Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

I had found an older thread saying that the "XCBC" hashes were OK, since they were effectively "free" as long as you used one of the AES-GCM ciphers. Same thread (can't find it now, sorry) also indicated that the GCM mode ciphers were more, uh, completely??/rapidly?? accelerated than CBC. Can't

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

Well, that explains why the rest isn't working. Fix DNS and you problems will (hopefully) go away. -Adam On December 4, 2017 2:41:25 PM CST, Pete Boyd <petes-li...@thegoldenear.org> wrote: >On 04/12/2017 20:39, Adam Thompson wrote: >> Do you have functional DNS from the CLI? >

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

The "no address record" error is interesting... Do you have functional DNS from the CLI? -Adam On December 4, 2017 2:29:09 PM CST, Pete Boyd wrote: >On 04/12/2017 20:11, Steve Yates wrote: >> If you ssh to the device and pick the option to update from its >console

Re: [pfSense] Using LAGG interfaces with CARP to allow future router replacements

Yes, there's downtime to set up LAGs. So this won't help avoid all downtime. Since the SG-2440 just went EOL, I would expect the SG-4860 will also go EOL soon, perhaps next quarter (Q1’18). There is a small performance hit. It's not large - certainly not large enough that I ever cared to

Re: [pfSense] 2.4 Bricked my APU4 Netgate

If you're going to even consider blaming widely-used software for hardware problems, then absolutely, yes, please do this, if only to stop the accusations. If you don't reboot regularly, now's a good time to change that policy, too. We aren't running NetWare 3.1 any more. No reboots = no

Re: [pfSense] problems with lagg interfaces?

No, you misunderstood the last response. You have not provided enough information yet to determine what the problem is. Three things have been suggested: 1. It *might* be a bug *similar* to one someone else encountered using different hardware (which does not even exist on your firewall), 2. You

Re: [pfSense] pfSense virtualisation

The only thing I would caution against is having your only gateway to the Internet running on a single host or cluster - this makes troubleshooting VERY difficult when the host or cluster fails. Been there, done that. So I have one H/W gateway running the internet pipe, then all the internal

Re: [pfSense] pfsense 2.4rc wirespeed?

The speedteet server code is not optimized for high upload speed measurement. When running speedtest from a machine on the same subnet, in the same rack in the same data center as the speedtest server (I worked for an ISP) you will still get funny results. Or even two VMs running on the same

Re: [pfSense] IPsec NAT/BINAT not working

I always thought that this behaviour was because of the way IPSec is bolted on to the network stack in FreeBSD 9, that IPsec literally took over the packet before it could get NAT'd. Certainly, I was recently surprised to discover that IPSec VPN tunnels take precedence over local connected

Re: [pfSense] Internal Certificate and Internal Network.

Error messages. Log files. Configuration data. Network topology. Route tables. We have nothing to work with yet. -Adam (Yes, I know I'm being hypocritical here because I've done the same thing. Thank you for not reminding me...) On August 17, 2017 10:51:43 AM CDT, Kleber Carvalho

[pfSense] IPSec to overlapping subnet - unexpected behaviour

Any ideas how I install an IPSec tunnel to a remote subnet that overlaps with a local subnet while not completely killing the local subnet? This isn’t _quite_ as insane as it sounds at first glance: The SPD (i.e. Phase 2) selectors on my side are from a single /32 IPv4 address on the LAN

Re: [pfSense] IPv6 1:1 NAT problems

-- > Moshe Katz > -- mo...@ymkatz.net > -- +1(301)867-3732 <(301)%20867-3732> > > On Wed, Aug 2, 2017 at 10:32 PM, Adam Thompson > <athom...@athompso.net> > wrote: > > > So? Neither do I. I don't have native IPv6 at the office either. > > But both

Re: [pfSense] IPv6 1:1 NAT problems

So? Neither do I. I don't have native IPv6 at the office either. But both are fully IPv6-connected. That's what Hurricane Electric tunnels are for. (And SIXXS, formerly, but they've decided that IPv6 penetration has reached a point where they're not needed anymore. Hahahaha...)

Re: [pfSense] IPv6 1:1 NAT problems

Sadly, yes. Partly due to providers like OVH who don't "get" prefix delegation. Also, how else do you multi-home without running BGP? (Keeping in mind that the overwhelming majority of networks around the world have no access to BGP.) That's one of the specific use cases for Network Prefix

[pfSense] IPv6 1:1 NAT problems

(If you work for Netgate – would a paid support subscription include helping me diagnose the problem here, and get this working? I’m not 100% clear if this is in scope or not.) I’ve encountered an – apparently – unusual problem when trying to enable 1:1 NAT for IPv6. I’m also having a

Re: [pfSense] IPv6 problem at OVH

e > services listening on x.x.x.1, x.x.x.2, x.x.x.3 etc, works like a charm. > > JC > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Adam > Thompson > Sent: August-01-17 12:57 PM > To: list@lists.pfsense.org > Subject: [pfSe

Re: [pfSense] IPv6 problem at OVH

I can't speak to their other platforms, but the Private Cloud offering is based on VMware, and does not permit the use of MAC addresses other than the one assigned to the VM. So CARP immediately fails there. Amusingly (not), there's even special plug-in in the VMware client that is supposed to

[pfSense] IPv6 problem at OVH

Wondering how anyone else manages (or would manage) this scenario: * Private Cloud at OVH. (Runs VMware, which isn't terribly relevant AFAICT.) * OVH provides a single VLAN that is connected directly to their router * ALL public IP addresses are terminated on that VLAN (i.e. bound directly

Re: [pfSense] pfsense twitter account making rude comments.

Not just default - many MUAs (gmail, outlook, virtually every web-based service) don't correctly handle or in some cases even _permit_ the traditional method at all. Much like IRC and two spaces a a period, in-line or appended replies are now historical relics, broadly replaced by things that

Re: [pfSense] SG-1000 and VPN

Jim, Asking you to speculate here... Assuming someone *is* working on drivers for the chip's crypto capabilities, when that finally happens, do you have any notion of how much faster IPsec will get? Are we talking 2x or 100x? -Adam On January 25, 2017 7:45:49 PM CST, Jim Thompson

[pfSense] IGMP querier?

In pfSense 2.3, how do I cause the firewall to generate IGMPv2 or v3 Query packets? I know there's an IGMP proxy feature, but that's kind of useless without a querier. I don't actually need the firewall to do multicast routing, I just need a querier so snooping works on one of my subnets.

Re: [pfSense] USB3 to ethernet adaptor

On 16-05-02 06:20 AM, Rafael Aquino wrote: De: "Frans Meulenbroeks" Has anyone experience using USB3 to ethernet adapters ? I need an extra interface but my HW (Intel NUC) does not have room for another card). Anything recommendable? Best regards, Frans. Hi there,

[pfSense] DNS secondary server on 2.3?

OK, I'm lost... In v2.3, what service, and/or where in the GUI, should I go to make pfSense act as a slave (authoritative) DNS server? On a related note, in Services / DNS Resolver / General Settings, what does "DNS Query Forwarding" do? There's no description, so I assume if it's *not* set,

[pfSense] IKEv2 with LDAP or RADIUS?

I just watched the last hangout that jimp did on Remote Access VPNs, and I'm wondering: is there no way to do user authentication against a back-end LDAP or RADIUS server when using IKEv2-EAP-MSCHAP2? Thanks, -Adam ___ pfSense mailing list

Re: [pfSense] Access Point Recommendations?

Oh, god, not again... Search the list archives from about a month ago. The consensus was, roughly, that the Ubiquity UniFi products were pretty good but had some quirks. As i recall, everything else discussed was either: -insanely expensive, or -crap (or both), or -only works well for one or

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

I'm 95% sure the answer is wait for the developers to fix those issues and/or become a developer and fix those issues :-). Configuration of lighttpd is controlled by the pfSense management framework, so once you discover the correct invocation, you could locally modify the PHP file that

Re: [pfSense] Access Point Recommendations?

? Not a recommendation at all, but stay away from EnGenius devices. OK hardware good price, but (e.g.) my AP comes with an open DNS resolver that can't be disabled, and they don't seem to think it's a problem at all... -- -Adam Thompson athom...@athompso.net +1 (204) 291-7950 - cell +1 (204) 489-6515 - fax

Re: [pfSense] SG-4860 vs. support pricing question

On 07/21/2015 09:37 AM, Jim Pingle wrote: On 07/20/2015 07:09 PM, Adam Thompson wrote: But I do have one issue/question/comment about the pricing of that bundle: there are still only 2 support incidents bundled. It seems that if I bought two 4860s and tie-wrapped them to my own shelf, I’d

[pfSense] Multiple IPsec Mobile phase1s?

clients without clicking that button. Help… -- -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] SG-4860 vs. support pricing question

if I had to buy a new shelf) but would get 4 support incidents included with my purchase. Also, the price for a 2-incident support pack is $399, but I can buy a SG-2220 for only $299 and get the same # of support incidents. Have I missed something? Is this intentional? -- -Adam Thompson

Re: [pfSense] Multiple IPsec Mobile phase1s?

I figured out part of the answer to my own question: Manually navigate to “https://pfsense/vpn_ipsec_phase1.php?mobile=true” to create Mobile IPsec phase 1 entries. No idea what that breaks, yet. -- -Adam Thompson athom...@athompso.net From: Adam Thompson Sent: ‎Monday‎, ‎July‎

Re: [pfSense] odd issue with pfsense and juniper

My first instinct is to look at PVST+ interoperability issues because of the multi-vendor network, but we need a LOT more detail on the network topology to even make intelligent guesses. You've essentially said I've got this car, with four Goodyear tires, and my trailer makes a funny noise.

[pfSense] IKEv2 agile VPN from Win7/Win8 to pfSense 2.2.2

tricks that aren't obvious? Thanks, -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IKEv2 agile VPN from Win7/Win8 to pfSense 2.2.2

The issue with OpenVPN is merely that I have to prime each client system with both software and configuration file(s), which isn't always possible or feasible in my environment. -Adam On June 17, 2015 10:22:04 AM CDT, Ermal Luçi e...@pfsense.org wrote: On Wed, Jun 17, 2015 at 4:40 PM, Steve

Re: [pfSense] Single IP - DMZ a single port

...this is what you wind up with normally, until/unless you create a rule explicitly allowing the DMZ host to talk to the LAN, so yes, it's definitely possible. -Adam On June 6, 2015 8:18:35 AM CDT, Marc R. Meshurle Jr. m...@katotech.com wrote: Here's a question - I have a single IP with my

Re: [pfSense] reverse proxy situation

could be wrong but if you're looking for SSL offloading (I ensure all traffic goes over SSL) varnish and squid would be out of the picture. Travis Hansen travisghan...@yahoo.com On Saturday, May 30, 2015 8:25 PM, Adam Thompson athom...@athompso.net wrote: I need to run a reverse proxy

Re: [pfSense] reverse proxy situation

for reverse proxy or a user proxy. I'm confused after reading your mail a few times. Brgds, Espen 31. mai 2015 15:35 skrev Espen Johansen pfse...@gmail.com: Exclude varnish its primarily made for frontend LB proxy. søn. 31. mai 2015, 15:32 skrev Adam Thompson athom...@athompso.net: Oh, shoot

[pfSense] reverse proxy situation

reason to use one over another on pfSense 2.2 today? FWIW, this firewall is relatively underpowered (PowerEdge 1750, dual 2.4GHz P4-era Xeons). -- -Adam Thompson athom...@athompso.net +1 (204) 291-7950 - cell +1 (204) 489-6515 - fax ___ pfSense

[pfSense] Snort FATAL error

? -- -Adam Thompson athom...@athompso.net +1 (204) 291-7950 - cell +1 (204) 489-6515 - fax ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense Hardware Sizing Captive Portal Usage

More or less: if you can run pfSense at all, you won't run out of memory for state tables. Captive portal does consume additional memory, but not large amounts. For several hundred users behind a captive portal, I would err on the side if caution and use a system with at least 2GB of RAM,

Re: [pfSense] ipsec and routing

It's not a routing issue, it's a bug/mis-feature in FreeBSD's IPSec stack. See https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN for more info. -Adam On 04/24/2015 09:37 AM, Gregory K Shenaut

[pfSense] updating testing packages?

request on the github project? -- -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] pf(4) relative performance: opinions?

? *Educated* guesses? Thoughts? Although it's pointless to ask, please try to keep baseless fanboi-type opinions to yourselves. I'm already a fan of pfSense, and I've explained above why I couldn't use it here. Thanks, -Adam -- -Adam Thompson athom...@athompso.net

[pfSense] NTP failure in 2.2.1?

- a timeout. Yet NTP from *behind* the firewall works fine. Anyone else seeing this problem? Any ideas? -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold

Re: [pfSense] Running as a VM, multiple WAN subnets

So if you don't wind up using them for CARP, use them for something else. Get a smaller subnet from your provider and give back the original subnet. If you have multiple subnets, the provider-facing one should not be used for published services; in fact those addresses don't even have to be

Re: [pfSense] Running as a VM, multiple WAN subnets

Steve, Unless you want to impose significant limitations on yourself, you will need a total of 3 IPs for every CARP interface. I've run systems with single-IP CARP, and unless you have absolutely no choice, it's not worth the headache. The unanswered question is how your provider will do

Re: [pfSense] hi every body

pfSense can do that, 600 users is OK. Up to 1gbps is OK on almost any server-grade hardware. VPN is built in. IDS/IPS requires installation and configuration of the Snort add-on package. Firewall is built in. Monitoring and logging are built in, but may or may not meet your needs. pfSense can

Re: [pfSense] polling pfsense status for a combined dashboard

SNMP support exists, although not everything is available that way. Otherwise the doc wiki has a page on authenticating automated web requests - RTFM. -Adam On January 27, 2015 10:55:00 AM CST, Wolf Noble w...@wolfspyre.com wrote: I'm sure this has been asked, but I've not found anything in the

Re: [pfSense] polling pfsense status for a combined dashboard

/index.php/Remote_Config_Backup -- -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] VFA VPN throughput?

Jim/other: Do you have any guidelines for sizing VPN throughput when using the pfSense Certified VFA ? -- -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold

Re: [pfSense] 4 Byte ASN

OpenBGPd works quite well with CARP interfaces, actually... My primary commercial IPv4 transit uses exactly that. But that functionality might need a newer version of OpenBGPd than we have right now... The package is getting a little long in the tooth. -Adam On January 8, 2015 9:23:10 AM CST,

Re: [pfSense] 4 Byte ASN

appear to have made it into the FreeBSD port yet. I run a pair of BGP routers using CARP to an upstream peer who only wants to configure a single IP address and a single session. Works OK in practice under OpenBSD, not sure how well the pfSense package (FreeBSD port) handles it. -- -Adam

[pfSense] BGP in 2.2

moving away from OpenBGPD to (IIRC) quagga/zebra... but OpenBGPD is the only BGP implementation I'm seeing now. What happened there? Third, is there still no way to run BGP and OSPF on the same system?? -- -Adam Thompson athom...@athompso.net

Re: [pfSense] Gold hangout - what time?

On 14-11-25 10:14 AM, Espen Johansen wrote: https://blog.pfsense.org 25. nov. 2014 17:11 skrev Adam Thompson athom...@athompso.net mailto:athom...@athompso.net følgende: I'm looking, but I can't find anywhere what *time* the Gold hangout is going to be (or was...) today. Anyone

Re: [pfSense] terrible performance on NFS CIFS

-permanently; this was an unusual and temporary configuration to begin with. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] terrible performance on NFS CIFS

server and if so then turn it off and check the MTU setting in the network stack on the NFS server as well. I may not know what the hell i'm talking about though so someone else can feel free to jump in and tell me what an idiot I am. On Wed, Nov 5, 2014 at 6:47 PM, Adam Thompson athom

Re: [pfSense] terrible performance on NFS CIFS

else can feel free to jump in and tell me what an idiot I am. On Wed, Nov 5, 2014 at 6:47 PM, Adam Thompson athom...@athompso.net wrote: Problem: really, really bad performance (10Mbps) on both NFS (both tcp and udp) and CIFS through pfSense. Proximate cause: running a packet capture

Re: [pfSense] pfsense h/w

competitor, MikroTik, as a good example of how to build decent products the wrong way, but Brocade was my target here. You're a paragon of open-source stewardship in comparison! -- -Adam Thompson athom...@athompso.net ___ List mailing list List

Re: [pfSense] pfsense h/w

One nit: yes, I can sell something called pfSense, as that's the freely-downloadable software under a (IIRC) BSD license. I can't sell something called NetGate. I can't produce a derivative work and call it pfSense. (This is a gray area, admittedly.) But, at least here, I'm quite sure I can

Re: [pfSense] pfsense h/w

is knowing precisely where to direct that labour to maximize the value to his paying customers. The rest of us get enough value from the software as it is. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https

Re: [pfSense] pfsense h/w

vague on the finer points. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

it must be like to work in the same place as Jim Thompson.) Can't be any worse than my last corporate job. In fact, would probably be *much* better... I don't have to like you to respect you or work with/for you. -- -Adam Thompson athom...@athompso.net

Re: [pfSense] OT: Good network switch for 10 machines?

+1 for HP ProCurve, except for the stuff they inherited from 3Com... I've also had reasonably good luck with Netgear and D-Link managed switches. The Cisco SMB stuff seems OK hardware-wise, but the software is questionable. Note that all three of these options come with lifetime, free, firmware

Re: [pfSense] Adding Ethernetports

You don't have a pfSense problem at all, you have a VMware problem. Suggest you visit any one of hundreds of VMware support forums or lists to find out how to manage virtual networks. There are also a lot of old threads on the pfSense forum discussing this. -Adam On September 19, 2014 11:28:28

Re: [pfSense] Adding Ethernetports

There's also the unofficial VMware ESXi white-box HCL, but it hasn't really been updated since v4.x. Agreed that if this is anything more than a test system, stick with the HCL and a support contract. Been there, done that, have the scars to prove it ... -Adam On September 19, 2014 12:18:31 PM

Re: [pfSense] Returned mail: Data format error

Yes, but not often. -Adam On September 8, 2014 7:45:10 AM CDT, Bob Gustafson bob...@rcn.com wrote: Is anyone else on this list getting bounce notices? On 09/08/2014 01:50 AM, Bounced mail wrote: The message was not delivered due to the following reason: Your message was not delivered because

Re: [pfSense] Dual IP nets over one ethernet connector

. aug. 2014 22:13 skrev Adam Thompson athom...@athompso.net mailto:athom...@athompso.net følgende: On 14-08-16 01:13 PM, Espen Johansen wrote: You would have to do a major code rewrite to get this done. And it would be insecure and it would make no pf sense

Re: [pfSense] Change WAN interface address to new subnet

. by pinging each host from the firewall) then you can probably get that down quite a bit. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Change WAN interface address to new subnet

-- -Adam Thompson athom...@athompso.net Cell: +1 204 291-7950 Fax: +1 204 489-6515 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] How can this be done?

a firewall to it is probably not going to work well, if at all... -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] ZFS warning message on local console during boot

Faster caching when using squid and/or some of the other packages? But, yes, it would be a bit silly, regardless. -Adam On July 30, 2014 9:43:01 AM CDT, Vick Khera vi...@khera.org wrote: On Wed, Jul 30, 2014 at 9:50 AM, Paul Mather p...@gromit.dlib.vt.edu wrote: Personally, I think ZFS on i386

Re: [pfSense] Disable antispoofing on an interface

How do you know pfSense is dropping the packet? Does it show up in a packet capture on OPT1? -Adam On July 17, 2014 5:12:07 AM CDT, NetSys Pro netsys...@live.com wrote: Hello Adam,Anything else I could try? Thanks Subject: Re: [pfSense] Disable antispoofing on an interface From:

Re: [pfSense] Disable antispoofing on an interface

Not really possible. If tcpdump cann't show you the packet, then the problem is occurring before pfSense... i.e. in the WAN optimizer. On July 17, 2014 12:01:12 PM CDT, NetSys Pro netsys...@live.com wrote: Adam, Thanks for your reply.First of all, as I said before, I had already posted the same

Re: [pfSense] Disable antispoofing on an interface

If you run (from memory, here!) clog -f /var/log/filter.log while the packet is arriving, you should see what rule is blocking it. You may want to set up a capture in your terminal emulator, as there will likely be a lot of unrelated output and it'll scroll off-screen quickly. -Adam On July 17,

Re: [pfSense] Disable antispoofing on an interface

all protocols from OPT1 to LAN? -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Disable antispoofing on an interface

I suspect you need to be looking not for anti-spoofing but for anti-bogon rules. Can't remember what pfSense calls it offhand. -Adam On July 14, 2014 6:19:22 PM CDT, NetSys Pro netsys...@live.com wrote: Hello everyone, First of all, please note that I have already posted the question below on

Re: [pfSense] Squidguard Issues

On 2014-06-06 08:38, Brian Caouette wrote: For the past few days I was experiencing issues were squidguard did not always work. Finally this morning I stumble into the problem. It turns out that if you enable the save bandwidth feature in chrome you can access all the adult sites. If you

Re: [pfSense] vmware

On May 28, 2014 10:33:59 AM CDT, Brian Caouette bri...@dlois.com wrote: 4.1 appears to be the newest this hardware can use. On 5/28/2014 11:19 AM, Ryan Coleman wrote: 4.1? in /5.x/ you can assign VLANs to NICs and then different NICs to VMs. I don't know about 4.1. On May 28, 2014, at

Re: [pfSense] Pix Replacement?

hang out here (in fact, the two entities are closely related). -- -Adam Thompson athom...@athompso.net Cell: +1 204 291-7950 Fax: +1 204 489-6515 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense performance

won't make all that much difference at the scales you're talking about, but I admit I've never tried transparent mode at 1Gbps. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman

Re: [pfSense] My son is able to bypass my captivate portal

On May 11, 2014 1:37:01 PM CDT, Mehma Sarja mehmasa...@gmail.com wrote: My Samsung Chromebook bypasses my router/OpenDNS because it has it's own DNS entries. Yudhvir Basically it takes a DNS call the first time and goes elsewhere. then it corrects itself. If he’s got a different DNS set up

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

On May 8, 2014 12:05:34 PM CDT, Brian Candler b.cand...@pobox.com wrote: On 08/05/2014 11:51, Olivier Mascia wrote: On the WAN interface, I’m currently allowing full ICMPv6 in, albeit only from Global Unicast and Multicast addresses. That is: only from 2000::/3 and ff00::/8. I don't think you'll

Re: [pfSense] Interface options for pfsense

On April 22, 2014 4:58:14 PM CDT, Jim Thompson j...@smallworks.com wrote: On Apr 22, 2014, at 3:42 PM, Volker Kuhlmann hid...@paradise.net.nz wrote: On Wed 23 Apr 2014 05:02:59 NZST +1200, Jim Thompson wrote: Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I

Re: [pfSense] Interface yoyo

sitting on the shelf. Well, actually on the ground, but only because I don't have any shelves that can hold *those*.) -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

[pfSense] 2.1 can't auto-update anymore?

? -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] successor to ALIX is here

/virtual-lan-security-weaknesses-countermeasures-1090 Jim, thank you for that - I've been looking for published references to convince one of the companies I work with that VLANs are secure enough for their needs. -- -Adam Thompson athom...@athompso.net

Re: [pfSense] New intel atom board

question - optimize for today or for tomorrow? -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DNS resolution issues under heavy load

something fundamental - I haven't followed this thread from the beginning... -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 802.1q dhcp and pf 2.1 and esxi 5.0

#7. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] [v2.1] configuring OPT1 as hosted services firewall?

The obvious problem is that it looks like you have two interfaces in the same subnet.  That (generally) doesn't work unless you are a routing guru in the first place and know exactly what you're doing.  Which, with apologies for bluntness, you obviously don't. The  problem isn't with pfSense,

Re: [pfSense] Unbound

of problems. Turning on prefetch can help in some situations. Having a stale root hints file will also cause problems. I don't run unbound on my pfSense box, so I don't recall if pfSense automatically updates the TA and/or the root-hints for you. -- -Adam Thompson athom...@athompso.net

Re: [pfSense] Unbound

, but most resolvers still don't) takes a noticeable amount of extra time. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] How to monitor left (free) space on hard drive ?

can't send mail via the mail command, however pfSense comes with a different command that you *could* use if you're dead set on sending email from the firewall, /usr/local/bin/mail.php. It requires that you have an SMTP server configured correctly under System-Advanced-Notifications. -- -Adam

Re: [pfSense] Lan Card Support

It should, as that card will either use standard Intel or Broadcom Ethernet chips. There is always a small possibility that any given card may be incompatible, but in your case I would expect that be almost negligible. If the card is a brand-new model or revision, you are more likely to have

Re: [pfSense] strange IPv6 routing problem

On 14-01-05 04:57 PM, Nicolas Bélan wrote: Hello :) Sure it is strange, can you launch ssh server in debug mode (non detaching daemon) and check /var/log/message or secure in B ? Can you also provide a packet capture with tcp flags ? It may be different causes ... maybe the cause is located on

Re: [pfSense] Bridging 3 virtual interfaces together?

and routing. You've also got VLANs thrown in there, which actually live at layer 2 but have layer 3 implications. Despite the fact pfSense supports traffic shaping on bridges, I'm not certain it'll be possible in your exact scenario without several more complicated steps. -- -Adam Thompson athom

[pfSense] strange IPv6 routing problem

after ~50-100 packets? Why is only IPv6 affected? Have I missed something fundamental? -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Bridging 3 virtual interfaces together?

their cloud service on the far end; you might still have to find somewhere to host the server side to get the most out of the bonding mode they offer. Good luck, feel free to ask for clarification here if needed. -- -Adam Thompson athom...@athompso.net

Re: [pfSense] pfsense - pfsense vlans and trunking without the aid of switches

or receiving any VLAN-tagged frames at all. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Problems with Realtek 8168/8111 nic

faults while sitting in a box on a shelf. -- -Adam Thompson athom...@athompso.net ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

  1   2   >