if i had such rekeying issues one or more of the following was may be not
in the right shape:
Key times to live, different TTL on both sides for the resp. Component
(DH,AH ... )
Key lenghts/Algorithms (rare)
Timing issues due to Packet-Flow (very often, due to policy based routing
in the net)
2014-07-25 2:52 GMT+02:00 Erik Anderson erike...@gmail.com:
Hello -
This evening I upgraded to 2.1.4 and have noticed an odd issue
communicating between two of my LAN subnets.
For the purposes of this example, I have main-LAN (192.168.3.1/24) and
voice-LAN (192.168.5.1/24).
I have
21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
2014-06-16 23:09 GMT+02:00 Vick Khera vi...@khera.org:
On Mon, Jun 16, 2014 at 5:05 PM, Michael Schuh michael.sc...@gmail.com
wrote:
pfctl -s timeouts
tcp.first
Hi @list,
there is a blocked DSL-Dial-Up Network
89.233.72.0/21
which is covered also by a very big shot on the top spammers list.
89.233.64.0/18
if i remove this entry will it get reloaded after the filter reload or
is this for ever or up to the package update?
not sure how to deal with
setup a mtr, target to palo alto (may be in udp mode is a good idea) and
watch for routing issues and/or packet loss.
sounds in first instance like a flaky connection or routing changes.
try to disable any DOS detection/prevention mechanisms in the firmware of
the speedport.
if there is any,
http://www.freebsd.org/cgi/man.cgi?fetch(1)
hth
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
may be changes in the VSwitch/VLan Configurations prior to the reboot?
serval functions of the emulated VMWare NICS
ain't supported anymore by WMware in compare to older ESX Versions.
at least in the case of the Intel kind.
e.g. pptp will not work reliable with the emulated intel nics.
= = =
http://wiki.soekris.info/Installing_FreeBSD
HTH
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
i suppose squid is caching all sites?
using LRU algorithm?
this sounds like squid could not update the cache or acl deny the access.
enough diskspace? cache size big enough?
another caching algorithm tried? or caching algorithm changed after the
installation and first runs
and not cleared the
Hi there,
2013/11/7 Thinker Rix thinke...@rocketmail.com
Hi Michael,
On 2013-11-06 11:37, Michael Schuh wrote:
i have serval different Systems running,
including an old 3GHz Intel Pentium D-CPU with 2GBytes ECC Memory:
4 Nic, throughput max (so far): 115 MBytes/s at 20k irqs (no polling
i have serval different Systems running,
including an old 3GHz Intel Pentium D-CPU with 2GBytes ECC Memory:
4 Nic, throughput max (so far): 115 MBytes/s at 20k irqs (no polling
enabled, no special tweaking)
1 Nic is Broadcom, 1 Nic is Intel Pro1000 Desktop Adapter, the other two
Nic are an Intel
: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
2013/10/10 Chris L c...@viptalk.net
On Oct 9, 2013, at 9:06 PM, Michael Schuh michael.sc...@gmail.com wrote:
ridiculous
Head, meet sand.
Then again, consider the country of origin. They have
The $Customer will have his Pizza and Entertainment well served,
functioning and NOW for $0 costs.
So how will you provide security under this circumstances?
Impossible. Beside the fact, that this entire NSA-Story is funny as hell.
Why?
Deal with it, deal with the world you (the crowd) would like
2013/8/13 Sandeep A.S sani...@gmail.com
Hi Michael,
Please find the below details:
I have pfsense box deployed for 3-4 customers, where with one particular
ISP , Airtel I face high latency and packet loss with pfsense
systems. More exactly with
either linux or windows systems I am
can you please provide more informations?
more details please ...
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Rev. P.D. Michael
Schuhhttp://dudeism.com/ordcertificate?ordname=Michael+Schuhorddate=05/20/2012
*Ordained Dudeist Priest
man 5 resolv.conf
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Rev. P.D. Michael
Schuhhttp://dudeism.com/ordcertificate?ordname=Michael+Schuhorddate=05/20/2012
*Ordained Dudeist Priest http://dudeism.com/*
Postfach 10 21 52
66021 Saarbrücken
thats a widely used techniqe for routing purposes.
so the isp can change the routing quickly and apply more subnets to that
route.
you can use one and the same router for many subnets than.
the /29 is the routing subnet and the /28 your official subnet.
so there should no need for arp'ing.
Just
Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
2013/6/14 Nishant Sharma codemarau...@gmail.com
Original message
From: Michael Schuh michael.sc...@gmail.com
Date: 14/06/2013 14:38 (GMT+05:30)
To: pfSense support
Intel actually sells MLC instead of SLC ( iirc they had a series with SLC
but they are to expensive, not sure if they sell those further )
They do. As you note, they are more expensive per bit than MLC.
The last thing i heard of, was that they now use HET MLC instead of SLC. So
all actual
2013/6/9 Jim Thompson j...@smallworks.com
On Jun 8, 2013, at 2:24 PM, Michael Schuh michael.sc...@gmail.com wrote:
i wouldn't only rely on the manufacturer but on the chip type; just saying
If by 'chip' you mean 'controller', I agree.
If by 'chip' you mean the actual flash (memory
i would recommend to read page 12, if i should get asked :-)
(not only but in that context)
http://phk.freebsd.dk/pubs/nanobsd.pdf
i wouldn't only rely on the manufacturer but on the chip type; just saying
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional
2013/6/8 Jim Thompson j...@netgate.com
On Jun 7, 2013, at 7:06 PM, Chris Bagnall pfse...@lists.minotaur.cc
wrote:
Thanks for the response.
On 8/6/13 12:54 am, Jim Thompson wrote:
Difficulty? Is this some kind of Brit understatement? Impossible
is a more accurate description of the
Hi Makara,
make a backup.
Download a Disk Diagnosis Program from the Homepage of the Manufacturer of
the Harddisk
or download the utlimate boot disk (google it).
did i mention to make a backup? :-)
Run the Disk Diagnosis Long/Extended Test.
This can take some hours depending on the size of the
://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List
://lists.pfsense.org/mailman/listinfo/list
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318
2013/3/30 Ermal Luçi ermal.l...@gmail.com
On Sat, Mar 30, 2013 at 2:17 AM, Michael Schuh michael.sc...@gmail.comwrote:
2013/3/30 Chris Buechler c...@pfsense.org
On Fri, Mar 29, 2013 at 9:03 AM, WolfSec-Support supp...@wolfsec.ch
wrote:
effectively I have also on pfsenses v2.0.2 DNS
/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
2013/3/23 Michael Schuh michael.sc...@gmail.com
2013/3/21 WolfSec-Support supp...@wolfsec.ch
hi,
I can confirm similar dns-forwarder outages on other non PPtP setups
I have CARP setups, where dns forwarder work not propperly.
most of them use OpenVPN also
so may a general issie
Can this be sourced by a routing change through the connection time?
affected are pptp and ipsec so i guess it as potential source of this.
if the udp packets do not arrive in the right order, what happens to those
VPN-Types?
2013/3/20 Michael Schuh michael.sc...@gmail.com
http
no packet loss or bogus routing or flaky routes?
Your provider does not block or control traffic through transparent proxies?
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
chrismas gift.
i whish list members a happy and jouyful chrismas.
greetings
m.
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o
scriptet that.
hth
regards
m.
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318
- Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman
2012/11/8 Ermal Luçi e...@pfsense.org:
On Thu, Nov 8, 2012 at 1:16 PM, Michael Schuh michael.sc...@gmail.com
wrote:
2012/11/8 Ermal Luçi e...@pfsense.org:
On Thu, Nov 8, 2012 at 9:53 AM, Oliver Schad
oliver.sc...@automatic-server.com wrote:
On Thu, 8 Nov 2012 09:14:50 +0100
Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
2012/11/6 Michael Schuh michael.sc...@gmail.com:
2012/11/6 Chris Buechler c...@pfsense.org:
On Mon, Nov 5, 2012 at 2:31 PM, David Brodski da...@brodski.eu wrote:
Thank you for the replay, but I it is not working.
There's about 0 chance of that working without source code hacking.
You'll
2012/11/6 Michael Schuh michael.sc...@gmail.com:
2012/11/6 Michael Schuh michael.sc...@gmail.com:
2012/11/6 Chris Buechler c...@pfsense.org:
On Mon, Nov 5, 2012 at 2:31 PM, David Brodski da...@brodski.eu wrote:
Thank you for the replay, but I it is not working.
There's about 0 chance
be much
more stress than load them from new.
depends on your cache policy and the update intervals for cached objects.
m.
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
2012/10/13 Oliver Schad oliver.sc...@automatic-server.com
On Fri, 12 Oct 2012 23:28:19 +0200
Michael Schuh michael.sc...@gmail.com wrote:
sounds that the hanging is not a bug but a feature called time
out ?
You mean that the complete GUI doesn't work anymore for hours is a
feature
not help you very much, but thats it.
regards
M.
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
2012/9/14 Michael Schuh michael.sc...@gmail.com
2012/9/14 Vieri rentor...@yahoo.com
Hi,
I'm new to pfSense and FreeBSD. I'm coming from Gentoo Linux and find
FreeBSD to be very attractive and somewhat similar to the Gentoo way.
I have a noob question though. Very general.
Before
__**_
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
- Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
http
/list
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318
2012/7/23 Chris Buechler c...@pfsense.org
On Sun, Jul 22, 2012 at 5:48 PM, Michael Schuh michael.sc...@gmail.com
wrote:
setup an mtr and let it run, watch for packet loss...
This.
i had such behaviour too and it was sourced by an improper routing setup
from the ISP
That's my guess
and the rule for the full access clients.
HTH
greetings
m.
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o
IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman
michael
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318
2012/5/13 bsd b...@todoo.biz
Le 12 mai 2012 à 21:20, Michael Schuh a écrit :
After more investigation, I would rather suggest using
/boot/loader.conf.local and add the following :
cpufreq_load=YES
You also need to add :
kern.timecounter.hardwarei8254
in System
2012/5/13 Michael Schuh michael.sc...@gmail.com
2012/5/13 Ian Levesque i...@crystal.harvard.edu
On May 13, 2012, at 12:38 PM, William D. Armstrong - BSSN wrote:
I use this for access a nfs solaris 11 from another interface.
DMZ LAN
TCP/UDP
2012/5/12 bsd b...@todoo.biz
Le 11 mai 2012 à 19:49, Michael Schuh a écrit :
2012/5/11 bsd b...@todoo.biz
Hi,
I am trying to have PowerD tuned correctly with a Lanner device that I
am resaling.
By default sysctl dev.cpu gives the following :
# sysctl dev.cpu
dev.cpu.0
2012/5/12 Ugo Bellavance u...@lubik.ca
On 2012-05-11 16:14, Michael Schuh wrote:
2012/5/11 Ian Levesque i...@crystal.harvard.edu
mailto:ian@crystal.harvard.**edu i...@crystal.harvard.edu
On May 11, 2012, at 2:52 PM, Ugo Bellavance wrote:
I'd need to have an NFS client access
2012/5/13 Hugo Heykers hugo.heyk...@telenet.be
Op 12-05-12 20:19, Michael Schuh schreef:
2012/5/12 Hugo Heykers hugo.heyk...@telenet.be
Op 11-05-12 19:37, Michael Schuh schreef:
2012/5/11 Scott Ullrich sullr...@gmail.com
On Thu, May 10, 2012 at 9:16 PM, Michael Schuh michael.sc
2012/5/11 Scott Ullrich sullr...@gmail.com
On Thu, May 10, 2012 at 9:16 PM, Michael Schuh michael.sc...@gmail.com
wrote:
Hi@list
i am not sure if somebody else mentioned that before:
...may be a different approach to get pfsense running on UltraSparc:
get the developer version
/Executing_commands_at_boot_time
hth
greetings
m.
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318
- IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318 = = =
___
List mailing list
List@lists.pfsense.org
http
Am 7. April 2012 02:14 schrieb Ugo Bellavance u...@lubik.ca:
On 2012-04-05 16:04, Michael Schuh wrote:
Am 5. April 2012 15:07 schrieb Ugo Bellavance
u...@lubik.ca
mailto:u...@lubik.ca:
On 2012-04-04 17:22, Michael Schuh wrote:
Ok, but are there drawbacks compared
Am 5. April 2012 15:07 schrieb Ugo Bellavance u...@lubik.ca:
On 2012-04-04 17:22, Michael Schuh wrote:
Ok, but are there drawbacks compared to an alias VIP?
In virtual environments you have to take care that the virtual switches
allow/permit this type of traffic. (p.e. on ESX
?
There is some lack of Information to give you any advice.
a Firewall with 2 physical interfaces has only wan and lan, so no lagg
needed?
michael
--
= = = http://michael-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
-schuh.net/ = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil: 0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m
= = = Ust-ID: DE251072318
Am 4. April 2012 15:29 schrieb Ugo Bellavance u...@lubik.ca:
On 2012-04-04 09:19, Michael Schuh wrote:
Am 4. April 2012 14:47 schrieb Ugo Bellavance
u...@lubik.ca
mailto:u...@lubik.ca:
Hi,
Setting up pfsense on a physical server with 2 onboard NICs. The
available bandwidth
62 matches
Mail list logo
