Re: [pfSense] Unexplained reboots
Hi, I have a ProLiant DL385 G7 and get the same problem. I updated the firmware, and since this, it's all good. mat Le 24/10/2016 à 22:04, mayak a écrit : On 10/24/2016 09:41 PM, Rainer Duffner wrote: Does the iLO say something? ECC errors? Did you do a Firmware Update? Spontaneous reboots are often hardware-problems. Hi Rainer, Curiously, the ilo log is showing `server reset` `server power removed`. Wow. I have changed power policy to `static lower power mode` instead of `dynamic power saving` Let's see if that helps! Thanks :-) M ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense on EC2 & IPsec
Well, as it happens, I resolved this within 60 seconds of hitting send. :) On the side behind NAT, I need to change my identifier to "IP Address" instead of "My IP Address", and listed the public IP of the instance. At that point, everything came up as expected. -Erik On Mon, Oct 24, 2016 at 8:55 PM, Erik Anderson wrote: > Hello - > > I recently deployed the Netgate pfSense appliance into an AWS VPC. Due > to how AWS handles their networking, all traffic to/from servers there > to the public internet transit a 1:1 NAT. So the IP address that is on > my pfSense router's WAN interface differs from its true public IP. > > I should note that I have pfSense on both sides - 2.3_RELEASE on the > non-AWS side and 2.3.2_RELEASE inside AWS. > > As I expected when setting out to do this, I ran into some IPsec > related issues when trying to bring up a tunnel. I've set up tunnels > dozens of times between pfsense and other IPsec stacks without issue - > this is the first time I've been stumped, and I'm certain it has > something to do with the fact that the traffic transits a NAT on the > way to the pfsense WAN interface. > > When I try and bring up the tunnel, I see these logs on the non-AWS end: > > http://hastebin.com/uyodoqubem.css > > ...and these on the AWS pfsense: > > http://hastebin.com/dinogaliyi.vbs > > Any ideas what could be going wrong here? > > This log message "found 1 matching config, but none allows pre-shared > key authentication using Main Mode" seems like a red herring, as I've > been through the P1 configs on both sides many times to make sure that > parameters match. > > Thanks all - > Erik ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfSense on EC2 & IPsec
Hello - I recently deployed the Netgate pfSense appliance into an AWS VPC. Due to how AWS handles their networking, all traffic to/from servers there to the public internet transit a 1:1 NAT. So the IP address that is on my pfSense router's WAN interface differs from its true public IP. I should note that I have pfSense on both sides - 2.3_RELEASE on the non-AWS side and 2.3.2_RELEASE inside AWS. As I expected when setting out to do this, I ran into some IPsec related issues when trying to bring up a tunnel. I've set up tunnels dozens of times between pfsense and other IPsec stacks without issue - this is the first time I've been stumped, and I'm certain it has something to do with the fact that the traffic transits a NAT on the way to the pfsense WAN interface. When I try and bring up the tunnel, I see these logs on the non-AWS end: http://hastebin.com/uyodoqubem.css ...and these on the AWS pfsense: http://hastebin.com/dinogaliyi.vbs Any ideas what could be going wrong here? This log message "found 1 matching config, but none allows pre-shared key authentication using Main Mode" seems like a red herring, as I've been through the P1 configs on both sides many times to make sure that parameters match. Thanks all - Erik ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Unexplained reboots
On 10/24/2016 10:13 PM, Rainer Duffner wrote: Somebody accidentally removed the power-cord? Or did somebody press the power-off button? Hi Rainer, That's not really a feasible hypothesis -- other boxes are plugged into the same power strips and they're all fine. This box has 2 PS plugged into different strips. I think that the power supply went to sleep on low use. We'll see tomorrow. Thanks! M ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Unexplained reboots
> Am 24.10.2016 um 22:04 schrieb mayak : > > On 10/24/2016 09:41 PM, Rainer Duffner wrote: >> >> Does the iLO say something? >> ECC errors? >> >> Did you do a Firmware Update? >> >> Spontaneous reboots are often hardware-problems. > Hi Rainer, > > Curiously, the ilo log is showing `server reset` `server power removed`. > > Wow. > > I have changed power policy to `static lower power mode` instead of `dynamic > power saving` > > Let's see if that helps! > > Thanks :-) Somebody accidentally removed the power-cord? Or did somebody press the power-off button? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Unexplained reboots
On 10/24/2016 09:41 PM, Rainer Duffner wrote: Does the iLO say something? ECC errors? Did you do a Firmware Update? Spontaneous reboots are often hardware-problems. Hi Rainer, Curiously, the ilo log is showing `server reset` `server power removed`. Wow. I have changed power policy to `static lower power mode` instead of `dynamic power saving` Let's see if that helps! Thanks :-) M ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Unexplained reboots
> Am 24.10.2016 um 21:39 schrieb mayak : > > Hi All, > > I have an HP-Dl380G7 with 24G and 2 processors -- ridiculous hardware, gut I > got it for free. It's got 2 power supplies and is sitting in a data center. > > This morning around 11:00 CET, it just rebooted, and has now done it again at > around 21:00. > > The hardware is has a few years on it, but was rarely used and is in > excellent condition. > > What can I do to help figure out what is happening? > Does the iLO say something? ECC errors? Did you do a Firmware Update? Spontaneous reboots are often hardware-problems. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Unexplained reboots
Hi All, I have an HP-Dl380G7 with 24G and 2 processors -- ridiculous hardware, gut I got it for free. It's got 2 power supplies and is sitting in a data center. This morning around 11:00 CET, it just rebooted, and has now done it again at around 21:00. The hardware is has a few years on it, but was rarely used and is in excellent condition. What can I do to help figure out what is happening? Many Thanks M ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Rule Processing Order
Can anyone give a philosophical/design purpose why the general OpenVPN rules are processed before the interface-specific OpenVPN rules (i.e. an OpenVPN server bound to an interface). Processing rules from most-specific to least-specific seems like a more intuitive design guideline, but I'm certainly under-thinking a competing design priority. Can anyone suggest a good rationale? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense gmirror installation and disk replacement
https://doc.pfsense.org/index.php/Create_a_Software_RAID1_(gmirror) .. backup and config restore works from management gui.. eero 24.10.2016 5.47 ip. "Chris" kirjoitti: > All, > > 1. I've a pfSense installation without software raid. Is it possible to > re-install pfSense with gmirror and import the old configuration file? > > 2. Where can I check the array status and what steps are necessary to > replace a disk? > > Can I use gmirror status, gmirror forget before replacing the disk and > gmirror insert to rebuild the array? > > Is it possible to shutdown the machine after gmirror forget? > > Thank you in advance! > > - Chris > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfSense gmirror installation and disk replacement
All, 1. I've a pfSense installation without software raid. Is it possible to re-install pfSense with gmirror and import the old configuration file? 2. Where can I check the array status and what steps are necessary to replace a disk? Can I use gmirror status, gmirror forget before replacing the disk and gmirror insert to rebuild the array? Is it possible to shutdown the machine after gmirror forget? Thank you in advance! - Chris ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Diagnosing System lag
I’m changing my approach… I have had pings going for hours internally and externally and it’s probably a dying WAP. I’ll know more in a few days. The biggest issue I have is the site is over 90 minutes away so going and testing things doesn’t always mean anything it might not repeat the symptom for a few hours and by that point I could be home already. :-\ That said… if it’s the WAP that’s dying they’re getting replaced next weekend and the switch is going to be replaced as well with a pre-programmed one. > On Oct 24, 2016, at 8:24 AM, Eero Volotinen wrote: > > How about trying another hardware? > > it's cheap nowadays.. > > Eero > > 2016-10-22 20:40 GMT+03:00 Ryan Coleman : > >> My NetGate APU installation hangs, seemingly randomly… and has for most of >> the two years since purchase and installation. >> >> How might I diagnose these issues? >> >>> --- 10.20.0.1 ping statistics --- >>> 296 packets transmitted, 271 packets received, 8.4% packet loss >>> round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms >> >> Many of the lost packets easily came in late. 48 seconds for pings? The >> network seems to be fine - rebooting switches does not effect the issue. It >> will resolve itself after 3-4 minutes but our radio in the bar is fed over >> the net so it gets frustrating at times. >> >> Thanks! >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Diagnosing System lag
How about trying another hardware? it's cheap nowadays.. Eero 2016-10-22 20:40 GMT+03:00 Ryan Coleman : > My NetGate APU installation hangs, seemingly randomly… and has for most of > the two years since purchase and installation. > > How might I diagnose these issues? > > > --- 10.20.0.1 ping statistics --- > > 296 packets transmitted, 271 packets received, 8.4% packet loss > > round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms > > Many of the lost packets easily came in late. 48 seconds for pings? The > network seems to be fine - rebooting switches does not effect the issue. It > will resolve itself after 3-4 minutes but our radio in the bar is fed over > the net so it gets frustrating at times. > > Thanks! > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Diagnosing System lag
Typo. > On Oct 24, 2016, at 7:09 AM, Vick Khera wrote: > > On Sun, Oct 23, 2016 at 1:38 PM, Ryan Coleman wrote: >> Why? 57,265 pings sent. 57,625 pings received. > > If you get more pings than you send, someone thinks they're you. Find > out who is sharing the IP and fix that. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Diagnosing System lag
On Sun, Oct 23, 2016 at 1:38 PM, Ryan Coleman wrote: > Why? 57,265 pings sent. 57,625 pings received. If you get more pings than you send, someone thinks they're you. Find out who is sharing the IP and fix that. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
