Re: [pfSense] Netgate Firmware

2017-03-20 Thread Richard A. Relph
OK, now you guys have me curious…

I have a Netgate SG-2440 purchased directly from Netgate. I’ve received no 
emails. I don’t frequent the forums. But I am aware of an “alleged” chip issue, 
which I believe my unit is susceptible to.

Can someone provide a link to a relevant forum thread?

Thanks,
Richard


> On Mar 20, 2017, at 7:37 PM, Jon Gerdes  wrote:
> 
> I understand where you are coming from but I don't think the occasional
>  note from vendors of pfSense kit that covers issues with high
> importance (to users as well as vendors) could be classified as spam on
> the pfSense list. 
> 
> There are a lot of Netgate users here and Netgate gear has a bit of a
> focus, OS-wise.  
> 
> In this particular case the issue is not confined to Netgate gear and
> spelling it out here can't do any harm that I can foresee.  
> 
> You may prod users of other hardware platforms to investigate whether
> they they have the affected chips in their systems.  That can't be a
> bad thing provided the note is presented in a reasonably generic way
> but obviously you could mention specific products that you know are
> affected from your range or perhaps a short note pointing Netgate users
> to a URL for more info.
> 
> Cheers
> Jon
> 
> 
> 
> On Mon, 2017-03-20 at 19:15 -0500, Jim Thompson wrote:
>> I tend to be careful about spamming the pfSense list with things that
>> aren't directly related to pfSense.
>> 
>> Jim
>> 
>> On Mon, Mar 20, 2017 at 7:13 PM, Jon Gerdes 
>> wrote:
>>> It might be worth putting a press release style post here as well
>>> anyway.
>>> 
>>> Your mailing list may not be perfect and some people have a nasty
>>> habit
>>> of registering things with their own email address instead of a
>>> group
>>> address/alias and then moving on.  Thir account gets deleted and
>>> that
>>> box that does something for the internets stops working and it
>>> could
>>> have been fixed by a timely firmware update.
>>> 
>>> To be fair, there is quite a lot of chat on the forums about this
>>> and
>>> any interested pfSenser should be hanging out there as well as
>>> here.
>>> 
>>> 
>>> 
>>> On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote:
 we only sent it to customers of affected units.
 
 On Mon, Mar 20, 2017 at 5:43 PM, WebDawg 
 wrote:
> Is there any other list for netgate firmware updates?  I just
> received a
> notification from sales@pfsense about netgate firmware updates
> but
> it was
> not sent to this list?
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
>>> 
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Netgate Firmware

2017-03-20 Thread Jon Gerdes
I understand where you are coming from but I don't think the occasional
  note from vendors of pfSense kit that covers issues with high
importance (to users as well as vendors) could be classified as spam on
the pfSense list. 

There are a lot of Netgate users here and Netgate gear has a bit of a
focus, OS-wise.  

In this particular case the issue is not confined to Netgate gear and
spelling it out here can't do any harm that I can foresee.  

You may prod users of other hardware platforms to investigate whether
they they have the affected chips in their systems.  That can't be a
bad thing provided the note is presented in a reasonably generic way
but obviously you could mention specific products that you know are
affected from your range or perhaps a short note pointing Netgate users
to a URL for more info.

Cheers
Jon



On Mon, 2017-03-20 at 19:15 -0500, Jim Thompson wrote:
> I tend to be careful about spamming the pfSense list with things that
> aren't directly related to pfSense.
> 
> Jim
> 
> On Mon, Mar 20, 2017 at 7:13 PM, Jon Gerdes 
> wrote:
> > It might be worth putting a press release style post here as well
> > anyway.
> > 
> > Your mailing list may not be perfect and some people have a nasty
> > habit
> > of registering things with their own email address instead of a
> > group
> > address/alias and then moving on.  Thir account gets deleted and
> > that
> > box that does something for the internets stops working and it
> > could
> > have been fixed by a timely firmware update.
> > 
> > To be fair, there is quite a lot of chat on the forums about this
> > and
> > any interested pfSenser should be hanging out there as well as
> > here.
> > 
> > 
> > 
> > On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote:
> > > we only sent it to customers of affected units.
> > > 
> > > On Mon, Mar 20, 2017 at 5:43 PM, WebDawg 
> > > wrote:
> > > > Is there any other list for netgate firmware updates?  I just
> > > > received a
> > > > notification from sales@pfsense about netgate firmware updates
> > > > but
> > > > it was
> > > > not sent to this list?
> > > > ___
> > > > pfSense mailing list
> > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > Support the project with Gold! https://pfsense.org/gold
> > > 
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> > 
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Netgate Firmware

2017-03-20 Thread Jim Thompson
I tend to be careful about spamming the pfSense list with things that
aren't directly related to pfSense.

Jim

On Mon, Mar 20, 2017 at 7:13 PM, Jon Gerdes  wrote:
> It might be worth putting a press release style post here as well
> anyway.
>
> Your mailing list may not be perfect and some people have a nasty habit
> of registering things with their own email address instead of a group
> address/alias and then moving on.  Thir account gets deleted and that
> box that does something for the internets stops working and it could
> have been fixed by a timely firmware update.
>
> To be fair, there is quite a lot of chat on the forums about this and
> any interested pfSenser should be hanging out there as well as here.
>
>
>
> On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote:
>> we only sent it to customers of affected units.
>>
>> On Mon, Mar 20, 2017 at 5:43 PM, WebDawg  wrote:
>> > Is there any other list for netgate firmware updates?  I just
>> > received a
>> > notification from sales@pfsense about netgate firmware updates but
>> > it was
>> > not sent to this list?
>> > ___
>> > pfSense mailing list
>> > https://lists.pfsense.org/mailman/listinfo/list
>> > Support the project with Gold! https://pfsense.org/gold
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Netgate Firmware

2017-03-20 Thread Jon Gerdes
It might be worth putting a press release style post here as well
anyway.  

Your mailing list may not be perfect and some people have a nasty habit
of registering things with their own email address instead of a group
address/alias and then moving on.  Thir account gets deleted and that
box that does something for the internets stops working and it could
have been fixed by a timely firmware update.

To be fair, there is quite a lot of chat on the forums about this and
any interested pfSenser should be hanging out there as well as here.



On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote:
> we only sent it to customers of affected units.
> 
> On Mon, Mar 20, 2017 at 5:43 PM, WebDawg  wrote:
> > Is there any other list for netgate firmware updates?  I just
> > received a
> > notification from sales@pfsense about netgate firmware updates but
> > it was
> > not sent to this list?
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Netgate Firmware

2017-03-20 Thread Jim Thompson
we only sent it to customers of affected units.

On Mon, Mar 20, 2017 at 5:43 PM, WebDawg  wrote:
> Is there any other list for netgate firmware updates?  I just received a
> notification from sales@pfsense about netgate firmware updates but it was
> not sent to this list?
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] Netgate Firmware

2017-03-20 Thread WebDawg
Is there any other list for netgate firmware updates?  I just received a
notification from sales@pfsense about netgate firmware updates but it was
not sent to this list?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] SIP through IKEv2-tunnel

2017-03-20 Thread Rosen Iliev

Hi,

Have you try to disable the STUN support on your phone?

Cheers,

Rosen

Martin Fuchs wrote on 3/20/2017 3:36 AM:

Hi !

I have a Fritz!Box (router) connected to the internet (no other possibility).

In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.

This pfSense VM just operates as a VPN-Gateway.

I have set up the routes in the Fritz!Box for the dial-in networks to the 
pfSense.


I can connect via IKEv2 and browse internat services.

I have a Fritz!App (SIP-Client) on my phone.

This app connects to the Fritz!Box (which provides a SIP-connection) 
successfully.


When I try to make a call, the other phone rings BUT no party cann hear the 
other.


It seems to me like a RTP-issue.


On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.

The firewall-rules allow IPSec to LAN (any service).

I'm running pfSense 2.3.3p1 with one interface.


Does anyone have any idea or some hint for me ?


regards,

martin
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] SIP through IKEv2-tunnel

2017-03-20 Thread Vick Khera
You only need siproxyd if you have multiple SIP clients inside your network
trying to talk outside.

SIP should work just fine in your situation where your PBX software and
your client are within the same VPN and do not block any traffic.

That is, I have a situation like this and it works just fine:

Internet <- pfSense NAT <- Switchvox <- local LAN clients

remotes  -> pfSense VPN -> Switchvox


I can't tell from the OP's original description how the connections are
configured.


On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen 
wrote:

> maybe you need something like this
> https://doc.pfsense.org/index.php/Siproxd_package
>
> Eero
>
> 20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:
>
> > Hi !
> >
> > I have a Fritz!Box (router) connected to the internet (no other
> > possibility).
> >
> > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
> >
> > This pfSense VM just operates as a VPN-Gateway.
> >
> > I have set up the routes in the Fritz!Box for the dial-in networks to the
> > pfSense.
> >
> >
> > I can connect via IKEv2 and browse internat services.
> >
> > I have a Fritz!App (SIP-Client) on my phone.
> >
> > This app connects to the Fritz!Box (which provides a SIP-connection)
> > successfully.
> >
> >
> > When I try to make a call, the other phone rings BUT no party cann hear
> > the other.
> >
> >
> > It seems to me like a RTP-issue.
> >
> >
> > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
> >
> > The firewall-rules allow IPSec to LAN (any service).
> >
> > I'm running pfSense 2.3.3p1 with one interface.
> >
> >
> > Does anyone have any idea or some hint for me ?
> >
> >
> > regards,
> >
> > martin
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] SIP through IKEv2-tunnel

2017-03-20 Thread Eero Volotinen
maybe you need something like this
https://doc.pfsense.org/index.php/Siproxd_package

Eero

20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:

> Hi !
>
> I have a Fritz!Box (router) connected to the internet (no other
> possibility).
>
> In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
>
> This pfSense VM just operates as a VPN-Gateway.
>
> I have set up the routes in the Fritz!Box for the dial-in networks to the
> pfSense.
>
>
> I can connect via IKEv2 and browse internat services.
>
> I have a Fritz!App (SIP-Client) on my phone.
>
> This app connects to the Fritz!Box (which provides a SIP-connection)
> successfully.
>
>
> When I try to make a call, the other phone rings BUT no party cann hear
> the other.
>
>
> It seems to me like a RTP-issue.
>
>
> On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
>
> The firewall-rules allow IPSec to LAN (any service).
>
> I'm running pfSense 2.3.3p1 with one interface.
>
>
> Does anyone have any idea or some hint for me ?
>
>
> regards,
>
> martin
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] SIP through IKEv2-tunnel

2017-03-20 Thread Martin Fuchs
Hi !

I have a Fritz!Box (router) connected to the internet (no other possibility).

In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.

This pfSense VM just operates as a VPN-Gateway.

I have set up the routes in the Fritz!Box for the dial-in networks to the 
pfSense.


I can connect via IKEv2 and browse internat services.

I have a Fritz!App (SIP-Client) on my phone.

This app connects to the Fritz!Box (which provides a SIP-connection) 
successfully.


When I try to make a call, the other phone rings BUT no party cann hear the 
other.


It seems to me like a RTP-issue.


On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.

The firewall-rules allow IPSec to LAN (any service).

I'm running pfSense 2.3.3p1 with one interface.


Does anyone have any idea or some hint for me ?


regards,

martin
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold