Re: [pfSense] 2.4.3 - cannot define table bogonsv6

On 04/19/2018 04:54 AM, Eero Volotinen wrote: > fix is in reddit thread .. > > Someone should fix this on pfsense default config.. It has been fixed for over two weeks in the repo: https://redmine.pfsense.org/issues/8417 There have been numerous threads about it on the forum, reddit, and

Re: [pfSense] Maximum CARP Addresses?

On 02/16/2018 10:09 AM, ad^2 wrote: > Ok I understand. What are the limitations here? How many aliases can be > stacked on one CARP VIP? > > Is anyone out there running +255 VIPs? My implementation will required at > least 500 floating IPs right away. While there is no known practical limit, if

Re: [pfSense] FRR and IPv6 Bug

On 12/17/2017 12:54 PM, Daniel wrote: > it seems i found a bug when using FRR with IPv6. > > I enabed and configured a IPv6 BGP Peer but it seems that the GUI make a > wrong IPv6 BGP peering config. > > In s hip bgp sum I can see that IPv6 peers are configured but in sh ipv6 bgp > sum (this it

Re: [pfSense] Floating rule with multiple interfaces not generated with reply-to

On 12/5/2017 5:34 AM, Shamim Shahriar wrote: > Now, if I select multiple interfaces, since there is no reply-to on the > rule, I am unable to communicate with the pfsense box from outside. Which > makes me wonder, am I misunderstanding the purpose/functionality of > floating rules entirely? I know

Re: [pfSense] quagga/bgp

On 11/17/2017 08:29 AM, Daniel wrote: > I don’t want to use openBGPd and I also don’t want to use FRR because I am > completely new in FRR. If you know quagga, you know FRR. FRR is a fork of quagga and they work nearly the same. Most people probably won't know the difference, except that FRR

Re: [pfSense] may a bug / v2.4.x problems with more than 6 NIC's Intel pro1000 / emX

On 11/05/2017 03:35 PM, WolfSec-Support wrote: > remark: > as written v2.3.4 works well WITHOUT tuned anything > > so seems to have an dependency with freebsd 11.1 kernel ? That doesn't mean much, the newer base/drivers could be enabling features on the NICs that require more resources. It's not

Re: [pfSense] may a bug / v2.4.x problems with more than 6 NIC's Intel pro1000 / emX

On 11/5/2017 12:09 PM, WolfSec-Support wrote: > if a host has more than 6x emX then the NICs are initialed, but only em0 > can see traffic from switch. > em1 and higher see not any traffic from network / see only their self > generated traffic. Sounds like it's running out of mbufs and doesn't

Re: [pfSense] HAProxy edits not saving

On 9/18/2017 2:44 AM, maina maish wrote: > Am editing /var/etc/haproxy/haproxy.cfg but looks like changes are getting > cleared if someone uses Services/HAProxy/Frontends and applies changes > using WebGui. > > Is there way to make sure changes made through command line do not get > cleared? The

Re: [pfSense] Factory Default / Cleanup(script) of binaries + config backups + etc

On 08/07/2017 08:09 AM, WolfSec-Support wrote: > Well, Jim, you are completely right - and as paranoid as I am normally :) > > Here it is for INTERNAL use only - simply colleagues etc should not see > all old data Which is my point. Without a wipe+reload, inevitably _something_ is going to get

Re: [pfSense] Factory Default / Cleanup(script) of binaries + config backups + etc

On 8/7/2017 2:20 AM, WolfSec-Support wrote: > Goal is to put devices on stock for replacements in a nearly clean state > for internal usage and shipping to other sites A wipe+reload is the only proper way to accomplish this acceptably. No matter how careful you are, something will most likely be

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

On 8/6/2017 9:47 PM, Walter Parker wrote: > How do I get the Acme package to let me update the sample.com > zone, to add the host for > _acme-challenge.fw.sample.com ? I > think I missed a step. This is for a firewall that I don't want to

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

On 8/6/2017 8:03 PM, Walter Parker wrote: > I think I'm missing something simple with my Acme Client setup in pfsense. > I followed the following steps and I'm get a TSIG error (note NSUPDATE > worked when run by hand). > > >- dnssec-keygen -a HMAC-MD5 -b 512 -n HOST fw.sample.com >-

Re: [pfSense] uncomplete update to 2.3.4, no route to host

On 05/12/2017 12:47 PM, Steve Yates wrote: >They're missing the DNS record for pkg.pfsense.org. Per the SOA >ad...@netgate.com is the contact; I've bcc'd this there. pkg does not use A/ records, it uses SRV records, which are present and work fine: $ host -t srv

Re: [pfSense] IPv6 (CARP and DHCPv6 failover)

On 03/22/2017 02:16 PM, hamid ashraf wrote: > I have 2 pfsense FW 2.3.3 p1 version, one is Master and Second is Backup. > CARP configured between both firewalls for IPv4 and all the configurations > are successfully syncing. When I configured the DHCPv6 on master firewall, > that configuration

Re: [pfSense] pfsense upgrade problems?

On 2/22/2017 1:23 PM, Eero Volotinen wrote: > The process will require 14 MiB more space. > > 73 MiB to be downloaded. > > Fetching php56-5.6.30.txz: .. done > > pkg: php56-5.6.30 failed checksum from repository > > > something wrong with the packages? Nothing on our side as far as

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On 01/25/2017 01:10 PM, Karl Fife wrote: > The piece that's still missing for me is that there must have been some > change in default system setting for FreeBSD, or some other change > between versions, because the system booted fine with pfSense v 2.2.6 Aside from what has already been

Re: [pfSense] Port forward => load balancer

On 12/02/2016 06:04 AM, Ugo Bellavance wrote: > I'd like to know if there is a way to switch from a port forward to a > server load balancer configuration without downtime. Can I create > everything in the load balancer config and then remove the port forward > at the end? > > v 2.3.2-RELEASE-p1

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

On 10/13/2016 5:53 PM, Volker Kuhlmann wrote: > I can't believe there is a major fault, but where is the download for > 2.3.2-p1? There are no installers for 2.3.2-p1. You have to install 2.3.2 and update to patch 1 once it's installed. Jim ___

[pfSense] Mailing List Posts from Non-Members

Hello, Lately the mailing list moderation queues have been overrun with a large volume of spam on a daily basis. To make it easier on the list admins, we have changed the default list policy to discard messages from non-members on all of our lists rather than holding them for manual moderation.

Re: [pfSense] DHCP Implicit rule processing order

On 8/31/2016 9:30 PM, Karl Fife wrote: > This suggests the implicit rules are evaluated BEFORE the explicit > rules. Is there a good reason they're evaluated first? I'd expect them > to be after to allow for debugging, logging, blocking, etc. > Yes, that is done on purpose. Otherwise it would

Re: [pfSense] pf rule error

On 08/09/2016 09:46 PM, Joseph L. Casale wrote: > I recently received an error that the pf table was wedged and had been reset > while making changes. A few days later, a vlan stopped passing dhcp traffic > and filter reload did not resolve it, I actually had to reboot the unit. > > Has anyone

Re: [pfSense] multiple:multiple

On 8/5/2016 3:13 PM, Karl Fife wrote: > All of the states in the pfsense states display make sense to me: > e.g. http://www.cs.hofstra.edu/~cscccl/c333/tcp.gif > > Maybe I'm having a brain fart, but I'm not finding a good treatise on > the "multiple:multiple" state? > Anyone? That "state" should

Re: [pfSense] Removing obsolete packages

On 07/26/2016 05:38 PM, Chris Bagnall wrote: > It would, however, be rather nice to remove the obsolete references. At the moment there is no automated way to do that, but you can edit them out of your config.xml. Either by editing in-place using "viconfig" if you're daring, familiar with vi, and

Re: [pfSense] yesterday update to 2.3.2 has not worked - these machines now can not update any more

On 07/27/2016 12:48 AM, WolfSec-Support wrote: > Any hint to solve the broken upbated-boxes ? Use ssh or the console and either use option 13, or use option 8 and from the shell, execute "pfSense-upgrade -d" Early in the upgrade process, pkg is updated and from that point, the GUI for updates

Re: [pfSense] Alerts

On 07/27/2016 07:47 AM, Luis G. Coralle wrote: > Hello everyone. > Someone knows how pfsense considered an alert? They can be customized? > There is list? There isn't an official list, but it's not very long. Usually emergency-level events or events at the very least that require the attention of

Re: [pfSense] DNS-forwarder through OpenVPN "stopped working" with 2.3.2

On 07/27/2016 08:45 AM, Philipp Tölke wrote: > since the update to 2.3.2 yesterday our external devices do not get > DNS-Replies anymore. What version was this firewall running previously? > We have configured the DNS-Forwarder to listen on the interface and > sockstat show it's listening on

Re: [pfSense] 502 Bad Gateway

On 07/08/2016 10:09 AM, Bill Arlofski wrote: > I just realized something thanks to your post. It seems that I have also > witnessed that OpenVPN stops working when this occurs. It would depend on the type of OpenVPN. RA or SSL/TLS using certificates would likely fail as the scripts the verify

Re: [pfSense] Update to android ipsec instructions?

On 6/24/2016 7:18 PM, Cheyenne Deal wrote: > Has anyone made any updated instructions for Android 5-6 for mobile ipsec > tunnels? I have not been able to find any instructions for newer android > versions for pfsense There is a bug in racoon on Android that prevents it from working properly

Re: [pfSense] Fwd: [Openvpn-announce] New OpenVPN 2.3.10 Windows installers (I604/I003) released

On 05/09/2016 11:45 AM, WebDawg wrote: > How do we get an update for the export util? They just released OpenVPN 2.3.11 yesterday, I've pushed out an update for the export package on pfSense 2.3, might take a bit to sync around but it'll show up soon. Jim

Re: [pfSense] IPsec: tunneling both IPv4 and IPv6 between two sites

On 4/30/2016 6:57 AM, Olivier Mascia wrote: > Sorry for having asked this question. > While I had tried to find the answer before posting, I finally found the > answer seconds later. > > https://doc.pfsense.org/index.php/IPv6_and_VPNs > > "Currently IPv6 with IPsec is functional, but traffic

Re: [pfSense] IKEv2 with LDAP or RADIUS?

On 10/27/2015 6:07 PM, Adam Thompson wrote: > I just watched the last hangout that jimp did on Remote Access VPNs, and > I'm wondering: is there no way to do user authentication against a > back-end LDAP or RADIUS server when using IKEv2-EAP-MSCHAP2? There is EAP-RADIUS for RADIUS, but no means

Re: [pfSense] Kernel problem after upgrade 2.2.3 to 2.2.4

On 08/03/2015 04:58 AM, Carlos Vicente (Gmail) wrote: [...] I upgraded it to the last version (via firmware upgrade), everything went well till the reboot, it shows an error message: Can't find 'kernel' Error while including /boot/menu.rc. in the line: Menu-display \ Can't load

Re: [pfSense] SG-4860 vs. support pricing question

On 07/21/2015 04:19 PM, Adam Thompson wrote: Next question: extended warranty, to wit: can I purchase an extended warranty on these units? It's not there yet but it is in the works and it is a priority for us. We hope to offer that in the coming weeks. Jim

Re: [pfSense] SG-4860 vs. support pricing question

On 07/20/2015 07:09 PM, Adam Thompson wrote: But I do have one issue/question/comment about the pricing of that bundle: there are still only 2 support incidents bundled. It seems that if I bought two 4860s and tie-wrapped them to my own shelf, I’d wind up paying almost the same amount

Re: [pfSense] SG-4860 vs. support pricing question

On 07/20/2015 07:09 PM, Adam Thompson wrote: Also, the price for a 2-incident support pack is $399, but I can buy a SG-2220 for only $299 and get the same # of support incidents. Have I missed something? Is this intentional? Not sure about the other questions but this one I can answer:

Re: [pfSense] FTP issues on 1:1

On 7/6/2015 7:59 PM, Ryan Coleman wrote: Using 1:1 has turned most of my knowledge in pfSense completely useless. I feel like a beginner again. FTP worked on port 21. But for security reasons I do not want it there so I moved it to port 9000. ProFTPd is set up for Masquerading on its

Re: [pfSense] Dashboard Width

On Jun 30, 2015, at 8:25 AM, Paul Galati paulgal...@gmail.com wrote: All, Am I doing something wrong or is the current dashboard themes limited to 2 columns across? With computer screens being wider than taller, it would be nice to be able to have a 3rd or 4th row of data rather than

Re: [pfSense] Too many VIPs

On 06/17/2015 09:07 PM, Brian Caouette wrote: I assume it's not ready yet? Mine says 2.2.2 and current. Correct, it has not yet been released. There are snapshots for it, however. It should be out by the end of next week if all goes well. Jim ___

Re: [pfSense] IKEv2 agile VPN from Win7/Win8 to pfSense 2.2.2

On 06/17/2015 09:53 AM, Adam Thompson wrote: So far, PPTP and IKEv2 (using EAP-MSCHAPv2) appear to be the only options, and while PPTP works fine, it's insecure. (This isn't actually a problem for my use case, but since it's going away and certainly isn't getting any love in pfSense, I'm

Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table

On 06/03/2015 09:47 AM, Espen Johansen wrote: Don't double post please. Looks like his other post was stuck in the moderation queue and approved, I'd have killed it but I didn't notice he'd already managed to get it through to the list. Hello everybody, Is there any documentation about:

Re: [pfSense] Fwd: freak vulnerable for pfsense

On 03/19/2015 06:27 AM, Amit Saxena wrote: I am working on pfsense firewall as well as configured as a Opnevpn server I got the information that Freak vulnerable so i want to know it affected to Pfsense box My pfsense Detail Pf sense version 2.1 and opnessl version 0.9.8y The firewall GUI

Re: [pfSense] 2.2.1-RELEASE sudo issues?

On 3/17/2015 4:48 PM, Manojav Sridhar wrote: Just upgraded my pfsense to 2.2.1-RELEASE, [2.2.1-RELEASE][user@host]/usr/lib: sudo Shared object libintl.so.9 not found, required by sudo Cant seem to fin the libintl.so.9, this breaks the sudo package. Anyone else run into this? Try the

Re: [pfSense] Issue with OpenVPN certificate depth validation and long certificate subjects

On 03/07/2015 04:32 PM, David Durrleman wrote: There seems to be an issue in pfsense's custom certificate depth verification for OpenVPN connections. When long certificate subjects are used, the validation fails. Here is how to repro: Probably this (already fixed in 2.2.1):

Re: [pfSense] VIPs : CARP vs IP Alias

On 03/08/2015 06:50 PM, Bryan D. wrote: My interpretation of the nice chart and notes on https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses leads me to believe that I can switch the CARP VIPs to be IP Alias VIPs. However, when I do that, the 2 servers for the 2 domains tied to

Re: [pfSense] Multi WAN IPv6

On 03/09/2015 10:28 AM, Tiernan OToole wrote: But there is a problem... The Multi-WAN one assumes that both WAN connections give IPv6 addresses, which in my case is false, and the Tunnel Broker assumes you have one WAN connection... Last time i tried this, mind you with a different router, all

Re: [pfSense] serial port sadness

On 02/25/2015 12:03 PM, Bob Gustafson wrote: Years ago I had problems with serial cables - I invested in a little in-line gadget that had red and green LEDs for each line. The one I have uses 25 pin connectors, so the cable is a mix of 9-25 pin adapters and the LED viewer. You can shut

Re: [pfSense] Documentation page : wildcard DNS record

On 02/19/2015 07:03 AM, Guillaume wrote: The example wildcard DNS record given here : https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder is inaccurate w/pfsense 2.2. The page is correct, but if you note the name it was specific to the DNS Forwarder only (dnsmasq), not the DNS

Re: [pfSense] Lightsquid

On 02/12/2015 10:37 AM, Jim Pingle wrote: * Uninstall lightsquid * rm -rf /usr/local/lib/perl5 * rm -rf /usr/local/www/lightsquid * rm /usr/local/bin/perl * rm /usr/bin/perl * Reinstall lightsquid I missed a step, it should be: * Uninstall lightsquid * rm -rf /usr/local/lib/perl5 * rm -rf

Re: [pfSense] Lightsquid

[Please don't top post] On 02/11/2015 08:13 PM, Brian Caouette wrote: On Feb 11, 2015, at 5:24 PM, Jim Pingle li...@pingle.org wrote: It works fine on 2.2 under the right circumstances. Those being that before installing lightsquid, /usr/local/lib/perl5 doesn't exist, and /usr/local/bin/perl

Re: [pfSense] Visual seperators?

On 2/11/2015 6:55 AM, kpolb...@olberg.name wrote: I guess it would break the current UI to have collapsible groups. And it might not have been the most thought through proposal :) I do however still feel there is a use for a separator. With regards to your comment on over engineering. If

Re: [pfSense] problem with bacula-client 7.0.5 binaries on pfsense 2.2

On 02/09/2015 11:30 AM, Dan Langille wrote: There's been a bug open for 14 days regarding the configuration issues: https://redmine.pfsense.org/issues/4307 I will try the packaged binaries again. FYI for others (Dan already knows from Twitter): Bacula should be OK now on 2.2, as of

Re: [pfSense] New pfSense 2.2 install

On 01/29/2015 10:08 AM, Doug Lytle wrote: I'm building a new 64bit pfSense 2.2, running under ESXi 5.5. I've noted 2 things. 1.) Bulk Alias imports button no longer exist on the main alias page. It's still there on all mine, on each tab at the bottom there is an up arrow (^) and it opens

Re: [pfSense] RRD persistence

On 01/07/2015 09:07 AM, Jeppe Øland wrote: Doesn't it automatically save the latest files when you reboot? I don't reboot often, but I don't remember ever having lost data (except if the firewall crashes - which did happen a few times in the past). It does save them on a clean reboot. It

Re: [pfSense] 32 or 64?

On 01/06/2015 04:08 PM, Jeppe Øland wrote: https://doc.pfsense.org/index.php/Upgrade_Guide#Changing_architecture_.2832-bit_to_64-bit_or_vice_versa.29_during_upgrade From that link: Upgrading from 32-bit to 64-bit mostly works fine with a couple caveats - the 32-bit RRD data is invalid on the

Re: [pfSense] 32 or 64?

On 01/06/2015 12:57 PM, Márcio Merlone wrote: I am planning to replace some Linksys boxes on remote offices with a virtual pfSense in the next months and was wondering what's recommended for a new install today: 32 or 64 bits? I ask considering what's best for the mid-long term, are there any

Re: [pfSense] Client-Side 1:1 NAT for IP address conflicts w/ VPN

On 12/10/2014 07:34 AM, Chris Bagnall wrote: On 10/12/14 6:36 am, Chris L wrote: That’s actually your fault for using 10/8, not Comcast's. Even if they were to use something like 10.58.223.0/24 they’d still conflict with your 10/8. There are so many different brands and models of consumer

Re: [pfSense] Help with OpenVPN interface rules

On 10/13/2014 10:46 AM, Paul Beriswill wrote: Now, when I create rules for the OpenVPN_Ops interface, using 'OPEN_VPN_OPS net' as 'Source' the rule never hits. It doesn't appear that the 'net' and 'address' aliases are being populated when the connection is established. Is this correct? I

Re: [pfSense] new user with console menu

On 9/26/2014 3:51 AM, Martin Fuchs wrote: When i add a new user to pfSense, this user does not have a menu when logging into the shell… What rights does the user need to have the console menu displayed ? The user won't have all the necessary permissions to use the menu so they don't get one

Re: [pfSense] HPET timer issues?

On 9/23/2014 12:34 PM, Moshe Katz wrote: 1. Has anyone else seen this behavior? The only HPET issue I'm aware of is on older versions of ESX where the clock would completely stop ticking. That's been patched for a long time now though. 2. I haven't noticed any performance issues after the

Re: [pfSense] CVE-2004-0230

On 9/18/2014 8:55 AM, Martin Fuchs wrote: Does CVE-2004-0230 affect pfSense 2.1.5 ? As Vick mentions, practically the answer is 'no'. There are some rare cases when it might, however. It would require: 1. Disabled pf (System Advanced, Firewall/NAT tab, check Disable all packet filtering) 1a.

Re: [pfSense] understand the CARP advskew option

On 9/11/2014 7:23 PM, Martin T wrote: I see, thanks! However, while not the best practice, one could determine the master/backup role solely with advbase, couldn't he? Thats because host with the lowest advbase+advskew value(not just the advskew value) should be the preferred one? Someone

Re: [pfSense] understand the CARP advskew option

On 9/10/2014 5:15 AM, Martin T wrote: 1) Why does the messages interval matter to CARP? Is CARP designed in a way that CARP preferres system which announces CARP messages with shortest interval? Yes, the fastest advertisement wins the election and becomes master. 2) Why is advskew needed if

Re: [pfSense] packages.pfsense.org down!

On 8/5/2014 6:04 AM, Nishant Sharma wrote: Package installer is not working for me. https://packages.pfsense.org/xmlrpc.php shows following error: faultCode 105 faultString XML error: Invalid document end at line 1 That page isn't meant to be accessed directly by a browser. Packages work

Re: [pfSense] Traffic shaper related error

Perhaps https://redmine.pfsense.org/issues/3535 or similar is happening. Ensure that the correct interfaces are being chosen, especially if you have reassigned the traditional WAN/LAN interface roles, since the single WAN wizard would assume that the first interface is WAN, regardless of what it

Re: [pfSense] Traffic shaper related error

On 8/5/2014 11:47 AM, Erik Anderson wrote: On Tue, Aug 5, 2014 at 9:37 AM, Jim Pingle li...@pingle.org wrote: Ensure that the correct interfaces are being chosen, especially if you have reassigned the traditional WAN/LAN interface roles, since the single WAN wizard would assume that the first

Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?

On 7/10/2014 4:27 AM, Stefan Baur wrote: since upgrading to 2.1.3-RELEASE and enabling e-mail notifications under System: Advanced: Notifications, I'm receiving an e-mail whenever the DynDNS update script (Services: Dynamic DNS client) triggers an update. I *do* want e-mail notifications,

Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?

On 7/10/2014 10:38 AM, Stefan Baur wrote: Thank you. I just checked, it actually appears twice, once for IPv4 and once for IPv6 (7 lines below the first occurrence), so I'm going to comment out both. Yes, it is in there twice but IPv6 DynDNS is still fairly rare so the second one probably

Re: [pfSense] NTPv6 Assignments Not Possible?

On 7/9/2014 11:57 AM, Mark Tinka wrote: I tried to add IPv6 NTP servers to my pfSense installation, and it doesn't like them. Anyone know when IPv6 support for NTP servers will come to pfSense? They work on 2.1.x but have to be found by hostname and not a bare IP address. For an example,

Re: [pfSense] Please update the pfSense Wiki with the attached note

On 6/11/2014 4:40 AM, Stefan Baur wrote: Hi Jim (or anyone with editing rights on the Wiki): I added that text (with some minor edits) to the page. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] ldap authentication against active directory fails with passwords containing the paragraph sign

On 6/5/2014 8:02 AM, Freund, Ingo wrote: today a user complained about not being able to login to IPsec VPN on the pfSense via Shrew-Client 2.2.2 after he had changed his password. After some research and testing we have to report that passwords which contain the paragraph sign '§' are not

Re: [pfSense] Problems with gateways on IPv6 Tunnels?

On 6/3/2014 12:37 PM, Seth Mos wrote: I just upgraded to 2.1.3 at home and tried to switch my IPv6 default gateway around. Unfortunately, when I try to set my HE.net tunnel gateway as the default it throws an error that the gateway address is not in the interface subnet. I’ve set the

Re: [pfSense] installing vmtools

On 5/21/2014 2:31 PM, Florio, Christopher N wrote: Oh I feel dumb, the first thing is to install perl, which I can't do given my location on the network. Ok so nevermind, sorry. You can fetch the .tbz file for perl and the compat package mentioned on the page to another system and then copy

Re: [pfSense] Poweredge 2850

On 5/20/2014 1:45 PM, Brian Caouette wrote: For the price paid it can't be beat. There is more than the sticker price to be considered. Note that these are just vague numbers that would vary by the specific equipment power usage and local power costs. Atom, ~35W, 24h/day @ $0.05/kWh = About

Re: [pfSense] Poweredge 2850

On 5/20/2014 4:37 PM, Harlan Stenn wrote: On 5/20/14 11:01 AM, Jim Pingle wrote: On 5/20/2014 1:45 PM, Brian Caouette wrote: For the price paid it can't be beat. There is more than the sticker price to be considered. Note that these are just vague numbers that would vary by the specific

Re: [pfSense] Recommendations for Analyzing Firewall logs

On 5/14/2014 2:16 PM, Travis Hansen wrote: Do you have some good grok patterns for indexing pfsense data? I started some a while back for this exact setup but gave up. Keep an eye on the logs for pfSense 2.2. We ditched the native pflog tcpdump style output and changed to a single line

Re: [pfSense] log grep inconsistency

On 5/13/2014 12:55 PM, David Burgess wrote: I have two firewalls running pfsense 2.1.3 amd64. One is nanobsd, the other is full install. Why is it that when I do 'grep band /var/log/ppp.log' on the embedded system I get the expected output of lines containing band, while on the full system I

Re: [pfSense] High iostat

On 05/12/14 23:09, Wajih Ahmed wrote: BTW it would be very nice to have a tool like lsof to see what files a pid has open and writing too. But pfsense does not have lsof package. In addition to the other things mentioned, run: top -aSH press 'm' to switch to i/o view to see what process is

Re: [pfSense] Port forwarding from multiple interfaces - reply packets are forwarded through the wrong interface.

On 5/9/2014 8:02 AM, Thierry De Leeuw wrote: I have some trouble to setup port forwarding with multiple interfaces. When a connection is initiated from the VPN tunnel (SYN), the SYN/ACK is sent from the VPN IP but throught the pppoe interface (which is the default gw, but I would expect the

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

On 5/8/2014 1:16 PM, Adam Thompson wrote: Sorry for the late addition... Perhaps this was already covered, but if not: Please don't filter ICMPv6. This is one of the key points every intro-to-v6 class teaches: IPv6 actually *needs* ICMPv6 to function in pretty much every situation. The

Re: [pfSense] upgrade dual ALIX netgate box?

On 5/7/2014 9:03 AM, Vick Khera wrote: I wonder then why pcengines points to the ALIX case from the APU board page as a recommended case. They refreshed their cases about 6 months so they would be compatible. The newer ALIX+APU style cases fit the ALIX and the APU both, but the older ALIX cases

Re: [pfSense] Manual Outbound NAT Creates Multiple Local Host Entries

On 4/28/2014 11:16 AM, Adam Piasecki wrote: I am currently running 2.1.2, I386. It’s possible that the config was originally from 1.2.3 as it has been upgraded multiple times to 2.1.2. When enabling manual outbound NAT, it appears 3 entries are exactly the same 127.0.0.0/8 with NAT ports

Re: [pfSense] export/import ipsec xml from pf 1.2.3 to 2.1.1

On 4/22/2014 2:15 PM, Alexsander Rodrigues wrote: I see. By upgrading the configuration file you mean to upgrade the pfsense 1.2.3 to 2.1.1 and then to export the configuration file? That, or you can take the whole 1.2.3 config.xml and restore that to a firewall already running 2.1.2, and then

Re: [pfSense] Interface yoyo

On 4/20/2014 7:02 PM, Volker Kuhlmann wrote: On Mon 21 Apr 2014 09:54:49 NZST +1200, Jim Pingle wrote: http://files.pfsense.org/jimp/patches/openvpn-tapbridgefix-2.1.x.diff This has no effect on the hme problem unfortunately. I rebooted and re-tested, but unplugging the cable to the wifi

Re: [pfSense] Heartbleed and OpenVPN

On 4/11/2014 9:57 AM, Tim Nelson wrote: Hot on the heels of the OpenSSL debacle, and a fresh new release of pfSense (THANK YOU), I'm curious about the Heartbleed vulnerabilitie's actual surface attack area. All of the relevant information, reports, and PoC's are pointing at exploit only via an

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

On 4/8/2014 8:20 AM, b...@todoo.biz wrote: Mmmh, this is true : on 2.1.1 in — /usr/local/bin/openssl : # OpenSSL 1.0.1f 6 Jan 2014 I don’t know exactly how this is used… we would need to wait for Chris confirmation on this. Many of the ports and packages (e.g. OpenVPN) link against the

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

On 4/8/2014 8:48 AM, Pete Boyd wrote: Thanks for the update Jim and for your and others' efforts in bringing us updated software. These things keep many of us in employment, but I expect you guys would have appreciated a little breather after releasing 2.1.1. Actually with the release

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

On 4/8/2014 9:15 AM, Vick Khera wrote: On Tue, Apr 8, 2014 at 9:11 AM, Jim Pingle li...@pingle.org wrote: Actually with the release engineering process fresh in our heads/muscle memory and everything practically set to go, it's not exactly a horrible time for it to have happened, but not ideal

Re: [pfSense] pfSense version 2.1.1 has been released

On 4/7/2014 8:38 AM, Pete Boyd wrote: The 2.1.0 to 2.1.1 upgrade on nanobsd (4g) on ALIX failed for me with Something went wrong when trying to update the fstab entry. Aborting upgrade. I got the same issue when using auto update, and when using local upload of

Re: [pfSense] Yealink OpenVPN to asterisk

On 3/11/2014 12:09 AM, Chuck Mariotti wrote: The data center has a single Internet connection but with two separate subnets (ran out of Ip addresses). This has been setup as WAN and WAN2. I set up qos on pfsense but not sure if right. The single connection is 10Mbit... but I set up WAN1 AND

Re: [pfSense] captive portal lost name in upgrade SOLVED

On 2/21/2014 7:10 AM, Urs Rau wrote: In Dec 2013 I upgraded to the latest release of pfsense 2.1 from the previously running release. It all seemed to have gone well, but when I tried accessing the captive portal page it seemed to be non existent. All I got was an empty looking page with a

Re: [pfSense] issue in operating openvpn on non standard port.

On 2/21/2014 2:24 AM, Muhammad Yousuf Khan wrote: however the problem is when i create a VPN server other then 1194 my VPN server does not work. It's not a general issue, that's used all day every day by many without problems. must current VPN server is listening on port 1199 on tcp port i

Re: [pfSense] Run-Away Processing Issue

On 2/19/2014 2:07 AM, Bryan D. wrote: I have a problem that I've been unable to make much progress with and could use some suggestions on how to proceed. The problem is that whenever the WAN interface link on the pfSense box goes down, pfSense goes into some sort of loop/run-away condition

Re: [pfSense] pfsync state full resync

On 2/17/2014 12:17 PM, Brian Candler wrote: I don't know whether the version of pf in pfsense/FreeBSD 8.3 implements this. If this functionality has been in there since the introduction of pfsync then presumably it does. Also: pfsense optionally lets you configure an IP to unicast state

Re: [pfSense] package download stuck

Try again now -- there was an issue with that particular server but it should be back to normal at the moment. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] is it possible to rename gateways in 2.1 release AMD64?

On 1/7/2014 3:11 PM, Joe Landman wrote: It doesn't allow you to change names of gateways once they are set. I am not sure precisely why, but it simply does not work. To do that requires some extra code to search through all other places where the gateway could be used (firewall rules, routes,

Re: [pfSense] IPSec problem with mobile IOS and Android

On 1/4/2014 6:03 PM, Carlos Vicente wrote: My PfSense version is 2.0.3 upgraded from 1.2.3. I have tried all kind of configs from the doc “Mobile IPsec on 2.0 https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0”, but, as I said, can establish the connection but can´t access any device on LAN

Re: [pfSense] Labeling OpenVPN intervaces

On 1/4/2014 8:49 PM, Ugo Bellavance wrote: On our setup, we have at least 2 openVPN interfaces (one site-to-site, one for roaming users). I haven't labeled these interfaces so all my rules are using the global OpenVPN interface, but I think it would be better if I had one interface per

Re: [pfSense] Lan Card Support

On 1/6/2014 12:42 PM, rajan agarwal wrote: I am about to put pfSense in a production box. I will be using IBM Quad Port Gigabit PCIe Ethernet Card P/N.: 39Y6136. Will pfSense version 2.0.1 support this particular LAN card? I can't find the name of this LAN card on the freeBSD 8.1 hardware

Re: [pfSense] OpenVPN client bug? An IPv4 protocol was selected, but the selected interface has no IPv4 address error

On 12/21/2013 10:11 PM, Chris Buechler wrote: On Thu, Nov 28, 2013 at 4:25 PM, Dave Warren da...@hireahit.com wrote: I have a number of OpenVPN client sessions set up (where my pfSense connects to a remote OpenVPN server as a client) Today I needed to switch one from TCP to UDP and received

Re: [pfSense] MultiWAN with SSH

On 12/13/2013 5:10 AM, Chris Bagnall wrote: On 13/12/13 5:48 am, Walter Parker wrote: What do I need to do to get the firewall to use the COMCASTGW for responses to packets sent to the COMCAST interface? Unless you're using advanced outbound NAT, this should happen automatically. Actually

  1   2   3   >