[pfSense] can I run dhcp v4 and v6 relay on the same LAN interface pfsense

2016-11-15 Thread Shivaram Mysore 
Hello,
I have a separate DHCP sever and am running both v4 & v6 servers on the
same eth1 interface.

On pfSense, I have one LAN interface configured it with both v4 & v6 static
IP addresses.  I am also running DHCP v4 relay on the same.  v4 relay works
fine.  v6 relay, I get a syslog message:

/services_dhcpv6_relay.php: No suitable interface found for running
dhcrelay -6!

What could be an issue here?

Thanks

/Shivaram
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Eero Volotinen 
ok. does it also sync all settings like ipsec and openvpn keys?

Eero

16.11.2016 7.14 ap. "Chris L"  kirjoitti:

> > On Nov 15, 2016, at 1:50 PM, Eero Volotinen 
> wrote:
> >
> > same ports? you mean that same port assigment and nic can be different
> type?
> >
> > eero
>
> No.
>
> Hardware should be as identical as possible. 100% identical is best. If
> LAN is em0 on one side, it must be em0 on the other.
>
>
> >
> > 15.11.2016 11.36 ip. "Steve Yates"  kirjoitti:
> >
> >>Any hardware should work fine.  They recommend a separate
> NIC/port
> >> for the sync traffic since if syncing states there can be a lot of
> traffic
> >> (if not syncing state there is probably very little).  I don't think it
> >> needs to be identical hardware but the rules would need to copy over so
> it
> >> would need the same ports.
> >>
> >>One gotcha that caught me...under "System/High Availability
> >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a
> >> "Remote System Username" field.  That field is ignored, and "admin" is
> >> always used.
> >>
> >> --
> >>
> >> Steve Yates
> >> ITS, Inc.
> >>
> >> -Original Message-
> >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
> >> Volotinen
> >> Sent: Tuesday, November 15, 2016 2:20 PM
> >> To: pfSense Support and Discussion Mailing List  >
> >> Subject: [pfSense] pfsense + carp + ha
> >>
> >> Hi List,
> >>
> >> What are requirements for pfsense ha clustering? does any of x86
> hardware
> >> work with ha? does hardware need to be identical?
> >>
> >> ___
> >> pfSense mailing list
> >> https://lists.pfsense.org/mailman/listinfo/list
> >> Support the project with Gold! https://pfsense.org/gold
> >>
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Chris L 
> On Nov 15, 2016, at 1:50 PM, Eero Volotinen  wrote:
> 
> same ports? you mean that same port assigment and nic can be different type?
> 
> eero

No.

Hardware should be as identical as possible. 100% identical is best. If LAN is 
em0 on one side, it must be em0 on the other.


> 
> 15.11.2016 11.36 ip. "Steve Yates"  kirjoitti:
> 
>>Any hardware should work fine.  They recommend a separate NIC/port
>> for the sync traffic since if syncing states there can be a lot of traffic
>> (if not syncing state there is probably very little).  I don't think it
>> needs to be identical hardware but the rules would need to copy over so it
>> would need the same ports.
>> 
>>One gotcha that caught me...under "System/High Availability
>> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a
>> "Remote System Username" field.  That field is ignored, and "admin" is
>> always used.
>> 
>> --
>> 
>> Steve Yates
>> ITS, Inc.
>> 
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>> Volotinen
>> Sent: Tuesday, November 15, 2016 2:20 PM
>> To: pfSense Support and Discussion Mailing List 
>> Subject: [pfSense] pfsense + carp + ha
>> 
>> Hi List,
>> 
>> What are requirements for pfsense ha clustering? does any of x86 hardware
>> work with ha? does hardware need to be identical?
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense default firewall configuration

2016-11-15 Thread Walter Parker 
I moved from IPCop to pfSense years ago. It was good enough then. It is
better now. Without an idea of what you customization are, we can't tell
you how many rules you might need to add to get the same functionality from
a pfSense setup.

On Tue, Nov 15, 2016 at 8:19 AM, Ryan Coleman  wrote:

> I would add that it is “good enough” to start from and do what you need
> after that.
>
>
> > On Nov 15, 2016, at 7:46 AM, Vick Khera  wrote:
> >
> > On Tue, Nov 15, 2016 at 3:17 AM, user49b  wrote:
> >> I have heavily modified my IPcop configuration and just wanted to know
> if
> >> pfSesnse's default firewall configuration is good enough.
> >
> > The default is deny everything inbound, and allow everything outbound.
> > Nobody can say what's "good enough" for you without knowing your
> > requirements.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Eero Volotinen 
same ports? you mean that same port assigment and nic can be different type?

eero

15.11.2016 11.36 ip. "Steve Yates"  kirjoitti:

> Any hardware should work fine.  They recommend a separate NIC/port
> for the sync traffic since if syncing states there can be a lot of traffic
> (if not syncing state there is probably very little).  I don't think it
> needs to be identical hardware but the rules would need to copy over so it
> would need the same ports.
>
> One gotcha that caught me...under "System/High Availability
> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a
> "Remote System Username" field.  That field is ignored, and "admin" is
> always used.
>
> --
>
> Steve Yates
> ITS, Inc.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
> Volotinen
> Sent: Tuesday, November 15, 2016 2:20 PM
> To: pfSense Support and Discussion Mailing List 
> Subject: [pfSense] pfsense + carp + ha
>
> Hi List,
>
> What are requirements for pfsense ha clustering? does any of x86 hardware
> work with ha? does hardware need to be identical?
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Steve Yates 
Any hardware should work fine.  They recommend a separate NIC/port for 
the sync traffic since if syncing states there can be a lot of traffic (if not 
syncing state there is probably very little).  I don't think it needs to be 
identical hardware but the rules would need to copy over so it would need the 
same ports.

One gotcha that caught me...under "System/High Availability 
Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote 
System Username" field.  That field is ignored, and "admin" is always used.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen
Sent: Tuesday, November 15, 2016 2:20 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] pfsense + carp + ha

Hi List,

What are requirements for pfsense ha clustering? does any of x86 hardware work 
with ha? does hardware need to be identical?

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Vick Khera 
I use commodity x86 (64-bit) hardware. I tend to make my pairs
identical, so I know the backup can handle the load if the primary
keels over. There's no hard requirement for that, though.


On Tue, Nov 15, 2016 at 3:19 PM, Eero Volotinen  wrote:
> Hi List,
>
> What are requirements for pfsense ha clustering? does any of x86 hardware
> work with ha? does hardware need to be identical?
>
> --
> Eero
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfsense + carp + ha

2016-11-15 Thread Eero Volotinen 
Hi List,

What are requirements for pfsense ha clustering? does any of x86 hardware
work with ha? does hardware need to be identical?

--
Eero
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense default firewall configuration

2016-11-15 Thread Ryan Coleman 
I would add that it is “good enough” to start from and do what you need after 
that.


> On Nov 15, 2016, at 7:46 AM, Vick Khera  wrote:
> 
> On Tue, Nov 15, 2016 at 3:17 AM, user49b  wrote:
>> I have heavily modified my IPcop configuration and just wanted to know if
>> pfSesnse's default firewall configuration is good enough.
> 
> The default is deny everything inbound, and allow everything outbound.
> Nobody can say what's "good enough" for you without knowing your
> requirements.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense default firewall configuration

2016-11-15 Thread Vick Khera 
On Tue, Nov 15, 2016 at 3:17 AM, user49b  wrote:
> I have heavily modified my IPcop configuration and just wanted to know if
> pfSesnse's default firewall configuration is good enough.

The default is deny everything inbound, and allow everything outbound.
Nobody can say what's "good enough" for you without knowing your
requirements.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfsense default firewall configuration

2016-11-15 Thread user49b 

Hi everybody

I'm moving from IPcop to pfSense.
I have heavily modified my IPcop configuration and just wanted to know 
if pfSesnse's default firewall configuration is good enough.


Should I look at adding to the rules and if so, is there maybe a nice wiki?

Regards
Chris
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold