Thanks Victor,
> On Sun, Apr 1, 2018 at 4:46 PM, Olivier Mascia <o...@integral.be> wrote:
>
>> Since I have upgraded 2 HW box and 2 VMs to 2.4.3 I have started seeing
>> such occasionally:
>>
>> 0:40:54 There were error(s) loading the rules: /tmp/rules.debug
onsv6"
Is there a known bug/quirk at work here?
--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Olivier Mascia
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
us 1000v and my CARP works perfectly for my
IPv4 setup. It just is that it never worked with IPv6. Buggy 1000v regarding
VRRP and IPv6, it seems.
--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Olivier Mascia, http://integral.software
_
his matter, to get it right.
Your :::yy81::1234 IP (in the :::yy81::/64 subnet) used
internally will properly be reachable (and appear on outgoing connections) as
:::yy01::1234.
--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Ol
and the way
they deliver IPv4).
Without those notes, the most specific I remember is that packets were coming
in randomly on the master (processing them) and the slave (properly ignoring
them). Just as if the same MAC was seen on both on their OVH side.
--
Best Regards, Meilleures salutations, Met
c, works like a charm.
>
> JC
>
The real issue is that HA setup of a couple of pfSense is impossible with such
an awkward IPv6 setup as OVH imposes to us.
--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Olivier Mascia
> -Original Message---
find this helpful to visually get a big picture on wether my shaping rules are
effective in their triage of the traffic.
--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https
a case.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia (from mobile device), integral.be/om
> Le 26 mai 2016 à 13:03, Olivier Mascia <o...@integral.be> a écrit :
>
> LAN Interface (lan, igb0)
> Statusup
> MAC Address00:
rid of it and get there a proper link-local address?
Reboot does not help.
Downloaded config file, there is no fe80::1:1 anywhere in there.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing l
ble.
It probably is much more expected than a bug, but maybe some wizard here will
have a clever idea (short of changing provider - which is in the plan anyway
but will take months) to overcome this?
Thanks again!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
/ infirm this, it would prove very helpful.
Thanks!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
times)
through the OpenVPN tunnel. The IPv4 is much better served through the IPsec
tunnel (similar speeds both ways, and they're at about 500 Mbps, sometimes a
little bit higher. I know from a previous discussion here why this speed
difference between IPsec and OpenVPN.
Thanks !
--
Meilleures s
groeten, Best Regards,
Olivier Mascia (from mobile device), integral.be/om
> Le 19 mai 2016 à 21:59, Steve Yates <st...@teamits.com> a écrit :
>
> Is there a way to force pfSense to do NAT for IPv6? If so then we could make
> it work. I understand that's not
> Le 19 mai 2016 à 11:29, Renato Botelho <ga...@freebsd.org> a écrit :
>
>> On May 18, 2016, at 20:39, Olivier Mascia <o...@integral.be> wrote:
>>
>> I had switched through the GUI to Branch development snapshots experimental
>> while I was initially
back to Stable branch and indeed offer an 'upgrade' path from whatever snapshot
it was on back or toward the latest REL version? I'm sure it would help some
people, too.
Many thanks for this 2.3.1 bug fix release!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia
> Le 3 mai 2016 à 11:17, Olivier Mascia <o...@integral.be> a écrit :
>
>> Le 3 mai 2016 à 09:49, Chris Buechler <c...@pfsense.com> a écrit :
>>
>>> Or would it be that my BACKUP (according to /status_carp.php) do also
>>> advertise (which it shou
> Le 12 mai 2016 à 11:11, Olivier Mascia <o...@integral.be> a écrit :
>
> Assuming two sites having to use NPt to map IPv6 IP Alias from WAN to
> fd00::/64 like on the LAN.
>
> For instance:
>
> Site A: a:b:c:1000::1/56 is the WAN IPv6. And a:b:c:1001::1
me clues.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
?
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
ps uxawww
USER PID %CPU %MEMVSZ RSS TT STAT STARTED TIME COMMAND
root 11 101.0 0.0 032 - RL 10:48PM 22:34.31 [idle]
root 299 100.0 0.1 1 2504 - RNs
entering the tunnel.
Could this be worked around?
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
w pretty sure they do
something wrong in this regard.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
> Le 4 mai 2016 à 21:13, Steve Yates <st...@teamits.com> a écrit :
>
> "IPv6 does not seem to get proper advertisements from pe
ace, does this prove the
packets embark the tunnel (and so that the issue is on the other end)? Or not?
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.
> Le 3 mai 2016 à 11:17, Olivier Mascia <o...@integral.be> a écrit :
>
>> Le 3 mai 2016 à 09:49, Chris Buechler <c...@pfsense.com> a écrit :
>>
>>> Or would it be that my BACKUP (according to /status_carp.php) do also
>>> advertise (which it shou
ter?
Thanks!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
> Le 2 mai 2016 à 20:24, Olivier Mascia <o...@integral.be> a écrit :
>
> I have a problem with IPv6 on a HA setup.
>
> With IPv4, it is OK.
>
>> IPv4 :
>> VLAN MAC Address TypeAge Po
bit more here. But I'd do well with a gentle
tap on the shoulder from one IPv6 / CARP guru from here... Must be some simple
horrible configuration mistake... or a bug related to CARP IPv6 and in such
case, if I can help gather whatever is needed to debug and fix it...
--
Meilleures salutations, M
vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
incidents purchased along with other pfSense hardware, but this
is not on pfSense hardware but on VMs.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mail
rity release.
>
> https://www.freebsd.org/security/advisories/FreeBSD-SA-16:16.ntp.asc
>
> On May 2, 2016, at 08:54, Olivier Mascia <o...@integral.be> wrote:
>
> The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention of
> it on pfsense.org.
> Co
vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
train along with the IPv4
packets, it'd be perfect. :)
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
> Le 1 mai 2016 à 10:35, Olivier Mascia <o...@integral.be> a écrit :
>
>> That page is a little out of date in one respect: You can't mix traffic
>> with IPsec using IKEv1, but you can with IKEv2. So long as both sides
>> support IKEv2 you can carry IPv6 and IPv4 i
affic can only be carried inside a tunnel which
has IPv6 endpoints, and IPv4 traffic can only be carried over a tunnel using
IPv4 endpoints. A single tunnel cannot carry both types of traffic."
So be it.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, inte
groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
vriendelijke groeten, Best Regards,
Olivier Mascia (from mobile device), integral.be/om
> Le 29 avr. 2016 à 20:45, Jim Thompson <j...@netgate.com> a écrit :
>
> Because OpenVPN uses tun/tap, and there is a HUGE amount of overhead in that.
>
>“HUGGGEEE
salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
> Le 29 avr. 2016 à 19:58, ED Fochler <soek...@liquidbinary.com> a écrit :
>
> On a modern intel system, the intel chip itself (or AMD) has AES128 or better
> implemented in hardware. I get ~7
of the tunnel), and I quite couldn't believe
it.
Could something be wrong?
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support
vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
> Le 29 avr. 2016 à 11:45, Olivier Mascia <o...@integral.be> a écrit :
>
> Dear all,
>
> In case some of you would have an idea what to look for and adjust, here is a
> strange issue I have between two end-poi
ind of idea about what to look for, I'll take whatever you
give me.
Thanks for reading me,
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listi
or missing.
Or have them automatically ordered, first by Type, then Interface and then by
IP (that's just how *I* would order them by hand).
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense
roperly route trafic to
me, I'm happy with what I now currently have. :)
The HA setup looks fine now, well-tuned and I could simulate the loss of one
host and see the traffic persist nicely through the secondary pfSense. Very
nice.
Thanks again,
--
M
> Le 26 avr. 2016 à 00:37, Olivier Mascia <o...@integral.be> a écrit :
>
> It looks like as soon as I bring IPv6 to the party, my secondary starts
> thinking it's MASTER instead of BACKUP. Sometimes on the WAN side, sometimes
> on the LAN, sometimes both. Quite hard t
, are there
known-bugs or other kind of difficulties in having H.A. along with IPv4 and
IPv6?
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman
écrit :
> Did you change the OpenVPN configured Interface to be the VIP rather than the
> WAN?
No, I didn't. :( That was the stupid mistake I was looking after.
Thank you Brady and Travis.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
for me having made that mistake. :)
I'll check back later today, but chances are the fault is there.
Thanks!!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.or
?
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
> Le 25 avr. 2016 à 00:34, Olivier Mascia <o...@integral.be> a écrit :
>
> /xmlrpc.php: webConfigurator authentication error for 'admin' from 172.16.0.2
> during sync settings.
>
> The user setup on the primary firewall is not 'admin'. So if the secondary
> attemp
.
This is 2.3-REL, I think I did not write that.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
> Le 24 avr. 2016 à 23:40, Olivier Mascia <o...@integral.be> a écrit :
>
> Hello,
>
> Are there limitations (password leng
using the same protocol and port as this system - make sure the remote system's
port and protocol are set accordingly!" and took care that both are identical.
A bit puzzled.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier M
network to
> you as they must be for it to be usable inside your network. ISP
> issue.
Thanks, that's clear.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsen
ighbor
solicitation, who has x:y:z:d801::1, length 32
23:35:51.411220 IP6 fe80::aa0c:dff:fe44:dc78 > ff02::1:ff00:1: ICMP6, neighbor
solicitation, who has x:y:z:d801::1, length 32
If someone with (easily) much better inner knowledge of IPv6 specifics (than
me) has an idea... Thanks!!
--
Meilleures s
0]
[2a00:1450:4007:808::2003]ICMPv6
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
>
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
> Sent: Wednesday, April 2
couldn't be awfully wrong somewhere. So what obvious
detail am I overlooking here? If you have any idea?
This is 2.3-RELEASE by the way. Other boxes (on other networks) are still 2.2.x.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mas
dual virtualized pfSense
(with affinity on different hosts), would be lighter than using vmware Fault
Tolerance. That will be next week tests.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pf
into account any past
traffic?
When trying to assess the effectiveness of some settings, getting a more
instantaneous queues usage might be more useful. Well, I think so.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
segmentation offloading and large receive offloading are
disabled. Would it make sense to enable those?
Thanks for any insight you might want to share.
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
CDT 2016
FreeBSD 10.3-RELEASE
The system is on the latest version.
"
Thanks!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
s!
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
with the install. So if I could spare some time for other
things, it's be nice even if not 'perfect' way to proceed.)
Thanks,
--
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om
___
pfSense mailing list
Met vriendelijke groeten,
Best Regards. Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
first need to setup a development environment en BSD, then I should
be flying?
Are there some recommended guidelines for porting and debugging (if needed)
things to the specific BSD environment of pfSense 2.2x?
--
Meilleures salutations, Met vriendelijke groeten,
Best Regards. Olivier Mascia
Free Radius to play with. pfSense
> has a package for that which might be worth looking into.
>
> Cheers
> Jon
Thanks a lot John. Lots of good ideas here around RADIUS.
I completely overlooked that OpenVPN could use it.
Will investigate all these options.
--
Meilleures salutatio
groeten,
Best Regards. Olivier Mascia, integral.be/om
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
of my
DNS server for the page to accept saving. Seems strange in this IPv6 context to
have to do that. I intuitively tried first with its IPv6 address and I
couldn't save.
--
Meilleures salutations, Met vriendelijke groeten,
Best Regards. Olivier Mascia, inte
AN and OPT1.
Are these behaviors confirmed by other people?
(The doubling (more or less) on Root queue lines, I only have seen them with
CBQ setups, as far as I remember.)
--
Meilleures salutations, Met vriendelijke groeten,
Best Regards. Olivier Mascia, integral.be/om
__
ce.
You will have to either move the exported config file through iTunes/USB or
send it to yourself by email (much less secure of course), in order to import
it in the App and then use it.
--
Meilleures salutations, Met vriendelijke groeten,
Best Regards. Olivier Mascia, integral.be/om
Hello,
Regarding this: https://redmine.openinfosecfoundation.org/issues/1445
Could we get the Suricata package available for pfSense, built with the
discussed and apparently tested PPPoE fix, without waiting for Suricata 2.1 to
get out of beta?
Thanks!
__
Olivier Mascia
integral.be/om
for...
Thanks!
__
Olivier Mascia
integral.be/om
Le 23 avr. 2015 à 11:15, Olivier Mascia o...@integral.be a écrit :
Dear all,
As I remember when I started using pfSense (back at 2.0) I could make a sense
of the dynamic view Status - Traffic shaper - Queues. I could watch my voip
queue
more sensibe values.
Is there some known defect there? Or is this a known symptom for something
terribly ill-configured on my side in the traffic shaper?
Thanks for sharing your thoughts or experiences on the matter.
Best regards,
__
Olivier Mascia
integral.be/om
On Nov 5, 2014 8:39 AM, Olivier Mascia o...@integral.be
mailto:o...@integral.be wrote:
Hello,
Checking the logs, I get 5 or 6 errors ...
I expect that clearing whatever past data there is might help clean the
error. What steps should I take to reset this?
Le 5 nov. 2014 à 23:41
an idea or a hint to share, that'd be friendly.
Thanks!
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
IP (I currently have fe80::215:17ff:fe16:18dc%em4) and
the gateway is currently fe80::207:7dff:fe56:5900%pppoe0.
This kind of setup has always worked until my 2.1.3-2.1.4 upgrade this morning.
:(
__
Olivier Mascia
tipgroup.com/om
Le 8 juil. 2014 à 19:49, b...@todoo.biz a écrit :
One more
Mascia
tipgroup.com/om
Le 9 juil. 2014 à 11:55, Olivier Mascia o...@integral.be a écrit :
The NOT so funny thing is that following this discussion it came to my
attention that I was still running 2.1.3.
I upgraded to 2.1.4 this morning.
Nothing else changed in the configuration : packets do
://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt:
216.14.64.0/20
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
to enter multiple pairs of a type and a value, which
with example would be:
IP 192.168.3.7
IP fe80::1234:1234:1234:abcd
DNS localhost
DNS *.mydomain.top
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
!
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
, either LAN or WAN side.
To my understanding, I'm then just fine set, with the added 'pingability' from
the WAN (albeit on ICMPv6 only, not ICMPv4 which is blocked by default rules).
If I'm wrong and still have understood something wrong, I'll gladly stand
corrected.
Thanks!
__
Olivier Mascia
Le 21 mai 2014 à 16:09, Paul Beriswill paul.berisw...@pdfcomplete.com a écrit
:
On 05/19/2014 01:14 PM, Olivier Mascia wrote:
pfSense 2.1.3
Would it be possible to write rules filtering on one (or all) of the gateway
addresses?
For instance, using the gateway names as an ALIAS
pfSense 2.1.3
Would it be possible to write rules filtering on one (or all) of the gateway
addresses?
For instance, using the gateway names as an ALIAS.
Or creating an ALIAS whose value is resolved to this or that gateway or all
gateway addresses.
__
Olivier Mascia
tipgroup.com/om
specific rules as specific types to block
or allow?
Are there other documentation on ICMPv6 filtering, without dropping essential
functionality, in the specific context of pfSense 2.1.x?
Thanks !
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
Le 8 mai 2014 à 12:37, Mark Tinka mark.ti...@seacom.mu a écrit :
On Thursday, May 08, 2014 12:25:54 PM Olivier Mascia wrote:
Are there other documentation on ICMPv6 filtering,
without dropping essential functionality, in the
specific context of pfSense 2.1.x?
My personal opinion, we
.
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
).
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
.
Thanks for pointers,
Regards,
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
can
loose the data, but I would like to clean this error condition anyway.
Does anybody have pointers to me?
Thanks a lot,
__
Olivier Mascia
tipgroup.com/om
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
Le 8 oct. 2013 à 16:45, Jim Pingle li...@pingle.org a écrit :
On 10/7/2013 9:21 AM, Olivier Mascia wrote:
Have you an idea what I should look for about this issue (see linked
print-screen)?
All my OpenVPN services report an error contacting the daemon, both on
the status page (as in print
-10-07%20%C3%A0%2015.15.11.png
Thanks !
__
Olivier Mascia
integral.be
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
Le 17 sept. 2013 à 00:32, Olivier Mascia o...@tipgroup.com a écrit :
I have been using 2.01 for about 2 years.
Just upgraded to 2.10.
This an amd64 full install.
I’m seeing high-cpu usage (which was in the past 1 or 2%) and I can
further verify that /usr/local/bin/check_reload is eating
a multi-core system.
What should I further check to narrow down the issue?
Thanks for any ideas.
__
Olivier Mascia
integral.be
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
Le 16 sept. 2013 à 14:33, Olivier Mascia o...@tipgroup.com a écrit :
I have been using 2.01 for about 2 years.
Just upgraded to 2.10.
This an amd64 full install.
I’m seeing high-cpu usage (which was in the past 1 or 2%) and I can further
verify that /usr/local/bin/check_reload is eating
,
—
Olivier Mascia
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
91 matches
Mail list logo