Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-12 Thread Geoff Nordli

On 15-11-12 02:15 AM, Marco wrote:

On Wed, 11 Nov 2015 15:22:40 +
Espen Johansen  wrote:


I think you have to set up a radius server and assign ip based on the
user. That way they will be "static" and then add DNS entries to that
static IP.

I've never dealt with RADIUS. Seems like a bit like overkill to just
get the DNS working. But I'll read up what it takes to implement
RADIUS. Thanks for the response.




Not sure how many clients you are going to have, but Openvpn allows you 
to assign an IP address to a specific client.  Look at the ipp.txt file.


Geoff

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] Upgrading from 2.1.5 to 2.2 with postfix and mailscanner

2015-10-03 Thread Geoff Nordli

Hi.

Can I suggest we add a note to the upgrade guide: 
https://doc.pfsense.org/index.php/Upgrade_Guide


Unless I am mistaken, upgrading postfix and mailscanner from 2.1.5 is 
not possible because of the pbi configuration.  I needed to remove them 
and then use pkg to install them and then adjust the configuration.


My suggestion, is to basically say if you are running either of those 
packages, don't upgrade from 2.1.5.


Am I mistaken?

thanks,

Geoff


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Access Point Recommendations?

2015-07-20 Thread Geoff Nordli

On 15-07-20 01:19 PM, Vernon Fort wrote:

I have had several sites use the Ubiquiti Networks Unifi-ap-lr (long range).  
Run the software as a service on a DC or standard 2008/2012 server or even a 
windows 7 machine.  They work very well.  I've had zero issues with the 30 or 
so of these devices I have setup and installed with the exception of some wifi 
printers and older devices.  But I think the latest software and firmware had 
solved these issues.

Vernon



-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc
Sent: Monday, July 20, 2015 2:00 PM
To: 'pfSense Support and Discussion Mailing List'
Subject: Re: [pfSense] Access Point Recommendations?

A lot of good info in these posts, but no real hardware recommendations...




I have a site with the Unifi AP AC and it has been solid.

The only issue I had is the POE didn't work with our existing switches 
and I needed to actually use the POE adaptors they provided.


Geoff


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Road Warrior open vpn

2015-01-21 Thread Geoff Nordli

On 15-01-21 10:02 PM, A Mohan Rao wrote:

windows xp or windows 7 already do that *RUN AS ADMINISTRATOR*
*
*
*
*

On Wed, Jan 21, 2015 at 7:18 PM, Vittorio Milazzo 
vittorio.mila...@gmail.com mailto:vittorio.mila...@gmail.com wrote:


What is the OS on client? If it's windows, try to execute OpenVPN
client as administrator.

Il 21/gen/2015 11:31 A Mohan Rao mohanra...@gmail.com
mailto:mohanra...@gmail.com ha scritto:

Hello,

successfully configured Road Warrior OpenVpn also vpn client
is connected from remote area but not able to access server
end LAN or server's.


Thanks



Hi Mohan.

Can you actually see any traffic coming down the vpn link?

If you can log on to the ssh command line, then do a

tcpdump -n -i ovpns1

I assume your vpn interface is ovpns1.

If you get a lot of traffic, then filter based on the expected client ip 
address:


tcpdump -n -i ovpns1 host 10.0.8.22

Where 10.0.8.22 is the host of the client connecting.


Geoff

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] substantial packet loss on em interfaces (Superserver 5015A-EHF-D525)

2015-01-16 Thread Geoff Nordli

On 15-01-16 07:34 AM, Vick Khera wrote:


On Fri, Jan 16, 2015 at 3:35 AM, Tim Jansen tim...@byte-site.de 
mailto:tim...@byte-site.de wrote:


some SuperMicro systems (and yours as well) have an IPMI interface
running via the 1st onboard NIC, which means IPMI shares the phys.
NIC with the typically LAN configuration on OS level while the
IPMI interface is configured within the Bios.


This has caused issues for me too. If you have the IPMI interface 
enabled, make sure that the sharing mode for the ethernet port is 
suitable for your configuration. I personally always put the LAN 
interface on the shared port as that causes the fewest problems for 
me. I usually set the interfaces to share mode with the IPMI.


Hi Vick.

I think you are on to something there.  The part that really confused me 
is I have two of those servers.  One was working OK and the other was 
failing miserably.  It is quite possible the working server had the IPMI 
interface on the LAN port.


The intermittent failure was enough to drive me crazy!!

thanks,

Geoff




___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] substantial packet loss on em interfaces (Superserver 5015A-EHF-D525)

2015-01-15 Thread Geoff Nordli

On 15-01-15 11:13 PM, Chris Buechler wrote:

On Thu, Jan 15, 2015 at 6:56 PM, Geoff Nordli geo...@gnaa.net wrote:

Hi.

We have a Superserver 5015A-EHF-D525
(http://www.supermicro.com/products/system/1u/5015/sys-5015a-ehf-d525.cfm)
running  pfsense 2.1.5-RELEASE (amd64) with 2GB of RAM.

Which has this board in it:
http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE-HF-D525.cfm

In this chassis we also have a 4 port Intel NIC which shows up as igb
interfaces.

We were experiencing substantial packet loss when using the em interfaces,
but since we switched over to the igb interfaces things have been good.

I have both Hardware TCP Segmentation Offloading and Hardware Large Receive
Offloading disabled.

This is not a heavily used firewall.

Anyone else experiencing packet loss on the em interfaces.  Are there any
other settings I should look at?


My best guess with those symptoms, if it isn't a hardware problem, is
one or more of the affected NICs ending up on the same IRQ as a USB
controller or something else that's causing issues. Most of the time
that's no big deal, on occasion with certain systems with several NICs
it can cause packet loss or performance issues. If that's the case,
may find a BIOS update that fixes it, or may be able to muck with BIOS
settings to make it go away.




thanks Chris.

Anything visible I can see on the local machine -- without going to 
bios.  Doing a vmstat -i shows the msi interrupts being used for those 
controllers.


interrupt  total   rate
irq18: ehci0 uhci5 2  0
irq19: uhci2 uhci4+  2649947  6
cpu0: timer761654301   1992
irq256: igb0:que 0   9765149 25
irq257: igb0:que 1   2747978  7
irq258: igb0:que 2   2562344  6
irq259: igb0:que 3   2387427  6
irq260: igb0:link  2  0
irq261: igb1:que 0  13670253 35
irq262: igb1:que 1   7013567 18
irq263: igb1:que 2   7502120 19
irq264: igb1:que 3   4520889 11
irq265: igb1:link  2  0
irq266: igb2:que 0  17501710 45
irq267: igb2:que 1   8228974 21
irq268: igb2:que 2   6685269 17
irq269: igb2:que 3   5603615 14
irq270: igb2:link  2  0
irq279: em1:rx 0  233940  0
irq280: em1:tx 0  215119  0
irq281: em1:link  15  0
cpu1: timer761634299   1991
cpu2: timer761634319   1991
cpu3: timer761634321   1991
Total 3137845564   8206


I can definitely try a bios update next time I am close to the machine.

Geoff



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] substantial packet loss on em interfaces (Superserver 5015A-EHF-D525)

2015-01-15 Thread Geoff Nordli

Hi.

We have a Superserver 5015A-EHF-D525 
(http://www.supermicro.com/products/system/1u/5015/sys-5015a-ehf-d525.cfm) 
running  pfsense 2.1.5-RELEASE (amd64) with 2GB of RAM.


Which has this board in it: 
http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPE-HF-D525.cfm


In this chassis we also have a 4 port Intel NIC which shows up as igb 
interfaces.


We were experiencing substantial packet loss when using the em 
interfaces, but since we switched over to the igb interfaces things have 
been good.


I have both Hardware TCP Segmentation Offloading and Hardware Large 
Receive Offloading disabled.


This is not a heavily used firewall.

Anyone else experiencing packet loss on the em interfaces.  Are there 
any other settings I should look at?


It is possible it is a hardware failure, but I want to see what other 
experience is out there.


When looking at the network interface statistics, there are zero errors.


thanks,

Geoff


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold