Re: [pfSense] pfSense can get to Internet but LAN cannot

2017-11-30 Thread Holger Bauer 
Hi Steve,

Any chance outbound nat got messed up, when setting up carp? Check the
settings there and check diag>states if nat works.

Holger

Am 30.11.2017 10:43 nachm. schrieb "Steve Yates" :

Short version: a PC on the LAN cannot ping the router's gateway,
though the router can ping it and get to the Internet.  Routing table looks
OK, default firewall rule isn't blocking packets (rule to allow LAN to any
is in place), and it's not a private IP address.  Looking for suggestions?

We are replacing two routers using CARP with two 4860s.  I edited
the saved configuration files to add two LAGGs, and changed the interfaces
to match the new hardware.  As I said ping/traceroute/nslookup from the
pfSense to the Internet works fine.  Route table shows the proper gateway
IP as the default.  We have tried changing off the LAGGs, no difference.  A
traceroute from the PC shows the pfSense router LAN IP as expected but not
the gateway which is the next hop.  It's as if the routing isn't sending
packets out the WAN?  I have rebooted the routers, and disabled CARP and
disconnected the second router (and changed the PC gateway accordingly).

Changing the PC to an IP on the WAN side and plugging it into the
gateway router works fine to get past the gateway.

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-24 Thread Holger Bauer 
If really the BIOS is bricked you could give this a try:
For APU1-Boards: http://pcengines.ch/lpc1aapu.htm
For APU2-Boards: http://pcengines.ch/spi1a.htm

Regards
Holger

2017-11-24 13:56 GMT+01:00 Peder Rovelstad :

> Is there a CMOS battery onboard?  Just a thought.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Elijah
> Savage
> Sent: Friday, November 24, 2017 6:01 AM
> To: 'pfSense Support and Discussion Mailing List' 
> Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate
>
> To this point, has anyone replaced the mSATA drive in these? The lights
> and everything still comes on in the front.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim
> Thompson
> Sent: Thursday, November 23, 2017 7:35 PM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate
>
> If there is no response from the bootloader (coreboot) on the serial port,
> then the hardware died, and the upgrade’s only involvement was the reboot
> at the end.
>
> Jim
>
> > On Nov 23, 2017, at 10:59 AM, Ryan Coleman 
> wrote:
> >
> > There’s likely a package you added to your APU4 that is stopping the
> upgrade.
> >
> > If you use reddit you can get some assistance from more NetGate staff
> > there: http://reddit.com/r/pfsense/
> >
> >> On Nov 23, 2017, at 10:08 AM, Elijah Savage 
> wrote:
> >>
> >> I know it is an older model but after my attempt to upgrade my APU4
> >> it would not reboot. I let it sit for 24 hours as it was still
> >> passing traffic but no reboot. Logged into the console from my laptop
> >> and rebooted it and nothing comes back. It doesn't give anything on
> >> the console and doesn't beep anymore when booting up, I believe it
> doesn't get to that point.
> >>
> >>
> >>
> >> Interesting enough I was able to get 2.4 loaded on an older dell
> >> optiplex
> >> 780 with 3 nics to replace it just fine.
> >>
> >>
> >>
> >> This is not intended to bash pfSense, I like it so much that I do
> >> contribute monetarily. This meant to be nothing more than a public
> >> service announcement for others with this platform. Maybe it was just
> >> time for mine to dye and it potentially has nothing to do with pfSense.
> >>
> >> ___
> >> pfSense mailing list
> >> https://lists.pfsense.org/mailman/listinfo/list
> >> Support the project with Gold! https://pfsense.org/gold
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-07 Thread Holger Bauer 
I found an older post to the list regarding the same issues with a
different version, however this solution worked for me on my testsystem
just fine:

Run from the console (ssh or local console) Option 8 to go to the shell.
Then enter the following commands:
pkg clean
pkg update
pkg upgrade
reboot

After that the system come up fine with the new release. I'll try that on
some production systems this evening.

Regards
Holger

2016-10-07 14:51 GMT+02:00 Pete Boyd :

> Same for me, failure first time on a full install:
>
> Fetching pfSense-kernel-pfSense-2.3.2_1.txz: . done
> pkg:
> https://pkg.pfsense.org/pfSense_v2_3_2_i386-core/All/
> pfSense-kernel-pfSense-2.3.2_1.txz:
> Operation timed out
> >>> Locking package pfSense-kernel-pfSense... done.
> Failed
>
>
>
>
> --
> Pete Boyd
>
> Open Plan IT - http://openplanit.co.uk
> The Golden Ear - http://thegoldenear.org
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-07 Thread Holger Bauer 
Hi,

I'm seeing the same issues on multiple systems. As far as I can tell most
of the systems are nanobsd versions. I have not seen that on a full install
yet (but most of my installations are nanobsd). Also it's not failing
always fetching the same file. Sometimes it's the kernel, sometimes it's
perl, ...

Are there any chances that there is something wrong with the
upgraderepository-servers of pkg.pfsense.org or that some kind of timeout
is too low for connecting to the updaterepository?

If you keep on retrying and retrying on the same system it will make it
through fetching all the files and the update will be successfull. However
you have to retry it 5-6 times or even more to succeed.

If I can provide any more details to nail down the issue let me know.

Regards
Holger


2016-10-07 4:03 GMT+02:00 FrancisM :

> Problem solve after I stop my Snort. Thank you
>
> On Friday, 7 October 2016, FrancisM  wrote:
>
> > Karl,
> > Im seeing the same error when im doing the update then after 4 retry to
> > update I could no longer download the update and seeing only this now
> >
> >
> > Number of packages to be upgraded: 4
> >
> > 25 MiB to be downloaded.
> > Fetching pfSense-base-2.3.2_1.txz: . done
> > pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/All/
> > pfSense-base-2.3.2_1.txz: Operation timed out
> > *>>> Locking package pfSense-kernel-pfSense... done.*
> > *Failed*
> >
> > On Friday, 7 October 2016, Karl Fife  > > wrote:
> >
> >> Update is failing over here.  Is there perhaps a file missing from a
> >> repo?  This is what I'm seeing when I update from the CLI:
> >>
> >> ...etc...
> >> Fetching php56-5.6.26.txz: .. done
> >> Fetching pfSense-rc-2.3.2_1.txz: . done
> >> Fetching pfSense-kernel-pfSense_wrap-2.3.2_1.txz: . done
> >> pkg: https://pkg.pfsense.org/pfSense_v2_3_2_i386-core/All/pfSense
> >> -kernel-pfSense_wrap-2.3.2_1.txz: Operation timed out
> >>
> >> Is anyone else seeing this?
> >>
> >>
> >> On 10/6/2016 2:29 PM, Jim Thompson wrote:
> >>
> >>> Details are here: https://blog.pfsense.org/?p=2122 <
> >>> https://blog.pfsense.org/?p=2122>
> >>> ___
> >>> pfSense mailing list
> >>> https://lists.pfsense.org/mailman/listinfo/list
> >>> Support the project with Gold! https://pfsense.org/gold
> >>>
> >>
> >> ___
> >> pfSense mailing list
> >> https://lists.pfsense.org/mailman/listinfo/list
> >> Support the project with Gold! https://pfsense.org/gold
> >>
> >
> >
> > --
> >
> > This email or attachments may contain confidential or legally privileged
> > information intended for the sole use of the addressee(s). Any use,
> > redistribution, disclosure, or reproduction of this message, except as
> > intended, is prohibited. If you received this email in error, please
> notify
> > the sender and reformat your hard drive to remove all copies of the
> > message, including any attachments; failure to do so may result in your
> > floppy drive being filled with jelly. Any views or opinions expressed in
> > this email (unless otherwise stated) may not represent those of the
> Vatican
> > City, George W Bush, or the Sisters of the Perpetual Motion. Cheers
> [image:
> > ]
> >
> >
>
> --
>
> This email or attachments may contain confidential or legally privileged
> information intended for the sole use of the addressee(s). Any use,
> redistribution, disclosure, or reproduction of this message, except as
> intended, is prohibited. If you received this email in error, please notify
> the sender and reformat your hard drive to remove all copies of the
> message, including any attachments; failure to do so may result in your
> floppy drive being filled with jelly. Any views or opinions expressed in
> this email (unless otherwise stated) may not represent those of the Vatican
> City, Barack Hussein Obama II, or the Sisters of the Perpetual Motion.
> Cheers [image: ]
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Difference between APU4 and APU1C4

2014-07-22 Thread Holger Bauer 
http://pcengines.ch/apucool.htm

Holger
Am 22.07.2014 23:31 schrieb Nickolai Leschov nlesc...@gmail.com:

 Yes, there is a transfer pad.

 What is this pad made of: some metal or is this a thermal shim, which is a
 sort of paste?

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] OpenVPN-Server restarts on heavy OpenVPN-Traffic

2014-07-07 Thread Holger Bauer 
I was able to upgrade to 2.1.4. Unfortunately it didn't fix the problem. I
think it even got worse. We have 8 WANs on that box. some PPPoE with static
IP (provider assigns IP which is always the same). Today I even got an
OpenVPN-Restart due to Gatewaymonitoring on one of the WANs wher not a
single OpenVPN-Instance is running on.

It helped a bit to switch the tunnels from UDP to TCP (at least now heavy
traffic of an OpenVPN tunnel can't kill the gatewaymonitoring pings
anymore).

Some logs regarding the disconnect today (SDSL_O2GW is not the Interface
where out OpenVPN-Server runs on, but it killed all OpenVPN-Sessions on the
other WAN - there was no openvpn-server restart but all users had to
reauthenticate and lost of errors in the openvpn-log; Btw, SDSL_O2 is even
an Interface with static IP):

Gatway-log:
Jul 7 13:04:56 apinger: ALARM: SDSL_O2GW(x.x.x.x) *** down ***  Jul 7
13:05:11 apinger: alarm canceled: SDSL_O2GW(x.x.x.x) *** down ***

System-log:
Jul 7 13:05:06 check_reload_status: updating dyndns SDSL_O2GW  Jul 7
13:05:06 check_reload_status: Restarting ipsec tunnels  Jul 7 13:05:06
check_reload_status:
Restarting OpenVPN tunnels/interfaces  Jul 7 13:05:06 check_reload_status:
Reloading filter  Jul 7 13:05:08 php: rc.openvpn: OpenVPN: One or more
OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that
may use SDSL_O2GW.
OpenVPN-Logs:
Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not permitted
(code=1)  Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER: Operation not
permitted (code=1)  Jul 7 13:05:09 openvpn[35346]: write TCPv4_SERVER:
Operation not permitted (code=1)  Jul 7 13:05:09 openvpn[35346]: write
TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09 openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09
openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09
openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09
openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09
openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09
openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)  Jul 7 13:05:09
openvpn[35346]:
write TCPv4_SERVER: Operation not permitted (code=1)
Anything to try next?

Regards
Holger


2014-07-02 11:10 GMT+02:00 Holger Bauer holger.ba...@gmail.com:

 Thank you for the suggestion Chris. This installation is indeed running
 2.1.3. Going to try that soon and will report back.

 Holger


 2014-07-01 22:10 GMT+02:00 Chris Buechler c...@pfsense.com:




 On Tue, Jul 1, 2014 at 1:37 AM, Holger Bauer holger.ba...@gmail.com
 wrote:

 Hi,

 I'm experiencing OpenVPN-server-restarts, when clients use one of our
 WAN-links heavily. This WAN is only used for open-vpnm-clients to tunnel
 in. However, it also acts as failover wan if our other wans go down. Now if
 a client for example starts downloading an ISO through the tunnel apinger
 will trigger an alert which then causes the open-vpn-server to be restarted
 which of course kicks off all users. After everybody has been kicked and
 the delay causing traffic is gone apinger puts the link back in service
 after a few seconds.

 This configuration worked for a long time without issues when using
 pfSense 2.0.3, however when upgrading to 2.1.x it all started.


 Guessing you must be on a pre-2.1.4 version, looks like it's detecting an
 IP change when none really occurred. Upgrade to 2.1.4 and that should fix
 it.




 Things I have tried so far without luck:
 - Playing around with Gatewaymonitoring-Options (raising delay, package
 loss, disabling gatewaymonitoring)
 - Tried to give priority to icmp on that wan (but I guess that only
 works for traffic going through the pfsense and not originating from the
 pfsense itself)

 Any recommendations what to try next? Or is this a bug that can be fixed?


 Some Systemlogs:

 Gatwaylog:
 Jun 30 15:20:59 apinger: ALARM: GW_OPT11(x.x.x.x) *** delay ***  Jun 30
 15:21:21 apinger: alarm canceled: GW_OPT11(x.x.x.x) *** delay ***
 Systemlog:
 Jun 30 15:21:09 check_reload_status: updating dyndns GW_OPT11  Jun 30
 15:21:09 check_reload_status: Restarting ipsec tunnels  Jun 30 15:21:09 
 check_reload_status:
 Restarting OpenVPN tunnels/interfaces  Jun 30 15:21:09 check_reload_status:
 Reloading filter  Jun 30 15:21:11 php: rc.openvpn: OpenVPN: One or more
 OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that
 may use GW_OPT11.








 Regards
 Holger

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] OpenVPN-Server restarts on heavy OpenVPN-Traffic

2014-07-02 Thread Holger Bauer 
Thank you for the suggestion Chris. This installation is indeed running
2.1.3. Going to try that soon and will report back.

Holger


2014-07-01 22:10 GMT+02:00 Chris Buechler c...@pfsense.com:




 On Tue, Jul 1, 2014 at 1:37 AM, Holger Bauer holger.ba...@gmail.com
 wrote:

 Hi,

 I'm experiencing OpenVPN-server-restarts, when clients use one of our
 WAN-links heavily. This WAN is only used for open-vpnm-clients to tunnel
 in. However, it also acts as failover wan if our other wans go down. Now if
 a client for example starts downloading an ISO through the tunnel apinger
 will trigger an alert which then causes the open-vpn-server to be restarted
 which of course kicks off all users. After everybody has been kicked and
 the delay causing traffic is gone apinger puts the link back in service
 after a few seconds.

 This configuration worked for a long time without issues when using
 pfSense 2.0.3, however when upgrading to 2.1.x it all started.


 Guessing you must be on a pre-2.1.4 version, looks like it's detecting an
 IP change when none really occurred. Upgrade to 2.1.4 and that should fix
 it.




 Things I have tried so far without luck:
 - Playing around with Gatewaymonitoring-Options (raising delay, package
 loss, disabling gatewaymonitoring)
 - Tried to give priority to icmp on that wan (but I guess that only works
 for traffic going through the pfsense and not originating from the pfsense
 itself)

 Any recommendations what to try next? Or is this a bug that can be fixed?


 Some Systemlogs:

 Gatwaylog:
 Jun 30 15:20:59 apinger: ALARM: GW_OPT11(x.x.x.x) *** delay ***  Jun 30
 15:21:21 apinger: alarm canceled: GW_OPT11(x.x.x.x) *** delay ***
 Systemlog:
 Jun 30 15:21:09 check_reload_status: updating dyndns GW_OPT11  Jun 30
 15:21:09 check_reload_status: Restarting ipsec tunnels  Jun 30 15:21:09 
 check_reload_status:
 Restarting OpenVPN tunnels/interfaces  Jun 30 15:21:09 check_reload_status:
 Reloading filter  Jun 30 15:21:11 php: rc.openvpn: OpenVPN: One or more
 OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that
 may use GW_OPT11.








 Regards
 Holger

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] OpenVPN-Server restarts on heavy OpenVPN-Traffic

2014-07-01 Thread Holger Bauer 
Hi,

I'm experiencing OpenVPN-server-restarts, when clients use one of our
WAN-links heavily. This WAN is only used for open-vpnm-clients to tunnel
in. However, it also acts as failover wan if our other wans go down. Now if
a client for example starts downloading an ISO through the tunnel apinger
will trigger an alert which then causes the open-vpn-server to be restarted
which of course kicks off all users. After everybody has been kicked and
the delay causing traffic is gone apinger puts the link back in service
after a few seconds.

This configuration worked for a long time without issues when using pfSense
2.0.3, however when upgrading to 2.1.x it all started.

Things I have tried so far without luck:
- Playing around with Gatewaymonitoring-Options (raising delay, package
loss, disabling gatewaymonitoring)
- Tried to give priority to icmp on that wan (but I guess that only works
for traffic going through the pfsense and not originating from the pfsense
itself)

Any recommendations what to try next? Or is this a bug that can be fixed?


Some Systemlogs:

Gatwaylog:
Jun 30 15:20:59 apinger: ALARM: GW_OPT11(x.x.x.x) *** delay ***  Jun 30
15:21:21 apinger: alarm canceled: GW_OPT11(x.x.x.x) *** delay ***
Systemlog:
Jun 30 15:21:09 check_reload_status: updating dyndns GW_OPT11  Jun 30
15:21:09 check_reload_status: Restarting ipsec tunnels  Jun 30
15:21:09 check_reload_status:
Restarting OpenVPN tunnels/interfaces  Jun 30 15:21:09 check_reload_status:
Reloading filter  Jun 30 15:21:11 php: rc.openvpn: OpenVPN: One or more
OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that
may use GW_OPT11.








Regards
Holger
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] ldap authentication against active directory fails with passwords containing the paragraph sign

2014-06-06 Thread Holger Bauer 
I haven't tested with this setting as it was not available in earlier
versiopns of pfSense but as a workaround you could setup AD-Access using a
Radius-Server. See
https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory
for further details. That worked fine for me using passwords that didn't
work using ldap.

Holger


2014-06-05 14:22 GMT+02:00 Jim Pingle li...@pingle.org:

 On 6/5/2014 8:02 AM, Freund, Ingo wrote:
  today a user complained about not being able to login to IPsec VPN on
 the pfSense via Shrew-Client 2.2.2 after he had changed his password.
 
  After some research and testing we have to report that passwords which
 contain the paragraph sign '§' are not validated the right way.
  The message on the DC is: Wrong username or password.
  After changing the paragraph sign into e.g. the dollar sign, everything
 works fine.
 
  Is this a bug?

 Did you check UTF8 Encode on the LDAP server settings?

 If not, then such non-standard characters may not have been sent in the
 proper format for the server to understand.

 Jim
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense openvpn Road Warrior

2014-03-19 Thread Holger Bauer 
Hi Mohan,

make sure you have appropriate rules under firewallrules, openvpn tab to
allow access. Also make sure your routing is working correctly. You might
need to push some routes to the clients, depending on how your network is
setup. You can do that on the openvpn-server settings at the very bottom
(advanced configuration), for example add the following there:

push route 192.168.1.0 255.255.255.0;push route 192.168.2.0
255.255.255.0

Regards
Holger


2014-03-19 10:24 GMT+01:00 A Mohan Rao mohanra...@gmail.com:

 Hello Team,

 Hello,
  i have configured openvpn road warrior also client is properly connected
  from outside internet network.
  but not able to access server end network and servers's.
  can anybody give any help where is do any wrong steps.

 Thanks

 Mohan

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Authentication with both username/password or voucher

2013-07-11 Thread Holger Bauer 
Just upload your custum Login-Page with all three options (username,
password, vouchercode) as Error-Page again (with an additional red line
Authentication failed, Please retry) and it should work. I have various
setups running this configuration.

Holger


2013/7/11 Andreas Meyer anme...@anup.de

 Hello!

 Is it possible to authenticate as user with password or voucher when the
 authenticationpage looks like this:

 username
 password
 vouchercode

 If authentication as user fails, I am redirected to
 captiveportal-error.html
 and it offers only authentication via voucher then.

   Andreas
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list