Re: [pfSense] 2.4.3 - cannot define table bogonsv6

Thanks Victor, > On Sun, Apr 1, 2018 at 4:46 PM, Olivier Mascia <o...@integral.be> wrote: > >> Since I have upgraded 2 HW box and 2 VMs to 2.4.3 I have started seeing >> such occasionally: >> >> 0:40:54 There were error(s) loading the rules: /tmp/rules.debug

[pfSense] 2.4.3 - cannot define table bogonsv6

onsv6" Is there a known bug/quirk at work here? -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Olivier Mascia ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPv6 problem at OVH

us 1000v and my CARP works perfectly for my IPv4 setup. It just is that it never worked with IPv6. Buggy 1000v regarding VRRP and IPv6, it seems. -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Olivier Mascia, http://integral.software _

Re: [pfSense] IPv6 problem at OVH

his matter, to get it right. Your :::yy81::1234 IP (in the :::yy81::/64 subnet) used internally will properly be reachable (and appear on outgoing connections) as :::yy01::1234. -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Ol

Re: [pfSense] IPv6 problem at OVH

and the way they deliver IPv4). Without those notes, the most specific I remember is that packets were coming in randomly on the master (processing them) and the slave (properly ignoring them). Just as if the same MAC was seen on both on their OVH side. -- Best Regards, Meilleures salutations, Met

Re: [pfSense] IPv6 problem at OVH

c, works like a charm. > > JC > The real issue is that HA setup of a couple of pfSense is impossible with such an awkward IPv6 setup as OVH imposes to us. -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Olivier Mascia > -Original Message---

[pfSense] /status_queues.php: amortised/smoothed values?

find this helpful to visually get a big picture on wether my shaping rules are effective in their triage of the traffic. -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Olivier Mascia, integral.be/om ___ pfSense mailing list https

Re: [pfSense] Strange fe80::1:1 link-local address on LAN interface

a case. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia (from mobile device), integral.be/om > Le 26 mai 2016 à 13:03, Olivier Mascia <o...@integral.be> a écrit : > > LAN Interface (lan, igb0) > Statusup > MAC Address00:

[pfSense] Strange fe80::1:1 link-local address on LAN interface

rid of it and get there a proper link-local address? Reboot does not help. Downloaded config file, there is no fe80::1:1 anywhere in there. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing l

Re: [pfSense] Aliases on IPv6 CARP, are they known to be working? Or could there be a bug?

ble. It probably is much more expected than a bug, but maybe some wizard here will have a clever idea (short of changing provider - which is in the plan anyway but will take months) to overcome this? Thanks again! -- Meilleures salutations, Met vriendelijke groeten, Best Regards,

[pfSense] Aliases on IPv6 CARP, are they known to be working? Or could there be a bug?

/ infirm this, it would prove very helpful. Thanks! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold

Re: [pfSense] Why can't we define a point-to-point OpenVPN using only IPv6?

times) through the OpenVPN tunnel. The IPv4 is much better served through the IPsec tunnel (similar speeds both ways, and they're at about 500 Mbps, sometimes a little bit higher. I know from a previous discussion here why this speed difference between IPsec and OpenVPN. Thanks ! -- Meilleures s

Re: [pfSense] IPv6 with Comcast and two pfSense - invalid prefix length, XID mismatch

groeten, Best Regards, Olivier Mascia (from mobile device), integral.be/om > Le 19 mai 2016 à 21:59, Steve Yates <st...@teamits.com> a écrit : > > Is there a way to force pfSense to do NAT for IPv6? If so then we could make > it work. I understand that's not

Re: [pfSense] Switching from 2.3.1 DEV to 2.3.1 REL ?

> Le 19 mai 2016 à 11:29, Renato Botelho <ga...@freebsd.org> a écrit : > >> On May 18, 2016, at 20:39, Olivier Mascia <o...@integral.be> wrote: >> >> I had switched through the GUI to Branch development snapshots experimental >> while I was initially

[pfSense] Switching from 2.3.1 DEV to 2.3.1 REL ?

back to Stable branch and indeed offer an 'upgrade' path from whatever snapshot it was on back or toward the latest REL version? I'm sure it would help some people, too. Many thanks for this 2.3.1 bug fix release! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

> Le 3 mai 2016 à 11:17, Olivier Mascia <o...@integral.be> a écrit : > >> Le 3 mai 2016 à 09:49, Chris Buechler <c...@pfsense.com> a écrit : >> >>> Or would it be that my BACKUP (according to /status_carp.php) do also >>> advertise (which it shou

Re: [pfSense] NPt and IPsec on pfSense

> Le 12 mai 2016 à 11:11, Olivier Mascia <o...@integral.be> a écrit : > > Assuming two sites having to use NPt to map IPv6 IP Alias from WAN to > fd00::/64 like on the LAN. > > For instance: > > Site A: a:b:c:1000::1/56 is the WAN IPv6. And a:b:c:1001::1

[pfSense] NPt and IPsec on pfSense

me clues. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3-REL check_reload_status high cpu load

? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ps uxawww USER PID %CPU %MEMVSZ RSS TT STAT STARTED TIME COMMAND root 11 101.0 0.0 032 - RL 10:48PM 22:34.31 [idle] root 299 100.0 0.1 1 2504 - RNs

[pfSense] HA setup (CARP) + IPv6 + NPt ?

entering the tunnel. Could this be worked around? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

w pretty sure they do something wrong in this regard. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 4 mai 2016 à 21:13, Steve Yates <st...@teamits.com> a écrit : > > "IPv6 does not seem to get proper advertisements from pe

[pfSense] How to debug an IPv6 phase2 over IPsec (IKEv2) IPv4 phase1?

ace, does this prove the packets embark the tunnel (and so that the issue is on the other end)? Or not? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

> Le 3 mai 2016 à 11:17, Olivier Mascia <o...@integral.be> a écrit : > >> Le 3 mai 2016 à 09:49, Chris Buechler <c...@pfsense.com> a écrit : >> >>> Or would it be that my BACKUP (according to /status_carp.php) do also >>> advertise (which it shou

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

ter? Thanks! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

> Le 2 mai 2016 à 20:24, Olivier Mascia <o...@integral.be> a écrit : > > I have a problem with IPv6 on a HA setup. > > With IPv4, it is OK. > >> IPv4 : >> VLAN MAC Address TypeAge Po

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

bit more here. But I'd do well with a gentle tap on the shoulder from one IPv6 / CARP guru from here... Must be some simple horrible configuration mistake... or a bug related to CARP IPv6 and in such case, if I can help gather whatever is needed to debug and fix it... -- Meilleures salutations, M

[pfSense] 2.3-REL /diag_packet_capture.php - bug or misleading behavior

vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

incidents purchased along with other pfSense hardware, but this is not on pfSense hardware but on VMs. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mail

Re: [pfSense] 2.3_1 ?

rity release. > > https://www.freebsd.org/security/advisories/FreeBSD-SA-16:16.ntp.asc > > On May 2, 2016, at 08:54, Olivier Mascia <o...@integral.be> wrote: > > The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention of > it on pfsense.org. > Co

[pfSense] 2.3_1 ?

vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPsec: tunneling both IPv4 and IPv6 between two sites

train along with the IPv4 packets, it'd be perfect. :) -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPsec: tunneling both IPv4 and IPv6 between two sites

> Le 1 mai 2016 à 10:35, Olivier Mascia <o...@integral.be> a écrit : > >> That page is a little out of date in one respect: You can't mix traffic >> with IPsec using IKEv1, but you can with IKEv2. So long as both sides >> support IKEv2 you can carry IPv6 and IPv4 i

Re: [pfSense] IPsec: tunneling both IPv4 and IPv6 between two sites

affic can only be carried inside a tunnel which has IPv6 endpoints, and IPv4 traffic can only be carried over a tunnel using IPv4 endpoints. A single tunnel cannot carry both types of traffic." So be it. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, inte

[pfSense] IPsec: tunneling both IPv4 and IPv6 between two sites

groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPsec - how to assess encryption is active?

vriendelijke groeten, Best Regards, Olivier Mascia (from mobile device), integral.be/om > Le 29 avr. 2016 à 20:45, Jim Thompson <j...@netgate.com> a écrit : > > Because OpenVPN uses tun/tap, and there is a HUGE amount of overhead in that. > >“HUGGGEEE

Re: [pfSense] IPsec - how to assess encryption is active?

salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 29 avr. 2016 à 19:58, ED Fochler <soek...@liquidbinary.com> a écrit : > > On a modern intel system, the intel chip itself (or AMD) has AES128 or better > implemented in hardware. I get ~7

[pfSense] IPsec - how to assess encryption is active?

of the tunnel), and I quite couldn't believe it. Could something be wrong? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support

Re: [pfSense] Debugging a bi-directional speed discrepancy through an OpenVPN tunnel --> IPsec

vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 29 avr. 2016 à 11:45, Olivier Mascia <o...@integral.be> a écrit : > > Dear all, > > In case some of you would have an idea what to look for and adjust, here is a > strange issue I have between two end-poi

[pfSense] Debugging a bi-directional speed discrepancy through an OpenVPN tunnel

ind of idea about what to look for, I'll take whatever you give me. Thanks for reading me, -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listi

[pfSense] GUI /firewall_virtual_ip.php - reordering them?

or missing. Or have them automatically ordered, first by Type, then Interface and then by IP (that's just how *I* would order them by hand). -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense

Re: [pfSense] CARP and both IPv4 and IPv6: do they live together?

roperly route trafic to me, I'm happy with what I now currently have. :) The HA setup looks fine now, well-tuned and I could simulate the loss of one host and see the traffic persist nicely through the secondary pfSense. Very nice. Thanks again, -- M

Re: [pfSense] CARP and both IPv4 and IPv6: do they live together?

> Le 26 avr. 2016 à 00:37, Olivier Mascia <o...@integral.be> a écrit : > > It looks like as soon as I bring IPv6 to the party, my secondary starts > thinking it's MASTER instead of BACKUP. Sometimes on the WAN side, sometimes > on the LAN, sometimes both. Quite hard t

[pfSense] CARP and both IPv4 and IPv6: do they live together?

, are there known-bugs or other kind of difficulties in having H.A. along with IPv4 and IPv6? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman

Re: [pfSense] HA and OpenVPN

écrit : > Did you change the OpenVPN configured Interface to be the VIP rather than the > WAN? No, I didn't. :( That was the stupid mistake I was looking after. Thank you Brady and Travis. -- Meilleures salutations, Met vriendelijke groeten, Best Regards,

Re: [pfSense] HA and OpenVPN

for me having made that mistake. :) I'll check back later today, but chances are the fault is there. Thanks!! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.or

[pfSense] HA and OpenVPN

? -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] XMLRPC sync - user/password limitations? And a possible bug regarding 'admin' user

> Le 25 avr. 2016 à 00:34, Olivier Mascia <o...@integral.be> a écrit : > > /xmlrpc.php: webConfigurator authentication error for 'admin' from 172.16.0.2 > during sync settings. > > The user setup on the primary firewall is not 'admin'. So if the secondary > attemp

Re: [pfSense] XMLRPC sync - user/password limitations? And a possible bug regarding 'admin' user

. This is 2.3-REL, I think I did not write that. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 24 avr. 2016 à 23:40, Olivier Mascia <o...@integral.be> a écrit : > > Hello, > > Are there limitations (password leng

[pfSense] HA: XMLRPC sync - user/password limitations?

using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly!" and took care that both are identical. A bit puzzled. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier M

Re: [pfSense] IPV6 WAN/LAN routing

network to > you as they must be for it to be usable inside your network. ISP > issue. Thanks, that's clear. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsen

Re: [pfSense] IPV6 WAN/LAN routing

ighbor solicitation, who has x:y:z:d801::1, length 32 23:35:51.411220 IP6 fe80::aa0c:dff:fe44:dc78 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has x:y:z:d801::1, length 32 If someone with (easily) much better inner knowledge of IPv6 specifics (than me) has an idea... Thanks!! -- Meilleures s

Re: [pfSense] IPV6 WAN/LAN routing

0] [2a00:1450:4007:808::2003]ICMPv6 -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia > Sent: Wednesday, April 2

[pfSense] IPV6 WAN/LAN routing

couldn't be awfully wrong somewhere. So what obvious detail am I overlooking here? If you have any idea? This is 2.3-RELEASE by the way. Other boxes (on other networks) are still 2.2.x. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mas

Re: [pfSense] pfSense on vmware ESXi 6.0

dual virtualized pfSense (with affinity on different hosts), would be lighter than using vmware Fault Tolerance. That will be next week tests. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pf

[pfSense] Status - Queues: is that a moving average on the last X minutes?

into account any past traffic? When trying to assess the effectiveness of some settings, getting a more instantaneous queues usage might be more useful. Well, I think so. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om

[pfSense] pfSense on vmware ESXi 6.0

segmentation offloading and large receive offloading are disabled. Would it make sense to enable those? Thanks for any insight you might want to share. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om

Re: [pfSense] 2.3.1 -> 2.3 ?

CDT 2016 FreeBSD 10.3-RELEASE The system is on the latest version. " Thanks! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] vmware tools

s! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.3.1 -> 2.3 ?

with the install. So if I could spare some time for other things, it's be nice even if not 'perfect' way to proceed.) Thanks, -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list

Re: [pfSense] OpenVPN and TOTP?

Met vriendelijke groeten, Best Regards. Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] github.com/google/google-authenticator/ on pfSense 2.2x

first need to setup a development environment en BSD, then I should be flying? Are there some recommended guidelines for porting and debugging (if needed) things to the specific BSD environment of pfSense 2.2x? -- Meilleures salutations, Met vriendelijke groeten, Best Regards. Olivier Mascia

Re: [pfSense] OpenVPN and TOTP?

Free Radius to play with. pfSense > has a package for that which might be worth looking into. > > Cheers > Jon Thanks a lot John. Lots of good ideas here around RADIUS. I completely overlooked that OpenVPN could use it. Will investigate all these options. -- Meilleures salutatio

[pfSense] OpenVPN and TOTP?

groeten, Best Regards. Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] DHCPv6 - Dynamic DNS

of my DNS server for the page to accept saving. Seems strange in this IPv6 context to have to do that. I intuitively tried first with its IPv6 address and I couldn't save. -- Meilleures salutations, Met vriendelijke groeten, Best Regards. Olivier Mascia, inte

[pfSense] Status - Traffic Shaper - Queues

AN and OPT1. Are these behaviors confirmed by other people? (The doubling (more or less) on Root queue lines, I only have seen them with CBQ setups, as far as I remember.) -- Meilleures salutations, Met vriendelijke groeten, Best Regards. Olivier Mascia, integral.be/om __

Re: [pfSense] client VPN on IOS

ce. You will have to either move the exported config file through iTunes/USB or send it to yourself by email (much less secure of course), in order to import it in the App and then use it. -- Meilleures salutations, Met vriendelijke groeten, Best Regards. Olivier Mascia, integral.be/om

[pfSense] Suricate package with fixed PPPoE support?

Hello, Regarding this: https://redmine.openinfosecfoundation.org/issues/1445 Could we get the Suricata package available for pfSense, built with the discussed and apparently tested PPPoE fix, without waiting for Suricata 2.1 to get out of beta? Thanks! __ Olivier Mascia integral.be/om

Re: [pfSense] 2.2.2 - Status - Traffic shaper - Queues

for... Thanks! __ Olivier Mascia integral.be/om Le 23 avr. 2015 à 11:15, Olivier Mascia o...@integral.be a écrit : Dear all, As I remember when I started using pfSense (back at 2.0) I could make a sense of the dynamic view Status - Traffic shaper - Queues. I could watch my voip queue

[pfSense] 2.2.2 - Status - Traffic shaper - Queues

more sensibe values. Is there some known defect there? Or is this a known symptom for something terribly ill-configured on my side in the traffic shaper? Thanks for sharing your thoughts or experiences on the matter. Best regards, __ Olivier Mascia integral.be/om

Re: [pfSense] 2.1.5: RRD: There has been an error creating the graphs.

On Nov 5, 2014 8:39 AM, Olivier Mascia o...@integral.be mailto:o...@integral.be wrote: Hello, Checking the logs, I get 5 or 6 errors ... I expect that clearing whatever past data there is might help clean the error. What steps should I take to reset this? Le 5 nov. 2014 à 23:41

[pfSense] 2.1.5: RRD: There has been an error creating the graphs.

an idea or a hint to share, that'd be friendly. Thanks! __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] PFS 2.1.4 -- IPv6 with PPPoE (worked until 2.1.3)

IP (I currently have fe80::215:17ff:fe16:18dc%em4) and the gateway is currently fe80::207:7dff:fe56:5900%pppoe0. This kind of setup has always worked until my 2.1.3-2.1.4 upgrade this morning. :( __ Olivier Mascia tipgroup.com/om Le 8 juil. 2014 à 19:49, b...@todoo.biz a écrit : One more

Re: [pfSense] PFS 2.1.4 -- IPv6 with PPPoE (worked until 2.1.3)

Mascia tipgroup.com/om Le 9 juil. 2014 à 11:55, Olivier Mascia o...@integral.be a écrit : The NOT so funny thing is that following this discussion it came to my attention that I was still running 2.1.3. I upgraded to 2.1.4 this morning. Nothing else changed in the configuration : packets do

Re: [pfSense] Bogon List

://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt: 216.14.64.0/20 __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Web GUI certs

to enter multiple pairs of a type and a value, which with example would be: IP 192.168.3.7 IP fe80::1234:1234:1234:abcd DNS localhost DNS *.mydomain.top __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

! __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

, either LAN or WAN side. To my understanding, I'm then just fine set, with the added 'pingability' from the WAN (albeit on ICMPv6 only, not ICMPv4 which is blocked by default rules). If I'm wrong and still have understood something wrong, I'll gladly stand corrected. Thanks! __ Olivier Mascia

Re: [pfSense] Filtering on source == gateway addresses

Le 21 mai 2014 à 16:09, Paul Beriswill paul.berisw...@pdfcomplete.com a écrit : On 05/19/2014 01:14 PM, Olivier Mascia wrote: pfSense 2.1.3 Would it be possible to write rules filtering on one (or all) of the gateway addresses? For instance, using the gateway names as an ALIAS

[pfSense] Filtering on source == gateway addresses

pfSense 2.1.3 Would it be possible to write rules filtering on one (or all) of the gateway addresses? For instance, using the gateway names as an ALIAS. Or creating an ALIAS whose value is resolved to this or that gateway or all gateway addresses. __ Olivier Mascia tipgroup.com/om

[pfSense] ICMPv6 filtering recommendations with pfSense?

specific rules as specific types to block or allow? Are there other documentation on ICMPv6 filtering, without dropping essential functionality, in the specific context of pfSense 2.1.x? Thanks ! __ Olivier Mascia tipgroup.com/om ___ List mailing list

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

Le 8 mai 2014 à 12:37, Mark Tinka mark.ti...@seacom.mu a écrit : On Thursday, May 08, 2014 12:25:54 PM Olivier Mascia wrote: Are there other documentation on ICMPv6 filtering, without dropping essential functionality, in the specific context of pfSense 2.1.x? My personal opinion, we

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

. __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

). __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

[pfSense] High cpu on check_reload_status

. Thanks for pointers, Regards, __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

[pfSense] RRD: 'There has been an error creating the graphs.' - how could I clear this?

can loose the data, but I would like to clean this error condition anyway. Does anybody have pointers to me? Thanks a lot, __ Olivier Mascia tipgroup.com/om ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 2.1 - strange minor issue with OpenVPN

Le 8 oct. 2013 à 16:45, Jim Pingle li...@pingle.org a écrit : On 10/7/2013 9:21 AM, Olivier Mascia wrote: Have you an idea what I should look for about this issue (see linked print-screen)? All my OpenVPN services report an error contacting the daemon, both on the status page (as in print

[pfSense] 2.1 - strange minor issue with OpenVPN

-10-07%20%C3%A0%2015.15.11.png Thanks ! __ Olivier Mascia integral.be ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] /usr/local/bin/check_reload_status eating 100% cpu?

Le 17 sept. 2013 à 00:32, Olivier Mascia o...@tipgroup.com a écrit : I have been using 2.01 for about 2 years. Just upgraded to 2.10. This an amd64 full install. I’m seeing high-cpu usage (which was in the past 1 or 2%) and I can further verify that /usr/local/bin/check_reload is eating

[pfSense] /usr/local/bin/check_reload_status eating 100% cpu?

a multi-core system. What should I further check to narrow down the issue? Thanks for any ideas. __ Olivier Mascia integral.be ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] /usr/local/bin/check_reload_status eating 100% cpu?

Le 16 sept. 2013 à 14:33, Olivier Mascia o...@tipgroup.com a écrit : I have been using 2.01 for about 2 years. Just upgraded to 2.10. This an amd64 full install. I’m seeing high-cpu usage (which was in the past 1 or 2%) and I can further verify that /usr/local/bin/check_reload is eating

[pfSense] 2.01 / 2.1 - Email alerting on unsuccessful login ?

, — Olivier Mascia ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list