I had found an older thread saying that the "XCBC" hashes were OK, since they
were effectively "free" as long as you used one of the AES-GCM ciphers.
Same thread (can't find it now, sorry) also indicated that the GCM mode ciphers
were more, uh, completely??/rapidly?? accelerated than CBC.
Can't
Well, that explains why the rest isn't working.
Fix DNS and you problems will (hopefully) go away.
-Adam
On December 4, 2017 2:41:25 PM CST, Pete Boyd <petes-li...@thegoldenear.org>
wrote:
>On 04/12/2017 20:39, Adam Thompson wrote:
>> Do you have functional DNS from the CLI?
>
The "no address record" error is interesting... Do you have functional DNS from
the CLI?
-Adam
On December 4, 2017 2:29:09 PM CST, Pete Boyd
wrote:
>On 04/12/2017 20:11, Steve Yates wrote:
>> If you ssh to the device and pick the option to update from its
>console
Yes, there's downtime to set up LAGs. So this won't help avoid all downtime.
Since the SG-2440 just went EOL, I would expect the SG-4860 will also go EOL
soon, perhaps next quarter (Q1’18).
There is a small performance hit. It's not large - certainly not large enough
that I ever cared to
If you're going to even consider blaming widely-used software for hardware
problems, then absolutely, yes, please do this, if only to stop the accusations.
If you don't reboot regularly, now's a good time to change that policy, too.
We aren't running NetWare 3.1 any more. No reboots = no
No, you misunderstood the last response.
You have not provided enough information yet to determine what the problem is.
Three things have been suggested:
1. It *might* be a bug *similar* to one someone else encountered using
different hardware (which does not even exist on your firewall),
2. You
The only thing I would caution against is having your only gateway to the
Internet running on a single host or cluster - this makes troubleshooting VERY
difficult when the host or cluster fails. Been there, done that.
So I have one H/W gateway running the internet pipe, then all the internal
The speedteet server code is not optimized for high upload speed measurement.
When running speedtest from a machine on the same subnet, in the same rack in
the same data center as the speedtest server (I worked for an ISP) you will
still get funny results. Or even two VMs running on the same
I always thought that this behaviour was because of the way IPSec is bolted on
to the network stack in FreeBSD 9, that IPsec literally took over the packet
before it could get NAT'd.
Certainly, I was recently surprised to discover that IPSec VPN tunnels take
precedence over local connected
Error messages.
Log files.
Configuration data.
Network topology.
Route tables.
We have nothing to work with yet.
-Adam
(Yes, I know I'm being hypocritical here because I've done the same thing.
Thank you for not reminding me...)
On August 17, 2017 10:51:43 AM CDT, Kleber Carvalho
Any ideas how I install an IPSec tunnel to a remote subnet that overlaps with a
local subnet while not completely killing the local subnet?
This isn’t _quite_ as insane as it sounds at first glance:
The SPD (i.e. Phase 2) selectors on my side are from a single /32 IPv4 address
on the LAN
--
> Moshe Katz
> -- mo...@ymkatz.net
> -- +1(301)867-3732 <(301)%20867-3732>
>
> On Wed, Aug 2, 2017 at 10:32 PM, Adam Thompson
> <athom...@athompso.net>
> wrote:
>
> > So? Neither do I. I don't have native IPv6 at the office either.
> > But both
So? Neither do I. I don't have native IPv6 at the office either. But both
are fully IPv6-connected.
That's what Hurricane Electric tunnels are for. (And SIXXS, formerly, but
they've decided that IPv6 penetration has reached a point where they're not
needed anymore. Hahahaha...)
Sadly, yes. Partly due to providers like OVH who don't "get" prefix delegation.
Also, how else do you multi-home without running BGP? (Keeping in mind that
the overwhelming majority of networks around the world have no access to BGP.)
That's one of the specific use cases for Network Prefix
(If you work for Netgate – would a paid support subscription include helping me
diagnose the problem here, and get this working? I’m not 100% clear if this is
in scope or not.)
I’ve encountered an – apparently – unusual problem when trying to enable 1:1
NAT for IPv6.
I’m also having a
e
> services listening on x.x.x.1, x.x.x.2, x.x.x.3 etc, works like a charm.
>
> JC
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Adam
> Thompson
> Sent: August-01-17 12:57 PM
> To: list@lists.pfsense.org
> Subject: [pfSe
I can't speak to their other platforms, but the Private Cloud offering is based
on VMware, and does not permit the use of MAC addresses other than the one
assigned to the VM. So CARP immediately fails there.
Amusingly (not), there's even special plug-in in the VMware client that is
supposed to
Wondering how anyone else manages (or would manage) this scenario:
* Private Cloud at OVH. (Runs VMware, which isn't terribly relevant
AFAICT.)
* OVH provides a single VLAN that is connected directly to their router
* ALL public IP addresses are terminated on that VLAN (i.e. bound
directly
Not just default - many MUAs (gmail, outlook, virtually every web-based
service) don't correctly handle or in some cases even _permit_ the traditional
method at all.
Much like IRC and two spaces a a period, in-line or appended replies are now
historical relics, broadly replaced by things that
Jim,
Asking you to speculate here...
Assuming someone *is* working on drivers for the chip's crypto capabilities,
when that finally happens, do you have any notion of how much faster IPsec will
get? Are we talking 2x or 100x?
-Adam
On January 25, 2017 7:45:49 PM CST, Jim Thompson
In pfSense 2.3, how do I cause the firewall to generate IGMPv2 or v3
Query packets?
I know there's an IGMP proxy feature, but that's kind of useless without
a querier.
I don't actually need the firewall to do multicast routing, I just need
a querier so snooping works on one of my subnets.
On 16-05-02 06:20 AM, Rafael Aquino wrote:
De: "Frans Meulenbroeks"
Has anyone experience using USB3 to ethernet adapters ? I need an extra
interface but my HW (Intel NUC) does not have room for another card).
Anything recommendable?
Best regards, Frans.
Hi there,
OK, I'm lost... In v2.3, what service, and/or where in the GUI, should
I go to make pfSense act as a slave (authoritative) DNS server?
On a related note, in Services / DNS Resolver / General Settings, what
does "DNS Query Forwarding" do?
There's no description, so I assume if it's *not* set,
I just watched the last hangout that jimp did on Remote Access VPNs, and
I'm wondering: is there no way to do user authentication against a
back-end LDAP or RADIUS server when using IKEv2-EAP-MSCHAP2?
Thanks,
-Adam
___
pfSense mailing list
Oh, god, not again...
Search the list archives from about a month ago.
The consensus was, roughly, that the Ubiquity UniFi products were pretty good
but had some quirks.
As i recall, everything else discussed was either:
-insanely expensive, or
-crap (or both), or
-only works well for one or
I'm 95% sure the answer is wait for the developers to fix those issues
and/or become a developer and fix those issues :-).
Configuration of lighttpd is controlled by the pfSense management
framework, so once you discover the correct invocation, you could
locally modify the PHP file that
?
Not a recommendation at all, but stay away from EnGenius devices. OK
hardware good price, but (e.g.) my AP comes with an open DNS resolver
that can't be disabled, and they don't seem to think it's a problem at
all...
--
-Adam Thompson
athom...@athompso.net
+1 (204) 291-7950 - cell
+1 (204) 489-6515 - fax
On 07/21/2015 09:37 AM, Jim Pingle wrote:
On 07/20/2015 07:09 PM, Adam Thompson wrote:
But I do have one issue/question/comment about the pricing of that bundle:
there are still only 2 support incidents bundled.
It seems that if I bought two 4860s and tie-wrapped them to my own shelf, I’d
clients without
clicking that button.
Help…
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
if I had to buy a new
shelf) but would get 4 support incidents included with my purchase.
Also, the price for a 2-incident support pack is $399, but I can buy a SG-2220
for only $299 and get the same # of support incidents.
Have I missed something? Is this intentional?
--
-Adam Thompson
I figured out part of the answer to my own question:
Manually navigate to “https://pfsense/vpn_ipsec_phase1.php?mobile=true” to
create Mobile IPsec phase 1 entries.
No idea what that breaks, yet.
--
-Adam Thompson
athom...@athompso.net
From: Adam Thompson
Sent: Monday, July
My first instinct is to look at PVST+ interoperability issues because of the
multi-vendor network, but we need a LOT more detail on the network topology to
even make intelligent guesses.
You've essentially said I've got this car, with four Goodyear tires, and my
trailer makes a funny noise.
tricks that aren't obvious?
Thanks,
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
The issue with OpenVPN is merely that I have to prime each client system with
both software and configuration file(s), which isn't always possible or
feasible in my environment.
-Adam
On June 17, 2015 10:22:04 AM CDT, Ermal Luçi e...@pfsense.org wrote:
On Wed, Jun 17, 2015 at 4:40 PM, Steve
...this is what you wind up with normally, until/unless you create a rule
explicitly allowing the DMZ host to talk to the LAN, so yes, it's definitely
possible.
-Adam
On June 6, 2015 8:18:35 AM CDT, Marc R. Meshurle Jr. m...@katotech.com
wrote:
Here's a question - I have a single IP with my
could be wrong but if you're looking for SSL offloading (I ensure all
traffic goes over SSL) varnish and squid would be out of the
picture. Travis Hansen
travisghan...@yahoo.com
On Saturday, May 30, 2015 8:25 PM, Adam Thompson
athom...@athompso.net wrote:
I need to run a reverse proxy
for reverse proxy or a user proxy. I'm
confused
after reading your mail a few times.
Brgds, Espen
31. mai 2015 15:35 skrev Espen Johansen pfse...@gmail.com:
Exclude varnish its primarily made for frontend LB proxy.
søn. 31. mai 2015, 15:32 skrev Adam Thompson athom...@athompso.net:
Oh, shoot
reason to use one over another on
pfSense 2.2 today? FWIW, this firewall is relatively underpowered
(PowerEdge 1750, dual 2.4GHz P4-era Xeons).
--
-Adam Thompson
athom...@athompso.net
+1 (204) 291-7950 - cell
+1 (204) 489-6515 - fax
___
pfSense
?
--
-Adam Thompson
athom...@athompso.net
+1 (204) 291-7950 - cell
+1 (204) 489-6515 - fax
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
More or less: if you can run pfSense at all, you won't run out of memory for
state tables.
Captive portal does consume additional memory, but not large amounts.
For several hundred users behind a captive portal, I would err on the side if
caution and use a system with at least 2GB of RAM,
It's not a routing issue, it's a bug/mis-feature in FreeBSD's IPSec stack.
See
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
for more info.
-Adam
On 04/24/2015 09:37 AM, Gregory K Shenaut
request on the github project?
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
? *Educated* guesses? Thoughts? Although it's
pointless to ask, please try to keep baseless fanboi-type opinions to
yourselves. I'm already a fan of pfSense, and I've explained above why
I couldn't use it here.
Thanks,
-Adam
--
-Adam Thompson
athom...@athompso.net
- a timeout.
Yet NTP from *behind* the firewall works fine.
Anyone else seeing this problem? Any ideas?
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
So if you don't wind up using them for CARP, use them for something else. Get
a smaller subnet from your provider and give back the original subnet.
If you have multiple subnets, the provider-facing one should not be used for
published services; in fact those addresses don't even have to be
Steve,
Unless you want to impose significant limitations on yourself, you will need a
total of 3 IPs for every CARP interface.
I've run systems with single-IP CARP, and unless you have absolutely no choice,
it's not worth the headache.
The unanswered question is how your provider will do
pfSense can do that, 600 users is OK. Up to 1gbps is OK on almost any
server-grade hardware.
VPN is built in.
IDS/IPS requires installation and configuration of the Snort add-on package.
Firewall is built in.
Monitoring and logging are built in, but may or may not meet your needs.
pfSense can
SNMP support exists, although not everything is available that way.
Otherwise the doc wiki has a page on authenticating automated web requests -
RTFM.
-Adam
On January 27, 2015 10:55:00 AM CST, Wolf Noble w...@wolfspyre.com wrote:
I'm sure this has been asked, but I've not found anything in the
/index.php/Remote_Config_Backup
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Jim/other:
Do you have any guidelines for sizing VPN throughput when using the
pfSense Certified VFA ?
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
OpenBGPd works quite well with CARP interfaces, actually... My primary
commercial IPv4 transit uses exactly that.
But that functionality might need a newer version of OpenBGPd than we have
right now... The package is getting a little long in the tooth.
-Adam
On January 8, 2015 9:23:10 AM CST,
appear to have made it into the FreeBSD port yet.
I run a pair of BGP routers using CARP to an upstream peer who only
wants to configure a single IP address and a single session. Works OK
in practice under OpenBSD, not sure how well the pfSense package
(FreeBSD port) handles it.
--
-Adam
moving away
from OpenBGPD to (IIRC) quagga/zebra... but OpenBGPD is the only BGP
implementation I'm seeing now. What happened there?
Third, is there still no way to run BGP and OSPF on the same system??
--
-Adam Thompson
athom...@athompso.net
On 14-11-25 10:14 AM, Espen Johansen wrote:
https://blog.pfsense.org
25. nov. 2014 17:11 skrev Adam Thompson athom...@athompso.net
mailto:athom...@athompso.net følgende:
I'm looking, but I can't find anywhere what *time* the Gold
hangout is going to be (or was...) today. Anyone
-permanently; this was an
unusual and temporary configuration to begin with.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
server and
if
so then turn it off and check the MTU setting in the network stack on
the
NFS server as well.
I may not know what the hell i'm talking about though so someone else
can
feel free to jump in and tell me what an idiot I am.
On Wed, Nov 5, 2014 at 6:47 PM, Adam Thompson athom
else
can
feel free to jump in and tell me what an idiot I am.
On Wed, Nov 5, 2014 at 6:47 PM, Adam Thompson athom...@athompso.net
wrote:
Problem: really, really bad performance (10Mbps) on both NFS (both
tcp
and udp) and CIFS through pfSense.
Proximate cause: running a packet capture
competitor, MikroTik, as a good
example of how to build decent products the wrong way, but Brocade was
my target here. You're a paragon of open-source stewardship in comparison!
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List
One nit: yes, I can sell something called pfSense, as that's the
freely-downloadable software under a (IIRC) BSD license.
I can't sell something called NetGate.
I can't produce a derivative work and call it pfSense. (This is a gray area,
admittedly.)
But, at least here, I'm quite sure I can
is
knowing precisely where to direct that labour to maximize the value to
his paying customers.
The rest of us get enough value from the software as it is.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https
vague on the finer points.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
it must be like to work in the same place as Jim
Thompson.)
Can't be any worse than my last corporate job. In fact, would probably
be *much* better... I don't have to like you to respect you or work
with/for you.
--
-Adam Thompson
athom...@athompso.net
+1 for HP ProCurve, except for the stuff they inherited from 3Com...
I've also had reasonably good luck with Netgear and D-Link managed switches.
The Cisco SMB stuff seems OK hardware-wise, but the software is questionable.
Note that all three of these options come with lifetime, free, firmware
You don't have a pfSense problem at all, you have a VMware problem.
Suggest you visit any one of hundreds of VMware support forums or lists to find
out how to manage virtual networks.
There are also a lot of old threads on the pfSense forum discussing this.
-Adam
On September 19, 2014 11:28:28
There's also the unofficial VMware ESXi white-box HCL, but it hasn't really
been updated since v4.x.
Agreed that if this is anything more than a test system, stick with the HCL and
a support contract. Been there, done that, have the scars to prove it ...
-Adam
On September 19, 2014 12:18:31 PM
Yes, but not often.
-Adam
On September 8, 2014 7:45:10 AM CDT, Bob Gustafson bob...@rcn.com wrote:
Is anyone else on this list getting bounce notices?
On 09/08/2014 01:50 AM, Bounced mail wrote:
The message was not delivered due to the following reason:
Your message was not delivered because
. aug. 2014 22:13 skrev Adam Thompson athom...@athompso.net
mailto:athom...@athompso.net følgende:
On 14-08-16 01:13 PM, Espen Johansen wrote:
You would have to do a major code rewrite to get this done. And
it would be insecure and it would make no pf sense
.
by pinging each host from the firewall) then you can probably get that
down quite a bit.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
--
-Adam Thompson
athom...@athompso.net
Cell: +1 204 291-7950
Fax: +1 204 489-6515
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
a firewall to it is probably not going to work well, if at all...
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
Faster caching when using squid and/or some of the other packages?
But, yes, it would be a bit silly, regardless.
-Adam
On July 30, 2014 9:43:01 AM CDT, Vick Khera vi...@khera.org wrote:
On Wed, Jul 30, 2014 at 9:50 AM, Paul Mather p...@gromit.dlib.vt.edu
wrote:
Personally, I think ZFS on i386
How do you know pfSense is dropping the packet? Does it show up in a packet
capture on OPT1?
-Adam
On July 17, 2014 5:12:07 AM CDT, NetSys Pro netsys...@live.com wrote:
Hello Adam,Anything else I could try?
Thanks
Subject: Re: [pfSense] Disable antispoofing on an interface
From:
Not really possible. If tcpdump cann't show you the packet, then the problem
is occurring before pfSense... i.e. in the WAN optimizer.
On July 17, 2014 12:01:12 PM CDT, NetSys Pro netsys...@live.com wrote:
Adam,
Thanks for your reply.First of all, as I said before, I had already
posted the same
If you run (from memory, here!) clog -f /var/log/filter.log while the packet
is arriving, you should see what rule is blocking it.
You may want to set up a capture in your terminal emulator, as there will
likely be a lot of unrelated output and it'll scroll off-screen quickly.
-Adam
On July 17,
all protocols from OPT1 to LAN?
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
I suspect you need to be looking not for anti-spoofing but for anti-bogon rules.
Can't remember what pfSense calls it offhand.
-Adam
On July 14, 2014 6:19:22 PM CDT, NetSys Pro netsys...@live.com wrote:
Hello everyone,
First of all, please note that I have already posted the question below
on
On 2014-06-06 08:38, Brian Caouette wrote:
For the past few days
I was experiencing issues were squidguard did not always work. Finally
this morning I stumble into the problem. It turns out that if you enable
the save bandwidth feature in chrome you can access all the adult sites.
If you
On May 28, 2014 10:33:59 AM CDT, Brian Caouette bri...@dlois.com wrote:
4.1 appears to be the newest this hardware can use.
On 5/28/2014 11:19 AM, Ryan Coleman wrote:
4.1?
in /5.x/ you can assign VLANs to NICs and then different NICs to VMs.
I don't know about 4.1.
On May 28, 2014, at
hang out here (in fact, the two
entities are closely related).
--
-Adam Thompson
athom...@athompso.net
Cell: +1 204 291-7950
Fax: +1 204 489-6515
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
won't make all that much
difference at the scales you're talking about, but I admit I've never
tried transparent mode at 1Gbps.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman
On May 11, 2014 1:37:01 PM CDT, Mehma Sarja mehmasa...@gmail.com wrote:
My Samsung Chromebook bypasses my router/OpenDNS because it has it's
own
DNS entries.
Yudhvir
Basically it takes a DNS call the first time and goes elsewhere. then
it
corrects itself. If he’s got a different DNS set up
On May 8, 2014 12:05:34 PM CDT, Brian Candler b.cand...@pobox.com wrote:
On 08/05/2014 11:51, Olivier Mascia wrote:
On the WAN interface, I’m currently allowing full ICMPv6 in, albeit
only from Global Unicast and Multicast addresses.
That is: only from 2000::/3 and ff00::/8.
I don't think you'll
On April 22, 2014 4:58:14 PM CDT, Jim Thompson j...@smallworks.com wrote:
On Apr 22, 2014, at 3:42 PM, Volker Kuhlmann hid...@paradise.net.nz
wrote:
On Wed 23 Apr 2014 05:02:59 NZST +1200, Jim Thompson wrote:
Are there any USB Ethernet adapters that actually work with
pfsense?
Reliably? I
sitting on
the shelf. Well, actually on the ground, but only because I don't have
any shelves that can hold *those*.)
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
?
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
/virtual-lan-security-weaknesses-countermeasures-1090
Jim, thank you for that - I've been looking for published references to
convince one of the companies I work with that VLANs are secure enough
for their needs.
--
-Adam Thompson
athom...@athompso.net
question - optimize for today or for tomorrow?
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
something fundamental - I haven't followed this
thread from the beginning...
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
#7.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
The obvious problem is that it looks like you have two interfaces in the same
subnet. That (generally) doesn't work unless you are a routing guru in the
first place and know exactly what you're doing. Which, with apologies for
bluntness, you obviously don't.
The problem isn't with pfSense,
of problems.
Turning on prefetch can help in some situations. Having a stale root
hints file will also cause problems. I don't run unbound on my pfSense
box, so I don't recall if pfSense automatically updates the TA and/or
the root-hints for you.
--
-Adam Thompson
athom...@athompso.net
, but most resolvers still
don't) takes a noticeable amount of extra time.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
can't send mail via the mail command, however pfSense comes
with a different command that you *could* use if you're dead set on
sending email from the firewall, /usr/local/bin/mail.php. It requires
that you have an SMTP server configured correctly under
System-Advanced-Notifications.
--
-Adam
It should, as that card will either use standard Intel or Broadcom Ethernet
chips.
There is always a small possibility that any given card may be incompatible,
but in your case I would expect that be almost negligible.
If the card is a brand-new model or revision, you are more likely to have
On 14-01-05 04:57 PM, Nicolas Bélan wrote:
Hello :)
Sure it is strange, can you launch ssh server in debug mode (non
detaching daemon) and check /var/log/message or secure in B ?
Can you also provide a packet capture with tcp flags ?
It may be different causes ...
maybe the cause is located on
and routing. You've also got VLANs thrown in there,
which actually live at layer 2 but have layer 3 implications.
Despite the fact pfSense supports traffic shaping on bridges, I'm not
certain it'll be possible in your exact scenario without several more
complicated steps.
--
-Adam Thompson
athom
after ~50-100 packets? Why
is only IPv6 affected? Have I missed something fundamental?
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
their
cloud service on the far end; you might still have to find somewhere to
host the server side to get the most out of the bonding mode they offer.
Good luck, feel free to ask for clarification here if needed.
--
-Adam Thompson
athom...@athompso.net
or
receiving any VLAN-tagged frames at all.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
faults while sitting in a box on a shelf.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
1 - 100 of 198 matches
Mail list logo