Re: [pfSense] SIP client fails after a few days

the week it came out without difficulties. -- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Load Balancer: Virtual Servers vs DHCP assigned dynamic IP addresses

interface IPs rather than hardcoding specific IPs? -- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

[pfSense] OpenVPN and saved username/password credentials

, and I'd like to move the VPN connection from the desktop to the firewall level if feasible. -- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org

[pfSense] OpenVPN vs MultiWAN

understood the logic or not, am I in the right place? -- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Alias based on the PTR record

On 3/14/2012 1:10 PM, Ugo Bellavance wrote: I know it is less secure and creates load on the firewall and DNS servers, but is it possible to create an alias to create rules, that would allow one to deny traffic for hosts that has a PTR that contains a string? The short answer is no, at least

Re: [pfSense] does pfsense block XML traffic

using CARP. If you don't know what CARP is and only have one firewall, ignore the setting completely, it does absolutely nothing. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List

Re: [pfSense] Low(ish) cost pfSense platforms

better shows up. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Cannot get data about interface em0_vlan4

consistent, I'm in a multi-WAN environment, initially my main WAN wasn't working, today it is and my second WAN (named DSL) isn't working. Any pointers? Chrome: 25.0.1364.97 m pfSense: 2.0.2-RELEASE (i386) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: [pfSense] Cannot get data about interface em0_vlan4

On 3/5/2013 04:27, Jim Pingle wrote: That's a known issue on 2.0.2, fixed on 2.0.3. Check the forum. Thanks, I appreciate the info. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List

Re: [pfSense] Microsoft Outlook Blocked

traffic to the specific destination IP, are you able to confirm that Outlook is attempting a connection at all or could this be an issue on Outlook's side of things? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List

Re: [pfSense] Prevailing wisdom on Hyperthreading?

is rarely CPU-bound (unless you do a lot of high speed VPN connections or proxying), but pfSense is latency sensitive and Hyperthreading might actually increase latency very slightly. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: [pfSense] Conditional Routing question

. This may still be somewhat problematic as BitTorrent really does need an inbound port opened as well, but that's between you and your VPN provider. An external seedbox might be a better approach, along with the VPN to handle other traffic. -- Dave Warren http://www.hireahit.com/ http

Re: [pfSense] Conditional Routing question

this using layer7 filtering, at least at this time, but someone else might chime in with a suggestion. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org

Re: [pfSense] possible DNS-rebind attack detected

. Either way, everything worked the way it's supposed to. There's absolutely no upside to disabling DNS rebinding attack detection unless your networks are supposed to be interconnected and you are supposed to be able to access each other's internal IPs. -- Dave Warren http://www.hireahit.com/ http

[pfSense] unbound not starting

it did a better job of splitting load across the two WANs, otherwise unbound looks like a far better solution. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http

[pfSense] Traffic Graph: Not reflecting reality?

load. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Traffic Graph: Not reflecting reality?

proxy on port 80) and it happens with NNTP connections which are not proxied. RRD graphs look closer to being possible, and the WAN and LAN seem to match roughly what I'd expect. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: [pfSense] Cannot get data about interface em0_vlan4

On 2013-03-05 17:14, Dave Warren wrote: On 3/5/2013 04:27, Jim Pingle wrote: That's a known issue on 2.0.2, fixed on 2.0.3. Check the forum. Thanks, I appreciate the info. This is an issue again in 2.1... ? Same scenario as before, I reconfigured an interface, rebooted, now I'm getting

Re: [pfSense] Traffic Graph: Not reflecting reality?

nearly mirror images for the 2 interfaces. I don't use SNMP here, but I see the same, RRDs appear to be accurate. Oddly it's only some interfaces that double in the traffic graphs, but not all. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

[pfSense] OpenVPN client bug? An IPv4 protocol was selected, but the selected interface has no IPv4 address error

when setting up and OpenVPN server, it should not apply when setting up an OpenVPN client. Am I missing something or is this a bug? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List

Re: [pfSense] OpenVPN client bug? An IPv4 protocol was selected, but the selected interface has no IPv4 address error

directions that suggested setting it to the OpenVPN tunnel itself. I'll experiment once I'm back in the office and see what happens if I change it to a WAN. Thanks. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren Light travels faster than sound. This is why some

[pfSense] MultiWAN vs unbound

switch (and of course puts us back to forwarding, rather than resolving locally, which is less than ideal) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren 1832-Curling is introduced to the U.S., giving Americans a sport combining the surface of hockey

Re: [pfSense] issue Downloading package from Pfsense.com

resolution settings rather than (potentially) using it's own. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren On 2014-02-13 12:03, Muhammad Yousuf Khan wrote: Yes i can ping, here is the result from web console Diagnosticsping Ping output: PING 8.8.8.8 (8.8.8.8): 56

Re: [pfSense] Netgate's customized pfSense release

on their hardware. This seems like a good thing to me, and arguably the whole point of being open source and BSD licensed. Reading the other messages on the list, this arrangement definitely seems mutually beneficial for both pfSense and Netgate. -- Dave Warren http://www.hireahit.com/ http

[pfSense] unbound using ipv6 in ipv4-only environment

. Is there any harm in flipping unbound's IPv6 support off in the package? Is there any reason to leave it on? Is it doing any harm? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List

Re: [pfSense] pfSense version 2.1.1 has been released

On 2014-04-04 19:29, Chris Buechler wrote: On Fri, Apr 4, 2014 at 9:13 PM, Peder Rovelstad provels...@comcast.net wrote: Worked for me on my home FW, but didn't reboot on own (I did receive mail message that it would reboot in 10 sec). Power cycle brought it back on the right slice. Looking

Re: [pfSense] apinger not noticing good connection

is down completely. *None meaning less than 1%, per RRD and a normal ping from a workstation. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman

[pfSense] Change MAC address on one VLAN of the same NIC.

#3 to a DHCP-assigned bridge on a different ISP, everything works. The IPs on all three ranges are in different subnets, so there's no gateway conflicts, as far as I can tell it's just the MAC address conflict. Is there a better approach? -- Dave Warren http://www.hireahit.com/ http

Re: [pfSense] Change MAC address on one VLAN of the same NIC.

On 2014-05-03 00:49, Ermal Luçi wrote: On Sat, May 3, 2014 at 12:14 AM, Dave Warren da...@hireahit.com mailto:da...@hireahit.com wrote: Howdy! A quick question, is it possible for one NIC to use a different MAC address on a different VLANs? Well FreeBSD supports

[pfSense] Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet

recommend a quad port that's available at a reasonable price for a small deployment? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet

On 2014-05-09 15:13, Jason McClung wrote: On 5/9/2014 3:02 PM, Dave Warren wrote: Anyone have experience with a Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet Server Adapter EXP19404PT on pfSense? From wandering the forums it looks like it should be supported in pfSense 2, but I can't

Re: [pfSense] Bogon List

there), so it makes me wonder if other lists could be subject to the same phantom entries? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman

[pfSense] RRD 1-month vs 3-month

-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] RRD 1-month vs 3-month

On 2014-05-30 09:54, Michael Hardrick wrote: Graphs are usually rounded off to the 90th percentile (or similar). Graphs of one-day, one-week, one-month, one-year will reflect more of a relative percentage of the total bandwidth for the period. A bit of rounding is fine, but we're not talking

Re: [pfSense] Report Errors

defaults, with only a handful of the most common options directly exposed to the user. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo

Re: [pfSense] skype 29 minute fail

-for-scalability-not-surveillance-717215/ it doesn't sound like Skype uses Supernodes anymore anyway, so that probably isn't relevant. (Also not a Skype expert, I just remember reading about it and went Googling :) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: [pfSense] Unbound vs stock

, then it will find itself unable to find pfsense.org to download packages. Ultimately the fix will be for pfSense to recognize unbound as a local DNS server and add it to resolv.conf by default, similar to dnsmasq. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: [pfSense] Squid Problem and DNS?

that was my experience when our office was stuck on a 3Mb pipe instead of our usual dual 100Mb for a few months. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https

Re: [pfSense] ZFS warning message on local console during boot

messages in this thread, it appears that it's harmless and can be ignored since no zfs partitions are actually mounted, but the error still appears. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List

Re: [pfSense] ZFS warning message on local console during boot

squid simply can't ever recover gracefully) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

[pfSense] pfSense DHCP PTR registration

wanting pfSense's DHCP server to register the IPs in the appropriate upstream DNS server, not in the DNS forwarder as in my configuration the DNS forwarder is not authoritative or in a position to intercept queries) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

On 2014-08-29 07:47, Jim Thompson wrote: again, the CSS changed, and the browsers love to cache that stuff. Not if the HTML that calls the CSS throws a version into the filename or query, in which case there is no caching issues at all when the version is incremented. -- Dave Warren http

Re: [pfSense] APU and SSD: full install or NanoBSD

On 2014-10-30 17:15, Jim Thompson wrote: On Oct 30, 2014, at 3:39 PM, Dave Warren da...@hireahit.com wrote: Buy quality instead of junk? ... Even a cheapo 30GB/60GB/whatever SSD is more than enough for pfSense and makes a far more reliable solution than external flash. I strongly disagree

Re: [pfSense] Enforcing policy routing gateway

rule with a Or else just reject the above... It's functional, but a hassle. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project

Re: [pfSense] postfix+mailscanner on 2.2.4

not maintained, and does not work on any modern version of pfSense. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https

Re: [pfSense] Access Point Recommendations?

it for NAT/routing/anything, does it listen on the WAN interface, or only the LAN side? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support

Re: [pfSense] Access Point Recommendations?

it configurable, nor should it be enabled by default unless the guest network is enabled. Ultimately I'm not unhappy with the overall performance of the unit, but it's still not one I'd wholeheartedly recommend, mostly because of the support experience. -- Dave Warren http://www.hireahit.com/ http

Re: [pfSense] QoS for fairness usage

, both upstream and downstream, but it did help. Ultimately we just brought in a second pipe from the ISP and now we route high-bandwidth users to that pipe and let them fight it out amongst themselves. That has worked quite reliably. -- Dave Warren http://www.hireahit.com/ http

Re: [pfSense] Disable DHCP domain-name request

, and it only causes issues on specific hardware, but if you capture and analyze the packets, you'll see correct data was sent by the DHCP server. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense maili

[pfSense] Restoring DHCP table from 2.2.x into 2.3.x

be convenient if IP assignments didn't need to change as this makes it easier to bring the new firewall up side by side with the old one and transfer over relatively seamlessly. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: [pfSense] Restoring DHCP table from 2.2.x into 2.3.x

, although if the data appears similar, it may be worth considering. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https

Re: [pfSense] pfsense upgrade problems?

On Wed, Feb 22, 2017, at 10:23, Eero Volotinen wrote: > The process will require 14 MiB more space. > > 73 MiB to be downloaded. > > Fetching php56-5.6.30.txz: .. done > > pkg: php56-5.6.30 failed checksum from repository > > something wrong with the packages? I upgraded a couple

Re: [pfSense] looking for perfect pfsense box for home?

er from eBay that will probably do more than I'll need for the immediate future. I'll probably just buy Gold and call it a day. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense mailing list https://lists.pfs

Re: [pfSense] looking for perfect pfsense box for home?

ill do just fine if one adds an SSD but as someone pointed out that may use far more power in the long run. For me, it's the fact that I want to rackmount my gear, but $1,799.00 is the cheapest option offered on pfSense.org that can rackmount. -- Dave Warren http://www.hireahit.com/

Re: [pfSense] looking for perfect pfsense box for home?

On 2016-08-20 04:02, Jim Thompson wrote: On Aug 20, 2016, at 3:10 AM, Dave Warren <da...@hireahit.com> wrote: On 2016-08-03 08:43, Steve Yates wrote: I'm being serious but what is your rationale for not using pfSense's/NetGate's? https://www.pfsense.org/products/ The "cheap&qu

[pfSense] Any side effects or negative impact to reassigning ports?

Howdy! I'm building out a new pfSense box, but the NICs have not yet arrived and I'm wondering how much configuration I can do in advance. My configuration will be a quad port Intel NIC, two ports will be WAN ports directly connected to a pair of modems, and the other two will be a LACP LAGG

Re: [pfSense] acme package: wrong agreement URL

For anyone else still having issues, it looks like the package was updated November 16th. On Sat, Nov 18, 2017, at 20:39, WebDawg wrote: > Did you report this as a bug? > > On Thu, Nov 16, 2017 at 4:36 AM, Brian Candler > wrote: > > Trying to use the acme package with

[pfSense] Firewall by ASN

Howdy! Is there a way to firewall traffic based on the ASN? The underlying reason is that we've recently enabled HE's tunnelbroker which, for the most part, works great. However we've run into certain services *cough*Netflix*cough* which reject traffic sent through a HE tunnel. I'd like to

Re: [pfSense] DNS over TLS config for pfSense 2.2.6

On 2018-04-06 00:09, Bryan D. wrote: On 2018-Apr-05, at 10:47 PM, Dave Warren <d...@thedave.ca> wrote: Cloudflare has pushed an update, and things seem to be working from here. For those having issues, try again now? Thanks for the "heads up." Works for me, also (i.e.,

Re: [pfSense] DNS over TLS config for pfSense 2.2.6

On 2018-04-05 01:25, Bryan D. wrote: On 2018-Apr-04, at 10:05 PM, Dave Warren <d...@thedave.ca> wrote: I can also confirm that 9.9.9.9@853 does work here which re-enforces that this is a Cloudflare specific issue. - So it looks like the following config works on pfSense 2.2.6's u

Re: [pfSense] DNS over TLS config for pfSense 2.2.6

I'm running 2.4.3-RELEASE (amd64). I can't get it working here either after a couple hours of poking at it on and off, it now looks like this is actually a Cloudflare issue: https://community.cloudflare.com/t/1-1-1-1-was-working-but-not-anymore/15136/4 "Thanks for the report! This is going to