Re: [pfSense] Upgrading versions - uninstall packages?

2017-07-20 Thread J. Hellenthal 
Ah that makes sense major upgrade I wasn’t considering for this but I’d 
consider major in this case to be from 1.x to 2.x to 3.x as x=minor in 
accordance with FreeBSD development. Hope that clears that up.

Major.Minor.Revision_PatchLevel

-- 
 Onward!, 
 Jason Hellenthal, 
 Systems & Network Admin, 
 Mobile: 0x9CA0BD58, 
 JJH48-ARIN

On Jul 20, 2017, at 17:02, Steve Yates <st...@teamits.com> wrote:

I figured they were probably harmless but this may be my first time upgrading 
with pfBlockerNG installed.

https://doc.pfsense.org/index.php/Upgrade_Guide#Packages

To save a click, the entire section's text:
"It is always safest to remove packages before upgrading to a new major 
release. Packages will be reinstalled afterward, but are frequently a source of 
problems. To ensure a smooth upgrade, note the installed packages, remove them, 
perform the upgrade, and then reinstall whichever packages are necessary."

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of J. Hellenthal
Sent: Thursday, July 20, 2017 4:54 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] Upgrading versions - uninstall packages?

I for one have not had to do this thus far. But those pfB messages are harmless 
and more of an alert that you will need to reload the IP tables afterwards but 
that’s trivial. Keep in mind that I have not done that upgrade yet in a test 
environment before a maintenance window I have on Saturday.

Curious do you have a link of where it states to remove those ? I’d like to 
review the reason why as I can’t see anything other than they just don’t want 
you to block IP comm to the update servers.

-- 
Onward!, 
Jason Hellenthal, 
Systems & Network Admin, 
Mobile: 0x9CA0BD58, 
JJH48-ARIN

On Jul 20, 2017, at 16:27, Steve Yates <st...@teamits.com> wrote:

I started to upgrade from 2.3.3_1 to 2.3.4_1 today and as instructed by the 
docs I uninstalled Suricata and PFBlockerNG first.  I immediately got a flood 
of alerts like "Unresolvable source alias 'pfB_GeoIPUSv4' for rule ...".  Those 
are of course popular packages.  Do you all normally uninstall and reinstall 
either or both of those two packages during version upgrades?

Thanks,

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Network interruption on pfSense Firewall

2017-05-19 Thread J. Hellenthal 
Interesting. I see this same thing on a SG2440 at one of our smaller 
installation sites with a dual gateway setup it experiences very similar 
likeness to the packet loss and high latency.

All firmware is up-to-date... netgate boot & pfsense.

Have not had the chance to look deeper into this as I believed it may be a 
problem on the remote end and the frequency of events were very quick and 
disappeared for greater than 24 hours at a time.

-- 
 Onward!, 
 Jason Hellenthal, 
 Systems & Network Admin, 
 Mobile: 0x9CA0BD58, 
 JJH48-ARIN

On May 19, 2017, at 07:33, Angel Rengifo Cancino  
wrote:

On Fri, May 19, 2017 at 6:55 AM, Ugo Bellavance  wrote:

> Hi,
> 
> We sometimes experience what looks like service interruptions on our
> pfSense firewall.  The first symptom was that we came in the office in the
> morning and found that all the ssh sessions that were opened and going
> through the firewall would be disconnected.
> 
> I searched the pfsense logs and I found that:
> 
> May 19 04:35:48 fw1 dpinger: ISP 206.55.90.97: Alarm latency 2231us
> stddev 1209us loss 21%
> May 19 04:36:01 fw1 dpinger: ISP 206.55.90.97: Clear latency 2253us
> stddev 1266us loss 15%
> May 19 04:54:24 fw1 dpinger: ISP 206.55.90.97: Alarm latency 2021us
> stddev 1042us loss 22%
> May 19 04:54:39 fw1 dpinger: ISP 206.55.90.97: Clear latency 2564us
> stddev 6028us loss 19%
> May 19 05:13:05 fw1 dpinger: ISP 206.55.90.97: Alarm latency 2203us
> stddev 1345us loss 21%
> May 19 05:13:17 fw1 dpinger: ISP 206.55.90.97: Clear latency 2044us
> stddev 870us loss 17%
> 
> I opened a ticket with mi ISP, but I don't think that they'll find
> anything. I must say they they're not the most knowledgeable.
> 
> I've experienced such packet loss before and it was always ISP's fault. If
your bandwidth usage is not full then there should not be a reason for
lossing so many packets.


> 
> According to the logs, everytime that happens, pfSense tries to do a few
> things:
> 
> - Update dyndns
> - Restart VPN tunnels
> - Reload filters
> 
> I'll keep on searching but I really wonder wether the post-clear-latency
> actions cause the SSH disconnects (and possibly other network cuts) or if
> it's the firewall that is too busy to receive the ICMP packets.
> 
> Once I had the same problem with 2 ISPs configured in my pfSense box and
disabling this option helped me to avoid such disconnection behavior:

System -> Advanced -> Miscellaneous -> State Killing on gateway failure

You can try it.


> The firewall runs on a VMWare VM,
> 
> Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz
> 3 CPUs: 1 package(s) x 3 core(s)
> 1 GB RAM
> 
> The host is not cpu-bound.
> 
> 
Make sure VMware is not part of the problem. If possible, use a physical
server to start a basic monitoring using continuous ping to see if packet
loss also occurs on this host. If it doesn't happen the same loss of
connectivity then maybe your VMware infrastructure might be part of the
problem.


*Angel Rengifo*
*CEO*
(51) 946-521-913
(511) 6429706
areng...@sfinetworks.com
Visitanos en http:// www.sfinetworks.com
¿Buscas soporte? http://soporte.sfinetworks.com
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP Issue

2017-01-28 Thread J. Hellenthal 
Have not kept up with the full thread here, but this is a general direction we 
are going in our company.

Has anyone used the sip-proxy package ?

-- 
 Onward!, 
 Jason Hellenthal, 
 Systems & Network Admin, 
 Mobile: 0x9CA0BD58, 
 JJH48-ARIN

On Jan 28, 2017, at 09:31, Roussy, Francois  wrote:

Forgot to mention that my remote sites are using pfSense appliance :)

From: Roussy, Francois
Sent: January 28, 2017 10:25 AM
To: 'list@lists.pfsense.org' 
Subject: SIP Issue

Good day,

Mainly, my issue is IP PBX Related.. but looking the logs, and the packet 
capture, it seem to be a firewall issue.. that's why I'm sending the message 
here..

There is my issue:


I have a multi-sites company.

I actually run FreePBX (10.13.66-17 with Asterisk 13.13.1) at the head office 
site, with remote ip phones. Everything is connected through IPSEC (our routers 
does the tunnel)

In the SIP settings, all the subnet of each sites are there (172.16.1.x (the 
PBX subnet), 192.168.2.0/24 to 192.168.12.0/24 (one /24 per sites) and 
172.16.35.x/24)

There are few phones on each locations, that are connected to the main PBX 
server.

Incoming and Outgoing, Internal and External are working perfectly. BUT.. .

If, from a site, I put a call in the Park queue (using feature 70), and want to 
take it back, I have no sound.

Can someone help me please?

Attached, the logs of the call that I made from extension 853, to a number 
514949 (that a modified number, dont worry), that I put on parking lot 70, 
which place it on 71, and from the same phone, I try to take it back. I hung up 
after 10 seconds of no sound.

Thanks
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

2016-07-31 Thread J. Hellenthal 
Being that the current release is FreeBSD 10.3 based its a pretty good bet that 
if you don't see an image in the download directory for the ARM architecture 
then your answer is no.

Here is some information on FreeBSD ARM support for further knowledge. "AARCH64"
https://wiki.freebsd.org/FreeBSD/arm


-- 
 Onward!, 
 Jason Hellenthal, 
 Systems & Network Admin, 
 Mobile: 0x9CA0BD58, 
 JJH48-ARIN

On Jul 31, 2016, at 00:21, Bob Gustafson  wrote:

Will the 2.4 run on Odroid C2 (arm, quad 64bit) running with the Ethernet and a 
USB<->Ethernet external converter to get 2 ports.


> On 07/29/2016 11:19 PM, Jim Thompson wrote:
> As a reminder, pfSense 2.4 will not support i386, and will not support the
> 'nano' image.
> We are including ARM support (for the uFW) in pfSense 2.4.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold