Re: [pfSense] pfSense as an 802.11 access point
On Sat, Jan 14, 2012 at 8:09 AM, Jim Thompson wrote: >> 2> Any specific suggestions on sub-$50 [USD] PCI or USB wireless cards for >> this purpose? Any to stay away from? External antenna strongly preferred. > > My ability to contribute here is quite limited. Have a look at http://doc.pfsense.org/index.php/Supported_Wireless_Cards -- .warren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense as an 802.11 access point
On Jan 13, 2012, at 8:24 PM, mdh wrote: > Hey folks, a few quick questions. > > 1> If I want to use pfSense as an 802.11g access point, does this work well? It works well-enough. It's not perfect, and there is no 802.11n support, currently. > 2> Any specific suggestions on sub-$50 [USD] PCI or USB wireless cards for > this purpose? Any to stay away from? External antenna strongly preferred. My ability to contribute here is quite limited. > 3> If I wanted to speed up WPA2/AES a bit for a larger number of connections, > would a Soekris PCI crypto card be a good choice? Would it be plug-and-play > or would I need to change any configs to use it? Would it need any changes > to be used for other stuff (like OpenVPN, or other crypto-heavy processes)? Most of the modern 802.11 chipsets have enough on-board crypto-processor to handle AES at full speed. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfSense as an 802.11 access point
Hey folks, a few quick questions. 1> If I want to use pfSense as an 802.11g access point, does this work well? 2> Any specific suggestions on sub-$50 [USD] PCI or USB wireless cards for this purpose? Any to stay away from? External antenna strongly preferred. 3> If I wanted to speed up WPA2/AES a bit for a larger number of connections, would a Soekris PCI crypto card be a good choice? Would it be plug-and-play or would I need to change any configs to use it? Would it need any changes to be used for other stuff (like OpenVPN, or other crypto-heavy processes)? Thanks, Matt ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OpenVPN Status Package in 2.0.1...
- Original Message - > - Original Message - > > On Thu, Jan 12, 2012 at 1:00 PM, Tim Nelson > > wrote: > > > Greetings- > > > > > > I understand the functionality of the OpenVPN Status package from > > > the 1.x versions is now integrated into the 2.x versions. > > > *However*, > > > let's say... "hypothetically" a 1.2.2 config was uploaded to a > > > fresh > > > 2.0.1 installation, and the OpenVPN Status package XML(every > > > package > > > XML for that matter) wasn't removed from that config as directed > > > in > > > the upgrade guide. During the package installation/setup after the > > > first boot on the imported config, it appears the system > > > downloaded > > > and installed the OpenVPN Status package, even though 2.0.1 has > > > this > > > functionality already. Now, none of the OpenVPN Status functions > > > work, citing no management daemon connection, etc. > > > > > > > The package doesn't reinstall on upgrade, as it isn't there. Don't > > think that's related to the package being there. What you're > > probably > > seeing is the custom options you have defined in your OpenVPN > > instances have to be removed so the auto-added ones work. > > I distinctly remember seeing it 'reinstall' that package on the first > boot. And, from the 'Status' menu, I have *two* entries for 'OpenVPN' > which further leads me to believe both the integrated *and* package > versions are present. > > I'll recheck the config options to see if that makes a difference. > Well, I removed the manual management options from the VPN configs and all is working well. However, I still do have the duplicate 'OpenVPN' entries under the 'Status' menu. Not an issue, just an oddity. Thanks for the pointers Chris! --Tim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [Fwd: Re: [Pfsense-pt] RES: Fair Over para Acesso remoto]
On 1/13/2012 10:58 AM, Luiz Gustavo wrote: > In summary in message below, we discussed the possibility of dyndns > reply ip to the gateway active (default gateway) and not be associated > with an interface. Sounds great! > Will appear in the list of interfaces an option: "Active WAN interface", > use it to get the WAN ip of the currently active (the default gateway > pfSense). > > Any problem report here on the list. I haven't tried this yet, but does it only work if you have default gateway switching on? It would be even nicer to hook into Gateway Groups and the tiers they have so someone could fail over in any direction they want, but this is a start. If that is the case you might want to word it a little more specifically, perhaps "Active default gateway WAN interface" or put a note below about requiring the gateway switching setting to be on. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OpenVPN Status Package in 2.0.1...
- Original Message - > On Thu, Jan 12, 2012 at 1:00 PM, Tim Nelson > wrote: > > Greetings- > > > > I understand the functionality of the OpenVPN Status package from > > the 1.x versions is now integrated into the 2.x versions. *However*, > > let's say... "hypothetically" a 1.2.2 config was uploaded to a fresh > > 2.0.1 installation, and the OpenVPN Status package XML(every package > > XML for that matter) wasn't removed from that config as directed in > > the upgrade guide. During the package installation/setup after the > > first boot on the imported config, it appears the system downloaded > > and installed the OpenVPN Status package, even though 2.0.1 has this > > functionality already. Now, none of the OpenVPN Status functions > > work, citing no management daemon connection, etc. > > > > The package doesn't reinstall on upgrade, as it isn't there. Don't > think that's related to the package being there. What you're probably > seeing is the custom options you have defined in your OpenVPN > instances have to be removed so the auto-added ones work. I distinctly remember seeing it 'reinstall' that package on the first boot. And, from the 'Status' menu, I have *two* entries for 'OpenVPN' which further leads me to believe both the integrated *and* package versions are present. I'll recheck the config options to see if that makes a difference. Thanks Chris! --Tim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [Fwd: Re: [Pfsense-pt] RES: Fair Over para Acesso remoto]
link for patch: http://www.luizgustavo.pro.br/~gugabsd/dyndns_anyif.patch Em Sex, 2012-01-13 às 13:58 -0200, Luiz Gustavo escreveu: > Hi Friends ! > > In summary in message below, we discussed the possibility of dyndns > reply ip to the gateway active (default gateway) and not be associated > with an interface. > > > I made a patch that could help it, but > they need to do test it. > > To apply the patch, just go to menu Diagnostics > Command Prompt > > and paste the following line: > > fetch -q -o - http://luizgustavo.pro.br/~gugabsd/dyndns_anyif.sh | sh > > > Run and test this patch. > > Will appear in the list of interfaces an option: "Active WAN interface", > use it to get the WAN ip of the currently active (the default gateway > pfSense). > > Any problem report here on the list. > > Mensagem encaminhada > > De: Luiz Gustavo > > Para: Lista em Português sobre pfSense > > Assunto: Re: [Pfsense-pt] RES: Fair Over para Acesso remoto > > Data: Fri, 13 Jan 2012 11:14:28 -0200 > > > > Deixa eu tentar entender. > > > > Você tem 2 links DINAMICOS ? (que dizer, com ip variavel pela operadora) > > > > e quer ter o dyndns respondendo para um ou para outro, certo ? > > > > Realmente, você só consegue especificar para uma interface especifica, > > talvez como uma feature para o futuro ele poder pegar o ativo no > > momento, mas agora não tem como mesmo. > > > > > > > > Em Sex, 2012-01-13 às 09:57 -0300, mantunes escreveu: > > > Jack, > > > > > > mais ou menos.. o ideal mesmo que o Dynamic DNS client fosse pelo > > > link do failover.. e não por uma determinada interface.. > > > > > > Acho que seria isso.. > > > > > > > > > > > > Em 13 de janeiro de 2012 09:53, Jack escreveu: > > > > Buenas! > > > > > > > > Pelo que entendi você está querendo implementar "FailOver"/Redundância > > > > de > > > > entrada, correto? > > > > > > > > Se for isso, leia com bastante atenção e na íntegra este tópico: > > > > http://forum.pfsense.org/index.php/topic,44184.0.html > > > > > > > > Nota: Cuidado com as "gambiarras"! ;-) > > > > > > > > > > > > Abraços! > > > > Jack > > > > > > > > > > > > > > > >>-Mensagem original- > > > >>De: pfsense-pt-boun...@lists.pfsense.org [mailto:pfsense-pt- > > > >>boun...@lists.pfsense.org] Em nome de mantunes > > > >>Enviada em: sexta-feira, 13 de janeiro de 2012 10:45 > > > >>Para: Lista em Português sobre pfSense > > > >>Assunto: [Pfsense-pt] Fair Over para Acesso remoto > > > >> > > > >>Pessoal, > > > >> > > > >>Estou com um problema.. tenho uma empresa pfsense com load balance e > > > >>fair over com dois links, um adsl e outro dedicado > > > >>o pessoal acessa remoto via link adsl, porem notei que no pfsense eu > > > >>não posso ter um load balance via Dynamic DNS client > > > >>pq tenho que escolher qual é o link que vai atribuir o dns dynamic > > > >>(wan ou opt1) > > > >> > > > >>Será que é possível deixa que o mesmo faça por onde tiver o link > > > >>ativo.. caso o link adsl venha cair o mesmo forneça o > > > >>ip ativo via fair over.. > > > > > > > > ___ > > > > Pfsense-pt mailing list > > > > pfsense...@lists.pfsense.org > > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > > > > > > > > -- > > Luiz Gustavo Costa (Powered by BSD) > > *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ > > mundoUnix - Consultoria em Software Livre > > http://www.mundounix.com.br > > ICQ: 2890831 / MSN: cont...@mundounix.com.br > > Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407 > > Blog: http://www.luizgustavo.pro.br > -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407 Blog: http://www.luizgustavo.pro.br ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] [Fwd: Re: [Pfsense-pt] RES: Fair Over para Acesso remoto]
Hi Friends ! In summary in message below, we discussed the possibility of dyndns reply ip to the gateway active (default gateway) and not be associated with an interface. I made a patch that could help it, but they need to do test it. To apply the patch, just go to menu Diagnostics > Command Prompt and paste the following line: fetch -q -o - http://luizgustavo.pro.br/~gugabsd/dyndns_anyif.sh | sh Run and test this patch. Will appear in the list of interfaces an option: "Active WAN interface", use it to get the WAN ip of the currently active (the default gateway pfSense). Any problem report here on the list. Mensagem encaminhada > De: Luiz Gustavo > Para: Lista em Português sobre pfSense > Assunto: Re: [Pfsense-pt] RES: Fair Over para Acesso remoto > Data: Fri, 13 Jan 2012 11:14:28 -0200 > > Deixa eu tentar entender. > > Você tem 2 links DINAMICOS ? (que dizer, com ip variavel pela operadora) > > e quer ter o dyndns respondendo para um ou para outro, certo ? > > Realmente, você só consegue especificar para uma interface especifica, > talvez como uma feature para o futuro ele poder pegar o ativo no > momento, mas agora não tem como mesmo. > > > > Em Sex, 2012-01-13 às 09:57 -0300, mantunes escreveu: > > Jack, > > > > mais ou menos.. o ideal mesmo que o Dynamic DNS client fosse pelo > > link do failover.. e não por uma determinada interface.. > > > > Acho que seria isso.. > > > > > > > > Em 13 de janeiro de 2012 09:53, Jack escreveu: > > > Buenas! > > > > > > Pelo que entendi você está querendo implementar "FailOver"/Redundância de > > > entrada, correto? > > > > > > Se for isso, leia com bastante atenção e na íntegra este tópico: > > > http://forum.pfsense.org/index.php/topic,44184.0.html > > > > > > Nota: Cuidado com as "gambiarras"! ;-) > > > > > > > > > Abraços! > > > Jack > > > > > > > > > > > >>-Mensagem original- > > >>De: pfsense-pt-boun...@lists.pfsense.org [mailto:pfsense-pt- > > >>boun...@lists.pfsense.org] Em nome de mantunes > > >>Enviada em: sexta-feira, 13 de janeiro de 2012 10:45 > > >>Para: Lista em Português sobre pfSense > > >>Assunto: [Pfsense-pt] Fair Over para Acesso remoto > > >> > > >>Pessoal, > > >> > > >>Estou com um problema.. tenho uma empresa pfsense com load balance e > > >>fair over com dois links, um adsl e outro dedicado > > >>o pessoal acessa remoto via link adsl, porem notei que no pfsense eu > > >>não posso ter um load balance via Dynamic DNS client > > >>pq tenho que escolher qual é o link que vai atribuir o dns dynamic > > >>(wan ou opt1) > > >> > > >>Será que é possível deixa que o mesmo faça por onde tiver o link > > >>ativo.. caso o link adsl venha cair o mesmo forneça o > > >>ip ativo via fair over.. > > > > > > ___ > > > Pfsense-pt mailing list > > > pfsense...@lists.pfsense.org > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > > > -- > Luiz Gustavo Costa (Powered by BSD) > *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ > mundoUnix - Consultoria em Software Livre > http://www.mundounix.com.br > ICQ: 2890831 / MSN: cont...@mundounix.com.br > Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407 > Blog: http://www.luizgustavo.pro.br -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407 Blog: http://www.luizgustavo.pro.br ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] ssh public key in user manager (pfSense 2.0.1)
Am 13.01.2012 16:17, schrieb Paul Mather: On Jan 13, 2012, at 9:58 AM, newsgroups.ma...@stefanbaur.de wrote: Hi List, is there any particular reason why the user manager only accepts ssh-rsa keys instead of both ssh-rsa and ssh-dss? I pasted a ssh-dss key into the "Authorized Keys" area for a user in the User Manager and it works fine for me. I am using 2.0.1-RELEASE. I tried that myself, now, and can confirm that it works. What had me irritated was the note on the /system_advanced_admin.php page, section "Secure Shell", where it says "Disable password login for Secure Shell (RSA key only)". So maybe that text ist wrong or outdated, but the functionality is there. Kind Regards, Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] ssh public key in user manager (pfSense 2.0.1)
On Jan 13, 2012, at 9:58 AM, newsgroups.ma...@stefanbaur.de wrote: > Hi List, > > is there any particular reason why the user manager only accepts ssh-rsa keys > instead of both ssh-rsa and ssh-dss? I pasted a ssh-dss key into the "Authorized Keys" area for a user in the User Manager and it works fine for me. I am using 2.0.1-RELEASE. Cheers, Paul. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] ssh public key in user manager (pfSense 2.0.1)
Hi List, is there any particular reason why the user manager only accepts ssh-rsa keys instead of both ssh-rsa and ssh-dss? Googling for 'pfsense user manager "ssh-rsa" only' and similar keywords didn't bring up anything useful, neither did searching the wiki for 'rsa', 'dss' nor 'user manager' . :-( Kind Regards, Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
