Re: [pfSense] ZFS on 2.4.2

2018-03-07 Thread Peder Rovelstad
> That is an urban legend. One of original developers of ZFS was 
> interviewed

OK, then.  Not my data.  Best of luck.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] ZFS on 2.4.2

2018-03-07 Thread Peder Rovelstad
OH, and w/o ECC memory, it's a time bomb.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Peder
Rovelstad
Sent: Wednesday, March 7, 2018 9:33 AM
To: 'pfSense Support and Discussion Mailing List' <list@lists.pfsense.org>
Subject: Re: [pfSense] ZFS on 2.4.2

Oh, for certain.  Lz4 compression is certainly stressful enough (too much
actually) for as low power a device as a SG-2220.

Only posting to fan the flames!  :)

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick Khera
Sent: Wednesday, March 7, 2018 8:57 AM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] ZFS on 2.4.2

On Tue, Mar 6, 2018 at 6:51 PM, Peder Rovelstad <provels...@comcast.net>
wrote:

> Here's a ZFS tuning guide if you have not seen.
> https://wiki.freebsd.org/ZFSTuningGuide
>
> But only goes to v9.
>

You 100% do not want nor need to turn on de-dupe. Especially on a boot
volume of pfSense.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] ZFS on 2.4.2

2018-03-07 Thread Peder Rovelstad
Oh, for certain.  Lz4 compression is certainly stressful enough (too much
actually) for as low power a device as a SG-2220.

Only posting to fan the flames!  :)

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick Khera
Sent: Wednesday, March 7, 2018 8:57 AM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] ZFS on 2.4.2

On Tue, Mar 6, 2018 at 6:51 PM, Peder Rovelstad <provels...@comcast.net>
wrote:

> Here's a ZFS tuning guide if you have not seen.
> https://wiki.freebsd.org/ZFSTuningGuide
>
> But only goes to v9.
>

You 100% do not want nor need to turn on de-dupe. Especially on a boot
volume of pfSense.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] ZFS on 2.4.2

2018-03-06 Thread Peder Rovelstad
Here's a ZFS tuning guide if you have not seen.
https://wiki.freebsd.org/ZFSTuningGuide 

But only goes to v9.

 

Down the page they ref 2-5GB/TB for dedupe.  Free advice, worth every penny
paid!

 

https://www.freebsd.org/doc/en/books/faq/all-about-zfs.html

 

My NAS4Free server uses 90% of its 4GB RAM for a 3TB volume, configured with
1.75GB arc_max.

 

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Paul Mather
Sent: Tuesday, March 6, 2018 12:09 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] ZFS on 2.4.2

 

On Mar 6, 2018, at 12:39 PM, Walter Parker < 
walt...@gmail.com> wrote:

 

> On Mon, Mar 5, 2018 at 6:38 PM, Curtis Maurand <
 cmaur...@xyonet.com> wrote:

> 

>> ZFS is a memory hog.   you need 1 GB of RAM for each TB of disk.

> 

> 

> Curtis, can you provide some more details? I have been testing this 

> for the last couple of weeks and ZFS doesn't require 1G for each TB to 

> function (which is the standard meaning of need).

> From my direct testing and experience 1G per TB is a rule of thumb for 

> suggested memory sizing on general purpose servers. Do you have 

> specific information that violating this rule of thumb will cause
functional issues?

> 

> To be more blunt, was this a case of drive by nerd sniping or do you 

> know something that will cause my specific use case to fail at some 

> point in the future?

 

 

The "1G for each TB" sounds like the rule of thumb for when you plan to
enable deduplication on a dataset.  ZFS deduplication can be a disastrous
memory hog (or else completely ruin your performance if you don't have
sufficient ARC memory/resources), which is why many people do not enable it
unless they've made a serious conscious decision to do so.

 

I ran ZFS on a 1--2 GB RAM FreeBSD/i386 system for years and it was stable.
I have to tune KVM and restrict ARC RAM consumption, but once I did that I
had no problems.  It's my experience that ZFS is more stable and tested on
FreeBSD/amd64.

 

Cheers,

 

Paul.

 

 

> 

> 

> Walter

> 

> 

> 

>> On 3/1/2018 1:49 AM, Walter Parker wrote:

>> 

>>> Forgot to CC the list.

>>> 

>>> On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker <
 walt...@gmail.com>

>>> wrote:

>>> 

>>> Thank you for the backup script.

 

 By my calculations, 2G should be enough. If I limit the ARC cache 

 to 1G, that leaves 1G for applications & kernel memory. As I'm not 

 serving the 6TB drive up as a file server, but using it for one 

 specific task (to receive the backups from one host) I figure that 

 I don't need lots of memory. ZFS as a quick file server or busy 

 server needs lots of memory to be quick.

 I've seen testing showing ZFS doing fast file copies on as little 

 as 768M total system after proper memory tuning.

 

 I need ZFS because it is the only file system that can receive 

 incremental ZFS snapshots and apply them. I have not setup the ZFS 

 backup software yes, so I'm just using rsnapshot. First time it 

 ran, it filled all 1G of the cache. I rebooted the firewall 

 afterwards and now ZFS with 60-100M of usage (the amount of data 

 that rsync updates on a daily basis is pretty small).

 Right now, the data from the other server is ~8.8G, compressed to 

 1.7G with lz4.

 

 When I get the full backup running, I will be ~1.5TB in size. ZFS 

 snapshots should be pretty small and quick (as it can send just the 

 data that was updated without having to walk the entire 

 filesystem). An rsync backup would have to walk the whole system to
find all of the changes.

 Most

 of the data on the system doesn't change (as it is a media library).

 

 I'll post back more results if people are interested, after I get 

 the backup software working (I'm thinking about using ZapZend).

 

 

 Walter

 

 

 

 On Wed, Feb 28, 2018 at 8:54 PM, ED Fochler 

 <  soek...@liquidbinary.com>

 wrote:

 

 I feel like I'm late in responding to this, but I have to say that 

 2GB of

> RAM doesn't seem like nearly enough for a 6TB zfs volume.  ZFS is 

> great in a lot of ways, but is a RAM consuming monster.  For 

> something RAM limited like the 2220 I'd use a different, simpler 

> file format.  Then I'd use rsync based snapshots.

> 

> Here's my personal backup script.  :-)  I haven't tried it FROM 

> pfsense, but I've used it to back up pfsense.

> 

> ED.

> 

> 

> 

> 

> 

> On 2018, Feb 21, at 12:23 PM, Walter Parker <
 walt...@gmail.com> wrote:

>> 

>> Hi,

>> 

>> I have 2.4.2 installed on an SG-2220 from Netgate [nice box]. I 

>> just


Re: [pfSense] pfSense on WatchGuard xtm 810?

2018-02-16 Thread Peder Rovelstad
You'll be better off.  HDD or SSD. 

-Original Message-

well. there is sata ports. I will try them first..

Eero

16.2.2018 21.27 "Peder Rovelstad" <provels...@comcast.net> kirjoitti:

> May be wrong, but I think without nano, you can only install full, 
> which will thrash the CF in short order.  But I see someone on EBay 
> selling one preconfigured for the xtm 5 series.
> No headers for a 2.5" drive inside, eh?  Here's a guide, but you'd 
> still need a CF adapter or machine with a CF slot for install.
> https://doc.pfsense.org/index.php/Upgrading_64-bit_NanoBSD_2.3_to_2.4
>
> >
> >I've had good luck in similar cases by installing on a generic 
> >machine
> then
> putting the media in the target box.
>
> >>On Feb 16, 2018, 13:40, at 13:40, Eero Volotinen 
> >><eero.voloti...@iki.fi>
> wrote:
> >>Hi List,
> >>
> >>I need to install pfsense 2.4 on watchguard xtm 810. there is issue 
> >>as it does not boot from usb stick, only from cf or sata.
> >>
> >>Any idea how to install pfsense on it? it works with 2.3 nano-vga 
> >>image, but such is not available for pfsense 2.4
> >>
> >>--
> >>Eero
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] pfSense on WatchGuard xtm 810?

2018-02-16 Thread Peder Rovelstad
May be wrong, but I think without nano, you can only install full, which
will thrash the CF in short order.  But I see someone on EBay selling one
preconfigured for the xtm 5 series.
No headers for a 2.5" drive inside, eh?  Here's a guide, but you'd still
need a CF adapter or machine with a CF slot for install.
https://doc.pfsense.org/index.php/Upgrading_64-bit_NanoBSD_2.3_to_2.4

>
>I've had good luck in similar cases by installing on a generic machine then
putting the media in the target box.

>>On Feb 16, 2018, 13:40, at 13:40, Eero Volotinen 
wrote:
>>Hi List,
>>
>>I need to install pfsense 2.4 on watchguard xtm 810. there is issue as 
>>it does not boot from usb stick, only from cf or sata.
>>
>>Any idea how to install pfsense on it? it works with 2.3 nano-vga 
>>image, but such is not available for pfsense 2.4
>>
>>--
>>Eero


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-16 Thread Peder Rovelstad
Not that I've been able to find.  I think the next gen x64 did.  

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Kyle Marek
Sent: Tuesday, January 16, 2018 2:12 PM
To: list@lists.pfsense.org
Subject: Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw 
forces Linux, Windows redesign • The Register - patch to pfsense?

No speculative execution on your 32-bit machine?

On 01/16/2018 03:02 PM, Peder Rovelstad wrote:
> Back to my x86 Via box!  :/  Just when my Hyper-V x64 was really tuned...
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Rainer Duffner
> Sent: Tuesday, January 9, 2018 5:32 PM
> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
> Subject: Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw 
> forces Linux, Windows redesign • The Register - patch to pfsense?
>
>
>
>> Am 10.01.2018 um 00:14 schrieb Kyle Marek <pspps...@gmail.com>:
>>
>> This contradicts the majority of the purpose of virtualization.
>
> Interesting that you bring it up….
>
> I give you Theo de Raadt in late 2007:
>
>
> https://marc.info/?l=openbsd-misc=119318909016582 
> <https://marc.info/?l=openbsd-misc=119318909016582>
>
>
> ;-)
>
>
>
> Meanwhile, Netgate has published an updated statement:
>
> https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html 
> <https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-16 Thread Peder Rovelstad
Back to my x86 Via box!  :/  Just when my Hyper-V x64 was really tuned...

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Rainer Duffner
Sent: Tuesday, January 9, 2018 5:32 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw 
forces Linux, Windows redesign • The Register - patch to pfsense?



> Am 10.01.2018 um 00:14 schrieb Kyle Marek :
> 
> This contradicts the majority of the purpose of virtualization.


Interesting that you bring it up….

I give you Theo de Raadt in late 2007:


https://marc.info/?l=openbsd-misc=119318909016582 



;-)



Meanwhile, Netgate has published an updated statement:

https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html 





___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Moving traffic between LAN & OPT1

2017-12-24 Thread Peder Rovelstad
>From the simple side, if you're just trying to use the additional ports on
your device for devices on the same LAN  (as you would with a consumer-grade
home router like an Asus or Netgear), you can just create a bridge with the
non-WAN ports and they'll act as a switch, no rules required.  If not the
case, you will need rules on those interfaces to reach the individual
subnets.


-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Antonio
Sent: Friday, December 22, 2017 10:26 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] Moving traffic between LAN & OPT1

Hi,

I'm not sure how you move traffic between the above interfaces. I was under
the impression that all you needed was a "Default allow LAN to any rule" and
job done. Yet i'm struggling to get devices of different interfaces to
communicate. What am I missing?


Thanks



-- 


Respect your privacy and that of others, don't give your data to big
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your
messaging or
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] pfSense in AWS VPC

2017-11-24 Thread Peder Rovelstad
Play me again...
Play me again...
Play me again...
Play me again...

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Watson Kamanga
Sent: Thursday, November 23, 2017 6:45 AM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] pfSense in AWS VPC

Services, DHCP Server  . untick enable dhcp .

Watz . 

On 11/23/17, 4:42 PM, "List on behalf of André Rodier" 
 wrote:

Hello,

Thanks for this great BSD distribution.

We are actually using pfSense on a dedicated hardware infrastructure of
multiple server, with one of them being a web portal application.

We are using the OpenVPN server to restrict access this web application,
on a specific domain (https://app.london.sq). The web application is
only exposed through this interface, and therefore not accessible
externally.

We are now facing a challenge, to replicate this infrastructure on AWS,
inside a VPC. The VPC service from AWS is having a dedicated DHCP
server, that would conflict with the DHCP server of the firewall.

In this scenario, how can we run the pfSense as a firewall in a AWS
powered virtual private cloud, but without using the DHCP server that
comes with pfSense.

Thanks for your help and advices.

Kind regards,
André Rodier
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-24 Thread Peder Rovelstad
Is there a CMOS battery onboard?  Just a thought.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Elijah Savage
Sent: Friday, November 24, 2017 6:01 AM
To: 'pfSense Support and Discussion Mailing List' 
Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate

To this point, has anyone replaced the mSATA drive in these? The lights and 
everything still comes on in the front.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim Thompson
Sent: Thursday, November 23, 2017 7:35 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate

If there is no response from the bootloader (coreboot) on the serial port, then 
the hardware died, and the upgrade’s only involvement was the reboot at the 
end. 

Jim

> On Nov 23, 2017, at 10:59 AM, Ryan Coleman  wrote:
> 
> There’s likely a package you added to your APU4 that is stopping the upgrade.
> 
> If you use reddit you can get some assistance from more NetGate staff
> there: http://reddit.com/r/pfsense/
> 
>> On Nov 23, 2017, at 10:08 AM, Elijah Savage  wrote:
>> 
>> I know it is an older model but after my attempt to upgrade my APU4 
>> it would not reboot. I let it sit for 24 hours as it was still 
>> passing traffic but no reboot. Logged into the console from my laptop 
>> and rebooted it and nothing comes back. It doesn't give anything on 
>> the console and doesn't beep anymore when booting up, I believe it doesn't 
>> get to that point.
>> 
>> 
>> 
>> Interesting enough I was able to get 2.4 loaded on an older dell 
>> optiplex
>> 780 with 3 nics to replace it just fine.
>> 
>> 
>> 
>> This is not intended to bash pfSense, I like it so much that I do 
>> contribute monetarily. This meant to be nothing more than a public 
>> service announcement for others with this platform. Maybe it was just 
>> time for mine to dye and it potentially has nothing to do with pfSense.
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense in AWS VPC

2017-11-24 Thread Peder Rovelstad
Turn me over...
Turn me over...
Turn me over...
Turn me over...

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Watson Kamanga
Sent: Thursday, November 23, 2017 6:45 AM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] pfSense in AWS VPC

Services, DHCP Server  . untick enable dhcp .

Watz . 

On 11/23/17, 4:42 PM, "List on behalf of André Rodier" 
 wrote:

Hello,

Thanks for this great BSD distribution.

We are actually using pfSense on a dedicated hardware infrastructure of
multiple server, with one of them being a web portal application.

We are using the OpenVPN server to restrict access this web application,
on a specific domain (https://app.london.sq). The web application is
only exposed through this interface, and therefore not accessible
externally.

We are now facing a challenge, to replicate this infrastructure on AWS,
inside a VPC. The VPC service from AWS is having a dedicated DHCP
server, that would conflict with the DHCP server of the firewall.

In this scenario, how can we run the pfSense as a firewall in a AWS
powered virtual private cloud, but without using the DHCP server that
comes with pfSense.

Thanks for your help and advices.

Kind regards,
André Rodier
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-23 Thread Peder Rovelstad
MUA == Made Up Acronym lol

Top posting is useful.  It's like being at a cocktail party and you leave
the conversation to get a meatball.  When you return, you ask, "What did I
miss?" and you just drop down one line to review.  

Die, bottom posting, just die.  :)  Back to your regularly scheduled
program!

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Adam
Thompson
Sent: Thursday, February 23, 2017 5:39 AM
To: pfSense Support and Discussion Mailing List ;
Jim Thompson 
Subject: Re: [pfSense] pfsense twitter account making rude comments.

Not just default - many MUAs (gmail, outlook, virtually every web-based
service) don't correctly handle or in some cases even _permit_ the
traditional method at all.

Much like IRC and two spaces a a period, in-line or appended replies are now
historical relics, broadly replaced by things that completely ignore the
older technologies' design decisions and strengths.  Welcome to the future.
:-(

-Adam


On February 23, 2017 12:51:44 AM CST, Jim Thompson  wrote:
>Because that's what most MUAs default to these days. (joke
>intended)
>
>On Thu, Feb 23, 2017 at 12:38 AM, WebDawg  wrote:
>
>> Why does everyone top post on this list?
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-25 Thread Peder Rovelstad
FWiW - My nano (4 NICs, 1GB, Community), PuTTY says:

kern.ipc.nmbufs: 131925
kern.ipc.nmbclusters: 20612

but nothing explicitly set on the tunables page, just whatever's built in.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife
Sent: Wednesday, January 25, 2017 4:02 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot
failure with pfSense 2.3.2

This is a good theory, because RRD data from 2.2.6 suggests that the
difference in utilization between the versions is slight, and that we had
'barely' exhausted our system default allocation.

Is there a difference between nano and full with respect to the installer
explicitly setting tunables for kern.ipc.nmbclusters and kern.ipc.nmbuf?
Vick Khera says he sees explicitly set tunables on his
2.3.2 system, yet my virgin installation of Nano pfSense 2.3.2 has no
explicit declarations?

Vick, is your Supermicro A1SRi-2758F running an installation that came from
Netgate, or is it a community edition installation?  If the latter, Full or
Nano?


On 1/25/2017 3:49 PM, Jim Pingle wrote:
> On 01/25/2017 01:10 PM, Karl Fife wrote:
>> The piece that's still missing for me is that there must have been 
>> some change in default system setting for FreeBSD, or some other 
>> change between versions, because the system booted fine with pfSense 
>> v 2.2.6
> Aside from what has already been suggested by others, it's possible 
> that the newer drivers from FreeBSD 10.3 in pfSense 2.3.x enabled 
> features on the NIC chipset that consumed more mbufs. For example, it 
> might be using more queues per NIC by default than it did previously.
>
> Jim
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-25 Thread Peder Rovelstad
There were changes in the defaults from FreeBSD 9 to 10.

https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning

Could that be it?  Old config overwriting new defaults?

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife
Sent: Wednesday, January 25, 2017 12:11 PM
To: ESF - Electric Sheep Fencing pfSense Support 
Subject: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure
with pfSense 2.3.2

pfsense 2.2.6 was running without issue on our Supermicro A1SRi-2758F
rangeley board (Intel Atom C2758)

When we upgraded to 2.3.2, the new system failed to boot due to having
insufficient RAM allocated to network memory buffers.  We had to interrupt
the boot process increase the value of kern.ipc.nmbclusters (as per below),
then complete the boot process long enough to set system tuneables (below)
to allow subsequent startup.

What I've read online, the basic issue is that the combination of high CPU
count, high NIC count, and the igb driver create a (historically) atypically
demand for network buffer RAM.  That is consistent with our fix.

The piece that's still missing for me is that there must have been some
change in default system setting for FreeBSD, or some other change between
versions, because the system booted fine with pfSense v 2.2.6 without the
need for an advanced system tuneables.  Unless there's something
specific/quirky with our setup, it would seem sensible to me that for
subsequent releases, there should be system defaults suitable for modern
boards with resources like those found on boards like Rangeley.  I observe
that many others have had this same issue, so I doubt that this is a case of
our migrated settings preempting modern suitable defaults.

Any thoughts?

kern.ipc.nmbclustersIncreased to 8x observed MBUF Usage. Default is 
too low for CVP Rangeley board, causing boot failure.   295600  
kern.ipc.nmbufs Increased to 2x default value, ~2.2x observed usage 
(netstat -m). Default is too low for CVP Rangeley board, causing lockups.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] Hello World?

2017-01-24 Thread Peder Rovelstad
Is the list constipated?  I haven't received anything all month.

 

If just me, sorry for the annoyance.

 

Peder

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] looking for perfect pfsense box for home?

2016-08-21 Thread Peder Rovelstad
>  Blaming a would-be customer for not seeing/finding something on a
catalog/store/marketing page is probably not a good strategy as it won't
help sales.

I'd 'Like' this myself, but I don't have thumbs.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Peder Rovelstad
If my old hardware died today, I might get one of these.  Or go virtual.

http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007


-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
Volotinen
Sent: Wednesday, August 03, 2016 2:37 AM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] looking for perfect pfsense box for home?

Any ideas where to find perfect pfsense box for home usage.

Must be cheap and silent? netgate device? shuttle box?

--
Eero


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] How to determine supported packages without installing

2016-06-17 Thread Peder Rovelstad
This help?  https://forum.pfsense.org/index.php?topic=8640.0


-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Bryan D.
Sent: Friday, June 17, 2016 3:23 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] How to determine supported packages without installing

How does one determine the currently supported packages for the current
released version of pfSense without installing pfSense, first.

I did find https://doc.pfsense.org/index.php/Features_List but, since
there's no stated pfSense version associated with the page and since I've
found it to be inaccurate in the past, I wouldn't trust it.

I also found https://www.pfsense.org/get-support/supported-packages.html
(though it's "breadcrumb" shows it as being "Home | Support | Supported
Packages", it's not linked on https://www.pfsense.org/get-support/).  I
suspect this may be the current one but, again, there's no associated
pfSense version stated so ... ???

In my case, there's one package I require to be supported before we can
update to 2.3, so this information is a pre-requisite to updating.

BTW, a site-search capability would be nice, on the pfSense home page.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] IPSec nat issue

2016-05-26 Thread Peder Rovelstad

On 5/26/2016 2:09 PM, Rosen Iliev wrote:
> The other end has a conflict with our LAN addressing(192.168.1.0/24). 
> So in phase 2, we setup a Tunnel IPv4 using 193.168.1.0/24 for the 
> local Network.  NAT/BINAT network of 192.168.85.0/24.  Their remote 
> network is 192.168.75.0/24.

It's probably best to remove the conflict instead of perform the NAT. I
appreciate that re-addressing your network could be impractical though.

If the remote side is using 192.168.1/24 and you are using that same space,
it doesn't seem like using a sonicwall will make the situation any better.

Where exactly are you looking with 'pfSense's packet capture tool'? Are you
looking on the ipsec tunnel or on your 192.168.1/24 interface?

Can the far end folks be more explicit about the failure mode? Perhaps they
could indicate exactly what response they get to the ICMP echo request?

I would think you would need another private net for the tunnel, something
like this:

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike
-protocols/14143-same-ip.html


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread Peder Rovelstad
No, see this thread.
https://forum.pfsense.org/index.php?topic=109928.msg612160#msg612160



-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
WolfSec-Support
Sent: Tuesday, May 03, 2016 11:37 AM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] never ending update status / "Obtaining update
status" endless / on v2.3 on 32bit HW / e.g. ALIX

Hi Peder,

yep, seems to work.

But CF will last much shorter now due to RW instead of RO ?

Cheers
Stephan



2016-05-03 15:01 GMT+02:00 Peder Rovelstad <provels...@comcast.net>:

> Set card to full-time RW and disable the update check.  Worked for my 
> low power install.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of 
> WolfSec-Support
> Sent: Tuesday, May 03, 2016 7:36 AM
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] never ending update status / "Obtaining update 
> status" endless / on v2.3 on 32bit HW / e.g. ALIX
>
> Update:
> all i386 nanoBSD installs are affected
>
> An ALIX with i386 on SSD and normal pfsense image works well
>
> so seems only i386 nanoBSD installs are affected
>
>
> 2016-05-03 14:32 GMT+02:00 WolfSec-Support <supp...@wolfsec.ch>:
>
> > Hello,
> >
> >
> > have seen this behaviour on all my 32bit ALIX boards.
> >
> > "Obtaining update status"  is hown endless
> >
> > Has someone else have seen this ?
> >
> > I tried for tests multiple external DNS, also google 8.8.8.8 - no
> success.
> > All on different ISP's and different locations.
> >
> > On my amd64 on all works fine - independent on hardware.
> >
> > Kind Regards
> > Stephan
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] never ending update status / "Obtaining update status" endless / on v2.3 on 32bit HW / e.g. ALIX

2016-05-03 Thread Peder Rovelstad
Set card to full-time RW and disable the update check.  Worked for my low
power install.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
WolfSec-Support
Sent: Tuesday, May 03, 2016 7:36 AM
To: list@lists.pfsense.org
Subject: Re: [pfSense] never ending update status / "Obtaining update
status" endless / on v2.3 on 32bit HW / e.g. ALIX

Update:
all i386 nanoBSD installs are affected

An ALIX with i386 on SSD and normal pfsense image works well

so seems only i386 nanoBSD installs are affected


2016-05-03 14:32 GMT+02:00 WolfSec-Support :

> Hello,
>
>
> have seen this behaviour on all my 32bit ALIX boards.
>
> "Obtaining update status"  is hown endless
>
> Has someone else have seen this ?
>
> I tried for tests multiple external DNS, also google 8.8.8.8 - no success.
> All on different ISP's and different locations.
>
> On my amd64 on all works fine - independent on hardware.
>
> Kind Regards
> Stephan
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] pfSense 2.3 and Unsupported Bandwidthd and Vnstat2

2016-04-13 Thread Peder Rovelstad
First off, congratulations on the latest version.  It is just beautiful in
its presentation of the management pages and so far I haven't run into any
(non-self-inflicted) problems, though it appears my VIA C7 platform is
reaching its EOL.  I may need to roll back to 2.2.5 and call it quits for
this platform.  Tale of woe follows, but since this is just a home FW, it's
nothing I won't be able to recover from given a fresh install.  

After upgrading, I saw messages that Bandwidthd and Vnstat2 were no longer
supported.  Not showstoppers for me, so I figured, fine, I'll just change
the bootup slice, reboot, remove the packages and upgrade again.  Due to my
own unfamiliarity with the new interface, I managed to hit the "Duplicate
Slice" rather the "Change Slice" button.  Since there was no confirmation
dialog (yes, I know it was MY mistake) it went ahead an did exactly what it
was told to.  

Anyway, I just thought I'd throw out the need for a confirmation for this
function.  After all, there is double confirmation required for a simple
reboot.

Carry on with more important issues and thanks again for a great project.

Peder



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] 2.2-RELEASE Via Padlock

2015-01-25 Thread Peder Rovelstad
Hello.  Has Via Padlock Hardware Crypto support been disabled in
pfSense/FreeBSD 10?  Not a big deal for me as I can stay on 2.1.5, but may
be for others.  Also, when will x86 support disappear entirely?  Burdened by
old hardware here...  Thanks.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] RRD persistence

2015-01-07 Thread Peder Rovelstad
System: Advanced: Miscellaneous: RAM Disk Settings (near page bottom)

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
Nenhum_de_Nos
Sent: Wednesday, January 07, 2015 6:01 AM
To: list@lists.pfsense.org
Subject: [pfSense] RRD persistence

Hail,

I have a couple of pfsense using the nanobsd approach. Great stability,
great for flash memory.
But I always loose my rrd data when I reboot.

is there a way to have it written like once a day/week ?

thanks,

matheus


-- 
We will call you cygnus,
The God of balance you shall be

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

http://en.wikipedia.org/wiki/Posting_style
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Peder Rovelstad
Mine (i386) didn't show an update available, but I downloaded and upgraded
manually on my Via C7 appliance without issue.

I did note the Code Red color scheme wraps the page header bar, putting
Help under System.   I have such problems...

Thanks again for all the hard work.  

Peder
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Peder Rovelstad

 I did note the Code Red color scheme wraps the page header bar, putting
 Help under System.   I have such problems...

It did this for me a well, but holding the shift key down and doing a
browser refresh fixed it.

Doug

And there you go.  Thanks!

P
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


[pfSense] Is this my OpenVPN crashing/restarting?

2014-07-23 Thread Peder Rovelstad
Disco'd at 11:21.  Logs attached (reading bottom to top).  I'm using UDP.
Would TCP make a difference?  Thanks for any input.

 

Peder

 

Jul 23 11:21:45openvpn[55301]: OpenVPN 2.3.2
i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built
on Mar 27 2014

Jul 23 11:21:45openvpn[59933]: SIGTERM[hard,] received, process
exiting

Jul 23 11:21:45openvpn[59933]: /usr/local/sbin/ovpn-linkdown
ovpns1 1500 1558 192.168.10.1 192.168.10.2 init

Jul 23 11:21:45openvpn[59933]: event_wait : Interrupted system
call (code=4)

Jul 23 11:20:29openvpn: user 'vpnadmin' authenticated

Jul 23 10:20:25openvpn[59933]: vpnadmin/67.216.12.7:36915
send_push_reply(): safe_cap=940

Jul 23 10:20:22openvpn[59933]: vpnadmin/67.216.12.7:36915
MULTI_sva: pool returned IPv4=192.168.10.6, IPv6=(Not enabled)

Jul 23 10:20:22openvpn[59933]: 67.216.12.7:36915 [vpnadmin] Peer
Connection Initiated with [AF_INET]67.216.12.7:36915

Jul 23 10:20:22openvpn: user 'vpnadmin' authenticated

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?

2014-07-10 Thread Peder Rovelstad
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Stefan Baur
Sent: Thursday, July 10, 2014 9:38 AM
To: list@lists.pfsense.org
Subject: Re: [pfSense] How to Enable/Disable DynDNS update e-mail
notifiations?

(I'm kinda curious whether no one uses e-mail notifications in combination
with DynDNS, or why I'm the first to notice/complain. I can't really imagine
an everything OK e-mail being a desired feature for DynDNS updates, given
their frequency.)

-Stefan
---
Just saying, but I get one email a month; my WAN on Comcast DHCP.  But if I
did get a change, I think I'd want to know.  One more email is the least of
my problems, lol.

Jul 10 07:42:32 php: rc.dyndns.update: phpDynDNS (myhost.no-ip.org):
No change in my IP address and/or 25 days has not passed. Not updating
dynamic DNS entry.

Peder

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] 2.1.1 and OpenVPN Client Export

2014-04-07 Thread Peder Rovelstad
Reinstalled  package, fixed.

 

From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Peder
Rovelstad
Sent: Saturday, April 05, 2014 7:49 AM
To: 'pfSense support and discussion'
Subject: [pfSense] 2.1.1 and OpenVPN Client Export

 

I'm seeing a 404 when going to the Client Export tab.  Do I need to delete
my OVPN server and recreate to be able to export a new install package?
Using Mr. Wizard, I get port in use stepping through the process.  Or is
this even necessary?  It does connect OK with the old client.  Thanks much.

 

Peder

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] 2.1.1 and OpenVPN Client Export

2014-04-05 Thread Peder Rovelstad
I'm seeing a 404 when going to the Client Export tab.  Do I need to delete
my OVPN server and recreate to be able to export a new install package?
Using Mr. Wizard, I get port in use stepping through the process.  Or is
this even necessary?  It does connect OK with the old client.  Thanks much.

 

Peder

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense version 2.1.1 has been released

2014-04-04 Thread Peder Rovelstad
Worked for me on my home FW, but didn't reboot on own (I did receive mail
message that it would reboot in 10 sec).  Power cycle brought it back on the
right slice. Looking good!

 

I really shouldn't do these things when I'm on call. :/

 

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense version 2.1.1 has been released

2014-04-04 Thread Peder Rovelstad

On Fri, Apr 4, 2014 at 9:13 PM, Peder Rovelstad provels...@comcast.net
wrote:
 Worked for me on my home FW, but didn't reboot on own (I did receive 
 mail message that it would reboot in 10 sec).  Power cycle brought it 
 back on the right slice. Looking good!


Did you inadvertently switch architectures maybe? Going from 32 bit to
64 bit is the most common cause of that, when it finishes it can no longer
execute the reboot binary as it's a 64 bit binary on a 32 bit running
kernel. Though sounds like that's nano, where that wouldn't apply. Other
than that, ACPI issues tend to comprise the other scenarios where the system
won't reboot, but that's a scenario where the system wouldn't ever
successfully reboot on its own, it'd get stuck in the process of trying to
do so and hang until you power cycle it. What hardware is it?
___

I auto-updated through the GUI.  It is nano on a recycled Stonesoft SSL-400
VPN appliance.  VIA Esther proc, 1000MHz, Realteks, 4GB SLC SSD and 1GB RAM.

Board - http://portwell.industrialpartner.com/products-p/ppap-2020vl.htm
Box -
http://www.pcpro.co.uk/gallery/reviews/145317/stonesoft-stonegate-ssl-400


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


[pfSense] Question on FW log entries

2013-11-03 Thread Peder Rovelstad
Just a quick question for anyone who cares to reply, something I can't
figure out.  I have the default LAN - Any rule active on the LAN
interface, but I often see block entries such as those attached, in this
case from my kid's iPad to Google.   Other times I see blocks from internal
hosts to servers like Akamai, for example.  If the Any rule is active, why
would I see blocks?  Thanks for reading.

 

Peder

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Question on FW log entries

2013-11-03 Thread Peder Rovelstad
Original attachment blocked for size.  Thanks again.

 


 http://192.168.0.1/index.php block

Nov 3 08:51

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:51

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:51

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:51

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:51

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:51

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:47

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993


 http://192.168.0.1/index.php block

Nov 3 08:47

LAN

192.168.0.103 http://192.168.0.1/index.php 

74.125.142.108 http://192.168.0.1/index.php :993

 

 

From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org]
On Behalf Of Peder Rovelstad
Sent: Sunday, November 03, 2013 9:28 AM
To: list@lists.pfsense.org
Subject: [pfSense] Question on FW log entries

 

Just a quick question for anyone who cares to reply, something I can't
figure out.  I have the default LAN - Any rule active on the LAN
interface, but I often see block entries such as those attached, in this
case from my kid's iPad to Google.   Other times I see blocks from internal
hosts to servers like Akamai, for example.  If the Any rule is active, why
would I see blocks?  Thanks for reading.

 

Peder

image001.gif___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Question on FW log entries

2013-11-03 Thread Peder Rovelstad
Understood, thanks for the quick reply!

 

From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org]
On Behalf Of PiBa
Sent: Sunday, November 03, 2013 9:37 AM
To: pfSense support and discussion
Subject: Re: [pfSense] Question on FW log entries

 

This will probably answer that:
https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a
_legitimate_connection,_why%3F
PiBa-NL

Peder Rovelstad schreef op 3-11-2013 16:27:

Just a quick question for anyone who cares to reply, something I can't
figure out.  I have the default LAN - Any rule active on the LAN
interface, but I often see block entries such as those attached, in this
case from my kid's iPad to Google.   Other times I see blocks from internal
hosts to servers like Akamai, for example.  If the Any rule is active, why
would I see blocks?  Thanks for reading.

 

Peder






___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

 

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] openvpn configuration?

2013-10-16 Thread Peder Rovelstad
-Original Message-
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org]
On Behalf Of Kurt Buff
Sent: Wednesday, October 16, 2013 4:59 PM
To: pfSense support and discussion
Subject: [pfSense] openvpn configuration?

All,

Been quite a while since I've messed with pfsense, and am putting up a new
box with the latest pfsense (2.1-RELEASE AMD64.)

I created a non-admin user as well.

I've configured OpenVPN, and have installed the client on a Win7 x64
machine. When I connect with the non-admin (or admin) user, I get prompted
to access the cert, then to enter credentials, but then am disconnected with
the error message stating that Not an Access Server.

I've run through a couple of tutorials, including:
https://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
and
http://blog.stefcho.eu/?p=492

I'm still getting the above error.

Can anyone give me some pointers on where to look to resolve this?

Kurt
___

Hello, Kurt

I used this YouTube tutorial step by step and worked a treat.
http://www.youtube.com/watch?v=VdAHVSTl1ys

Peder


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] PFSENSE 2.01 NAT TUNNELING FOR PASIVE FTP

2012-04-04 Thread Peder Rovelstad

To connect from the Internet in passive mode, with pfSense 1.2.3 works
perfectly, however with pfSense 2.0.1 there is not response to a ls or dir
command, and I can not transfer files.
What is the difference? What other settings must be configured manually in
version2.0.1?

 

Hi.  Do you have a NAT and access rule to allow the pasv port range in
addition to port 21?

 

 

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] forum.pfsense.org not sending activation e-mails

2011-10-07 Thread Peder Rovelstad
 

 

From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org]
On Behalf Of Chris Buechler
Sent: Friday, October 07, 2011 4:04 AM
To: pfSense support and discussion
Subject: Re: [pfSense] forum.pfsense.org not sending activation e-mails

 

P.S.  I don't seem to be the only one with this issue:
http://comments.gmane.org/gmane.comp.security.firewalls.pfsense.support/1711
3


heh  one person 2 years ago, the 10,000 people who have registered since
then disagree. 

 

FWIW, I attempted to register under a new address and got the same result.
Have a great day.

 

 

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list