Re: [pfSense] openvpn topology subnet with pfsense 2.2.6 server/2.3 client

[WebDawg]

On Apr 15, 2016 4:39 PM, "Joseph L. Casale" 
wrote:
>
> Does a facility exist to bypass the UI and invoke a static config for an
openvpn server?
> I do not see a means through the web ui to create a configuration which
permits static
> addressing in subnet mode?
>
> Thanks,
> jlc
> ___

This!

They need to let this happen for all packages!
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] openvpn topology subnet with pfsense 2.2.6 server/2.3 client

[Joseph L. Casale]

Does a facility exist to bypass the UI and invoke a static config for an 
openvpn server?
I do not see a means through the web ui to create a configuration which permits 
static
addressing in subnet mode?

Thanks,
jlc
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Ambiguous gateway monitoring

[Chris Buechler]

On Fri, Apr 15, 2016 at 12:31 PM, Karl Fife  wrote:
> I'm bringing this up in the off chance that it is a bug.  I think it might
> be expected behavior but want to bounce it off a few others.
>
> I have an installation with two fiber uplinks.  Each uplink has an IP on the
> ISP's single WAN subnet (e.g. one single subnet, not a pair of tunnels).
> This is a temporary configuration but in the meantime I observed the
> following.
>
> In this configuration, the gateway monitoring's default settings use a
> single gateway monitoring IP address (their DHCP default gateway).  What I
> observe is that ONE of the two interfaces will have 'unknown/pending'
> gateway status.  Obviously, the gateway monitoring ICMP messages for BOTH
> interfaces are routing via only ONE of the two, leaving other gateway's
> status unknown.
>

The issue isn't gateway monitoring, it's that you can't have the same
subnet on multiple interfaces and can't have multiple WANs with the
same gateway IP. There can only one one ARP cache entry for a given IP
and it will be associated with only a single interface. It's a toss up
as to which will work in that case. It's impossible to communicate
with the same IP on two diff NICs.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pf2ad update to pfSense 2.3

[Luiz Gustavo S. Costa]

Hello,

Who wants to go now testing the pf2ad update to pfSense 2.3 can now
apply the script with the following command:

fetch -q -o - http://projetos.mundounix.com.br/pfsense/2.3/samba3/pf2ad.sh | sh

The code versioning, can be followed:

https://gitlab.mundounix.com.br/pfsense/pf2ad

I have the support of the crowd with stipend (paypal) and/or time to coding.

More info: http://pf2ad.mundounix.com.br/en/index.html

Regards

-- 
Luiz Gustavo Costa (Powered by BSD)
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
ICQ: 2890831 / Gtalk: gustavo@gmail.com
Blog: http://www.luizgustavo.pro.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Ambiguous gateway monitoring

[Karl Fife]

I'm bringing this up in the off chance that it is a bug.  I think it 
might be expected behavior but want to bounce it off a few others.


I have an installation with two fiber uplinks.  Each uplink has an IP on 
the ISP's single WAN subnet (e.g. one single subnet, not a pair of 
tunnels). This is a temporary configuration but in the meantime I 
observed the following.


In this configuration, the gateway monitoring's default settings use a 
single gateway monitoring IP address (their DHCP default gateway).  What 
I observe is that ONE of the two interfaces will have 'unknown/pending' 
gateway status.  Obviously, the gateway monitoring ICMP messages for 
BOTH interfaces are routing via only ONE of the two, leaving other 
gateway's status unknown.


QUESTIONS:
1. It's actually the NON-default interface (em2) that is being 
successfully monitored, NOT the default gateway interface (em1), so 
first of all if the monitoring service isn't clever enough to monitor 
its gateway on its own interface, shouldn't it be using the default 
interface?


2. While this specific configuration is temporary for us 
(fiber/link/transciever debugging), it seems that the gateway monitoring 
should in fact be clever enough to use its own in interface for 
monitoring its gateway address.  Is that right? While unusual, I don't 
think there anything fundamentally wrong with this configuration, right?


Thanks in advance.

Smart-alecs only:
Yes, The 'normal' configuration both fiber links is membership in a LAGG 
interface.
Yes, I know default gateway monitoring will begin if I change the 
monitor address for the default gateway to a different subnet IP address 
(e.g. a public dns server).







___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.

[J. Echter]

Hi,

maybe the squid cache was a reason for this.

7 hours was really lomg, i had to stop myself from 'interrupting' it :D

But now all runs smooth.

Keep up the good work!

Greetings

Juergen

Am 15.04.2016 um 08:38 schrieb Chris Buechler:
> On Thu, Apr 14, 2016 at 1:57 PM, WebDawg  wrote:
>> On Thu, Apr 14, 2016 at 1:53 PM, J. Echter <
>> j.ech...@echter-kuechen-elektro.de> wrote:
>>
>>> Am 14.04.2016 um 19:32 schrieb J. Echter:
 Hi,

 here, everything works as expected. :)

 But i have a upgrade running since round about 7 hours...


 I didn't check full backup before upgrade.

 7 hours seem long... :)

 Is this still expected behaviour?

 Thanks

 J.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

>>>
>>> seems normal, i have a reboot mail now :D
>>>
>>>
>> I think I had this problem when I had a bunch of sarge reports and stuff.
>> For some reason one of the upgrade steps was to look through the entire FS.
> 
> It does an mtree on all the installed files, which can take quite some
> time, but it goes through a specific list of files that are installed.
> Having a huge number of files on the filesystem could slow it down
> some. Hours is really excessive though.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[Olivier Mascia]

> Le 15 avr. 2016 à 12:33, Mike Montgomery  a écrit :
> 
> I'm not positive, but I was always under the impression to only use the VX
> net cards for Windows OS, I have always used the e1000 for Linux/pfsense.
> Run several firewalls in esxi 5.1 and never any issues.  Never needed tweak
> anything at all, except for when I tried to do carp.

I'll arrange some different tests later, but for now, VMXNET3 WAN, VMXNET3 LAN, 
the hosts have only 1 Gbps ethernet, I get ~850 Mbps in both directions through 
'speedtest.net' (from a LAN windows server box) to some servers I know well. 
That's about only 15% less than wire-speed, even though there is the expected 
overhead of the virtualization. Not bad.  Is it stable for long-term?  Only 
time will tell me, but it looks steady for now.

For fault-tolerance, I tend to think that CARP and dual virtualized pfSense 
(with affinity on different hosts), would be lighter than using vmware Fault 
Tolerance. That will be next week tests.

-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Status - Queues: is that a moving average on the last X minutes?

[Olivier Mascia]

It looks to me the data displayed by Status - Queues is a kind of average over 
some time frame (maybe 1 minute, maybe more, don't know).  Could this be 
shorter? Could the data be reported half-live, for instance one sample every 5 
seconds with the data of those last 5 seconds, not taking into account any past 
traffic?

When trying to assess the effectiveness of some settings, getting a more 
instantaneous queues usage might be more useful. Well, I think so.

-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

[Mike Montgomery]

I'm not positive, but I was always under the impression to only use the VX
net cards for Windows OS, I have always used the e1000 for Linux/pfsense.
Run several firewalls in esxi 5.1 and never any issues.  Never needed tweak
anything at all, except for when I tried to do carp.
On Thu, Apr 14, 2016 at 6:02 PM, Olivier Mascia  wrote:

> > Le 14 avr. 2016 à 23:54, WebDawg  a écrit :
> >
> > https://blog.pfsense.org/?p=1716
> >
> > They have an appliance you can purchase now.
>
> Eyes blinking.
> And it's available through the pfSense Gold subscription which I have
> signed for and renewed since it existed. Will check this.
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>
>
> ___
>

I plan to throw pfSense into xen.  I would like to know the answers to the
questions you are asking anyways heh.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSnese 2.3 unresponsive on

[Chris Buechler]

On Wed, Apr 13, 2016 at 6:11 PM, Rosen Iliev  wrote:
> Hi guys,
>
> Just upgraded my embedded pfsense to 2.3.
> I have problems getting to the box (web or ssh) it just time outs.
> On the web I sometime I get Nginx 504, sometime, just nothing.
> Eventually I got logged in, try to check what's going on.
> I have open Diagnostics->System Activity page, and start monitoring the
> network traffic.
>
> There is Java Script that updates the page content every 2.5, but actual
> response in my case was more then 15 sec.
> So I ended up with +20 pending requests to /diag_system_activity.php.
>
> I don't think that setInterval is a good option here. Especially when you
> don't know how long it will take for the request to complete.
>
> My suggestion is to use setTimeout like this:
>

Yeah that's what 2.2.x and prior used.
https://redmine.pfsense.org/issues/6166
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.

[Chris Buechler]

On Thu, Apr 14, 2016 at 1:57 PM, WebDawg  wrote:
> On Thu, Apr 14, 2016 at 1:53 PM, J. Echter <
> j.ech...@echter-kuechen-elektro.de> wrote:
>
>> Am 14.04.2016 um 19:32 schrieb J. Echter:
>> > Hi,
>> >
>> > here, everything works as expected. :)
>> >
>> > But i have a upgrade running since round about 7 hours...
>> >
>> >
>> > I didn't check full backup before upgrade.
>> >
>> > 7 hours seem long... :)
>> >
>> > Is this still expected behaviour?
>> >
>> > Thanks
>> >
>> > J.
>> > ___
>> > pfSense mailing list
>> > https://lists.pfsense.org/mailman/listinfo/list
>> > Support the project with Gold! https://pfsense.org/gold
>> >
>>
>> seems normal, i have a reboot mail now :D
>>
>>
> I think I had this problem when I had a bunch of sarge reports and stuff.
> For some reason one of the upgrade steps was to look through the entire FS.

It does an mtree on all the installed files, which can take quite some
time, but it goes through a specific list of files that are installed.
Having a huge number of files on the filesystem could slow it down
some. Hours is really excessive though.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold