On Feb 15, 2018, at 11:35 AM, ad^2 wrote:
>
> Hello all,
>
> I read in the forum (h_t_t_p_s://forum.pfsense.org/index.php?topic=109346.0)
> the 255 VHID limitation in CARP is no longer an issue in recent versions. I
> cannot find any documentation to support it.
>
> I have a need to host a lot
> On Feb 15, 2018, at 7:29 AM, ad^2 wrote:
>
> Hello all,
>
> Objective - Connect to services from the Internet hosted on an internal
> server assigned an RFC1918 address.
>
> pfSense version 2.4.2-RELEASE-p1
>
> I have followed the instructions listed here - h_t_t_p_s://
> doc.pfsense.org/i
On Thu, Feb 15, 2018 at 6:11 PM, Jim Thompson wrote:
>
>
> > On Feb 15, 2018, at 6:47 PM, Kyle Marek wrote:
> >
> > On 02/15/2018 05:33 PM, Jim Thompson wrote:
> >> Mr. Marek,
> >>
> >> I think you may be missing the point that this is about 2.5 and the
> RESTCONF interface, not any kind of VPN.
I didn't say it was in everything since 2008. I said that both companies
widely released it by 2010 and that most of the x64 (64 Bit) processors
released in the past few years years do support them (except for some of
the low end systems, usually used in price constrained embedded style
processors)
On 02/15/2018 05:33 PM, Jim Thompson wrote:
> Mr. Marek,
>
> I think you may be missing the point that this is about 2.5 and the RESTCONF
> interface, not any kind of VPN.
I became aware of this after reading the follow up post.
> Yes, there are constant time implementations of AES, they’re quit
Hi JD,
Op 15-2-2018 om 20:35 schreef ad^2:
Hello all,
I read in the forum (h_t_t_p_s://forum.pfsense.org/index.php?topic=109346.0)
the 255 VHID limitation in CARP is no longer an issue in recent versions. I
cannot find any documentation to support it.
I have a need to host a lot more than 255
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Kyle Marek
Sent: Thursday, February 15, 2018 10:38 AM
To: pfSense Support and Discussion Mailing List ; Eero
Volotinen
Subject: Re: [pfSense] Configs or hardware?
> This is silly. I shouldn't have to replac
I think you're missing the point that software support exists; pfSense
supports software AES *now*, and this is being removed. New technology
is cool; things not working anymore is not.
Anyway, what are are other projects such as the TLS libraries doing
about this? Is hardware acceleration really
Hello all,
I read in the forum (h_t_t_p_s://forum.pfsense.org/index.php?topic=109346.0)
the 255 VHID limitation in CARP is no longer an issue in recent versions. I
cannot find any documentation to support it.
I have a need to host a lot more than 255 virtual IP addresses.
Can someone confirm or
something like that. (very cheap) Celeron J1900 firewall devices are not
supporting aes-ni.
Eero
15.2.2018 20.40 "Walter Parker" kirjoitti:
> Well, both Intel and AMD starting shipping the AES-NI instructions 8 years
> ago...
>
> How long does a project need to wait before it can require a feat
Well, both Intel and AMD starting shipping the AES-NI instructions 8 years
ago...
How long does a project need to wait before it can require a feature found
on all major x64 processors? Waiting 8-9 years seems reasonable to me.
Given the fact that the project is only supporting 64-bit and suggest
This is silly. I shouldn't have to replace my hardware to support a
feature I will not use...
I shame Netgate for such an artificial limitation...
Thank you for the information.
On 02/15/2018 12:20 PM, Eero Volotinen wrote:
> Well:
>
> https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html so
Hi
I currently have some limiters setup on my WiFi interface.
I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700
Kbit/s.
So every IP (device) has 700 Kbit/s.
I want to add a "global" limit on Wifi interface so the total
subnet/network can only have 3000 Kbit/s.
Each IP (d
Well:
https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html so we are talking
about 2.5 not 3.x ?
"While we’re not revealing the extent of our plans, we do want to give
early notice that, in order to support the increased cryptographic loads
that we see as part of pfSense verison 2.5, pfSense
I believe I read somewhere that the new version that requires aes-ni will be
3.x, and they plan to continue the 2.x line alongside it, as 3.x will be a
major rewrite
-Ed
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen
Sent: Thursday, Fe
Well. Next version of pfsense (2.5) will not install into hardware that
does not support AES-NI,
so buying such hardware is not wise ?
Eero
On Thu, Feb 15, 2018 at 7:01 PM, Kyle Marek wrote:
> I have not had such an issue. Using 2.4.2 with System Information widget
> saying "AES-NI CPU Crypto:
I have not had such an issue. Using 2.4.2 with System Information widget
saying "AES-NI CPU Crypto: No".
On 02/15/2018 11:55 AM, Eero Volotinen wrote:
> Please note that next pfsense will not install hardware that is not
> supporting aes-ni?
>
> Eero
>
> On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek
Please note that next pfsense will not install hardware that is not
supporting aes-ni?
Eero
On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek wrote:
> This board does round-up gigabit (something like 976 Mb/s) in both
> directions on all 4 interfaces: https://www.amazon.com/dp/B00XNR4HE2/
>
> The key
This board does round-up gigabit (something like 976 Mb/s) in both
directions on all 4 interfaces: https://www.amazon.com/dp/B00XNR4HE2/
The key for me here was the interrupt coalescence of these particular
Intel NICs. A very similar board with Broadcom NICs that lacked this
feature maxed out the
Hello all,
Objective - Connect to services from the Internet hosted on an internal
server assigned an RFC1918 address.
pfSense version 2.4.2-RELEASE-p1
I have followed the instructions listed here - h_t_t_p_s://
doc.pfsense.org/index.php/1:1_NAT
[Setup]
Firewall > Rules > WAN
protocol, source,
Try increasing network buffers via "system tunables".
Em 15 de fev de 2018 12:14, "Michael Munger"
escreveu:
> TL; DR.
>
> On 1Gbps downloads, our pfSense firewalls are performing poorly with
> speed tests of ~400Mbps. It's either pfSense configs (not likely) or the
> hardware (more likely). I d
On 02/15/2018 09:14 AM, Michael Munger wrote:
TL; DR.
On 1Gbps downloads, our pfSense firewalls are performing poorly with
speed tests of ~400Mbps. It's either pfSense configs (not likely) or the
hardware (more likely). I do not want to buy a commercial box. For our
corporate network, we use H
Also, this is an incredibly common question on the pfSense forums. (Not trying
to be condescending, just stating.) I racked my mind trying to figure something
out when, like you said, it’s a solved problem. Basically, get a reasonably
powered computer and put some real Intel NICs in it and you’
I have an optiplex 970 (possibly 980, don’t recall) with 16GB RAM and a quad
port Intel NIC that handles gigabit fiber with no issues at all. I managed to
order a knockoff NIC (half the thing’s from eBay), so I’m surprised it’s
performing this well, but it’s been rock solid. Granted it’s for hom
Hi,
This hardware can do gigabit (wirespeed) NAT/FW
https://www.amazon.com/gp/product/B016VHBA7C (tested on my home, using
symmetric gigabit line...)
but, I we use NetGate SG-8860 on our main offices:
https://www.voleatech.de/en/product/sg-8860-1u/?gclid=EAIaIQobChMIlbTj5o-o2QIVBJ8bCh1phgmKEAAY
TL; DR.
On 1Gbps downloads, our pfSense firewalls are performing poorly with
speed tests of ~400Mbps. It's either pfSense configs (not likely) or the
hardware (more likely). I do not want to buy a commercial box. For our
corporate network, we use HP DL360s, so zero problem there.I need
something t
26 matches
Mail list logo
