[pfSense] Migrating existing install to another drive

2016-07-15 Thread Dan Langille
Hello, I have a NetGate APU2 running pfSense 2.3. It came pre-installed and I've upgraded it over the past two years. It also came a 16GB mSata card and an 8GB SD card, both of which I think are unused. I write for advice on how best to start using these unused resources. The questions: - Wh

Re: [pfSense] pfsync_undefer_state: unable to find deferred state

2016-07-15 Thread Steve Yates
This may or may not be related but after he upgrade to 2.3.1 I did find a continual stream of checksum error alerts in Suricata. As found online, disabling Hardware Checksum Offloading fixed it, even though this is on a virtual machine. -- Steve Yates ITS, Inc. -Original Message- Fro

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Chris Buechler
On Fri, Jul 15, 2016 at 2:08 PM, Marc R. Meshurle Jr. wrote: > x.x.x.x is the PFSense and y.y.y.y is the Cisco > > Jul 16 00:05:54 charon: 11[IKE] deleting IKE_SA con2000[673] > between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:54 charon: 11[IKE] received DELETE for IKE_SA > con2000[6

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Eero Volotinen
Provide also logs from Cisco ASA. NO_PROPOSAL_CHOSEN usually means that cipher specs does not match on both sides. Could you provide screenshot from cipher settings. -- Eero 2016-07-15 22:08 GMT+03:00 Marc R. Meshurle Jr. : > x.x.x.x is the PFSense and y.y.y.y is the Cisco > > Jul 16 00:05:54 c

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Marc R. Meshurle Jr.
x.x.x.x is the PFSense and y.y.y.y is the Cisco Jul 16 00:05:54 charon: 11[IKE] deleting IKE_SA con2000[673] between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] Jul 16 00:05:54 charon: 11[IKE] received DELETE for IKE_SA con2000[673] Jul 16 00:05:54 charon: 11[ENC] parsed INFORMATIONAL_V1 request 303

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Chris Buechler
On Fri, Jul 15, 2016 at 11:32 AM, Marc R. Meshurle Jr. wrote: > I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with > the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've > matched the Phase 2 proposals up and it still fails on the Phase 2 side. I'v

[pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Marc R. Meshurle Jr.
I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've matched the Phase 2 proposals up and it still fails on the Phase 2 side. I've tried every combination of SA protocols and none stay connected.

Re: [pfSense] Notification e-mail settings

2016-07-15 Thread Edward Holcroft
OK, thanks. I'll keep an eye on it. On Thu, Jul 14, 2016 at 8:48 PM, Michael kellogg wrote: > there is an open bug for the mail bomb > > On Thu, Jul 14, 2016 at 7:00 PM, Edward Holcroft > wrote: > > > I have my pfSense set to notify if one of my gateways goes down. It does > > this very well. T