Hi all.
I've been thinking about this a little more.
Assuming ARP timeout could be an issue, is it possible to configure
pfSense to transmit Gratuitous ARP's on a given interface?
I can't seem to find anything online about this.
Mark.
On 5/May/16 15:40, Mark Tinka wrote:
> Hello all.
>
Hello all.
I am seeing the issue below:
kernel arpresolve: can't allocate llinfo for x.x.x.x on em0
The only way to resolve this issue is to bump the interface, or perform
any other task in the GUI that reloads fundamental components of the
interface.
I've found the below links
On 24/Jul/15 08:53, Seth Mos wrote:
In a pinch I use the Linksys E2500 or EA2700 dual band wireless access
points. Set a static IP, disable the DCHP server and connect the cable
to the LAN ports. That's handy for connecting the Xbox in the living
room. I mounted it behind the TV using one of
On 10/Mar/15 10:21, Shannon Gernyi wrote:
Hi Guys,
First time poster to the list - I've spent some time searching without
too much luck. Could be ambiguity in my search queries.
I'm putting out some new firewalls shortly, and like many already in
place, I'll be using openBGPd to interface
On 6/Feb/15 05:22, Chuck Mariotti wrote:
Thanks… I am leaning that way I think… just trying to wrap my head
around if it is worth trying to buy more ram + more storage (HW RAID)
to make them ESXI worthy to run VMs, or if I should just keep it
basic… the ESXI is tempting since I can at least
Hello all.
I'm trying to create an IPv6 default gateway, and the box is
throwing back this error:
The following input errors were detected:
The gateway name must not contain invalid
characters.
Anybody why this is coming back? The IPv6 address is
standard, and is being
On Wednesday, July 09, 2014 05:45:36 PM Lyle Giese wrote:
Typos are a terrible thing. I often put in a ; instead
of a : in IPv6 addresses. Depending on the font, it can
be VERY hard to see that.
In this case, the problem wasn't the IPv6 address. The
problem was that I used white_spaces in
On Thursday, May 08, 2014 12:25:54 PM Olivier Mascia wrote:
Are there other documentation on ICMPv6 filtering,
without dropping essential functionality, in the
specific context of pfSense 2.1.x?
My personal opinion, we already killed IPv4 by filtering
ICMP (and thereby, killing pMTU). Let's
On Thursday, May 08, 2014 12:51:05 PM Olivier Mascia wrote:
Thanks for this advice.
On the WAN interface, I’m currently allowing full ICMPv6
in, albeit only from Global Unicast and Multicast
addresses. That is: only from 2000::/3 and ff00::/8.
That's alright.
Rate limits, at least on
On Thursday, May 08, 2014 08:05:03 PM Jim Pingle wrote:
IMO, I agree that it's best to let ICMP flow free on
IPv6. ICMP has had a bad reputation for a long time, and
it's mostly undeserved in recent times.
+1.
Mark.
signature.asc
Description: This is a digitally signed message part.
On Thursday, February 13, 2014 09:43:36 PM Jostein Elvaker
Haande wrote:
The latter exposes not only the core of the product, but
also the workflow and priorities of those involved in
the making of pfSense. It's a level of transparency that
you see more and more of, and for me personally, is
On Tuesday, January 07, 2014 10:11:35 PM Joe Landman wrote:
It doesn't allow you to change names of gateways once
they are set. I am not sure precisely why, but it simply
does not work.
It would be nice to lift this limitation while in-flight.
I've hit situations where it would have been
On Wednesday, October 30, 2013 03:56:22 PM Yehuda Katz
wrote:
I know some Cisco switches have the option to block DHCP
replies on ports not marked as trusted (DHCP Snooping).
I have never seen one where I had access to the
configuration and the setting was on, so I am not sure
what to
On Tuesday, October 01, 2013 04:06:20 PM Mehta, Hemen (DPCC)
wrote:
How can one go about getting a /48?
Go to your RIR's web site and apply for space based on their
policy.
The RIR policy are generally very clear and pregnant with
details on what to do :-).
Mark.
signature.asc
On Monday, September 30, 2013 10:58:42 AM Seth Mos wrote:
On that note: This is a last call to people in the US to
get one before they are stuck in a hard place.
We got ours just in time before the last /8 policy in
RIPE land.
Like the whole IPv6 migration, better plan ahead then get
On Friday, September 27, 2013 02:16:10 PM Jim Pingle wrote:
Generally speaking when you assign a subnet to an
interface for use, you want that to be a /64 only.
Larger chunks would be routed, either by static routes,
PD, or some other means.
The /64 is really only a requirement if you want
On Friday, September 27, 2013 02:38:25 PM Eugen Leitl wrote:
It seems that /64 for each network segment is mandatory,
to prevent autoconfig breakage.
That's right.
If you need SLAAC, a /64 is your only option.
If you don't need SLAAC on your network segment, and you
don't need a /64, then
On Friday, September 27, 2013 02:53:06 PM Jim Pingle wrote:
It is only a requirement for SLAAC, yes, but it's also
recommended quite strongly in various RFCs and other
docs from the IETF.
Well, the RFC's haven't always bent themselves toward best
practice, just recommendation.
And given
On Friday, September 27, 2013 03:27:12 PM Eugen Leitl wrote:
All the IPv6 guys I asked said to never do that.
The beauty is - your network, your rules :-).
I can see when I would use a much smaller subnet
e.g. for building a tunnel or CARP, but that's a very
special case.
/128's for
On Friday, September 27, 2013 05:01:56 PM Adam Piasecki
wrote:
I'm somewhat new to ipv6, but looking at the insane
amount of IPv6 address's in a /64. What is the recommend
number of hosts to actually assign to that subnet. If i
could somehow assign all the Ipv6 address's in a /64 to
hosts,
On Friday, September 27, 2013 06:13:35 PM Adam Thompson
wrote:
FWIW, I've had to look into this lately and went trawling
through the RFCs for guidance.
The IETF is very firmly on the side of always using a /64
for subnets. At least RFCs 3177, 3315, 3627, 3736, 3956,
3971, 4291, 4862, 4866,
On Sunday, September 15, 2013 07:35:27 PM Jim Pingle wrote:
I agree. From what I have done with Quagga on OSPF, it's
been pretty straightforward and simple and tends to just
work and work well.
It isn't without its quirks, but I've never been sure if
those are actually quirks in Quagga or
On Sunday, September 15, 2013 10:12:48 PM Adam Thompson
wrote:
What happened to all the work Google was doing on IS-IS
in Quagga? -Adam
Still ongoing, but shipping code is not usable still.
Mark.
signature.asc
Description: This is a digitally signed message part.
On Sunday, September 15, 2013 10:21:55 PM Adam Thompson
wrote:
I'm thinking that if you need advanced features, go buy a
Cisco/Juniper. But if you need basic (or even just
homogenous) functionality, pfSense ought to be a
good-enough platform. It's really close right now but
not having
On Sunday, September 08, 2013 08:53:25 AM eyobe kebede
wrote:
to all guys I was using pfsense for around one and half
year but now my ISP demanded me to change my IPadress
with public ip that they provided me. the public ip that
they gave me is one in my side and one is in their side.
so
On Sunday, September 08, 2013 09:38:31 AM Oliver Schad
wrote:
I don't get your problem. You change on the pfsense your
GW and your WAN interface IP - that's it.
Maybe you have to change some firewall rules if you used
these fixed adresses anywhere.
If you made manual NAT rules to this
On Sunday, September 08, 2013 08:33:55 PM Adam Thompson
wrote:
What's the current recommendation for running eBGP + iBGP
and redistributing into OSPFv6/RIPNG/whatever?
The OpenBGPd package notes that it is incompatible with
Quagga/Zebra, but the OpenOSPFd package is deprecated.
Do I have to
On Thursday, September 05, 2013 08:13:27 PM Jim Thompson
wrote:
Wait, wait. Show me, again where pfSense is used in a
non-trivial service provider environment in a position
where it actually routes traffic.
And show me again where auto-update was *required*,
rather than an option?
I
On Thursday, September 05, 2013 08:19:20 PM Jim Pingle
wrote:
Very true, though it doesn't always apply to pfSense
(especially where CARP is involved). It certainly
applies to Cisco and friends. That said, someone running
CARP would be less likely to opt-in to an auotmatic
upgrade, but the
On Thursday, September 05, 2013 04:55:31 PM Jim Pingle
wrote:
I'm not opposed to auto-update if it's done securely and
opt-in. Especially if you can schedule the time it takes
place (e.g. specific day, specific time frame).
The problem with updating router/switch software, as you
know, is
Hi guys.
So just an update on this - it appears the issue is with
Switchvox (confirmed with them and their partner as well).
Even though there is quite some documentation to suggest
that the Digium phones can register to a remote Switchvox
device, this isn't a supported method to do so.
On Tuesday, July 02, 2013 08:31:35 AM Seth Mos wrote:
For now, if you have a mixed client network there is no
getting around advertising both DHCP6 and SLAAC to get
all clients to work. MacOS 10.6 does not have a DHCP6
client for example. (And yes, I still run that).
Mobile-wise, we're
On Tuesday, July 02, 2013 11:09:49 AM Chris Bagnall wrote:
Well, many of our deployments expect working v6, so we've
not been able to do much other than use 2.1
snapshot/beta/RCs. I must admit there's an element of
principle in there on my part: I can't in all good
conscience design a
Hi all.
I understand the majority of IPv6 support will be coming in
the final release of 2.1.
I'm trying to find out what kind of support will be in
there. More specifically, will it be possible to have IPv6
running without NAT66, but just pass IPv6 traffic
unmolested between IPv6 hosts and
On Monday, July 01, 2013 06:23:03 PM Jim Pingle wrote:
Sure. A purely routed IPv6 setup was one of the first
things to work well on 2.1.
We do not do any NAT on IPv6 by default, there is NPt if
someone really needs to do that, but it's all manual.
And the settings for IPv4 and IPv6 are
On Tuesday, June 11, 2013 05:12:08 PM Scott Lambert wrote:
Wait, Cisco? ASA or PIX? Does the Cisco have SIP fixups
enabled?
No NAT running on the Cisco (7200's and 3800's).
The Cisco is purely providing clear routing to pfSense, on
public addressing. NAT (and some routing) is performed by
On Monday, June 03, 2013 05:57:32 PM Jeremy Porter wrote:
Ok here are some things to think about on your setup:
For digium server can ping the phones.
Yes.
A Software Client
X-Lite can be manually provisioned and works.
Yes.
Digium hard phones will not provision.
Right.
The quickest
in the original post, X-
Lite is able to register from a laptop (LAN) toward the
remote SIP server (via the VPN interface of the local
pfSense device). But the hard phone simply won't.
Cheers,
Mark.
On Saturday, May 25, 2013 09:27:48 PM Mark Tinka wrote:
Hi all.
I have what appears
On Sunday, June 02, 2013 05:29:21 PM Jeremy Porter wrote:
If the phones don't work over the VPN, and, the VPN is
allow all, its unlikely to be pfSense.
My thoughts too, especially since X-Lite works fine across
this path.
However SIP is
tricky, in that as a protocol is has very limited
On Monday, June 03, 2013 12:44:32 AM Adam Thompson wrote:
Then you don't have a SIP problem, you have a routing
problem. Double, check the subnet mask on the phones
(and also the default gateway) and I suspect you may
find your problem -Adam
As I mentioned before, DHCP (provided by the
On Monday, June 03, 2013 01:55:07 AM Mark Wass wrote:
Are you using Openvpn and the tunnel is UDP?
Try using a TCP Openvpn tunnel I vaguely remember having
issues with a UDP Tunnel and SIP. I know it sounds
strange, but give it a try.
You might be on to something, Mark - I found something
On Wednesday, May 29, 2013 05:37:17 AM Glenn Kelley wrote:
I can see how OSPF can become a nightmare to handle if it
is not planned well - but I also find the folks who I
end up stepping in when they are stuck have tons of
other issues.
In the workshops I and a close friend give, we normally
On Wednesday, May 29, 2013 10:39:35 AM Eugen Leitl wrote:
Which hardware are you using? If you're pushing 5 GBit/s
you might be running into hardware limitations. There
was a thread about it on nanog a week or two ago.
In truth, if you're picking up 5Gbps through pfSense, that's
pretty good.
On Tuesday, May 28, 2013 08:42:09 AM Seth Mos wrote:
Also, there are ISPs that drop prefixes smaller then /24
v4, although rare.
It's actually not that rare.
/48 in the IPv6 world.
Mark.
signature.asc
Description: This is a digitally signed message part.
On Tuesday, May 28, 2013 05:41:11 PM Adam Thompson wrote:
I do agree - in a large, heterogenous, complex-topology
network, IS-IS proved to be a winner both for its
reliability and the simplicity of configuration.
In many ways, I find it simpler than OSPF. But let's not
start a war :-).
I
On Tuesday, May 28, 2013 10:06:48 PM Adam Thompson wrote:
On 2013-05-28 11:27, Glenn Kelley wrote:
Out of interest - why RIPv2 vs OSPF ?
Simplicity of configuration and troubleshooting. It's
definitely not the best protocol for complex
environments, but there are places where OSPF is
Hi all.
I have what appears to be an interesting one...
I'm provisioning Digium IP phones to a remote Switchvox
appliance, i.e., the Switchvox appliance and IP phones are
on separate Layer 2 domains.
The connection between both sites is an l3vpn where routing
is crossing pfSense firewalls at
Thanks for posting this here.
It's exciting that IS-IS is getting more attention.
In our IS-IS network, where we use Quagga to deloy Anycast
DNS services, we've had to run OSPF on the DNS server and
redistribute that into our IS-IS domain.
It's not a clean solution, but it works nonetheless.
Just an update to the list for the archives:
The Internet connection finally came in, and even with DNS
reachability, the GUI was still massively slow.
After lots of troubleshooting, it turned out to be exhausted
MBUF's on the system. The default values were not
sufficient, and that's what
Hello all.
New to pfSense, loving the concept straight-off-the-bat!
I'm in the process of setting up the installation per our
environment, and seem to be hitting this seemingly
consistent issue - a slow web GUI due to lack of DNS queries
being answered.
The machine is still in setup mode, so
On Friday, June 22, 2012 01:20:21 PM Odhiambo Washington
wrote:
Hi Mark,
Hello Wash, long time no see :-).
A shot in the wild, but how about if you added the
connecting host to /etc/hosts (manually)?
First thing I tried, no dice :-(.
Mark.
signature.asc
Description: This is a digitally
On Friday, June 22, 2012 01:36:14 PM Chris Buechler wrote:
Known issue that's fixed in the next release.
Many thanks for the confirmation, Chris. Much appreciated.
For now -
fix your DNS.
DNS isn't the issue - the link isn't in yet, so I'm just
covering ground as it's expected.
I'm
On Friday, June 22, 2012 05:22:33 PM Vick Khera wrote:
I just set up two boxes two days ago to replace an
under-powered cluster. I did not notice this at all.
The only delay I had was on boot when trying to start
openntpd after restoring the configs from the production
boxes. The only
53 matches
Mail list logo