[pfSense] strange ntpd behavior

Given two firewall servers, A (primary) and B (failover) both running ntpd service available to clients on the LAN. pfSense 2.2.1/amd64 on pfSense branded C2758. The following procedure more or less causes ntpd on B to become unstable: 1) on A, set CARP maintenance mode to make B answer all CARP

Re: [pfSense] 2.2.2-RELEASE Now Available

On Wed, Apr 15, 2015 at 6:50 PM, Bob Gustafson wrote: > Today - except for the initial clicks, the process was totally automatic > > 14:21 Started uploading new version > 14:36 logging started on new version (?) > 14:37 started reinstalling package Asterisk > 15:18 completed reinstalling pack

Re: [pfSense] CARP - Communication between Master and Slave over which NIC?

Your mixing two separate things. The SYNC is the firewall configuration and states synchronization between the two machines. CARP sends special "i'm alive" packets on the same NIC for which it is configured. That's the only way to tell if the other server's connection to this network is alive. It

Re: [pfSense] WRAP and pfsense

On Tue, Jun 9, 2015 at 12:37 AM, Cheyenne Deal wrote: > I know that wrap boards are not supported on pfsense but I was wondering if > anyone know if a way of installing a os on it and getting it to be a vpn > end point. > There are instructions hiding somewhere online for hacking the boot code o

Re: [pfSense] WRAP and pfsense

On Tue, Jun 9, 2015 at 9:12 AM, Jim Pingle wrote: > Between that and the age of the hardware, I'd not trust them in the wild > at this point for that role. The WRAP went EOL in 2007, and the ALIX > isn't far off. The newest WRAP would still be 8 years old. > > To this point, I have some retired A

Re: [pfSense] Improving OpenVPN performance

On Wed, Jul 1, 2015 at 10:40 AM, Jon Gerdes wrote: > Your first job is to establish a real baseline. That is: How fast can > you really move data between the two sites without any tunnels? You may > have to be creative with NATting and other tricks to get a system at > each end to see the other

[pfSense] iphone roaming client stopped routing

For years I've had the iPhone roaming client IPSec configuration (using the Cisco IPSec built-in client for iPhone). It has always worked great. I set it up using the instructions on the pfSense forums. With pfSense 2.2.3, the iPhone connects to the pfSense firewall to negotiate the VPN. The statu

Re: [pfSense] Loading pfSense on Netgate 1U rack mount server c2758

Are you trying to put the CD ISO image on the USB stick? That doesn't work. You have to use the memstick image. This is not like some linux distros where you use the CD image like this. On Thu, Jul 2, 2015 at 2:31 PM, Paul Upson wrote: > I recently purchased this device and am now trying to loa

Re: [pfSense] Issues with IPsec and 2.2.3

On Sun, Jul 5, 2015 at 12:03 PM, Ryan Coleman wrote: > Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to > negotiate on a previously-functioning IPsec configuration. Only change I > can determine right now is the updated OS of the firewall to CURRENT. > I had the issue with

Re: [pfSense] iphone roaming client stopped routing

On Wed, Jul 1, 2015 at 12:25 PM, Vick Khera wrote: > With pfSense 2.2.3, the iPhone connects to the pfSense firewall to > negotiate the VPN. The status seems to be normal and as far as I can tell > all the IPSec bits are in order. Nothing unexpected in the logs. SAD and > SPD loo

Re: [pfSense] IPSEC Tunnel with NAT not working under 2.2.3

On Tue, Jul 7, 2015 at 8:39 AM, compdoc wrote: > The same thing happened to me. I had to change the Encryption algorithm > from > AES256 to 3DES to get it to work. > Another option is to disable the AES-NI hardware acceleration in 2.2.3. ___ pfSense ma

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

On Sun, Jul 26, 2015 at 10:31 PM, Ryan Coleman wrote: > I have an issue with Qualy’s: They ding my certification because I have > domain.com > > > > on it and not www.domain.com > > > > (multi-site cert). > > That’s not a reason to lower a score on

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

On Tue, Jul 28, 2015 at 4:12 PM, Moshe Katz wrote: > Again, I agree with you that this shouldn't affect your score. I am > simply explaining why they do it. > based on this explanation, i agree. there's no reason for them to demand your certificate also signs any other domain name as long as i

Re: [pfSense] Problem with load vpn status

On Wed, Jul 29, 2015 at 10:24 AM, Edward Josette Ortega Salas < edward.jose...@gmail.com> wrote: > Status -> Ipsec, i have between 15 and 20min delay for show the > information. > How long do these commands take to run on the command line: setkey -D setkey -DP If these are quick, I'd suspect t

Re: [pfSense] Problem with load vpn status

On Wed, Jul 29, 2015 at 3:18 PM, Edward Josette Ortega Salas < edward.jose...@gmail.com> wrote: > Yes, it was quick: > > - For setkey -D its took: 0.253u 0.276s 0:31.37 1.6% 93+178k 0+0io 0pf+0w > - And for setkey -DP: 0.017u 0.008s 0:00.02 50.0% 204+408k 0+0io 0pf+0w > > > And.. we are talkin

Re: [pfSense] Connect pfSense as client to a Hotel WLAN?

On Thu, Jul 30, 2015 at 4:10 AM, Seth Mos wrote: > The current crown goes to the Dlink DIR510L which is a dual band travel > router with dual radios (dual band) and a 4Ah battery for charging > The DLink DIR505 has been in my travel bag for a few years. It makes life very easy when traveling. I

Re: [pfSense] Problem with load vpn status

thing is > that.. that happen it just with ipsecc status bar, the rest work just fine. > > Thanks again > > 2015-07-30 10:25 GMT-04:30 Vick Khera : > > > On Wed, Jul 29, 2015 at 3:18 PM, Edward Josette Ortega Salas < > > edward.jose...@gmail.com> wrote: > >

Re: [pfSense] pfSense no access to web configurator from internal network

On Thu, Aug 6, 2015 at 1:12 PM, Alfredo Tapia Sabogal < alfred.ta...@gmail.com> wrote: > internal network (LAN) em1 far as I did well, but I have some problems with > my IP's range of IP's from my provider are 192.168.0.1 (router) in the > PFSENSE I assigned the network card for the WAN 192.168.0.

Re: [pfSense] pfSense no access to web configurator from internal network

On Sat, Aug 8, 2015 at 5:01 AM, Alfredo Tapia Sabogal < alfred.ta...@gmail.com> wrote: > Vick, Thank you for your prompt response, i change my LAN IP address to > 192.168.1.40/24 and the WAN to 192.168.0.10 /24 so when I go to the > internet > explorer and I wrote the LAN ip address or I ping told

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client, and HE.net service types

On Mon, Sep 7, 2015 at 2:37 PM, David Christensen wrote: > Do they refer to Hurricane Electric (he.net > > )? > yes. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

On Mon, Sep 7, 2015 at 9:24 PM, Ryan Coleman wrote: > How do you get this to function with Dyn.com (formerly DynDNS.com < > http://dyndns.com/ > > >)? I have the paid domain and I’ve gotten CenturyLink DSL modems to > negotiate the IP without issue before but I cannot seem to figure out the > con

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

On Tue, Sep 8, 2015 at 8:14 AM, Chris Bagnall wrote: > Would you be willing to share your RFC2136/bind9 config? > Here's a copy of my notes: Dynamic DNS Update <http://projects/confluence/display/INF/Dynamic+DNS+Update> - Created by Vick Khera <http://projects/confl

Re: [pfSense] client VPN on IOS

On Tue, Sep 15, 2015 at 9:18 AM, Ray Bagby wrote: > Anyone have any luck connecting iphone via VPN? > Yes, with the built-in Cisco VPN client. Works great unless you have pfSense 2.2.3 (older and newer work ok) ___ pfSense mailing list https://list

Re: [pfSense] pfSense IP stack crashing.

On Wed, Oct 7, 2015 at 8:20 AM, Bryant Zimmerman wrote: > Any ideas would be appreciated. This units has been stable for 3 years > only rebooted when upgrades occur. This is so out of character for this box > and I need to figure this out ASAP. > I will vote hardware failure, possibly intermitt

Re: [pfSense] github.com/google/google-authenticator/ on pfSense 2.2x

The freebsd port for GA works great. I've only ever used it for SSH logins when no public key is used, and only on FreeBSD servers (not pfSense). The only files you really need from the package are /usr/local/bin/google-authenticator /usr/local/lib/pam_google_authenticator.so The configuration f

Re: [pfSense] github.com/google/google-authenticator/ on pfSense 2.2x

I haven't tried it but pfSense uses the exact same pam login process. So chance are pretty much as high as possible of it working. On Thu, Oct 15, 2015 at 9:48 AM, Ryan Coleman wrote: > So… you don’t know how well it will work in pfSense, then. > > > > On Oct 14, 2015, at

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

On Wed, Nov 11, 2015 at 2:46 AM, Marco wrote: > How to access the mobile hosts via the same hostname regardless if > they are connected to the LAN or VPN? > Via some form of dynamic DNS perhaps? It seems it should be possible to have the openvpn client run some script that will register its curr

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote: > > Setting up BIND 9 to manage a dynamic zone is not very difficult. > > Do I need an additional BIND instance besides the unbound that's > already running on the pfSense box? > unbound != bind. I do not know anything about setting up dynamic zones

Re: [pfSense] Best automated configuration backup options for 2.1.5?

Here's my config file backup script bits for pfSense: curl -k -c ${COOKIEFILE} -d "login=Login&usernamefld=admin&passwordfld=$FWPASS" https://${FWHOST}/diag_backup.php curl -k -b ${COOKIEFILE} -d "Submit=download&donotbackuprrd=checked" -o config-${FWHOST}.xml https://${FWHOST}/diag_backup.php wh

Re: [pfSense] Maximum number of established connections per host questions

On Tue, Feb 2, 2016 at 4:28 PM, Ugo Bellavance wrote: > I think that when an IP address hits the limit, the packets are dropped by > the default rule, right? > Yes, this is what I observe. I use this technique (max connections per time) to throttle SSH connections to the few hosts that I allow p

Re: [pfSense] PFSense for high-bandwith environments

On Tue, Feb 23, 2016 at 9:01 PM, Jim Thompson wrote: > Fun fact, this ’Netflix’ success is using the AES-GCM code that Netgate > co-developed with the FreeBSD Foundation for use with IPsec. > > https://lists.freebsd.org/pipermail/freebsd-security/2014-November/008029.html > > > > Fun fact #2, a f

Re: [pfSense] APinger times wrong after a few hours

On Wed, Feb 24, 2016 at 8:28 PM, Jim Thompson wrote: > Apinger is… not very good. > > This is why we’ve gone to dpinger in pfSense software v2.3 Yay. I'll be glad to not have that PoS software being critical to my infrastructure. ___ pfSense mailing l

[pfSense] cannot backup one device

I have 5 pfSense devices: one at my home office, and two set up in pairs at my data center and main office respectively. The data center are running stock pfSense on beefy hardware; the others are all Netgate units running Netgate pfSense. Since the most recent update added CSRF checking, I update

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers wrote: > I just performed a clean install of 2.3 on an AMD64 PC. Everything is fine, > Was your prior install 32-bit? When you switch/upgrade from 32 to 64 bit the RRD graphs break. ___ pfSense mailing list h

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

oh never mind. i first read you did an upgrade. that is a weird symptom... On Thu, Apr 21, 2016 at 8:21 AM, Vick Khera wrote: > > On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers wrote: > >> I just performed a clean install of 2.3 on an AMD64 PC. Everything is >> fine, >>

Re: [pfSense] NTP Drift file not retained (NanoBSD) and "clipping" of

On Fri, Apr 22, 2016 at 5:10 PM, Karl Fife wrote: > Obviously not retained in the case of an abend, but notably ALSO not > retained during a normal reboot. Is there a strategic reason this hard-won > calibration is not retained? I agree this should be preserved the same way the RRD files and D

Re: [pfSense] Site to Site VPN behind nat

On Sun, May 1, 2016 at 8:18 PM, Dane Reugger wrote: > I've seen this done with Aruba but not sure it's possible with PfSense but > if it is I would love a guide to get it going. > Use OpenVPN. It doesn't care at all about the NAT. Many guides online for setting up whole network VPN over OpenVPN.

Re: [pfSense] 2.3_1 ?

On Tue, May 3, 2016 at 11:24 AM, Jeppe Øland wrote: > Does this update actually work? > > After hitting install and crunching for a while, it showed "firmware > installation failed!" at the top. > I just did the upgrade and it succeeded. However, ntpd was not restarted on either of the two syste

Re: [pfSense] 2.3_1 ?

On Thu, May 5, 2016 at 9:47 AM, Jeppe Øland wrote: > This install is running a 4G NANO image ... maybe there's a problem with > that? > I just did the update on a nano image system (netgate, not vanilla pfsense) and had success other than having to manually restart ntpd.

Re: [pfSense] 2.3_1 ?

On Thu, May 5, 2016 at 3:05 PM, Jim Thompson wrote: > it’s documented that you need to (re)start NTP manually. > Where would one learn this? The update page doesn't say anything about "after applying this update, do XYZ". That would be the ideal place, IMO. __

Re: [pfSense] Aggregated WAN traffic

On Tue, May 10, 2016 at 9:45 AM, Randy Morgan wrote: > Having said that there is some question in my mind as to how this actually > works. Some of what I read indicates that the aggregation actually causes > the LAGG port to, effectively, operate on QOS functionality, meaning that > it cycles be

Re: [pfSense] 2.2.6 HA to 2.3 Upgrade Advice

On Tue, May 10, 2016 at 4:55 PM, Mike Montgomery wrote: > I have two servers, setup in high availability that are currently running > 2.2.6. I have been running 2.3 at home and my test servers and am ready to > upgrade the office to 2.3 as well. I have been reading several upgrade > guides, as

Re: [pfSense] Unbound connections: excessive???

On Sun, May 22, 2016 at 8:26 PM, Bryan D. wrote: > Is it normal to have this kind of increase in the number of UDP DNS-port > states when moving to unbound with this kind of configuration? > One would expect that a dns resolver would have to communicate with hundreds if not thousands of other ho

Re: [pfSense] IPSec nat issue

On Wed, May 25, 2016 at 8:54 PM, Lyle wrote: > The other end has a conflict with our LAN addressing(192.168.1.0/24). So > in phase 2, we setup a Tunnel IPv4 using 193.168.1.0/24 > > for the local Network. NAT/BINAT network of 192.168.85.0/24. Their > remote network is 192.168.75.0/24. > So if

Re: [pfSense] FreeBSD on uFW

What is a uFW? Google is not my friend (keeps finding some stupid firewall package for linux) and I see nothing on the netgate storefront that seems to be it. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project wit

Re: [pfSense] FreeBSD on uFW

On Wed, Jun 1, 2016 at 4:54 PM, Jim Thompson wrote: > Vick, no, it’s not in the Netgate storefront (yet). There are a handful > of boards in the world. This one is on my desk at home. > https://twitter.com/gonzopancho/status/738098254890471424 > > > > Cool. I found the original twitter thread t

Re: [pfSense] FreeBSD on uFW

On Wed, Jun 1, 2016 at 5:58 PM, Jim Thompson wrote: > you prefer ‘m1cr0Wall’, perhaps? > I'm totally the wrong person to brand a product. > > Netgate used to have a m1n1wall product (which shipped with m0n0wall at > first, then pfSense). > I remember that... __

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

On Tue, Jun 7, 2016 at 3:03 PM, David White wrote: > I know that this can be done, but I've never actually done it. Are there > some good resources I can review, besides > https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site > > ? For branch offices, > If you can manage it, and the remotes are

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

On Wed, Jun 8, 2016 at 6:31 AM, David White wrote: > I didn't think I would have to setup a new server / port for each remote > office. I thought that, with the SSL/TLS setup, I could have a single > server and configure it so that clients can see & interact with each other. > When you configure

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

On Wed, Jun 8, 2016 at 2:41 PM, Jeremy Bennett wrote: > If you won't have mobile users, IPSec could be a viable option. > iPhone mobile VPN works great with IPSec, no additional software needed. It is all built in. Do not know about Android. ___ pfSens

Re: [pfSense] 502 Bad Gateway

On Thu, Jul 7, 2016 at 2:16 PM, Bill Arlofski wrote: > I guess I will remove it the next time this happens and see if there is any > change. > It seems to me you should remove it *before* to see if you avoid it happening. ___ pfSense mailing list https

[pfSense] IPv6 being used for NTP even though IPv6 is not configured

According to the System/Advanced/Networking page, there is an option to prefer IPv4. However, it says this: "if IPv6 is configured and a hostname resolves IPv6 and IPv4 addresses, IPv6 will be used." I do not have IPv6 configured -- all my interfaces are statically configured. The only IPv6 I see

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

On Fri, Jul 29, 2016 at 10:37 PM, Ryan Coleman wrote: > So does this effect APUs running the AMD64 architecture? I updated from 2.3.1 to 2.3.2 the APU at my home office with zero problems. It just took a good long time to clone the boot slice before updating, which also took a long time. The actu

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

On Sat, Jul 30, 2016 at 12:19 AM, Jim Thompson wrote: > As a reminder, pfSense 2.4 will not support i386, and will not support the > 'nano' image. Does this imply that we will need to do a full re-install on our Netgate APU's or will there be a clean self-upgrade process?

Re: [pfSense] looking for perfect pfsense box for home?

My home office is protected by a Netgate APU box (which it seems they have replaced with some other device at the low end now). It is a little pricey, but they offer great support and it supports the project in the best way. On Wed, Aug 3, 2016 at 3:37 AM, Eero Volotinen wrote: > Any ideas where

Re: [pfSense] Export user account/password issue

On Wed, Sep 14, 2016 at 10:44 AM, Satish Patel wrote: > How do i convert old style password to new FreeBSD style password in > master.passwd file? is it possible with pwd_mkdb? You cannot; they are one-way hashes. The first part of the resulting string identifies which hash method was used. I fo

[pfSense] shaper questions

I'm reading over the shaper guide at https://doc.pfsense.org/index.php/Traffic_Shaping_Guide and I find I still have some confusion. The document seems to be in need of some updating. There are no definitions of what the scheduler types FAIRQ and CODELQ are not defined. What would be their use cas

[pfSense] shaper wizard LAN queues

Is there a reason the traffic shaper makes queues on the LAN? None of the firewall rules it makes references the LAN queues. Is it just for my future use convenience? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the pro

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle wrote: > On 09/30/2016 11:53 AM, Steve Yates wrote: >> >> So you could keep your list somewhere else on a web server. > > > This is what I do. > > And I grab the list from > > http://www.wizcrafts.net/chinese-iptables-blocklist.html > > Once a month >

[pfSense] dpinger data collection

I'm trying to trace how the data gets from dpinger into the RRD file and ultimately into the UI. I see dpinger is writing to a socket, but I cannot for the life of me find what process is reading that socket and writing to the RRD file. How does that happen? My ultimate goal is to see if I can c

Re: [pfSense] Lightning strike

On Thu, Oct 13, 2016 at 6:25 PM, Walter Parker wrote: > Problem is that all of the current OS do this sort of renumbering (I'd have > to check, but I think it could be a hardware/driver issue). IIRC Linux > systems have had this sort of problem in even greater measure than the > BSDs. The plug and

Re: [pfSense] Diagnosing System lag

You get that same lag from all devices? I agree you should investigate the wires and switches. Try wiring your computer directly to the LAN port on the APU and see if you get any delays. On Sat, Oct 22, 2016 at 2:41 PM, Ryan Coleman wrote: > I had in the past.. but I’ll admit right now… I’m not

Re: [pfSense] Diagnosing System lag

On Sun, Oct 23, 2016 at 1:38 PM, Ryan Coleman wrote: > Why? 57,265 pings sent. 57,625 pings received. If you get more pings than you send, someone thinks they're you. Find out who is sharing the IP and fix that. ___ pfSense mailing list https://lists.pf

Re: [pfSense] pfsense default firewall configuration

On Tue, Nov 15, 2016 at 3:17 AM, user49b wrote: > I have heavily modified my IPcop configuration and just wanted to know if > pfSesnse's default firewall configuration is good enough. The default is deny everything inbound, and allow everything outbound. Nobody can say what's "good enough" for yo

Re: [pfSense] pfsense + carp + ha

I use commodity x86 (64-bit) hardware. I tend to make my pairs identical, so I know the backup can handle the load if the primary keels over. There's no hard requirement for that, though. On Tue, Nov 15, 2016 at 3:19 PM, Eero Volotinen wrote: > Hi List, > > What are requirements for pfsense ha c

Re: [pfSense] Aliases grouping

On Wed, Dec 7, 2016 at 2:56 PM, Luc Paulin wrote: > For curiosity how do you manage the aliases naming ? Do you have some sort > on naming convention depending of the aliases is an IP/Host/Network and or > if it's and aliase of aliases ? > I tend to use names like "DeveloperHosts" and "Webserve

[pfSense] system CA certificate generator change

I just made a new certificate using my own CA with the UI in pfsense 2.3.2-p1 for one of my firewalls. It appears that how it is generated does not allow Chrome or Firefox to recognize it by the CN, only the aliases. A certificate I generated using the UI in 2014 does however, work with the aliase

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Wed, Jan 25, 2017 at 1:10 PM, Karl Fife wrote: > pfsense 2.2.6 was running without issue on our Supermicro A1SRi-2758F > rangeley board (Intel Atom C2758) > Are you sure you didn't hard-code them before in the system tunables section under 2.2? On my C2758 system (exact same motherboard) runn

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Wed, Jan 25, 2017 at 4:01 PM, Karl Fife wrote: > I recently did a virgin install of 2.3.2 nano on an older atom (a Soekris > 6501), and found there were no tunables for kern.ipc.nmbclusters nor > kern.ipc.nmbufs. Maybe it's a nano/full-install difference?I would > think most people runnin

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Thu, Jan 26, 2017 at 12:17 PM, Karl Fife wrote: > Would you mind sharing a snapshot of your Rangeley-optimized tunables? > > IIRC there are un-editable tunables that show on your tunables page that > are not called out in the XML config. > > Thanks Vick > > This is the /boot/loader.conf from o

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Thu, Jan 26, 2017 at 3:12 PM, Vick Khera wrote: > ahci_load="YES" > Indeed, this line is leftover from olden days. This is not necessary anymore with the FreeBSD 10.x kernel. ___ pfSense mailing list https://lists.pfsense.org/mailm

Re: [pfSense] Documentation about acme

On Thu, Feb 16, 2017 at 5:12 PM, Travis Hansen wrote: > The certs should show up in System -> Cert Manager -> Certificates > If DNS works for you great, otherwise you may be interested in the > following links for integration with haproxy (at least haproxy running on > pfSense): > There is no ot

Re: [pfSense] Running newer then released?

What number exactly are you fretting about? As of Feb 16, FreeBSD 10.3-p16 was current, and pfsense 2.3.3 was and is still current. On Fri, Mar 3, 2017 at 9:07 AM, Stephen Shkardoon wrote: > The issue is that the message displayed is, exactly: > ``` > 2.3.3-RELEASE (amd64) > built on Thu Feb 1

Re: [pfSense] Running newer then released?

> version as the official release? > > On Sat, Mar 4, 2017 at 3:10 AM, Vick Khera wrote: > > > What number exactly are you fretting about? > > > > As of Feb 16, FreeBSD 10.3-p16 was current, and pfsense 2.3.3 was and is > > still current. > >

Re: [pfSense] SIP through IKEv2-tunnel

You only need siproxyd if you have multiple SIP clients inside your network trying to talk outside. SIP should work just fine in your situation where your PBX software and your client are within the same VPN and do not block any traffic. That is, I have a situation like this and it works just fin

Re: [pfSense] looking for silent and powerful pfsense hardware

On Tue, Mar 28, 2017 at 2:59 AM, Eero Volotinen wrote: > Looking for pfsense hardware that can handle 1000M/1000M internet > connection with NAT. > I would recommend at least a Xeon processor base system for that traffic. Really, the limit is PPS; do you know what that would be? Any system using

Re: [pfSense] looking for silent and powerful pfsense hardware

On Tue, Mar 28, 2017 at 9:00 AM, Eero Volotinen wrote: > Well, I don't know PPS values :) This is just home gigabit connection for > .. surfing/movies/4K streaming :) > Oh, well I don't think you'll need much more than one of the models Netgate sells, then, aside from their lowest end offering.

Re: [pfSense] looking for silent and powerful pfsense hardware

On Tue, Mar 28, 2017 at 12:50 PM, Matthew Hall wrote: > > The only silent systems I have are based on the Atom C2758 processor, > and I > > do not think those will handle a full gigabit connection at full speed. > > This isn't right, the SG-2440 can do it. > I stand corrected. Thanks for the add

Re: [pfSense] RFC2136 Dynamic DNS doesn't update when the "Public IP" option is set

On Thu, May 11, 2017 at 1:06 AM, Julian Heisz wrote: > This appears to be an issue with pfSense, however the wiki suggests that I > use the forum or mailing list before submitting a ticket in Redmine. Of > "works for me". My DNS server runs BIND 9. My pfSense sits behind a NAT from the FiOS rout

Re: [pfSense] Wifi

1. Assign a static IP for the device to control via the DHCP server. Force the device to re-fetch its IP so it can get this new dedicated address. 2. create a schedule entry in the Firewall -> Schedules configuration. For example, 4pm - 8pm Sunday through Thursday (I call this "school afternoons").

Re: [pfSense] RFC2136 Dynamic DNS doesn't update when the "Public IP" option is set

On Thu, May 11, 2017 at 3:40 PM, Julian Heisz wrote: > Are you using the default public IP finder (forget the specific term > pfSense uses and not in a position to check at the moment) or do you have a > custom one set up? I have a custom one set up, which works for other DDNS > but may for some

Re: [pfSense] IPv6 1:1 NAT problems

Is NAT even a thing with IPv6? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPv6 1:1 NAT problems

s one of the specific use cases for Network Prefix > Translation. (I don't have the RFC handy, sorry.) > -Adam > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick > > Khera > > Sent: August 2, 2017 21:20 > > To:

Re: [pfSense] pfSense 2.4 with ZFS, will it solve corrupt systems

On Sat, Aug 5, 2017 at 9:07 AM, Jim Pingle wrote: > On 8/5/2017 8:59 AM, Arthur Wiebe wrote: > > This is more out of curiosity to verify that I'm correct, with pfSense > 2.4 > > using ZFS will that solve the issue where an SG appliance will stop > booting > > because of a corrupt filesystem and r

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

There are wide-spread reports of ASRock C2750D4I board failures in the FreeNAS forums. I've suffered from it. Not sure if that applies to the board you are considering. There are also wide-spread reports of issues with the Supermicro board you are considering. I have 4 of these in service for 3+ y

Re: [pfSense] pfSense 2.4 consistently crashes daily

On Mon, Nov 20, 2017 at 7:36 AM, Liwei wrote: > > Anyone has any idea what's going on? Restoring to pfSense 2.3 seems to > solve this problem, so it is more likely a software than hardware issue. > > What's your hardware? Have you tested your RAM using memtest86? _

Re: [pfSense] pfSense 2.4 consistently crashes daily

pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 12 (irq267: vmx0) > > On Mon, 20 Nov 2017 at 20:55 Vick Khera wrote: > > > On Mon, Nov 20, 2017 at 7:36 AM, Liwei wrote: > > > > > > > > Anyo

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

If you're going to use IPSec mobile client with an iPhone, it does not seem to propose the GCM variants of AES, only the CBC ones with SHA2. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pf

Re: [pfSense] ZFS on 2.4.2

You don't need to export the pool on shutdown. Even an unclean shutdown should survive automatically on the reboot. I can't think of a reason ZFS would fail like you describe. On Wed, Feb 21, 2018 at 12:23 PM, Walter Parker wrote: > Hi, > > I have 2.4.2 installed on an SG-2220 from Netgate [nic

Re: [pfSense] ZFS on 2.4.2

Here's my simple backup script function. Just stick it into a /bin/sh script (should work in bash too) and call it once per pfSense instance. I've been using this for years to backup my production firewalls. pfsense_config() { local FWNAME FWURL FWPASS CSRF CSRF2 COOKIEFILE PFDATE FWNAME="

Re: [pfSense] ZFS on 2.4.2

On Tue, Mar 6, 2018 at 6:51 PM, Peder Rovelstad wrote: > Here's a ZFS tuning guide if you have not seen. > https://wiki.freebsd.org/ZFSTuningGuide > > But only goes to v9. > You 100% do not want nor need to turn on de-dupe. Especially on a boot volume of pfSense.

Re: [pfSense] ZFS on 2.4.2

On Wed, Mar 7, 2018 at 2:04 PM, Walter Parker wrote: > without ECC. If there is a time bomb, then it exists for all file systems > running on computers without ECC. As this one of multiple backups for the > system, the risks are acceptable. > > If you have an actual failure method that makes ZFS

Re: [pfSense] ZFS on 2.4.2

On Wed, Mar 7, 2018 at 8:18 PM, Walter Parker wrote: > don't use ECC. Can anyone show why my solution should switch file systems > (given that I'm keeping my existing hardware) without changing the subject? > I've read many of the scare stories from FreeNAS and they all seem to end > up as a call

Re: [pfSense] ZFS on 2.4.2

On Thu, Mar 8, 2018 at 11:10 AM, Zandr Milewski wrote: > As someone who has spent easily 100 hours troubleshooting, rebuilding, and > restoring UFS based Netgate boxes that have to function in environments > with less-that-datacenter grade power availability, I'll take "potential > corruption in

Re: [pfSense] ZFS on 2.4.2

On Thu, Mar 8, 2018 at 3:00 PM, Walter Parker wrote: > Are the FreeBSD 10.2 instructions ( > https://www.netgate.com/docs/platforms/rcc-dff-2220/freebsd.html) still > valid for 11.1? > > >- Connect the console cable (I have that setup) >- Boot from from a memstick image plugged into the U

Re: [pfSense] Host override without host part

On Thu, Apr 12, 2018 at 4:03 AM, Marco wrote: > Hi, > > I need assistance setting up a host override. I successfully set up > a host override for the www host: > > # Services → DNS → Resolver → General Settings → Host Overrides > # works fine > www.foobar.com → 10.0.10.10 > > However, I al

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

I just did the upgrade from the console from 2.4.3 to 2.4.3_1 with no problems in the upgrade. I run on an official pfSense brand C2758 device. On Tue, May 15, 2018 at 11:28 PM, John Kline wrote: > Many of us a e seeing this. > See:https://forum.pfsense.org/index.php?topic=147853.0 > > > > > On

[pfSense] boot/loader.conf.local deleted upon reboot

I run pfSense on an official pfSense branded C2758 system. It has a BMC controller that permits me to use a serial over LAN to COM2. In order to make the system console connect to COM2, the following line needs to be added to loader.conf or loader.conf.local: comconsole_port="0x2F8" in addition t

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

On Wed, May 16, 2018 at 10:50 AM, WebDawg wrote: > I upgrade via the console now. Not to say that the GUI is broken, but > I must have been a victim of when it was. I have seen what kpa is > talking about in that forum thread too. It is why I always ssh in and > update from console. > Wow. I

Re: [pfSense] boot/loader.conf.local deleted upon reboot

On Wed, May 16, 2018 at 2:03 PM, PiBa wrote: > Looks like everything that has the word 'console' in there gets deleted > from loader.conf.local.. > > I suppose the 'platform' is not one of these.?: > if ($specific_platform['name'] == 'RCC-VE' || > $specific_platform['name'] == 'RCC' |

<    1   2   3   4   >