My bad. The IP can be in the same subnet as well as in a different subnet.
As far as a true alias goes it is not implemented afaik. Try ifconfig in a
shell and see if your aliases are listed as ips on the interface. If they
where they would respond to ping and have a derived mac from the main
Just noticed that 2.0 had this fixed. I red the link on my mobile and my
eyes hurt reading that table. It seems propper alias is there and that
means proxy-arp should no longer be used as it was done as a workaround for
the missing alias functionality.
Then I think Brian is right regarding the
Brian, as a former pfsense dev (5 years) and a freebsd kernel/interface dev
for 15 I do know how it works. Alias ips has worked altleast since freebsd
4. But in pfsense it was apparently added in 2.0. As I said I haven't
messed with interface aliases since 2007 ish. You still did not get what I
I guess it's time for me to dig out the actual configurations to settle
this.
* the box with a proxy ARP VIP is running pfSense-2.0.1. (OK, it's
probably due an upgrade, but when things just work they tend to be left
alone :-)
The WAN address is x.x.x.x/6.28, and the proxy ARP virtual IP
On 09/03/2015 11:40, Espen Johansen wrote:
if so a reboot of pfsense and router/modem should clear that up quickly
Unlikely. The problem is the ARP cache in the upstream router, and
rebooting pfSense won't help that unless you have a direct ethernet
connection to that router (in which case the
Hello,
I have difficulties installing pfsense 2.2 on Alix board (with the latest
firmware 0.99) to a 2 GB CF card. I had success install 2.1.5 and upgrade, but
direct install of 2.2 not working (sequencial blinking lights).
Best regards
Kostas
___
On 09/03/2015 11:24, Espen Johansen wrote:
As far as a true alias goes it is not implemented afaik. Try ifconfig
in a shell and see if your aliases are listed as ips on the interface.
wan_vip102: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500
inet y.y.y.228 netmask 0xfff0
inet
On 03/08/2015 06:50 PM, Bryan D. wrote:
My interpretation of the nice chart and notes on
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
leads me to believe that I can switch the CARP VIPs to be IP Alias VIPs.
However, when I do that, the 2 servers for the 2 domains tied to
Morning all.
Just reading though the docs and found the following:
https://doc.pfsense.org/index.php/Multi-WAN_for_IPv6
and
https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
But there is a problem... The Multi-WAN one assumes that both WAN connections
give IPv6
On 03/09/2015 10:28 AM, Tiernan OToole wrote:
But there is a problem... The Multi-WAN one assumes that both WAN
connections give IPv6 addresses, which in my case is false, and the
Tunnel Broker assumes you have one WAN connection... Last time i tried
this, mind you with a different router, all
I installed it on an ALIX with a 4GB card without issues. I'd suggest
getting a serial cable so that you can see the output from the system as it
boots (make sure you a null modem cable or adapter).
Walter
On Mon, Mar 9, 2015 at 5:11 AM, Kostas Backas kos...@i-system.gr wrote:
Hello,
I have
Thank you,
I have tried different cards, only 2 GB. I will try tomorrow with a serial
cable.
Best regards
Kostas
Στάλθηκε από το iPad μου
9 Μαρ 2015, 11:22 μ.μ., ο/η Walter Parker walt...@gmail.com έγραψε:
I installed it on an ALIX with a 4GB card without issues. I'd suggest getting
a
On 09/03/15 11:23, Brian Candler wrote:
On 09/03/2015 10:10, Bryan D. wrote:
Nope, it's a fully functioning setup (has been, in this form, for a
few years) ... just wanted to switch off CARP VIPs since I'm not
using failover. The only question is why won't IP Alias VIPs replace
the CARP
On 2015-Mar-09, at 3:34 AM, Matthias May matth...@may.nu wrote:
A CARP address has it's own MAC. The IP alias shares the MAC of it's parent
interface.
If you change this while running, your upstream routers/switches will have
the wrong MAC address for your IP cached.
Sending a GARP might
Actually you cant use proxy arp as it has a limit affecting you. Proxyarp
IPs cant be in same subnet. Sorry. Carp is what you want/need. As for your
issue with not reaching the firewall when WAN is down is probably something
else.
What you really want is a alias ip on the interface and pfsense
On 09/03/2015 10:34, Matthias May wrote:
A CARP address has it's own MAC. The IP alias shares the MAC of it's
parent interface.
Ah, good point.
If you change this while running, your upstream routers/switches will
have the wrong MAC address for your IP cached.
Sending a GARP might help with
On 09/03/2015 10:47, Espen Johansen wrote:
Actually you cant use proxy arp as it has a limit affecting you.
Proxyarp IPs cant be in same subnet. Sorry.
Are you sure? I have a pfsense box where it's working.
What you really want is a alias ip on the interface and pfsense does
not support
9. mars 2015 11:52 skrev Brian Candler b.cand...@pobox.com:
On 09/03/2015 10:47, Espen Johansen wrote:
Actually you cant use proxy arp as it has a limit affecting you.
Proxyarp IPs cant be in same subnet. Sorry.
Are you sure? I have a pfsense box where it's working.
For 2.2 I'm not sure
On 2015-Mar-08, at 3:53 PM, Espen Johansen pfse...@gmail.com wrote:
I beleive the key to this is proxy arp.
Brgds, Espen
8. mars 2015 23:50 skrev Bryan D. pfse...@derman.com:
While we're on the topic, I have a functioning v2.2 setup that uses a /29
set of static IPs:
- 1 IP is the
On 2015-Mar-09, at 2:38 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:33, Bryan D. wrote:
So, for what I'm doing, an IP Alias VIP seems like it should work where a
CARP VIP works -- but it doesn't appear that a Proxy ARP VIP should, since I
think I'm using them by the
On 09/03/2015 09:51, Bryan D. wrote:
So it sounds like the IPsec and OpenVPN traffic would be such traffic?
IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on
udp 500 is, since it is received by strongswan/racoon)
But the firewall already has a public IP address for
On Mar 9, 2015, at 2:56 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:51, Bryan D. wrote:
So it sounds like the IPsec and OpenVPN traffic would be such traffic?
IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp
500 is, since it is received by
On 09/03/2015 10:05, Chris L wrote:
Are you saying you want different clients' IPSEC tunnels to terminate on
different public IP addresses on the firewall WAN side? That I've never tried,
and I don't know if it's possible.
It listens (binds) on whatever interface/VIP is specified in the
On 2015-Mar-09, at 3:05 AM, Chris L c...@viptalk.net wrote:
On Mar 9, 2015, at 2:56 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:51, Bryan D. wrote:
So it sounds like the IPsec and OpenVPN traffic would be such traffic?
IPSEC traffic is addressed *to* the firewall (at
On Mar 9, 2015, at 3:07 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 10:05, Chris L wrote:
Are you saying you want different clients' IPSEC tunnels to terminate on
different public IP addresses on the firewall WAN side? That I've never
tried, and I don't know if it's
On 09/03/2015 10:10, Bryan D. wrote:
Nope, it's a fully functioning setup (has been, in this form, for a few years)
... just wanted to switch off CARP VIPs since I'm not using failover. The only
question is why won't IP Alias VIPs replace the CARP VIPs?
If these extra addresses belong on the
On Mar 9, 2015, at 2:38 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:33, Bryan D. wrote:
So, for what I'm doing, an IP Alias VIP seems like it should work where a
CARP VIP works -- but it doesn't appear that a Proxy ARP VIP should, since I
think I'm using them by the
On Mar 9, 2015, at 3:01 AM, Bryan D. pfse...@derman.com wrote:
On 2015-Mar-09, at 2:43 AM, Chris L c...@viptalk.net wrote:
On Mar 9, 2015, at 2:38 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:33, Bryan D. wrote:
So, for what I'm doing, an IP Alias VIP seems like it
On 2015-Mar-09, at 2:56 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:51, Bryan D. wrote:
So it sounds like the IPsec and OpenVPN traffic would be such traffic?
IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp
500 is, since it is received by
On 2015-Mar-09, at 3:11 AM, Chris L c...@viptalk.net wrote:
On Mar 9, 2015, at 3:07 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 10:05, Chris L wrote:
Are you saying you want different clients' IPSEC tunnels to terminate on
different public IP addresses on the firewall WAN
30 matches
Mail list logo