[pfSense] Migrating existing install to another drive
Hello, I have a NetGate APU2 running pfSense 2.3. It came pre-installed and I've upgraded it over the past two years. It also came a 16GB mSata card and an 8GB SD card, both of which I think are unused. I write for advice on how best to start using these unused resources. The questions: - Where is pfSense installed if not on either of ada0 or da0? - Does it make sense to start using ada0 and install pfSense there? - Do you have other recommendations? - Oh, look at that in dmesg: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf Things seem to be working fine without that. What am I missing out on? # df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/ufs/pfsense11.8G822M876M48%/ devfs1.0K1.0K 0B 100%/dev /dev/ufs/cf 49M7.7M 38M17%/cf /dev/md0 38M384K 35M 1%/tmp /dev/md1 58M 26M 27M48%/var devfs1.0K1.0K 0B 100%/var/dhcpd/dev But the system does have two drives: # sysctl kern.disks kern.disks: ada0 da0 >From dmesg (full output at end of email): ada0 at ahcich0 bus 0 scbus0 target 0 lun 0 ada0: ATA-7 SATA 2.x device ada0: Serial Number YTAK13450285 ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes) ada0: Command Queueing enabled ada0: 15258MB (31248704 512 byte sectors) ada0: Previously was known as ad4 umass0: on usbus6 da0 at umass-sim0 bus 0 scbus6 target 0 lun 0 da0: Removable Direct Access SPC-2 SCSI device da0: Serial Number 058F63666485 da0: 40.000MB/s transfers da0: 7580MB (15523840 512 byte sectors) da0: quirks=0x2 Full dmesg output: Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.3-RELEASE #4 05adf0a(RELENG_2_3_0): Mon Apr 11 19:09:19 CDT 2016 root@factory23-amd64-builder:/builder/factory-230/tmp/obj/builder/factory-230/tmp/FreeBSD-src/sys/pfSense amd64 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU) Origin="AuthenticAMD" Id=0x500f20 Family=0x14 Model=0x2 Stepping=0 Features=0x178bfbff Features2=0x802209 AMD Features=0x2e500800 AMD Features2=0x35ff SVM: NP,NRIP,NAsids=8 TSC: P-state invariant, performance statistics real memory = 2115289088 (2017 MB) avail memory = 2007412736 (1914 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 random: initialized ioapic0 irqs 0-23 on motherboard wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0x806208b0, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0x80620960, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0x80620a10, 0) error 1 iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_bss_fw, 0x80647bb0, 0) error 1 iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_ibss_fw, 0x80647c60, 0) error 1 iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_monitor_fw, 0x80647d10, 0) error 1 netmap: loaded module kbd0 at kbdmux0 module_register_init: MOD_LOAD (vesa, 0x810166d0, 0) error 19 cryptosoft0: on motherboard padlock0: No ACE support. acpi0: on motherboard acpi0: Power Button (fixed) cpu0: on acpi0 cpu1: on acpi0 atrtc0: port 0x70-0x71 irq 8 on acpi0 Event timer "RTC" frequency 32768 Hz quality 0 attimer0: port 0x40-0x43 irq 0 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <32-bit timer at 3.579545MHz>
Re: [pfSense] pfsync_undefer_state: unable to find deferred state
This may or may not be related but after he upgrade to 2.3.1 I did find a continual stream of checksum error alerts in Suricata. As found online, disabling Hardware Checksum Offloading fixed it, even though this is on a virtual machine. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Friday, July 8, 2016 4:30 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] pfsync_undefer_state: unable to find deferred state I found thread https://forum.pfsense.org/index.php?topic=87541.60 ...and posted there but it's old and references 2.1.x and 2.2.x versions. After upgrading from 2.2.6 to 2.3.1_5 we get a long spew of this logged during a Limiter-limited rsync each night (it also shows on the console screen): Jul 8 02:47:36 kernel defer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred state Jul 8 02:47:36 kernel _undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_und efer_state: unable to find deferred statepf Jul 8 02:47:36 kernel ync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: unable to find deferred statepfsync_ undefer_state: unable to find deferred stat It continues while traffic that triggers the limiter rule is in effect and ends immediately upon traffic's end. The Limiter set up is only using Firewall\Traffic Shaper\Limiters: LimitBackupUpLAN 50Mbit/sOvernight [Mon - Sun / 0:00-6:45] 15Mbit/sDay LimitBackupUpLAN 50Mbit/sOvernight 15Mbit/sDay The limiter is on a rule on the LAN interface, with "In / Out pipe" set. It only matches to one IP. Neither checking "No pfSync" nor setting "State type" to None seem to have any effect. I think that's the equivalent of what they mentioned in the forum thread... 'unchek the flag "State Type" to "NO pfsync".' I can duplicate this at will...in this case an "rsync --dry-run" is plenty. It doesn't seem to have any effect on traffic since the copy works fine, it appears to just be a logging issue. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC
On Fri, Jul 15, 2016 at 2:08 PM, Marc R. Meshurle Jr. wrote: > x.x.x.x is the PFSense and y.y.y.y is the Cisco > > Jul 16 00:05:54 charon: 11[IKE] deleting IKE_SA con2000[673] > between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:54 charon: 11[IKE] received DELETE for IKE_SA > con2000[673] > Jul 16 00:05:54 charon: 11[ENC] parsed INFORMATIONAL_V1 request > 303027 [ HASH D ] > Jul 16 00:05:54 charon: 11[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:54 charon: 05[IKE] received NO_PROPOSAL_CHOSEN > error notify > Jul 16 00:05:54 charon: 05[ENC] parsed INFORMATIONAL_V1 request > 1608868438 [ HASH N(NO_PROP) ] No proposal means something doesn't match in your config. The ASA is sending that, it might be logging something more useful as to why it's sending NO_PROP. No way to tell anything other than "config doesn't match" from the logs on that side. It's a mismatch in P1. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC
Provide also logs from Cisco ASA. NO_PROPOSAL_CHOSEN usually means that cipher specs does not match on both sides. Could you provide screenshot from cipher settings. -- Eero 2016-07-15 22:08 GMT+03:00 Marc R. Meshurle Jr. : > x.x.x.x is the PFSense and y.y.y.y is the Cisco > > Jul 16 00:05:54 charon: 11[IKE] deleting IKE_SA con2000[673] > between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:54 charon: 11[IKE] received DELETE for IKE_SA > con2000[673] > Jul 16 00:05:54 charon: 11[ENC] parsed INFORMATIONAL_V1 > request 303027 [ HASH D ] > Jul 16 00:05:54 charon: 11[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:54 charon: 05[IKE] received NO_PROPOSAL_CHOSEN > error notify > Jul 16 00:05:54 charon: 05[ENC] parsed INFORMATIONAL_V1 > request 1608868438 [ HASH N(NO_PROP) ] > Jul 16 00:05:54 charon: 05[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:54 charon: 05[NET] sending packet: from > x.x.x.x[500] to y.y.y.y[500] (396 bytes) > Jul 16 00:05:54 charon: 05[ENC] generating QUICK_MODE > request 4135665263 [ HASH SA No KE ID ID ] > Jul 16 00:05:54 charon: 05[IKE] maximum IKE_SA lifetime > 86369s > Jul 16 00:05:54 charon: 05[IKE] scheduling reauthentication > in 85829s > Jul 16 00:05:54 charon: 05[IKE] IKE_SA con2000[673] > established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:54 charon: 05[IKE] received DPD vendor ID > Jul 16 00:05:54 charon: 05[ENC] parsed ID_PROT response 0 [ > ID HASH V ] > Jul 16 00:05:54 charon: 05[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:54 charon: 05[NET] sending packet: from > x.x.x.x[500] to y.y.y.y[500] (100 bytes) > Jul 16 00:05:54 charon: 05[ENC] generating ID_PROT request 0 > [ ID HASH N(INITIAL_CONTACT) ] > Jul 16 00:05:54 charon: 05[ENC] received unknown vendor ID: > 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00 > Jul 16 00:05:54 charon: 05[ENC] received unknown vendor ID: > 11:84:28:cb:63:c1:36:01:1c:b0:82:fb:98:db:9d:aa > Jul 16 00:05:54 charon: 05[IKE] received XAuth vendor ID > Jul 16 00:05:54 charon: 05[IKE] received Cisco Unity vendor > ID > Jul 16 00:05:54 charon: 05[ENC] parsed ID_PROT response 0 [ > KE No V V V V NAT-D NAT-D ] > Jul 16 00:05:54 charon: 05[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (304 bytes) > Jul 16 00:05:54 charon: 05[NET] sending packet: from > x.x.x.x[500] to y.y.y.y[500] (244 bytes) > Jul 16 00:05:54 charon: 05[ENC] generating ID_PROT request 0 > [ KE No NAT-D NAT-D ] > Jul 16 00:05:54 charon: 05[IKE] received FRAGMENTATION > vendor ID > Jul 16 00:05:54 charon: 05[IKE] received NAT-T (RFC 3947) > vendor ID > Jul 16 00:05:54 charon: 05[ENC] parsed ID_PROT response 0 [ > SA V V ] > Jul 16 00:05:54 charon: 05[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (128 bytes) > Jul 16 00:05:54 charon: 11[NET] sending packet: from > x.x.x.x[500] to y.y.y.y[500] (200 bytes) > Jul 16 00:05:54 charon: 11[ENC] generating ID_PROT request 0 > [ SA V V V V V V ] > Jul 16 00:05:54 charon: 11[IKE] initiating Main Mode IKE_SA > con2000[673] to y.y.y.y > Jul 16 00:05:54 charon: 09[KNL] creating acquire job for policy > x.x.x.x/32|/0 === y.y.y.y/32|/0 with reqid {20} > Jul 16 00:05:53 charon: 11[IKE] deleting IKE_SA con2000[672] > between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:53 charon: 11[IKE] received DELETE for IKE_SA > con2000[672] > Jul 16 00:05:53 charon: 11[ENC] parsed INFORMATIONAL_V1 > request 3572694564 [ HASH D ] > Jul 16 00:05:53 charon: 11[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:53 charon: 09[IKE] received NO_PROPOSAL_CHOSEN > error notify > Jul 16 00:05:53 charon: 09[ENC] parsed INFORMATIONAL_V1 > request 4230419079 [ HASH N(NO_PROP) ] > Jul 16 00:05:53 charon: 09[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:53 charon: 09[NET] sending packet: from > x.x.x.x[500] to y.y.y.y[500] (396 bytes) > Jul 16 00:05:53 charon: 09[ENC] generating QUICK_MODE > request 1039796497 [ HASH SA No KE ID ID ] > Jul 16 00:05:53 charon: 09[IKE] maximum IKE_SA lifetime > 85885s > Jul 16 00:05:53 charon: 09[IKE] scheduling reauthentication > in 85345s > Jul 16 00:05:53 charon: 09[IKE] IKE_SA con2000[672] > established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:53 charon: 09[IKE] received DPD vendor ID > Jul 16 00:05:53 charon: 09[ENC] parsed ID_PROT response 0 [ > ID HASH V ] > Jul 16 00:05:53 charon: 09[NET] received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:53 charon: 09[NET] sending packet: from > x.x.x.x[500] to y.y.y.y[500] (100 bytes) > Jul 16 00:05:53 charon: 09[ENC] generating ID_PROT request 0 > [ ID HASH N(INITIAL_CONTACT) ] > Jul 16 00:05:53 charon: 09[ENC] received unknown vendor ID: > 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00 > Jul 16 00:05:53 charon: 09[ENC] received unknown vendor ID: > 6c:3e:73:55:de:28:4
Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC
x.x.x.x is the PFSense and y.y.y.y is the Cisco Jul 16 00:05:54 charon: 11[IKE] deleting IKE_SA con2000[673] between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] Jul 16 00:05:54 charon: 11[IKE] received DELETE for IKE_SA con2000[673] Jul 16 00:05:54 charon: 11[ENC] parsed INFORMATIONAL_V1 request 303027 [ HASH D ] Jul 16 00:05:54 charon: 11[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (84 bytes) Jul 16 00:05:54 charon: 05[IKE] received NO_PROPOSAL_CHOSEN error notify Jul 16 00:05:54 charon: 05[ENC] parsed INFORMATIONAL_V1 request 1608868438 [ HASH N(NO_PROP) ] Jul 16 00:05:54 charon: 05[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (84 bytes) Jul 16 00:05:54 charon: 05[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (396 bytes) Jul 16 00:05:54 charon: 05[ENC] generating QUICK_MODE request 4135665263 [ HASH SA No KE ID ID ] Jul 16 00:05:54 charon: 05[IKE] maximum IKE_SA lifetime 86369s Jul 16 00:05:54 charon: 05[IKE] scheduling reauthentication in 85829s Jul 16 00:05:54 charon: 05[IKE] IKE_SA con2000[673] established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] Jul 16 00:05:54 charon: 05[IKE] received DPD vendor ID Jul 16 00:05:54 charon: 05[ENC] parsed ID_PROT response 0 [ ID HASH V ] Jul 16 00:05:54 charon: 05[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (84 bytes) Jul 16 00:05:54 charon: 05[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (100 bytes) Jul 16 00:05:54 charon: 05[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Jul 16 00:05:54 charon: 05[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00 Jul 16 00:05:54 charon: 05[ENC] received unknown vendor ID: 11:84:28:cb:63:c1:36:01:1c:b0:82:fb:98:db:9d:aa Jul 16 00:05:54 charon: 05[IKE] received XAuth vendor ID Jul 16 00:05:54 charon: 05[IKE] received Cisco Unity vendor ID Jul 16 00:05:54 charon: 05[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ] Jul 16 00:05:54 charon: 05[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (304 bytes) Jul 16 00:05:54 charon: 05[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (244 bytes) Jul 16 00:05:54 charon: 05[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Jul 16 00:05:54 charon: 05[IKE] received FRAGMENTATION vendor ID Jul 16 00:05:54 charon: 05[IKE] received NAT-T (RFC 3947) vendor ID Jul 16 00:05:54 charon: 05[ENC] parsed ID_PROT response 0 [ SA V V ] Jul 16 00:05:54 charon: 05[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (128 bytes) Jul 16 00:05:54 charon: 11[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (200 bytes) Jul 16 00:05:54 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V V ] Jul 16 00:05:54 charon: 11[IKE] initiating Main Mode IKE_SA con2000[673] to y.y.y.y Jul 16 00:05:54 charon: 09[KNL] creating acquire job for policy x.x.x.x/32|/0 === y.y.y.y/32|/0 with reqid {20} Jul 16 00:05:53 charon: 11[IKE] deleting IKE_SA con2000[672] between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] Jul 16 00:05:53 charon: 11[IKE] received DELETE for IKE_SA con2000[672] Jul 16 00:05:53 charon: 11[ENC] parsed INFORMATIONAL_V1 request 3572694564 [ HASH D ] Jul 16 00:05:53 charon: 11[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (84 bytes) Jul 16 00:05:53 charon: 09[IKE] received NO_PROPOSAL_CHOSEN error notify Jul 16 00:05:53 charon: 09[ENC] parsed INFORMATIONAL_V1 request 4230419079 [ HASH N(NO_PROP) ] Jul 16 00:05:53 charon: 09[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (84 bytes) Jul 16 00:05:53 charon: 09[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (396 bytes) Jul 16 00:05:53 charon: 09[ENC] generating QUICK_MODE request 1039796497 [ HASH SA No KE ID ID ] Jul 16 00:05:53 charon: 09[IKE] maximum IKE_SA lifetime 85885s Jul 16 00:05:53 charon: 09[IKE] scheduling reauthentication in 85345s Jul 16 00:05:53 charon: 09[IKE] IKE_SA con2000[672] established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] Jul 16 00:05:53 charon: 09[IKE] received DPD vendor ID Jul 16 00:05:53 charon: 09[ENC] parsed ID_PROT response 0 [ ID HASH V ] Jul 16 00:05:53 charon: 09[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (84 bytes) Jul 16 00:05:53 charon: 09[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (100 bytes) Jul 16 00:05:53 charon: 09[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Jul 16 00:05:53 charon: 09[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00 Jul 16 00:05:53 charon: 09[ENC] received unknown vendor ID: 6c:3e:73:55:de:28:43:20:be:13:23:da:35:92:c6:5a Jul 16 00:05:53 charon: 09[IKE] received XAuth vendor ID Jul 16 00:05:53 charon: 09[IKE] received Cisco Unity vendor ID Jul 16 00:05:53 charon: 09[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ] Jul 16 00:05:53 charon: 09[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (304 bytes) Jul 16 00:05:53 charon: 09[NET] sending packet: f
Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC
On Fri, Jul 15, 2016 at 11:32 AM, Marc R. Meshurle Jr. wrote: > I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with > the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've > matched the Phase 2 proposals up and it still fails on the Phase 2 side. I've > tried every combination of SA protocols and none stay connected. > > Any thoughts? > What do your IPsec logs show? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC
I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've matched the Phase 2 proposals up and it still fails on the Phase 2 side. I've tried every combination of SA protocols and none stay connected. Any thoughts? Marc R. Meshurle, Jr. Sr. Engineer KatoTech (Division of Bullets & Bytes, Inc.) Exton, PA. 19341 610-280-3566 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Notification e-mail settings
OK, thanks. I'll keep an eye on it. On Thu, Jul 14, 2016 at 8:48 PM, Michael kellogg wrote: > there is an open bug for the mail bomb > > On Thu, Jul 14, 2016 at 7:00 PM, Edward Holcroft > wrote: > > > I have my pfSense set to notify if one of my gateways goes down. It does > > this very well. Too well, in fact. I get hundreds of emails, even if a gw > > is down for just a few minutes. > > > > Is there a way to make it send less notifications? > > > > ed > > > > -- > > > > _ > > > > *Edward O. Holcroft* > > IT Operations Manager > > > > *Madsen, Kneppers & Associates, Inc.* > > Construction Consultants & Engineers > > 11695 Johns Creek Parkway, Suite 250 > > Johns Creek, GA 30097 > > > > *O* 770.446.9606 | *F* 770.446.9612 | *C* 770.630.0949 | > > eholcr...@mkainc.com > > > > www.mkainc.com > > > > -- > > MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. > WARNING/CONFIDENTIALITY > > NOTICE: This message may be confidential and/or privileged. If you are > not > > the intended recipient, please notify the sender immediately then delete > it > > - you should not copy or use it for any purpose or disclose its content > to > > any other person. Internet communications are not secure. You should scan > > this message and any attachments for viruses. Any unauthorized use or > > interception of this e-mail is illegal. > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > > > > -- > Grand River Jersey Farm > grandriv...@gmail.com > 440-813-8298 > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- _ *Edward O. Holcroft* IT Operations Manager *Madsen, Kneppers & Associates, Inc.* Construction Consultants & Engineers 11695 Johns Creek Parkway, Suite 250 Johns Creek, GA 30097 *O* 770.446.9606 | *F* 770.446.9612 | *C* 770.630.0949 | eholcr...@mkainc.com www.mkainc.com -- MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or privileged. If you are not the intended recipient, please notify the sender immediately then delete it - you should not copy or use it for any purpose or disclose its content to any other person. Internet communications are not secure. You should scan this message and any attachments for viruses. Any unauthorized use or interception of this e-mail is illegal. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold