Re: [pfSense] How could I block messages trying to pass as from my net?

2018-05-18 Thread Eero Volotinen
You should use postscreen/blacklist to block spam? Eero pe 18. toukok. 2018 klo 17.43 Alberto José García Fumero < albe...@ettpartagas.co.cu> kirjoitti: > Hi all. > > I use PfSense 2.2.1. Of course I know it would very convenient to > upgrade, but right now it isn't possible. > > Im trying to

Re: [pfSense] Rebuilding confidence

2018-05-13 Thread Eero Volotinen
Well. You should use VLANs to segment IoT devices into different network. Anyway... some commercial vendor might provide a bit better protection ;) You can replace you apple timemachine with unifi aps. https://www.ubnt.com/unifi/unifi-ap/ Eero On Sun, May 13, 2018 at 10:44 PM Richard A. Relph

Re: [pfSense] Need Help setting up new SG-4860

2018-04-19 Thread Eero Volotinen
ernet. > > I think it has to do with/ ntp sync. > > On Thu, Apr 19, 2018, 5:38 PM Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > so, what is the main issue? > > > > Eero > > > > pe 20. huhtik. 2018 klo 0.35 Bryan Hemedinger <bry...@esg

Re: [pfSense] Need Help setting up new SG-4860

2018-04-19 Thread Eero Volotinen
so, what is the main issue? Eero pe 20. huhtik. 2018 klo 0.35 Bryan Hemedinger kirjoitti: > I received the Netgate unit SG-4860 and need help setting it up > > > Bryan Hemedinger D.O.P. > 954-722-2223 > Photography Dept. > ___ >

Re: [pfSense] 2.4.3 - cannot define table bogonsv6

2018-04-19 Thread Eero Volotinen
fix is in reddit thread .. Someone should fix this on pfsense default config.. Eero On Thu, Apr 19, 2018 at 11:53 AM, mayak wrote: > On 04/19/2018 10:33 AM, Fabian Bosch wrote: > >> Same here on v*2.3.3 *and even after update to v*2.4.3 >> *Any news on this?* >> * >> >>

Re: [pfSense] 2.4.3 - cannot define table bogonsv6

2018-04-19 Thread Eero Volotinen
Sounds like a bug: https://www.reddit.com/r/PFSENSE/comments/88ry96/there_were_errors_loading_the_rules/ Eero On Thu, Apr 19, 2018 at 11:33 AM, Fabian Bosch wrote: > Same here on v*2.3.3 *and even after update to v*2.4.3 > *Any news on this?* > * > > regards, > > Fabian

Re: [pfSense] Configs or hardware?

2018-02-19 Thread Eero Volotinen
Maybe. I think that hardware can still do full gigabit nat and firewalling. -- Eero On Mon, Feb 19, 2018 at 7:12 PM, Moshe Katz <mo...@ymkatz.net> wrote: > On Mon, Feb 19, 2018 at 10:42 AM, Paul Mather <p...@gromit.dlib.vt.edu> > wrote: > > > On Feb 19, 2018,

Re: [pfSense] Configs or hardware?

2018-02-19 Thread Eero Volotinen
awful sentence, Jim). > > > > > I understand that a lot of people are effectively threatening to switch > > > to OpnSense due to this, but I fear that I will *have to* if I can't > > > replace my hardware by the time support for software AES ends entirely. > > > &g

Re: [pfSense] pfsense on watchguard xtm 810?

2018-02-19 Thread Eero Volotinen
Thanks. that worked. It was a bit hard without console :) Eero On Fri, Feb 16, 2018 at 9:00 PM, Melvin <mel...@sleepydragon.net> wrote: > I've had good luck in similar cases by installing on a generic machine > then putting the media in the target box. > > On Feb 16, 2018, 13:

Re: [pfSense] a bit offtopic, vga header cable for netgate device

2018-02-17 Thread Eero Volotinen
le.com/search?q=VGA+header+to+15-pin+ribbon; > source=lnms=shop=X=0ahUKEwiwybq2ma3ZAhVI2oMKHf9zBWwQ_AUICigB < > https://www.google.com/search?q=VGA+header+to+15-pin+ > ribbon=lnms=shop=X=0ahUKEwiwybq2ma3ZAhVI2oMKHf9zB > WwQ_AUICigB> > > > On Feb 17, 2018, at 3:29 AM,

[pfSense] a bit offtopic, vga header cable for netgate device

2018-02-17 Thread Eero Volotinen
Hi List, Does anyone know where I can buy this cable: https://store.netgate.com/Hamakua-VGA-Cable-P350.aspx Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on WatchGuard xtm 810?

2018-02-16 Thread Eero Volotinen
good luck in similar cases by installing on a generic machine > then > putting the media in the target box. > > >>On Feb 16, 2018, 13:40, at 13:40, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >>Hi List, > >> > >>I need to install pf

Re: [pfSense] pfsense on watchguard xtm 810?

2018-02-16 Thread Eero Volotinen
Thanks. that sounds like a good idea. Eero 16.2.2018 21.02 "Melvin" <mel...@sleepydragon.net> kirjoitti: > I've had good luck in similar cases by installing on a generic machine > then putting the media in the target box. > > On Feb 16, 2018, 13:40, at 13:40,

[pfSense] pfsense on watchguard xtm 810?

2018-02-16 Thread Eero Volotinen
Hi List, I need to install pfsense 2.4 on watchguard xtm 810. there is issue as it does not boot from usb stick, only from cf or sata. Any idea how to install pfsense on it? it works with 2.3 nano-vga image, but such is not available for pfsense 2.4 -- Eero

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
y. I shouldn't have to replace my hardware to support a > > feature I will not use... > > > > I shame Netgate for such an artificial limitation... > > > > Thank you for the information. > > > > On 02/15/2018 12:20 PM, Eero Volotinen wrote: > > > Well: &g

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
> I believe I read somewhere that the new version that requires aes-ni will > be 3.x, and they plan to continue the 2.x line alongside it, as 3.x will be > a major rewrite > > > -Ed > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eer

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
> saying "AES-NI CPU Crypto: No". > > On 02/15/2018 11:55 AM, Eero Volotinen wrote: > > Please note that next pfsense will not install hardware that is not > > supporting aes-ni? > > > > Eero > > > > On Thu, Feb 15, 2018 at 6:37 PM, Kyle Mar

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
Please note that next pfsense will not install hardware that is not supporting aes-ni? Eero On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek wrote: > This board does round-up gigabit (something like 976 Mb/s) in both > directions on all 4 interfaces:

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
Hi, This hardware can do gigabit (wirespeed) NAT/FW https://www.amazon.com/gp/product/B016VHBA7C (tested on my home, using symmetric gigabit line...) but, I we use NetGate SG-8860 on our main offices:

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-09 Thread Eero Volotinen
cannot expose the LAN ip address > to the tunnel (192.168.110.130), I need to use the public IP... > > thanks again > > > On 8 February 2018 at 23:51, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > Well. Maybe You need to hire pfsense consultant with NDA, so

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-08 Thread Eero Volotinen
and@greentree.systems> wrote: > On 8 February 2018 at 20:40, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > how about not masking ip addresses? > > > > I'm not allowed to show the ip addresses (by my client), hence the > masking... > > I thought I need NAT, b

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-08 Thread Eero Volotinen
how about not masking ip addresses? do you really need nat in phase 2 ? why? Eero 8.2.2018 18.17 "Roland Giesler" kirjoitti: > I'm trying to find a solution and know there are quite a few pfSense users > here, so here goes... > > We've set up some IPSec tunnels and

Re: [pfSense] Squid crash: assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

2018-01-08 Thread Eero Volotinen
from pfSense, but how do I have > to remove the config files ??? > > Thanks a lot, regards !!! > > 2018-01-03 13:30 GMT-03:00 Eero Volotinen <eero.voloti...@iki.fi>: > > Fix:https://forum.pfsense.org/index.php?topic=110155.0 > > > > remove squid+config file &

[pfSense] pfsense force ipsec initiator

2018-01-07 Thread Eero Volotinen
Hi List, Is there way to configure pfsense as ipsec initiator only? (on some ipsec connections) Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Squid 0.4.42_1 crashes in pfSense 2.4.2

2018-01-05 Thread Eero Volotinen
See: http://lists.pfsense.org/pipermail/list/2018-January/011620.html -- Eero 2018-01-05 15:33 GMT+02:00 Roberto Carna : > Dear, I've moved from pfSEnse 2.4.0 with Squid 0.4.42 to pfSEnse > 2.4.42 with Squid 0.4.42_1. After the update, the Squid service > crashes and

[pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-03 Thread Eero Volotinen
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ is there patch soon available on pfsense kernel? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Squid crash: assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

2018-01-03 Thread Eero Volotinen
Fix:https://forum.pfsense.org/index.php?topic=110155.0 remove squid+config file & reinstall squid.. 3.1.2018 17.55 "Roberto Carna" kirjoitti: > Dear, I have updated Squid on pfSense to 0.4.42_1 version on pfSense > 2.4.2-RELEASE-p1 (amd64). But after start the service

Re: [pfSense] Slow/impossible updates to 2.4?

2017-12-26 Thread Eero Volotinen
Did you tried also update from ssh shell? or only from web-gui? Eero 2017-12-27 6:10 GMT+02:00 David C. Jenner : > I updated successfully to 2.4. > > Then I tried to update to 2.4.2. It took many minutes for > System/Update/System Update to get to the point of asking me to

[pfSense] openvpn loadbalancing

2017-12-26 Thread Eero Volotinen
Hi List. Is there easy way to loadbalance openvpn on multiple cores? like using loadbalancer on pfsense? looks like it is not threaded and only running single core? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support

Re: [pfSense] OpenVPN with pfSense and TLS handshake problems

2017-12-23 Thread Eero Volotinen
you are missing something like ca certificate that is used to verify remote endpoint routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Dec 24 00:53:16 openvpn 10563 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=VG, ST=BVI, O=ExpressVPN,

Re: [pfSense] Moving traffic between LAN & OPT1

2017-12-22 Thread Eero Volotinen
Hi, Check out firewall / rules / interface_name Eero 2017-12-23 6:25 GMT+02:00 Antonio : > Hi, > > I'm not sure how you move traffic between the above interfaces. I was > under the impression that all you needed was a "Default allow LAN to any > rule" and job done. Yet i'm

Re: [pfSense] Finding the best network setup for pfsense.

2017-12-22 Thread Eero Volotinen
Well, Just plug pfsense to ADSL and buy managed switch and some unifi wlan aps. You can install proxy on pfsense box also.. Eero 22.12.2017 23.57 "Antonio" kirjoitti: Hello, I'm trying to design an optimal network setting for my home and was wondering what people's thoughts

Re: [pfSense] pfsense crashing

2017-12-18 Thread Eero Volotinen
this long standing issue: https://redmine.pfsense.org/issues/4310 :( Eero 2017-12-18 10:07 GMT+02:00 Eero Volotinen <eero.voloti...@iki.fi>: > looks like turning pfsync from on to off resolved this issue. > > -- > Eero > > 2017-12-17 20:11 GMT+02:00 Joseph L. Casale &l

Re: [pfSense] pfsense crashing

2017-12-18 Thread Eero Volotinen
looks like turning pfsync from on to off resolved this issue. -- Eero 2017-12-17 20:11 GMT+02:00 Joseph L. Casale <jcas...@activenetwerx.com>: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Sunday, Decem

Re: [pfSense] pfsense crashing

2017-12-17 Thread Eero Volotinen
ok. I might be able to use screen to save output from firewall :) good idea. Eero 2017-12-17 20:11 GMT+02:00 Joseph L. Casale <jcas...@activenetwerx.com>: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: S

Re: [pfSense] pfsense crashing

2017-12-17 Thread Eero Volotinen
Need to test that tomorrow. Just wondering how to attach remote debugger or similar to get root cause of crash. Eero 17.12.2017 19.57 "Joseph L. Casale" <jcas...@activenetwerx.com> kirjoitti: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.

[pfSense] pfsense crashing

2017-12-17 Thread Eero Volotinen
Hi List, After updating and restoring config to my SG-8860, it goes to endless boot - reboot - crash loop. Any idea how to test if this is hardware or software issue? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list

[pfSense] pfsense adi 2.4.2-1 (p1)

2017-12-16 Thread Eero Volotinen
is this install image available in net? for netgate devices. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense ha issues

2017-12-12 Thread Eero Volotinen
e > > gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > > > Are you getting packet loss if you ping the .1 address? The .7 address? > > Or just out to the Internet? > > > > -- > > > > Steve Yates > > ITS, Inc. > >

Re: [pfSense] pfsense ha issues

2017-12-12 Thread Eero Volotinen
; gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > Are you getting packet loss if you ping the .1 address? The .7 address? > Or just out to the Internet? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list

[pfSense] pfsense ha issues

2017-12-12 Thread Eero Volotinen
Hi, installed pfsense ha system on office. it works, but experiencing about 25% packet loss. any idea why? switch issue? failover works fine. VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip of fw) even dhcp offers .1 as gw. is this normal? Eero

Re: [pfSense] single pfsense to ha conversion

2017-12-11 Thread Eero Volotinen
job ;) Eero 4.12.2017 19.16 "Chris L" <c...@viptalk.net> kirjoitti: > > > > On Dec 4, 2017, at 9:07 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > well. my plan was to add first carp vip addresses to old configuration > with > >

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-10 Thread Eero Volotinen
well. Just thinking site to site ipsec :) anyway. not happy with meraki aes speed, but that might be problem on meraki device.. Eero 10.12.2017 19.06 "Vick Khera" kirjoitti: > If you're going to use IPSec mobile client with an iPhone, it does not seem > to propose the GCM

[pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Eero Volotinen
Hi, What is the best ipsec ciphers for aes-ni ipsec acceleration? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-05 Thread Eero Volotinen
well. take backup of config and ask operator to reinstall box from usb stick & restore backup? Eero 5.12.2017 11.53 "Pete Boyd" kirjoitti: > It was available to login to again after power cycling. > > From the log - General: > > check_reload_status

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-04 Thread Eero Volotinen
well. ssh into box and cat /etc/resolv.conf to see nameserver addresses. if it contains 127.0.0.1 entry, then it is using dnsmasq/unbound or similar dns cache. I think it is under services tab.. Eero 4.12.2017 23.56 "Pete Boyd" kirjoitti: > I'm not sure where to

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-04 Thread Eero Volotinen
well. for temporary fix, try hardcoding needed hostnames in /etc/hosts and check also that your firewall rules allow access to dns server 53/udp and tcp. Eero 4.12.2017 22.41 "Pete Boyd" kirjoitti: > On 04/12/2017 20:39, Adam Thompson wrote: > > Do you have

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-04 Thread Eero Volotinen
is dns (nameresolution) working correctly? Eero 4.12.2017 22.29 "Pete Boyd" kirjoitti: > On 04/12/2017 20:11, Steve Yates wrote: > > If you ssh to the device and pick the option to update from its console > menu, does it update there? > > No, those package

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-04 Thread Eero Volotinen
It might be possible to transfer static version of strace to box via ssh. this might a bit tricky, but .. -- Eero 2017-12-04 22:11 GMT+02:00 Pete Boyd : > strace isn't installed, no packages are installed. > > Ideally I'd like to recover this to 2.3.5 or 2.4.2 if

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-04 Thread Eero Volotinen
I got similar problems on my device :) reinstalled it with 2.4.2 and did restore from backup. Anyway, do you have strace or similar tools installed in the box? Eero 2017-12-04 21:57 GMT+02:00 Pete Boyd <petes-li...@thegoldenear.org>: > On 04/12/2017 19:52, Eero Volotinen wrote: > &

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

2017-12-04 Thread Eero Volotinen
Can you ssh into device and drop to shell? Eero 2017-12-04 21:19 GMT+02:00 Pete Boyd : > Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to > 2.4.2 using the web GUI. There were no packages installed. It appeared > to update OK, and rebooted

Re: [pfSense] single pfsense to ha conversion

2017-12-04 Thread Eero Volotinen
t;c...@viptalk.net>: > On Dec 4, 2017, at 8:11 AM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > > Well. is that really so hard? > > > > thinking to add carp ip addresses and switching them to main addresses by > > editing xml backup and then restoring

Re: [pfSense] single pfsense to ha conversion

2017-12-04 Thread Eero Volotinen
s in order to > sync firewall states (em0 to igb0 won't sync). > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Saturday, December 2, 2017 11:04 AM > To: p

[pfSense] single pfsense to ha conversion

2017-12-02 Thread Eero Volotinen
Hi List, I just bought two pieces of sg-8860 netgate devices and planning to convert old unit to ha solution. Is there simple way to convert units to ha with a bit editing xml backup? -- Eero ___ pfSense mailing list

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-12-01 Thread Eero Volotinen
n stick with latter u can test > 2.4.2 upgrade. > > > On Sun, Nov 26, 2017 at 4:04 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there any > > known issues? > > > > it's

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-11-29 Thread Eero Volotinen
ges for "major" version upgrades but (per my past thread > here ) I would think point versions are minor upgrades. > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.p

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-11-29 Thread Eero Volotinen
t; > > -- > > Eero > > > > 2017-11-26 19:53 GMT+02:00 Daniel <dan...@linux-nerd.de>: > > > >> I Updates 3 Firewalls all without any problems. > >> > >> > >> > >> Am 26.11.17, 13:04 schrieb "List im Auftrag von Eer

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-27 Thread Eero Volotinen
Well. I have similar issue on my sg-8860. it complains about missing ssl and php libraries :) well. at least it boots from usb .. so I can do full reinstall + config restore.. Eero 2017-11-23 18:59 GMT+02:00 Ryan Coleman : > There’s likely a package you added to your

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-11-26 Thread Eero Volotinen
rewalls all without any problems. > > > > Am 26.11.17, 13:04 schrieb "List im Auftrag von Eero Volotinen" < > list-boun...@lists.pfsense.org im Auftrag von eero.voloti...@iki.fi>: > > just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there > any &

Re: [pfSense] pfsense openvpn speed?

2017-11-26 Thread Eero Volotinen
an do, as indicated, is to run the “MTU” up such that > the (OpenVPN) packet size increases, which reduces the overhead of both the > TUN/TAP interface, as well as some of the overhead of handing relatively > short packets to OpenSSL for encryption/decryption. > > Jim >

[pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-11-26 Thread Eero Volotinen
just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there any known issues? it's not so complex setup, but running as our hq main firewall. so, some ipsec and openvpn connections are running against it. Eero ___ pfSense mailing list

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
rough the NetGate and it can not > handle the load. > > > > > > In other words, based on the limited info you provided, you have not > provided proof that it's a problem with the NetGate. > > > > > > Lyle Giese > > > >> On 11/25/17 06:34, Eero

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
thanks for links. looks like it might be wise to upgrade pfsense 2.4 and enable --cipher AES-256-GCM on openvpn? Eero 2017-11-25 20:01 GMT+02:00 Joseph L. Casale <jcas...@activenetwerx.com>: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Be

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
traffic through the NetGate and it can not > handle the load. > > > In other words, based on the limited info you provided, you have not > provided proof that it's a problem with the NetGate. > > > Lyle Giese > > > On 11/25/17 06:34, Eero Volotinen wrote: > >

[pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
Hi list, We are running pfsense 2.3 on netgate sg-8860. Device is connected to internet with gigabit link, but openvpn speed is very slow (about 50Mbit/s). Any idea how to get more speed to vpn clients? Eero ___ pfSense mailing list

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Eero Volotinen
from usb stick? Eero 23.11.2017 23.25 "Elijah Savage" <esav...@digitalrage.org> kirjoitti: > Can't get it to boot on any image. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: T

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Eero Volotinen
reinstall with factory factory image from usb stick? 23.11.2017 18.09 "Elijah Savage" kirjoitti: > I know it is an older model but after my attempt to upgrade my APU4 it > would > not reboot. I let it sit for 24 hours as it was still passing traffic but > no > reboot.

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Eero Volotinen
Take look of this how to: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel adding site is simple, just replicate site A with different lan addressing. Eero 2017-11-23 8:19 GMT+02:00 Eero Volotinen <eero.voloti...@iki.fi>: > Hi Ryan,

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Eero Volotinen
Hi Ryan, Ipsec is the way you want to go. We have multiple sites connecting our HQ running sg-8860 with similar setup. Please note that you need different ip ranges on each site. (for example site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with 192.168.4.0/24 ) -- Eero 2017-11-22

Re: [pfSense] pfsense ipv6 not working

2017-11-21 Thread Eero Volotinen
ftrag von st...@teamits.com>: > > Starting at the top level, do you have a firewall rule allowing ICMP > for IPv6? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On B

[pfSense] pfsense ipv6 not working

2017-11-20 Thread Eero Volotinen
Hi List, Running ipv6 with dhcpv6 from isp and it works on my laptop without pfsense, but on pfsense shell, I cannot even ping other network addresses that gw: ping6 fe80::208:20ff:fe4e:1c1b PING6(56=40+8+8 bytes) fe80::ae1f:6bff:fe43:a993%igb3 --> fe80::208:20ff:fe4e:1c1b 16 bytes from

Re: [pfSense] Bug in loading configuration on device with different NICs

2017-10-24 Thread Eero Volotinen
well. you cannot import config to different device without manually editing the xml configuration Eero 2017-10-24 14:03 GMT+03:00 Adrian Zaugg : > > Hi > > When loading a configuration file from a different device (with other > NICs) to a freshly installed pfSense, it

Re: [pfSense] problems with lagg interfaces?

2017-10-18 Thread Eero Volotinen
ous design unless you have a spare > interface for management through the webui. I learned that the hard way :-/. > > -Adam > > On October 17, 2017 10:16:24 AM CDT, Eero Volotinen <eero.voloti...@iki.fi> > wrote: >> >> so sad. how to downgrade to 2.3? >> >

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen
so sad. how to downgrade to 2.3? Eero 2017-10-17 17:57 GMT+03:00 : > Am 2017-10-17 16:54, schrieb Ivo Tonev: > >> Even if your vlan dont bright up you can capture traffic on physical >> interfaces with tcpdump. >> See what you can capture before any other move. >> > >

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen
So, you mean that it is not working? Eero 2017-10-17 17:32 GMT+03:00 <rai...@ultra-secure.de>: > Am 2017-10-17 16:28, schrieb Eero Volotinen: > >> It's netgate pfsense SG-4860 running 2.4 final release >> > > > So, these are intel nics? > > Can you loo

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen
It's netgate pfsense SG-4860 running 2.4 final release Eero 2017-10-17 17:23 GMT+03:00 <rai...@ultra-secure.de>: > Am 2017-10-17 15:36, schrieb Eero Volotinen: > >> Hi All, >> >> Tried to configure lagg0 interface with vlans. Looks like traffic is not >>

[pfSense] problems with lagg interfaces?

2017-10-17 Thread Eero Volotinen
Hi All, Tried to configure lagg0 interface with vlans. Looks like traffic is not passing in the interface. Any ideas? It works fine, if I just configure interface with vlan, but not with lagg interface Setup is like this: -> Lagg0 with two interfaces in failover mode and vlan tagging top of

Re: [pfSense] pfsense 2.4rc wirespeed?

2017-09-03 Thread Eero Volotinen
en two VMs running on the > same hypervisor, more recently at a different ISP. > Use iperf or something (anything!) better to make more accurate > measurements before questioning pfSense, IMHO. > -Adam > > On September 3, 2017 3:59:24 AM CDT, Eero Volotinen <eero.voloti...@iki.f

Re: [pfSense] pfsense 2.4rc wirespeed?

2017-09-03 Thread Eero Volotinen
over 800Mbit/s, why it cannot upload at same speed? (tester is speedtest-cli) Eero 2017-09-03 13:52 GMT+03:00 Alexandre Paradis <alexandre.para...@gmail.com>: > it might be your desktop cpu that is too weak. > > not enough info here. > > On Sun, Sep 3, 2017 at 4:

[pfSense] pfsense 2.4rc wirespeed?

2017-09-03 Thread Eero Volotinen
Hi, Is there any setting to optimize pfsense nat speed? Tried with speedtest and upload speed is abit slow? Retrieving speedtest.net configuration... Testing from Suomi Communications (77.246.193.181)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by

Re: [pfSense] Migration from an old linux firewall

2017-03-30 Thread Eero Volotinen
ok. that sounds really bad: http://dilbert.com/strip/1998-08-24 Eero 30.3.2017 5.40 ip. "Claudio M." kirjoitti: > In data mercoledì 29 marzo 2017 10:13:36, WebDawg ha scritto: > > You can do two different subnets on one network, but it is not the way to > > do things.

Re: [pfSense] Migration from an old linux firewall

2017-03-29 Thread Eero Volotinen
How about using vlan tagging? Eero 2017-03-29 13:55 GMT+03:00 Claudio M. : > Hi > I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. > The old configuration was with 2 interfaces connected to adsl routers and > an > interface for the lan. Was configurated also a

Re: [pfSense] looking for silent and powerful pfsense hardware

2017-03-28 Thread Eero Volotinen
http/https, vpn, torrent and 4k streaming :) 28.3.2017 7.50 ip. "Matthew Hall" <mh...@mhcomputing.net> kirjoitti: > On Tue, Mar 28, 2017 at 09:59:05AM +0300, Eero Volotinen wrote: > > Hi List, > > > > Looking for pfsense hardware that can handle 1000M/1

Re: [pfSense] looking for silent and powerful pfsense hardware

2017-03-28 Thread Eero Volotinen
Well, I don't know PPS values :) This is just home gigabit connection for .. surfing/movies/4K streaming :) Eero 2017-03-28 15:13 GMT+03:00 Vick Khera <vi...@khera.org>: > On Tue, Mar 28, 2017 at 2:59 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > L

Re: [pfSense] looking for silent and powerful pfsense hardware

2017-03-28 Thread Eero Volotinen
gt; I have a SG-2220, which is silent and adequate for most needs. Most are > silent/fanless! > > Regards, > > Ian Jacobs > > > > On 28 Mar 2017, at 07:59, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > > Hi List, > > > > Looking for pfsens

[pfSense] looking for silent and powerful pfsense hardware

2017-03-28 Thread Eero Volotinen
Hi List, Looking for pfsense hardware that can handle 1000M/1000M internet connection with NAT. Any recommendations? It must be silent.. -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] SIP through IKEv2-tunnel

2017-03-20 Thread Eero Volotinen
maybe you need something like this https://doc.pfsense.org/index.php/Siproxd_package Eero 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: > Hi ! > > I have a Fritz!Box (router) connected to the internet (no other > possibility). > > In i have NATted ESP, GRE, 4500, 500,

Re: [pfSense] pfsense upgrade problems?

2017-02-22 Thread Eero Volotinen
for some reason my pfsense crashed & corrupted fs during upgrade :( Eero 23.2.2017 2.57 ap. "Dave Warren" <da...@hireahit.com> kirjoitti: > On Wed, Feb 22, 2017, at 10:23, Eero Volotinen wrote: > > The process will require 14 MiB more space. > > > >

[pfSense] pfsense upgrade problems?

2017-02-22 Thread Eero Volotinen
The process will require 14 MiB more space. 73 MiB to be downloaded. Fetching php56-5.6.30.txz: .. done pkg: php56-5.6.30 failed checksum from repository something wrong with the packages? -- Eero ___ pfSense mailing list

Re: [pfSense] Fake OpenVPN / IPSec IP

2017-02-04 Thread Eero Volotinen
it depends on ipsec configuration. Eero 4.2.2017 12.16 ip. "Chris" kirjoitti: > WebDawg wrote: > > On Sun, Jan 15, 2017 at 7:57 AM, Chris wrote: > > > >> is a client able to change his assigned OpenVPN or IPSec IP? > >> > >> Are packets still

Re: [pfSense] IPSec Bug?

2017-02-03 Thread Eero Volotinen
how about disabling pfs? Eero 2017-02-03 13:25 GMT+02:00 Roland Giesler <roland@greentree.systems>: > On Fri, Feb 3, 2017 at 1:19 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >> It's a bit antique selection of ciphers. >> > > It is indeed.

Re: [pfSense] IPSec Bug?

2017-02-03 Thread Eero Volotinen
It's a bit antique selection of ciphers. Problem is in DH group. try enabling same DH also in pfsense. -- Eero 2017-02-03 13:17 GMT+02:00 Roland Giesler <roland@greentree.systems>: > On Tue, Jan 24, 2017 at 8:16 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >

Re: [pfSense] IPSec Bug?

2017-01-24 Thread Eero Volotinen
What hardware is other side running? Why you are trying to use 3des? Eero 2017-01-17 16:36 GMT+02:00 Roland Giesler : > We've battled all afternoon to establish an IPSec site-to-site connection. > Here's what happens: > > TimeProcessPIDMessage > Jan 17 15:58:53

Re: [pfSense] Two factor Authentication

2016-12-08 Thread Eero Volotinen
Just configure radius with two factor authentication and point authentication server to it: sample how to configure two factor radius under linux: http://www.supertechguy.com/help/security/freeradius-google-auth I am using it with minor modifications for vpn and console+gui authentication.. --

Re: [pfSense] pfsense + carp + ha

2016-11-16 Thread Eero Volotinen
I think it is possible to use lagg interface for workaround with interface naming? Eero 2016-11-16 7:14 GMT+02:00 Chris L <c...@viptalk.net>: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean tha

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Eero Volotinen
ok. does it also sync all settings like ipsec and openvpn keys? Eero 16.11.2016 7.14 ap. "Chris L" <c...@viptalk.net> kirjoitti: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean that same por

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Eero Volotinen
ility > Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > "Remote System Username" field. That field is ignored, and "admin" is > always used. > > -- > > Steve Yates > ITS, Inc. > > -----Original Message- > From: Lis

[pfSense] pfsense + carp + ha

2016-11-15 Thread Eero Volotinen
Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

[pfSense] pfsense: how to route all traffic via ipsec?

2016-11-08 Thread Eero Volotinen
how to configure this kind of setup to pfsense? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense 2.3.x 32bit?

2016-11-03 Thread Eero Volotinen
fixed problems by reinstalling whole system with 2.3 release. eero 2.11.2016 8.51 ip. "Eero Volotinen" <eero.voloti...@iki.fi> kirjoitti: > Nanobsd on 2GB cf card. > > Eero > > 2016-11-02 20:18 GMT+02:00 Renato Botelho <ga...@freebsd.org>: > &g

  1   2   >