Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

>>> I have one site working. But when I try to connect the second site it kills >>> the first. I don't have anything written up, but I have this set up at home. Three remote sites connect to me. You need to make sure you issue different certificates to each end point, if you're sharing

[pfSense] pfSense 2.4.2 release

I just noted that it's out. pfSense 2.4.2 Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Error Captive Portal

On 11/16/2017 01:28 AM, Kleber Carvalho wrote: Any idea what can I do about it ? You could start off by providing what version you're running. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with

Re: [pfSense] Outbound NAT rule editing in 2.4

On 10/24/2017 10:12 PM, Travis Hansen wrote: After updating to 2.4 I see this when opening all of my outbound NAT rules: - Invalid characters detected "00". Please remove invalid characters and save again. It shows that as soon as I open the rule for editing and

Re: [pfSense] pfSense virtualisation

>>> Or do you think I am absolutely crazy? Or maybe Just one Hardware and one >>> virtual? Quite a few of my firewalls are virtualized using ESXI and have done so for a few years now. Doug ___ pfSense mailing list

Re: [pfSense] 2.3.2 upgrade only offers 2.3.3_1

On 07/28/2017 04:53 AM, Brian Candler wrote: And oddly - an old 2.2.4 box I have access to is offering direct upgrade to 2.3.4 (although not 2.3.4_1) I'd just upgrade to what was on offer. If, after the 2.3.3_1 upgrade, the 2.4.x series isn't on offer, I'd post back to dig into it

Re: [pfSense] Unable to decompress pfsense ISO file

>>> The OS upon which I ran gunzip, is UbuntuMATE Linux 16.04. >>> Please advise. Check the sha256 checksum. I just did a download from the New York server and the checksum passed and I was able to gunzip it. I'm running Linux Mint 17 sha256sum pfSense-CE-2.3.3-RELEASE-i386.iso.gz Doug

[pfSense] Running newer then released?

My home pfSense is reporting: 2.3.3-RELEASE (amd64) built on Thu Feb 16 06:59:53 CST 2017 FreeBSD 10.3-RELEASE-p16 The system is on a later version than the official release. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

On 09/30/2016 11:53 AM, Steve Yates wrote: So you could keep your list somewhere else on a web server. This is what I do. And I grab the list from http://www.wizcrafts.net/chinese-iptables-blocklist.html Once a month Doug ___ pfSense mailing

Re: [pfSense] previous / older pfSense release image files

>>> On Jul 28, 2016, at 1:50 PM, Jim Pingle li...@pingle.org wrote: >>> https://atxfiles.pfsense.org/mirror/downloads/old/ Thanks Jim! Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] previous / older pfSense release image files

>>> On Jul 13, 2016, at 7:41 AM, Kevin Tollison ktolli...@gmail.com wrote: >>> Go to the mirrors and look for a folder called 'old'. They are all there. This would appear to be no longer be the case. Looking for download 2.3.1 for memstick and none of the searched mirrors have an old folder;

[pfSense] pfSense 2.3 upgrades timeout

I've got a pfSense box on a VERY slow DSL connection. Ever since upgrading to the 2.3 series, any subsequent releases, are failing to update. In today's case I get everything but the kernel to download: pfSense-kernel-pfSense-2.3.1_5.txz: Operation timed out Is there a way to disable or

Re: [pfSense] Why can't we define a point-to-point OpenVPN using only IPv6?

The below was recently posted on the OpenVPN mailing list: "Hi, On Wed, May 04, 2016 at 03:44:45PM -0400, Ryan Whelan wrote: > Is the IPv4 requirement something thats planned to be removed in future > releases? > > I don't assume many people have adopted IPv6 yet. Ensuring stable, robust and

Re: [pfSense] Peer to Peer Stats [OpenVPN]

Looks like the mailing list drops images: https://imagebin.ca/v/2eI6vb3bhBaI https://imagebin.ca/v/2eI7AaDaCSm2 Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] Peer to Peer Stats [OpenVPN]

Has anybody else noted that the Peer to Peer Server Instance Statistics, when it comes to OpenVPN at least, isn't always accurate? I've noted this under 2.2.6 and now under 2.3 It's showing that I have 2 OpenVPN instances down, but I've just confirmed they are not. Screenshots attached. Last

Re: [pfSense] openvpn site to site clients not communicating ??

>>> Hi, This option is not available on a site to site ssl/tls server If it's a fully routed network, my next step would be to use traceroute on both ends to see where it's getting hung up at. Doug ___ pfSense mailing list

Re: [pfSense] openvpn site to site clients not communicating ??

>>> On Feb 18, 2016, at 1:01 PM, Richard Lussier richard.luss...@inter-node.com >>> wrote: >>> each client connects well to server but wont reach other clients.. >>> any ideas ? On the OpenVPN Server did you check the option: Allow communication between clients connected to this server Doug

Re: [pfSense] Shutdown Interface?

It would appear you're just interested in being confrontational. I have you have a nice day. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

It's not always exactly what somebody wants that may be the best thing to do. Offering other options is what I was doing, I'm sorry you didn't approve. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project

Re: [pfSense] Shutdown Interface?

- On Dec 8, 2015, at 5:41 PM, pfse...@douwifi.com wrote: > Doug what doese that link have to do with Pfsense and how does it help him > configure pfsense. > > > Robert Apparently you didn't review the link, I'll quote a portion of it: "How to prevent and mititgate DDoS part 1?"

[pfSense] 2.2.5-RELEASE Now Available!

I see 2.2.5 is available and didn't see any mention of it here. https://blog.pfsense.org/ Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Limiter eventually disables interface?

>>> On Oct 2, 2015, at 2:10 PM, //de digitalextrem...@gmail.com wrote: >>> Every few days, without any immediately discernible reason, the limited >>> interface ( and only that interface ) becomes unusable. The link is up, >>> and it seems that 2-4k of traffic is trickling across the interface,

Re: [pfSense] Cannot Spoof MAC

Chris Buechler wrote: Is it link cycling on that NIC? I don't think so, but I will test that this morning and let you know. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] Cannot Spoof MAC

Jim Thompson wrote: You can run pfSense on what you wish, but the release process doesn't test this platform. Understood, Thanks for the feedback. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project

Re: [pfSense] Cannot Spoof MAC

Chris Buechler wrote: Is it link cycling on that NIC? I'm guessing you're meaning is the NIC coming up and going down? If so, I've always called this either flapping or bouncing. And no, it stays up during the whole time. Logs from pfSense's DHCP below: http://pastebin.com/FG1qRuXv

[pfSense] Cannot Spoof MAC

Everyone, I talked a small automotive shop into replacing their aging pfSense computer with a GA-J1900N-D3V. They purchased an all-in-one unit from mini-box.com http://www.mini-box.com/SYS-M350-Gigabyte-J1900N-D3V-picoPSU-90-60W http://www.gigabyte.com/products/product-page.aspx?pid=4918#ov

Re: [pfSense] Cannot Spoof MAC

compdoc wrote: I've heard, that you can also just clear the ARP table of the modem to do the same thing, but power off/on might be easier. I thought that as well until I saw that I could reproduce it at home on my ISC DHCP server. ___ pfSense

Re: [pfSense] Cannot Spoof MAC

Ryan Coleman wrote: Stupid question: but did you restart the firewall after putting the spoof in place? Yes. Again, This also happens on my local network, using ICS DHCP instead of the Comcast router. pfSense just never acknowledges the address and keeps making the request over and over.

Re: [pfSense] IPSec with Cisco Client

Ryan Coleman wrote: last image Ryan, Looks like the list stripped the images. Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] testing email

Jeremy Porter wrote: We are having some problem with apparent bounces, this is a test. No need to reply. I'll announce when everything is back to normal. Same here, Viruses being detected by my ASSP spam filter coming in from the list and denying delivery. Had to re-enable my account

Re: [pfSense] New pfSense 2.2 install

Johan Hendriks wrote: Sorry for the offtopic question, but what do you do with this list? Do you block all traffic coming from those ip addresses. or just to some services ? All traffic from and to Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little

[pfSense] New pfSense 2.2 install

I'm building a new 64bit pfSense 2.2, running under ESXi 5.5. I've noted 2 things. 1.) Bulk Alias imports button no longer exist on the main alias page. 2.) When trying to create an alias that links to an online listing of blacklisted IP addresses, the alias that was just created disappears

Re: [pfSense] 2.2-RELEASE now available!

Chris Buechler wrote: what specifically do you mean? The limiters are gone from FirewallTraffic Shaper, Limiters? Correct. It was as if I had never set it. Since it's my home firewall, wasn't a big deal, just thought I'd let someone know. Doug -- Ben Franklin quote: Those who would give

Re: [pfSense] New pfSense 2.2 install

Jim Pingle wrote: It's still there on all mine, on each tab at the bottom there is an up arrow (^) and it opens the bulk import page. And there it is! Icon little different then the docs say, but to be honest, I must be blind as a 2.) When trying to create an alias that links to an

Re: [pfSense] New pfSense 2.2 install

Chris L wrote: Pretty sure you can see that info in Diagnostics Tables And that it did. Thanks, Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.

Re: [pfSense] 2.2-RELEASE now available!

On Jan 26, 2015, at 6:43 AM, Tim Hogan t...@hoganzoo.com wrote: After running those commands all of my previous data was available. Cool! I'll give that a go, Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the

Re: [pfSense] 2.2-RELEASE now available!

I've also noted this morning that the 3 systems I've upgraded, all of them have lost their limiter rules. I've read the release notes, nothing that I saw stated they'd be removed. Doug ___ pfSense mailing list

Re: [pfSense] Message could not be delivered

Geoff Jankowski wrote: Am I the only person to receive this? No, But my spam filter has been catching them. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.

Re: [pfSense] 2.2-RELEASE now available!

Doug Lytle wrote: 've just re-installed the package, I'll see if that fixes it. Also of note: Options selected for interfaces to monitor and log rotation never get saved. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve

Re: [pfSense] issues registering VoIP phone through pfSense

marc matthes wrote: I have Nat turned on and to register with proxy enabled but I can’t get the phone to register. Did you also turn NAT on in sip.conf for the extension in Asterisk? It is necessary. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a

Re: [pfSense] little problem with pfsense

What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request Just a hunch, On the Windows 7 machine, go into Control Panel = Internet Options = Connections Tab = Lan

Re: [pfSense] Not able to access https sites

Rupesh Gujrathi wrote: is WPAD is necessary for the https sites to work? because I am able to access http sites. A WPAD file is an instructions text file that tells your client's browsers what should and shouldn't be proxied. The below is a portion of the WPAD.DAT file from work: cat

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

I did note the Code Red color scheme wraps the page header bar, putting Help under System. I have such problems... It did this for me a well, but holding the shift key down and doing a browser refresh fixed it. Doug ___ List mailing list

Re: [pfSense] vmware

With a hardware configuration of two nics wan/lan how does each vm use them? On my home ESXi system, the computer has 3 NICs. Each NIC is assigned to a virtual switch. I have 3 Virtual switches, LAN, DMZ, Internet Each VM is assigned to one of the virtual switches, but in the case of my

Re: [pfSense] Setup advice

bri...@dlois.com wrote: Thank you for replying. Why so much? At the time I started with pfSense, I didn't know better. And, since space on my system isn't tight, I've never changed it. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary

Re: [pfSense] Setup advice

Brian Caouette wrote: How much space should be allocated for pfsense and squid? I don't use squid, but my pfsense VM total disk assigned in 8GB. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.

Re: [pfSense] Poweredge 2850

What software is available to do virtual machines? I'm currently using ESXi 5.10 Free version. Doug ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Some packages not reinstalled after upgrade

David Burgess wrote: In any case, when all automatic package reinstalls were finished, Quagga OSPF was not installed Release notes states: During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to

Re: [pfSense] pfSense 2.1.2 is released

Seth Mos wrote: Also, if you've been using the 2.1 snapshots in 2012 and 2013 the config will had that setting enabled, which corresponds with your firewall logs. Maybe you have a upgraded config. Thanks for the response, I've only been using pfSense since last November. I'll review my

Re: [pfSense] pfSense 2.1.2 is released

Chris Buechler wrote: The now I notice being the key part there. Nothing related to that's changed. If you don't check Allow IPv6 under SystemAdvanced, you have a block all rule on IPv6 with logging. Things on your LAN will have link local addresses and spew multicast stuff. Probably want to

Re: [pfSense] pfSense 2.1.2 is released

Jim Thompson wrote: pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1, and is primarily a security release. Okay, I've just upgraded from 2.1.1 to 2.1.2, now I notice that my firewall logs are being spammed with IPV6 ICMP

Re: [pfSense] Restoring from XML prevents VM from booting

compdoc wrote: Every time I've tried VB, I've never found an option to have guests start automatically when the host boots Init script using VBOXManage to start the virtual machines. This is what I did doing when I was using VB. I've moved over to ESXi5 since then. Doug -- Ben Franklin

Re: [pfSense] Move existing OpenVPN

Doug Lytle wrote: I've been trying to move my mother's firewall (itpables)/OpenVPN install to pfSense and am having issues finding documentation on proper setup. I forgot to mention: pfSense.2.1.1-PRERELEASE Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase

[pfSense] Firebox-X20e

I'm looking into replacing my mother's IPTables firewall with pfsense, and am looking into small devices I could do this on. I've found the above device, but am finding very little info on it's specs. ebaY unit I've found:

Re: [pfSense] Firebox-X20e

https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Supported_Fireboxes Thanks for both of your responses, I'll review. Doug ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list