
>> > >
>> > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho 
>> > > wrote:
>> > >
>> > > > Thanks Ibrahim
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > Regards.
>> > > >
>> > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar > >
>> > > > wrote:
>> > > >
>> > > > > No sir, I only know this solution to solve that problem, I hope
>> > someone
>> > > > > knows another solution to help you :)
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > >
>> > > > > *İbrahim UÇAR*
>> > > > >
>> > > > > Blogger |  https://lifeoverlinux.com 
>> > > > >
>> > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <
>> > kleb.li...@gmail.com
>> > > >
>> > > > > wrote:
>> > > > >
>> > > > > > Thanks Ibrahim...
>> > > > > >
>> > > > > > Do you know if this is only way to do this ?
>> > > > > > Because this option "Disable Concurrent user logins" it is fine
>> but
>> > > I'd
>> > > > > > like that the first one had the "voucher+mac" and nobody can't
>> > > connect
>> > > > > > after.
>> > > > > >
>> > > > > >
>> > > > > > Thanks again.
>> > > > > >
>> > > > > >
>> > > > > > Regards.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <
>> > ucribra...@gmail.com
>> > > >
>> > > > > > wrote:
>> > > > > >
>> > > > > > > If you don't want to many users login with the same same
>> voucher
>> > or
>> > > > > > > username and password, you should enable the "Concurrent users
>> > > > logins"
>> > > > > > > option. After that everyone will login captive portal with
>> their
>> > > own
>> > > > > > > voucher or username and password.
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > > --
>> > > > > > >
>> > > > > > > *İbrahim UÇAR*
>> > > > > > >
>> > > > > > > Blogger |  https://lifeoverlinux.com <
>> http://lifeoverlinux.com>
>> > > > > > >
>> > > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
>> > > > kleb.li...@gmail.com
>> > > > > >
>> > > > > > > wrote:
>> > > > > > >
>> > > > > > > > Hello,
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >  In my Captive Portal I have many people share the
>> same
>> > > > > > > voucher...
>> > > > > > > > Any idea to resolve this case ?
>> > > > > > > >
>> > > > > > > > Big problem for us
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > Best Regards
>> > > > > > > > --
>> > > > > > > >
>> > > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
>> > > > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
>> > > **LPIC-1  |
>> > > > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA
>> > 11 *
>> > > > > *|* *
>> > > > > > > > Novell
>> > > > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
>> > > > > > > > ___
>> > > > > > > > pfSense mailing list
>> > > > > > > > https://lists.pfsense.org/mailman/listinfo/list
>> > > > > > > > Support the project with Gold! https://pfsense.org/gold
>> > > > > > > >
>> > > > > > > ___
>> > > > > > > pfSense mailing list
>> > > > > > > https://lists.pfsense.org/mailman/listinfo/list
>> > > > > > > Support the project with Gold! https://pfsense.org/gold
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > --
>> > > > > >
>> > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
>> > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
>> **LPIC-1  |
>> > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11
>> *
>> > > *|* *
>> > > > > > Novell
>> > > > > > DCTS * *|* * ITIL

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread ibrahim uçar 
I really don't know how works Mac filtering options. I have ever used
before this option. If someone knows what really do this option then they
can tell you via mail.

Just leave it blank if you don't need it. Usually this option not using.




--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Wed, Nov 22, 2017 at 5:52 PM, 3y3lop <3y3...@gmail.com> wrote:

> Ibrahim,
>
> & How to Macc Filtering, whether to check on or leave blank?  Thank's.
>
> Regards,
> Cyclop
>
> On Wed, Nov 22, 2017 at 23:29 ibrahim uçar  wrote:
>
> > Yes, This option mostly comes disable at captive portal. So you need to
> > enable it by clicking on it.
> >
> >
> >
> >
> > --
> >
> > *İbrahim UÇAR*
> >
> > Blogger |  https://lifeoverlinux.com 
> >
> > On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote:
> >
> > > Hii All,
> > >
> > > Thank You for informastion?
> > >
> > > Question:
> > > Does it have to be checked? on Concurrent users logins?,
> > >
> > > Regards
> > > cyclop
> > >
> > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho 
> > > wrote:
> > >
> > > > Thanks Ibrahim
> > > >
> > > >
> > > >
> > > >
> > > > Regards.
> > > >
> > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar 
> > > > wrote:
> > > >
> > > > > No sir, I only know this solution to solve that problem, I hope
> > someone
> > > > > knows another solution to help you :)
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > *İbrahim UÇAR*
> > > > >
> > > > > Blogger |  https://lifeoverlinux.com 
> > > > >
> > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <
> > kleb.li...@gmail.com
> > > >
> > > > > wrote:
> > > > >
> > > > > > Thanks Ibrahim...
> > > > > >
> > > > > > Do you know if this is only way to do this ?
> > > > > > Because this option "Disable Concurrent user logins" it is fine
> but
> > > I'd
> > > > > > like that the first one had the "voucher+mac" and nobody can't
> > > connect
> > > > > > after.
> > > > > >
> > > > > >
> > > > > > Thanks again.
> > > > > >
> > > > > >
> > > > > > Regards.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <
> > ucribra...@gmail.com
> > > >
> > > > > > wrote:
> > > > > >
> > > > > > > If you don't want to many users login with the same same
> voucher
> > or
> > > > > > > username and password, you should enable the "Concurrent users
> > > > logins"
> > > > > > > option. After that everyone will login captive portal with
> their
> > > own
> > > > > > > voucher or username and password.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > *İbrahim UÇAR*
> > > > > > >
> > > > > > > Blogger |  https://lifeoverlinux.com  >
> > > > > > >
> > > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
> > > > kleb.li...@gmail.com
> > > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Hello,
> > > > > > > >
> > > > > > > >
> > > > > > > >  In my Captive Portal I have many people share the
> same
> > > > > > > voucher...
> > > > > > > > Any idea to resolve this case ?
> > > > > > > >
> > > > > > > > Big problem for us
> > > > > > > >
> > > > > > > >
> > > > > > > > Best Regards
> > > > > > > > --
> > > > > > > >
> > > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
> > > **LPIC-1  |
> > > > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA
> > 11 *
> > > > > *|* *
> > > > > > > > Novell
> > > > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > > > > ___
> > > > > > > > pfSense mailing list
> > > > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > > > >
> > > > > > > ___
> > > > > > > pfSense mailing list
> > > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
> **LPIC-1  |
> > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 *
> > > *|* *
> > > > > > Novell
> > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > > ___
> > > > > > pfSense mailing list
> > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > >
> > > > > ___
> > > > > pfSense mailing list
> > > > >

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread 3y3lop 
Ibrahim,

& How to Macc Filtering, whether to check on or leave blank?  Thank's.

Regards,
Cyclop

On Wed, Nov 22, 2017 at 23:29 ibrahim uçar  wrote:

> Yes, This option mostly comes disable at captive portal. So you need to
> enable it by clicking on it.
>
>
>
>
> --
>
> *İbrahim UÇAR*
>
> Blogger |  https://lifeoverlinux.com 
>
> On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote:
>
> > Hii All,
> >
> > Thank You for informastion?
> >
> > Question:
> > Does it have to be checked? on Concurrent users logins?,
> >
> > Regards
> > cyclop
> >
> > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho 
> > wrote:
> >
> > > Thanks Ibrahim
> > >
> > >
> > >
> > >
> > > Regards.
> > >
> > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar 
> > > wrote:
> > >
> > > > No sir, I only know this solution to solve that problem, I hope
> someone
> > > > knows another solution to help you :)
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > *İbrahim UÇAR*
> > > >
> > > > Blogger |  https://lifeoverlinux.com 
> > > >
> > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <
> kleb.li...@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > Thanks Ibrahim...
> > > > >
> > > > > Do you know if this is only way to do this ?
> > > > > Because this option "Disable Concurrent user logins" it is fine but
> > I'd
> > > > > like that the first one had the "voucher+mac" and nobody can't
> > connect
> > > > > after.
> > > > >
> > > > >
> > > > > Thanks again.
> > > > >
> > > > >
> > > > > Regards.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <
> ucribra...@gmail.com
> > >
> > > > > wrote:
> > > > >
> > > > > > If you don't want to many users login with the same same voucher
> or
> > > > > > username and password, you should enable the "Concurrent users
> > > logins"
> > > > > > option. After that everyone will login captive portal with their
> > own
> > > > > > voucher or username and password.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > *İbrahim UÇAR*
> > > > > >
> > > > > > Blogger |  https://lifeoverlinux.com 
> > > > > >
> > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
> > > kleb.li...@gmail.com
> > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > >
> > > > > > >  In my Captive Portal I have many people share the same
> > > > > > voucher...
> > > > > > > Any idea to resolve this case ?
> > > > > > >
> > > > > > > Big problem for us
> > > > > > >
> > > > > > >
> > > > > > > Best Regards
> > > > > > > --
> > > > > > >
> > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
> > **LPIC-1  |
> > > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA
> 11 *
> > > > *|* *
> > > > > > > Novell
> > > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > > > ___
> > > > > > > pfSense mailing list
> > > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > > >
> > > > > > ___
> > > > > > pfSense mailing list
> > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 *
> > *|* *
> > > > > Novell
> > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > ___
> > > > > pfSense mailing list
> > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > Support the project with Gold! https://pfsense.org/gold
> > > > >
> > > > ___
> > > > pfSense mailing list
> > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > Support the project with Gold! https://pfsense.org/gold
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* *
> > > Novell
> > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> >
> > --
> > cyclop
> > ___
> > pfSense mailing list
> >

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread 3y3lop 
Ok, Thank You Ibrahim.


Regards,
cyclop

On Wed, Nov 22, 2017 at 23:29 ibrahim uçar  wrote:

> Yes, This option mostly comes disable at captive portal. So you need to
> enable it by clicking on it.
>
>
>
>
> --
>
> *İbrahim UÇAR*
>
> Blogger |  https://lifeoverlinux.com 
>
> On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote:
>
> > Hii All,
> >
> > Thank You for informastion?
> >
> > Question:
> > Does it have to be checked? on Concurrent users logins?,
> >
> > Regards
> > cyclop
> >
> > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho 
> > wrote:
> >
> > > Thanks Ibrahim
> > >
> > >
> > >
> > >
> > > Regards.
> > >
> > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar 
> > > wrote:
> > >
> > > > No sir, I only know this solution to solve that problem, I hope
> someone
> > > > knows another solution to help you :)
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > *İbrahim UÇAR*
> > > >
> > > > Blogger |  https://lifeoverlinux.com 
> > > >
> > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <
> kleb.li...@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > Thanks Ibrahim...
> > > > >
> > > > > Do you know if this is only way to do this ?
> > > > > Because this option "Disable Concurrent user logins" it is fine but
> > I'd
> > > > > like that the first one had the "voucher+mac" and nobody can't
> > connect
> > > > > after.
> > > > >
> > > > >
> > > > > Thanks again.
> > > > >
> > > > >
> > > > > Regards.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <
> ucribra...@gmail.com
> > >
> > > > > wrote:
> > > > >
> > > > > > If you don't want to many users login with the same same voucher
> or
> > > > > > username and password, you should enable the "Concurrent users
> > > logins"
> > > > > > option. After that everyone will login captive portal with their
> > own
> > > > > > voucher or username and password.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > *İbrahim UÇAR*
> > > > > >
> > > > > > Blogger |  https://lifeoverlinux.com 
> > > > > >
> > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
> > > kleb.li...@gmail.com
> > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > >
> > > > > > >  In my Captive Portal I have many people share the same
> > > > > > voucher...
> > > > > > > Any idea to resolve this case ?
> > > > > > >
> > > > > > > Big problem for us
> > > > > > >
> > > > > > >
> > > > > > > Best Regards
> > > > > > > --
> > > > > > >
> > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
> > **LPIC-1  |
> > > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA
> 11 *
> > > > *|* *
> > > > > > > Novell
> > > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > > > ___
> > > > > > > pfSense mailing list
> > > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > > >
> > > > > > ___
> > > > > > pfSense mailing list
> > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 *
> > *|* *
> > > > > Novell
> > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > ___
> > > > > pfSense mailing list
> > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > Support the project with Gold! https://pfsense.org/gold
> > > > >
> > > > ___
> > > > pfSense mailing list
> > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > Support the project with Gold! https://pfsense.org/gold
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* *
> > > Novell
> > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> >
> > --
> > cyclop
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold!

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread ibrahim uçar 
Yes, This option mostly comes disable at captive portal. So you need to
enable it by clicking on it.




--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote:

> Hii All,
>
> Thank You for informastion?
>
> Question:
> Does it have to be checked? on Concurrent users logins?,
>
> Regards
> cyclop
>
> On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho 
> wrote:
>
> > Thanks Ibrahim
> >
> >
> >
> >
> > Regards.
> >
> > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar 
> > wrote:
> >
> > > No sir, I only know this solution to solve that problem, I hope someone
> > > knows another solution to help you :)
> > >
> > >
> > >
> > >
> > > --
> > >
> > > *İbrahim UÇAR*
> > >
> > > Blogger |  https://lifeoverlinux.com 
> > >
> > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho  >
> > > wrote:
> > >
> > > > Thanks Ibrahim...
> > > >
> > > > Do you know if this is only way to do this ?
> > > > Because this option "Disable Concurrent user logins" it is fine but
> I'd
> > > > like that the first one had the "voucher+mac" and nobody can't
> connect
> > > > after.
> > > >
> > > >
> > > > Thanks again.
> > > >
> > > >
> > > > Regards.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar  >
> > > > wrote:
> > > >
> > > > > If you don't want to many users login with the same same voucher or
> > > > > username and password, you should enable the "Concurrent users
> > logins"
> > > > > option. After that everyone will login captive portal with their
> own
> > > > > voucher or username and password.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > *İbrahim UÇAR*
> > > > >
> > > > > Blogger |  https://lifeoverlinux.com 
> > > > >
> > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
> > kleb.li...@gmail.com
> > > >
> > > > > wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > >
> > > > > >  In my Captive Portal I have many people share the same
> > > > > voucher...
> > > > > > Any idea to resolve this case ?
> > > > > >
> > > > > > Big problem for us
> > > > > >
> > > > > >
> > > > > > Best Regards
> > > > > > --
> > > > > >
> > > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |
> **LPIC-1  |
> > > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 *
> > > *|* *
> > > > > > Novell
> > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > > ___
> > > > > > pfSense mailing list
> > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > >
> > > > > ___
> > > > > pfSense mailing list
> > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > Support the project with Gold! https://pfsense.org/gold
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 *
> *|* *
> > > > Novell
> > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > ___
> > > > pfSense mailing list
> > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > Support the project with Gold! https://pfsense.org/gold
> > > >
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> > >
> >
> >
> >
> > --
> >
> > *Kleber da Silva CarvalhoProfissional Certificado.*
> > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* *
> > Novell
> > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
> --
> cyclop
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] The same voucher in some devices.

2017-11-22 Thread 3y3lop 
Hii All,

Thank You for informastion?

Question:
Does it have to be checked? on Concurrent users logins?,

Regards
cyclop

On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho  wrote:

> Thanks Ibrahim
>
>
>
>
> Regards.
>
> On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar 
> wrote:
>
> > No sir, I only know this solution to solve that problem, I hope someone
> > knows another solution to help you :)
> >
> >
> >
> >
> > --
> >
> > *İbrahim UÇAR*
> >
> > Blogger |  https://lifeoverlinux.com 
> >
> > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho 
> > wrote:
> >
> > > Thanks Ibrahim...
> > >
> > > Do you know if this is only way to do this ?
> > > Because this option "Disable Concurrent user logins" it is fine but I'd
> > > like that the first one had the "voucher+mac" and nobody can't connect
> > > after.
> > >
> > >
> > > Thanks again.
> > >
> > >
> > > Regards.
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar 
> > > wrote:
> > >
> > > > If you don't want to many users login with the same same voucher or
> > > > username and password, you should enable the "Concurrent users
> logins"
> > > > option. After that everyone will login captive portal with their own
> > > > voucher or username and password.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > *İbrahim UÇAR*
> > > >
> > > > Blogger |  https://lifeoverlinux.com 
> > > >
> > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <
> kleb.li...@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > >
> > > > >  In my Captive Portal I have many people share the same
> > > > voucher...
> > > > > Any idea to resolve this case ?
> > > > >
> > > > > Big problem for us
> > > > >
> > > > >
> > > > > Best Regards
> > > > > --
> > > > >
> > > > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > > > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 *
> > *|* *
> > > > > Novell
> > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > > > ___
> > > > > pfSense mailing list
> > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > Support the project with Gold! https://pfsense.org/gold
> > > > >
> > > > ___
> > > > pfSense mailing list
> > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > Support the project with Gold! https://pfsense.org/gold
> > >
> > >
> > >
> > >
> > > --
> > >
> > > *Kleber da Silva CarvalhoProfissional Certificado.*
> > > *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
> > >  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* *
> > > Novell
> > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> > >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
>
>
>
> --
>
> *Kleber da Silva CarvalhoProfissional Certificado.*
> *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
>  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* *
> Novell
> DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

-- 
cyclop
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4 consistently crashes daily

2017-11-22 Thread Liwei 
On Tue, 21 Nov 2017 at 01:08 WebDawg  wrote:

> It should work though.  A great many people virtualize pfSense:
>
> https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
>
> Here is some more information:
>
> https://doc.pfsense.org/index.php/VirtIO_Driver_Support
> https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear
> https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox
>
> I know what it is like to ask for support and see people stop helping
> because something is virtualized.  I have seen bad code fail in
> virtualization situations only to here 'do not virtualize'.
>
> From what I know, BSD has trouble with NIC interfaces and such.  Do
> you have any limiters or QOS installed?  I would take a look at the
> nic interfaces first.  Can you actively monitor the log to look for
> errors once the VM is booted?
>
> I virtualized pfSense on proxmox about a year ago and BSD hated the
> cpu timers and such.  I would get so many issues from it until I
> figured it out but everything was plain as day in the kernel messages
> that were outputted.
>
> There is an ova file available via the gold subscription:
>
> https://doc.pfsense.org/index.php/VMware_Appliance
>
> You need to get more information for me to help further.  It would be
> great to get a copy of some logs.
>
> Here is a XenServer thread:
> https://forum.pfsense.org/index.php?topic=88467
>
> Last time I virtualized the big deal was hvm nic vs pvhvm NIC.  You
> could do limiters on one (I think hvm) but the NIC's become CPU bound
> because of how HVM works.  I could only push like 10-30 mbits out of
> an i3 processor.
>
> I do not know if this has been solved, or if it is solvable.  pfSense
> follows FreeBSD so most of the fixes for this come from FreeBSD,
> though pfSense had/has some of its own kernel hacks.
>
>
>
Hi Vick, thanks for the assistance, nonetheless!

Hi WebDawg,
Yeah, I guessed as much that the problem should be on my side, because
something this fatal should already be widely reported.

I don't have any limiters or QoS set. I've set up logging of the serial
port so at least I know what are the events leading up to the crash.
Nothing interesting though, it just... happens. How do I set up log
monitoring? My guess is I'll probably have to turn on remote syslog and log
over. Will set up when I get the chance.

The odd thing is this is a 7+ years old setup (but we did do a fresh
install of 2.3 when we upgraded hardware 1+ years ago), and we never had
any serious issues. In fact it was purring along nicely on 2.3 since it was
first installed, until we upgraded to 2.4.

I'm pretty confident of the hardware since it is only a year old, the
other VMs are not having any issues, and reverting to 2.3 works fine. Thus
based on a hunch I decided to remove a couple of bridge interfaces
(bridging our oVPN tap interfaces to the main and private LANs) when I sent
my first email to the list.

The crashes haven't occurred since then for 2 days. I'm not sure if it
is a coincidence or not, but it does seem like my configuration may be
triggering some bug. Or I may have mis-configured something.

I'll continue to iterate things around to narrow down the problem, but
given that I have to wait a few days after each change to be sure on
whether it crashes or not, any suggestion is very welcome!

Warm regards,
Liwei
-- 
Clear Skies,LiweiCo-Founder, CTO

TinyMOS


 
 

21 Heng Mui Keng Terrace, Level 1 The Hangar, Singapore 119613
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense 2.4.2 release

2017-11-22 Thread Doug Lytle 

I just noted that it's out.

pfSense 2.4.2 



Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold