It entirely depends on the hardware you use for pfSense as to how much load
it can handle. I for one, push a sustained 60-70Mbps, with bursts of
120Mbps or more on a fairly hefty Xeon 64-bit server with 16GB of RAM. I
have mostly simple rules, several IPSec and OpenVPN endpoints, and about 8
On Wed, Aug 14, 2013 at 7:07 AM, pratap koppal pratap.kop...@gmail.comwrote:
My head office and along with two branch office deployed with pfsense.
Head Office and one of Branch office deployed with PFsense 2.0.1, and other
branch office PFsense 2.0.3. My branch offices are linked with HO
On Mon, Aug 19, 2013 at 12:12 PM, pratap koppal pratap.kop...@gmail.comwrote:
Im using openvpn as site to site, still im facing same problem as
mentioned.
On the home office, configure your OpenVPN to listen on all interfaces, not
just one of the WAN links. Then have the remote offices just
On Thu, Aug 8, 2013 at 3:44 PM, lar...@angelichost.net wrote:
Side question: are there iPhone/iPad/Android apps that will allow VPN
access so I can get into the management interfaces while on the road?
Yes. The built-in cisco ipsec client on iOS works great with pfSense,
following these
On Wed, Jul 17, 2013 at 9:16 AM, Peter Milazzo
peter.mila...@somersetcapital.com wrote:
there. So there is already an IPsec tunnel running (which I disable)
and 2 WAN connections using gateway group for failover. Could there be
some sort of conflict with the IPsec even though I disable it?
On Mon, Jul 8, 2013 at 5:45 AM, Adrian Zaugg a...@ente.limmat.ch wrote:
Whatever slow hardware I may have, it should work steady, but maybe just
slower. And in my opinion the slave should take over completely not just
the LAN interface, but that's another discussion.
I agree with this
On Wed, Jul 3, 2013 at 5:45 PM, Adrian Zaugg a...@ente.limmat.ch wrote:
In our network there are two gateways configured with CARP. It runs all
well, as it should, except if I produce heavy load, something like
80-100MByte/s on the gateway, CARP switches (just) the LAN interface of
the master
On Thu, May 23, 2013 at 11:17 AM, Peter Milazzo
peter.mila...@somersetcapital.com wrote:
My questions are, do I need to setup a second IPsec tunnel for the cable
connection (which I believe you can't do) if it fails over and what will
the routing look like? Is there a better way to set this
On Thu, May 23, 2013 at 11:42 AM, Chris Bagnall
pfse...@lists.minotaur.ccwrote:
I wonder if you could, for example, create two OpenVPN connections which
run at all times - WAN1 to WAN1 and WAN2 to WAN2, then load balance or
failover between those?
Still, what happens if site 1 wan1 goes
On Mon, Apr 29, 2013 at 10:51 AM, Oliver Hansen oliver.han...@gmail.comwrote:
I'm also interested in a solution for this. I also have a VPN provider
that uses OpenVPN. I tried to set up some policy routes after adding the
OpenVPN connection but I didn't have much luck.
I'm pretty sure the
On Wed, Apr 24, 2013 at 10:36 AM, eyobe kebede e...@dbu.edu.et wrote:
public ip 197.156.75.54 our side and 197.156.75.53 ISP side
Well, now you have just shared some new information.
Try this: set your public IP to 197.156.75.54 and the default route to the
.53 address, and the netmask to
On Sat, Apr 20, 2013 at 5:46 AM, eyobe kebede e...@dbu.edu.et wrote:
but 10.134.192.154 is the WAN ip and 10.130.42.65 is default gate way
Given that 10.134.192.154 is your WAN IP, and the netmask they gave you is
255.255.255.252, the *ONLY* other IP you can directly reach is
10.134.192.153.
On Tue, Apr 16, 2013 at 8:48 AM, James Bensley jwbens...@gmail.com wrote:
Does anyone have any ideas about some sort of no preempt option for
CARP so that if the master fails, and everything switches over to the
You would need to adjust the advskew on the old master to be higher than
that of
to the firewall device.
https://github.com/postwait/vippy
On Tue, Apr 16, 2013 at 10:41 AM, James Bensley jwbens...@gmail.com wrote:
On 16 April 2013 14:41, Vick Khera vi...@khera.org wrote:
There is no election protocol where they are considered equal and
defer to
the other if it is up
On Sat, Apr 13, 2013 at 3:58 PM, James Bensley jwbens...@gmail.com wrote:
If I am connect to a LAN host from outside using SSH for example, and
I pull out the master, my SSH sessions stops working. Do the boxes not
sync NAT tables and states etc? I loose any active TCP connections.
I had
On Tue, Apr 9, 2013 at 3:49 AM, eyobe kebede e...@dbu.edu.et wrote:
to 197.156.75.54 and default gateway of 10.130.42.65
As Luis points out, this makes no sense. What is the netmask they told you
to use for the WAN address? The gateway must be within that network block
defined by the netmask
On Tue, Apr 9, 2013 at 11:19 AM, Jim Pingle li...@pingle.org wrote:
His ISP may have just forgotten to give him the proper gateway. But on
the outside chance they really do expect him to use that 10.x address as
the gateway, it may still be possible.
http://redmine.pfsense.org/issues/972
On Tue, Mar 5, 2013 at 3:57 AM, may...@maykel.sytes.net wrote:
Hi, I need configure the pfsense for output traffic WAN1, but when WAN1
down I like redirect traffic to WAN2 and viceversa. I like only use WAN1
for activity connections and if WAN1 down, the traffic redirect to WAN2.
I have 2
On Tue, Feb 26, 2013 at 7:49 AM, Luiz Gustavo Costa
luizgust...@luizgustavo.pro.br wrote:
I have worked in the Samba4 package for pfsense, not only act as a
domain member, but also act as a domain controller and i see this as an
opportunity to extend the pfsense to be more than a firewall and
On Wed, Feb 6, 2013 at 5:10 PM, Moshe Katz mo...@ymkatz.net wrote:
I saw this today and figured I would bring it to everyone's attention. I
figured that there are definitely people on this list who use Intel NICs
that are affected and may have just the right traffic to trigger the
problem.
On Mon, Jan 7, 2013 at 7:46 PM, WolfSec-Support supp...@wolfsec.ch wrote:
any hint will be welcome
You want your pfSense boxes to be mostly identical, and symmetrically
configured. That is, you want BOTH ISPs connected to both firewall boxes,
and have them share the inbound gateway route via
On Tue, Nov 20, 2012 at 4:58 AM, Eugen Leitl eu...@leitl.org wrote:
~85 Mbps max. Not going to fill a 100 Mb pipe, but will work.
Thanks, that will do plenty.
I think you will find it barely handling that load. Will you have any VPN
connections or a lot of firewall rules? We were unable to
I believe it depends on the client. For example, the when i used
ipsecuritas on the mac, it only routed the VPN destination thru the
vpn. the IPsec client on iOS routes all traffic via the VPN.
On Thu, Oct 11, 2012 at 12:45 AM, Luis Carrión luic...@gmail.com wrote:
Heloo folks,
Just a
On Wed, Oct 3, 2012 at 5:48 AM, Raúl Sampedro
raul.sampe...@grupocarreras.com wrote:
App embebed in IOS.
And these are the right instructions, step-by-step.
http://forum.pfsense.org/index.php?PHPSESSID=eqvfsk9c6dar52lncgb39gc0s7/topic,24752.msg130558/topicseen.html#msg130558
The only thing I
On Tue, Sep 11, 2012 at 8:40 AM, Pedro Serotto pedro.sero...@yahoo.eswrote:
which value do you usually set in pfsync Synchronize Peer IP ?
The other peer pfsync ip address ?
Is it right to leave empty ?
When I set this up with a dedicated NIC just for the pfsync, I left it
blank as hinted on
On Tue, Sep 11, 2012 at 9:36 AM, Pedro Serotto pedro.sero...@yahoo.eswrote:
I have a dedicated NIC too.
But, do you set the remote ip, on every side or only on the master side.
Is right that the session migrate only from master to slave and never from
slave to master ?
You set the remote
On Mon, Jul 30, 2012 at 6:10 PM, pfsense-supp...@madcyclist.org.uk wrote:
I have a pfSense 2.0 box connected to an ASDL modem running as a MPoA
bridge. Basically the ADSM modem does some unspecified manipulation and
presents the public IP to the LAN connection via DHCP along with gateway
On Wed, Jul 18, 2012 at 4:11 AM, Pedro Serotto pedro.sero...@yahoo.eswrote:
Everything migrate correctly but not ipsec.
What is your remote IPsec device? Is it pfSense as well? That is my
situation and the connection flips over rather quickly.
___
On Mon, Jul 16, 2012 at 12:44 PM, Pedro Serotto pedro.sero...@yahoo.eswrote:
I try to set up multiple VPN gateways in a redundant configuration,
allowing for
transparent failover of VPN connections without any loss of
connectivity.
I find my IPsec tunnels transfer from primary to secondary
On Sun, Jul 1, 2012 at 3:33 PM, Chris Buechler c...@pfsense.org wrote:
The level of service we provide is on par or better than commercial
vendors. For most of our customers, much better, because commercial
vendors will rule out the firewall and tell you to have a nice day
I'll confirm that
On Fri, Jun 22, 2012 at 12:17 PM, Jim Pingle li...@pingle.org wrote:
Use /boot/loader.conf.local - that won't get overwritten. The other two
will.
Based on this, my revised configuration is to create
/boot/loader.conf.local:
hint.uart.2.at=isa
hint.uart.2.port=0x3E8
hint.uart.2.flags=0x10
On Thu, Jun 28, 2012 at 9:07 PM, Paul Gear p...@gear.dyndns.org wrote:
Server hardware: IBM x3550, Xeon E5405 2 GHz, 2 GB RAM, 2 x 300 GB 10K
RPM SAS HD in hardware RAID 1, 2 x Broadcom NetXtreme II BCM5708
1000Base-T (B2)
About two weeks ago I had to put into production a temporary hacked
On Wed, Jun 13, 2012 at 6:19 PM, Chris Buechler c...@pfsense.org wrote:
You have to enable synchronize states on the secondary too or it
won't accept them. FirewallVIPs, CARP settings tab.
Thanks for this tip. I thought perhaps my problem was that I was
sharing an interface for this, and the
So I just figured this nifty trick out. I provisioned a pair of
servers based on supermicro X9SC motherboard, which has a built-in
ILOM processor, and that provides a serial-over-lan serial port in
addition to other administrative features.
It was exceptionally easy to convince pfsense to use
On Mon, Jun 18, 2012 at 9:49 AM, Giles Coochey gi...@coochey.net wrote:
I'm not sure whether the URL re-write will work when HTTPS is in use.
Apache's SSL proxy uses CONNECT, so it doesn't terminate your SSL
connection. Thus, it cannot decode or rewrite anything within. If
you want it to work,
I have a pair of firewalls set up with pfsync. pfSense 2.0.1/i386.
I'm pushing a lot of connections and traffic, so had to bump the
number of states in the Advanced - Firewall/NAT tab. This increased
number did not show up on the backup firewall. Ditto for unchecking
the disable nat reflection
Looking through the forums and mailing list archives, I see
recommendations for the following two devices to handle my network
throughput:
Hacom Mars system
http://www.hacom.net/catalog/mars-ii-pfsense-1u-server and Netgate
FW-7535 http://store.netgate.com/Netgate-FW-7535-1U-P1695C84.aspx
Both
Also, I have three IPsec VPNs connecting to other data centers and the
main office, which need to push at peak 40Mbps for a couple of hours a
day during backups.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Thu, May 17, 2012 at 2:37 PM, Ugo Bellavance u...@lubik.ca wrote:
I would like to make sure my rules in the best order. I understand that the
rules are processed from top to bottom, so I should place the rules that are
most used at top. However, how long lasts a state? I just want to
On Tue, May 15, 2012 at 5:39 PM, Antonio Cortes Alhambra (INCATEL)
antonio.cor...@incatel.cl wrote:
someone has found the right combination of parameters settings to
achieve the connection from a CISCO VPN CLIENT 5.0.07.0410 and pfSense 2.0.1
There are instructions for making the Cisco IPsec
Isn't this automatic with CARP?
On Mon, Apr 30, 2012 at 4:35 AM, Pedro Serotto pedro.sero...@yahoo.es wrote:
With ifstated I can catch the fault and demote the carp interface to
guarantee the service continuity.
How can I do that in pfsense ?
___
Reading http://doc.pfsense.org/index.php/Inbound_Load_Balancing
I find a couple of issues, which seem to be changes in 2.0.
1) the default probe is 10 seconds, not 5. There is no way to tweak that.
2) there is no sticky option
The commentary about 1.2 implementation using NAT and issues with
On Mon, Apr 23, 2012 at 4:36 PM, Karl Fife karlf...@gmail.com wrote:
In the scenario where the hardware interfaces are NOT the same, is it
possible to do something simple like search/replace the configuration file,
substituting the interface names? Is there any reason to believe that
process
On Sat, Feb 25, 2012 at 3:44 AM, Warren Baker war...@decoy.co.za wrote:
On Fri, Feb 24, 2012 at 9:48 PM, David Miller dmil...@metheus.org wrote:
Is there a way to mount a memstick on a mac and see the file system(s).
Given its roots I'd think the mac would understand freebsd file systems and
On Sun, Feb 5, 2012 at 5:28 PM, Diego Barrios s...@techsystem.com.br wrote:
Can i install nanobsd 1GB image on my Alix, Backup the config from the PC
and Restore it on my ALIX?
I don`t care about the RRD graphs, logs, etc... only my VPN users and useful
settings.
You will need to edit the
On Mon, Feb 6, 2012 at 3:44 AM, Gavin Will gavin.w...@exterity.com wrote:
Routing and firewall rules are correct and I can access both networks fine.
The voip phone registers and can make a call but both ends cannot hear each
other each other.
The VOIP phones at my remote locations (VPN with
I followed
http://forum.pfsense.org/index.php?PHPSESSID=eqvfsk9c6dar52lncgb39gc0s7/topic,24752.msg130558/topicseen.html#msg130558
to set up iPhone IPsec vpn. This works splendidly (once I granted
permission to the new user to create VPN login).
However, since the iOS can only make one vpn
On Tue, Oct 4, 2011 at 12:14 AM, Nenhum_de_Nos math...@eternamente.info wrote:
for 1.2.3 it works great, but I always get cert problem in 2.0 :(
The config imported from 1.2.3 works fine for us. I think we had to
manually re-import the certificate authority, though. Memory fades.
201 - 248 of 248 matches
Mail list logo