Re: [pfSense] 2.4.1 IPSec tunnels

[Jim Thompson]

https://redmine.pfsense.org/issues/8003

It’s being worked on in snapshots. 

Jim

> On Oct 25, 2017, at 9:03 AM, Edward O. Holcroft  wrote:
> 
> I just upgraded from 2.4.0 to 2.4.1.
> 
> If I view the status of my IPSec tunnels, it seems they have all been
> duplicated.
> 
> The original tunnels all show as disconnected, while the second tunnel,
> which has no description, shows as connected.
> 
> So all the tunnels still work, it's just that there is new duplicate entry
> without a description field populated. If I look in the IPSec tunnel
> settings however, there is only tunnel, the correct one, with the
> description filed populated. If I hit "connect" on one of the original
> tunnels, it does nothing, since of course it is already connected via the
> duplicate, unnamed tunnel.
> 
> Has anyone else seen this?
> 
> Any ideas on a way to clean it up? I don't see anything duplicated in the
> IPSec xml file.
> 
> ed
> 
> -- 
> MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This 
> message may be confidential and/or privileged. If you are not the intended 
> recipient, please notify the sender immediately then delete it - you should 
> not copy or use it for any purpose or disclose its content to any other 
> person. Internet communications are not secure. You should scan this 
> message and any attachments for viruses. Any unauthorized use or 
> interception of this e-mail is illegal.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4.1 IPSec tunnels

[Edward O. Holcroft]

https://redmine.pfsense.org/issues/8003


_

*Edward O. Holcroft*
IT Operations Manager

*Madsen, Kneppers & Associates, Inc.*
Construction Consultants & Engineers
11695 Johns Creek Parkway, Suite 250
Johns Creek, GA 30097

*O*  770.446.9606  |  *F*  770.446.9612  |  *C*  770.630.0949  |
eholcr...@mkainc.com

www.mkainc.com

On Wed, Oct 25, 2017 at 10:03 AM, Edward O. Holcroft 
wrote:

> I just upgraded from 2.4.0 to 2.4.1.
>
> If I view the status of my IPSec tunnels, it seems they have all been
> duplicated.
>
> The original tunnels all show as disconnected, while the second tunnel,
> which has no description, shows as connected.
>
> So all the tunnels still work, it's just that there is new duplicate entry
> without a description field populated. If I look in the IPSec tunnel
> settings however, there is only tunnel, the correct one, with the
> description filed populated. If I hit "connect" on one of the original
> tunnels, it does nothing, since of course it is already connected via the
> duplicate, unnamed tunnel.
>
> Has anyone else seen this?
>
> Any ideas on a way to clean it up? I don't see anything duplicated in the
> IPSec xml file.
>
> ed
>

-- 
MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This 
message may be confidential and/or privileged. If you are not the intended 
recipient, please notify the sender immediately then delete it - you should 
not copy or use it for any purpose or disclose its content to any other 
person. Internet communications are not secure. You should scan this 
message and any attachments for viruses. Any unauthorized use or 
interception of this e-mail is illegal.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

[ullbeking]

Indeed, I was very excited when the C3000 series was announced. 
Probably more than any other computer hardware announcement release.


But all this continued speculation and excitement is premature, building 
unnecessary hype.  Aside from a couple of industry insiders, I don't 
know a single person who has even seen one.  You can't buy a C3000 in 
the stores and nobody knows when they'll be available.


Also, it's a bad idea to put critical infrastructure on bleeding-edge 
hardware.  The notorious AVR54 C2000 bug has _finally_ been acknowledged 
and understood upstream, and at least you can get an RMA.  But that took 
a long time and effort, even with widespread exposure of an obvious issue.


I already have a C2758 but it is being used for something else and is 
completely inaccessible.  I've got another on the way for another use, 
so maybe I can experiment with that one if that transaction works itself 
out.


I am drawn towards the ASRock E3C236D2I out of interest, to try 
something a bit different, and for future flexibility.  I presume 
there's nothing about this option that makes it a bad choice for running 
pfSense.



On 29/10/2017 17:22, Jonathan Willsher wrote:

I dont know if you own the boards already that you are thinking about using, 
but SM has new C3000 based boards as well. There is tight availability right 
now though.

Jwillsher

Sent from my iPhone


On Oct 29, 2017, at 1:00 PM, list-requ...@lists.pfsense.org wrote:

Send List mailing list submissions to
list@lists.pfsense.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.pfsense.org/mailman/listinfo/list
or, via email, send a message with subject or body 'help' to
list-requ...@lists.pfsense.org

You can reach the person managing the list at
list-ow...@lists.pfsense.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of List digest..."


Today's Topics:

   1. ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F (ullbeking)


--

Message: 1
Date: Sat, 28 Oct 2017 21:45:59 +0100
From: ullbeking 
To: List@lists.pfsense.org
Subject: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F
Message-ID: <51275815-b81f-7390-1c97-b56ae0b26...@andrewnesbit.org>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi all!

[I originally tried read submit one of these in the kitchen, there was
an apparent transient connection failure of unknown nauture between
passenger and driver.  However it come across better this way.]

I decided to try out a thought experiment to see what options are
available and how versatile they are, for running pfsense as a
firewwall+router with four NICs each.

Although I'm virtualizing large parts of my network, pfsense is one
thing that should run in its own box, with minimal fussing.  One of my
requirements is that it runs on server-grade hardware.  I came up with
two options:

1.  ASRock Rack E3C236D2I plus Pentium G4560 (and updated BIOS), 16 GB
DDR4, and storage.  The board has two NICs but I can add more using the
PCIe expansion port.  Clearly these would have to be added using
low-profile or half-height expansion cards/

2.  Supermicro A1SRi-C2758F system (new, or fixed if carrying the AVR54
C2000 B0/C0 stepping bug), 16 GB DDR3, and storage.

Fanless should be feasible, and all I need is a capable, modest system
that can easily be repurposed or resold if need be.  Each system should
be able able to run in a mini-ITX box, such as an SFF Akasa.  Akasa even
sells passively cooled mini-ITX boxes specificially designed for
Supermicro A1SAi/A1SRi, and I'm pretty sure I can make a fanless mini
ITX case work for the ASRock E3C236D2I+G4560 combo too.  The only thing
is that the CPU + heat sink + fan (if present) can fit vertically inside
the case (total height inside the case is 68.5 mm).

Either way, I can upgrade the RAM and have a virtualization server able
to handle light loads.  The particular advantages of Item 2. above, and
what personally draws me to it, are that it's more versatile, the CPU is
upgradeable, and it uses DDR4.

Both CPUs have similar PassMark scores, and when the sums are done they
cost about the same as each other.  On the other hand, if I'm going to
be using 4+ NICs, then I imagine I'd want at least four cores to avoid
bottlenecks at the NICs.  Alternativelu, are threads via hyperthreading
sufficient for this?

What do you think?  I'd appreciate any opinions.  Thanks!

P.S. Are there known problems posting to the forums at the moment?


--

Subject: Digest Footer

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

--

End of List Digest, Vol 900, Issue 1


___
pfSense mailing list

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

[Jim Thompson]

> On Oct 28, 2017, at 3:45 PM, ullbeking  wrote:
> 
> P.S. Are there known problems posting to the forums at the moment?

Our upstream provider is having IPv6 issues. 

Jim
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

[Jonathan Willsher]

I dont know if you own the boards already that you are thinking about using, 
but SM has new C3000 based boards as well. There is tight availability right 
now though.

Jwillsher

Sent from my iPhone

> On Oct 29, 2017, at 1:00 PM, list-requ...@lists.pfsense.org wrote:
> 
> Send List mailing list submissions to
>list@lists.pfsense.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>https://lists.pfsense.org/mailman/listinfo/list
> or, via email, send a message with subject or body 'help' to
>list-requ...@lists.pfsense.org
> 
> You can reach the person managing the list at
>list-ow...@lists.pfsense.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of List digest..."
> 
> 
> Today's Topics:
> 
>   1. ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F (ullbeking)
> 
> 
> --
> 
> Message: 1
> Date: Sat, 28 Oct 2017 21:45:59 +0100
> From: ullbeking 
> To: List@lists.pfsense.org
> Subject: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F
> Message-ID: <51275815-b81f-7390-1c97-b56ae0b26...@andrewnesbit.org>
> Content-Type: text/plain; charset=utf-8; format=flowed
> 
> Hi all!
> 
> [I originally tried read submit one of these in the kitchen, there was 
> an apparent transient connection failure of unknown nauture between 
> passenger and driver.  However it come across better this way.]
> 
> I decided to try out a thought experiment to see what options are 
> available and how versatile they are, for running pfsense as a 
> firewwall+router with four NICs each.
> 
> Although I'm virtualizing large parts of my network, pfsense is one 
> thing that should run in its own box, with minimal fussing.  One of my 
> requirements is that it runs on server-grade hardware.  I came up with 
> two options:
> 
> 1.  ASRock Rack E3C236D2I plus Pentium G4560 (and updated BIOS), 16 GB 
> DDR4, and storage.  The board has two NICs but I can add more using the 
> PCIe expansion port.  Clearly these would have to be added using 
> low-profile or half-height expansion cards/
> 
> 2.  Supermicro A1SRi-C2758F system (new, or fixed if carrying the AVR54 
> C2000 B0/C0 stepping bug), 16 GB DDR3, and storage.
> 
> Fanless should be feasible, and all I need is a capable, modest system 
> that can easily be repurposed or resold if need be.  Each system should 
> be able able to run in a mini-ITX box, such as an SFF Akasa.  Akasa even 
> sells passively cooled mini-ITX boxes specificially designed for 
> Supermicro A1SAi/A1SRi, and I'm pretty sure I can make a fanless mini 
> ITX case work for the ASRock E3C236D2I+G4560 combo too.  The only thing 
> is that the CPU + heat sink + fan (if present) can fit vertically inside 
> the case (total height inside the case is 68.5 mm).
> 
> Either way, I can upgrade the RAM and have a virtualization server able 
> to handle light loads.  The particular advantages of Item 2. above, and 
> what personally draws me to it, are that it's more versatile, the CPU is 
> upgradeable, and it uses DDR4.
> 
> Both CPUs have similar PassMark scores, and when the sums are done they 
> cost about the same as each other.  On the other hand, if I'm going to 
> be using 4+ NICs, then I imagine I'd want at least four cores to avoid 
> bottlenecks at the NICs.  Alternativelu, are threads via hyperthreading 
> sufficient for this?
> 
> What do you think?  I'd appreciate any opinions.  Thanks!
> 
> P.S. Are there known problems posting to the forums at the moment?
> 
> 
> --
> 
> Subject: Digest Footer
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
> 
> --
> 
> End of List Digest, Vol 900, Issue 1
> 
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold