On Thu, Dec 12, 2013 at 5:23 PM, Peder Rovelstad wrote:
> Hello. It seems dnsstuff.com no longer responds to lookups. I thought
> maybe I had borked something, but same from outside my net. It’s such a
> great feature. Did something happen?
>
You mean the lookup page you get when you click th
I have done some brief testing of AES-NI a few months back, though I
can't seem to find the results at the moment and that test environment
isn't online currently. It doesn't give the performance benefit that
it should at this time. So the immediate benefit is minimal (except
for the fact the Xeon
On Fri, Oct 18, 2013 at 6:28 PM, Alan Worstell
wrote:
> Hello,
> I just installed a new 2.1 firewall at a client's location, and discovered
> what seems to be a bug. After installing, I tried logging in to the
> firewall, couldn't auth multiple times, figured out it was due to a stuck
> "." key on
On Sun, Oct 13, 2013 at 12:03 PM, Jim Thompson wrote:
>
> But first, on the tail of the recent thread that erupted here, consider this
> backdoor that someone (?) recently (?) discovered > (?) in the firmware for
> certain D-link routers:
> http://www.devttys0.com/2013/10/reverse-engineering-a
On Wed, Oct 9, 2013 at 2:34 AM, Goofy79 wrote:
> We have exact the same Problem.
> Timeouts in our SSH connections.
>
> I tried it over the DSL Modem to a Server in the iNet and
> over a DMZ interface to an Server in the DMZ.
> to both Linux Servers timeouts with the SSH.
>
First guess, asymmetri
On Mon, Oct 7, 2013 at 11:02 AM, Roy Hocknull wrote:
> Hi,
>
> I am having trouble setting up an IPSEC transport mode connection. My
> traffic is still going over the public internet and not down the encrypted
> link. Does anyone have any guidance on how to set an IPSEC transport VPN up?
>
There
On Wed, Oct 9, 2013 at 9:20 AM, Thinker Rix wrote:
> Dear pfsense-team,
>
> today I posted the following on your blog at http://blog.pfsense.org/?p=712
>
>
>
>
> “Worried User Says: Your comment is awaiting moderation.
>
> October 9th, 2013 at 7:55
On Sun, Sep 29, 2013 at 2:45 PM, master8...@aol.com wrote:
> I finally was able to receive an advanced replacement from Netgate a few
> weeks ago. I swapped it out leaving my old install intact and the problem
> disappeared on the new device. After all the installs with the various
> Netgate FW mo
On Thu, Sep 19, 2013 at 8:22 AM, Ugo Bellavance wrote:
> Hi,
>
> My old PC Engines WRAP is still surviving, and I'd like to install 2.1 on
> it. Are these instructions still valid for 2.1?
> https://doc.pfsense.org/index.php/NanoBSD_on_WRAP
>
I would guess yes. But we haven't tested on WRAP in y
On Sun, Sep 15, 2013 at 10:53 AM, Adam Thompson wrote:
>
> I assume this is why snapshots.pfsense.org is offline (or at least not
> answering) right now?
There aren't any snapshots to be had, so it's just pointing to a
"Check back later" page at the moment. For those who were tracking
snapshots
I'm happy to announce both 2.1-RELEASE, and our new Gold Subscription,
including immediate PDF download to the updated 2.1 book for
subscribers!
Check out the announcements on our blog.
http://blog.pfsense.org/?p=712 - 2.1-RELEASE
http://blog.pfsense.org/?p=718 - Gold Subscription
Thanks for you
On Fri, Sep 13, 2013 at 1:38 PM, Klaus Lichtenwalder
wrote:
> Hi,
>
> in the last few weeks I experience the effect that my pfsense box
> suddenly blocks most of the outgoing traffic via the bogon rule. At
> least I interprete it that way:
> Sep 13 20:32:59 alix pf: 00:00:00.000133 rule 2/0(match)
On Wed, Sep 4, 2013 at 7:33 PM, Robert Guerra wrote:
>
> Curious on people's comments on types of routers, firewalls and other
> appliances that might be affected as > well as mitigation strategies. Would
> installing a pfsense and/or other open source firewall be helpful in
> anyway at a home
On Sat, Aug 24, 2013 at 3:17 AM, Oliver Schad
wrote:
> Hi all,
>
> I have some connection problems with a new pfSense pair: I use a
> monitoring system which uses a SQL database to store all monitored
> data. The traffic goes through the pfsense since yesterday.
>
> Everything worked fine before f
On Fri, Jun 28, 2013 at 8:13 AM, Chuck Mariotti wrote:
> We host a number of websites at our datacenter and it has gotten to a
> point where we have a few high traffic sites that are doubling traffic
> every 2 to 3 months… Part of the agreement for hosting is that the owner
> would handle any add
On Fri, May 24, 2013 at 4:25 PM, Jeffrey Mealo
wrote:
> Will be pfSense be running on bare metal or virtualized? pfSense has issues
> running on some hypervisors including KVM.
>
That's generally not true, it's widely used on many including KVM.
___
Lis
On Wed, May 22, 2013 at 12:27 AM, Makara wrote:
> Hi List,
>
> We are using pfsense for NAT purpose, around 1000 customers concurrent and
> the bandwidth is around 500MBPS. We have problem the pfsense is stuck around
> 1 or 2 week always.
>
> HW: Dell Optiplex 7010
> OS: Pfsense 2.0-RC3(We downgra
On Wed, May 15, 2013 at 8:07 AM, Chris Bagnall
wrote:
> Greetings list,
>
> One of our clients is currently building a property in the middle of
> nowhere, and traditional (*DSL/cable/wireless) services aren't feasible,
> which leaves the only option being satellite.
>
> Unfortunately, satellite b
On Sun, May 12, 2013 at 10:25 AM, Jason Pyeron wrote:
> Is the instructions in #4 the best way to do this, and are there updates
> (since
> 2006) I should be aware of when following those instructions?
>
Should be more or less like that minus all the specific "ifconfig xyz"
commands. I'd advice
On Fri, May 3, 2013 at 4:04 PM, Mark Street wrote:
> Hi,
>
> I am creating a tunnel with another party that is using a Cisco ASA5520.
> Phase 1 is negotiating just fine.
>
> Phase 2 will not come up. I am using my LAN Subnet on my side and made sure
> they have the same settings. They are using
On Mon, Apr 29, 2013 at 7:13 AM, Odhiambo Washington wrote:
>
>
> I don't know if I am the one missing a step, but I installed 2.0.3 and
> let the WAN int get IP through DHCP. However, when I use the WebUI to change
> that to a static IP (a /30) with a default gateway to match, I am unable to
> sa
On Thu, Apr 18, 2013 at 3:08 PM, Alexandre Guimaraes
wrote:
>
> 2011/10/19 Ståle Johnsen :
>> Hi and thanks for your reply.
>> It isn't a problem building the ipsec connection itself, but the
>> destination
>> end has a business requirement to not route other private adresses into
>> their network
On Mon, Apr 15, 2013 at 7:23 AM, Vick Khera wrote:
>
> On Sat, Apr 13, 2013 at 3:58 PM, James Bensley wrote:
>>
>> If I am connect to a LAN host from outside using SSH for example, and
>> I pull out the master, my SSH sessions stops working. Do the boxes not
>> sync NAT tables and states etc? I l
Info on the blog.
http://blog.pfsense.org/?p=694
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Mon, Apr 15, 2013 at 1:30 AM, Marc R. Meshurle Jr. wrote:
>
> I did nothing but set security in my vSwitch to promiscuous. That was set
> prior to this post.
>
That's only relevant if you're using CARP VIPs. If you're not, don't do that.
___
List mai
On Sun, Apr 7, 2013 at 10:51 PM, Mark Cisewski wrote:
> I seen what it broke. But still miss it so much! please make it work when
> time is available!
>
We didn't create it, don't recommend it because it breaks things, and
won't maintain it.
At some point post-2.1 we'll have our web developer u
On Sun, Apr 7, 2013 at 12:06 PM, Michael D. Wood
wrote:
> Hi Guys,
>
>
>
> I’m running pfSense 2.1BETA1 built on April 3. I was wondering what
> happened (or maybe I’m missing it) to the Widescreen add-on package?
>
It overwrites base system files which is ugly, and breaks things in
2.1, so we
On Fri, Apr 5, 2013 at 7:19 AM, Christophe Ségui
wrote:
>
> kernel panic. hard reboot needed.(
>
You submit a crash report?
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Fri, Apr 5, 2013 at 4:59 AM, Christophe Ségui
wrote:
>
> Hi,
>
> I'tried pfsense 2.1-BE5A1 as router/firewall (ospf is used for wan) and
> /22 network as internal network. With PF activated, the node crash after 2
> hours up … since pf is deactivated, node stays up (routing functionnalities
>
On Sun, Mar 31, 2013 at 10:09 PM, Jason Pyeron wrote:
> Does anyone know why the alias code is hard limited at 4999 aliases?
>
Performance reasons, anything more than that should be a URL table
alias, or not kept in the config. It's an arbitrary number, on fast
systems you should be able to get b
On Fri, Mar 29, 2013 at 3:39 PM, Jason Pyeron wrote:
>
> That would be verry disruptive, it says: "Resetting the state tables will
> remove
> all entries from the corresponding tables. This means that all open
> connections
> will be broken and will have to be re-established." We have thousands
On Fri, Mar 29, 2013 at 9:03 AM, WolfSec-Support wrote:
>
> effectively I have also on pfsenses v2.0.2 DNS problems, als on local
> interfaces.
> so this is why I stated here a general problem in dns forwarder could
> be the issue
>
It's not a general problem, DNS forwarder works fine in 2.0.2.
_
On Wed, Mar 27, 2013 at 1:31 PM, Francisco Puente wrote:
>
> Hello,
>
>
>
> I'm on 2.0.2-RELEASE.
>
>
>
> I have a set of previous NAT rules that are working fine, but since
> yesterday, I'm trying to have some new rules to work.
>
>
>
> I've even removed another rules that were working fine befo
On Wed, Mar 20, 2013 at 3:37 AM, Glenn Kelley wrote:
> Zach
>
> It might be wise to reach out to Chris on this.
>
> I have Chris on site last July 3rd and it was a total fail making this work.
> In short - BGP failed - we ended up putting in another solution.
>
> I have asked a number of times sin
On Tue, Mar 19, 2013 at 12:27 AM, Chuck Mariotti wrote:
> We are seeing a lot of http requests to legitimate URLs on our web server…
> the URLs are pages that do auto redirects to other content pages. The
> redirects are collecting site stats and the high number of requests are
> knocking the trac
On Sun, Mar 17, 2013 at 8:01 PM, Gerald Waugh
wrote:
>
> thanks for the response, wan and opt1 are bridged.
>
> remember that all email clients work except for outlook with firewall
> enabled
> and all email clients work including outlook when firewall is disabled.
>
> I think I will reload the pf
On Sun, Mar 17, 2013 at 4:47 PM, Ermal Luçi wrote:
>
> Try enabling on the rule to allow ip options.
> It might be that the packets are being dropped due to having ip options in
> them.
>
Outlook shouldn't be using IP options, we'd have had a flood of
problem reports if that were the case with an
On Thu, Mar 14, 2013 at 9:08 AM, master8...@aol.com wrote:
>
> I have dug around a bit and have been unable to find a 2.0.3 release. Is it
> available yet?
>
http://forum.pfsense.org/index.php/topic,58203.0.html
___
List mailing list
List@lists.pfsense.
On Wed, Mar 13, 2013 at 12:23 PM, master8...@aol.com wrote:
>>
>> What version? There were some recent fixes related to OpenVPN and
>> OSPF, may need 2.0.3.
>>
> Quagga 0.99.20.1 v0.5.2
> pfSense 2.0.1-RELEASE Embedded
>
You need at least 2.0.2 and I'd recommend 2.0.3 instead for
OpenVPN+OSPF. OS
On Wed, Mar 13, 2013 at 10:07 AM, master8...@aol.com wrote:
> I have a network of 6 pfSense routers, all running quagga connected together
> with OpenVPN. When the internet goes down at a remote location, quagga kills
> out the neighbors as it should. But when the internet comes back, it never
> r
On Tue, Feb 26, 2013 at 2:36 PM, Kendrick Vargas wrote:
> We are talking about a package, right? Something people can choose to
> install or... you know... not?
>
Of course, absolutely no way anything like this would ever make it in
the base system.
Personally, I'd never run or recommend running
On Fri, Feb 22, 2013 at 6:18 PM, Thinker Rix wrote:
> Hello,
>
> there is a bug in the backup/restore function of pfSense 2.0.2 which makes
> it impossible to restore encrypted backups, rendering those backups useless.
>
Thanks, opened:
https://redmine.pfsense.org/issues/2836
On Sat, Feb 16, 2013 at 7:55 AM, Joy wrote:
> Dear Expert,
> I am searching for an answer coming in my mind from last
> 2 months in google but did not find a solution for the same and hoping the
> someone will be answer here on this list.
>
> Question:- How commercial UTM like
On Tue, Feb 12, 2013 at 12:46 PM, Ugo Bellavance wrote:
> Hi,
>
> I get this error in the logs:
>
> root: Could not download
> http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5 (md5 mismatch)
>
That's what happens when something upstream is breaking your Internet
connectivity and returning
On Thu, Feb 7, 2013 at 12:57 AM, Arun Kumar wrote:
> Hello,
>
> Pfsense is crashing frequently the crash report is pasted below, Can any
> one help me in resolving this issue.
>
>
Don't run production systems with the developer kernel. It'll panic where
standard kernels won't. That's most likely t
On Mon, Jan 21, 2013 at 6:26 PM, Adrian Zaugg wrote:
>
> Dear List
>
> When I traceroute to a server on the WAN subnet of pfsense, the traffic
> is sent to the subnet's gateway first. This is not what I want. How do I
> have to configure pfsense, that it sends local traffic to a locally
> attached
Very glad to see this. Took me about 5 minutes to get my iPhone
connected to OpenVPN. Thanks Jim!
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Fri, Jan 4, 2013 at 10:33 PM, Diego Barrios wrote:
> By WRAP do you mean Alix 2D13 and similar?
>
The WRAP was the predecessor of the ALIX, it went end of life in 2007.
They were 233 or 266 MHz Geode, 64 or 128 MB RAM. It's about one third
the performance of the ALIX as far as firewall through
On Fri, Jan 4, 2013 at 9:04 PM, Ugo Bellavance wrote:
> Hi,
>
> I'm still using a WRAP box for my pfSense at home. Should I change it? It
> works OK, but I'm stuck at V 2.0.0 for now. Will 2.1 run on WRAP?
>
If you're using basic enough services to get by on a WRAP with 2.0.x,
2.1 isn't going
On Fri, Jan 4, 2013 at 7:21 PM, WolfSec-Support wrote:
> hi jim,
>
> 2013/1/5 Jim Pingle
>>
>> On 1/4/2013 7:39 PM, WolfSec-Support wrote:
>> > --- openvpn_restart('client', $settings);
>> That code is smart enough to not start if it's in backup mode.
>>
>> The key is that the VPN must be bound t
On Fri, Jan 4, 2013 at 6:19 PM, WolfSec-Support wrote:
> hello,
>
> in pfsense 2.0.2 it is now new and great,
> that the CARP master will handle the tunnels of openvpn,
> and the CARP backup will stop the openvpn _SERVER_
>
> however:
>
> - setup site2site
> - outpost has also 2 pfsense boxes for
On Fri, Jan 4, 2013 at 12:32 AM, Nenhum_de_Nos wrote:
> hail,
>
> I tried today to do this, and no good at all. For backup purposes, I
> installed a 1.2.3 and used
> the config to make it up to the production one, and then started the firmware
> upgrade.
>
> all told me fine until I rebooted. I
On Fri, Dec 21, 2012 at 7:43 PM, James Caldwell
wrote:
> That's great to know it's been thoroughly tested out in the wild already and
> still considered in beta. If it's already stable enough > to run as your
> primary version, what's left before 2.1 goes release?
>
We knocked out some of the
On Fri, Dec 21, 2012 at 6:27 PM, Jim Thompson wrote:
>
> We dogfood 2.1 at BSD Perimeter as well. :-)
>
Indeed, everywhere. We don't have any production 2.0.x installs, our
office, all our colo facilities, and all our home systems are running
2.1.
___
info here:
http://blog.pfsense.org/?p=676
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Thu, Dec 13, 2012 at 8:25 AM, Eugen Leitl wrote:
>
> I had a hang with 2.1-BETA1 (i386) update to 2.1-BETA (amd64) (on
> Intel D510) which I solved by a reset. The upgrade seems to have
> succeeded, though.
>
Changing architectures via upgrade is not supported and never has
been. It mostly wor
On Thu, Dec 13, 2012 at 12:10 AM, Seth Mos wrote:
> Hi,
>
> Looks like our IPv6 support is already behind, this German cable internet
> ISP is rolling out DS-lite which we don't have.
>
> Maybe we should just target native IPv6 support?
We have pretty much every use case covered already, I believ
On Mon, Dec 10, 2012 at 9:59 AM, Steve Spencer wrote:
> On 12/10/2012 09:32 AM, Vick Khera wrote:
>>>
>>> The remote phones in question are not using NAT, but are publicly
>>> >addressed. Local phones on our LAN continue to work just fine. The
>>> > firewall
>>> >is at the local end and sits betwe
On Fri, Dec 7, 2012 at 4:54 PM, Steve Spencer wrote:
> All,
>
> I've been attempting to our old 1.2.2 firewall to new hardware and version
> 2.0 Release. Everything works with one big exception of the remote phones on
> our Digium Switchvox server. I've attempted this move 3 times, and each time
>
On Sat, Dec 8, 2012 at 4:03 PM, David Lawley wrote:
> thanks for the information, guessing things are different enough that
> replace/reinstall will be best option. Guess there would always be that
> doubt about any issue that would come up if it was an error in updating.
>
Not really. Every ins
On Wed, Dec 5, 2012 at 1:19 PM, Michael Schuh wrote:
>
>
> 2012/12/5 WolfSec-Support
>>
>> 2012/12/5 Eugen Leitl
>>>
>>> On Wed, Dec 05, 2012 at 06:07:19PM +0100, WolfSec-Support wrote:
>>>
>>>
>>> Which CPU? Atom?
>>
>>
>> Yes, with a Singlecore 1.6 Ghz Atom,
>> and alternatively with a 1.86 Gh
On Tue, Dec 4, 2012 at 9:44 AM, Wade Blackwell wrote:
> Thanks Chris,
>Rogue DNS entries, emap connections being sent into space. So if the
> 0x checksum is normal why is wireshark flagging it as incorrect/corrupt?
>
Because it's not correct. But it's normal in many circumstances for
On Mon, Dec 3, 2012 at 9:48 PM, Wade Blackwell
wrote:
> Ok so I enabled the MSS clamping at the default,
> I had already disabled the local firewalls on all three AD machines
> and still no dice. I'll kill this thread if you think it's not related to
> the PF. Thanks again Chris.
>
I'd lo
On Mon, Dec 3, 2012 at 5:57 PM, Wade Blackwell wrote:
> Good afternoon all,
> So I have 3 sites in a full mesh IPsec VPN. 2 of those sites are PF
> 2.1-BETA0 (nov 1) and the other is m0n0wall 1.33. Tunnel that is currently
> affected traverses one PF and the m0n0. I have disabled hardware
On Mon, Nov 26, 2012 at 6:57 PM, Alan Worstell
wrote:
> Back in 1.2.3, the default dropdown interface on Proxy ARP Virtual IPs was
> wan, which was good. Since 2.0, the default is LAN, and although there's
> probably a good reason to allow LAN Proxy ARP IPs, I can't think of what
> that would be,
On Sun, Nov 25, 2012 at 10:50 PM, Jerome Alet wrote:
> Hi,
>
> We've got pfSense 2.1 snapshots running with Squid package 2.7.9 pkg
> v.4.3.1 (not sure if it's meaningful or not)
>
> If a client behind the captive portal is not authenticated yet, and its
> browser's homepage is an https:// URL (ty
On Tue, Nov 20, 2012 at 12:00 PM, Mehma Sarja wrote:
> Hi,
>
> My name is Yudhvir and I am the Speaker Coordinator for the Silicon Valley
> Linux User Group(SVLUG). We would like a talk about pfSense at one of our
> monthly meetings in Mountain View, CA.
>
> We meet monthly, 1st Wednesday evenings
On Tue, Nov 20, 2012 at 3:47 AM, Eugen Leitl wrote:
>
> I need to firewall a 100 MBit/s symmetrical site and
> want to reuse my ALIX 2D3 with Soekris VPN accelerator
> as this is a nonprofit with no budget.
>
> Can the hardware still handle pfSense 2.1 without
> choking? I'll be getting ~70-75 MBi
2012/11/20 Pablo Figue :
> hi!
>
> how does this affect to pfSense?
> http://www.freebsd.org/news/2012-compromise.html
>
Has no affect.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Thu, Nov 15, 2012 at 11:04 AM, Will Wagner wrote:
> Hello,
>
> I have a pfsense box working well with multiple interfaces. One of the
> interfaces is an internal network for which there should be no access
> outside the gateway.
>
> I want to configure pfSense to be a DHCP server on that interf
On Mon, Nov 5, 2012 at 1:41 PM, Jerome Alet wrote:
> Me, again :-)
>
> I've noticed something that might be helpful...
>
> When I have upgraded the slave member of my pfSense cluster, the version
> number of the configuration file changes from 9.0 to 9.1
>
> So I've got two members of the cluster
On Mon, Nov 5, 2012 at 2:31 PM, David Brodski wrote:
> Thank you for the replay, but I it is not working.
>
There's about 0 chance of that working without source code hacking.
You'll need one NIC per IP to do that easily. I'd suggest a real,
proper static IP assignment rather than that mess that
On Fri, Oct 12, 2012 at 5:49 PM, wrote:
> Hi all,
>
> Please let me know that the following is possible.
>
> client1/2 ---> another firewall > The Internet ---> pfSense
> -->
> PPTP/GRE
On Tue, Oct 9, 2012 at 10:06 PM, Guruprasad R wrote:
> Dear chris
> Your pfSense book is an excellent one.
> When do you plan to release the updated edition of Pfsense- book on pfSense
> 2.x version.
>
It's in the works, no date yet, and not far enough along to guess at one.
___
On Sat, Sep 29, 2012 at 5:06 AM, Stefan Baur
wrote:
> Hi List,
>
> I have multiple sites where several clients (C1...Cn) within the same LAN
> need to connect a server (S).
>
> The pfSense box acts a router (R) at all these sites.
> The router IP on the LAN side is the same everywhere.
> The serve
This ESX regression was discussed recently here in at least one if not
more threads, VMware has a patch out.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032586
PR887134: Timer stops in FreeBSD 8.x and 9.x as virtual hardware HPET
main counter reg
On Wed, Sep 26, 2012 at 6:35 AM, İhsan Doğan wrote:
> Am 26.09.2012 12:53, schrieb David Burgess:
>
>>> the built in Via Rhine ethernet interfaces do not support VLAN
>>> HW tagging
>>
>> News to me. I have one running with vlans just fine. You may have other
>> issues.
>
> The Via Rhine interface
On Sat, Sep 22, 2012 at 11:25 AM, Rastreador wrote:
> scenario:
>
> pptp windows machine on a server pfsense.
>
> In a file transfer, I see great sway link not exceeding 5.4 mb / s.
>
> Checking some articles on the subject, in pfSense marked the "Hardware
> Checksum Offloading". I noticed that th
On Mon, Sep 17, 2012 at 8:19 AM, Vieri wrote:
> Hi,
>
> Apart from installing packages from the web configurator, is it possible to
> do a "native" package installation with any of the FreeBSD methods found in
> the following link (at my own risk, of course)?
>
Yes. http://doc.pfsense.org/index
On Mon, Sep 17, 2012 at 2:54 PM, Vieri wrote:
> Hi,
>
> Can I specify an IP address range in firewall rules or alias?
> If so, how?
>
> I know I can set 'network' aliases but sometimes it's simpler to just specify
> a range such as - instead of using masks.
>
You can put a range in the network a
On Tue, Sep 11, 2012 at 12:03 PM, Theodor-Iulian Ciobanu
wrote:
> Hello,
>
> I inherited a very old instance of pfsense (1.0.1) acting as a router
> and firewall between multiple DMZs and WAN (LAN is empty and unused).
>
> After updating to 1.2.3, outbound connections were working fine, but I
> wa
On Tue, Sep 11, 2012 at 3:35 PM, Matthew Patton wrote:
> The Schew Soft IKE client doesn't require "Admin" privs. What I wish for
> though is an actual, working Cisco VPN client configuration.
>
The Cisco IPsec client works.
OpenVPN can run as a non-admin with surun, and is vastly more stable
th
On Mon, Sep 10, 2012 at 9:36 AM, Pedro Serotto wrote:
> Dear all,
> I have a fresh install on the above HW.
>
> My configuration is quite simple.
> About ten nat rules, eight load balancer's pools and eight carp's virtual
> ip.
>
> When I try to download something through pfSense I never get over
On Mon, Sep 10, 2012 at 11:22 PM, bona chhith wrote:
> Can someone give me the pfsense support number, I like to use your expertise
> for 5 hours which you charge 400 bucks, but I have no phone
> We can do a PO and get you pay right away.
>
After signing up at portal.pfsense.org you get all that
On Mon, Sep 10, 2012 at 11:11 PM, bona chhith wrote:
> I encounter the same problems, as I create different profiles and if a few
> peoples connecting the same profile the all get the same ip from the tunnel
> address pool, this cause slow and drop in the networks, do anyone know how
> to fixed it
Re-sending the below, it appears to have bounced last time because of
a problem with my mail server I fixed since.
On Tue, Aug 21, 2012 at 4:35 PM, Chris Buechler wrote:
> On Tue, Aug 21, 2012 at 2:43 PM, Matthew Patton wrote:
>> On Tue, 21 Aug 2012 13:25:51 -0400, Josh Karli wrote:
On Sun, Aug 26, 2012 at 11:46 PM, Thomas Sweeney wrote:
> I am unable to use the 'notification' 'send to' smtp server to connect to a
> LAN side mail server, only works through the 'wan' side. Am I missing
> something or can I specify it to go through the LAN interface?
>
You can't specify what
On Wed, Aug 8, 2012 at 12:00 PM, Karmstrong wrote:
> We have run into the common problem of web site access randomly stopping.
> For instance, at one of our locations google.com no longer works. At others,
> yahoo.com can not be accessed. We can not pull the sites up in a browser nor
> ping them.
On Wed, Aug 8, 2012 at 1:12 AM, Josh Karli wrote:
>
> Don't know the KB or bug numbers but here's a thread:
> http://forums.freebsd.org/archive/index.php/t-31929.html
>
That's what I was referring to. Especially this quoted from VMware:
"I just wanted to get in touch with you to let you know tha
On Tue, Aug 7, 2012 at 6:10 PM, Josh Karli wrote:
>
> Yes, I should have mentioned that I am having this happen every few days and
> it begins in the morning after a night of little to no use. I do have
> latencies increase considerably. You can watch the ping latency randomly
> oscillate where it
On Mon, Aug 6, 2012 at 1:14 PM, mayak-cq wrote:
> hi all,
>
> i have a client with an embedded pfsense -- massive dns packet traffic that
> looks like this:
>
> 18:40:01.583976 IP 192.168.1.150.32420 > xxx.yyy.40.240.53: 33050+ [1au]
> ANY? ripe.net. (38)
> 18:40:01.584823 IP xxx.yyy.159.197.53 >
On Thu, Jul 26, 2012 at 11:51 AM, Peder Rovelstad
wrote:
> Just happened to see this today in my system logs. Does it mean something?
> This is a home network with only about 6 active devices. The DHCP range is
> only 192.168.100 - .110
>
Means your scope used to be bigger/different and there a
On Thu, Jul 26, 2012 at 9:46 PM, Marcos Luna wrote:
> Hello,
>
>
> yes, Im forwarding all tcp traffic from ports 1190-1199 (openvpn uses 1194)
OpenVPN generally uses UDP not TCP.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mail
On Sun, Jul 22, 2012 at 6:26 PM, Michael Schuh wrote:
>>
>> The only firewall-sourced issue I can think of that would match that
>> description is state table exhaustion, check your States RRD graph to
>> see if you were at/near your configured limit at the time of the
>> failures.
>
>
> if that w
On Sun, Jul 22, 2012 at 5:48 PM, Michael Schuh wrote:
> setup an mtr and let it run, watch for packet loss...
This.
> i had such behaviour too and it was sourced by an improper routing setup
> from the ISP
>
That's my guess as well.
The only firewall-sourced issue I can think of that would mat
On Wed, Jul 18, 2012 at 10:49 AM, btb wrote:
> On 2012.07.18 09.19, Chris Buechler wrote:
>>
>> On Wed, Jul 18, 2012 at 4:05 AM, Seth Mos wrote:
>>>
>>> Op 18-7-2012 0:30, b...@bitrate.net schreef:
>>>
>>>> Jul 17 07:55:30 gw1 kernel: ue
On Wed, Jul 18, 2012 at 4:05 AM, Seth Mos wrote:
> Op 18-7-2012 0:30, b...@bitrate.net schreef:
>
>> Jul 17 07:55:30 gw1 kernel: ue0: link state changed to DOWN
>> Jul 17 07:55:30 gw1 kernel: ue0: link state changed to UP
>
> I see a few occasions of your ethernet link flapping, could be a modem
>
On Mon, Jul 16, 2012 at 7:41 PM, Brad Otto wrote:
> This is the message I get in the logs for why it is being blocked:
> "The rule that triggered this action is: @12 block drop in log quick proto
> tcp from to any port = https label
> webConfiguratorlockout"
>
Means that host has tried to log i
Info on the blog.
http://blog.pfsense.org/?p=652
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On Mon, Jul 9, 2012 at 8:09 AM, Paul Gear wrote:
>
> I'm happy to consider running 2.1 in production. Is reason to believe
> that the Broadcom drivers are considerably improved in the 8.3 kernel?
>
I haven't seen any issues with them. Granted I haven't seen the
serious issues you have on 8.1 eit
201 - 300 of 467 matches
Mail list logo