Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Adam Thompson 
No, you misunderstood the last response.
You have not provided enough information yet to determine what the problem is.

Three things have been suggested:
1. It *might* be a bug *similar* to one someone else encountered using 
different hardware (which does not even exist on your firewall),
2. You could open a ticket with Netgate support,
3. You can try running tcpdump on the underlying interfaces to see what's 
happening there.

If you don't know how to manually troubleshoot LACP issues or VLAN issues, I 
suggest you open that support ticket.
If you are reasonably confident in your ability to troubleshoot one or the 
other, then go ahead and use tcpdump (with the -e option) to figure out which 
part is broken and why.

Also:

Since pfSense does not allow LAG creation from the command-line, building a 
one-armed router like this is a dangerous design unless you have a spare 
interface for management through the webui.  I learned that the hard way :-/.

-Adam

On October 17, 2017 10:16:24 AM CDT, Eero Volotinen  
wrote:
>so sad. how to downgrade to 2.3?
>
>
>Eero
>
>2017-10-17 17:57 GMT+03:00 :
>
>> Am 2017-10-17 16:54, schrieb Ivo Tonev:
>>
>>> Even if your vlan dont bright up  you can capture traffic on
>physical
>>> interfaces with tcpdump.
>>> See what you can capture before any other move.
>>>
>>
>>
>> if the lagg(4) works while you run tcpdump(8), it's (most likely) a
>driver
>> bug like bxe(4)
>>
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606
>>
>>
>> IMHO.
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen 
so sad. how to downgrade to 2.3?


Eero

2017-10-17 17:57 GMT+03:00 :

> Am 2017-10-17 16:54, schrieb Ivo Tonev:
>
>> Even if your vlan dont bright up  you can capture traffic on physical
>> interfaces with tcpdump.
>> See what you can capture before any other move.
>>
>
>
> if the lagg(4) works while you run tcpdump(8), it's (most likely) a driver
> bug like bxe(4)
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606
>
>
> IMHO.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread rainer 

Am 2017-10-17 16:54, schrieb Ivo Tonev:

Even if your vlan dont bright up  you can capture traffic on physical
interfaces with tcpdump.
See what you can capture before any other move.



if the lagg(4) works while you run tcpdump(8), it's (most likely) a 
driver bug like bxe(4)


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606


IMHO.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Ivo Tonev 
Even if your vlan dont bright up  you can capture traffic on physical
interfaces with tcpdump.
See what you can capture before any other move.

 Do a bottom-up troubleshoot.

Em 17 de out de 2017 12:34, "Eero Volotinen" 
escreveu:

> So, you mean that it is not working?
>
> Eero
>
> 2017-10-17 17:32 GMT+03:00 :
>
> > Am 2017-10-17 16:28, schrieb Eero Volotinen:
> >
> >> It's netgate pfsense SG-4860 running 2.4 final release
> >>
> >
> >
> > So, these are intel nics?
> >
> > Can you look in freebsd-bugzilla if there are bugs open for this
> interface
> > type and lagg(4)?
> >
> > I've had the same problem with bxe(4) (on FreeBSD).
> >
> > I had to switch to ix(4).
> >
> > Might be worth filing a ticket with netgate...
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen 
So, you mean that it is not working?

Eero

2017-10-17 17:32 GMT+03:00 :

> Am 2017-10-17 16:28, schrieb Eero Volotinen:
>
>> It's netgate pfsense SG-4860 running 2.4 final release
>>
>
>
> So, these are intel nics?
>
> Can you look in freebsd-bugzilla if there are bugs open for this interface
> type and lagg(4)?
>
> I've had the same problem with bxe(4) (on FreeBSD).
>
> I had to switch to ix(4).
>
> Might be worth filing a ticket with netgate...
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread rainer 

Am 2017-10-17 16:28, schrieb Eero Volotinen:

It's netgate pfsense SG-4860 running 2.4 final release



So, these are intel nics?

Can you look in freebsd-bugzilla if there are bugs open for this 
interface type and lagg(4)?


I've had the same problem with bxe(4) (on FreeBSD).

I had to switch to ix(4).

Might be worth filing a ticket with netgate...

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen 
It's netgate pfsense SG-4860 running 2.4 final release

Eero

2017-10-17 17:23 GMT+03:00 :

> Am 2017-10-17 15:36, schrieb Eero Volotinen:
>
>> Hi All,
>>
>> Tried to configure lagg0 interface with vlans. Looks like traffic is not
>> passing in the interface.
>>
>> Any ideas? It works fine, if I just configure interface with vlan, but not
>> with lagg interface
>>
>> Setup is like this:
>>
>> -> Lagg0 with two interfaces in failover mode and vlan tagging top of
>> that.
>> -> Both switches are configured to pass traffic with vlan tags to
>> firewall.
>>
>
>
>
> what NIC hardware is this?
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread rainer 

Am 2017-10-17 15:36, schrieb Eero Volotinen:

Hi All,

Tried to configure lagg0 interface with vlans. Looks like traffic is 
not

passing in the interface.

Any ideas? It works fine, if I just configure interface with vlan, but 
not

with lagg interface

Setup is like this:

-> Lagg0 with two interfaces in failover mode and vlan tagging top of 
that.
-> Both switches are configured to pass traffic with vlan tags to 
firewall.




what NIC hardware is this?

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread ibrahim uçar 
Also did you create a pass rule in lagg0 interface which is from Firewall >
Rules > lagg0?




--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Tue, Oct 17, 2017 at 4:36 PM, Eero Volotinen 
wrote:

> Hi All,
>
> Tried to configure lagg0 interface with vlans. Looks like traffic is not
> passing in the interface.
>
> Any ideas? It works fine, if I just configure interface with vlan, but not
> with lagg interface
>
> Setup is like this:
>
> -> Lagg0 with two interfaces in failover mode and vlan tagging top of that.
> -> Both switches are configured to pass traffic with vlan tags to firewall.
>
> --
> Eero
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen 
Hi All,

Tried to configure lagg0 interface with vlans. Looks like traffic is not
passing in the interface.

Any ideas? It works fine, if I just configure interface with vlan, but not
with lagg interface

Setup is like this:

-> Lagg0 with two interfaces in failover mode and vlan tagging top of that.
-> Both switches are configured to pass traffic with vlan tags to firewall.

--
Eero
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] IPv4 + IPv6 on GRE ?

2017-10-17 Thread Xavier Beaudouin 
Hi,

I would like to do some dual stack on a GRE tunnel. Unfortunatly the GUI 
(pfSense 2.4) doesn't allow to have a dual stack on a GRE.

But some of network gear (cisco, juniper, ubnt, ) allow GRE with both 
ipv4+ipv6.

(I have tried link local, and no this doesn't work at all).

Regards
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 6in4 tunnles & traffic shaping?

2017-10-17 Thread Eric MSP Veith 
Hello, list!

I'm using pfSense 2.3.4 on a ADSL line, i.e., my WAN interface connects using
PPPoE. My provider cannot/do not yet offer me native IPv6, but use a 6in4
tunnel. The tunnel is using a GIF in pfSense. This setup works fine.

For VoIP, I now need to implement traffic shaping - and I am unsure how to
implement this with the tunnel. All IPv4 traffic goes via the WAN interface,
so the rules created by the traffic shaping wizard (multiple lan/wan) are
triggered. However, all IPv6 traffic goes via the tunnel and, therefore, in
the and via the WAN interface, too. So I cannot treat the tunnel and the WAN
interface as dedicated links.

The queues are attached to the WAN interface. I assume that this is wrong for
the setup - at least it shows no effect during my tests. I would guess that
I'd need a "pseudo interface" over which all outgoing traffic is routed before
it reaches the GIF/WAN interface. Is that correct? If so, how can I achieve
this?

I have googled extensively and could not find an answer. I hope that this
hasn't been resolved in a different thread I could not find before; if so, I
apologize in advance and would be happy for a link.

Thanks in advance for any hint!

--- Eric
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] ICMP Rate Limit

2017-10-17 Thread ibrahim uçar 
Well, If I were you, I would draw my network schema and then I try to think
why there are some packet loss on my network, maybe because of long cables,
internet speed, packet jumps ( router devices ), big network traffic,
firewall state tables, other things you know.

Also it effects how many devices do you use in your network. For example
when a package try to goes to internet, how many routers is this packet
going through? For example 2 devices, 4 or 10? :)

Well my friend many things can effects for packet loss.


Your questions which is about pfSense ICMP limitations. I think, the
problem is not about pfSense or ICMP limitations.

I will make a check list that you can might be solved the problem after you
looked this things.

- State tables => Diagnostics > States  ( Is it full? )
- RAM usage (dashboard)
- CPU usage (dashboard)
- TOP command for processes of services. => Diagnostics > System Activity
- Traffic usage => Diagnostics > Traffic Graph

Send here a picture of your gateways status please. Status > Gateways

I hope, you can solve the problem. Well, These are my thoughts, I wish I
could help you.





--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Tue, Oct 17, 2017 at 3:35 PM, Daniel  wrote:

> Hi,
>
> not sure. Problem is - I have in my network packetloss and we started to
> change everything.
> Cabling, Switches and so on. On the thing what we didn’t changed was the
> firewalls.
>
> So I installed Smokeping on a Server which is behind the firewall. I
> configured to monitor WAN und LAN interface with ICMP and here I see some
> loss.
> All other internal Hosts has no loss just both Firewalls. Traffic which is
> routed thought the Firewall is just few Mbits – So not overloaded or so.
>
> I thing, or my opinion is that pfSense has some ICMP limitations which
> shows me loss but this is just a case of some limitations.
> But more funny is – I see the same loss on both Firewalls.
>
>
> Am 17.10.17, 14:25 schrieb "List im Auftrag von ibrahim uçar" <
> list-boun...@lists.pfsense.org im Auftrag von ucribra...@gmail.com>:
>
> Hi Daniel,
>
> I hope that I did understand you :). You should go to System >
> Advanced >
> Firewall & NAT > at the bottom of this tab, you will see state
> timeouts.
> There is ICMP timeout. If it's not that you're talking about, let me
> know.
>
>
>
>
> --
>
> *İbrahim UÇAR*
>
> Blogger |  https://lifeoverlinux.com 
>
> On Tue, Oct 17, 2017 at 3:22 PM, Daniel  wrote:
>
> > Hi there again,
> >
> >
> >
> > just wanted to know if pfSense has per default any ICMP rate
> Limitations
> > installed?
> >
> > Problem is I see some small loss in WAN/LAN interface but actually I
> have
> > a any/any rules.
> >
> > I see this on both firewalls I have installed.
> >
> >
> >
> > Cheers
> >
> >
> >
> > Daniel
> >
> >
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] ICMP Rate Limit

2017-10-17 Thread Daniel 
Hi,

not sure. Problem is - I have in my network packetloss and we started to change 
everything.
Cabling, Switches and so on. On the thing what we didn’t changed was the 
firewalls.

So I installed Smokeping on a Server which is behind the firewall. I configured 
to monitor WAN und LAN interface with ICMP and here I see some loss.
All other internal Hosts has no loss just both Firewalls. Traffic which is 
routed thought the Firewall is just few Mbits – So not overloaded or so.

I thing, or my opinion is that pfSense has some ICMP limitations which shows me 
loss but this is just a case of some limitations.
But more funny is – I see the same loss on both Firewalls.


Am 17.10.17, 14:25 schrieb "List im Auftrag von ibrahim uçar" 
:

Hi Daniel,

I hope that I did understand you :). You should go to System > Advanced >
Firewall & NAT > at the bottom of this tab, you will see state timeouts.
There is ICMP timeout. If it's not that you're talking about, let me know.




--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Tue, Oct 17, 2017 at 3:22 PM, Daniel  wrote:

> Hi there again,
>
>
>
> just wanted to know if pfSense has per default any ICMP rate Limitations
> installed?
>
> Problem is I see some small loss in WAN/LAN interface but actually I have
> a any/any rules.
>
> I see this on both firewalls I have installed.
>
>
>
> Cheers
>
>
>
> Daniel
>
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold