On Jan 13, 2012, at 9:58 AM, newsgroups.ma...@stefanbaur.de wrote:
> Hi List,
>
> is there any particular reason why the user manager only accepts ssh-rsa keys
> instead of both ssh-rsa and ssh-dss?
I pasted a ssh-dss key into the "Authorized Keys" area for a user in the User
Manager and it w
On Apr 4, 2012, at 10:25 AM, David Miller wrote:
> Dyn.com's free service has been working well for me for years.
> --
> David
>
> On Wed, Apr 4, 2012 at 9:16 AM, Gavin Will wrote:
> Hi there,
>
> Can people please give me their experience / recommendations with regards to
> a 3rd party DynDNS
I am running pfSense 2.0.1-RELEASE (i386). To cut a long story short, recently
I changed the "Frequency Probe" setting under the Advanced section of System:
Gateways: Edit gateway and subsequently had all kinds of trouble as a result.
The main observed annoying phenomenon was that remote SSH c
On Sep 14, 2012, at 11:27 AM, Ian Bowers wrote:
> Whoever hosts the instructions. they open themselves up for cease and desist
> letters and potentially litigation.
>
> Not trying to be a wet blanket, just saying... in the open source community
> we have to be careful and respectful of lice
I have a problem with an IPsec VPN setup in pfSense 2.0.2 that I wonder if
anyone can help me solve.
I am trying to set up a pfSense IPsec VPN for mobile clients. The clients will
be using the built-in "Cisco IPSec" client in Mac OS X 10.7 and 10.8 to
connect. I have assigned the Virtual Addr
I have been bashing my head against a wall trying to get Mobile IPSec (Mutual
PSK + Xauth) working on pfSense 2.0.2. As I've reported previously here, I can
only get traffic to flow in both directions if I set "NAT Traversal" to "Force"
instead of "Enable" in the Phase 1 tunnel definition. Non
On Apr 17, 2013, at 10:18 AM, Moshe Katz wrote:
> On Wed, Apr 17, 2013 at 8:39 AM, Cristian Ionescu-Idbohrn
> wrote:
> On Wed, 17 Apr 2013, Moshe Katz wrote:
> >
> > Did you reboot the machine after you changed the time zone? As I
> > understand it, many system components don't see the change
I'm running pfSense 2.0.3-RELEASE (i386) on a Dell 2650 rack-mount server. I'm
using the built-in Broadcom gigabit ethernet NICs for WAN and LAN:
bge0: mem
0xfca1-0xfca1 irq 28 at device 6.0 on pci4
miibus0: on bge0
brgphy0: PHY 1 on miibus0
brgphy0: 10baseT, 10baseT-FDX, 100baseTX,
On May 13, 2013, at 10:40 AM, Giles Coochey wrote:
> On 13/05/2013 15:07, Paul Mather wrote:
>>
>> bge0: watchdog timeout -- resetting
>> bge0: link state changed to DOWN
>> bge0: link state changed to UP
>> bge0: watchdog timeout -- resetting
>> bge0: l
On Oct 10, 2013, at 9:08 AM, Giles Coochey wrote:
> On 10/10/2013 13:55, Ian Bowers wrote:
>> On Thu, Oct 10, 2013 at 8:17 AM, Alexandre Paradis
>> wrote:
>> indeed, i vote to continue. Because you don't mind being overlooked by NSA
>> doesn't mean everybody don't care.
>>
>>
>>
>>
>> On T
On Oct 10, 2013, at 10:13 AM, Thinker Rix wrote:
> On 2013-10-10 16:52, Paul Mather wrote:
>> On Oct 10, 2013, at 9:08 AM, Giles Coochey wrote:
>>
>>> *BLINK!*
>>>
>>> Incredible the way I am seeing the reaction to the initial question,
>>
On Oct 12, 2013, at 11:23 AM, Oliver Hansen wrote:
> On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix wrote:
> On 2013-10-09 19:38, Jim Thompson wrote:
> So asking the question is stupid
>
> On 2013-10-09 19:50, Jim Thompson wrote:
> IMO, this bullshit thread only serves to assist those asking the
On Nov 6, 2013, at 12:36 AM, Thinker Rix wrote:
> Hi all!
>
> I am planing to set up a new pfSense server with brand new hardware.
> The motherboards that I am thinking of have socket LGA1155 or LGA1150 and
> come with Intel C204 and C222 chipsets, respectively.
>
> The motherboard producer pr
On Nov 6, 2013, at 1:43 PM, Jim Thompson wrote:
>
> On Nov 6, 2013, at 8:06 AM, Thinker Rix wrote:
>
>> On 2013-11-06 15:29, Jim Thompson wrote:
On Nov 6, 2013, at 7:22, Vick Khera wrote:
pfSense lists the AES-NI as a supported option for crypto acceleration.
pfSense wi
On Apr 8, 2014, at 4:39 PM, Rainer Duffner wrote:
>
> Am 08.04.2014 um 21:04 schrieb Jim Thompson :
>
>>
>> Well, that’s the point, Paul. (You hit the nail on the head.)
>>
>> If you don’t have an openssl service exposed, the problem doesn’t affect you.
>>
>> Since normally the web GUI isn’
On Apr 8, 2014, at 3:04 PM, Jim Thompson wrote:
>
> Well, that’s the point, Paul. (You hit the nail on the head.)
>
> If you don’t have an openssl service exposed, the problem doesn’t affect you.
>
> Since normally the web GUI isn’t exposed to the WAN, the attack surface is
> minimised.
The
On Apr 8, 2014, at 9:35 PM, Paul Mather wrote:
> On Apr 8, 2014, at 3:04 PM, Jim Thompson wrote:
>
>>
>> Well, that’s the point, Paul. (You hit the nail on the head.)
>>
>> If you don’t have an openssl service exposed, the problem doesn’t affect you.
>>
On Apr 14, 2014, at 10:36 AM, Tim Nelson wrote:
> - Original Message -
>> I'll put here the amount of info that I can before my server's
>> security may be compromised.
>
>> I want to install pfsense to an server that's hosted by ProfitBrick
>> and using KVM as virtualization enviroment
On Apr 14, 2014, at 1:33 PM, compdoc wrote:
>> I found that I had problems with FreeBSD using pf + virtio under KVM
>
> Virtio in KVM works fine with pfSense, but you have to modify
> the/boot/loader.conf.local file to enable the drivers. And if you load the
> storage drivers, you have to modify
On Jun 10, 2014, at 5:37 PM, Stefan Baur wrote:
> Am 10.06.2014 22:52, schrieb Karsten Gorling:
>> * Stefan Baur [140610 17:59]:
>>> This works all fine and dandy as long as I'm not using virtio:
>>
>> I had the same Problem. Essentially the VirtIO Network Drivers of
>> FreeBSD are broken, you
On Jul 30, 2014, at 5:37 AM, Stefan Baur wrote:
> Hi list,
>
> I'm seeing the following warning on my pfsense 2.1.4-RELEASE (i386):
>
> ZFS WARNING: Recommended minimim kmem_size is 512MB; expect unstable
> behavior.
> Consider tuning vm.kmem_size and vm.kmem_size_max in /boot/loader.conf
>
>
At our organisation we have a central LDAP database that contains
administrative information. For Unix purposes, it's only useful for
PAM auth, as its schema does not contain the requisite Posix attributes
required by Unix accounts. Nevertheless, it is still very useful for
password authentic
all appliance that's basically a nanobsd setup at heart...
Cheers,
Paul.
> -lsf
>
> 30. juli 2014 21:44 skrev "Stefan Baur"
> følgende:
> Am 30.07.2014 um 16:43 schrieb Vick Khera:
> > On Wed, Jul 30, 2014 at 9:50 AM, Paul Mather
> > wrote:
> >>
fit on low-memory embedded hardware.
There are enough problems getting ARC to play nicely on high-memory
systems under memory pressure... :-)
> To OP; Set it to 640MB and be a happy camper.
>
Well, at least that will make that message go away, which seems to be
the main concern. :-)
C
On Jul 30, 2014, at 9:07 PM, Jim Thompson wrote:
>
>> On Jul 30, 2014, at 7:20 PM, Paul Mather wrote:
>>
>> Despite all that FreeBSD ZFS love, I still would not recommend it on
>> FreeBSD/i386-based installations (as the OP said he was using). It is
>> much
On Aug 19, 2014, at 5:19 PM, Paul Galati wrote:
> Anybody on the list using Mac OS X 10.6 or later and the built in Cisco IPSec
> Client connecting to pfSense with any reliability? I am having a heck of a
> time getting the expected result. I have a couple users that want to connect
> via IP
On Aug 22, 2014, at 11:38 AM, Paul Galati wrote:
> thanks for your reply. I have looked at that page already to verify my
> initial settings were correct, and they are. It is the final tweak that I am
> trying to locate. I just don’t understand why simply turning NAT-T on or off
> would com
On Jan 6, 2015, at 12:57 PM, Márcio Merlone wrote:
> Happy 2015 for all!
>
> I am planning to replace some Linksys boxes on remote offices with a virtual
> pfSense in the next months and was wondering what's recommended for a new
> install today: 32 or 64 bits? I ask considering what's best f
On Mar 9, 2015, at 8:08 AM, Espen Johansen wrote:
> Use IP alias if you are on 2.0+
> If you need redundancy (2xpfsense) use carp. All the other options are poor
> workarounds created when pfsense did not support true interface alias.
>
I usually use Proxy ARP for 1:1 NAT virtual IP aliases.
On Aug 19, 2015, at 1:32 AM, A Mohan Rao wrote:
>
> sorry not clear your point...!
I believe the point is that focusing on blocking port ranges like 6881-6889 is
horribly outdated with modern BitTorrent clients. :-)
Many BitTorrent clients will choose a random port on startup and then use
NAT
I recently started using "DNS Resolver" on my pfSense 2.2 system, which had
been previously using "DNS Forwarder." The pfSense install has a WAN network
and two local networks, LAN and INTERNAL. The INTERNAL network has two IP
aliases defined for it.
In DNS Resolver -> General Settings -> Net
On Nov 17, 2015, at 12:45 PM, Steve Yates wrote:
> Paul Mather wrote on Thu, Nov 12 2015 at 1:38 pm:
>
>> Unfortunately, with this configuration, unbound does not listen on the
>> IP aliases: it only listens on the primary IP addresses of LAN,
>> INTERNAL, and localhost.
On May 5, 2016, at 9:13 AM, Vick Khera wrote:
> On Tue, May 3, 2016 at 11:24 AM, Jeppe Øland wrote:
>
>> Does this update actually work?
>>
>> After hitting install and crunching for a while, it showed "firmware
>> installation failed!" at the top.
>>
>
> I just did the upgrade and it succee
ws it is at version 2.3_1 after the update. The only issue I encountered is
ntpd being stopped and having to start it manually.
Cheers,
Paul.
>
> Regards,
> -Jeppe
>
> On Thu, May 5, 2016 at 6:26 AM, Paul Mather wrote:
>
>> On May 5, 2016, at 9:13 AM, Vick K
On Aug 21, 2016, at 2:56 AM, Dave Warren wrote:
> On 2016-08-20 04:02, Jim Thompson wrote:
>>> On Aug 20, 2016, at 3:10 AM, Dave Warren wrote:
>>>
On 2016-08-03 08:43, Steve Yates wrote:
I'm being serious but what is your rationale for not using
pfSense's/NetGate's?
h
On Aug 21, 2016, at 4:03 PM, Bryan D. wrote:
> On 2016-Aug-21, at 5:50 AM, Paul Mather wrote:
>
>> Even on that page it's incorrect to say it "only" offers the XG-2758.
>> That's the only one they show in the main table on that page ...
>
> Ther
Does anyone know whether CAS or Shibboleth is supported as an authentication
method by pfSense 2.3.2? CAS is the preferred authentication method for Web
applications at our organisation and so it would be great if pfSense could use
it---at least with the WebGUI.
Is there anyone on the list usi
On Feb 21, 2017, at 11:30 AM, Ryan Coleman wrote:
> Not that we are anyone who would know anything about that…
The best thing to come out of this ugly spat, for me, is that I went to the
pfSense Twitter feed to see what all the fuss was about (I'm not on Twitter)
and discovered that pfSense 2
On Jun 30, 2017, at 10:11 AM, Nicola Ferrari (#554252)
wrote:
> On 30/06/2017 16:04, Eric Landry wrote:
>> You could always write a new boot0 to your disk. If you load a FreeBSD disc
>> and run the following command on your pfsense hard disk.
>>
>> fdisk -B -b /boot/boot0 device
>>
>> Where d
On Feb 6, 2018, at 10:03 AM, Roberto Carna wrote:
> Dear Alex, so there is no solution to the given problem ???
>
> I refer to install a CA private certificate in mobile devices and let
> them navigate and use applications through a transparent proxy without
> SSL errors...
It could be that th
On Feb 19, 2018, at 10:10 AM, Eero Volotinen wrote:
> Well. Does it require so much power, that I cannot run it on intel core2
> quad Q9400, 2.66Ghz processor (4 cores) ?
What a curious question. It does not require "so much power" but it does
require a minimum hardware spec, which that CPU w
On Mar 6, 2018, at 12:39 PM, Walter Parker wrote:
> On Mon, Mar 5, 2018 at 6:38 PM, Curtis Maurand wrote:
>
>> ZFS is a memory hog. you need 1 GB of RAM for each TB of disk.
>
>
> Curtis, can you provide some more details? I have been testing this for the
> last couple of weeks and ZFS does
A 10GBASE-T port became available to us in our server rack. The rack currently
has a 20-node Hadoop cluster, each node having dual Intel i350 1000BASE-T NICs.
The Hadoop nodes connect to an old HP 2910al-48G 48-port GbE switch that, in
turn, connects to an old Dell R310 server running pfSense
On Mar 27, 2018, at 8:10 PM, Moshe Katz wrote:
Many thanks for the information and advice. It is much appreciated.
> According to the specs that I found on HP's website, your HP switch does
> not support 10Gb, only 1Gb on its mini-GBIC ports. You will definitely need
> a new switch to take adva
On Mar 27, 2018, at 8:47 PM, Yehuda Katz wrote:
> I agree with everything my brother said except recommending the Uniquiti
> EdgeSwitch.
> We have seen a few instances of the EdgeSwitch locking up without any
> apparent reason (once we traced it to a thermal issue, but we couldn't find
> a cause
On Mar 29, 2018, at 11:12 AM, Moshe Katz wrote:
> On Wed, Mar 28, 2018 at 9:44 PM, Paul Mather
> wrote:
>
>> On Mar 27, 2018, at 8:10 PM, Moshe Katz wrote:
>>
>> Many thanks for the information and advice. It is much appreciated.
>
[[...]]
>> My mai
46 matches
Mail list logo
