Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Doug Lytle 
>>> I have one site working. But when I try to connect the second site it kills 
>>> the first.

I don't have anything written up, but I have this set up at home.  Three remote 
sites connect to me.

You need to make sure you issue different certificates to each end point, if 
you're sharing certs, you'll disconnect the first when trying to connect the 
second.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense 2.4.2 release

2017-11-22 Thread Doug Lytle 

I just noted that it's out.

pfSense 2.4.2 



Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Error Captive Portal

2017-11-16 Thread Doug Lytle 

On 11/16/2017 01:28 AM, Kleber Carvalho wrote:

Any idea what can I do about it ?


You could start off by providing what version you're running.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Outbound NAT rule editing in 2.4

2017-10-25 Thread Doug Lytle 

On 10/24/2017 10:12 PM, Travis Hansen wrote:

After updating to 2.4 I see this when opening all of my outbound NAT rules:
- Invalid characters detected "00". Please remove 
invalid characters and save again.

It shows that as soon as I open the rule for editing and also prevents me from 
updating the rules.  Anyone else seeing this?
travishansentravisghan...@yahoo.com
___




I see that 2.4.1 is now available, you may want to update and try it again.

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense virtualisation

2017-10-10 Thread Doug Lytle 
>>> Or do you think I am absolutely crazy? Or maybe Just one Hardware and one 
>>> virtual?

Quite a few of my firewalls are virtualized using ESXI and have done so for a 
few years now.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3.2 upgrade only offers 2.3.3_1

2017-07-28 Thread Doug Lytle 

On 07/28/2017 04:53 AM, Brian Candler wrote:


And oddly - an old 2.2.4 box I have access to is offering direct 
upgrade to 2.3.4 (although not 2.3.4_1) 


I'd just upgrade to what was on offer.

If, after the 2.3.3_1 upgrade, the 2.4.x series isn't on offer, I'd post 
back to dig into it further.


Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Unable to decompress pfsense ISO file

2017-04-27 Thread Doug Lytle 
>>> The OS upon which I ran gunzip, is UbuntuMATE Linux 16.04.

>>> Please advise.

Check the sha256 checksum.

I just did a download from the New York server and the checksum passed and I 
was able to gunzip it.  I'm running Linux Mint 17


sha256sum pfSense-CE-2.3.3-RELEASE-i386.iso.gz

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Running newer then released?

2017-03-03 Thread Doug Lytle 

My home pfSense is reporting:

2.3.3-RELEASE (amd64)
built on Thu Feb 16 06:59:53 CST 2017
FreeBSD 10.3-RELEASE-p16

The system is on a later version than
the official release.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

2016-09-30 Thread Doug Lytle 

On 09/30/2016 11:53 AM, Steve Yates wrote:

So you could keep your list somewhere else on a web server.


This is what I do.

And I grab the list from

http://www.wizcrafts.net/chinese-iptables-blocklist.html

Once a month

Doug


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] previous / older pfSense release image files

2016-07-28 Thread Doug Lytle 
>>> On Jul 28, 2016, at 1:50 PM, Jim Pingle li...@pingle.org wrote:
>>> https://atxfiles.pfsense.org/mirror/downloads/old/


Thanks Jim!

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] previous / older pfSense release image files

2016-07-28 Thread Doug Lytle 
>>>  On Jul 13, 2016, at 7:41 AM, Kevin Tollison ktolli...@gmail.com wrote:
>>>  Go to the mirrors and look for a folder called 'old'. They are all there.

This would appear to be no longer be the case.  Looking for download 2.3.1 for 
memstick and none of the searched mirrors have an old folder; I do see plenty 
of references to it on my Google searching.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense 2.3 upgrades timeout

2016-06-18 Thread Doug Lytle 
I've got a pfSense box on a VERY slow DSL connection.  Ever since 
upgrading to the 2.3 series, any subsequent releases, are failing to 
update.  In today's case I get everything but the kernel to download:


pfSense-kernel-pfSense-2.3.1_5.txz: Operation timed out

Is there a way to disable or extend this watchdog timer when pulling 
down updates?  It is downloading, but it will take a bit.


Thanks!

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Why can't we define a point-to-point OpenVPN using only IPv6?

2016-05-24 Thread Doug Lytle 
The below was recently posted on the OpenVPN mailing list:

"Hi,

On Wed, May 04, 2016 at 03:44:45PM -0400, Ryan Whelan wrote:
> Is the IPv4 requirement something thats planned to be removed in future
> releases?
> 
> I don't assume many people have adopted IPv6 yet.

Ensuring stable, robust and complete IPv6 (+IPv4) support was and is
the primary goal for 2.4

IPv6-only was a non-goal so far, so nobody invested time into it yet -
but of course, eventually nobody wants to bother with IPv4 anymore :-)

Realistically, though, there's more pressing things to work on - like
cipher negotiation (so you can upgrade encryption without having to
roll out new configs to all your clients), actually *releasing* 2.4, etc.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany"
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Peer to Peer Stats [OpenVPN]

2016-04-19 Thread Doug Lytle 
Looks like the mailing list drops images:

https://imagebin.ca/v/2eI6vb3bhBaI
https://imagebin.ca/v/2eI7AaDaCSm2

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Peer to Peer Stats [OpenVPN]

2016-04-19 Thread Doug Lytle 
Has anybody else noted that the Peer to Peer Server Instance Statistics, when 
it comes to OpenVPN at least, isn't always accurate?

I've noted this under 2.2.6 and now under 2.3

It's showing that I have 2 OpenVPN instances down, but I've just confirmed they 
are not.

Screenshots attached. Last names and first 2 octets of the IP Address removed:

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] openvpn site to site clients not communicating ??

2016-02-18 Thread Doug Lytle 
>>> Hi, This option is not available on a site to site ssl/tls server

If it's a fully routed network, my next step would be to use traceroute on both 
ends to see where it's getting hung up at.

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] openvpn site to site clients not communicating ??

2016-02-18 Thread Doug Lytle 
>>> On Feb 18, 2016, at 1:01 PM, Richard Lussier richard.luss...@inter-node.com 
>>> wrote:

>>> each client connects well to server but wont reach other clients..
>>> any ideas ?

On the OpenVPN Server did you check the option:

Allow communication between clients connected to this server

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

2015-12-12 Thread Doug Lytle 
It would appear you're just interested in being confrontational.  I have you 
have a nice day.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

2015-12-10 Thread Doug Lytle 
It's not always exactly what somebody wants that may be the best thing to do.  
Offering other options is what I was doing, I'm sorry you didn't approve.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

2015-12-09 Thread Doug Lytle 
- On Dec 8, 2015, at 5:41 PM,  pfse...@douwifi.com wrote:

> Doug what doese that link have to do with Pfsense and how does it help him 
> configure pfsense.
> 
> 
> Robert


Apparently you didn't review the link, I'll quote a portion of it:


"How to prevent and mititgate DDoS part 1?"

"Hardware and software For the demonstration we will use pfSense 2.1"

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.2.5-RELEASE Now Available!

2015-11-07 Thread Doug Lytle 

I see 2.2.5 is available and didn't see any mention of it here.

https://blog.pfsense.org/

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Limiter eventually disables interface?

2015-10-02 Thread Doug Lytle 
>>> On Oct 2, 2015, at 2:10 PM, //de digitalextrem...@gmail.com wrote:

>>> Every few days, without any immediately discernible reason, the limited 
>>> interface ( and only that interface ) becomes unusable. The link is up, 
>>> and it seems that 2-4k of traffic is trickling across the interface, but 
>>> it's impossible to ping out.

I've seen the same thing, but was more extreme.  My DMZ wouldn't pass data, 
rebooting the pfsense virtual machine prevented all traffic from passing.  
Removing the limiter didn't help either.  I ended up spending the day reloading 
the virtual machine and avoided limiters.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Cannot Spoof MAC

2015-07-12 Thread Doug Lytle 

Chris Buechler wrote:

Is it link cycling on that NIC?


I don't think so, but I will test that this morning and let you know.

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Cannot Spoof MAC

2015-07-12 Thread Doug Lytle 

Jim Thompson wrote:

You can run pfSense on what you wish, but the release process doesn't test this 
platform.


Understood,

Thanks for the feedback.

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Cannot Spoof MAC

2015-07-12 Thread Doug Lytle 

Chris Buechler wrote:

Is it link cycling on that NIC?


I'm guessing you're meaning is the NIC coming up and going down?  If so, 
I've always called this either flapping or bouncing.  And no, it stays 
up during the whole time.


Logs from pfSense's DHCP below:

http://pastebin.com/FG1qRuXv

Doug



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Cannot Spoof MAC

2015-07-11 Thread Doug Lytle 

Everyone,

I talked a small automotive shop into replacing their aging pfSense 
computer with a GA-J1900N-D3V.  They purchased an all-in-one unit from 
mini-box.com


http://www.mini-box.com/SYS-M350-Gigabyte-J1900N-D3V-picoPSU-90-60W
http://www.gigabyte.com/products/product-page.aspx?pid=4918#ov

I got it loaded up, restored their 2.2.3 config from the old system and 
took it over after work the following day.  I ended up spending over an 
hour trying to get that little system to pick up a DHCP address for 
their Comcast router.


I finally gave up and put the old system back in.

Working on it today, I've tracked it down to pfSense not being able to 
spoof their MAC address.  When trying to spoof any address, I get the 
below (ISC DHCP logs)


Jul 11 11:03:30 dhcpd dhcpd: DHCPDISCOVER from 00:e0:7d:c5:18:7f 
(pfsense) via eth0
Jul 11 11:03:30 dhcpd dhcpd: DHCPOFFER on 192.168.145.103 to 
00:e0:7d:c5:18:7f (pfsense) via eth0
Jul 11 11:03:30 dhcpd dhcpd: DHCPDISCOVER from 00:e0:7d:c5:18:7f 
(pfsense) via eth0
Jul 11 11:03:30 dhcpd dhcpd: DHCPOFFER on 192.168.145.250 to 
00:e0:7d:c5:18:7f (pfsense) via eth0
Jul 11 11:03:34 dhcpd dhcpd: DHCPDISCOVER from 00:e0:7d:c5:18:7f 
(pfsense) via eth0
Jul 11 11:03:34 dhcpd dhcpd: DHCPOFFER on 192.168.145.103 to 
00:e0:7d:c5:18:7f (pfsense) via eth0
Jul 11 11:03:34 dhcpd dhcpd: DHCPDISCOVER from 00:e0:7d:c5:18:7f 
(pfsense) via eth0



And it just continues until pfsense gives up.  Removing the spoofed mac 
and rebooting, pfsense immediately acknowledges the address being offered.


It isn't a requirement that I spoof the address, but thought I'd post 
this to see if maybe I should post a bug report.  I've also tried 
pfsense nightly 2.2.4 build with the same results.


Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Cannot Spoof MAC

2015-07-11 Thread Doug Lytle 

compdoc wrote:

I've heard, that you can also just clear the ARP table of the modem to do
the same thing, but power off/on might be easier.


I thought that as well until I saw that I could reproduce it at home on 
my ISC DHCP server.



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Cannot Spoof MAC

2015-07-11 Thread Doug Lytle 

Ryan Coleman wrote:

Stupid question: but did you restart the firewall after putting the spoof in 
place?


Yes.

Again,

This also happens on my local network, using ICS DHCP instead of the 
Comcast router.  pfSense just never acknowledges the address and keeps 
making the request over and over.


I plan on putting this machine into place, Monday after work without 
spoofing; hopefully without issue.


Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPSec with Cisco Client

2015-06-07 Thread Doug Lytle 

Ryan Coleman wrote:

last image


Ryan,

Looks like the list stripped the images.

Doug

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] testing email

2015-04-08 Thread Doug Lytle 

Jeremy Porter wrote:

We are having some problem with apparent bounces, this is a test.  No
need to reply.
I'll announce when everything is back to normal.





Same here,

Viruses being detected by my ASSP spam filter coming in from the list 
and denying delivery.  Had to re-enable my account this AM.


Doug

--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] New pfSense 2.2 install

2015-01-30 Thread Doug Lytle 

Johan Hendriks wrote:

Sorry for the offtopic question, but what do you do with this list?
Do you block all traffic coming from those ip addresses. or just to 
some services ?


All traffic from and to

Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] New pfSense 2.2 install

2015-01-29 Thread Doug Lytle 

I'm building a new 64bit pfSense 2.2, running under ESXi 5.5.

I've noted 2 things.

1.)  Bulk Alias imports button no longer exist on the main alias page.
2.)  When trying to create an alias that links to an online listing of 
blacklisted IP addresses, the alias that was just created disappears 
when hitting apply.


The link I'm working with is:

http://www.malwaredomainlist.com/hostslist/ip.txt

The alias name is blacklistIPs

The option selected is:

URL Table (IPs)

Suggestions?

Doug

--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.2-RELEASE now available!

2015-01-29 Thread Doug Lytle 

Chris Buechler wrote:

what specifically
do you mean? The limiters are gone from FirewallTraffic Shaper,
Limiters?


Correct.

It was as if I had never set it.  Since it's my home firewall, wasn't a 
big deal, just thought I'd let someone know.


Doug

--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] New pfSense 2.2 install

2015-01-29 Thread Doug Lytle 

Jim Pingle wrote:

It's still there on all mine, on each tab at the bottom there is an up
arrow (^) and it opens the bulk import page.


And there it is!  Icon little different then the docs say, but to be 
honest, I must be blind as a 



2.)  When trying to create an alias that links to an online listing of
blacklisted IP addresses, the alias that was just created disappears
when hitting apply.

Look on the URLs tab or all tab not the IP tab.



And again, you are correct!  Thank you for your quick response!

Doug

--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] New pfSense 2.2 install

2015-01-29 Thread Doug Lytle 

Chris L wrote:

Pretty sure you can see that info in Diagnostics  Tables


And that it did.

Thanks,

Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.2-RELEASE now available!

2015-01-26 Thread Doug Lytle 
  On Jan 26, 2015, at 6:43 AM, Tim Hogan t...@hoganzoo.com wrote:
 After running those commands all of my previous data was available.

Cool!

I'll give that a go,

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.2-RELEASE now available!

2015-01-26 Thread Doug Lytle 
I've also noted this morning that the 3 systems I've upgraded, all of them have 
lost their limiter rules.

I've read the release notes, nothing that I saw stated they'd be removed.

Doug
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Message could not be delivered

2015-01-26 Thread Doug Lytle 

Geoff Jankowski wrote:

Am I the only person to receive this?



No,

But my spam filter has been catching them.

Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.2-RELEASE now available!

2015-01-25 Thread Doug Lytle 

Doug Lytle wrote:
've just re-installed the package, I'll see if that fixes it. 


Also of note:

Options selected for interfaces to monitor and log rotation never get saved.

Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] issues registering VoIP phone through pfSense

2015-01-20 Thread Doug Lytle 

marc matthes wrote:
I have Nat turned on and to register with proxy enabled but I can’t 
get the phone  to register.


Did you also turn NAT on in sip.conf for the extension in Asterisk?  It 
is necessary.


Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] little problem with pfsense

2014-11-24 Thread Doug Lytle 
 What happens (only for the win7 hosts, other are perfects, bad win7 nasty 
 nasty) after a few second, and especially when you launch i.e. win7 seem to 
 make some kind of new dhcp request

Just a hunch,

On the Windows 7 machine, go into Control Panel = Internet Options = 
Connections Tab = Lan Settings

Uncheck 'Automatically Detect Settings'

Doug
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Not able to access https sites

2014-11-13 Thread Doug Lytle 

Rupesh Gujrathi wrote:
is WPAD is necessary for the https sites to work? because I am able to 
access http sites.


A WPAD file is an instructions text file that tells your client's 
browsers what should and shouldn't be proxied.  The below is a portion 
of the WPAD.DAT file from work:


cat WPAD.DAT
function FindProxyForURL(url, host) {
   //
   // Autoconfigure script for proxy settings created 2014.07.29.
   //
   // Our proxy does not support the following protocols:
   if (shExpMatch(url,afp://*)) {return DIRECT;}
   if (shExpMatch(url,file://*)) {return DIRECT;}
   if (shExpMatch(url,ftp://*;)) {return DIRECT;}
   if (shExpMatch(url,rss://*)) {return DIRECT;}
   if (shExpMatch(url,smb://*)) {return DIRECT;}
   if (shExpMatch(url,ssh://*)) {return DIRECT;}
   if (shExpMatch(url,telnet://*)) {return DIRECT;}

   // These external site(s) should not proxy:
   if (shExpMatch(url,*crl.geotrust.com/*)) {return DIRECT;}
   if (shExpMatch(url,http://adobe.com/*;)) {return DIRECT;}
   if (shExpMatch(url,https://adobe.com/*;)) {return DIRECT;}
   if (shExpMatch(url,*swupmf.adobe.com/*)) {return DIRECT;}
   if (shExpMatch(url,*swupdl.adobe.com/*)) {return DIRECT;}
   if (shExpMatch(url,*na1mbls.licenses.adobe.com/*)) {return DIRECT;}
   if (shExpMatch(url,*ims-na1.adobelogin.com/*)) {return DIRECT;}
   if (shExpMatch(url,*adobeid-na1.services.adobe.com/*)) {return 
DIRECT;}

   if (shExpMatch(url,*na1r.services.adobe.com/*)) {return DIRECT;}
   if (shExpMatch(url,*activate.adobe.com/*)) {return DIRECT;}

   // URLs within these networks are accessed via DIRECT:
   if (isInNet(host, 10.0.0.0,  255.0.0.0)) {return DIRECT;}
   if (isInNet(host, 127.0.0.0,  255.0.0.0)) {return DIRECT;}
   if (isInNet(host, 172.16.0.0,  255.240.0.0)) {return DIRECT;}
   if (isInNet(host, 192.168.0.0,  255.255.0.0)) {return DIRECT;}
   if (isInNet(host, 64.136.253.64,  255.255.255.224)) {return 
DIRECT;}


   // All other requests go through port 8080 of proxy.epiinc.inet.
   return PROXY 192.168.104.9:8080;

Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Doug Lytle 
 I did note the Code Red color scheme wraps the page header bar, putting
 Help under System.   I have such problems...

It did this for me a well, but holding the shift key down and doing a browser 
refresh fixed it.

Doug
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] vmware

2014-05-28 Thread Doug Lytle 
  With a hardware configuration of two nics wan/lan how does each vm use them?

On my home ESXi system, the computer has 3 NICs.  Each NIC is assigned to a 
virtual switch.  I have 3 Virtual switches, LAN, DMZ, Internet

Each VM is assigned to one of the virtual switches, but in the case of my 
pfSense VM, it is assigned all 3.  So, it ends up with 3 NIC(s), 1 on the LAN, 
1 on the DMZ and 1 on the Internet.

Doug
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Setup advice

2014-05-26 Thread Doug Lytle 

bri...@dlois.com wrote:
Thank you for replying. Why so much? 


At the time I started with pfSense, I didn't know better.  And, since 
space on my system isn't tight, I've never changed it.


Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Setup advice

2014-05-25 Thread Doug Lytle 

Brian Caouette wrote:

How much space should be allocated for pfsense and squid?


I don't use squid, but my pfsense VM total disk assigned in 8GB.

Doug


--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Poweredge 2850

2014-05-20 Thread Doug Lytle 
 What software is
 available to do virtual machines?

I'm currently using ESXi 5.10 Free version.

Doug
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Some packages not reinstalled after upgrade

2014-05-03 Thread Doug Lytle 

David Burgess wrote:

In any case, when all automatic package
reinstalls were finished, Quagga OSPF was not installed



Release notes states:

During the firmware update process the packages will be properly 
reinstalled. If this fails for any reason, uninstall and then reinstall 
packages to ensure that the latest version of the binaries is in use.


Doug

--
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, 
deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense 2.1.2 is released

2014-04-15 Thread Doug Lytle 
Seth Mos wrote:
 Also, if you've been using the 2.1 snapshots in 2012 and 2013 the config
 will had that setting enabled, which corresponds with your firewall
 logs. Maybe you have a upgraded config.


Thanks for the response,

I've only been using pfSense since last November.  I'll review my
settings again.

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense 2.1.2 is released

2014-04-15 Thread Doug Lytle 
Chris Buechler wrote:
 The now I notice being the key part there. Nothing related to that's
 changed. If you don't check Allow IPv6 under SystemAdvanced, you
 have a block all rule on IPv6 with logging. Things on your LAN will
 have link local addresses and spew multicast stuff. Probably want to
 configure some block rules for v6 with no logging.
 ___


I'll have to review my systems, they all probably have ipv6 enabled by
default.  And I'll review setting up some 'block silently' rules.

Thanks for your help!

Doug


-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense 2.1.2 is released

2014-04-13 Thread Doug Lytle 
Jim Thompson wrote:
 pfSense release 2.1.2 is now available.  pfSense release 2.1.2 follows less 
 than a week after pfSense release 2.1.1, and is primarily a security release.

Okay,

I've just upgraded from 2.1.1 to 2.1.2, now I notice that my firewall
logs are being spammed with IPV6 ICMP notifications.

I'm not on an IPV6 network and have all IPV6 options disabled.  Snippet
of the logs below:



Apr 13 08:26:46 lo0 Block all IPv6 (@3)
 https://192.168.145.1/diag_dns.php?host=[fe80::20c:29ff:feca:a0be] 
https://192.168.145.1/easyrule.php?action=blockint=lo0src=[fe80::20c:29ff:feca:a0be]ipproto=inet6
[fe80::20c:29ff:feca:a0be]
 https://192.168.145.1/diag_dns.php?host=[ff02::1] 
https://192.168.145.1/easyrule.php?action=passint=lo0proto=icmpv6src=[fe80::20c:29ff:feca:a0be]dst=[ff02::1]dstport=ipproto=inet6
[ff02::1]   ICMPv6


Apr 13 08:26:46  LANBlock all IPv6 (@4)
 https://192.168.145.1/diag_dns.php?host=[fe80::20c:29ff:feca:a0be] 
https://192.168.145.1/easyrule.php?action=blockint=lansrc=[fe80::20c:29ff:feca:a0be]ipproto=inet6
[fe80::20c:29ff:feca:a0be]
 https://192.168.145.1/diag_dns.php?host=[ff02::1] 
https://192.168.145.1/easyrule.php?action=passint=lanproto=icmpv6src=[fe80::20c:29ff:feca:a0be]dst=[ff02::1]dstport=ipproto=inet6
[ff02::1]   ICMPv6


Apr 13 08:26:38 lo0 Block all IPv6 (@3)  
https://192.168.145.1/diag_dns.php?host=[fe80::20c:29ff:feca:a0be] 
https://192.168.145.1/easyrule.php?action=blockint=lo0src=[fe80::20c:29ff:feca:a0be]ipproto=inet6[fe80::20c:29ff:feca:a0be]
 https://192.168.145.1/diag_dns.php?host=[ff02::1] 
https://192.168.145.1/easyrule.php?action=passint=lo0proto=icmpv6src=[fe80::20c:29ff:feca:a0be]dst=[ff02::1]dstport=ipproto=inet6
 [ff02::1]ICMPv6



I've found nothing under the logging options that I can check to disable
these log entries.

Suggestions?

As a side note:

The system is a VM under EXSi 5.10
The system is connected to 3 interfaces (LAN, WAN, DMZ)
The system is connected to my home cable modem

Thanks,

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Restoring from XML prevents VM from booting

2014-02-05 Thread Doug Lytle 
compdoc wrote:
 Every time I've
 tried VB, I've never found an option to have guests start automatically when
 the host boots

Init script using VBOXManage to start the virtual machines.  This is
what I did doing when I was using VB.  I've moved over to ESXi5 since then.

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Move existing OpenVPN

2014-01-26 Thread Doug Lytle 
Doug Lytle wrote:
 I've been trying to move my mother's firewall (itpables)/OpenVPN install
 to pfSense and am having issues finding documentation on proper setup.

I forgot to mention:

pfSense.2.1.1-PRERELEASE

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Firebox-X20e

2014-01-03 Thread Doug Lytle 
I'm looking into replacing my mother's IPTables firewall with pfsense, and am 
looking into small devices I could do this on. 

I've found the above device, but am finding very little info on it's specs. 

ebaY unit I've found: 

http://www.ebay.com/itm/WatchGuard-Firebox-X20e-Edge-Model-XP2E6-VPN-Firewall-with-Power-Supply-Used/191018310488?_trksid=p2047675.m1850_trkparms=aid%3D222002%26algo%3DSIC.FIT%26ao%3D1%26asc%3D11%26meid%3D3855543207045666091%26pid%3D100011%26prg%3D1005%26rk%3D2%26rkt%3D5%26sd%3D141119694255%26
 

Has anybody used one of these for pfsense, or does anybody have suggestions of 
a small profile device that's under $100USD that would be a good fit? 

Thanks! 

Doug 


-- 

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Firebox-X20e

2014-01-03 Thread Doug Lytle 
 https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Supported_Fireboxes
  



Thanks for both of your responses, I'll review. 

Doug 

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list