[pfSense Support] Could this MS Exchange problem have anything to do with pfsense?
Hello, We have been having a problem between Outlook and Exchange at the office and I know this is a pfSense support list but I wanted to check if there was any possible way pfSense could be causing any of the problems before I contact MS for a paid support call and have them blame pfSense. The problem seemed gradual so I can't say for sure or not but it was not too long after we upgraded a lot of 1.2.2 boxes to 1.2.3-RC3. The problem manifests itself as exchange keeping idle connections alive and then not allowing the client to connect because exchange has reached the maximum connections of 32. This KB describes the error received on Exchange: http://support.microsoft.com/kb/842022 and then this one is where I have found myself after determining that the connections are being held too long: http://support.microsoft.com/kb/948496/ Note it mentions Inactive Outlook connections to the Exchange server may not be cleaned up. as one of the symptoms. Now, I've done everything on those KB articles but I just wanted to ask the pfSense community if anyone has experienced this or if there was something I could do to rule out pfSense as a part of the issue. It is only happening at remote locations and not at the central office. Also, all of those locations are where a pfsense router is in place remotely. We still have some sites on linksys VPN systems and none of those sites have had the problem. Thanks for any suggestions!
Re: [pfSense Support] Could this MS Exchange problem have anything to do with pfsense?
If I remember correctly the 32 limit is for MAPI sessions per client. I have seen this happen when users install Xobni. Anything in the event logs? Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Thu, Feb 11, 2010 at 3:19 PM, Oliver Hansen oliver.han...@gmail.com wrote: Hello, We have been having a problem between Outlook and Exchange at the office and I know this is a pfSense support list but I wanted to check if there was any possible way pfSense could be causing any of the problems before I contact MS for a paid support call and have them blame pfSense. The problem seemed gradual so I can't say for sure or not but it was not too long after we upgraded a lot of 1.2.2 boxes to 1.2.3-RC3. The problem manifests itself as exchange keeping idle connections alive and then not allowing the client to connect because exchange has reached the maximum connections of 32. This KB describes the error received on Exchange: http://support.microsoft.com/kb/842022 and then this one is where I have found myself after determining that the connections are being held too long: http://support.microsoft.com/kb/948496/ Note it mentions Inactive Outlook connections to the Exchange server may not be cleaned up. as one of the symptoms. Now, I've done everything on those KB articles but I just wanted to ask the pfSense community if anyone has experienced this or if there was something I could do to rule out pfSense as a part of the issue. It is only happening at remote locations and not at the central office. Also, all of those locations are where a pfsense router is in place remotely. We still have some sites on linksys VPN systems and none of those sites have had the problem. Thanks for any suggestions! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] How to forward protocol 41
Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Could this MS Exchange problem have anything to do with pfsense?
On Thu, Feb 11, 2010 at 1:30 PM, Curtis LaMasters curtislamast...@gmail.com wrote: If I remember correctly the 32 limit is for MAPI sessions per client. I have seen this happen when users install Xobni. Anything in the event logs? Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com Yes, the first KB article mentions 3rd party apps but there are none on these computers that connect to exchange. I don't recall the client event logs specifically but I remember only seeing that they were unable to connect to Exchange. On Exchange the only event ID I see is 9696 which is what that KB is about. I turned on more logging and didn't see anything relevant. I don't want to spam the list with non-pfSense issues so if no one sees any reason this could be related to an IPsec VPN issue with pfSense then I'll just leave it at that and contact MS.
Re: [pfSense Support] How to forward protocol 41
Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. /jan Mikel Jimenez wrote: Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
:( Ok, I have the tunnel alive, but it is impossible access from outside no? So... no solution for access from outside? Thanks El 11/02/10 22:54, Jan Zorz escribió: Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. /jan Mikel Jimenez wrote: Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
- Jan Zorz j...@dir-slovenia.com wrote: Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. sarcasm If you're unhappy with pfSense, simply request a refund. /sarcasm Before you start throwing around complaints, you may wish to check the status of IPv6 development. Try here: http://redmine.pfsense.org/search/index/pfsense?q=ipv6 Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
Uohh!! There is an option in System/Advanced/ Nat encapsultaed IpV6 PAckets ( IP protocol 41) and thre put the Linux box ipv4 address. For example 10.10.0.5 and it works!! I ping from outside, the tunnel endpoint and my LAN clients El 11/02/10 22:54, Jan Zorz escribió: Mikel, You have two options: 1. configure your cron on linux box to ping6 some IPv6 address out there to keep tunnel up. 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. /jan Mikel Jimenez wrote: Hi! I have a Linux box, with a ipv6 tunnel with hurricane tunnel broker. The tunnel works fine and all the clients of my LAN surf ip6.google.com (I have configured radvd). The problem is that the connections from internet, stops at the pfsense. If I listen in the WAN interface I can look protocol IP 41 (ipv6ipv4). My question is, how can I forward prtocol 41 to my Linux box, who have the tunnel configured? I don´t see the option in NAT section, to forward ip protocol 41. I think taht waht I want is this (iptables): iptables -t nat -A PREROUTING -i wan -p 41 -j DNAT --to 192.168.1.100 (linux box) How can accomplise this in Pfsense? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
On 2/11/2010 4:54 PM, Jan Zorz wrote: 2. Bang the bell very hard to wake up PfSense developers, so they finally deploy IPv6 mechanisms at last. I liked PfSense a lot, but I moved to Mikrotik devices. They have IPv6 (and a lot of v6 mechanisms, like ospf-v3 and others) fully deployed. Many of us would gladly work on IPv6, but we have no IPv6 connectivity directly available. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] How to forward protocol 41
sarcasm If you're unhappy with pfSense, simply request a refund. /sarcasm I disagree with the assumption of this statement: that you have to pay for something to have a valid criticism of it. I'd argue that it is the role of the user to advocate for desired features, regardless of what price was paid for the software. The fact that IPv6 support doesn't seem to be finished yet is an issue that gains significance every day. While it could probably have been phrased in more polite way, and possibly with more research behind it, I do understand the sentiment, though. I too would like to see more resources go towards completing IPv6 support in PFSense. I am relieved to see and hear that efforts are being made to address real IPv6 support, but the day when it is done cannot come soon enough. I have native IPv6 transport today to all of my facilities. The time of 'IPv6 is coming' has passed; we have moved into 'IPv6 to the last mile provider and consumer is coming', and with Comcast starting last mile IPv6 betas, it's looking like we're talking about sooner, rather than later. Best Regards, Nathan Eisenberg
Re: [pfSense Support] How to forward protocol 41
IPv6 is likely to be the first thing added after 2.0, and there won't be much added for the 2.1 release. To date It's just not in enough demand to justify the effort vs. other things we've been working on. For those of you it's important to, the great thing about open source is you can do it yourself - anyone can create a clone at rcs.pfsense.org and do the work. Code speaks louder than anything. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
On Thu, Feb 11, 2010 at 8:37 PM, Nathan Eisenberg nat...@atlasnetworks.us wrote: I'd argue that it is the role of the user to advocate for desired features, regardless of what price was paid for the software. The fact that IPv6 support doesn't seem to be finished yet is an issue that gains significance every day. While it could probably have been phrased in more polite way, and possibly with more research behind it, With these requirements a majority of the open source projects would never have releases. Almost everyone that contributes to the project are volunteers. There is no way we can dictate how a volunteer spends their time. This goes for pfSense and a lot of open source projects. Heck even a recent study showed that a majority of Linux kernrel commits are now sponsored in some fashion by companies. I am not arguing that open source is commercialized I am trying to emphasize that it is a scratch your itch type of deal. Either you get paid for XYZ company to do their work or you are scratching an itch somewhere that you feel the need. There are very few people that just come along and say your user base demands are my priority. Most of the cutting edge features in pfSense have come from a developer scratching an itch or a commercial support customer sponsoring the development time. I do understand the sentiment, though. I too would like to see more resources go towards completing IPv6 support in PFSense. I am relieved to see and hear that efforts are being made to address real IPv6 support, but the day when it is done cannot come soon enough. See above. I have native IPv6 transport today to all of my facilities. The time of 'IPv6 is coming' has passed; we have moved into 'IPv6 to the last mile provider and consumer is coming', and with Comcast starting last mile IPv6 betas, it's looking like we're talking about sooner, rather than later. That's pretty cutting edge in terms of American internet and you are lightyears ahead of us. Last I heard Youtube just came online and a huge spike of traffic was seen on the IPV6 backbone in America. That goes to show how little IPV6 is used overall in the USA still. It's unfortunate but it's the truth in the USA. I would love to have native IPV6 connectivity from my local carrier and I applaud comcast for taking that important first step in terms of cable modem subscribers. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 32-bit counter limitation
What would it take to get counters on the interface page to not roll over at 4GB? Is that something that will just happen when PFS moves to a 64-bit platform? If so, is that a change that will happen with 2.0? What is the best solution in the interim? I'm looking at the darkstat package and guessing that would give me cumulative link stats and more. Would it run without unreasonable strain on a lightly loaded net5501? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to forward protocol 41
I'll just toss in a reason why I would like to see IPV6. I've got a network with about 24 subnets,,, a combination of physical and vlans. We have been rolling out Windows 7, and slowly been upgrading our servers to 2008 R2. My tech team is very small and we support a large number of clients in the K-12 sector. The advent of Microsoft's new PNRP protocol which is more or less an IPV6 P2P protocol is super slick. We have been playing with setting up our own private PNRP cloud but we discovered that it won't traverse our pfsense box. Now that being said, there are other ways to accomplish the same thing (send remote assistance via email, drop file on a file server so we can reach out and grab it), but this easy to use help desk tool, when its configured end to end, has a huge amount of value. The other option is doing some sort of 6to4 tunneling but I haven't figured out how to do that yet, but either way I just want to keep this traffic on the inside of the firewall in the first place. But I am incredibly grateful to the developers, you have a product second to none in the open source world in my opinion. If this manifests itself (IPV6), then great. If not, you can still count on my kind words. :) Take care, Tim P.S. Please no MS bashing here,,, I know that PNRP is about as safe as UPnP, but any good tech knows how to put in mitigating factors. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 32-bit counter limitation
Op 12-2-2010 6:47, David Burgess schreef: What would it take to get counters on the interface page to not roll over at 4GB? Is that something that will just happen when PFS moves to a 64-bit platform? If so, is that a change that will happen with 2.0? We use 64 bit counters in 2.0 for the interfaces page. What is the best solution in the interim? I'm looking at the darkstat package and guessing that would give me cumulative link stats and more. Would it run without unreasonable strain on a lightly loaded net5501? Do the RRD graphs not provide you with this information? Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org