Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Jim Thompson
> On Dec 9, 2017, at 6:36 PM, Erik Anderson wrote: > > On Sat, Dec 9, 2017 at 2:56 PM, Chris L wrote: >> AES-GCM with all hashes disabled in the ESP/Phase 2. > > I'm curious why you recommend this. I'm not being contrary, just > curious. I've always had

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Jim Thompson
What crypto transform and authentication are you running? Maybe try AES-GCM (which is AES-NI accelerated) at both ends if both devices support it. Might need pfSense 2.4 for this. Try setting the (OpenVPN) MTU to a larger number. More hints:

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Jim Thompson
If there is no response from the bootloader (coreboot) on the serial port, then the hardware died, and the upgrade’s only involvement was the reboot at the end. Jim > On Nov 23, 2017, at 10:59 AM, Ryan Coleman wrote: > > There’s likely a package you added to your APU4

Re: [pfSense] 2.4.1 IPSec tunnels

2017-10-29 Thread Jim Thompson
https://redmine.pfsense.org/issues/8003 It’s being worked on in snapshots. Jim > On Oct 25, 2017, at 9:03 AM, Edward O. Holcroft wrote: > > I just upgraded from 2.4.0 to 2.4.1. > > If I view the status of my IPSec tunnels, it seems they have all been > duplicated. > >

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

2017-10-29 Thread Jim Thompson
> On Oct 28, 2017, at 3:45 PM, ullbeking wrote: > > P.S. Are there known problems posting to the forums at the moment? Our upstream provider is having IPv6 issues. Jim ___ pfSense mailing list

Re: [pfSense] IPSec tunnels on AT U-Verse

2017-05-15 Thread Jim Thompson
> On May 15, 2017, at 10:02 PM, Laz C. Peterson wrote: > > Is Openswan what is used for IPSec? Strongswan. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] IPSec tunnels on AT U-Verse

2017-05-14 Thread Jim Thompson
ing. I’m not on AT Uverse (even though there is an ONT from them on the side of my house, and They claim “no service at that address”.). I’m using Grande (a local provider) at 1gbps/1gbps. Jim > > Matthew. > > On Sat, May 13, 2017 at 06:48:48PM -0700, Laz C. Peterson

Re: [pfSense] IPSec tunnels on AT U-Verse

2017-05-13 Thread Jim Thompson
Maybe NAT traversal? https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal > On May 13, 2017, at 5:30 PM, Laz C. Peterson wrote: > > Hello everyone, > > We’re having a pretty interesting problem here … > > To give you the quick summary, we have AT U-Verse

Re: [pfSense] Hardware compatibility

2017-04-07 Thread Jim Thompson
> On Apr 7, 2017, at 7:31 PM, Jon Gerdes wrote: > > There are quite a few ready made low power systems with pfSense pre-installed > - no need to go off piste. Every one of these that doesn't come from Netgate or its partners is in violation of the license to pfSense

Re: [pfSense] looking for silent and powerful pfsense hardware

2017-03-31 Thread Jim Thompson
On Tue, Mar 28, 2017 at 11:32 AM, compdoc wrote: > On 03/28/2017 08:41 AM, WebDawg wrote: > > It seems to me that NAT and general firewalls should be easily handled? Am >> I wrong here? I mean, how much hardware do you need for pf to function at >> 1gbps?? Would not

Re: [pfSense] looking for silent and powerful pfsense hardware

2017-03-28 Thread Jim Thompson
On Tue, Mar 28, 2017 at 11:50 AM, Matthew Hall wrote: > On Tue, Mar 28, 2017 at 09:59:05AM +0300, Eero Volotinen wrote: > > Hi List, > > > > Looking for pfsense hardware that can handle 1000M/1000M internet > > connection with NAT. > > > > Any recommendations? It must be

Re: [pfSense] Netgate Firmware

2017-03-21 Thread Jim Thompson
One more time: there is only so much I can say about the issue. Richard Relph's message is inaccurate, but I can not describe why or how. Specific to the subject of this thread: The coreboot (it's not really a BIOS, and yes, I'm splitting hairs) update addresses a Intel-issued "specification

Re: [pfSense] Netgate Firmware

2017-03-20 Thread Jim Thompson
een fixed by a timely firmware update. > > To be fair, there is quite a lot of chat on the forums about this and > any interested pfSenser should be hanging out there as well as here. > > > > On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote: >> we only sent it to customers

Re: [pfSense] Netgate Firmware

2017-03-20 Thread Jim Thompson
we only sent it to customers of affected units. On Mon, Mar 20, 2017 at 5:43 PM, WebDawg wrote: > Is there any other list for netgate firmware updates? I just received a > notification from sales@pfsense about netgate firmware updates but it was > not sent to this list? >

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-22 Thread Jim Thompson
On Tue, Feb 21, 2017 at 10:49 AM, Travis Hansen wrote: > Regardless of this specific issue, I'd prefer the official twitter feed be a > bit more...focused. > In any case, thanks for the great project! Travis Hansen > travisghan...@yahoo.com I just hired someone to take

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-22 Thread Jim Thompson
Because that's what most MUAs default to these days. (joke intended) On Thu, Feb 23, 2017 at 12:38 AM, WebDawg wrote: > Why does everyone top post on this list? ___ pfSense mailing list

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-20 Thread Jim Thompson
who it was that responded. > > So… send @GonzoPancho a message privately and take the higher ground. When > you stoop to his level you don’t win anyone over. And neither does Jim. > > — > Ryan > >> On Feb 20, 2017, at 9:35 PM, Ryan Coleman <ryan.cole...@cwis.biz>

Re: [pfSense] SG-2440 fsck at reboot

2017-02-08 Thread Jim Thompson
rted by cron. Are there any specific drivers I should be using on > the SG-2440 if I want to do stuff like that? > >> On 09/02/17 01:53, Jim Thompson wrote: >> Why are you attempting to run netmap over standard, unmodified device >> drivers? >> >> (Perhaps

Re: [pfSense] SG-2440 fsck at reboot

2017-02-08 Thread Jim Thompson
Why are you attempting to run netmap over standard, unmodified device drivers? (Perhaps Suricata IPS?) On Wed, Feb 8, 2017 at 11:47 AM, Øyvind 'bolt' Hvidsten wrote: > So, I rebooted an SG-2440 at a remote site, and it didn't come back up. > > I went over there, plugged in

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-27 Thread Jim Thompson
c patterns, even at 600 you should > have no problem pushing 10GE. A MTU of 600 should give you about 53 > gigabit/s if you are able yo push 1200 pps with that payload. Your > statement of 80% is just confusing, that is all. > > On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@ne

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-26 Thread Jim Thompson
Rangeley includes 50 ACLs in the path. BTW, average frame size on the Internet is just under 600 bytes, btw. Not 1200 as you guessed. Jim > > On Thu, Jan 26, 2017, 18:20 Jim Thompson <j...@netgate.com <javascript:;>> > wrote: > > > > On Jan 26, 2017, at 5:06 PM, rai..

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-26 Thread Jim Thompson
> On Jan 26, 2017, at 5:06 PM, rai...@ultra-secure.de wrote: > > Am 2017-01-26 07:03, schrieb Jim Thompson: >> It does not. >> The c2758 SoC is interesting. 8 cores, and the on-die i354 is essentially a >> block with 4 i350s on it. >> These have 8 queues

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-26 Thread Jim Thompson
or 80% or 10GE? 12Mpps at 150 packet length is > 13.4Gbps. At 1200 (good inet avg.) you should hit 107Gbps. Where does the > 80% of 10GE come from? > > > On Thu, Jan 26, 2017, 07:04 Jim Thompson <j...@netgate.com> wrote: > > It does not. > > The c2758 SoC is interest

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Jim Thompson
Meant to include this: https://github.com/freebsd/freebsd/commits/master?author=loos-br On Thursday, January 26, 2017, Jim Thompson <j...@netgate.com> wrote: > > Adam, > > Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic > expectation. > > B

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Jim Thompson
> Jim, > Asking you to speculate here... > Assuming someone *is* working on drivers for the chip's crypto > capabilities, when that finally happens, do you have any notion of how much > faster IPsec will get? Are we talking 2x or 100x? > -Adam > > > On January 25, 201

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-25 Thread Jim Thompson
It does not. The c2758 SoC is interesting. 8 cores, and the on-die i354 is essentially a block with 4 i350s on it. These have 8 queues for each of rx and tx, so 16 each, for a total of 64 queues. On the c2xxx series (and other) boxes we ship, we increase certain tunables, because we know what

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Jim Thompson
Steve, It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because there is no driver for the crypto core (yet). OpenVPN is slightly slower (19 Mbps). It's always strange to see your name on the list. The president of ADI shares your name, so I tend to pay a lot more attention

Re: [pfSense] IPSec Bug?

2017-01-24 Thread Jim Thompson
On Tue, Jan 24, 2017 at 12:16 PM, Eero Volotinen wrote: > What hardware is other side running? Why you are trying to use 3des? > > Eero > > 2017-01-17 16:36 GMT+02:00 Roland Giesler : > >> We've battled all afternoon to establish an IPSec

Re: [pfSense] Lightning strike

2016-10-13 Thread Jim Thompson
You are making a very poor assumption about which parts of the "Ethernet" interface are missing after a high voltage event. You may still have (enough of) the MAC to be enumerated on the (PCI/PCIe/...) bus. If this occurs, then no renumbering will take place, since, as far as BIOS/boot

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-10 Thread Jim Thompson
On Fri, Oct 7, 2016 at 5:49 AM, Holger Bauer wrote: > > Are there any chances that there is something wrong with the > upgraderepository-servers of pkg.pfsense.org or that some kind of timeout > is too low for connecting to the updaterepository? > I also suspect an issue

Re: [pfSense] Restoring XML config file from URL at console

2016-10-07 Thread Jim Thompson
> On Oct 7, 2016, at 6:09 AM, Brian Candler wrote: > > However I'm happy to drop down either to the Linux shell or the PHP shell. pfSense is based on FreeBSD. ___ pfSense mailing list

[pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-06 Thread Jim Thompson
Details are here: https://blog.pfsense.org/?p=2122 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] New feature in ISC DHCP server v.4.3+ ( pfSense feature request )

2016-09-09 Thread Jim Thompson
> On Sep 9, 2016, at 8:49 AM, Ryan Coleman <ryan.cole...@cwis.biz> wrote: > > >> On Sep 8, 2016, at 10:37 PM, Jim Thompson <j...@netgate.com> wrote: >> >> >>> On Sep 8, 2016, at 10:30 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote: >

Re: [pfSense] New feature in ISC DHCP server v.4.3+ ( pfSense feature request )

2016-09-08 Thread Jim Thompson
> On Sep 8, 2016, at 10:30 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote: > > >> On Sep 8, 2016, at 9:14 PM, Jim Thompson <j...@netgate.com> wrote: >> >> On Thu, Sep 8, 2016 at 7:36 PM, Karl Fife <karlf...@gmail.com> wrote: >> >>

Re: [pfSense] New feature in ISC DHCP server v.4.3+ ( pfSense feature request )

2016-09-08 Thread Jim Thompson
On Thu, Sep 8, 2016 at 7:36 PM, Karl Fife wrote: > There is a brand new feature/option in ISC dhcpd 4.3.0 (the DHCP server > version in pfSense 2.3+). > you could say, "Thank you". I drove the old crud out. > I would like to see this new feature available in the pfSense

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-20 Thread Jim Thompson
-- Jim > On Aug 20, 2016, at 3:10 AM, Dave Warren wrote: > >> On 2016-08-03 08:43, Steve Yates wrote: >> I'm being serious but what is your rationale for not using >> pfSense's/NetGate's? >> >> https://www.pfsense.org/products/ >> >> The "cheap" part (< $299)? We tried

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-04 Thread Jim Thompson
> On Aug 3, 2016, at 9:18 PM, Moshe Katz wrote: > > Maybe I'm reading too much into points 1 (second paragraph) and 4 of your > message, but it sounds somewhat hostile to the old use-your-own-hardware > selling point that brought me into the pfSense community ten years ago

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Jim Thompson
My response was not directed at you, Ryan. On Wed, Aug 3, 2016 at 8:44 PM, Ryan Coleman wrote: > Correction. Instead the system is ON an open-SOURCE platform. > > > On Aug 3, 2016, at 8:43 PM, Ryan Coleman wrote: > > > > Instead the system is

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Jim Thompson
Here's all you need to know: 1) we only test releases on the hardware we sell, or have sold in the past two years. (Obviously doesn't include VM images.) We don't intentionally break anything, but your J1900 box isn't in the test matrix, nor will it ever be. That said, we have included fixes

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

2016-07-29 Thread Jim Thompson
pfSense is normally tested on the devices that Netgate has released as products over the past two years. pfSense 2.3.2 was tested on the following devices and hypervisors: SG-2220 (eMMC and M.2), SG-2440 (eMMC and mSATA), SG-4860 (eMMC and mSATA), SG-8860 (eMMC and mSATA), 7541 (CF and SSD),

Re: [pfSense] Lightning strike

2016-07-27 Thread Jim Thompson
On Tue, Jul 26, 2016 at 7:43 PM, Volker Kuhlmann wrote: > On Tue 26 Jul 2016 09:41:37 NZST +1200, Karl Fife wrote: > > > After some > > testing, I found the system would not come up after reboot because > > it had gone into port reassignment mode since the config made >

Re: [pfSense] Lightning strike

2016-07-25 Thread Jim Thompson
"Lightning surge damage to Ethernet and POTS ports connected to inside wiring" http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=3D6842005 A summary of the paper: http://incompliancemag.com/article/lightning-surge-damage-to-ethernet-and-pots-ports-connected-to-inside-wiring/ a slide

Re: [pfSense] Migrating existing install to another drive

2016-07-16 Thread Jim Thompson
> On Jul 15, 2016, at 4:55 PM, Dan Langille wrote: > > I have a NetGate APU2 running pfSense 2.3. It came pre-installed and I've > upgraded it over the past two years. Pretty sure you have an APU, not APU2. We never sold the APU2, and the re(4) NICs in your bootlog

Re: [pfSense] 502 Bad Gateway

2016-07-07 Thread Jim Thompson
I run the widget on my dashboard without issue. Please stop assuming there is a problem, and take steps to prove it instead. -- Jim > On Jul 7, 2016, at 1:16 PM, Bill Arlofski wrote: > >> On 07/07/2016 08:09 AM, Jon Gerdes wrote: >> Bill >> >> I maybe off target

Re: [pfSense] USB3 to ethernet adaptor

2016-06-06 Thread Jim Thompson
> On Jun 6, 2016, at 10:36 AM, WebDawg wrote: > > On Mon, Jun 6, 2016 at 9:00 AM, RB wrote: >> >> On Sun, Jun 5, 2016 at 7:02 PM, Volker Kuhlmann >> > This is a laughable argument! >> >> I'm not here to argue, you are. More

Re: [pfSense] USB3 to ethernet adaptor

2016-06-05 Thread Jim Thompson
All this invective, yet you run your firewall on an Intel/AMD platform. Et tu, Volker. Open Source is more about sharing than security. Anyone who argues get referred to, "Reflections on Trusting Trust." -- Jim > On Jun 5, 2016, at 8:02 PM, Volker Kuhlmann wrote:

Re: [pfSense] FreeBSD on uFW

2016-06-01 Thread Jim Thompson
> On Jun 1, 2016, at 4:02 PM, Vick Khera <vi...@khera.org> wrote: > > On Wed, Jun 1, 2016 at 4:54 PM, Jim Thompson <j...@netgate.com> wrote: > >> Vick, no, it’s not in the Netgate storefront (yet). There are a handful >> of boards in the world. This

Re: [pfSense] FreeBSD on uFW

2016-06-01 Thread Jim Thompson
Ian, WRT “it’s new and perhaps incomplete at best”. What does that even mean? Yes, it’s new. First boot on that hardware was last night, around 3am Central (US). No, It’s not ready to ship. A close inspection of the bootlog will show several issues (some of them affect Intel/AMD as

[pfSense] FreeBSD on uFW

2016-05-31 Thread Jim Thompson
U-Boot SPL 2016.03 (May 31 2016 - 19:23:56) Trying to boot from MMC Card doesn't support part_switch MMC partition switch failed *** Warning - MMC partition switch failed, using default environment reading u-boot.img reading u-boot.img U-Boot 2016.03 (May 31 2016 - 19:23:56 -0500)

Re: [pfSense] Zero Trust Networks

2016-05-17 Thread Jim Thompson
Hi Randy, Ex-BYU student here. M.E. ’84, but I started in Chem, and maintained a vacuum distillation apparatus in the basement of ESC that was part of the Chem departments research in lasing emulsion dyes. I have a relative (Steve Walker) in the English department, too. If you’ve read the

Re: [pfSense] 2.3_1 ?

2016-05-05 Thread Jim Thompson
> On May 5, 2016, at 6:26 AM, Paul Mather wrote: > > On May 5, 2016, at 9:13 AM, Vick Khera wrote: > >> On Tue, May 3, 2016 at 11:24 AM, Jeppe Øland wrote: >> >>> Does this update actually work? >>> >>> After hitting install and

Re: [pfSense] IPsec - how to assess encryption is active?

2016-04-29 Thread Jim Thompson
Because OpenVPN uses tun/tap, and there is a HUGE amount of overhead in that. “HUGGGEEE!” — Donald J. Trump The statement "On a modern intel system, the intel chip itself (or AMD) has AES128 or better implemented in hardware. “ is incorrect. Modern Intel / AMD parts have

Re: [pfSense] APinger times wrong after a few hours

2016-02-24 Thread Jim Thompson
Apinger is… not very good. This is why we’ve gone to dpinger in pfSense software v2.3 > On Feb 24, 2016, at 7:27 PM, Joe Laffey wrote: > > Hi, > > I reported this on the forum a while back. Been having this issue since > installing version 2.x > > We have a dual WAN setup.

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Jim Thompson
> On Feb 23, 2016, at 9:43 PM, WebDawg wrote: > > Man I was looking at the price point on used 10Gbit nics and I think it is > time for a bit of an upgrade. 10Gbit Ethernet will be so common in three years, a 1Gbps interface will be only used for management interfaces.

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Jim Thompson
-- Jim > On Feb 23, 2016, at 9:38 PM, David Burgess <apt@gmail.com> wrote: > >> On Feb 23, 2016 7:01 PM, "Jim Thompson" <j...@netgate.com> wrote: >> >> perhaps you have a different definition of ‘wire speed’. You have to > fill the link

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Jim Thompson
> On Feb 23, 2016, at 7:47 PM, Walter Parker wrote: > > On Tue, Feb 23, 2016 at 3:19 PM, Giles Davis wrote: > >> On 19/02/2016 17:12, David Burgess wrote: >>> I'm a little surprised at your experience. A few years ago I built a >>> PFSense unit with

Re: [pfSense] Atheros Issues Abundant

2016-01-16 Thread Jim Thompson
No -- Jim > On Jan 16, 2016, at 1:28 PM, mayak wrote: > > Is there any workaround available? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SCVMM Agent

2016-01-09 Thread Jim Thompson
We have an official image for Azure coming. Should be available soon. We're in final stages with Microsoft. -- Jim > On Jan 9, 2016, at 4:56 AM, "pfsense-l...@y-tech.co.il" > wrote: > > Hi everyone, > > We are struggling for weeks now trying to install SCVMM 2012

Re: [pfSense] 2.2.5-RELEASE Now Available!

2015-11-08 Thread Jim Thompson
https://blog.pfsense.org/?p=1925 -- Jim > On Nov 7, 2015, at 4:43 PM, Doug Lytle wrote: > > I see 2.2.5 is available and didn't see any mention of it here. > > https://blog.pfsense.org/ > > Doug > > ___ > pfSense mailing list >

Re: [pfSense] client VPN on IOS

2015-09-26 Thread Jim Thompson
I use it. Note that iOS 9 has AES-GCM and IKEv2. We've recently (today) fixed a few bugs in hybrid auth mode. That might have stopped you, depending on how you have things setup. Also, with iOS 9, it appears that a tunnel with only IPv4 doesn't work. You have to config both v4 and v6. If

Re: [pfSense] Small form factor pfsense box

2015-08-11 Thread Jim Thompson
, at this point, yes, I have very strong confidence that we can ship the 2220 on or before 31 August. -- Jim On Aug 11, 2015, at 10:04 PM, Erik Anderson erike...@gmail.com wrote: Jim, is the SG-2220 still targeted for an Aug 31st ship date? On Mon, Aug 3, 2015 at 4:57 AM, Jim Thompson j

Re: [pfSense] Small form factor pfsense box

2015-08-03 Thread Jim Thompson
Thank you. These: http://store.pfsense.org/SG-2220/ http://store.netgate.com/mobile/ADI/RCC-DFF-2220.aspx Seem like just what Cheyanne asked for. -- Jim On Aug 3, 2015, at 12:48 AM, Walter Parker walt...@gmail.com wrote: The Project sells hardware: http://store.pfsense.org/hardware/

Re: [pfSense] Power Glitch Took CF Card in Alix Down - Experience

2015-07-23 Thread Jim Thompson
-- Jim On Jul 23, 2015, at 12:56 AM, Mehma Sarja mehmasa...@gmail.com wrote: It took me 2 days to crawl back from a 5 second power glitch which happened recently because the CF card in my Netgate Alix machine crashed hard. Apparently the card got corrupted; cleaned it off and put a fresh

Re: [pfSense] Access Point Recommendations?

2015-07-20 Thread Jim Thompson
Firetide? LOL I’m good friends with the guy who did the design for Firetide. He was, after all, the director of engineering there prior to the VCs moving the company from Hawaii to California. He’s the one who also contributed the OLSR port freeBSD (which pfSense picked up). Said it was

Re: [pfSense] Cannot Spoof MAC

2015-07-12 Thread Jim Thompson
On Jul 11, 2015, at 10:13 AM, Doug Lytle supp...@drdos.info wrote: Working on it today, I've tracked it down to pfSense not being able to spoof their MAC address. That board runs Realtek LAN parts. You can run pfSense on what you wish, but the release process doesn't test this platform.

Re: [pfSense] 2.2.2-RELEASE Now Available

2015-04-16 Thread Jim Thompson
On Apr 16, 2015, at 11:54 AM, Chris Buechler c...@pfsense.com wrote: On Thu, Apr 16, 2015 at 7:53 AM, Vick Khera vi...@khera.org wrote: On Wed, Apr 15, 2015 at 6:50 PM, Bob Gustafson bob...@rcn.com wrote: Today - except for the initial clicks, the process was totally automatic 14:21

Re: [pfSense] pf(4) relative performance: opinions?

2015-04-11 Thread Jim Thompson
On Apr 11, 2015, at 8:23 PM, Adam Thompson athom...@athompso.net wrote: I know a lot of performance work has gone into both FreeBSD and pfSense, but I haven't tested the limits in a long time, so I'm asking... I'm running a pair of firewalls, each with dual Xeon L5520 cpus (4c/8t,

Re: [pfSense] Console is in cyrillic

2015-03-17 Thread Jim Thompson
Unless you’ve changed it, the baud rate on an Alix is 38400 https://doc.pfsense.org/index.php/Console_Types https://doc.pfsense.org/index.php/Console_Types Jim On Mar 17, 2015, at 4:45 PM, Jeremy Bennett jbenn...@hikitechnology.com wrote: So I recently resolved my serial port issue and

Re: [pfSense] NIC Offloading Setting Questions

2015-03-04 Thread Jim Thompson
On Mar 4, 2015, at 12:54 AM, Bryan D. pfse...@derman.com wrote: Today, having received a pair of SuperMicro AOC-SG-i2 NICs from the pfSense store, I asked about the applicable pfSense offloading settings (via the pfSense contact form). Receiving an oblique (non-)response, I re-sent a

Re: [pfSense] Dual Port NIC ports

2015-02-21 Thread Jim Thompson
On Feb 21, 2015, at 5:26 PM, Joe Laffey j...@laffey.tv wrote: Hi, Is there any advantage or disadvantage to using the the two port on a dual port NIC vs. one port each on two different dual port NICs? at 1Gbps or below? No, assuming they’re PCIe NICs and have a correct MSI-X

Re: [pfSense] Release 2.2 - Wake on Lan different behaviour on alix and apu

2015-01-27 Thread Jim Thompson
open a bug report. On Jan 27, 2015, at 3:51 AM, WolfSec-Support supp...@wolfsec.ch wrote: Hello, ALIX issue: I can confirm this. In WebGUI on Alix the WoL is not working any more I can confirm: wake vr0 e0:cb:4e:xx.yy.zz is working on command line May also other platforms are

Re: [pfSense] VFA VPN throughput?

2015-01-20 Thread Jim Thompson
On Jan 20, 2015, at 4:53 PM, Adam Thompson athom...@athompso.net wrote: Jim/other: Do you have any guidelines for sizing VPN throughput when using the pfSense Certified VFA ? -- -Adam Thompson athom...@athompso.net ___ pfSense mailing

Re: [pfSense] 4 Byte ASN

2015-01-08 Thread Jim Thompson
On Jan 8, 2015, at 9:23 AM, Seth Mos seth@dds.nl wrote: Bryant Zimmerman schreef op 8-1-2015 om 15:28: We are working on getting our own ASN with ARIN so we can get our own blocks of address. We are doing this because we are using multiple ISP's and want to announce our own

Re: [pfSense] support costs?

2015-01-05 Thread Jim Thompson
sa...@netgate.com Mahalo Nui Loa, -- Jim On Jan 5, 2015, at 4:22 PM, Rick Payton r...@mai-hawaii.com wrote: Aloha, I'm working on a list of firewalls that can act as a VPN endpoint to recommend for a small remote waste water treatment plant (it currently runs a consumer level netgear

Re: [pfSense] Client-Side 1:1 NAT for IP address conflicts w/ VPN

2014-12-10 Thread Jim Thompson
On Dec 10, 2014, at 1:16 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 10/12/14 3:30 pm, Giles Coochey wrote: http://tools.ietf.org/html/rfc6598 Ultimately, it's a crap shoot, and the solution is to use IPV6 and 6:4 NAT for legacy. If only someone could have forseen that IPv4

Re: [pfSense] Disconnected

2014-11-04 Thread Jim Thompson
On Nov 4, 2014, at 6:15 AM, Ryan Coleman ryan.cole...@cwis.biz wrote: As Jim pointed out so abruptly yesterday (and you have not acknowledged) is that you haven't stated what version of pfSense you are running is. Without this, we're left to guess.

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-31 Thread Jim Thompson
On Oct 30, 2014, at 3:06 PM, Jeppe Øland jol...@gmail.com wrote: On Thu, Oct 30, 2014 at 8:33 AM, Jim Thompson j...@smallworks.com wrote: On the other hand, I tend to distrust manufacturers that shipped completely unreliable drives without any thought. Kingston/OCZ/Crucial are all

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jim Thompson
On Oct 30, 2014, at 7:14 AM, Jason Pyeron jpye...@pdinc.us wrote: -Original Message- From: Jeppe Øland Sent: Wednesday, October 29, 2014 18:46 I've been on an Atom board with a Kingston SSD for like 3 years now ... In that time I've gone through 3 dead SSDs (which Kingston

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jim Thompson
On Oct 30, 2014, at 9:28 AM, Jeppe Øland jol...@gmail.com wrote: 3 year old Kingston SSDs are not like new Kingston SSDs. Agreed. On the other hand, I tend to distrust manufacturers that shipped completely unreliable drives without any thought. Kingston/OCZ/Crucial are all in this

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jim Thompson
On Oct 30, 2014, at 3:39 PM, Dave Warren da...@hireahit.com wrote: On 2014-10-30 13:06, Jeppe Øland wrote: On Thu, Oct 30, 2014 at 8:33 AM, Jim Thompsonj...@smallworks.com wrote: On the other hand, I tend to distrust manufacturers that shipped completely unreliable drives without any

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jim Thompson
On Oct 30, 2014, at 7:35 PM, Dave Warren da...@hireahit.com wrote: On 2014-10-30 17:15, Jim Thompson wrote: On Oct 30, 2014, at 3:39 PM, Dave Warren da...@hireahit.com wrote: Buy quality instead of junk? ... Even a cheapo 30GB/60GB/whatever SSD is more than enough for pfSense and makes

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jim Thompson
On Oct 30, 2014, at 8:00 PM, compdoc comp...@hotrodpc.com wrote: Things will get outrageous soon with the advent of M.2 PCI SSDs on a x4 connection. The speeds of m.2 on x4 do look amazing. Now explain why a M.2 PCIe x4 SSD would be more expensive than a M.2 SATA SSD.

Re: [pfSense] cheapest netgate/esf h/w with wireless?

2014-10-26 Thread Jim Thompson
On Oct 26, 2014, at 12:51 PM, athompso athom...@athompso.net wrote: Jim, I have three related h/w questions: 1. what's the cheapest h/w currently available from ESF or Netgate that has (or at least supports) being an AP? Technically, the Alix, when we can get them. Not that you want

Re: [pfSense] pfsense h/w

2014-10-24 Thread Jim Thompson
anyway). Sliante! On 10/24/2014 4:03 AM, Adam Thompson wrote: [One public correction, nothing to do with Godwin's law! -Adam] On 14-10-23 08:36 PM, Jim Thompson wrote: Not that UBNT is a paragon of openness, either, “either”? Wow. Strike 2. That wasn't a dig at you or ESF

Re: [pfSense] pfsense h/w

2014-10-24 Thread Jim Thompson
://lists.pfsense.org/pipermail/dev/2013-November/000448.html Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com http://www.spitwspots.com/On 10/24/2014 10:14 AM, Jim Thompson wrote: This list is not about Ubiquiti. (At least not until we make pfSense available on Ubiquiti

Re: [pfSense] pfsense h/w

2014-10-23 Thread Jim Thompson
On Oct 23, 2014, at 5:18 AM, Zia Nayamuth zedestruc...@gmail.com wrote: Lots of suggestions on the hardware, but I see nobody mention anything based around the new and much more powerful Avoton platform. The platform is officially supported, and the pfSense store has hardware based on it

Re: [pfSense] pfsense h/w

2014-10-23 Thread Jim Thompson
to install pfSense in VMs and on existing repurposed hardware, but that's an entirely different market segment anyway, and all I'm selling is my time. -Adam On October 23, 2014 11:06:42 AM CDT, Jim Thompson j...@netgate.com wrote: On Oct 23, 2014, at 5:18 AM, Zia Nayamuth zedestruc

Re: [pfSense] pfsense h/w

2014-10-23 Thread Jim Thompson
seems to love chatting up conspiracy theories. Fluoride in the water and chemtrails overhead are evidence of government mind-control experiments, Paul Mccartney died in 1966, 9/11 was a “false flag” operation, pfSense is going closed source, and Jim Thompson is actually a blood thirsty, extra

Re: [pfSense] pfsense h/w

2014-10-23 Thread Jim Thompson
On Oct 23, 2014, at 7:48 PM, Adam Thompson athom...@athompso.net wrote: [Hmm... half of this doesn't need to be on-list. Sorry if I'm polluting. -Adam] On 14-10-23 05:57 PM, Jim Thompson wrote: I get that Jim rubs a lot of people the wrong way (myself included), Darn, you’d think

Re: [pfSense] pfsense h/w

2014-10-22 Thread Jim Thompson
/ might be temporarily down or it may have moved permanently to a new web address. Error code: ERR_NAME_RESOLUTION_FAILED Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 22 October 2014 16:06, Jim Thompson j

Re: [pfSense] pfsense h/w

2014-10-22 Thread Jim Thompson
On Oct 22, 2014, at 12:10 PM, Chris Buechler c...@pfsense.com wrote: On Wed, Oct 22, 2014 at 11:29 AM, Jim Thompson j...@smallworks.com wrote: Seems up now. I’ve let Gregory know that there may have been an issue. http://www.osnet.eu/en/products/FWA Pretty sure Jim got auto

Re: [pfSense] NIC support

2014-10-18 Thread Jim Thompson
Corrections inline. I blame beer. -- Jim On Oct 18, 2014, at 1:21 AM, Jim Thompson j...@netgate.com wrote: So, The only people getting a google fiber connection *today* live in Provo, UT or Kansas City. Google Funer Fiber. is being built out in Austin, but won't be available

Re: [pfSense] NIC support

2014-10-16 Thread Jim Thompson
On Oct 16, 2014, at 2:06 AM, compdoc comp...@hotrodpc.com wrote: I am well-aware of Olivier’s work in this area, as are many in the FreeBSD community. There is no proof, except that which is documented and reproducible. We're doing something like science here. Hmm, proof. Well,

Re: [pfSense] NIC support

2014-10-16 Thread Jim Thompson
On Oct 16, 2014, at 11:14 AM, compdoc comp...@hotrodpc.com wrote: The difference between Olivier's setup and ours (assuming pfsense 2.1.1+), is tuning The only way to prove what you say is with numbers. Tuning pfSense won't fix this hardware problem, *if* it exists in your boards.

Re: [pfSense] NIC support

2014-10-16 Thread Jim Thompson
On Oct 16, 2014, at 12:45 PM, compdoc comp...@hotrodpc.com wrote: do you realize who you’re arguing with compdoc? Yeah, I'm arguing with a guy that not only attacked me for suggesting a person be careful about buying certain hardware, he also attacked the work of Olivier from

Re: [pfSense] NIC support

2014-10-15 Thread Jim Thompson
On Oct 14, 2014, at 5:15 PM, compdoc comp...@hotrodpc.com wrote: as close to wirespeed as possible, be happy with a C2758. ? Very That C2758 has nice specs and should be able to keep up, however there seems to be a throughput problem on at least one brand of board running the

Re: [pfSense] NIC support

2014-10-15 Thread Jim Thompson
-- Jim On Oct 15, 2014, at 10:06 AM, compdoc comp...@hotrodpc.com wrote: When I speak of the C2758, I speak of the product sold at the pfSense store, as sold by the pfSense store, not the generic pfsense release running on some brand of board@. I was speaking of a C2758 board that

Re: [pfSense] NIC support

2014-10-14 Thread Jim Thompson
Will A SMB without L3 capable switches, that needs routing between 3-4 local subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as possible, be happy with a C2758. ? Very. Is a dual socket Xeon a bit faster? Yes. Does your application need that speed? Unlikely.

Re: [pfSense] upgrade from 1.2.3

2014-10-07 Thread Jim Thompson
On Oct 7, 2014, at 8:57 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 7/10/14 2:41 pm, Jim Thompson wrote: Best option is to replace it, likely. This. Or at least install a recent pfSense on an unused device you have kicking around, set things up how you want them (to mirror

Re: [pfSense] bogon networks

2014-09-28 Thread Jim Thompson
Perhaps if you specified your block? On Sep 28, 2014, at 5:59 AM, Andrew Mitchell andrew.k.mitch...@att.net wrote: My company has just recently been assigned it's own block from ARIN. We have a handful of pfSense boxes we need to connect to from that block. I have noticed we can't

  1   2   3   >