Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread Chris Bagnall
I’m a little late to the discussion, but herewith my two penneth...

> Echoing what others have said, most of the USB network cards I have used
> have not been so reliable.

Broadly speaking, I’d concur with that sentiment. I have had moderate success 
with this one:

https://www.amazon.co.uk/gp/product/B00484IEJS

It’s only USB2, but, if my memory serves correctly, that’s a good thing, 
because the USB3 version definitely didn’t work under pfSense (admittedly some 
time ago - around 2.1 time - so things may have changed since).

I suspect any other USB ethernet device based on the same ASIX controller will 
likely work similarly…

> As far as cheap managed switches go

I’ll throw in a recommendation here for one of the cheap-ish HP ‘web managed’ 
switches - something like the 1810-8G if you want all gigabit ports, or if you 
don’t need more than 100Mb on your WAN interfaces, the older 1700-8 is also a 
good option. I’ve used both in scenarios where I’ve needed to connect more than 
2 WANs to a PCEngines ALIX or APU.

Kind regards,

Chris
-- 
This email is made from 100% recycled electrons

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread WolfSec-Support
ah, jep

cool :-)

many thanks, Peder



2016-05-03 21:37 GMT+02:00 Peder Rovelstad :

> No, see this thread.
> https://forum.pfsense.org/index.php?topic=109928.msg612160#msg612160
>
>
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
> WolfSec-Support
> Sent: Tuesday, May 03, 2016 11:37 AM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] never ending update status / "Obtaining update
> status" endless / on v2.3 on 32bit HW / e.g. ALIX
>
> Hi Peder,
>
> yep, seems to work.
>
> But CF will last much shorter now due to RW instead of RO ?
>
> Cheers
> Stephan
>
>
>
> 2016-05-03 15:01 GMT+02:00 Peder Rovelstad :
>
> > Set card to full-time RW and disable the update check.  Worked for my
> > low power install.
> >
> > -Original Message-
> > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
> > WolfSec-Support
> > Sent: Tuesday, May 03, 2016 7:36 AM
> > To: list@lists.pfsense.org
> > Subject: Re: [pfSense] never ending update status / "Obtaining update
> > status" endless / on v2.3 on 32bit HW / e.g. ALIX
> >
> > Update:
> > all i386 nanoBSD installs are affected
> >
> > An ALIX with i386 on SSD and normal pfsense image works well
> >
> > so seems only i386 nanoBSD installs are affected
> >
> >
> > 2016-05-03 14:32 GMT+02:00 WolfSec-Support :
> >
> > > Hello,
> > >
> > >
> > > have seen this behaviour on all my 32bit ALIX boards.
> > >
> > > "Obtaining update status"  is hown endless
> > >
> > > Has someone else have seen this ?
> > >
> > > I tried for tests multiple external DNS, also google 8.8.8.8 - no
> > success.
> > > All on different ISP's and different locations.
> > >
> > > On my amd64 on all works fine - independent on hardware.
> > >
> > > Kind Regards
> > > Stephan
> > >
> > >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread Peder Rovelstad
No, see this thread.
https://forum.pfsense.org/index.php?topic=109928.msg612160#msg612160



-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
WolfSec-Support
Sent: Tuesday, May 03, 2016 11:37 AM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] never ending update status / "Obtaining update
status" endless / on v2.3 on 32bit HW / e.g. ALIX

Hi Peder,

yep, seems to work.

But CF will last much shorter now due to RW instead of RO ?

Cheers
Stephan



2016-05-03 15:01 GMT+02:00 Peder Rovelstad :

> Set card to full-time RW and disable the update check.  Worked for my 
> low power install.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of 
> WolfSec-Support
> Sent: Tuesday, May 03, 2016 7:36 AM
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] never ending update status / "Obtaining update 
> status" endless / on v2.3 on 32bit HW / e.g. ALIX
>
> Update:
> all i386 nanoBSD installs are affected
>
> An ALIX with i386 on SSD and normal pfsense image works well
>
> so seems only i386 nanoBSD installs are affected
>
>
> 2016-05-03 14:32 GMT+02:00 WolfSec-Support :
>
> > Hello,
> >
> >
> > have seen this behaviour on all my 32bit ALIX boards.
> >
> > "Obtaining update status"  is hown endless
> >
> > Has someone else have seen this ?
> >
> > I tried for tests multiple external DNS, also google 8.8.8.8 - no
> success.
> > All on different ISP's and different locations.
> >
> > On my amd64 on all works fine - independent on hardware.
> >
> > Kind Regards
> > Stephan
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] PFSense breaks TCP-Sessions

2016-05-03 Thread WebDawg
Did you try ipv6 inside the tunnel also?

On Tue, May 3, 2016 at 1:56 PM, Jens Kühnel 
wrote:

> Am 01.05.2016 um 18:29 schrieb WebDawg:
> >
> >
> > On 05/01/2016 08:15 AM, Jens Kühnel wrote:
> >> Hi,
> >>
> >> I'm a very satisfied PFSense User for a very long time, but I'm running
> >> into a problem that I can not fix, even after a long time of searching.
> >>
> >> To get a real IPv4-Address to my home with only a DSLite connection. I'm
> >> using PFSense with OpenVPN via UDP6 to transport a real IP-Address from
> >> my Hosting Provider (Hetzner) to my home. The problem occurs with
> >> PFSense 2.2 and 2.3. The opposite side (at Hetzner) is a Centos7 with
> >> openvpn-2.3.10-1.el7.x86_64.
> >>
> >> I can create the tunnel and ping without any problem. Sometimes I can
> >> also use TCP without a problem. But most of the time not. The Problem
> >> happens only from the internet to my home and without a detectable
> >> pattern. (time, load on the link, source/destionation ip, Port)
> >> tcpdump show a lot of TCP ACKed unseen segment, TCP Retransmition and
> >> TCP Dup Acks.
> >> From my homenetwork to the Internet there is no problem.
> >>
> >>
> >> My first Idea was MTU, but decrease the MTU did not help. Also the
> >> option mut-test shows on both sides:
> >>  Empirical MTU test completed [Tried,Actual] local->remote=[1584,1584]
> >> remote->local=[1584,1584]
> >>
> >> My second idea (or that of a friend) was bad offloading. So I disabled
> >> all kinds of offloading with this:
> >> ifconfig em0 -rxcsum -txcsum -rxcsum6 -txcsum6 -tso -lro -vlanhwtag
> >> -vlanhwfilter -vlanhwtso
> >> ifconfig em1 -rxcsum -txcsum -rxcsum6 -txcsum6 -tso -lro -vlanhwtag
> >> -vlanhwfilter -vlanhwtso
> >> Without any help.
> >>
> >> Yesterday I freed up another IP and configured a Linux-Machine as a
> >> replacement of the PFSense. With iptables and openvpn and here
> >> everything works without any problems.
> >>
> >> So the problem is PFsense or my misconfiguration of PFSense.
> >>
> >> I really would like to continue to use PFSense, so can anyone give a
> >> hint how to fix this or at least what it can be and where to search.
> >>
> >> CU
> >> Jens
> >>
> >> P.S.:
> >>
> >> My setup:
> >>
> >> The PFSense has a IPV6 Addresse and gets the IPV4 address via the
> >> openvpn tunnel. This is also the default IPv4 GW. I have 3 Networks (in
> >> 192.168.*) in 3 VLANS and use NAT via the Public IP.
> >> PFSense forwards 443 to a internal HTTPS Server and a High Port to a
> >> SSH-Server.
> >>
> >> This setup (without the OpenVPN Tunnel) was working without a problem
> >> for 2 Years before I moved to a new City with this new setup.
> >>
> >> ___
> >>
> >
> >
> > Did you increase the verbosity of OpenVPN logging and see what OpenVPN
> > is reporting?  Can you?  Pastebin?
> Hi,
>
> Here I run it with verb 4 on both sides. But nothing fancy is shown.
>
> The output can be found here:
>
> https://paste.fedoraproject.org/362219/46229582/
>
>
> Thanks for the help.
> CU
> Jens
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense on watchguard XTM 810

2016-05-03 Thread Eero Volotinen
Thanks. Do you have this device running pfsense?

--
Eero

2016-05-03 17:51 GMT+03:00 WebDawg :

> On Tue, May 3, 2016 at 2:08 AM, Eero Volotinen 
> wrote:
>
> > Hi,
> >
> > Does anyone has instructions how to install pfsense on watchguard XTM
> 810?
> > which image is requires? is console cable required? what type of console
> > cable is needed?
> >
> > --
> > Eero
> > ___
> >
>
>
> https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
> https://forum.pfsense.org/index.php?topic=61970.0
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] PFSense breaks TCP-Sessions

2016-05-03 Thread Jens Kühnel
Am 01.05.2016 um 18:29 schrieb WebDawg:
> 
> 
> On 05/01/2016 08:15 AM, Jens Kühnel wrote:
>> Hi,
>>
>> I'm a very satisfied PFSense User for a very long time, but I'm running
>> into a problem that I can not fix, even after a long time of searching.
>>
>> To get a real IPv4-Address to my home with only a DSLite connection. I'm
>> using PFSense with OpenVPN via UDP6 to transport a real IP-Address from
>> my Hosting Provider (Hetzner) to my home. The problem occurs with
>> PFSense 2.2 and 2.3. The opposite side (at Hetzner) is a Centos7 with
>> openvpn-2.3.10-1.el7.x86_64.
>>
>> I can create the tunnel and ping without any problem. Sometimes I can
>> also use TCP without a problem. But most of the time not. The Problem
>> happens only from the internet to my home and without a detectable
>> pattern. (time, load on the link, source/destionation ip, Port)
>> tcpdump show a lot of TCP ACKed unseen segment, TCP Retransmition and
>> TCP Dup Acks.
>> From my homenetwork to the Internet there is no problem.
>>
>>
>> My first Idea was MTU, but decrease the MTU did not help. Also the
>> option mut-test shows on both sides:
>>  Empirical MTU test completed [Tried,Actual] local->remote=[1584,1584]
>> remote->local=[1584,1584]
>>
>> My second idea (or that of a friend) was bad offloading. So I disabled
>> all kinds of offloading with this:
>> ifconfig em0 -rxcsum -txcsum -rxcsum6 -txcsum6 -tso -lro -vlanhwtag
>> -vlanhwfilter -vlanhwtso
>> ifconfig em1 -rxcsum -txcsum -rxcsum6 -txcsum6 -tso -lro -vlanhwtag
>> -vlanhwfilter -vlanhwtso
>> Without any help.
>>
>> Yesterday I freed up another IP and configured a Linux-Machine as a
>> replacement of the PFSense. With iptables and openvpn and here
>> everything works without any problems.
>>
>> So the problem is PFsense or my misconfiguration of PFSense.
>>
>> I really would like to continue to use PFSense, so can anyone give a
>> hint how to fix this or at least what it can be and where to search.
>>
>> CU
>> Jens
>>
>> P.S.:
>>
>> My setup:
>>
>> The PFSense has a IPV6 Addresse and gets the IPV4 address via the
>> openvpn tunnel. This is also the default IPv4 GW. I have 3 Networks (in
>> 192.168.*) in 3 VLANS and use NAT via the Public IP.
>> PFSense forwards 443 to a internal HTTPS Server and a High Port to a
>> SSH-Server.
>>
>> This setup (without the OpenVPN Tunnel) was working without a problem
>> for 2 Years before I moved to a new City with this new setup.
>>
>> ___
>>
> 
> 
> Did you increase the verbosity of OpenVPN logging and see what OpenVPN
> is reporting?  Can you?  Pastebin?
Hi,

Here I run it with verb 4 on both sides. But nothing fancy is shown.

The output can be found here:

https://paste.fedoraproject.org/362219/46229582/


Thanks for the help.
CU
Jens

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] passwordless console access

2016-05-03 Thread Jason Pyeron
> -Original Message-
> From: j...@use.startmail.com
> Sent: Tuesday, May 03, 2016 1:06 PM
> 
> Greetings,
> 
> I wonder if it is possible to configure passwordless ssh 
> access via ssl keys like done is regular unix via ssh-copy-id command.

Yes. 

Googling the correct terminology: pfsense ***ssh*** keys

https://www.google.com/#safe=off=pfsense+ssh+keys

Gives #1 result of https://doc.pfsense.org/index.php/HOWTO_enable_SSH_access


SSH Keys


SSH keys for authentication may be added to individual user accounts under
System > User Manager. The admin user and root user share keys. 

*** Do not attempt to manage keys from the shell directly. ***

-Jason

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] passwordless console access

2016-05-03 Thread jvpn
Greetings,

I wonder if it is possible to configure passwordless ssh access via ssl keys 
like done is regular unix via ssh-copy-id command.

Regards,
Josh.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread WolfSec-Support
Hi Peder,

yep, seems to work.

But CF will last much shorter now due to RW instead of RO ?

Cheers
Stephan



2016-05-03 15:01 GMT+02:00 Peder Rovelstad :

> Set card to full-time RW and disable the update check.  Worked for my low
> power install.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
> WolfSec-Support
> Sent: Tuesday, May 03, 2016 7:36 AM
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] never ending update status / "Obtaining update
> status" endless / on v2.3 on 32bit HW / e.g. ALIX
>
> Update:
> all i386 nanoBSD installs are affected
>
> An ALIX with i386 on SSD and normal pfsense image works well
>
> so seems only i386 nanoBSD installs are affected
>
>
> 2016-05-03 14:32 GMT+02:00 WolfSec-Support :
>
> > Hello,
> >
> >
> > have seen this behaviour on all my 32bit ALIX boards.
> >
> > "Obtaining update status"  is hown endless
> >
> > Has someone else have seen this ?
> >
> > I tried for tests multiple external DNS, also google 8.8.8.8 - no
> success.
> > All on different ISP's and different locations.
> >
> > On my amd64 on all works fine - independent on hardware.
> >
> > Kind Regards
> > Stephan
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Monitor (RRD) all 0 data on 2.3

2016-05-03 Thread Jeppe Øland
Found it (Status/Monitoring), but buy do I dislike the new setup.

I really liked the old one where I could see several time-periods at a
glance.

But worse is I can't seem to get the new UI to show me "total data passed
in/out" for the interfaces over a period. I use(d) this for accounting :-(

On Tue, May 3, 2016 at 8:31 AM, Jeppe Øland  wrote:

> Where did RRD graphs move to in 2.3?
> Can't seem to find them anywhere (am I blind?)
>
> On Thu, Apr 21, 2016 at 5:22 AM, Vick Khera  wrote:
>
>> oh never mind. i first read you did an upgrade. that is a weird symptom...
>>
>> On Thu, Apr 21, 2016 at 8:21 AM, Vick Khera  wrote:
>>
>> >
>> > On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers  wrote:
>> >
>> >> I just performed a clean install of 2.3 on an AMD64 PC. Everything is
>> >> fine,
>> >>
>> >
>> > Was your prior install 32-bit? When you switch/upgrade from 32 to 64 bit
>> > the RRD graphs break.
>> >
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

2016-05-03 Thread Jeppe Øland
Where did RRD graphs move to in 2.3?
Can't seem to find them anywhere (am I blind?)

On Thu, Apr 21, 2016 at 5:22 AM, Vick Khera  wrote:

> oh never mind. i first read you did an upgrade. that is a weird symptom...
>
> On Thu, Apr 21, 2016 at 8:21 AM, Vick Khera  wrote:
>
> >
> > On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers  wrote:
> >
> >> I just performed a clean install of 2.3 on an AMD64 PC. Everything is
> >> fine,
> >>
> >
> > Was your prior install 32-bit? When you switch/upgrade from 32 to 64 bit
> > the RRD graphs break.
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3_1 ?

2016-05-03 Thread Jeppe Øland
Does this update actually work?

After hitting install and crunching for a while, it showed "firmware
installation failed!" at the top.

Log window showed:
firmware installation failed!

>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Unlocking package pfSense-kernel-pfSense... done.
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (5 candidates): . done
Processing candidates (5 candidates): ... done
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense: 2.3 -> 2.3_1 [pfSense]
ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]

The process will require 2 KiB more space.
493 KiB to be downloaded.
Fetching pfSense-2.3_1.txz: . done
Fetching ntp-4.2.8p7.txz: .. done
Checking integrity... done (0 conflicting)
>>> Upgrading necessary packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (5 candidates): . done
Processing candidates (5 candidates): ... done
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense: 2.3 -> 2.3_1 [pfSense]
ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]

The process will require 2 KiB more space.
[1/2] Upgrading ntp from 4.2.8p6 to 4.2.8p7...
[1/2] Extracting ntp-4.2.8p7: .. done
[2/2] Upgrading pfSense from 2.3 to 2.3_1...
[2/2] Extracting pfSense-2.3_1: ... done
>>> Removing unnecessary packages... done.
>>> Cleanup pkg cache... done.
>>> Locking package pfSense-kernel-pfSense... done.


On Mon, May 2, 2016 at 8:24 AM, Olivier Mascia  wrote:

>
> > Le 2 mai 2016 à 16:19, Jason Hellenthal  a
> écrit :
> >
> > Signé partie PGP
> > _1 would not be a development release. That would be a patch or an
> addendum which I would assume handles the ntp security flaw patched in
> recent FreeBSD security release.
> >
> > https://www.freebsd.org/security/advisories/FreeBSD-SA-16:16.ntp.asc
> >
> > On May 2, 2016, at 08:54, Olivier Mascia  wrote:
> >
> > The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention
> of it on pfsense.org.
> > Could it be that my system polls for dev branch releases and not only
> released builds?
> > Or that the auto-update only revealed the beast before the blog on
> pfsense.org?
>
> Indeed.
>
> Installed packages to be UPGRADED:
> pfSense: 2.3 -> 2.3_1 [pfSense]
> ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread Moshe Katz
On Tue, May 3, 2016 at 10:10 AM, WebDawg  wrote:

> Before anyone goes out and purchases one of the GS switches from netgear
> please look at these posts:
>
> http://seclists.org/fulldisclosure/2016/Jan/77
>
> http://seclists.org/fulldisclosure/2016/Mar/25
>
> I was also very interested in those switches for the very same reason that
> Frans is.  Honestly, if you are looking for an inexpensive gigabit switch
> with VLAN capability you want something used...
>
> For instance the Dell Powerconnect 5324 can be had on the US ebay for
> something like $55.00.  This is a 24  The only effort you should do is to
> reflash any switch you purchase with the latest firmware.  Which is why I
> avoid some Cisco products because some of the firmware is paywalled.
>
> The eight port variant is a Dell PowerConnect 2808.  Just because it is
> half the size does not mean it is half the price but looking right now on
> ebay they are around $55.
>
> I have used both of these switches.  The only limitation I could find on
> the 2808 is that you cannot change what VLAN the web interface is on, I
> ended up solving that with a short cable from port to port on the same
> switch one port the default vlan in Access and with the VLAN that I wanted
> it on in Access.
>
> I do not know if v3 has the same vulnerabilities that are talked about in
> the links that I provided.  They look like serious issues that have not
> been fixed yet.
>
> On Tue, May 3, 2016 at 5:47 AM, Philipp Tölke  wrote:
>
> > A Netgear Prosafe GS-108E (or 105E) is reasonably cheap (~$50) and
> > manageable; try to get the version 3, it has a web-interface. Version 2
> is
> > only configurable using a Windows-Software.
> >
> >
> > > -Original Message-
> > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Frans
> > > Meulenbroeks
> > > Sent: 3 May, 2016 10:39
> > > To: list@lists.pfsense.org
> > > Subject: Re: [pfSense] USB3 to ethernet adaptor
> > >
> > > Thanks for all the replies on the USB adapter
> > >
> > > I know VLAN's would work but unfortunately my switches are unmanaged
> > > (this
> > > is a home setup).
> > >
> > > Reason for asking is that I want to install on an Intel NUC. This one
> > > only
> > > has one physical network interface. I'm running vmware esx on it and
> > > on top
> > > of that a VM with pfsense with two virtual NIC's, one for WAN, one
> > > for LAN.
> > >
> > > This works, I can bridge the cable modem to the WAN interface.
> > > However the
> > > LAN then is on the same physical interface. I would prefer to split
> > > that,
> > > hence my question.
> > >
> > > (or of course I could use other hardware than this NUC; I'm open to
> > > suggestions as long as they are affordable for a home user and low
> > > power).
> > >
> > > Best regards, Frans
>


Echoing what others have said, most of the USB network cards I have used
have not been so reliable.

As far as cheap managed switches go, even disregarding the security issues
of the Netgear GS switches, I highly recommend buying used Dell managed
switches on eBay over the Netgear ones. I have two of the Netgear switches
that have been a problem for me constantly, and two used Dell switches that
have been great.

Like WebDawg, I have had a lot of good experiences with buying Dell 28xx
switches on eBay.

Note that you will probably also find a lot of 27xx switches on eBay. While
those are also gigabit (unlike the 26xx and older, which only have 2-4
gigabit ports), if I remember correctly, they use an older web interface
that chokes in modern browsers. (I don't have one in front of me right now
to double-check that assertion, so I could be mis-remembering.) While the
28xx interface looks very similar, it seems to work much better.

Moshe

--
Moshe Katz
-- mo...@ymkatz.net
-- +1(301)867-3732
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense on watchguard XTM 810

2016-05-03 Thread WebDawg
On Tue, May 3, 2016 at 2:08 AM, Eero Volotinen 
wrote:

> Hi,
>
> Does anyone has instructions how to install pfsense on watchguard XTM 810?
> which image is requires? is console cable required? what type of console
> cable is needed?
>
> --
> Eero
> ___
>


https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
https://forum.pfsense.org/index.php?topic=61970.0
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread WebDawg
I hate when people push other options but if you do invest some time and
money into VLANs it will pay off.  You could give that Intel NUC so many
more interfaces then just two.

If you want to try USB stuff check here:

https://www.freebsd.org/releases/10.3R/hardware.html#usb

Click the "[amd64, i386, ia64, pc98] USB Ethernet adapters can be found in
the section listing Ethernet interfaces
."

ASIX Electronics AX88178A/AX88179 USB Gigabit Ethernet adapters (axge(4)
 driver)

You would want USB 3.0 support if you want to support Gigabit speeds.  I
never got to get that far into USB testing.

The last time I tried messing with USB adapters they kept falling out of
the system and were unstable.

The only other thing that I do not know is if the USB drivers from FreeBSD
10.3 are even on pfSense...there has been talk about missing kernel modules
for some devices so support for a certain device may not be there.

On Tue, May 3, 2016 at 3:39 AM, Frans Meulenbroeks <
fransmeulenbro...@gmail.com> wrote:

> Thanks for all the replies on the USB adapter
>
> I know VLAN's would work but unfortunately my switches are unmanaged (this
> is a home setup).
>
> Reason for asking is that I want to install on an Intel NUC. This one only
> has one physical network interface. I'm running vmware esx on it and on top
> of that a VM with pfsense with two virtual NIC's, one for WAN, one for LAN.
>
> This works, I can bridge the cable modem to the WAN interface. However the
> LAN then is on the same physical interface. I would prefer to split that,
> hence my question.
>
> (or of course I could use other hardware than this NUC; I'm open to
> suggestions as long as they are affordable for a home user and low power).
>
> Best regards, Frans
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread WebDawg
Before anyone goes out and purchases one of the GS switches from netgear
please look at these posts:

http://seclists.org/fulldisclosure/2016/Jan/77

http://seclists.org/fulldisclosure/2016/Mar/25

I was also very interested in those switches for the very same reason that
Frans is.  Honestly, if you are looking for an inexpensive gigabit switch
with VLAN capability you want something used...

For instance the Dell Powerconnect 5324 can be had on the US ebay for
something like $55.00.  This is a 24  The only effort you should do is to
reflash any switch you purchase with the latest firmware.  Which is why I
avoid some Cisco products because some of the firmware is paywalled.

The eight port variant is a Dell PowerConnect 2808.  Just because it is
half the size does not mean it is half the price but looking right now on
ebay they are around $55.

I have used both of these switches.  The only limitation I could find on
the 2808 is that you cannot change what VLAN the web interface is on, I
ended up solving that with a short cable from port to port on the same
switch one port the default vlan in Access and with the VLAN that I wanted
it on in Access.

I do not know if v3 has the same vulnerabilities that are talked about in
the links that I provided.  They look like serious issues that have not
been fixed yet.

On Tue, May 3, 2016 at 5:47 AM, Philipp Tölke  wrote:

> A Netgear Prosafe GS-108E (or 105E) is reasonably cheap (~$50) and
> manageable; try to get the version 3, it has a web-interface. Version 2 is
> only configurable using a Windows-Software.
>
>
> > -Original Message-
> > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Frans
> > Meulenbroeks
> > Sent: 3 May, 2016 10:39
> > To: list@lists.pfsense.org
> > Subject: Re: [pfSense] USB3 to ethernet adaptor
> >
> > Thanks for all the replies on the USB adapter
> >
> > I know VLAN's would work but unfortunately my switches are unmanaged
> > (this
> > is a home setup).
> >
> > Reason for asking is that I want to install on an Intel NUC. This one
> > only
> > has one physical network interface. I'm running vmware esx on it and
> > on top
> > of that a VM with pfsense with two virtual NIC's, one for WAN, one
> > for LAN.
> >
> > This works, I can bridge the cable modem to the WAN interface.
> > However the
> > LAN then is on the same physical interface. I would prefer to split
> > that,
> > hence my question.
> >
> > (or of course I could use other hardware than this NUC; I'm open to
> > suggestions as long as they are affordable for a home user and low
> > power).
> >
> > Best regards, Frans
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread Bob Gustafson

There is a FAQ for the v3:

Compare to v2, is there any new feature for GS108Ev3?
Yes, staring from v3, GS108E can be managed by web browser IE9 ~ 11, 
Firefox 26 ~ 29.0.1, Chrome 33.0.1750.117 ~ 35.0.1916.114 m, Safari 10.8.5.



On 05/03/2016 08:44 AM, Bob Gustafson wrote:

The only downloadable user guide refers only to Windows utility software.

At least there is downloadable user guide..

Bob G


On 05/03/2016 05:47 AM, Philipp Tölke wrote:

A Netgear Prosafe GS-108E (or 105E) is reasonably cheap (~$50) and
manageable; try to get the version 3, it has a web-interface. Version 
2 is

only configurable using a Windows-Software.



-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Frans
Meulenbroeks
Sent: 3 May, 2016 10:39
To: list@lists.pfsense.org
Subject: Re: [pfSense] USB3 to ethernet adaptor

Thanks for all the replies on the USB adapter

I know VLAN's would work but unfortunately my switches are unmanaged
(this
is a home setup).

Reason for asking is that I want to install on an Intel NUC. This one
only
has one physical network interface. I'm running vmware esx on it and
on top
of that a VM with pfsense with two virtual NIC's, one for WAN, one
for LAN.

This works, I can bridge the cable modem to the WAN interface.
However the
LAN then is on the same physical interface. I would prefer to split
that,
hence my question.

(or of course I could use other hardware than this NUC; I'm open to
suggestions as long as they are affordable for a home user and low
power).

Best regards, Frans
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread Bob Gustafson

The only downloadable user guide refers only to Windows utility software.

At least there is downloadable user guide..

Bob G


On 05/03/2016 05:47 AM, Philipp Tölke wrote:

A Netgear Prosafe GS-108E (or 105E) is reasonably cheap (~$50) and
manageable; try to get the version 3, it has a web-interface. Version 2 is
only configurable using a Windows-Software.



-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Frans
Meulenbroeks
Sent: 3 May, 2016 10:39
To: list@lists.pfsense.org
Subject: Re: [pfSense] USB3 to ethernet adaptor

Thanks for all the replies on the USB adapter

I know VLAN's would work but unfortunately my switches are unmanaged
(this
is a home setup).

Reason for asking is that I want to install on an Intel NUC. This one
only
has one physical network interface. I'm running vmware esx on it and
on top
of that a VM with pfsense with two virtual NIC's, one for WAN, one
for LAN.

This works, I can bridge the cable modem to the WAN interface.
However the
LAN then is on the same physical interface. I would prefer to split
that,
hence my question.

(or of course I could use other hardware than this NUC; I'm open to
suggestions as long as they are affordable for a home user and low
power).

Best regards, Frans
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread Peder Rovelstad
Set card to full-time RW and disable the update check.  Worked for my low
power install.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
WolfSec-Support
Sent: Tuesday, May 03, 2016 7:36 AM
To: list@lists.pfsense.org
Subject: Re: [pfSense] never ending update status / "Obtaining update
status" endless / on v2.3 on 32bit HW / e.g. ALIX

Update:
all i386 nanoBSD installs are affected

An ALIX with i386 on SSD and normal pfsense image works well

so seems only i386 nanoBSD installs are affected


2016-05-03 14:32 GMT+02:00 WolfSec-Support :

> Hello,
>
>
> have seen this behaviour on all my 32bit ALIX boards.
>
> "Obtaining update status"  is hown endless
>
> Has someone else have seen this ?
>
> I tried for tests multiple external DNS, also google 8.8.8.8 - no success.
> All on different ISP's and different locations.
>
> On my amd64 on all works fine - independent on hardware.
>
> Kind Regards
> Stephan
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] [SOLVED] AW: [Bulk] Strange problem with HAProxy failing after WAN IP changes

2016-05-03 Thread Dominique Kaspar
Hi,
 
> -Ursprüngliche Nachricht-
> Von: List [mailto:list-boun...@lists.pfsense.org] Im Auftrag von PiBa
> Gesendet: Montag, 2. Mai 2016 20:37
> An: pfSense Support and Discussion Mailing List 
> Betreff: Re: [pfSense] [Bulk] Strange problem with HAProxy failing after
> WAN IP changes
> 
> Hi,
> Afaik, haproxy does not and did not reload on a wan-ip change on either
> pfSense version.
> There are a few options though.
> -make haproxy frontend listen on 'any'
> -or use a portforward to forward incoming traffic to 127.0.0.1 , haproxy could
> then be listening on localhost:80.

Thank you! Indeed the solution to our problem was that simple, haproxy was 
listening on WAN IP (IP4) instead of ANY (IP4). It must have defaulted to that 
setting after the upgrade / the reinstall we did.



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread WolfSec-Support
Update:
all i386 nanoBSD installs are affected

An ALIX with i386 on SSD and normal pfsense image works well

so seems only i386 nanoBSD installs are affected


2016-05-03 14:32 GMT+02:00 WolfSec-Support :

> Hello,
>
>
> have seen this behaviour on all my 32bit ALIX boards.
>
> "Obtaining update status"  is hown endless
>
> Has someone else have seen this ?
>
> I tried for tests multiple external DNS, also google 8.8.8.8 - no success.
> All on different ISP's and different locations.
>
> On my amd64 on all works fine - independent on hardware.
>
> Kind Regards
> Stephan
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] [Bulk] V2.3 & Letsencrypt

2016-05-03 Thread Willem Visscher
Hi PiBa,

Thanks, This looks very interesting and promising already :)

I will read through your commits later this week, and possibly experiment a 
little further.

KR
Kamaradski




On 03/05/16 00:29, "List on behalf of PiBa"  wrote:

>Hi Kamaradski,
>
>Yes experimentation has been done and one package is pending.. 
>https://github.com/pfsense/FreeBSD-ports/pull/89
>
>Only step missing is that it gets pulled. Or get some more feedback 
>about what would be required to change..
>
>Configuration is a bit fragile but in general it does work.
>Also getting for example haproxy to serve the challenge file from disk 
>takes some additional configuration on that side. The same would be true 
>for any other LE scripts.
>
>Regards,
>PiBa-NL
>
>Op 2-5-2016 om 16:00 schreef Willem Visscher:
>> Hi List,
>>
>> Did anyone experienced any success with using LetsEncrypt certificates (and 
>> automatic ACME installation) on Pfsense V2.3 already ?
>>
>> In case of yes, would there be a good write-up available to get me started ?
>>
>> KR,
>> Kamaradski
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread Philipp Tölke
A Netgear Prosafe GS-108E (or 105E) is reasonably cheap (~$50) and
manageable; try to get the version 3, it has a web-interface. Version 2 is
only configurable using a Windows-Software.


> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Frans
> Meulenbroeks
> Sent: 3 May, 2016 10:39
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] USB3 to ethernet adaptor
>
> Thanks for all the replies on the USB adapter
>
> I know VLAN's would work but unfortunately my switches are unmanaged
> (this
> is a home setup).
>
> Reason for asking is that I want to install on an Intel NUC. This one
> only
> has one physical network interface. I'm running vmware esx on it and
> on top
> of that a VM with pfsense with two virtual NIC's, one for WAN, one
> for LAN.
>
> This works, I can bridge the cable modem to the WAN interface.
> However the
> LAN then is on the same physical interface. I would prefer to split
> that,
> hence my question.
>
> (or of course I could use other hardware than this NUC; I'm open to
> suggestions as long as they are affordable for a home user and low
> power).
>
> Best regards, Frans
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] 2.3 show stopper -- in most cases openvpn client specific overrides will fail to send proper iroute/push route

2016-05-03 Thread Philipp Tölke
Hi everyone,

just FYI, I also had to un-check "Address Pool" for our vpn with
"Static-IP-Overrides".

Regards,
Philipp

> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris
> Buechler
> Sent: 14 April, 2016 0:09
> To: pfSense Support and Discussion Mailing List
> Subject: Re: [pfSense] 2.3 show stopper -- in most cases openvpn
> client specific overrides will fail to send proper iroute/push route
>
> On Wed, Apr 13, 2016 at 6:08 AM, mayak  wrote:
> > hi all ,
> >
> > openvpn will fail on v2.3 if you are using `client specific
> overrides` where
> > `iroute` and `push route` are being used:
> >
> > if the `tunnel network` is:
> > 10.16.52.8/30
> >
> > and the `advanced section`:
> > iroute 172.16.32.0 255.255.255.0;
> > push "route 10.0.0.0 255.0.0.0";
> > push "route 172.16.0.0 255.240.0.0.0"
> >
>
> Sounds like this part of the release notes:
>
> OpenVPN topology change – configuration upgrade code was intended to
> set upgraded OpenVPN servers to topology net30, rather than the new
> default of topology subnet. This is not working as intended in some
> cases, but has been fixed for 2.3.1. In the mean time, editing your
> OpenVPN server instance and setting the topology to “net30” there
> will
> accomplish the same thing and fix it.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

2016-05-03 Thread Olivier Mascia
> Le 3 mai 2016 à 09:49, Chris Buechler  a écrit :
> 
>> Or would it be that my BACKUP (according to /status_carp.php) do also 
>> advertise (which it shouldn't as BACKUP)?
> 
> That's the problem. I'm seeing that in some cases and not others with
> IPv6 CARP in 2.3, with no apparent reason as to why. It seems like it
> continues to work fine in that circumstance for me, but that could
> definitely affect switch CAM tables and cause issues like packet loss
> in some environments. I need to look at it closer tomorrow.

It's a relief to read your comment. :)

As I clearly have a system where this happen, what would you need from me or my 
system to maybe help you pinpoint what's the cause?
Could this possibly be a NIC drivers issue?
Those are vmware VMs using VMXNET3 (underlying physical NICs on the cluster 
hosts are 10 Gbe).
Would it be worth trying to downgrade to E1000 and see if it helps? Or a 
probable pure loss of time?

Also, from your comment, am I right assuming this is not known to happen with 
<2.3 releases?
So that I could consider rebuilding those VMs using 2.2.6 for instance?
And upgrade to 2.3.x later?

Thanks!
-- 
Meilleures salutations, Met vriendelijke groeten, Best Regards,
Olivier Mascia, integral.be/om


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] USB3 to ethernet adaptor

2016-05-03 Thread Frans Meulenbroeks
Thanks for all the replies on the USB adapter

I know VLAN's would work but unfortunately my switches are unmanaged (this
is a home setup).

Reason for asking is that I want to install on an Intel NUC. This one only
has one physical network interface. I'm running vmware esx on it and on top
of that a VM with pfsense with two virtual NIC's, one for WAN, one for LAN.

This works, I can bridge the cable modem to the WAN interface. However the
LAN then is on the same physical interface. I would prefer to split that,
hence my question.

(or of course I could use other hardware than this NUC; I'm open to
suggestions as long as they are affordable for a home user and low power).

Best regards, Frans
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] pfsense: first experience/first problem

2016-05-03 Thread Frans Meulenbroeks
Hi,

I understand that I can turn off dhcp6 at the interfaces page, but the web
page is not very well reachable if dhcp is blasting at full speed.
Especially not if one is a newb without too much experience.

Frans.



> Date: Mon, 02 May 2016 10:31:47 +
> From: Cheyenne Deal 
> To: pfSense Support and Discussion Mailing List
> 
> Subject: Re: [pfSense] pfsense: first experience/first problem
> Message-ID:
>  7uyg...@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> You can turn off dhcp6 on the interfaces page
>
> On Mon, May 2, 2016, 02:55 Frans Meulenbroeks  >
> wrote:
>
> > Hi,
> >
> > Last weekend I started with pfsense and during that I immediately
> > encountered an issue that I would like to report here (assuming this is
> the
> > right place to do so).
> >
> > What happened was that after installing the WAN port got an IPv4 address
> > over DHCP but kept on spawning DHCPv6 requests at a rate that totally
> > swamped my network.
> > I'm not sure if it should be sending DHCPv6 requests at all after
> getting a
> > v4 address (there is no DHCPv6 server in my network), but in any case the
> > rate of the requests was way too fast.
> >
> > I managed to get rid of it by doing something like pfctl -d (forgot the
> > exact incantation, someone on irc suggested this); then after a pfctl -e
> > the issue was gone (maybe it would also be gone after a reboot, didn't
> try
> > that).
> >
> > This may be something someone wants to look into as it is a really bad
> > initial experience.
> >
> > Best regards, Frans.
> >
> > PS: is it possible to get access of the latest version of the book
> without
> > being a gold member? I'm a home user; not looking for a freebee but $
> 99/yr
> > is a bit too steep for me especially now when I am still investigating
> > whether this is the right tool for me.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] pfsense on watchguard XTM 810

2016-05-03 Thread Eero Volotinen
Hi,

Does anyone has instructions how to install pfsense on watchguard XTM 810?
which image is requires? is console cable required? what type of console
cable is needed?

--
Eero
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold