Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Jeremy Bennett 
I can only second what everyone else has said...

If cheap is 'best', grab any old box and throw some NICs in it. Downsides
of this approach are power consumption and the associated 'mostly works'
weirdness of used hardware.

I've found a 4 port j1900 board in a case with rack mount brackets that I
put an MSATA SSD and 4 GB of memory in. It lives in my 7U office/lab rack
and may be the best PFsense box I've ever built. It has a VGA and USB port
on the front if I ever need to get at it that way, and while I am unsure of
the power consumption, at $250ish, I'm very happy with it (I recently
installed the NUT package and now the PFsense box is even talking to my
UPS–thanks to this list!).

When it comes to work (or if I weren't inclined to assemble the system
mentioned above), I always specify products from netgate or pfsense,
because they 'just work' and the support is awesome.

On Wed, Aug 3, 2016 at 6:13 AM, Karl Fife  wrote:

> Honestly that j1900 looks like a really great choice.
>
> I think the right questions would be whether you can tolerate the VGA
> console, whether it will cost more in terms of power consumption, whether
> you need the AES-NI instructions.  I was going to mention ECC ram, but the
> netgate box appears to be Non-ECC :-(
>
> Given the role and quantity of RAM, ECC would be a sensible choice IMO.
>
>
> On 8/3/2016 11:00 AM, Ryan Coleman wrote:
>
>> And there are many people on the list here who have vouched for the J1900
>> box mentioned earlier.
>>
>> I am pretty sure we’ve vetted it; I know I have and I am going to start
>> deploying it at customer sites over NetGate hardware.
>>
>>
>> On Aug 3, 2016, at 10:58 AM, Karl Fife  wrote:
>>>
>>> +1
>>>
>>> You can buy the 'blessed' hardware alone (e.g. CentOS) from netgate for
>>> $300 (2-port) and $350 (4-port).   Cheaper than if you buy a preconfigured
>>> pfSense appliance with support.  Seems like REALLY inexpensive insurance to
>>> be using vetted hardware that others are also using.  In general, I
>>> consider cheap networking gear to be a false economy.
>>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

2016-06-07 Thread Jeremy Bennett 
David,

I am by no means an expert, but am piping up to speak to the quality of the
documentation.

Just follow the OpenVPN site to site docs, and you should be good.

The tricky bit for me was realizing that the OpenVPN tunnels rely on their
own IP space, independent of whatever your regular network addressing
scheme is. In your case, if site A is 10.0.0.X and site B is 10.1.0.X, in
the setup of the OpenVPN server, your IPV4 tunnel network will be a
completely different address space–192.168.1.X/30 or something...

When I setup a site to site IPSEC, it didn't require that, so that is what
tripped me up. pfSense (or openVPN) uses that separate subnet for all
traffic between those 2 sites.

When you setup the tunnel for Site A to C, you'll use another subnet
(192.168.2.X/30).

Once I wrapped my head around that, everything went pretty smoothly.

(On another project, I had a unit that I'd purchased from the pfSense
store, and got to work with their support to get me over the final hump, so
if you do have a supported product, don't hesitate to give them a shout...
they were awesome).

Aloha,
Jeremy

On Tue, Jun 7, 2016 at 9:03 AM, David White  wrote:

> I have a question about setting up persistent OpenVPN connections between a
> corporate office and several branch offices.
>
> I know that this can be done, but I've never actually done it. Are there
> some good resources I can review, besides
> https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site? For branch
> offices,
> I do NOT want to route public internet traffic through the VPN at
> Corporate. Instead, their internet needs to just use their local ISP
> connection (so I do not want this:
>
> https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
> ).
>
>- We'll have pfSense running both in Corporate as well as in each branch
>office
>- We want branch office internet traffic to use local ISP, but for
>traffic hitting the 10.0.0.0/8 network to route through the VPN (I plan
>on giving each office it's own /16 network
>   - i.e. managed network for the network equipment will get
> 10.1.0.0/16,
>   Corp will get 10.2.0.0/16 and branch office 1 will get 10.3.0.0/16,
>   and so on.
>
>
> Any pointers would be great.
>
> Thanks,
> David
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

2015-03-17 Thread Jeremy Bennett 
Resolution:

Never did figure out what I was doing wrong, and another client needed a
new pfsense box, so I just ended up buying the USB to serial adapter and
gender changer from Netgate.

Was affordable, isn't the prolific chipset, and it totally works.

Big thanks to everyone!

Mahalo,
Jeremy

On Fri, Feb 27, 2015 at 12:24 PM, Sean m...@thegeekclub.net wrote:

 Although... you reminded me of a good story.  Once upon a time I worked
 for this startup company trying to develop a device that was programmed
 over serial.
 Some argument between owner and guy who did original dev work left us with
 a device and a crappy 16 bit dos executable to reverse engineer.
 Called a genius friend of mine and we actually rigged up a serial cable
 with two heads and many twisted wires and electrical tape that allowed us
 to sniff the data traversing it.
 So we figured out the entire command set of the device and were able to
 write a better app...

 On Fri, Feb 27, 2015 at 4:18 PM, Sean m...@thegeekclub.net wrote:

 LOL.  This guy gets it.
 When I get in trouble there's an almost retired telephony tech in my
 office who speaks this arcane serial language.
 I send him mfg pinouts and they'll make me a custom cable in a pinch.  To
 me it's all just voodoo.

 On Fri, Feb 27, 2015 at 2:16 PM, Jim Thompson j...@netgate.com wrote:

 Let me know when you want to hear the story of a paper tape reader, a
 pick and place machine, and speed select (pin 23 on a DB-25 wired for EIA
 RS-232-C)

 On Feb 27, 2015, at 1:55 PM, Sean m...@thegeekclub.net wrote:

 You also need a real NULL modem cable.  Actually there's probably
 nothing wrong with your USB to Serial.
 The blue Cisco cables are rollover cables.  They are not NULL modem
 cables.  Welcome to serial cable pinout hell.  ;-)
 Some of us have been here a long time.  I'm no expert but i've got 3
 different serial cables and converters in my toolbag having learned the
 hard way the variety of devices and requirements.

 On Wed, Feb 25, 2015 at 2:30 PM, Jeremy Bennett 
 jbenn...@hikitechnology.com wrote:

 Thank you all for the suggestions. I put my own alix router in place
 for my client, and now that I have a little time, will go ahead and
 purchase a non-prolific USB to serial adapter, and the associated
 accessories.

 I have gotten into the habit of buying prebuilt Alix systems, and that
 has spoiled me.

 On Wed, Feb 25, 2015 at 10:12 AM, Volker Kuhlmann 
 hid...@paradise.net.nz wrote:

 On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote:

  http://www.amazon.com/gp/product/B00AHYJWWG

 Yes useful for many occasions.
 However as a first step having a two bucks gender bender and trying
 with
 and without will put the straight/null issue to rest. You'll still need
 if if the flashing gadget indicates as such. Smaller/cheaper than
 having
 two different cables too.

  FTDI chip, too.

 Or what the Chinese make of that ;-)

 Volker

 --
 Volker Kuhlmann is list0570 with the domain in header.
 http://volker.top.geek.nz/  Please do not CC list postings to me.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold



 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold


 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold



 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold




 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Console is in cyrillic

2015-03-17 Thread Jeremy Bennett 
Here is what I'm seeing:

http://imgur.com/bh3hBwt

I reloaded a new 2.2.1 image and I get the same thing. If I put a 4 gb card
with a new 2.2 image in it it works fine. If I put a different 4 GB card
with an older 2.0.3 version it works fine.

Is there an issue with the 2g image?

On Tue, Mar 17, 2015 at 11:49 AM, Jim Thompson j...@netgate.com wrote:

 Unless you've changed it, the baud rate on an Alix is 38400
 https://doc.pfsense.org/index.php/Console_Types

 Jim

 On Mar 17, 2015, at 4:45 PM, Jeremy Bennett jbenn...@hikitechnology.com
 wrote:

 So I recently resolved my serial port issue and was able to start reviving
 this Alix box.

 Made sure that the firmware was .99h

 Wrote the new pfsense 2.2 2 GB image to a CF card.

 Slotted it into the Alix - terminal set to 115200 Baud rate, data was 8
 bit, parity is none and stop is 1 bit - all per the documentation.

 (for reference I'd just done this on another unit and everything worked
 great)

 On this particular unit, the console text appears to be in a cyrillic or
 greek typeface... is that a problem?

 I can login to the normal GUI and all appears fine.

 Any ideas on why the console is looking this way? Will this be an issue
 down the road, or should I just leave well enough alone?

 Mahalo,
 Jeremy
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold



 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Console is in cyrillic

2015-03-17 Thread Jeremy Bennett 
Haven't changed it... This is a netgate branded Alix that came complete
from the factory.

The 2.2 update bricked it. I rewrote the latest 2.2 image to its 2 gb flash
card.

Tried 38400 but that spits out true gibberish.

The greek/cyrillic that I get at 115200 shows me the actual proper menu...
it is just in a funny font.

On Tue, Mar 17, 2015 at 11:49 AM, Jim Thompson j...@netgate.com wrote:

 Unless you've changed it, the baud rate on an Alix is 38400
 https://doc.pfsense.org/index.php/Console_Types

 Jim

 On Mar 17, 2015, at 4:45 PM, Jeremy Bennett jbenn...@hikitechnology.com
 wrote:

 So I recently resolved my serial port issue and was able to start reviving
 this Alix box.

 Made sure that the firmware was .99h

 Wrote the new pfsense 2.2 2 GB image to a CF card.

 Slotted it into the Alix - terminal set to 115200 Baud rate, data was 8
 bit, parity is none and stop is 1 bit - all per the documentation.

 (for reference I'd just done this on another unit and everything worked
 great)

 On this particular unit, the console text appears to be in a cyrillic or
 greek typeface... is that a problem?

 I can login to the normal GUI and all appears fine.

 Any ideas on why the console is looking this way? Will this be an issue
 down the road, or should I just leave well enough alone?

 Mahalo,
 Jeremy
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold



 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

2015-02-25 Thread Jeremy Bennett 
I'm using a cable that came with a Cisco router, I googled the part number
and I'm pretty sure it came back with a Null modem cable.

The strangest thing is that I'm pretty sure I had this working at one
point. I'll post back when I find the solution.

On Mon, Feb 23, 2015 at 6:24 PM, Oliver Hansen oliver.han...@gmail.com
wrote:

 Walter mentioned it. And that's the same problem I've had before.
 On Feb 23, 2015 8:15 PM, Ryan Coleman ryan.cole...@cwis.biz wrote:

 No one has mentioned that you haven't stated if you had a Null Modem
 cable.

 Do you have a Null Modem cable or a simple Pass-through one?

  On Feb 23, 2015, at 7:08 PM, Jeremy Bennett 
 jbenn...@hikitechnology.com wrote:
 
  I'm trying to get a couple of bricked Alix boards back.
 
  I've got a USB to serial adapter (which has worked in the past), a
 Windows 7 computer and Teraterm, but whenever I connect everything up I
 just get the cursor blinking at me.
 
  Set the port to 9600, N, 1 as instructions indicate (usb to serial
 usually is showing up on COM7).
 
  I've replaced the serial cable with a new one.
 
  I've replaced the USB to serial adapter with a new one (both are
 prolific 2303s)
 
  I've tried w/ a WIndows 8 machine as well, but the results are the
 same... blinking cursor.
 
  I connected the same stuff to a known good Alix box, and I got the same
 result, so I know it isn't the Alixes.
 
  What else can I try?
 
  Mahalo,
  Jeremy
  ___
  pfSense mailing list
  https://lists.pfsense.org/mailman/listinfo/list
  Support the project with Gold! https://pfsense.org/gold

 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold


 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] serial port sadness

2015-02-23 Thread Jeremy Bennett 
I'm trying to get a couple of bricked Alix boards back.

I've got a USB to serial adapter (which has worked in the past), a Windows
7 computer and Teraterm, but whenever I connect everything up I just get
the cursor blinking at me.

Set the port to 9600, N, 1 as instructions indicate (usb to serial usually
is showing up on COM7).

I've replaced the serial cable with a new one.

I've replaced the USB to serial adapter with a new one (both are prolific
2303s)

I've tried w/ a WIndows 8 machine as well, but the results are the same...
blinking cursor.

I connected the same stuff to a known good Alix box, and I got the same
result, so I know it isn't the Alixes.

What else can I try?

Mahalo,
Jeremy
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Firewall Hardware/Setup for Datacenter...

2015-02-05 Thread Jeremy Bennett 
Jason is correct. Those Supermicro boxes are awesome. Be careful when
ordering though... they want ECC memory.

The APUs from Netgate are nice too-the year of bundled support has already
saved my bacon a number of times. Well worth the cost.

On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt jason.wh...@gmail.com wrote:

 Ive ran as vm's using vmxnet3's as well as physical on these
 http://m.newegg.com/Product/index?itemnumber=16-101-837

 Both are viable options.

 Jason

 Sent from my iPhone

 On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote:

 I've used pfSense in a VM on my ESXi application server. This is mostly to
 firewall the Windows VMs from the Internet.

 If you want fail-over, I'd suggest getting one of the new Netgate (
 http://store.netgate.com/NetgateAPU2.aspx or
 http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense (
 https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an
 SSD. Then you can run a full install that supports package installs with a
 power budget of ~10-15 Watts for the APU units. Then you have a choice of
 getting a second HW unit for an additional $400 to $1000, or setting up
 pfSense in a VM (not on a separate VMware server, on an existing VM server).

 The higher end HW systems on those pages are 8 core Atom systems built for
 run pfSense (of course, the power requirements will be in the 100W range).
 With an SSD, these systems should last for a long time with no issues.

 How much firewall horsepower do you need? What are your constrains (time,
 money, space)?

 P.S. You can run packages on embedded in 2.2, you just want to be careful
 not to run packages that would trash the SD card with too many writes.


 Walter

 On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com
 wrote:

  Have been using pfSense for years at our datacenter, very happy with it
 running on old dedicate hardware with failover. The hardware is overdue to
 be retired and I'm wondering what people are doing/recommending for a
 datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc... so
 need to keep out option open for the ability to run packages... behind it
 we are running multiple servers and vCenter/ESXI servers.



 What's the go-to setup for a datacenter these days?



 Do we stick with two dedicated boxes?
 Since we pay for power, nice to have lower power... So do we go as low as
 using embedded hardware? It used to not be recommended for packages... still
 the case I assume?

 So I'm leaning towards some of the newer SuperMicro Atom boxes (quad
 core, or 8 core!!??! etc...).



 But then I see so many people running pfSense in VMWare and I wonder if
 we should consider this. Then I think about the hardware needs and VMWare
 Licensing (would like to avoid)... and what else can I run on the hardware
 along side without hurting pfSense from running properly, etc...



 If pfSense is setup to failover, that means the hardware can be cheap
 No RAID needed.

 If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages...
 can I run it off of USB stick then or do I still need HDD/SSD?



 If setting up new hardware so can run pfSense as Virtual Machines... I
 would need two VM Hosts running pfSense as VM's so would have the
 failover... What should we consider for the hardware in this case... should I
 go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I
 really need RAID? But I assume I would need something reliable if I'm going
 to run other non-pfsense VMs on the same hardware... so I would need RAID
 w/HDD/SSD and it would need to be larger... what are other people running in
 datacenter setups along side the pfSense? I don't want to put it onto our
 existing vCenter infrastructure, licensing/costs and isolation needed. Do I
 setup one hardware as basic, no RAID running ESXI and pfSense, and the
 other more robust setup (RAID, more memory).



 I'm really interested in what people are using in production
 environments/datacenters.



 Regards,

 Chuck




 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold




 --
 The greatest dangers to liberty lurk in insidious encroachment by men of
 zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis

 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold


 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Wifi/WAN issues

2014-03-06 Thread Jeremy Bennett 
Hello,

I recently purchased and installed a *DCMA-82 IT miniPCI
http://store.netgate.com/DCMA-82-Industrial-Temp-80211abg-High-Power-mPCI-Card-FCC-P1073C26.aspx
(*Atheros
Chipset) wireless card for my Alix 2D3.

I was running an older 1.2 era version of PFsense, but decided that I may
as well upgrade to the latest 2.1 build.

Doing so prompted me to upgrade the BIOS of the Alix from .99 to .99h.

All of that worked smoothly and I can boot and run pfSense.

The system sees the wireless card and can see wireless networks. I'm trying
to setup my a wireless connection as the WAN, so in interfaces I've
selected the wireless card (ath0) as the WAN.

In configuring the WAN interface, I set the card to infrastructure mode
(BSS) and fill in the network I'm trying to join's name
(wireless_network).

There is no encryption running on the wireless network, so I haven't
changed any of that.

For whatever reason the WAN network will never come up.

If I go to status  interfaces, I see that the status says no carrier

I setup an open network off of my cell phone and submitted the SSID of my
phone's network and I get the same status : no carrier result.

What am I doing wrong?

As always, all help is very much appreciated,
Jeremy
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Wifi/WAN issues

2014-03-06 Thread Jeremy Bennett 
I spoke to the good folks at Netgate, and they assured me that the card was
indeed compatible with 2.1. From what I've seen, they've always been very
responsible with the products they sell and they were very helpful when I
raised the issue with them.

So, that said, any other ideas?
On Mar 6, 2014 6:39 AM, Moshe Katz mo...@ymkatz.net wrote:

 On Thu, Mar 6, 2014 at 8:36 AM, Jim Thompson j...@netgate.com wrote:


 You're running a more modern card than supported in pfSense 2.1, which is
 based on FreeBSD 8.3.

 Perhaps 2.2 will fix the issue.

 Jim


 Jim,

 The product page on the Netgate site that Jeremy 
 linkedhttp://store.netgate.com/DCMA-82-Industrial-Temp-80211abg-High-Power-mPCI-Card-FCC-P1073C26.aspxto
  does say Compatible with pfSense.  If that's not correct as of right
 now, shouldn't it be removed, or at least qualified with a version number?

 Moshe

 --
 Moshe Katz
 -- mo...@ymkatz.net
 -- +1(301)867-3732

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Netgate's customized pfSense release

2014-02-13 Thread Jeremy Bennett 
 My knee jerk reaction is that this is A Bad Thing(tm), and I reloaded the 
 devices with images from ESF. Does anyone here have a strong opinion one way 
 or the other?

In principle, perhaps, in practice probably not.

I've been using pfSense for awhile now, and buying hardware from Netgate for 
about as long.

I realize that letting someone else load the software is a potentially huge 
security hole (I certainly don't reimage all of the PCs I buy from major 
manufacturers).

The impression I get is that Netgate wants to succeed as a business and pfSense 
wants to succeed as well, so while possible, it is unlikely that anything fishy 
is going on.

If anyone is up to no good, someone else can uncover the conspiracy–I have 
neither the time nor ability. Ultimately I started buying the Alix hardware 
with the preloaded images to save time. The other benefit is that someone else 
assembles the box, and tests overall function before it leaves the factory. I 
don't have to discover failed equipment at the last minute.

The one practical thing that I have found is that the Netgate skin does make it 
harder to configure VPN tunnels… something to do with the way the skin was 
built. Switching to the pfSense default resolves the issue. This may have been 
fixed already.

At the end of the day, I like Netgate as a vendor and spend money with them 
when I can. I trust them as much as anyone can trust a business, and will 
continue to buy their pre-imaged PF boxes. I have no affiliation with Netgate 
or the pfSense organization beyond being a happy customer.

Jeremy


On Feb 13, 2014, at 8:24 AM, Jim Pingle wrote:

 On 2/13/2014 11:54 AM, Andrew Hull wrote:
 Having purchased several pfSense devices assembled by Netgate (m1n1wall
 and FW-7541), I've noticed that the pfSense pre-install image was
 customized with Netgate branding and the firmware auto-update mechanism
 was set to a Netgate URL.
 
 Has this been discussed on the list before?
 
 I believe it's been discussed before.
 
 My knee jerk reaction is that this is A Bad Thing(tm), and I reloaded
 the devices with images from ESF. Does anyone here have a strong opinion
 one way or the other?
 
 It's actually a really good thing in this case. We build the images for
 them, and they are tailored to work well on their hardware. It's best to
 use the images for the specific model of hardware to ensure you get the
 best performance/experience. Part of this is the pfSense Certified
 program, and currently Netgate is the only hardware supplier with any
 devices that can state that qualification.
 
 Some other companies build their own images and such but don't give back
 to the project (or do so minimally, if at all) so there are some to
 watch out for. Netgate supports ESF/pfSense significantly, so if you
 want to support the project, support them.
 
 Jim
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] SOHO Router for VPN to pfSense

2013-05-01 Thread Jeremy Bennett 
I can’t speak to the advanced routing and traffic shaping stuff, but Alix + 
PFsense have been great for me. IPSec VPNs between multiple locations have been 
very reliable.

On Apr 30, 2013, at 9:23 PM, Seth Mos wrote:

 On 29-4-2013 16:01, j...@millican.us wrote:
 On 4/29/2013 9:35 AM, j...@millican.us wrote:
 Hello,
 
 Thank You,
 JohnM
 Forgot to add that I have been looking at the Buffalo WZR-300HP. Any
 opinions?
 
 We almost exclusively use Draytek Vigor routers with IPsec tunnels and
 pfSense. We use Dell PowerEdge R310 servers as the endpoint.
 
 We have about 300 tunnels, we always had the Draytek Vigor 2800VGI
 model, but are now moving forward with the Draytek Vigor 2850 model, it
 is a ADSL/VSDL combo modem, supports 3G/4G via USB stick (We use the
 Huawei E392) and also Ethernet WAN using port 4 of the gigabit LAN ports.
 
 It's a very versatile model.
 
 Regards,
 
 Seth
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Problem with IPsec VPN

2012-01-09 Thread Jeremy Bennett 
Brian,

You hit the nail on the head. 

PFS key group at site one was set to ‘Off’.

Needed to be ‘2’

Thank you everyone.

Mahalo,
Jeremy

On Jan 8, 2012, at 4:15 PM, Marc R. Meshurle Jr. wrote:

 PFS 2.0 has a new location for phase 2 setups. Make sure that you click the + 
 sign and setup the phase 2 and make sure the check box is enabled. 
 
 Marc R. Meshurle, Jr.
 Owner/Senior Engineer
 Kato Technology Solutions, Inc.
 
 
 -Original Message-
 From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] 
 On Behalf Of Brian Franklin
 Sent: Sunday, January 08, 2012 00:03
 To: pfSense support and discussion
 Subject: Re: [pfSense] Problem with IPsec VPN
 
 pfs group mismatched: my:2 peer:0
 
 Check your PFS key group settings in Phase 2.  Make sure they match on both 
 sides.
 
 Brian
 www.ntginc.net
 
 -Original Message-
 From: list-boun...@lists.pfsense.org
 [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeremy Bennett
 Sent: Saturday, January 07, 2012 2:57 AM
 To: list@lists.pfsense.org
 Subject: [pfSense] Problem with IPsec VPN
 
 I have a site to site IPsec VPN setup. This is probably the 3rd or 4th set of 
 these that I've done, and all the other setups seem to work fine-I've 
 double-checked the setup, and if it is a config error, I am overlooking it.
 
 PFSense 2.0 final on Alix hardware.
 
 Site 2 always reports that the ipsec is down. I can restart it from services, 
 and it works for a few hours, but ultimately shuts down.
 
 This is the error:
 
 Jan 5 15:02:21racoon: [Site1]: [00.000.00.00 site1 address] ERROR: no
 proposal chosen [Check Phase 2 settings, algorithm].
 Jan 5 15:02:21racoon: [Site1]: [00.000.00.00 site1 address] ERROR:
 failed to pre-process ph2 packet [Check Phase 2 settings, networks]
 (side: 1, status: 1).
 Jan 5 15:46:24racoon: [Site1]: INFO: respond new phase 2 negotiation:
 00.000.00.00 site2 address[500]=00.000.00.00 site1 address[500]
 Jan 5 15:46:24racoon: ERROR: pfs group mismatched: my:2 peer:0
 Jan 5 15:46:24racoon: ERROR: not matched
 Jan 5 15:46:24racoon: ERROR: no suitable policy found.
 
 This error repeats continuously in the log of site 2.
 
 How do I start troubleshooting this?
 
 Thank you,
 Jeremy
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list