Re: [pfSense] Default pass rules in pfSense

2017-11-15 Thread Oliver Hansen 
By default, everything coming IN on the WAN is blocked but everything
coming IN on the LAN from the LAN network is allowed. You can easily remove
this rule on the LAN interface if you want.

On Nov 15, 2017 7:20 AM, "Roberto Carna"  wrote:

People, I'm new at pfSense and I'm seeing that there are implicit
default pass rules.

For example, without editing a new user rule in the firewall, I can
send mails from my WAN interface to Internet. I was wrong because I
thought the default behaviour was to deny all the traffic unless I
permit what I want.

Is it possible to turn the default pass rules off in order to control
all the traffic manually by the user rules ???

THanks a lot.

ROBERT
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Bug in loading configuration on device with different NICs

2017-10-24 Thread Oliver Hansen 
The official documentation mentions the explicit possibility of loading a
configuration on new hardware and nowhere does it mention needing to edit
the xml beforehand. I would think that hard to do with an encrypted xml
file.  I've done both numerous times and personally I would think it
"should" work as the OP desired.

https://doc.pfsense.org/index.php/Configuration_Backup_and_Restore

On Oct 24, 2017 6:38 AM, "Adrian Zaugg"  wrote:

> ok, it is not a bug then, I'll pass it as Feature Request. With the
> proposed handling it would work on different devices probably in most
> cases.
>
> I did edit the config file and did the assignments directly in there,
> now importing worked.
>
> Adrian.
>
> On 24.10.17 14:45, Eero Volotinen wrote:
> > well. you cannot import config to different device without manually
> > editing the xml configuration
> >
> > Eero
> >
> > 2017-10-24 14:03 GMT+03:00 Adrian Zaugg  > >:
> >
> >
> > Hi
> >
> > When loading a configuration file from a different device (with other
> > NICs) to a freshly installed pfSense, it correctly detects a
> mismatch of
> > the network interfaces and redirects the user to the interface setup
> > page. If there are VLANs defined in the loaded config, the VLANs are
> > still bound to the non-existent NICs, thus the user has to open the
> VLAN
> > assigning page and correct this. Pressing then on save, pfSense
> executes
> > the change immediately leading under unlucky conditions to the loss
> of
> > the connection to the admin interface of pfsense.
> >
> > In my opinion if pfsense discovers a mismatch in interface assignment
> > after restoring a configuration file, the changes made by the user to
> > VLANs and interface assignment should not happen immediately. It
> should
> > let the user finish all the reassignment work and then do the reboot
> of
> > the device like it does it always after restoring a config.
> >
> > How to reproduce:
> > - do a fresh pfsense installation and boot, connect to the web-gui
> > - instead of following the presented wizard, chose Diagnostics ->
> > Backup/Restore from the menu
> > - load a config using VLANs originating from a different device,
> which
> > has other kind of NICs built in (different brand e.g.)
> > - when presented with the interface assignment page, change to the
> VLAN
> > page and reassign a VLAN to the inner interface
> > - press save
> >
> >
> > Regards, Adrian.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > 
> > Support the project with Gold! https://pfsense.org/gold
> >
> >
>
> --
>.~..
> _ //__
> \°___/~~~
>
> Adrian Zaugg
> Zweierstrasse 56
> CH-8004 Zürich
>
> 044 291 02 38
> _
>
>
> (This eMail gets best displayed
>  using a monospace font.)
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.1.6 NAT BUG - All rules deleted !!

2017-06-07 Thread Oliver Hansen 
Is there a reason you're still on version 2.1.6?

On Jun 7, 2017 5:41 AM, "pfsense-l...@y-tech.co.il" <
pfsense-l...@y-tech.co.il> wrote:

> Hi all,
>
> I just encountered a major bug:
> Adding a new port forward rule caused a deletion of all firewall rules,
> ALL.
> I restored the configuration from backup and tried to add it again - same
> result.
> I can't find any documented bug.
> Please advise.
>
> Thanks,
> Tomer.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by Y-Tech MailScanner system, and is
> believed to be clean.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Aliases grouping

2016-12-07 Thread Oliver Hansen 
I can confirm I've done this as well.

On Dec 7, 2016 11:36 AM, "Christoph Hanle" 
wrote:

Hi,
short answer:
Yes !

I do it by: Create Alias / Type: Host(s) /
 IP or FQDN, this can also be an Alias, i found that the Alias is not
(!) limited to be a single IP, can be an Alias whith whatever content.

Christoph

On 07/12/16 20:19, Luc Paulin wrote:
> Hi,
> Is there a way to create group of aliases...
>
> For example, let say I create
> OFFICE1_NET
> OFFICE2_NET
>
> Can I create an aliases= ALL_OFFICES that will contain OFFICE1_NET and
> OFFICE2_NET
>
>   -Luc
>
>
>
> --
>  !
>( o o )
>  --oOO(_)OOo--
>Luc Paulin
>email: paulinster(at)gmail.com
>Skype: paulinster
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Wifi

2016-07-13 Thread Oliver Hansen 
Access point and captive portal should help.
On Jul 13, 2016 5:52 PM, "Alfredo Tapia Sabogal" 
wrote:

> Hi everybody is any way to block or give an wifi access to certain people
> only? Should i insert a wireless nic card to our pfsense and buy an access
> point as well what i should do to acomplish this problem need help!!!
>
> Alfredo Tapia Sabogal
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

2016-06-08 Thread Oliver Hansen 
I've had OpenVPN set up with around 20 remote sites for years. Fairly low
bandwidth but I prefer the configuration myself. My remote sites don't
route all traffic back to HQ ; It all depends on the routes you push to the
remote sites.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3_1 ?

2016-05-06 Thread Oliver Hansen 
On May 6, 2016 6:01 AM, "Vick Khera"  wrote:
>
> On Thu, May 5, 2016 at 3:05 PM, Jim Thompson  wrote:
>
> > it’s documented that you need to (re)start NTP manually.
> >
>
> Where would one learn this? The update page doesn't say anything about
> "after applying this update, do XYZ". That would be the ideal place, IMO.

I don't recall if there's a link from the update page but the release notes
have it which are in the usual place. https://blog.pfsense.org/?cat=53
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

2015-12-08 Thread Oliver Hansen 
On Dec 7, 2015 8:13 PM, "Joshua Young"  wrote:
>
> We have recently been the target of DDoS attacks.  The same interface is
> targeted each time.  Is there any way we can shut down this interface
> automatically when this happens?  Is there a way to maybe set a threshold
> for traffic and, when it reaches that threshold, automatically shut the
> interface down?  When this happens, the pfSense is overwhelmed and our
> entire WAN loses Internet connectivity.  I figure if we can shut the one
> interface that is being targeted down before the traffic gets to the point
> of saturating our bandwidth, then just that one network would be down
> rather than our entire WAN.
>
> --
>
-
> "The number one benefit of information technology is that it empowers
> people to do what they want to do. It lets people be creative. It lets
> people be productive. It lets people learn things they didn't think they
> could learn before, and so in a sense it is all about potential."
>
>
>   - Steve Ballmer
>
-
>
> Josh Young
> Educational Technology Coordinator
>
> *Mount Desert Island Regional School System - AOS 91*
> 1081 Eagle Lake Road, Mt. Desert, ME 04660
> P.O. Box 60, Mt. Desert, ME 04660
> Phone: (207) 288-5049 | Fax: (207) 288-5071
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

Not that I've heard of. You can write a script to check the bandwidth and
shut down the interface and then set it as a cron job.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Dashboard Width

2015-06-30 Thread Oliver Hansen 
You may want to look into this recent post: https://blog.pfsense.org/?p=1773

Seems quite a bit of work is already going into updating the GUI.


--
Oliver Hansen

On Tue, Jun 30, 2015 at 7:35 AM, Ryan Coleman  wrote:

> What I think really needs to be added is a little device type CSS/JS so
> that mobile devices look cleaner not just fluidness. Having to scroll and
> pinch and zoom to see the menu on my iPhone or iPad is a royal PITB.
>
> And for the work… I’d be happy to contribute my time and experience as a
> web developer directly to the Electric Sheep guys (I’m talking to you, Jim
> Thompson!) I’ve been programming in PHP for 15 years
>
>
> > On Jun 30, 2015, at 8:25 AM, Paul Galati  wrote:
> >
> > All,
> >
> > Am I doing something wrong or is the current dashboard themes limited to
> 2 columns across?  With computer screens being wider than taller, it would
> be nice to be able to have a 3rd or 4th row of data rather than scrolling
> up and down.
> >
> > Just curious. Thanks.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

2015-02-23 Thread Oliver Hansen 
Walter mentioned it. And that's the same problem I've had before.
On Feb 23, 2015 8:15 PM, "Ryan Coleman"  wrote:

> No one has mentioned that you haven’t stated if you had a Null Modem cable.
>
> Do you have a Null Modem cable or a simple Pass-through one?
>
> > On Feb 23, 2015, at 7:08 PM, Jeremy Bennett 
> wrote:
> >
> > I'm trying to get a couple of bricked Alix boards back.
> >
> > I've got a USB to serial adapter (which has worked in the past), a
> Windows 7 computer and Teraterm, but whenever I connect everything up I
> just get the cursor blinking at me.
> >
> > Set the port to 9600, N, 1 as instructions indicate (usb to serial
> usually is showing up on COM7).
> >
> > I've replaced the serial cable with a new one.
> >
> > I've replaced the USB to serial adapter with a new one (both are
> prolific 2303s)
> >
> > I've tried w/ a WIndows 8 machine as well, but the results are the
> same... blinking cursor.
> >
> > I connected the same stuff to a known good Alix box, and I got the same
> result, so I know it isn't the Alixes.
> >
> > What else can I try?
> >
> > Mahalo,
> > Jeremy
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] OpenVPN: "Unable to contact daemon" error

2015-01-19 Thread Oliver Hansen 
A bit of a guess but when I've had an issue with the OpenVPN GUI it was
something in my OpenVPN Advanced Configuration section that I had added
long ago and was no longer necessary or conflicting in some way.


--
Oliver Hansen

On Mon, Jan 19, 2015 at 12:26 PM, Erik Anderson  wrote:

> Hello all -
>
> Running 2.1.5-RELEASE on a Soekris net6501-50.
>
> Since the 2.1.4 release, I've seen this error message appear
> incessantly on the dashboard:
>
> http://photos.smugmug.com/photos/i-qwQLZCV/0/O/i-qwQLZCV.png
>
> Despite the web GUI being unable to determine OpenVPN status, clients
> continue to be able to connect and exchange traffic through OpenVPN
> without issue.
>
> If I ssh in, kill the OpenVPN processes and then re-start them from
> the web GUI, the error goes away temporarily, but will always return
> within 24 hours or so.
>
> As I mentioned, this seemed to start in 2.1.4, and I hoped that it
> would be resolved in 2.1.5, but that didn't happen.
>
> Any ideas on how to resolve this?
>
> Thanks!
> -Erik
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Directing a VPN user to a specific web page

2015-01-02 Thread Oliver Hansen 
Haven't tried it but it would seem you could add a simple script to the end
of the OpenVPN connection configuration that would open the web address
after they connect.
On Dec 31, 2014 9:46 AM, "Jean-Stéfane Bergeron"  wrote:

> Good day,
>
> I am hoping you guys might be able to help me come up with a solution for
> a solution I'm trying to develop at home.
>
> I am hoping to direct members of my family to a specific web page that
> wraps up a number of other pages inside my home network when they log in
> over a VPN connection.
>
> What I was thinking is to "host" a simple web page directly on my Netgate
> APU box that would be the landing page, that would contain a menu to the
> various other pages inside my network, maybe even frame the other pages
> inside that landing page. I was hoping that that page would simply come up
> for the user once they had established the VPN connection, and better yet,
> get a customized landing page depending on the user.
>
> I was thinking I could use the captive portal function to achieve this but
> I'm open to your ideas, suggestions. Does this make sense? Can I "host"
> that page inside of the pfsense box?
>
> I would welcome any guidance you may have or links to pages that would
> help me develop this solution.
>
> Thank you!
>
> (PS) I have another question that I have posted separately given it is
> unrelated to this.
>
> ___
>
> Sent from my Apple iPad
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Traffic routing issue

2014-12-12 Thread Oliver Hansen 
What does the allow rule on the restricted vlan and the NAT rule look like?
On Dec 11, 2014 11:24 PM, "Ryan Clough"  wrote:

> I am hoping that one of you out there can assist me with this rather
> interesting problem I am having. Let me set the stage.
>
> I am running the latest stable version of pfSense:
> 2.1.5-RELEASE (amd64)
> built on Mon Aug 25 07:44:45 EDT 2014
> FreeBSD 8.3-RELEASE-p16
>
> I am running transparent Squid and Squidguard, and all IP ranges have
> access to use the proxy.
>
> I have two WAN connections, each with a handful of public IPs. I have
> created an IP alias virtual IP of one of my public IPs on WAN1, which is
> used to NAT to a web server.
>
> We have an internal DNS server that resolves the domain name of a web
> server to the local LAN IP address. So, all computers on unrestricted VLANs
> access the web server without having to hit the pfSense router at all. This
> works as expected and the valid certificate is served and the web page
> loads.
>
> We have one restricted VLAN that is used for guest WiFi access and this
> VLAN is assigned external DNS servers and therefore resolve the domain name
> to the public IP.
>
> Now my problem. When connected to the guest WiFi on the restricted VLAN
> and attempting to access the web server on its public IP, which is assigned
> to a virtual IP on WAN1, I get served the certificate from the pfSense
> router. I can tell that this is the pfSense self-signed certificate because
> of the details of the certificate displayed in the warning. I also get this
> behavior if I force a computer on an unrestricted VLAN, using the hosts
> file, to resolve the host name of the web server to its public IP.
>
> What is going on here? I can provide more information if needed. Thank you
> for your time.
>
> Ryan Clough
> Information Systems
> Decision Sciences International Corporation
> 
> 
>
> This email and its contents are confidential. If you are not the intended
> recipient, please do not disclose or use the information within this email
> or its attachments. If you have received this email in error, please report
> the error to the sender by return email and delete this communication from
> your records.
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 2.1.5: RRD: There has been an error creating the graphs.

2014-11-05 Thread Oliver Hansen 
I believe in the settings tab for RRD there is a reset option.

I've had to reset mine after almost every upgrade since 2.1.
On Nov 5, 2014 8:39 AM, "Olivier Mascia"  wrote:

> Hello,
>
> Checking the logs, I get 5 or 6 errors similar to this one when accessing
> the Status - RRD Graphs menu item:
>
> > php: /status_rrd_graph_img.php: Failed to create graph with error code
> 1, the error is: ERROR: No DS called 'inpass6' in
> '/var/db/rrd/wan-traffic.rrd'/usr/bin/nice -n20 /usr/local/bin/rrdtool
> graph /tmp/wan-traffic.rrd-year.png --start 1383582289 --end 1415204689
> --step 86400 --vertical-label "bits/sec" --color SHADEA#ee --color
> SHADEB#ee --title "pfsense.tipnet.tipgroup.com - WAN :: Traffic - 1
> year - 1 day average" --height 200 --width 620
> DEF:wan-in_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass:AVERAGE:step=86400
> DEF:wan-out_bytes_pass=/var/db/rrd/wan-traffic.rrd:outpass:AVERAGE:step=86400
> DEF:wan-in_bytes_block=/var/db/rrd/wan-traffic.rrd:inblock:AVERAGE:step=86400
> DEF:wan-out_bytes_block=/var/db/rrd/wan-traffic.rrd:outblock:AVERAGE:step=86400
> DEF:wan-in6_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass6:AVERAGE:step=86400
> DEF:wan-out6_bytes_pass=/var/db/rrd/wan-traffic.rrd:outpass6:AVERAGE:step=86400
> DEF:wan-in6_bytes_block=/var/db/rrd/wan-traffic.rrd:inblock6:AVERAGE:ste
>  p=86400
>
> This is not a recent event, it has been that way for months.  I do not
> really care if I have to loose old data to fix this because I have other
> traffic data collection (SNMP based) and at the switch ports level too.
> Let's say it just would be a convenience to get those to work again, when I
> have to quickly have a look to past traffic while connected in the admin
> interface.
>
> I expect that clearing whatever past data there is might help clean the
> error.  What steps should I take to reset this?
>
> Or is there something else to check and correct first.  I have to confess
> I'm puzzled with the "ERROR: No DS called 'inpass6'". I only know one thing
> for sure: I din't tweaked anything around or about RRD by myself at any
> point in time.  This pfSense installation started its life with 2.0.x 64
> bits. And went to 2.1 upon release, then followed up to 2.1.5. IPv6 was
> actually rolled out some months after 2.1 got installed.
>
> If someone has an idea or a hint to share, that'd be friendly.
> Thanks!
> __
> Olivier Mascia
> tipgroup.com/om
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Pftop confusion.

2014-09-24 Thread Oliver Hansen 
You didn't mention which version of pfSense you're on but Status -> Traffic
Graph has shown the IP using the bandwidth live to the right of the graph
for a while now. At least 2.1.


--
Oliver Hansen

On Wed, Sep 24, 2014 at 8:04 AM, Muhammad Yousuf Khan 
wrote:

> Darkstat and bandwidthD also showing Per IP total bandwidth use. what i
> want is live monitoring. not total bandwidth.
> i think pftop can help but i dont know how to understand the output. it is
> quite confusing.
> i even change sorting type but it is not working as per the sort order
> shows.
> becuase when i sort by "RATE" or "Speed" it shows a suspected ip on the
> top but when i close the download on that host/client it always shows on
> top.
> i need a tool like NTOP work on CLI and shows same output as Linux
> Terminal console.
>
> Thanks,
> MYK
>
>
> On Wed, Sep 24, 2014 at 7:55 PM, Muhammad Yousuf Khan 
> wrote:
>
>> Exactly this is how i learn that my whole link is eaten by someone. now i
>> want to check which client is eating all the bandwidth.
>> Traffic graph is showing whole link activity. what i want to find is
>> which client IP is using most of it.
>>
>> Thanks,
>> MYK
>>
>>
>> On Wed, Sep 24, 2014 at 7:33 PM, Oliver Hansen 
>> wrote:
>>
>>> Status - > Traffic Graph is where I usually look in the GUI.
>>> On Sep 24, 2014 7:25 AM, "Muhammad Yousuf Khan" 
>>> wrote:
>>>
>>>> hi guys actually i want to check which IP is using most of the internet
>>>> traffic. i see pftop a bit confusing i tried changing sorting via "o"  but
>>>> it is still confusing me . can you guys please guide me how can i viiew
>>>> live monitoring. what i want to check is which one host is eating up the
>>>> whole bandwidth.
>>>>
>>>> Thanks,
>>>> MYK
>>>>
>>>> ___
>>>> List mailing list
>>>> List@lists.pfsense.org
>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>>
>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> https://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Pftop confusion.

2014-09-24 Thread Oliver Hansen 
Status - > Traffic Graph is where I usually look in the GUI.
On Sep 24, 2014 7:25 AM, "Muhammad Yousuf Khan"  wrote:

> hi guys actually i want to check which IP is using most of the internet
> traffic. i see pftop a bit confusing i tried changing sorting via "o"  but
> it is still confusing me . can you guys please guide me how can i viiew
> live monitoring. what i want to check is which one host is eating up the
> whole bandwidth.
>
> Thanks,
> MYK
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] verizon uml290 reliability

2014-09-16 Thread Oliver Hansen 
I had similarly unreliable connections from the UML290 but in my case the
Verizon signal was poor in that area.

I had some luck at one point running a program on the modem from a PC that
forced it to only use 4G as it seemed to have more problems when switching
from 3G to 4G and back. That was the only area I've used it more than 24
hours at a time though so I can't comment on continued performance in an
area with good signal.

I was able to unplug and plug in the modem without pfsense locking up but
that didn't fix the problem where a reboot would. Temporarily.
On Sep 15, 2014 8:21 AM, "Vick Khera"  wrote:

> A while back I asked about using a 4G modem with pfsense, and the
> UML290 bubbled to the top of the list as most likely to work.
>
> My experience with it has been spotty. It seems that about every 3-4
> days, it will just stop talking to the network. At the same time, it
> will still respond to "AT" commands but otherwise be totally unable to
> complete the PPP dialog. Only way out of this state is power-cycle the
> modem.
>
> I have heard one person tell me this is "normal" for the UML290. How
> has it been for other people? The VZ forums are full of people who
> have no clue about pretty much anything complicated, so I had no luck
> there.
>
> Also, in case anyone is looking for a really awesome 4G<->ethernet
> bridge device, check out this one:
>
> http://shop.proxicast.com/shopping/proxicast-pocketport-2-pocket-sized-3g-4g-lte-usb-cellular-modem-bridge-mini-router.html
>
> I have been using it with my modem and it makes for easier failover
> configurations on pfSense. I originally bought it to try to fix the
> 3-day and dead problem, but it did not... at least I don't have to
> power cycle pfsense to fix it, because unplugging and re-plugging the
> modem would lock up pfsense.
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Dual IP nets over one ethernet connector

2014-08-16 Thread Oliver Hansen 
I would think it's pretty simple if you have a vlan capable switch. Just
connect the router to the switch on a trunk port and other devices off of
the switch on specific vlans.
On Aug 16, 2014 10:48 AM, "Bob Gustafson"  wrote:

> I have a small Alix board with only one Ethernet connector.
>
> It would be nice to pass packets from two different networks through that
> one Ethernet connector.
>
> I know it is possible, I'm just wondering whether pfsense can do it and
> whether anyone has some recipes for implementation.
>
> I would like to pass WAN packets (192.168.1.0/24) and LAN packets (
> 192.168.2.0/24) through the same connector.
>
> pfsense would provide the NAT and firewalling within the box.
>
> Has anyone any experience with this?
>
> Bob G
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Update

2014-07-10 Thread Oliver Hansen 
Usually when I see that message it's because DNS is not configured
correctly on the box.
On Jul 10, 2014 9:44 AM, "Brian Caouette"  wrote:

> The update from 2.1.3 to 2.1.4 failed hard for me. I got a unable to load
> kernel message on reboot. That said I reinstalled and am rebuilding my
> setup. I noticed a glitch however. On the dashboard it was saying I was on
> the current version but it's no longer able to obtain update status. I'm
> wondering what port it uses and what rule may have broke the updates?
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense Routing - VPN's

2014-05-15 Thread Oliver Hansen 
If possible, using OpenVPN for this is the easiest to configure IMO. You
can just push the routes in your VPN configuration.

I believe the wiki has good instructions for this.
On May 15, 2014 2:22 PM, "Alex Threlfall"  wrote:

> Hi All,
>
>
>
> I currently have a number of sites which have VPN’s
> between them, with each site having a VPN to one another. This is becoming
> harder to manage, we currently have 5 sites, (6 if you include my home) and
> it would make sense to me to adopt more of a star architecture with a
> central site.
>
>
>
> However, I can’t work out how to configure this! Each site
> has it’s own /24 of private address, and I have a central branch. How can I
> configure things so that the if branch B needs to get to branch C, it knows
> that it must go via branch A?
>
>
>
> Branch A has the best connectivity – bonded FTTC’s, so
> would make sense as well as it being our “hub” branch for the stock control
> system also.
>
>
>
> Any advice would be appreciated!
>
>
>
> --
>
> Alex Threlfall
>
> Cyberprog New Media
>
> www.cyberprog.net
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] vzw uml290

2014-04-17 Thread Oliver Hansen 
Hi Vick, I don't think I have much information for you but I have seen
those similar logs before. I don't use mine as a backup but as a mobile
router for events and only a couple of times a year. Usually in my
experience it has been when there is not a strong signal that I see these
problems. Because yours has worked just fine in the same place this may not
be the cause.


--
Oliver Hansen


On Thu, Apr 17, 2014 at 9:17 AM, Vick Khera  wrote:

> At the advice of the group here, I installed a VZW UML290 usb modem
> about a week and a half ago. This has worked pretty well as a backup
> line since then.
>
> Starting yesterday, PPP won't negotiate anymore. The logs show the
> authentication succeeds, but then the negotiation fails many times.
>
> Resetting and power-cycling the modem using usbconfig utility did not
> help. (I am remote, so physically unplugging it is not possible right
> now).
>
> I can type "AT" commands to the modem directly.
>
> Anyone else having negotiation troubles on verizon wireless data
> modems? The account is in good standing according to their web portal.
>
>
> Here are the logs produced (phone number redacted). The difference
> between this and a successful connection is that the lines where it
> reports refusal of VJCOMP.  On successful attempt it looks like this:
>
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: state change Req-Sent -->
> Ack-Sent
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: rec'd Configure Reject #1
> (Ack-Sent)
> Apr 10 09:06:14 onceler ppp: [opt2]   COMPPROTO VJCOMP, 16 comp.
> channels, no comp-cid
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: SendConfigReq #2
> Apr 10 09:06:14 onceler ppp: [opt2]   IPADDR 0.0.0.0
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: rec'd Configure Nak #2 (Ack-Sent)
> Apr 10 09:06:14 onceler ppp: [opt2]   IPADDR 10.185.224.29
> Apr 10 09:06:14 onceler ppp: [opt2] 10.185.224.29 is OK
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: SendConfigReq #3
> Apr 10 09:06:14 onceler ppp: [opt2]   IPADDR 10.185.224.29
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: rec'd Configure Ack #3 (Ack-Sent)
> Apr 10 09:06:14 onceler ppp: [opt2]   IPADDR 10.185.224.29
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: state change Ack-Sent --> Opened
> Apr 10 09:06:14 onceler ppp: [opt2] IPCP: LayerUp
> Apr 10 09:06:14 onceler ppp: [opt2]   10.185.224.29 -> 10.64.64.0
> Apr 10 09:06:14 onceler ppp: [opt2] IFACE: Up event
> Apr 10 09:06:14 onceler ppp: [opt2] IFACE: Rename interface ng0 to ppp0
>
> but unsuccessful attempt repeated the COMPPROTO VJCOMP several times
> and gives up:
>
> Apr 17 11:53:38 onceler ppp: Multi-link PPP daemon for FreeBSD
> Apr 17 11:53:38 onceler ppp:
> Apr 17 11:53:38 onceler ppp: process 8572 started, version 5.6
> (root@snapshots-8_3-i386.builders.pfsense.org 10:16 24-Jul-2013)
> Apr 17 11:53:38 onceler ppp: caught fatal signal term
> Apr 17 11:53:38 onceler ppp: [opt2] IFACE: Close event
> Apr 17 11:53:38 onceler ppp: [opt2] IPCP: Close event
> Apr 17 11:53:38 onceler ppp: [opt2] IPV6CP: Close event
> Apr 17 11:53:38 onceler ppp: waiting for process 53242 to die...
> Apr 17 11:53:38 onceler php: /interfaces_ppps_edit.php: Starting
> 3gstats.php on device '' for interface 'opt2'
> Apr 17 11:53:39 onceler ppp: waiting for process 53242 to die...
> Apr 17 11:53:40 onceler ppp: [opt2] Bundle: Shutdown
> Apr 17 11:53:40 onceler ppp: [opt2_link0] Link: Shutdown
> Apr 17 11:53:40 onceler ppp: process 53242 terminated
> Apr 17 11:53:40 onceler ppp: web: web is not running
> Apr 17 11:53:40 onceler ppp: [opt2] Bundle: Interface ng0 created
> Apr 17 11:53:40 onceler ppp: [opt2_link0] Link: OPEN event
> Apr 17 11:53:40 onceler kernel: ng0: changing name to 'ppp0'
> Apr 17 11:53:40 onceler ppp: [opt2_link0] LCP: Open event
> Apr 17 11:53:40 onceler ppp: [opt2_link0] LCP: state change Initial -->
> Starting
> Apr 17 11:53:40 onceler ppp: [opt2_link0] LCP: LayerStart
> Apr 17 11:53:40 onceler ppp: [opt2_link0] CHAT: Detected Hayes compatible
> modem.
> Apr 17 11:53:40 onceler ppp: [opt2_link0] CHAT: Dialing server at
> *99***3#...
> Apr 17 11:53:40 onceler ppp: [opt2_link0] CHAT: ATDT*99***3#
> Apr 17 11:53:40 onceler ppp: [opt2_link0] CHAT: Connected at 1.
> Apr 17 11:53:40 onceler ppp: [opt2_link0] MODEM: chat script succeeded
> Apr 17 11:53:40 onceler ppp: [opt2_link0] Link: UP event
> Apr 17 11:53:40 onceler ppp: [opt2_link0] LCP: Up event
> Apr 17 11:53:40 onceler ppp: [opt2_link0] LCP: state change Starting
> --> Req-Sent
> Apr 17 11:53:40 onceler ppp: [opt2_link0] LCP: SendConfigReq #1
> Apr 17 11:53:40 onceler ppp: [opt2_link0]   ACFCOMP
> Apr 17 11:53:40 onceler ppp: [opt2_link0]   PROTOCOMP
> Apr 17 11:53:40

Re: [pfSense] verizon USB data modem

2014-02-27 Thread Oliver Hansen 
On Thu, Feb 27, 2014 at 6:39 AM, Vick Khera  wrote:

> I see on the supported USB 3g/4g modem list that there is the Pantech
> UML290. VZ currently sells the UML295. Has anyone had luck with the latter?
> It is so difficult to determine the actual internal hardware to see if
> there's that much difference. The scant information I can find on the net
> indicate they both use the same qualcomm chip, but somehow require
> different drivers for some home routers.
>
> Also, I thought maybe I could hook up an old iPhone in tethering mode but
> alas, these show up as ugen device instead of an ipheth device. Any
> thoughts on including the ipheth driver in the future? It would have to be
> the one from FreeBSD 8.4 back-patched, I suspect, so it has the latest
> devices.
>
>
Hi Vick, I have used the Pantech UML290 on Verizon. It looks like VZW still
sells the UML290 on their web site but I have not had experience yet with
the UML295. I may get ahold of one sometime in the near future so if I do
I'll let you know my experience.


--
Oliver Hansen
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Errors about Traffic Shaper

2013-12-03 Thread Oliver Hansen 
One way would be to backup the system then manually edit the XML to remove
any portions relating to the traffic shaper. After that, restore the
configuration you edited.


--
Oliver Hansen


On Tue, Dec 3, 2013 at 8:41 AM, Ron Lemon  wrote:

>  I have a scrolling message about errors when my pfSense box reboots.
>
>
>
> Errors in Queue definition qInternet not found for qAck, qOthersHigh, etc.
>
>
>
> There were errors loading the Queue definition /tmp/rules.debug
>
>
>
>
>
> As far as I know the Traffic Shaper is not being used.  I think I tried it
> at one point but it blew up when I ran the wizard.  My firewall is
> otherwise working as far as I can tell.
>
>
>
> How can I clean up the errors with the Traffic Shaper so that I can try it
> again later?
>
>
>
> Thanks.
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

2013-10-12 Thread Oliver Hansen 
- Original Message -
From: "Adrian Wenzel" 
To: "pfSense support and discussion" 
Sent: Saturday, October 12, 2013 10:41:40 AM
Subject: Re: [pfSense] naive suggestion: conform to US laws


> 
> I can't say I agree with Thinker Rix on everything but on this I do
> agree. I have been on this list for many years (mostly just reading)
> and have always been impressed with the professionalism of most
> members who write and especially those affiliated with the project.
> I have been quite surprised and disappointed in the attitude and
> tone coming from Jim Thompson this last week and in my opinion THAT
> is what reflects poorly on the project.

I totally disagree.  I respect people who give their opinion outright.  We can 
flop about and sugar coat everything, try to make everyone feel fuzzy... and 
all that does is lead to misunderstandings and openings for more convoluted and 
pointless discussions.  I've been a part of the open source community for over 
20 years, and mostly we're a group of free thinking, well-intentioned 
individuals who have many irons in the fire.  We know the value of our time, 
and thus respect the value of others' time as well.  Our projects are not a 
place for discussions that can have no resolution: politics, religion, general 
conspiracy theories.

I'm behind Jim on this.

Regards,
Adrian


But notice how you agreed with Jim without using any personal attacks? I have 
no problem with that. It is completely possible to give your opinion outright 
about a *TOPIC* without attacking the person or threatening them. Jim's latest 
response actually does this pretty well and attacks the facts instead of the 
person. I'll let this go now but I felt it had to be said.

-Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

2013-10-12 Thread Oliver Hansen 
On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix wrote:

> On 2013-10-09 19:38, Jim Thompson wrote:
>
>> So asking the question is stupid
>>
>
> On 2013-10-09 19:50, Jim Thompson wrote:
>
>> IMO, this bullshit thread only serves to assist those asking the question
>> in stroking their own ego.
>>
>
> On 2013-10-12 01:40, Jim Thompson wrote:
>
>> Otherwise: get off my lawn.
>> I'm not willing to endure this uninformed Alex Jonesian crapfest.
>> Now that I'm back on US soil, I promise that if the later continues, I
>> will kill the thread. People who hijack threads will be dealt with.
>> Otherwise: STFU.
>>
>> Nor will I endure the besmirching of pfSense's good name and trademark.
>>
>
> The only one who is besmirching pfSense here is: you - given that as a
> co-owner of ESF you are an official representative of pfSense - and your
> official communication unfortunately shows that you are a vulgarian,
> plebeian, obscene, scurrilous goon, who insults, threatens, bullys, censors
> and muzzles other community members, totally lacking control of himself and
> any professional business manners whatsoever, let alone any constructive
> discussion culture.
>
> To me it feels highly awkward and it is unsettling me a lot, that such an
> ill-mannered, shady and dubious roughneck like you holds a key position in
> the project that creates the security product that we use for protecting
> our networks.
>
> I have no idea why highly respected Chris Buechler partnered with you, but
> it might be good if you would learn a lesson from him concerning his
> professionalism, seriousness and manners in his official communication.
>
> Bye.


I can't say I agree with Thinker Rix on everything but on this I do agree.
I have been on this list for many years (mostly just reading) and have
always been impressed with the professionalism of most members who write
and especially those affiliated with the project. I have been quite
surprised and disappointed in the attitude and tone coming from Jim
Thompson this last week and in my opinion THAT is what reflects poorly on
the project.

-Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-10 Thread Oliver Hansen 
*BLINK!*

Incredible the way I am seeing the reaction to the initial question,
and trying to query very valid points are now leading me to seriously
reconsider the potential risk I have in continuing to use pfsense as a
security tool.

The about list on the mailman page states: "pfSense support and discussion
list"...

About time someone quoted the mailman page. If you want the discussion to
end simply don't respond. If the majority *truly* agrees with you then it
will end.

I've been on this list for years and don't appreciate someone assuming to
speak for me about ending a thread.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Not connecting the Internet

2013-06-26 Thread Oliver Hansen 
There was a similar request in the last week or so. The problem I've seen
when swapping out routers is that the ISP device needs to be reset or power
cycled. With some I've seen them need to remain powered off for about 5
minutes as this causes them to look for the new device when powered back
on.


--
Oliver Hansen


On Wed, Jun 26, 2013 at 6:25 AM, suresh suresh
wrote:

> HI Odhiambo,
>
> Am able to get pfsense webgui on lan network. but am not getting the
> Internet connection.please let me know what i can do for that.
>
>
> Thank you,
>
> Regards,
> Suresh babu
>
>
> On Wed, Jun 26, 2013 at 6:46 PM, Odhiambo Washington 
> wrote:
>
>> OFFLIST:
>>
>> Hi Suresh,
>>
>> If you can use TeamViewer, then let me take a look at your pfSense.
>> Perhaps I can help you figure it out.
>>
>>
>> On 26 June 2013 16:10, suresh suresh  wrote:
>>
>>> Dear All,
>>>
>>> I am using the pfsense Firewall 2.0.3. Am able to get the Internet on
>>> the cisco router but am not able get Internet on pfsense firewall. whatever
>>> configured in cisco router same ip and dns server configured in pfsense.
>>> how to check the anything blocking in pfsesne or how to debug the firewall.
>>> Please help me its urgent. ASAP
>>>
>>> Thank you,
>>>
>>> Regards,
>>> Suresh Babu
>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/list
>>>
>>>
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>> "I can't hear you -- I'm using the scrambler."
>>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Booting & Running Embedded Image from USB

2013-06-13 Thread Oliver Hansen 
Try throwing in a second USB stick and install to that one.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Conditional Routing question

2013-04-29 Thread Oliver Hansen 
On Mon, Apr 29, 2013 at 7:36 AM, Drew Lehman  wrote:

>  I could, but it's not the only thing I use the VPN for.  I use it when
> using hotspots and on my phone when I'm using a public WiFi.  I also have
> kids, and I want to make sure that I don't run afoul of some over-zealous
> music industry if they suddenly discover P2P.
>
> On 4/29/2013 10:24 AM, Zach Underwood wrote:
>
> For you it may be better to find a seedbox provider
> http://en.wikipedia.org/wiki/Seedbox
>
>
> On Mon, Apr 29, 2013 at 10:21 AM, Drew Lehman wrote:
>
>> I have a business connection from my ISP and run servers.  I also like to
>> seed Various Rescue disk and certain Linux distributions on Bittorrent.
>>  The problem is, despite having a commercial account, my ISP throttles
>> anything with P2P, and takes the rest of my connection with it.  So, in
>> order to keep that from happening, I got a VPN connection through an
>> third-party.  This works great, but my traffic is either VPN or not.
>> The VPN provider works with OpenVPN and I want to know how to create a
>> conditional route that routes all bit-torrent over the OpenVPN, but leaves
>> connections such as my gaming and email through my normal WAN connection.
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
>
>
>
>  --
> Zach Underwood (RHCE,RHCSA,RHCT)
> My website 
>  My photes 
>
>  I'm also interested in a solution for this. I also have a VPN provider
that uses OpenVPN. I tried to set up some policy routes after adding the
OpenVPN connection but I didn't have much luck.

Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] How to setup DHCP server so no default gateway specified

2012-11-15 Thread Oliver Hansen 
I know this doesn't answer your question but why not just put in a fake
address like 0.0.0.0? They won't be able to reach it so they won't get out.
I haven't tried it but it's an idea.


--
Oliver Hansen


On Thu, Nov 15, 2012 at 9:04 AM, Will Wagner wrote:

> Hello,
>
> I have a pfsense box working well with multiple interfaces. One of the
> interfaces is an internal network for which there should be no access
> outside the gateway.
>
> I want to configure pfSense to be a DHCP server on that interface but I
> don't want it to specify any gateway in the options. If I leave the gateway
> field blank then the interface address on pfsense is used, and the UI will
> only allow me to enter an alternative IP address within the range.
>
> How can I make the DHCP server omit option 3 in the DHCP offer?
>
> Thanks
> Will
>
>
> __**_
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/**mailman/listinfo/list<http://lists.pfsense.org/mailman/listinfo/list>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Setup Questions

2012-09-29 Thread Oliver Hansen 
On Sep 29, 2012 1:36 PM, "Johnny"  wrote:
>
> Hey guys I am currently running ipcop 2.0 and thinking about switching
over to pfsense. (tired of the slooowww updates) I have my ipcop box setup
as follows.
>
>
>
> 1 nic is on green
>
> 1 nic is on red
>
> 1 nic is on blue – Wi-Fi, I have a router on this nic. DHCP is turned off
and users get ip assigned by ipcop. I have also approve people by their mac
address to access my blue network.
>
> 1 nic is on orange for DMZ – Never able to get DMZ working correctly.
>
>
>
> I was wondering if this same setup is possible with pfsence? Any help
would be appreciated
>
>
>
>
>
> Johnny Miller
>
> mill...@cinci.rr.com
>
> gamer tag: wcso845
>
>
>
> Lets find a cure for cancer together visit:
>
> http://www.worldcommunitygrid.org
>
>
>
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
I was an ipcop user many years ago. Although pfsense doesn't use the
interface color names it can do these things you describe.

Try it out and I doubt you'll look back.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense 2.0.1-RELEASE, Restoring partial config.xml does not work

2012-07-23 Thread Oliver Hansen 
>
> While it indeed does work that way, it doesn't really make sense to me.
>
>
> If I cannot import selected sections from a full config.xml, what would
> the select menu be good for?
> And if I only have a partial config, say, I saved the aliases, then
> obviously I would want to restore the aliases from it and not the
> (non-existent) firewall rules.
>
> IMO, this is a bug that needs to be fixed.
>
> -Stefan
>

 I agree that it would make more sense the way you were originally trying
to do it which is the way I originally tried to do it as well.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense 2.0.1-RELEASE, Restoring partial config.xml does not work

2012-07-23 Thread Oliver Hansen 
Hi Stefan, I can't be sure but I think I have run into this before. Have 
you tried uploading a config with ONLY those parts that you want to 
change? I think it is intended to be restored from a backup that only 
contained those parts.


Oliver Hansen

On 7/23/2012 2:08 AM, Stefan Baur wrote:

Hi everyone,

I'm trying to restore the NAT and Firewall Rules from a config file, 
but the changes simply don't appear, not even after a manual reboot.

Is this a known issue? If not, what further info is needed to debug it?

Situation:
pfSense box A - hardware malfunction, proper config, running pfSense 
2.0.1-RELEASE
pfSense box B - different hardware, default config, running pfSense 
2.0.1-RELEASE


I downloaded the config file from box A, and when box B was in place, 
I accessed the web interface and selected "Diagnostics", 
"Backup/Restore".
After that, I picked the option "NAT" under "Restore Area", gave it 
the path to my previously saved config file, and hit the "Restore 
configuration" button.
After the upload was complete, I was presented with a message that the 
firewall may need to reboot.  It did not reboot automatically.
Figuring that having mismatching NAT and Firewall Rules might be bad, 
I did not reboot manually at that point, either.
Rather, I repeated the procedure, selecting "Firewall Rules" instead 
of "NAT". After that, I rebooted manually.

None of my changes show up after the reboot.

I tried to debug the issue by repeating the steps with manual reboots 
after each upload, but that doesn't help either.  My changes are 
simply being ignored.
Manually splicing the changes into the XML file and uploading it 
completely works, though, so I can rule out that there's something 
wrong with the old configuration.


Kind Regards,
Stefan Baur
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] How to monitor usage of bandwidth

2012-06-14 Thread Oliver Hansen 
On Jun 14, 2012 5:36 AM, "Pankaj Kumar"  wrote:
>
> I have PfSense2.0.1 installed with dual wan for load balancing purpose, i
want to know how to monitor the internet usage on LAN by host name or IP
who is using how much bandwidth
> as well please assist me how to restrict the downloading on PfSense.
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>

The Darkstat package works pretty well for monitoring.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Anyone here used Netgate hardware for home use?

2012-05-04 Thread Oliver Hansen 
On Thu, May 3, 2012 at 12:40 PM, justino garcia wrote:

>
>
> Anyone here used the Netgate m1n1wall 2D3 / 2D13 Blue?
> Does this unit run the full version of PFSense, and is 256 MB for a home
> office deployment enough?
> Do I need third nic, and separate my WLAN and lan, and then just have
> vlans for each network and a secure tunnel bettween lan and wlan?
>
>
> --
> Justin
> IT-TECH
>
>
> I haven't used these for home but I have used them at several small office
locations. It runs the embedded version of pfSense which doesn't work with
some packages so you'd want to check that out. 256MB of RAM should be fine
unless you have a lot of devices in that home office. As I understand it in
a default configuration RAM mostly affects how many states you can have
open. Separating your WLAN and VLANs is all up to you. If you have a VLAN
capable switch then you probably only need two interfaces and just trunk
from pfSense to the switch. It's up to you.

Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Open VPN or IPSec for site to site VPNs

2012-04-20 Thread Oliver Hansen 
On Fri, Apr 20, 2012 at 9:23 AM, Gavin Will  wrote:

> Hi there,
>
> Traditionally used IPSec VPN's for site to site links however with
> replacing remote site routers with PFsense boxes I thought about using Open
> VPN instead.
>
> Any pro's cons?
>
> I quite like the ability to push a route easily with OpenVPN.
>
> Comments appreciated.
>
> Cheers
>
> Gavin
>
> 


Gavin, I replaced my remote site routers with pfSense and went to OpenVPN a
couple years ago and haven't looked back. It's almost a
set-it-and-forget-it situation since we have zero problems.

--
Oliver Hansen
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] pfSense with Squid and upstream proxy?

2012-04-17 Thread Oliver Hansen 
Hello,

We are looking into providing public WiFi at some of our locations and it
will need to be filtered. We already have a proxy server for our staff
machines and since they are managed we can easily point them to the proxy.
I don't believe our current proxy setup supports a transparent mode (I'm
currently checking with them) but would it be possible to have Squid set up
as a transparent proxy which then redirects requests to an upstream proxy
that does the filtering? Has anyone done that?

I'm also open to the possibility that I'm making this too difficult and
perhaps there is an easier way to achieve what we are looking for.

Thanks!

--
Oliver Hansen
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Site-to-Site VPN, IPSec or OpenVPN

2012-03-21 Thread Oliver Hansen 
Ipsec works but I've found it much easier to use OpenVPN when that's an
option. Easier to do real routing as well.
On Mar 21, 2012 6:01 PM, "Ugo Bellavance"  wrote:

> Hi,
>
> For a simple site-to-site VPN (main office to DR site), what is most
> recommended?  I used IPSec in the past and it worked well.  We will have
> multiple subnets in the main office, but I've read on it and I understand
> that I may have to configure the networks in the vpn connection correctly
> or use multiple tunnels.  Since this is a disaster recovery site, the
> traffic would not be time-sensitive, so I may want to use the traffic
> shaper to lower its priority, if possible, as the WAN link used for the VPN
> tunnel would also be used for all our traffic.
>
> Thanks,
>
> Ugo
>
> __**_
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/**mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Delivery Status Notification (Failure)

2012-03-08 Thread Oliver Hansen 
Yes that's correct.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Delivery Status Notification (Failure)

2012-03-07 Thread Oliver Hansen 
On Mar 6, 2012 10:06 PM, "Joseph Rotan"  wrote:
>>
>> Hi,
>>
>> I would like to seek any assistance on how could i add a network printer
to
>> my pfsense LAN.
>>
>> I install pfsense 2.0 machine for a High school computer Lab with 20
>> computers connected to a centralised switch, now the school has bought a
>> network printer and would like to use it.
>>
>> I went to this link http://www.freebsddiary.org/apsfilter.php however
>> seeking your assistance before I proceed.
>>
>> My pfsense LAN setup as follows :
>>
>> An ADSL connection to the WAN port of my pfsense machine and the LAN port
>> of my pfsense to a centralised switch, on the same switch all 20 PC's are
>> connected plus a network printer.
>>
>>
>> Thanks
>>
>> Joseph.
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
Unless I'm missing something pfsense doesn't need to be involved here. Just
plug in the printer to your switch and give it a static ip.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] available option?

2012-03-06 Thread Oliver Hansen 

On 3/6/2012 12:17 AM, Orges Ndrecka wrote:


Hi Oliver,

1 - I need to have the PfSense in Bridge mode, not NAT.

2-In Aliases is possible to add hosts under each group not by adding 
_subnets_?


Many thanks,

Orges



1- I'm not sure about bridging. Never used it.
2- Sure, go to Firewall -> Aliases, Add new and choose type "Host". Then 
add as many hosts as you like.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] available option?

2012-03-05 Thread Oliver Hansen 
On Mar 5, 2012 2:27 AM, "Orges Ndrecka"  wrote:
>
>
>
> Hello,
>
> I cant find options in PfSense to assign hosts into different groups and
assign to each host separately bandwidth limits. I need to know if this
option is supported by PfSense in order to continue implement PfSense into
my systems.
>
>
>
> What I would like to do with PfSense is to group my hosts connected to
the LAN port of PfSense and assign  bandwidth limits to each group. After
that to assign bandwidth limits to each host of the group.
>
> In the scheme below is an example describing better what I need to get
from PfSense;
>
>
>
>
> Lets assume Group 1 has 3 hosts, I want to assign to this group 3 Mbps/3
Mbps and each of the hosts in the group 256 Kbps/128 Kbps.
>
> Group 2 has also 3 hosts and I want to assign also to this group 2 Mbps/2
Mbps and to each of the hosts  512 Kbps/256 Kbps.
>
>
>
> I have configured WAN and LAN in “bridge” mode. Created limiters for the
host groups. Also created rules in WAN and LAN interface respectively for
Group 1 and Group 2. And after this I cant find any option how to assign
the hosts that I want under each group…
>
> Is there any possibility for this kind of configuration to be made on
PfSense?
>
> I’ve been using before ALLOT and this was an option available and very
suitable for my network, now I want to implement PfSense and I cant find
this option or a similar one to offer a solution for this.
>
>
> Please help me on this.
>
>
>
>
> Many thanks in advance,
>
>
>
> Orges Ndrecka
>
> Tirana, Albania
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>

Have you looked at aliases?
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Per-Host Current Throughput?

2012-02-28 Thread Oliver Hansen 
On Feb 28, 2012 12:27 PM, "Adam Piasecki" 
wrote:
>
> On 2/28/2012 3:12 PM, Tim Nelson wrote:
>>
>> Greetings-
>>
>> I remember around the time of the 2.0 betas (or as an addon to the 1.x
branch), there was a way to see the bandwidth used per host. It was
displayed next to the SVG graph for the selected interface. However, I'm
completely unable to see how this was previously done. Am I missing
something completely obvious?
>>
>> --Tim
>>
>> _
>
> This works for me on 2.0.1. No packages needed.
>
> Thanks,
> Adam
>
> --
> Adam M Piasecki
> MidAtlanticBroadband
> Office: 410-727-8250 x 123
> Cell: 940-224-4837
> Fax: 410-727-8245
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list

You do need to access the traffic graph page. It doesn't show on the
dashboard iirc.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 802.1X VLAN function and switch support

2011-12-14 Thread Oliver Hansen 
I don't have the answer but I would also be interested if anyone knows
about this functionality. It could possibly help in a situation I've
encountered recently.
On Dec 14, 2011 2:17 PM, "bsd"  wrote:

> Hi,
>
> I am bit off topic for the pfSense list, but since I want to be compliant
> with the FreeRadius package deployed on the pfSense system… I guess It is
> ok to ask that question here.
>
>
> I want FreeRadius to provide distinct VLANs to each of my clients based on
> the parameters defined in the FreeRadius settings. I am not certain that a
> lot of switches are compatible with this function, most of them provide
> 802.1X authentication, but can they automatically set the VLAN once the
> client has authenticated ?
>
> Can they provide a default VLAN for failed auth?
>
>
> As stated on the package, the switch should understand the following
> parameters :
>
> Tunnel-Type = VLAN
> Tunnel-Medium-Type = IEEE-802
> Tunnel-Private-Group-ID = "My_ID"
>
>
> Any feed back on implementing this VLAN attribution feature with
> FreeRadius and xxx switch will be welcome.
>
> Switch brands supporting this feature is also of interest…
>
>
> Thanks.
>
>
> ––
> -> Grégory Bernard Director <-
> ---> www.osnet.eu <---
> --> Your provider of OpenSource appliances <--
> ––
> OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 3G USB Modem installation on PFSENSE

2011-12-04 Thread Oliver Hansen 


On 12/4/2011 8:07 AM, Andreas Kaiser wrote:


Am 04.12.2011 um 16:08 schrieb Nabeel Hasan:


I have a 3G USB Modem Model number is ZTE FFF1. When I connect it to Windows 
Platform it install its driver automatically. Now I want to use this USB 
Broadband device with Pfsense. Please help me to configure it on pfsense. I am 
using pfsense on virtual machine.


I had the same problem a few weeks ago. It might have been a different device, 
but I think there's almost no (if any) USB 3G device out there with drivers for 
any OS but Windows, OS X. Even for Linux there are only a handful.

I kind of solved the problem by setting up another VM with Win XP as guest OS and using 
it's crappy "Internet Connection Sharing". I set it up like this:

physical network (LAN)<->  pfSense VM<->  virtual network (WAN)<->  Win XP<->  
USB 3G device

Not a nice and everlasting solution in any way, but the only one I got working. 
And it's still better than no internet connectivity at all.


HTH,

Andreas
There are actually quite a few modems that work with pfSense 2.0. It's 
not plug and play but if you follow the documentation it's not too hard 
to set up. I don't know if your specific modem is supported but I 
suggest looking at the documentation: 
http://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems


-Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] four dental offices + cable or dsl bettween

2011-10-28 Thread Oliver Hansen 
Try to get the same ISP(s) at each location if possible as the latency is
usually a lot better.
On Oct 28, 2011 11:59 AM, "Adam Thompson"  wrote:

> Technically, yes, but in most places DSL and Cable Modem connections are
> not reliable enough for this unless you have one of each.  With this setup,
> if either the branch link or the head office link goes down, all work in
> that branch office comes to a complete halt instantly.  I recommend one DSL
> and one cable modem at each location, and set up routing to prefer whichever
> one has the better upstream bandwidth. 
>
> ** **
>
> -Adam Thompson
>
> athom...@athompso.net
>
> ** **
>
> ** **
>
> *From:* list-boun...@lists.pfsense.org [mailto:
> list-boun...@lists.pfsense.org] *On Behalf Of *justino garcia
> *Sent:* Friday, October 28, 2011 12:17
> *To:* list@lists.pfsense.org
> *Subject:* [pfSense] four dental offices + cable or dsl bettween
>
> ** **
>
> Would four
> http://www.applianceshop.eu/index.php/opnsense-rack-edition-pfsense-appliance.htmldo
>  me justice.
> I will have one Main DC in one office, and all others speak to that DC, and
> database / app server for dental stuff?
>
>
>
> --
> Justin
> IT-TECH
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] All DHCP leases expired?

2011-10-02 Thread Oliver Hansen 

I think this will answer your questions:
http://forum.pfsense.org/index.php/topic,38896.0.html

Oliver Hansen


On 10/2/2011 8:23 PM, Liwei wrote:

On 3 October 2011 05:32, Jim Pingle  wrote:

If you are seeing that being ignored, your code is out of date. That was
fixed a couple weeks ago, as was the DUID parsing and other bits.

Jim

Ah okay. So I must ask this:

Currently I'm tracking Seth Mos' ipv6 overlay at
git://github.com/smos/pfsense-ipv6.git to give pfsense its ipv6
capabilities. Seems like it was last updated July 15th. You suggest
that there is newer code available, so I assume that's in the official
pfsense repository at https://github.com/bsdperimeter/pfsense.git
(seems like it)?

Does that mean that the changes for ipv6 capability has been absorbed
into the official repo? If so, can I safely change the overlay url
without breaking anything in my current setup?

Pardon me if the questions are stupid since I didn't keep up with what
happened with ipv6 development after initially getting it to work on
my setup months ago.

Liwei


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list