Re: [pfSense] 2.4.1 IPSec tunnels
https://redmine.pfsense.org/issues/8003 It’s being worked on in snapshots. Jim > On Oct 25, 2017, at 9:03 AM, Edward O. Holcroft wrote: > > I just upgraded from 2.4.0 to 2.4.1. > > If I view the status of my IPSec tunnels, it seems they have all been > duplicated. > > The original tunnels all show as disconnected, while the second tunnel, > which has no description, shows as connected. > > So all the tunnels still work, it's just that there is new duplicate entry > without a description field populated. If I look in the IPSec tunnel > settings however, there is only tunnel, the correct one, with the > description filed populated. If I hit "connect" on one of the original > tunnels, it does nothing, since of course it is already connected via the > duplicate, unnamed tunnel. > > Has anyone else seen this? > > Any ideas on a way to clean it up? I don't see anything duplicated in the > IPSec xml file. > > ed > > -- > MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This > message may be confidential and/or privileged. If you are not the intended > recipient, please notify the sender immediately then delete it - you should > not copy or use it for any purpose or disclose its content to any other > person. Internet communications are not secure. You should scan this > message and any attachments for viruses. Any unauthorized use or > interception of this e-mail is illegal. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.4.1 IPSec tunnels
https://redmine.pfsense.org/issues/8003 _ *Edward O. Holcroft* IT Operations Manager *Madsen, Kneppers & Associates, Inc.* Construction Consultants & Engineers 11695 Johns Creek Parkway, Suite 250 Johns Creek, GA 30097 *O* 770.446.9606 | *F* 770.446.9612 | *C* 770.630.0949 | eholcr...@mkainc.com www.mkainc.com On Wed, Oct 25, 2017 at 10:03 AM, Edward O. Holcroft wrote: > I just upgraded from 2.4.0 to 2.4.1. > > If I view the status of my IPSec tunnels, it seems they have all been > duplicated. > > The original tunnels all show as disconnected, while the second tunnel, > which has no description, shows as connected. > > So all the tunnels still work, it's just that there is new duplicate entry > without a description field populated. If I look in the IPSec tunnel > settings however, there is only tunnel, the correct one, with the > description filed populated. If I hit "connect" on one of the original > tunnels, it does nothing, since of course it is already connected via the > duplicate, unnamed tunnel. > > Has anyone else seen this? > > Any ideas on a way to clean it up? I don't see anything duplicated in the > IPSec xml file. > > ed > -- MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or privileged. If you are not the intended recipient, please notify the sender immediately then delete it - you should not copy or use it for any purpose or disclose its content to any other person. Internet communications are not secure. You should scan this message and any attachments for viruses. Any unauthorized use or interception of this e-mail is illegal. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F
Indeed, I was very excited when the C3000 series was announced. Probably more than any other computer hardware announcement release. But all this continued speculation and excitement is premature, building unnecessary hype. Aside from a couple of industry insiders, I don't know a single person who has even seen one. You can't buy a C3000 in the stores and nobody knows when they'll be available. Also, it's a bad idea to put critical infrastructure on bleeding-edge hardware. The notorious AVR54 C2000 bug has _finally_ been acknowledged and understood upstream, and at least you can get an RMA. But that took a long time and effort, even with widespread exposure of an obvious issue. I already have a C2758 but it is being used for something else and is completely inaccessible. I've got another on the way for another use, so maybe I can experiment with that one if that transaction works itself out. I am drawn towards the ASRock E3C236D2I out of interest, to try something a bit different, and for future flexibility. I presume there's nothing about this option that makes it a bad choice for running pfSense. On 29/10/2017 17:22, Jonathan Willsher wrote: I dont know if you own the boards already that you are thinking about using, but SM has new C3000 based boards as well. There is tight availability right now though. Jwillsher Sent from my iPhone On Oct 29, 2017, at 1:00 PM, list-requ...@lists.pfsense.org wrote: Send List mailing list submissions to list@lists.pfsense.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.pfsense.org/mailman/listinfo/list or, via email, send a message with subject or body 'help' to list-requ...@lists.pfsense.org You can reach the person managing the list at list-ow...@lists.pfsense.org When replying, please edit your Subject line so it is more specific than "Re: Contents of List digest..." Today's Topics: 1. ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F (ullbeking) -- Message: 1 Date: Sat, 28 Oct 2017 21:45:59 +0100 From: ullbeking To: List@lists.pfsense.org Subject: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F Message-ID: <51275815-b81f-7390-1c97-b56ae0b26...@andrewnesbit.org> Content-Type: text/plain; charset=utf-8; format=flowed Hi all! [I originally tried read submit one of these in the kitchen, there was an apparent transient connection failure of unknown nauture between passenger and driver. However it come across better this way.] I decided to try out a thought experiment to see what options are available and how versatile they are, for running pfsense as a firewwall+router with four NICs each. Although I'm virtualizing large parts of my network, pfsense is one thing that should run in its own box, with minimal fussing. One of my requirements is that it runs on server-grade hardware. I came up with two options: 1. ASRock Rack E3C236D2I plus Pentium G4560 (and updated BIOS), 16 GB DDR4, and storage. The board has two NICs but I can add more using the PCIe expansion port. Clearly these would have to be added using low-profile or half-height expansion cards/ 2. Supermicro A1SRi-C2758F system (new, or fixed if carrying the AVR54 C2000 B0/C0 stepping bug), 16 GB DDR3, and storage. Fanless should be feasible, and all I need is a capable, modest system that can easily be repurposed or resold if need be. Each system should be able able to run in a mini-ITX box, such as an SFF Akasa. Akasa even sells passively cooled mini-ITX boxes specificially designed for Supermicro A1SAi/A1SRi, and I'm pretty sure I can make a fanless mini ITX case work for the ASRock E3C236D2I+G4560 combo too. The only thing is that the CPU + heat sink + fan (if present) can fit vertically inside the case (total height inside the case is 68.5 mm). Either way, I can upgrade the RAM and have a virtualization server able to handle light loads. The particular advantages of Item 2. above, and what personally draws me to it, are that it's more versatile, the CPU is upgradeable, and it uses DDR4. Both CPUs have similar PassMark scores, and when the sums are done they cost about the same as each other. On the other hand, if I'm going to be using 4+ NICs, then I imagine I'd want at least four cores to avoid bottlenecks at the NICs. Alternativelu, are threads via hyperthreading sufficient for this? What do you think? I'd appreciate any opinions. Thanks! P.S. Are there known problems posting to the forums at the moment? -- Subject: Digest Footer ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- End of List Digest, Vol 900, Issue 1 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/
Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F
> On Oct 28, 2017, at 3:45 PM, ullbeking wrote: > > P.S. Are there known problems posting to the forums at the moment? Our upstream provider is having IPv6 issues. Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F
I dont know if you own the boards already that you are thinking about using, but SM has new C3000 based boards as well. There is tight availability right now though. Jwillsher Sent from my iPhone > On Oct 29, 2017, at 1:00 PM, list-requ...@lists.pfsense.org wrote: > > Send List mailing list submissions to >list@lists.pfsense.org > > To subscribe or unsubscribe via the World Wide Web, visit >https://lists.pfsense.org/mailman/listinfo/list > or, via email, send a message with subject or body 'help' to >list-requ...@lists.pfsense.org > > You can reach the person managing the list at >list-ow...@lists.pfsense.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of List digest..." > > > Today's Topics: > > 1. ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F (ullbeking) > > > -- > > Message: 1 > Date: Sat, 28 Oct 2017 21:45:59 +0100 > From: ullbeking > To: List@lists.pfsense.org > Subject: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F > Message-ID: <51275815-b81f-7390-1c97-b56ae0b26...@andrewnesbit.org> > Content-Type: text/plain; charset=utf-8; format=flowed > > Hi all! > > [I originally tried read submit one of these in the kitchen, there was > an apparent transient connection failure of unknown nauture between > passenger and driver. However it come across better this way.] > > I decided to try out a thought experiment to see what options are > available and how versatile they are, for running pfsense as a > firewwall+router with four NICs each. > > Although I'm virtualizing large parts of my network, pfsense is one > thing that should run in its own box, with minimal fussing. One of my > requirements is that it runs on server-grade hardware. I came up with > two options: > > 1. ASRock Rack E3C236D2I plus Pentium G4560 (and updated BIOS), 16 GB > DDR4, and storage. The board has two NICs but I can add more using the > PCIe expansion port. Clearly these would have to be added using > low-profile or half-height expansion cards/ > > 2. Supermicro A1SRi-C2758F system (new, or fixed if carrying the AVR54 > C2000 B0/C0 stepping bug), 16 GB DDR3, and storage. > > Fanless should be feasible, and all I need is a capable, modest system > that can easily be repurposed or resold if need be. Each system should > be able able to run in a mini-ITX box, such as an SFF Akasa. Akasa even > sells passively cooled mini-ITX boxes specificially designed for > Supermicro A1SAi/A1SRi, and I'm pretty sure I can make a fanless mini > ITX case work for the ASRock E3C236D2I+G4560 combo too. The only thing > is that the CPU + heat sink + fan (if present) can fit vertically inside > the case (total height inside the case is 68.5 mm). > > Either way, I can upgrade the RAM and have a virtualization server able > to handle light loads. The particular advantages of Item 2. above, and > what personally draws me to it, are that it's more versatile, the CPU is > upgradeable, and it uses DDR4. > > Both CPUs have similar PassMark scores, and when the sums are done they > cost about the same as each other. On the other hand, if I'm going to > be using 4+ NICs, then I imagine I'd want at least four cores to avoid > bottlenecks at the NICs. Alternativelu, are threads via hyperthreading > sufficient for this? > > What do you think? I'd appreciate any opinions. Thanks! > > P.S. Are there known problems posting to the forums at the moment? > > > -- > > Subject: Digest Footer > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > > -- > > End of List Digest, Vol 900, Issue 1 > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold