Re: [pfSense] IPSec log comments

2016-07-28 Thread Chris Buechler
On Thu, Jul 28, 2016 at 11:19 AM, Paul Galati wrote: > I noted installed packages > I backed up my configuration xml, 2.2.4 > I replaced hard disk with SSD > Installed fresh 32-bit 2.3.2 > Installed packages > imported config > > The 3 openvpn clients logged back in with no

Re: [pfSense] CARP/DHCP

2016-07-28 Thread Chris Buechler
On Thu, Jul 28, 2016 at 8:10 AM, scorpions floripa wrote: > Good Morning > > > The dhcp in secondary carp is even distributing IP with the active > master . Anyone know how to solve this ? > It's not a problem, that's how it's supposed to work.

Re: [pfSense] yesterday update to 2.3.2 has not worked - these machines now can not update any more

2016-07-27 Thread Chris Buechler
On Wed, Jul 27, 2016 at 8:53 AM, WolfSec-Support wrote: > Hi Jim > > Many thanks for your hint. > Well it is still not working. > > See: > Updating repositories metadata... > Updating pfSense-core repository catalogue... > pfSense-core repository is up-to-date. > Updating

Re: [pfSense] Lightning strike

2016-07-26 Thread Chris Buechler
On Tue, Jul 26, 2016 at 7:43 PM, Volker Kuhlmann wrote: > On Tue 26 Jul 2016 09:41:37 NZST +1200, Karl Fife wrote: > >> Interesting how it failed: The fried port 'simply' broke >> connectivity for the interface's LAN segment. Everything else >> continued to work. I kinda

[pfSense] 2.3.2-RELEASE Now Available!

2016-07-25 Thread Chris Buechler
We are happy to announce the release of pfSense® software version 2.3.2! This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. You can find all the details on the blog. https://blog.pfsense.org/?p=2108 ___ pfSense mailing

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Chris Buechler
On Fri, Jul 15, 2016 at 2:08 PM, Marc R. Meshurle Jr. wrote: > x.x.x.x is the PFSense and y.y.y.y is the Cisco > > Jul 16 00:05:54 charon: 11[IKE] deleting IKE_SA con2000[673] > between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:54 charon: 11[IKE]

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

2016-07-15 Thread Chris Buechler
On Fri, Jul 15, 2016 at 11:32 AM, Marc R. Meshurle Jr. wrote: > I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with > the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've > matched the Phase 2 proposals up and it still fails on

Re: [pfSense] connect more than 255 clients + server ppoe

2016-07-12 Thread Chris Buechler
On Tue, Jul 12, 2016 at 3:12 PM, sp1b0t wrote: > Hello > > You can connect more than 255 clients in a server ppoe pfsense? > Not without hacking the source, though that should work if you do so. No limitation in the underlying mpd that runs the PPPoE server, people apparently

Re: [pfSense] 2 server ppoe on the same interface

2016-07-12 Thread Chris Buechler
On Tue, Jul 12, 2016 at 3:10 PM, sp1b0t wrote: > Hi. > You can create 2 servers on the same interface pppoe? No. Wouldn't be possible to differentiate which should answer. ___ pfSense mailing list

Re: [pfSense] 502 Bad Gateway

2016-07-08 Thread Chris Buechler
On Thu, Jul 7, 2016 at 1:16 PM, Bill Arlofski wrote: > On 07/07/2016 08:09 AM, Jon Gerdes wrote: >> Bill >> >> I maybe off target here but the IPSEC widget used to cause php-fpm >> daemon to die after a few days. >> >> I haven't looked into it since but removing that

Re: [pfSense] DMZ not working since upgrade 2.3

2016-06-30 Thread Chris Buechler
On Wed, Jun 29, 2016 at 8:27 AM, Jean-Laurent Ivars wrote: > Hello Piba (and anyone else…) > > Sorry for not having answered before… > > To answer you questions, firstly, I’m not in a datacenter, only a client > offices with different ISP. > > I agree with you double NAT is

Re: [pfSense] Setup DNS question

2016-06-25 Thread Chris Buechler
On Fri, Jun 24, 2016 at 5:35 PM, Richard A. Relph wrote: > Brand new pfSense user here… setting up a VMWare system after upgrading it to > 2.3.1_5, doing a reset to factory config, and restarting the web configurator. > I get to this point: > > > and what I want to say is

Re: [pfSense] CPU Utilization on landing page

2016-06-25 Thread Chris Buechler
On Fri, Jun 24, 2016 at 12:46 PM, Karl Fife wrote: > Scaling down the update frequency on the traffic graphs seems to > meaningfully reduce utilization. Many other widgets don't appear to have > have settings for their poll intervals. Are there other settings hidden > away

Re: [pfSense] PCI/PCIe crypto cards?

2016-06-25 Thread Chris Buechler
On Fri, Jun 24, 2016 at 6:15 PM, Cheyenne Deal wrote: > Is there a list of working crypto cards for x86 and 64bit PC versions of > pfsense 2.3 release line? https://www.freebsd.org/releases/10.3R/hardware.html#crypto-accel Though AES-NI is your best bet at this point.

Re: [pfSense] Traffic Limiter name change

2016-06-25 Thread Chris Buechler
On Fri, Jun 24, 2016 at 1:01 PM, Karl Fife wrote: > We've entered the wonderful world of the traffic limiters. Specifically, we > put FACEBOOK subnets through a comparatively skinny pipe. This is done to > make it JUST a bit too painful to look at kitten photos, but perfectly

Re: [pfSense] CPU Utilization on landing page

2016-06-23 Thread Chris Buechler
On Thu, Jun 23, 2016 at 11:55 AM, Karl Fife wrote: > Ever since upgrading to 2.3, I notice that the CPU utilization is uncommonly > high when a browser is pointed at the Status / Dashboard. > > Naturally, this is the php-fpm process. Each instance of php-fpm runs at > between

Re: [pfSense] IPSEC Issue

2016-06-01 Thread Chris Buechler
On Tue, May 31, 2016 at 2:46 AM, Daniel Eschner wrote: > Hi There, > > i get since some days a couple of errors: > > May 31 09:42:40 gw01 charon: 08[KNL] unable to query SAD entry > with SPI c6bce4d4: No such file or directory (2) > May 31 09:42:49 gw01 charon:

Re: [pfSense] Turning UDP broadcast into a unicast on anotherinterface

2016-06-01 Thread Chris Buechler
On Wed, Jun 1, 2016 at 8:00 AM, Jason Pyeron wrote: >> -Original Message- >> From: On Behalf Of Jim Thompson >> Sent: Tuesday, October 02, 2012 19:24 >> Subject: [pfSense] Turning UDP broadcast into a unicast on another > interface >> >> Without writing a small program?

Re: [pfSense] Strange fe80::1:1 link-local address on LAN interface

2016-05-27 Thread Chris Buechler
On Thu, May 26, 2016 at 6:03 AM, Olivier Mascia wrote: > LAN Interface (lan, igb0) > Status up > MAC Address 00:08:a2:09:58:96 > IPv4 Address10.32.0.1 > Subnet mask IPv4255.255.0.0 > IPv6 Link Local fe80::1:1%igb0 (???) >

Re: [pfSense] USB hard drive on SG-2220

2016-05-27 Thread Chris Buechler
On Fri, May 27, 2016 at 10:00 PM, Walter Parker wrote: > Hi, > > I just plugged a small WDC USB 2.0 hard drive into my pfSense firewall as > an external, second drive and everything booted: > da1 at umass-sim1 bus 1 scbus7 target 0 lun 0 > da1: Fixed Direct Access SCSI device

Re: [pfSense] How to manually update 2.3 onwards?

2016-05-25 Thread Chris Buechler
On Tue, May 24, 2016 at 8:08 AM, Pete Boyd wrote: > I have a pfSense 2.3.0_1 which has had an issue connecting to > pfsense.com to check for updates for years. That's not the issue, as far > as I believe. Perhaps its LAN and WAN are mistakenly the wrong way > around.

Re: [pfSense] Update 2.3_1 to 2.3.1 failed

2016-05-24 Thread Chris Buechler
On Tue, May 24, 2016 at 6:47 PM, Jeppe Øland wrote: > Is the "NanoBSD filesystem is mounted r/w" a temporary thing until you fix > these issues? > No. The issue is some flash media is really slow to rw->ro mount. We used to carry a forcesync patch to forcefully un-mount it

Re: [pfSense] Update 2.3_1 to 2.3.1 failed

2016-05-24 Thread Chris Buechler
On Tue, May 24, 2016 at 2:47 PM, Karl Fife <karlf...@gmail.com> wrote: > On 5/24/2016 2:30 PM, Chris Buechler wrote: >> >> On Tue, May 24, 2016 at 2:25 PM, WebDawg <webd...@gmail.com> wrote: >>> >>> On Tue, May 24, 2016 at 2:18 PM, Chris Buechler <

Re: [pfSense] Update 2.3_1 to 2.3.1 failed

2016-05-24 Thread Chris Buechler
On Tue, May 24, 2016 at 2:25 PM, WebDawg <webd...@gmail.com> wrote: > On Tue, May 24, 2016 at 2:18 PM, Chris Buechler <c...@pfsense.com> wrote: > >> On Tue, May 24, 2016 at 1:28 PM, WebDawg <webd...@gmail.com> wrote: >> > On Tue, May 24, 2016 at 11:34 AM, Chr

Re: [pfSense] Update 2.3_1 to 2.3.1 failed

2016-05-24 Thread Chris Buechler
On Tue, May 24, 2016 at 1:28 PM, WebDawg <webd...@gmail.com> wrote: > On Tue, May 24, 2016 at 11:34 AM, Chris Buechler <c...@pfsense.com> wrote: > >> On Tue, May 24, 2016 at 5:33 AM, OSN | Marian Fischer <m...@osn.de> wrote: >> > Hi list, >> > >

Re: [pfSense] Why can't we define a point-to-point OpenVPN using only IPv6?

2016-05-24 Thread Chris Buechler
On Tue, May 24, 2016 at 11:57 AM, Olivier Mascia wrote: >> Le 24 mai 2016 à 17:56, Doug Lytle a écrit : >> >>> Is the IPv4 requirement something thats planned to be removed in future >>> releases? >>> >>> I don't assume many people have adopted IPv6 yet. >>

Re: [pfSense] Update 2.3_1 to 2.3.1 failed

2016-05-24 Thread Chris Buechler
On Tue, May 24, 2016 at 5:33 AM, OSN | Marian Fischer wrote: > Hi list, > > when i try to update one carp member from 2.3_1 to the latest update (2.3.1) > it fails after > > # snip > Updating pfSense-core repository catalogue... > Unable to update repository pfSense-core > Updating

Re: [pfSense] 2.3_1 ?

2016-05-05 Thread Chris Buechler
On Thu, May 5, 2016 at 3:11 PM, Bob Gustafson wrote: > On 05/05/2016 02:35 PM, Larry Rosenman wrote: > >> On 2016-05-05 14:23, Bob Gustafson wrote: >>> >>> On 05/05/2016 02:05 PM, Jim Thompson wrote: > > On May 5, 2016, at 6:26 AM, Paul Mather

Re: [pfSense] 2.3 show stopper -- in most cases openvpn client specific overrides will fail to send proper iroute/push route

2016-05-04 Thread Chris Buechler
On Tue, May 3, 2016 at 5:43 AM, Philipp Tölke wrote: > Hi everyone, > > just FYI, I also had to un-check "Address Pool" for our vpn with > "Static-IP-Overrides". > You probably should just set it back to net30 as noted in my last post in this thread.

Re: [pfSense] pf2ad update to pfSense 2.3

2016-05-01 Thread Chris Buechler
On Sun, May 1, 2016 at 3:01 AM, Odhiambo Washington wrote: > But he doesn't force anyone to install this. I see no reason to ban him > from posting or even the forum. Open Source was for the willing, IIRC. > Not saying he can't do it. He can't use our resources to promote it,

Re: [pfSense] pf2ad update to pfSense 2.3

2016-05-01 Thread Chris Buechler
On Sun, May 1, 2016 at 1:58 AM, Luiz Gustavo S. Costa <luizgust...@luizgustavo.pro.br> wrote: > 2016-05-01 3:35 GMT-03:00 Chris Buechler <c...@pfsense.com>: > >> people's systems. He's been told again to not post about this to our >> lists or forum, next time

Re: [pfSense] pf2ad update to pfSense 2.3

2016-05-01 Thread Chris Buechler
On Sun, Apr 17, 2016 at 1:01 PM, WebDawg wrote: > On Fri, Apr 15, 2016 at 12:39 PM, Luiz Gustavo S. Costa < > luizgust...@luizgustavo.pro.br> wrote: > >> Hello, >> >> Who wants to go now testing the pf2ad update to pfSense 2.3 can now >> apply the script with the following

Re: [pfSense] DNS secondary server on 2.3?

2016-04-28 Thread Chris Buechler
On Thu, Apr 28, 2016 at 10:21 AM, Adam Thompson wrote: > OK, I'm lost... In v2.3, what service, and/or where in the GUI, should I go > to make pfSense act as a slave (authoritative) DNS server? > No such capability. Neither dnsmasq nor unbound are authoritative servers.

Re: [pfSense] CARP and both IPv4 and IPv6: do they live together?

2016-04-27 Thread Chris Buechler
On Tue, Apr 26, 2016 at 7:38 AM, Olivier Mascia wrote: >> Le 26 avr. 2016 à 00:37, Olivier Mascia a écrit : >> >> It looks like as soon as I bring IPv6 to the party, my secondary starts >> thinking it's MASTER instead of BACKUP. Sometimes on the WAN side,

Re: [pfSense] IPV6 WAN/LAN routing

2016-04-20 Thread Chris Buechler
On Wed, Apr 20, 2016 at 4:53 PM, Olivier Mascia wrote: >>> I must be tired or something but I have a strange thing with IPv6 on a new >>> box I just setup. >>> >>> Have a x:y:z:d800::/56 routed to me. >>> WAN is static IPv6 on x:y:z:d800::1/64, gateway is >>>

Re: [pfSense] Ambiguous gateway monitoring

2016-04-15 Thread Chris Buechler
On Fri, Apr 15, 2016 at 12:31 PM, Karl Fife wrote: > I'm bringing this up in the off chance that it is a bug. I think it might > be expected behavior but want to bounce it off a few others. > > I have an installation with two fiber uplinks. Each uplink has an IP on the >

Re: [pfSense] pfSnese 2.3 unresponsive on

2016-04-15 Thread Chris Buechler
On Wed, Apr 13, 2016 at 6:11 PM, Rosen Iliev wrote: > Hi guys, > > Just upgraded my embedded pfsense to 2.3. > I have problems getting to the box (web or ssh) it just time outs. > On the web I sometime I get Nginx 504, sometime, just nothing. > Eventually I got logged in, try to

Re: [pfSense] Upgrade from 2.2.x to 2.3 - upgrading formware since almost 7 hours.

2016-04-15 Thread Chris Buechler
On Thu, Apr 14, 2016 at 1:57 PM, WebDawg wrote: > On Thu, Apr 14, 2016 at 1:53 PM, J. Echter < > j.ech...@echter-kuechen-elektro.de> wrote: > >> Am 14.04.2016 um 19:32 schrieb J. Echter: >> > Hi, >> > >> > here, everything works as expected. :) >> > >> > But i have a upgrade

Re: [pfSense] 2.3.1 -> 2.3 ?

2016-04-13 Thread Chris Buechler
On Wed, Apr 13, 2016 at 4:53 AM, Olivier Mascia wrote: > Hello, > > I had a 2.3 RC installed and (mistakenly) let it auto-upgrade some hours ago. > It went straight to some 2.3.1 DEV instead of 2.3 REL as I expected (my > mistake). Is there any appropriate way to come back to

Re: [pfSense] vmware tools

2016-04-13 Thread Chris Buechler
On Wed, Apr 13, 2016 at 5:12 AM, Olivier Mascia wrote: > Reading this: https://doc.pfsense.org/index.php/Open_VM_Tools_package > after package installation and reboot, > > ps uxawww | grep vmware > > gives me this output which differs from the doc.pfsense.org article: > > root

Re: [pfSense] 2.3 - webConfigurator Fails

2016-04-13 Thread Chris Buechler
On Wed, Apr 13, 2016 at 5:46 PM, David White wrote: > I just upgraded to 2.3, and internet seems to be working fine, but the > webConfigurator is failing. > > pfSense is running on some older x86 hardware. Checking the system.log, I > see this entry: > > php-cgi: rc.bootup:

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

2016-04-13 Thread Chris Buechler
On Wed, Apr 13, 2016 at 5:17 PM, Steve Yates wrote: > I should restate/clarify that I was looking at the > https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes > page which mentions the package system changed but doesn't specifically > mention the below Good point,

Re: [pfSense] 2.3 show stopper -- in most cases openvpn client specific overrides will fail to send proper iroute/push route

2016-04-13 Thread Chris Buechler
On Wed, Apr 13, 2016 at 6:08 AM, mayak wrote: > hi all , > > openvpn will fail on v2.3 if you are using `client specific overrides` where > `iroute` and `push route` are being used: > > if the `tunnel network` is: > 10.16.52.8/30 > > and the `advanced section`: > iroute

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

2016-04-13 Thread Chris Buechler
On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates wrote: > The release notes don't mention specific package compatibility Yes it does. "Packages The list of available packages in pfSense 2.3 has been significantly trimmed. We have removed packages that have been deprecated

Re: [pfSense] pfSense 2.3 "Secure Connection Failed"

2016-04-12 Thread Chris Buechler
On Tue, Apr 12, 2016 at 4:50 PM, Pete Boyd wrote: > What is the change in 2.3.0 that means that Firefox 38 ESR now gives me > this message when trying to login using the GUI on 2 of 3 systems I have > upgraded from 2.2.6 so far, via OpenVPN: > > "Secure Connection

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-12 Thread Chris Buechler
On Wed, Feb 10, 2016 at 3:47 PM, Romain Lapoux wrote: > I am not agree, because how do you explain that all works correctly when I > disable only the firewall feature in pfSense ? > Because stateful firewalls must see both directions of traffic. If you'd just fix

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-10 Thread Chris Buechler
On Sun, Feb 7, 2016 at 12:24 PM, Romain Lapoux wrote: > My last test in conservation optimization, if I upload files with 4 parallel > connections, it drop each in less 10 seconds. > (And don't free them on backend server, they stay ESTABLISHED in netstat. > More

Re: [pfSense] Suricata sync crashes WebConfigurator, and other issues

2016-01-16 Thread Chris Buechler
On Fri, Jan 15, 2016 at 11:59 PM, Steve Yates wrote: > I don't like leaving things not fully stable so I bit the bullet and > clicked "Remove Enable/Disable changes in the current Category" so it would > at least sync. To my surprise it did not help, even after doing

Re: [pfSense] 2.2.6-RELEASE Now Available!

2015-12-22 Thread Chris Buechler
On Tue, Dec 22, 2015 at 3:48 AM, Victor Padro <vpa...@gmail.com> wrote: > Blog's greatest public annoucement. > > Error establishing a database connection > Oops, fixed. > On Tue, Dec 22, 2015 at 3:04 AM, Chris Buechler <c...@pfsense.com> wrote: > >> pf

[pfSense] 2.2.6-RELEASE Now Available!

2015-12-22 Thread Chris Buechler
pfSense® software version 2.2.6 is now available. This release includes a few bug fixes and security updates. You can find all the details in the release announcement on our blog. https://blog.pfsense.org/?p=1971 Happy holidays, everyone! Enjoy, Chris

Re: [pfSense] CARP / XMLRPC sync problem

2015-12-22 Thread Chris Buechler
On Thu, Dec 17, 2015 at 2:17 AM, Mário Barbosa wrote: > Hello everyone, > > I'm getting this notice every time I try syncing two pfsense routers. > > "An error code was received while attempting XMLRPC sync with username > admin http://192.168.4.2:80 - Code 6: The

Re: [pfSense] HAproxy question

2015-12-12 Thread Chris Buechler
On Fri, Dec 11, 2015 at 9:14 AM, C. R. Oldham wrote: > Greetings, > > We've recently replaced both our routers with pfSense. I am using tinc for > site-to-site VPN and OpenVPN for clients to connect. > > Since some of our support engineers often end up onsite with customers, I >

Re: [pfSense] Enable bypass for LAN interface IP not working? ver 2.2.5

2015-11-24 Thread Chris Buechler
It's there and it works (from the LAN subnet to the LAN subnet is skipped). Check the first config entry in /var/etc/ipsec/ipsec.conf. On Mon, Nov 23, 2015 at 11:08 AM, Nicolas Fabris wrote: > Hi folks! How are you? > > Nobody? > > Thksss!!! > >

Re: [pfSense] Latency issues with 2.2.25 Release

2015-11-12 Thread Chris Buechler
On Wed, Nov 11, 2015 at 9:47 AM, Wade Blackwell wrote: > Good morning list, >I recently upgraded to *2.2.5-RELEASE * (amd64) on a VMware stack > and noticed that my Wan latency shot up by about 100ms rtt. Nothing else on > the box had changed. I reverted to a pre-upgrade

Re: [pfSense] Please support, pdo and mysqli extensions of php on pfsense new release

2015-10-29 Thread Chris Buechler
On Wed, Oct 28, 2015 at 6:35 PM, Ceylan BOZOĞULLARINDAN wrote: > Hello, > > I am working for three days on add pdo_mysql and mysqli extensions on > pfsense 2.2.4 php. But i didn't. I need to connect database with using > mysqli or pdo instead of mysql. Let me

Re: [pfSense] Backup/Restore to another router

2015-10-26 Thread Chris Buechler
On Mon, Oct 26, 2015 at 12:26 PM, Edward Holcroft wrote: > Hello list > > I am setting up my second pfSense box, with a view to eventually replacing > 20 Pelink Balance routers on my network. > > The first one works great and I have IPSec tunnels working between it and > all

Re: [pfSense] Has anybody experiance with installing on Openstack?

2015-10-23 Thread Chris Buechler
On Thu, Oct 22, 2015 at 4:19 PM, WebDawg wrote: > On Wed, Oct 21, 2015 at 9:52 PM, Frank Lowe > wrote: > >> I am trying to do this now. I have Pfsense working in proxmox. I now have >> an Openstack cloud controller running comput and neutron(single

Re: [pfSense] Problem with a second pfSense in LAN

2015-10-13 Thread Chris Buechler
On Thu, Oct 8, 2015 at 7:31 AM, Lorenzo Milesi wrote: > hi. > My office pfsense happily works with an IPv6 tunnel since months. > right now I'm preparing a new server in my lab, and it's running pfSense > 2.2.4. > I don't have IPv6 enabled on this new box, nor DHCP of any

Re: [pfSense] Unbound DHCP leases refresh

2015-09-17 Thread Chris Buechler
On Thu, Sep 17, 2015 at 6:58 AM, Tom Fanning wrote: > Quick question regarding the unbound resolver. > > I can't find it documented anywhere how often unbound refreshes the DHCP > leases table. > Instantaneously, normally. There is this situation though where it's not

Re: [pfSense] domain override: multiple IPs?

2015-09-14 Thread Chris Buechler
On Mon, Sep 14, 2015 at 5:41 PM, Erik Anderson wrote: > Hello all - > > We're running 2.2.4. > > We have a domain override in our DNS Forwarder for our Active > Directory domain. Is there any way to provide multiple IP addresses > for this override? For obvious reasons, I'd

Re: [pfSense] Why no dnssec in dnsmasq by default?

2015-08-24 Thread Chris Buechler
On Sun, Aug 23, 2015 at 9:28 AM, Adrian Zaugg a...@ente.limmat.ch wrote: Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 to dnsmasq in pfSense makes dnsmasq dnsssec

Re: [pfSense] GUI performance on an ALIX 2d3

2015-08-13 Thread Chris Buechler
On Thu, Aug 13, 2015 at 4:50 PM, Rainer Duffner rai...@ultra-secure.de wrote: Mine is a 2D1 (apparently) and has only 128 MB RAM - which apparently is too little these days. Since 2.2.4, I get a warning in the GUI - but because I do nothing fancy with it, I don’t see any slowdowns.

Re: [pfSense] Got an alert after updating to 2.2.4

2015-07-31 Thread Chris Buechler
On Thu, Jul 30, 2015 at 5:34 PM, Rainer Duffner rai...@ultra-secure.de wrote: php: rc.bootup: New alert found: pfSense requires at least 128 MB of RAM. Expect unusual performance. This platform is not supported. I have an Alix board: CPU: Geode(TM) Integrated Processor by AMD PCS

Re: [pfSense] weakness reported by scanner in pfsense

2015-07-30 Thread Chris Buechler
On Thu, Jul 30, 2015 at 12:54 PM, Ted Byers r.ted.by...@gmail.com wrote: How do we deal with this: TCP/IP Initial Sequence Number (ISN) Reuse Weakness Ask your scanner vendor. That check blindly trusts OS identification in a case where it's just making a guess at the OS (of OpenBSD 4.0 as the

Re: [pfSense] Connect pfSense as client to a Hotel WLAN?

2015-07-30 Thread Chris Buechler
On Wed, Jul 29, 2015 at 7:59 PM, Ray r...@renegade.zapto.org wrote: Hi, I run pfSense on a few ALIX boxes, usually as tunnel end and as access point. When I can plug one of these machines into any (wired) network, I have easy access to my home network through the private WLAN the ALIX

Re: [pfSense] DHCP Relay attaching to wrong interface

2015-07-30 Thread Chris Buechler
On Sat, Jul 25, 2015 at 8:06 AM, Juan Bernhard j...@inti.gob.ar wrote: Hi list, first I want to congratulates all pfsense developoers for this magnificent piece of software. I think I found a simple bug: I configuring a pfsense in a single server to replace a cisco 2821 and an asa 5520, and

Re: [pfSense] Problem with load vpn status

2015-07-30 Thread Chris Buechler
On Wed, Jul 29, 2015 at 2:18 PM, Edward Josette Ortega Salas edward.jose...@gmail.com wrote: Hi!. Yes, it was quick: - For setkey -D its took: 0.253u 0.276s 0:31.37 1.6% 93+178k 0+0io 0pf+0w - And for setkey -DP: 0.017u 0.008s 0:00.02 50.0% 204+408k 0+0io 0pf+0w And.. we are talking

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

2015-07-24 Thread Chris Buechler
On Fri, Jul 24, 2015 at 3:51 PM, Ted Byers r.ted.by...@gmail.com wrote: I have checked our installation of our website (a classic protected LAN with a DMZ formed by two pfsense machines serving as our inner and outer firewall, and one machine in the DMZ and the rest behind the inner firewall)

Re: [pfSense] 2.1.4-RELEASE to 2.2.3 problems

2015-07-21 Thread Chris Buechler
On Tue, Jul 21, 2015 at 2:39 PM, Zach Underwood zunder1...@gmail.com wrote: Lastnight/this morning we upgraded pfsense from 2.1.4 to 2.2.3 We are having problems will ssh and siproxd. We are unable to ssh to the box and ssh on the service tab will not start. Is this nanobsd or a full

Re: [pfSense] Any update on 2.2.4?

2015-07-17 Thread Chris Buechler
On Thu, Jul 16, 2015 at 4:22 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: For those of us with IPsec needs: is there an update on the release of 2.2.4? I’m avoiding upgrading my secondary firewall because I cannot afford to lose some basic VPN functionality. Right now we're working through

Re: [pfSense] Issue with Layer 7

2015-07-14 Thread Chris Buechler
On Tue, Jul 14, 2015 at 5:20 AM, Joy pj.netfil...@gmail.com wrote: Hi, i am using latest version of pfsense 2.2.3 after upgrade from 2.1.5. In 2.1.5 my layer 7 filtration was working perfectly while enabling the same in 2.2.3 not allowing traffic to go outside. Please let me know what

Re: [pfSense] Cannot Spoof MAC

2015-07-11 Thread Chris Buechler
On Sat, Jul 11, 2015 at 10:13 AM, Doug Lytle supp...@drdos.info wrote: Everyone, I talked a small automotive shop into replacing their aging pfSense computer with a GA-J1900N-D3V. They purchased an all-in-one unit from mini-box.com

Re: [pfSense] Upgrade 2.2.2-2.2.3 and OpenVPN Client Export Utility

2015-07-06 Thread Chris Buechler
On Fri, Jul 3, 2015 at 3:16 AM, Микаел Бак mikael@yandex.ru wrote: Hi list, I run pfsense nanobsd (1g) on an old PC Engines ALIX board with 256MB RAM. After upgrading to v2.2.3 my only installed package OpenVPN Client Export Utility and its dependencies disappeared. I tried to

Re: [pfSense] Loading pfSense on Netgate 1U rack mount server c2758

2015-07-02 Thread Chris Buechler
On Thu, Jul 2, 2015 at 1:31 PM, Paul Upson pmup...@thewestmoreland.org wrote: I recently purchased this device and am now trying to load pfSense onto it using a usb stick. Each time the load fails with the following error. Mounting from cd9660:/dev/iso9660/PFSENSE fails with error 19. I found a

Re: [pfSense] Internal Clock Broke

2015-06-29 Thread Chris Buechler
On Sat, Jun 27, 2015 at 7:27 PM, Ryan Clough ryan.clo...@dsic.com wrote: Check your Timezone on the System::General Settings page. After I upgraded it had been reset to Africa/Abidjan. 2.2.3 got updated tz data. That's what would happen if you were using a timezone that's no longer included in

Re: [pfSense] Dashboard Source

2015-06-11 Thread Chris Buechler
On Thu, Jun 11, 2015 at 12:10 PM, Mehma Sarja mehmasa...@gmail.com wrote: Hi all, If available open source, can someone point me to the source directory for the pfs dashboard? For 2.2.x: https://github.com/pfsense/pfsense/tree/RELENG_2_2/usr/local/www

Re: [pfSense] IPv6 Router Advertisement DNS

2015-06-04 Thread Chris Buechler
On Wed, Jun 3, 2015 at 4:19 AM, İhsan Doğan ih...@dogan.ch wrote: Hi, I'm running IPv6 on my LAN interface and I'm experiencing some weird IPv6 Router advertisement issues. When I look at at Router Advertisement Daemon configuration, only the prefix and the DNS domain should be sent: #

Re: [pfSense] Remote syslog logging keeps stopping

2015-05-11 Thread Chris Buechler
On Mon, May 4, 2015 at 1:25 AM, Volker Kuhlmann list0...@paradise.net.nz wrote: I noticed that after a re-install of 2.2.2 (with sections of config file from 2.1.5 and several reboots) syslog to remote was not sending any data. The settings at https://fw.site/diag_logs_settings.php were all

Re: [pfSense] 1 of 8 phase2 tunnel will not come up

2015-04-29 Thread Chris Buechler
On Wed, Apr 29, 2015 at 1:22 PM, Christoph Hanle christoph.ha...@leinpfad.de wrote: On 28/04/15 22:34, Christoph Hanle wrote: Hi, we are getting crazy with one tunnel our system pfSense 2.2 failover cluster other side a bigger Juniper. VPN with 6 tunnels was up. the 7th tunnel (10.2.2.55)

Re: [pfSense] pf(4) relative performance: opinions?

2015-04-12 Thread Chris Buechler
On Sat, Apr 11, 2015 at 10:14 PM, Jim Thompson j...@netgate.com wrote: George Neville-Neil and I presented a paper at AsiaBSDcon last month. Slides and paper are attached. Attachments exceeded the list's size limit and somehow got dropped in approving the post, they're available here:

Re: [pfSense] testing email

2015-04-08 Thread Chris Buechler
This should be fixed. mailer-daemon@ ended up as a list member in mailman, AFAICT from day one of this list, but in the past few days ended up being spoofed to send a couple viruses to the list. Those messages bounced for a number of people, and mailman can't differentiate between what type of

Re: [pfSense] Odd problem with the Bing website

2015-04-02 Thread Chris Buechler
On Thu, Apr 2, 2015 at 8:05 PM, Peder Rovelstad provels...@comcast.net wrote: Looks like this is probably Snort associated. Same symptom on another site just now traffic from Akamai. I'll figure it out. Thanks for reading. That would add up. Where nothing replies to traceroute like you were

Re: [pfSense] GRE between 2 pfsense boxes

2015-03-30 Thread Chris Buechler
On Mon, Mar 30, 2015 at 6:40 AM, Adam Thompson athom...@athompso.net wrote: OpenVPN is good at getting unicast IP traffic from A to B, but it's difficult to, say, run OSPF over it. There are reasons, but that's not one of them. Lots of people run OSPF over OpenVPN.

Re: [pfSense] 2.2.1 Site-to-Site IPsec VPN Connection Instability

2015-03-26 Thread Chris Buechler
On Mon, Mar 23, 2015 at 9:34 AM, Christopher CUSE cc...@ccuse.com wrote: On 03/23/2015 03:03 PM, mayak wrote: On 03/22/2015 12:38 AM, Bryan D. wrote: We've had a pfSense-to-pfSense always on IPsec VPN connecting 2 offices since 2008 (pfSense 1.2 IIRC) and it's: - been ultra reliable (if

Re: [pfSense] 2.2.1 serial console menu different on some boxes

2015-03-24 Thread Chris Buechler
On Tue, Mar 24, 2015 at 8:27 AM, Vick Khera vi...@khera.org wrote: On two of my firewalls upgraded to 2.2.1, I see three options in Advanced-Admin Access menu serial communications menu: Serial Terminal *Enables the first serial port with 115200/8/N/1 by default, or another speed selectable

Re: [pfSense] ipsec and multi-wan

2015-03-23 Thread Chris Buechler
On Thu, Mar 19, 2015 at 12:48 PM, Gregory K Shenaut gkshen...@ucdavis.edu wrote: Hi, I have a system with two sites. One of the sites has two WAN connections, the other one. I have an IPSEC tunnel passing all traffic between the two sites. I'm having some difficulty with site-to-site access.

Re: [pfSense] 2.2.1 Site-to-Site IPsec VPN Connection Instability

2015-03-23 Thread Chris Buechler
There's nothing to go on to offer any worthwhile suggestions. IPsec logs best place to start. On Mon, Mar 23, 2015 at 6:02 PM, Bryan D. pfse...@derman.com wrote: FWIW, since my original report, I've noticed some other things: - since it's not yet deployed, the v2.2.1 (at both ends)

Re: [pfSense] 2.2.1-RELEASE sudo issues?

2015-03-17 Thread Chris Buechler
On Tue, Mar 17, 2015 at 3:48 PM, Manojav Sridhar mano...@manojav.com wrote: Just upgraded my pfsense to 2.2.1-RELEASE, [2.2.1-RELEASE][user@host]/usr/lib: sudo Shared object libintl.so.9 not found, required by sudo Cant seem to fin the libintl.so.9, this breaks the sudo package. Anyone else

[pfSense] 2.2.1-RELEASE now available

2015-03-17 Thread Chris Buechler
Since I know a number of you don't necessarily watch the blog and may not be on the announcements list. 2.2.1-RELEASE is now available. You'll find the details in the release notes on the blog. https://blog.pfsense.org/?p=1661 ___ pfSense mailing list

Re: [pfSense] default firewall rules

2015-02-26 Thread Chris Buechler
On 2/26/2015 6:19 PM, Randy Bush wrote: could someone whack me with a clue bat as to why the default install has filters for rfc1918 space yet does not filter being an open dns resolver on the wan? and there is a check-box for the former and not the latter (that i could see/understand).

Re: [pfSense] no stable ipsec connection after upgrade to 2.2

2015-02-25 Thread Chris Buechler
On Wed, Feb 25, 2015 at 9:02 AM, compdoc comp...@hotrodpc.com wrote: peer client ID returned doesn't match my proposal I have two ipsec tunnels and after the upgrade, for one tunnel I had to change the 'Peer identifier' on my side to use the IP address it was seeing. Been working great

Re: [pfSense] pfsense 2.2 Strongswan rekeying issues

2015-02-24 Thread Chris Buechler
On Tue, Feb 24, 2015 at 8:02 AM, Brian Candler b.cand...@pobox.com wrote: We appear to have the same problem here after upgrading a box from pfSense 2.1.5 to 2.2. The other side is a Cisco ASA5505. X.X.X.219 = pfSense, internal subnet 10.19.0.0/16 Y.Y.Y.155 = Cisco, internal subnet

Re: [pfSense] How do I stop noise to logs

2015-02-23 Thread Chris Buechler
On Mon, Feb 23, 2015 at 10:48 AM, Tim Hogan t...@hoganzoo.com wrote: Ed, I have version 2.1.46.30093 installed on my NAS which is newer than the link below. I have also discovered burred under the noise being created by the NAS that I have one other device also generating the same type of

Re: [pfSense] Suddenly getting pfi_table_update errors

2015-02-17 Thread Chris Buechler
On Tue, Feb 17, 2015 at 10:22 PM, Bryan D. pfse...@derman.com wrote: I have a relatively low-traffic pfSense 2.1.5 i386 setup on a system with 1.5 GB of memory that always shows 50% used. This setup has normally been reliable but, since upgrading to 2.1.5, today is the 4th time I've run

Re: [pfSense] OpenVPN (pfSense 2.1.5-RELEASE) - VoIP Phone Issues

2015-02-17 Thread Chris Buechler
On Tue, Feb 17, 2015 at 9:50 PM, Chuck Mariotti cmario...@xunity.com wrote: I have 4 Yealink T46G phones, 3 on one network (problematic), 1 on a separate network… all phones are OpenVPNing into pfSense box at datacenter… then using a phone system through the OpenVPN connection. The

Re: [pfSense] OpenVPN (pfSense 2.1.5-RELEASE) - VoIP Phone Issues

2015-02-17 Thread Chris Buechler
On Tue, Feb 17, 2015 at 11:13 PM, Chuck Mariotti cmario...@xunity.com wrote: Think you forgot the logs. That should be enough of a summary to have a good idea though. What's the firewall/router/NAT device on the network where the 3 phones reside? That sounds like what could happen with a NAT

Re: [pfSense] pfsense 2.2 Strongswan rekeying issues

2015-02-15 Thread Chris Buechler
On Sun, Feb 15, 2015 at 12:37 PM, Mark Relf mark.r...@4slgroup.com wrote: Hi all, We are experiencing a number of issues with IPSEC tunnels rekeying. We see the following in the IPSEC log : Feb 15 17:30:45 4slgbmernfw01 charon: 13[IKE] con1000|1080 received INVALID_ID_INFORMATION

Re: [pfSense] Unbound error in 2.2

2015-02-03 Thread Chris Buechler
That's what you would end up with if you have 2.1.x's dhcpleases binary running on 2.2, and I can't think of any other circumstance that would cause something along those lines. The former version didn't have the -u flag for unbound. Shouldn't be any way for that to occur short of manual

Re: [pfSense] 2.2-RELEASE now available!

2015-01-29 Thread Chris Buechler
Hey Seth, On Mon, Jan 26, 2015 at 8:38 AM, Seth Mos seth@dds.nl wrote: Sorry to reply to myself here, but 2.2 in combination with the Intel X540-2 card isn't very stable. The card keeps dropping the Phy which is fine on 2.1.5. That's surprising, we've seen much better results on our

Re: [pfSense] Problem upgrading pfSense on Sun Fire x4100

2015-01-29 Thread Chris Buechler
On Wed, Jan 28, 2015 at 6:37 AM, Toni Garcia toni.gar...@sistel.es wrote: well, no kernel crash ? no kernel crash after upgrade answering myself, seems to be this problem: https://redmine.pfsense.org/issues/3749 It's definitely not that problem, that was specific to 2.2 alpha snapshots

  1   2   3   4   >