Re: [pfSense] Seeking local support/reseller

2018-04-02 Thread Ryan Coleman
How’d I miss that? :)

Thank you!

> On Apr 2, 2018, at 7:15 PM, Chris L <c...@viptalk.net> wrote:
> 
> On Apr 2, 2018, at 4:32 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> 
>> Jim, Ivork, et al Rubicon Employees on this list…
>> 
>> My boss is looking for a regional support/reseller… is there a list of 
>> authorized resellers and outside support providers? 
> 
> Might help if you told people where you are local to.
> 
> https://www.netgate.com/partners/locator.html
> 
>> 
>> 
>> Thanks!
>> —
>> Ryan C
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Seeking local support/reseller

2018-04-02 Thread Ryan Coleman
Jim, Ivork, et al Rubicon Employees on this list…

My boss is looking for a regional support/reseller… is there a list of 
authorized resellers and outside support providers? 


Thanks!
—
Ryan C
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] a bit offtopic, vga header cable for netgate device

2018-02-17 Thread Ryan Coleman
Googlefu: 
https://www.google.com/search?q=VGA+header+to+15-pin+ribbon=lnms=shop=X=0ahUKEwiwybq2ma3ZAhVI2oMKHf9zBWwQ_AUICigB
 


> On Feb 17, 2018, at 3:29 AM, Eero Volotinen  wrote:
> 
> Hi List,
> 
> Does anyone know where I can buy this cable:
> https://store.netgate.com/Hamakua-VGA-Cable-P350.aspx
> 
> Eero
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Port forwards don't work on one machine

2018-02-11 Thread Ryan Coleman
That should be in the logs… 

> On Feb 11, 2018, at 6:48 PM, Joseph L. Casale  
> wrote:
> 
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Marco
> Sent: Sunday, February 11, 2018 2:30 PM
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] Port forwards don't work on one machine
> 
>> I ran a wireshark on the destination and it received packets when
>> “port testing” from the pfSense, but not when using external access
>> (e.g. canyouseeme.org)
> 
> Sounds like an ACL with a block or reject somewhere...
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Finding the best network setup for pfsense.

2017-12-22 Thread Ryan Coleman
I think the overkill is all the extra appliances doing things that pfSense can 
do.

You want the pfSense to be in the middle, you want the traffic to be filtered 
and routed… pfSense is great for this very task, you don’t need the Hawk or 
Netgear firewalls… 

aDSL modem -> pfSense -> switch -> Rest of network



> On Dec 22, 2017, at 6:15 PM, Antonio  wrote:
> 
> Sounds cool but maybe a bit overkill for what i need ...
> 
> Cheers
> 
> Respect your privacy and that of others, don't give your data to big 
> corporations.
> Use alternatives like Signal (https://whispersystems.org/ 
> ) for your messaging or 
> Diaspora* (https://joindiaspora.com/ ) for your 
> social networking.
> 
> Il 22/12/2017 22:35, Eero Volotinen ha scritto:
>> Well,
>> 
>> Just plug pfsense to ADSL and buy managed switch and some unifi wlan
>> aps. You can install proxy on pfsense box also..
>> 
>> 
>> Eero
>> 
>> 22.12.2017 23.57 "Antonio"  
>> >>
>> kirjoitti:
>> 
>>Hello,
>> 
>>I'm trying to design an optimal network setting for my home and was
>>wondering what people's thoughts were based on my needs:
>> 
>>1) Need a single DHCP, DNSMasq server;
>> 
>>2) want to route traffic through VPNs only on certain parts of my
>>network
>> 
>>3) want to eventually install a proxy somewhere on the network to
>>route
>>traffic from my kids laptops/tablets.
>> 
>>4) obviously want to firewall all centrally as best as possible.
>> 
>>My setup is as follows:
>> 
>>a) I have a little compact mini PC with four ethernet connections (1x
>>WAN and 3x LAN) - its wifi too
>> 
>>b) A Netgear Modem onto ADSL
>> 
>>c) A Netgear router Hawk 7000
>> 
>>d) a couple of desktop PCs wired to (a) as well as a server
>> 
>>e) several mobiles, IoTs that connect wireless to (c)
>> 
>>At the moment the connection is (b)->(c)->(a)->PCs but I feel I'm not
>>getting the best of this setup, particularly pfSense which at the
>>moment
>>is just firewalling my PCs/server.
>> 
>>I generally consider the wifi network the weak point as guest come and
>>connect to it that's why its connected before (a); traffic from (c)
>>cannot get past (a) but the PCs/server can get out on the internet. I
>>feel that (a) should be connected to (b) and (c) should then be
>>connected to one of the LAN ports on (a), say LAN2 (I would have a
>>switch on LAN1 with PCs/server). I could then use pfSense to route
>>traffic from LAN2 to WAN and firewall LAN1 so that traffic from LAN2
>>could not go to LAN1.
>> 
>>That way, I could then set up pfSense as my single DHCP and DNSMasq
>>server. I could then set up VPNs for just traffic of LAN1 or LAN2.
>> 
>>Would you agree with this sort of setup or do you think I could
>>implement things better?
>> 
>>I look forward to some of your thoughts.
>> 
>>Best regards
>> 
>>--
>>Respect your privacy and that of others, don't give your data to
>>big corporations.
>>Use alternatives like Signal (https://whispersystems.org/ 
>> ) for
>>your messaging or
>>Diaspora* (https://joindiaspora.com/ ) for 
>> your social networking.
>> 
>>___
>>pfSense mailing list
>>https://lists.pfsense.org/mailman/listinfo/list 
>> 
>>> >
>>Support the project with Gold! https://pfsense.org/gold 
>> 
>> 
>> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list 
> 
> Support the project with Gold! https://pfsense.org/gold 
> 
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-11-29 Thread Ryan Coleman
I would say it’s the integrator's responsibility to make sure their packages 
are supported in the newest version. 2.3 -> 2.4 is a major upgrade. Odds are 
the breaking piece of it is a RECENT issue and not one that has existed since 
2.4 was released.



> On Nov 29, 2017, at 5:15 PM, Eero Volotinen <eero.voloti...@iki.fi> wrote:
> 
> anyway, why the upgrade routine does not remove packges as needed. update
> process is a bit complex and unreliable..
> 
> 30.11.2017 0.31 "Ryan Coleman" <ryan.cole...@cwis.biz> kirjoitti:
> 
>> Anything that isn’t a maintenance release (2.x.y … the “y” here) should be
>> considered a major release.
>> 
>> macOS 10.11 is a major release. 10.11.1 is not.
>> 
>> —
>> Ryan
>> 
>>> On Nov 29, 2017, at 1:37 PM, Steve Yates <st...@teamits.com> wrote:
>>> 
>>> Does it work if you uninstall haproxy first?  I know pfSense recommends
>> uninstalling packages for "major" version upgrades but (per my past thread
>> here ) I would think point versions are minor upgrades.
>>> 
>>> --
>>> 
>>> Steve Yates
>>> ITS, Inc.
>>> 
>>> -Original Message-
>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>> Volotinen
>>> Sent: Wednesday, November 29, 2017 12:02 PM
>>> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
>>> Subject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?
>>> 
>>> yes. looks like very similar problem :)
>>> 
>>> Eero
>>> 
>>> 2017-11-29 18:59 GMT+02:00 Tom Müller-Kortkamp <tmu...@kommunity.net>:
>>> 
>>>> Did you had any packages installed?
>>>> I filed this bug 2 Days ago:
>>>> https://redmine.pfsense.org/issues/8135
>>>> 
>>>>> Am 29.11.2017 um 00:11 schrieb Steve Yates <st...@teamits.com>:
>>>>> 
>>>>> https://redmine.pfsense.org/ is the bug tracker.
>>>> https://www.netgate.com/support/contact-support.html for tech support.
>>>>> 
>>>>> --
>>>>> 
>>>>> Steve Yates
>>>>> ITS, Inc.
>>>>> 
>>>>> -Original Message-
>>>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>>>> Volotinen
>>>>> Sent: Monday, November 27, 2017 12:37 AM
>>>>> To: pfSense Support and Discussion Mailing List <
>> list@lists.pfsense.org>;
>>>> j...@netgate.com
>>>>> Subject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> Looks like "online" upgrade (2.3.5 -> 2.4.2) trashes sg-8860 unit to
>>>>> "non-working state". (ie. ssl libraries missing and so on)
>>>>> 
>>>>> Where I can file critical bug ticket? :D
>>>>> 
>>>>> --
>>>>> Eero
>>>>> 
>>>>> 2017-11-26 19:53 GMT+02:00 Daniel <dan...@linux-nerd.de>:
>>>>> 
>>>>>> I Updates 3 Firewalls all without any problems.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Am 26.11.17, 13:04 schrieb "List im Auftrag von Eero Volotinen" <
>>>>>> list-boun...@lists.pfsense.org im Auftrag von eero.voloti...@iki.fi>:
>>>>>> 
>>>>>>  just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is
>> there
>>>>>> any
>>>>>>  known issues?
>>>>>> 
>>>>>>  it's not so complex setup, but running as our hq main firewall. so,
>>>>>> some
>>>>>>  ipsec and openvpn connections are running against it.
>>>>>> 
>>>>>> 
>>>>>> 
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-11-29 Thread Ryan Coleman
Anything that isn’t a maintenance release (2.x.y … the “y” here) should be 
considered a major release.

macOS 10.11 is a major release. 10.11.1 is not.

—
Ryan

> On Nov 29, 2017, at 1:37 PM, Steve Yates  wrote:
> 
> Does it work if you uninstall haproxy first?  I know pfSense recommends 
> uninstalling packages for "major" version upgrades but (per my past thread 
> here ) I would think point versions are minor upgrades.
> 
> --
> 
> Steve Yates
> ITS, Inc.
> 
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen
> Sent: Wednesday, November 29, 2017 12:02 PM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?
> 
> yes. looks like very similar problem :)
> 
> Eero
> 
> 2017-11-29 18:59 GMT+02:00 Tom Müller-Kortkamp :
> 
>> Did you had any packages installed?
>> I filed this bug 2 Days ago:
>> https://redmine.pfsense.org/issues/8135
>> 
>>> Am 29.11.2017 um 00:11 schrieb Steve Yates :
>>> 
>>>  https://redmine.pfsense.org/ is the bug tracker.
>> https://www.netgate.com/support/contact-support.html for tech support.
>>> 
>>> --
>>> 
>>> Steve Yates
>>> ITS, Inc.
>>> 
>>> -Original Message-
>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>> Volotinen
>>> Sent: Monday, November 27, 2017 12:37 AM
>>> To: pfSense Support and Discussion Mailing List ;
>> j...@netgate.com
>>> Subject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?
>>> 
>>> Hi,
>>> 
>>> Looks like "online" upgrade (2.3.5 -> 2.4.2) trashes sg-8860 unit to
>>> "non-working state". (ie. ssl libraries missing and so on)
>>> 
>>> Where I can file critical bug ticket? :D
>>> 
>>> --
>>> Eero
>>> 
>>> 2017-11-26 19:53 GMT+02:00 Daniel :
>>> 
 I Updates 3 Firewalls all without any problems.
 
 
 
 Am 26.11.17, 13:04 schrieb "List im Auftrag von Eero Volotinen" <
 list-boun...@lists.pfsense.org im Auftrag von eero.voloti...@iki.fi>:
 
   just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there
 any
   known issues?
 
   it's not so complex setup, but running as our hq main firewall. so,
 some
   ipsec and openvpn connections are running against it.
 
 
 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense in AWS VPC

2017-11-24 Thread Ryan Coleman
Wasting space… 
Wasting space… 
Wasting space… 
Wasting space… 

Is there a point to this?

> On Nov 24, 2017, at 11:00 AM, Peder Rovelstad  wrote:
> 
> Play me again...
> Play me again...
> Play me again...
> Play me again...
> 
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Watson Kamanga
> Sent: Thursday, November 23, 2017 6:45 AM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] pfSense in AWS VPC
> 
> Services, DHCP Server  . untick enable dhcp .
> 
> Watz . 
> 
> On 11/23/17, 4:42 PM, "List on behalf of André Rodier" 
>  wrote:
> 
>Hello,
> 
>Thanks for this great BSD distribution.
> 
>We are actually using pfSense on a dedicated hardware infrastructure of
>multiple server, with one of them being a web portal application.
> 
>We are using the OpenVPN server to restrict access this web application,
>on a specific domain (https://app.london.sq). The web application is
>only exposed through this interface, and therefore not accessible
>externally.
> 
>We are now facing a challenge, to replicate this infrastructure on AWS,
>inside a VPC. The VPC service from AWS is having a dedicated DHCP
>server, that would conflict with the DHCP server of the firewall.
> 
>In this scenario, how can we run the pfSense as a firewall in a AWS
>powered virtual private cloud, but without using the DHCP server that
>comes with pfSense.
> 
>Thanks for your help and advices.
> 
>Kind regards,
>André Rodier
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-22 Thread Ryan Coleman
I’m doing keys… I figured that might be the root issue… 

Thanks! 

> On Nov 22, 2017, at 11:54 AM, Doug Lytle  wrote:
> 
 I have one site working. But when I try to connect the second site it 
 kills the first.
> 
> I don't have anything written up, but I have this set up at home.  Three 
> remote sites connect to me.
> 
> You need to make sure you issue different certificates to each end point, if 
> you're sharing certs, you'll disconnect the first when trying to connect the 
> second.
> 
> Doug
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4.2 release

2017-11-22 Thread Ryan Coleman
Tis. And it works. I’m surprised I didn’t get a notification.

> On Nov 22, 2017, at 3:30 AM, Doug Lytle  wrote:
> 
> I just noted that it's out.
> 
> pfSense 2.4.2 
> 
> 
> Doug
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

2017-11-01 Thread Ryan Coleman
Look, dude, I saw two different signatures in two emails. Given that piece of 
information you would have come up with the same thing.

We’re not in disagreement on thought. I wasn’t replying to YOU I was actually 
defending you… but, hey, Chicago? I’ll gladly take my bribe in Burboun County 
Stout 2014 kegs and Maxwell Street polishes please.
:)

vote early and often


> On Oct 31, 2017, at 6:33 PM, mad.scientist.at.la...@tutanota.com wrote:
> 
> easilly done, non need to get nasty, just  because you can't admit a mistake. 
>  it's entirely acceptable on most list, if it isn't here a gentle nudge from 
> an admin is more than sufficient, on the other hand, personal attacks are 
> rarely tolerated and demonstrate a juvenile attitude.  i'm 54, born in 
> chicago, my father was mayor in the suburbs, i know how politics works, and i 
> know some have become rabid.  p.s. it's not a cycling file, it's a manually 
> changed sig, but hey, go buy some tiki torches if it makes you feel better.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

2017-10-31 Thread Ryan Coleman
I concur but having checked out his previous posts… he has a cycling signature 
file with quotes… 

Aside from saying “adios” to this user there’s not a whole lot that could be 
done about that specific idiocracy.

> On Oct 30, 2017, at 3:26 PM, Ryan Rodrigue  wrote:
> 
> 
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
>> mad.scientist.at.la...@tutanota.com
>> Sent: Monday, October 30, 2017 2:27 PM
>> To: pfSense Support and Discussion Mailing List
>> Subject: Re: [pfSense] malformed packets
>> 
>> thank you for your' reply, i'll try your suggestions.  complete newbe to
>> pfsense, but do know something about firewalls etc. and can basically
>> use wireshark and understand it.  fortunately the problem has become
>> much less severe.  Thank you.
>> 
>> mad.scientist.at.large (a good madscientist)
>> --
>> "The U.S. intelligence community concluded in a report made public in
>> January that the Kremlin sought to disrupt the 2016 election and sway
>> the race in Trump's favor."  From "thehill.com".  Only Trump and his
>> duplicitous supports try to say it was Clinton who conspired.  Frankly
>> Trump is likely guilty of treason, the sooner he's impeached and indited
>> the better, along with ALL of his supporters in goverment.
>> 
>> 
>> 30. Oct 2017 09:36 by st...@teamits.com:
>> 
>> 
>>> I saw your question but didn't see an answer...  Have you considered
>> Suricata or Snort to see if they can detect and block off the traffic?
>>> 
>>> --
>>> 
>>> Steve Yates
>>> ITS, Inc.
>>> 
>>> -Original Message-
>>> From: List [> mailto:list-boun...@lists.pfsense.org> ] On Behalf Of >
>> mad.scientist.at.la...@tutanota.com
>>> Sent: Friday, October 20, 2017 7:24 PM
>>> To: pfSense Support and Discussion Mailing List <>
>> list@lists.pfsense.org> >
>>> Subject: [pfSense] malformed packets
>>> 
>>> is there any way i can block malformed packets and drop them rather
>> than being used for a ddos attack?  this is related to LEGAL torrents,
>> i.e. copy left etc.  even running deluge there is a storm of malformed
>> packets with spoofed ip addrs, which then makes my machine send out
>> many, many malformed packets to people who didn't even send them.  Gee,
>> i thought doing a ddos on people was illegal, not that it matters in
>> most countries.
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! > https://pfsense.org/gold
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 
> 
> Can we avoid posting political statements to this list?  You can have 
> whatever view you would like, but a router mailing list is hardly the place 
> to post them.  Thank you. 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.1.6 NAT BUG - All rules deleted !!

2017-06-07 Thread Ryan Coleman
Probably that 2.2 support ended 32-bit boards, IIRC. 

Or maybe that was 2.3


> On Jun 7, 2017, at 7:46 AM, Oliver Hansen  wrote:
> 
> Is there a reason you're still on version 2.1.6?
> 
> On Jun 7, 2017 5:41 AM, "pfsense-l...@y-tech.co.il" <
> pfsense-l...@y-tech.co.il> wrote:
> 
>> Hi all,
>> 
>> I just encountered a major bug:
>> Adding a new port forward rule caused a deletion of all firewall rules,
>> ALL.
>> I restored the configuration from backup and tried to add it again - same
>> result.
>> I can't find any documented bug.
>> Please advise.
>> 
>> Thanks,
>> Tomer.
>> 
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by Y-Tech MailScanner system, and is
>> believed to be clean.
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Pithos (Pandora) package...

2017-05-20 Thread Ryan Coleman
~!@#%$ never mind.


I see it’s a KDE package. Dammit.







> On May 20, 2017, at 12:59 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
> Has anyone worked with the Pithos dpkg on fBSD? Or anyone know of someone 
> that has put in time for the package build? I have a couple of customers that 
> would be interested if such a package existed. 
> 
> —
> Ryan
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Pithos (Pandora) package...

2017-05-20 Thread Ryan Coleman
Has anyone worked with the Pithos dpkg on fBSD? Or anyone know of someone that 
has put in time for the package build? I have a couple of customers that would 
be interested if such a package existed. 

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Found a Bug?

2017-05-16 Thread Ryan Coleman
Did you check the logs to see what was filling them? Sounds like a bad 
configuration of something, probably Squid.


> On May 15, 2017, at 3:53 AM, Daniel  wrote:
> 
> Hi there,
> 
> it seems i found a bug. 2 times i run in the same Problem.
> Harddisk in my PfSense went to 100% Disk usages. (suricata logs)
> After booting in rescue mode and deleted 100GB Logs the pfSense loses the 
> whole configuration and I needed to reinstall the whole Server and restore a 
> backup.
> 
> This was happened 2 times with the same behavior. Disk went full – 
> configuration get lost.
> 
> Cheers
> 
> Daniel
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Sending web traffic through VPN

2017-04-23 Thread Ryan Coleman
I’ve gotten this to work for all traffic:
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
 


I would just route it all… unless it’s more than 5% slower I don’t see a reason 
to not route 100% of the traffic - the more selective you get the harder the 
firewall has to work on the filter.

—
Ryan


> On Apr 23, 2017, at 8:27 PM, Drew Lehman  wrote:
> 
> Has anyone run across a tutorial on setting up traffic to go out a VPN?  I 
> would like to push all web traffic through a VPN connection, but since the 
> VPN is a bit slower, have the rest of the traffic go out through the WAN.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] OpenVPN Full Tunnel Issue

2017-04-14 Thread Ryan Coleman
In my case it was the NAT Outbound section…  I did not make the switch from 
Automatic to Manual rule generation because I was concerned about forgetting to 
activate it when I needed it on rules in the future.

But that’s a pfSense function, not ovpn so YMMV.

> On Apr 14, 2017, at 12:09 AM, Keith Snape <sna...@gmail.com> wrote:
> 
> Can you detail what was wrong and what you did? I have been having similar
> frustrations with a non-pfsense ovpn setup that I feel should be working
> for full tunnel but just isn't.  Perhaps not the perfect place to discuss,
> but an opportune one.
> 
> :)
> 
> On Apr 13, 2017 11:02 PM, "Ryan Coleman" <ryan.cole...@cwis.biz 
> <mailto:ryan.cole...@cwis.biz>> wrote:
> 
>> Nevermind. I figured it out. :)
>> 
>> 
>>> On Apr 14, 2017, at 12:00 AM, Ryan Coleman <ryan.cole...@cwis.biz 
>>> <mailto:ryan.cole...@cwis.biz>>
>> wrote:
>>> 
>>> Good morning everyone.
>>> 
>>> I have configured a site-to-site VPN using
>> https://doc.pfsense.org/index.php/Routing_internet_traffic_ 
>> <https://doc.pfsense.org/index.php/Routing_internet_traffic_>
>> through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1 <
>> https://doc.pfsense.org/index.php/Routing_internet_ 
>> <https://doc.pfsense.org/index.php/Routing_internet_>
>> traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1> and
>> tested that I can access the remote LAN.
>>> 
>>> However the portion that is supposed to be routing all traffic through
>> is not working properly.
>>> 
>>> I am, however, pining through the VPN tunnel and getting responses. And
>> if I call up a webpage I see the traffic going out but I cannot determine
>> if it is returning properly.
>>> 
>>> 
>>> This is currently on my bench in hopes I can put it back in the
>> customer’s hands sometime this weekend so they can start testing it to make
>> sure the sites they’re having issues connecting to are working again.
>>> 
>>> Has anyone experienced this?
>>> 
>>> Thanks!
>>> 
>>> 
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list 
>> <https://lists.pfsense.org/mailman/listinfo/list>
>> Support the project with Gold! https://pfsense.org/gold 
>> <https://pfsense.org/gold>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list 
> <https://lists.pfsense.org/mailman/listinfo/list>
> Support the project with Gold! https://pfsense.org/gold 
> <https://pfsense.org/gold>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] OpenVPN Full Tunnel Issue

2017-04-13 Thread Ryan Coleman
Nevermind. I figured it out. :)


> On Apr 14, 2017, at 12:00 AM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
> Good morning everyone.
> 
> I have configured a site-to-site VPN using 
> https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1
>  
> <https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1>
>  and tested that I can access the remote LAN.
> 
> However the portion that is supposed to be routing all traffic through is not 
> working properly.
> 
> I am, however, pining through the VPN tunnel and getting responses. And if I 
> call up a webpage I see the traffic going out but I cannot determine if it is 
> returning properly.
> 
> 
> This is currently on my bench in hopes I can put it back in the customer’s 
> hands sometime this weekend so they can start testing it to make sure the 
> sites they’re having issues connecting to are working again.
> 
> Has anyone experienced this?
> 
> Thanks!
> 
> 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] new stuff

2017-04-02 Thread Ryan Coleman
Please ban.


> On Apr 2, 2017, at 12:54 AM, List  wrote:
> 
> Hey! 
> 
> I found some new stuff for you, i think  you're going  to like it, more info 
> at http://weddingdressillustrations.com/complaint.php?7574
> 
> Take care, List
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] pfsense twitter account making rude comments.

2017-02-21 Thread Ryan Coleman
> On Feb 21, 2017, at 10:40 AM, Paul Mather <p...@gromit.dlib.vt.edu> wrote:
> 
> On Feb 21, 2017, at 11:30 AM, Ryan Coleman <ryan.cole...@cwis.biz 
> <mailto:ryan.cole...@cwis.biz>> wrote:
> 
>> Not that we are anyone who would know anything about that…
> 
> 
> The best thing to come out of this ugly spat, for me, is that I went to the 
> pfSense Twitter feed to see what all the fuss was about (I'm not on Twitter) 
> and discovered that pfSense 2.3.3 has just been released! :-)
> 
> I'd like to give a hearty THANKS to the pfSense project for another great 
> release.
> 
> It also reminds me I really should get around to subscribing to the announce@ 
> mailing list... :-)

You should. I think he announced it here at 21:33 CT last night, though… :)
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-21 Thread Ryan Coleman
I’d like to point out that when a competitor of yours had DNS issues you used 
it as an opportunity to state that your product was better because, well, it 
was still in business.

If you were someone that actually cared about user experience you would have 
been there offering free (temporary) service to those who were effected. 
Instead you mocked the other company.

Do you live under a bridge?

> On Feb 21, 2017, at 4:45 AM, Benjamin E. Nichols 
>  wrote:
> 
> Moreover, this is my life, it is my work, and I find your disdain to be very 
> unbased at all on any real issues, aside from my own reactions,  and frankly, 
> that concerns me. And it wouldnt bother me, if it was just you. But you are 
> having a negative impact by essentially slandering Squidblacklist.org 
>  in front of the entire pfsense userbase.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-21 Thread Ryan Coleman
And Benjamin - you can count my business as one of those that will never use 
your service.

I’m doing managed internet for cafes in Minnesota. It would be nice to have 
something like that. 
But I don’t need to do business with someone that can’t settle his issues in a 
calm manner.

And Jim, for the most part, is a calm person. He’s passionate. You, on the 
other hand, are a prick.



> On Feb 21, 2017, at 10:30 AM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
> Not that we are anyone who would know anything about that…
> 
> 
>> On Feb 21, 2017, at 6:21 AM, Frank Schaffhaeuser <m...@blockdevice.net> 
>> wrote:
>> 
>> Spamming mailing lists with profanity doesn't help in operating a 
>> 'successfully business' [sic].
>> 
>> Settle your dispute in private please.
>> 
>> 
>> 
>> 
>>  Original Message  
>> From: webmas...@squidblacklist.org
>> Sent: 21 February 2017 11:46 a.m.
>> To: list@lists.pfsense.org
>> Reply to: list@lists.pfsense.org
>> Subject: Re: [pfSense] pfsense twitter account making rude comments.
>> 
>> Dear Mr. Thompson.
>> 
>> I have spent the last 5 years or my life committed to creating a better 
>> blacklist, the very reason I created Squidblacklist.org was to bring a 
>> better blacklist to the world. Because I saw that shalla and 
>> urlblacklist were producing garbage. Squidblacklist.org was initially a 
>> free service for the first couple of years. I made this service 
>> available for free, countless hours of work. I had no intention of 
>> creating a paid service and did so only out of necessity. And as a 
>> private operatory I really do not feel that I need to explain or defend 
>> wanting to build and operate a successfully business. Nor shall I have 
>> to explain engaging people discussing blacklists or web filtering on 
>> social media platforms that you may regard as "scummy".
>> 
>> As to your baseless assertion of theft, dear sir, how low can you get?  
>> Have you even tested our works, Looked at them? Have you?
>> 
>> No you have not.
>> 
>> Our blacklists are unique, and they are of my own creation, your 
>> allegation of theft is baseless, insulting, and it is mindless. I doubt 
>> you have ever looked at, analyzed or used our services, because
>> if you had, you would know that isnt true at all. Our blacklists are 
>> COMPLETELY UNIQUE.  Claiming that we "curate" somebody elses works is 
>> nonsense.
>> 
>> I have created a domain discovery and removal system as a result of 
>> countless hours of work, and it is that system that I "curate" day in 
>> and day out, around the clock, at 4am when I need to publish updates, 
>> when I get emailed removal or addition requests, when we need to push 
>> urgent malicious updates, and even, when I  get bullshit remarks on twitter.
>> 
>> 
>> Your disparaging attitude your remarks are disturbing. But the good news 
>> is that nobody needs your approval or official support to use our 
>> blacklists with pfSense, and they are doin so every day. Right now, as I 
>> write this email, systems across the world are fetching automated 
>> updates from our webservers.
>> 
>> Yes, I am not angry at you for your comments and poor regard for myself 
>> and my business, no, I am angry because I care about our users, and 
>> pfsense users. And I care that a mindless, arrogant, abusive individual 
>> such as yourself would make baseless, disparaging remarks without even 
>> having actually tested our works.
>> 
>> Moreover, this is my life, it is my work, and I find your disdain to be 
>> very unbased at all on any real issues, aside from my own reactions,  
>> and frankly, that concerns me. And it wouldnt bother me, if it was just 
>> you. But you are having a negative impact by essentially slandering 
>> Squidblacklist.org in front of the entire pfsense userbase.
>> 
>> And that is simply unacceptable, and will not go unchecked.
>> 
>> 
>> Expect me.
>> 
>> -- 
>> --
>> 
>> Signed,
>> 
>> Benjamin E. Nichols
>> http://www.squidblacklist.org
>> 
>> 1-405-397-1360 - Call Anytime.
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-20 Thread Ryan Coleman
My point is this: If you have something to say to someone… don’t block them. If 
you want to open a dialog, do so… but you’re making the wrong step here coming 
to the mailing list to make a veiled call out of the project. You knew for darn 
sure who it was that responded. 

So… send @GonzoPancho a message privately and take the higher ground. When you 
stoop to his level you don’t win anyone over. And neither does Jim. 

—
Ryan

> On Feb 20, 2017, at 9:35 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
> Really?
> 
>> 
> ⁨Jim Thompson ‏@gonzopancho ⁩ <⁨https://twitter.com/gonzopancho⁩> 9h9 hours 
> ago <https://twitter.com/gonzopancho/status/833750107157884928>
> More
> @Squidblacklist <https://twitter.com/Squidblacklist> is there a reason you're 
> so spammy?
> 1 reply0 retweets0 likes
> Reply 1 Retweet  
> Like 
> ⁨Squidblacklist ‏@Squidblacklist ⁩ <⁨https://twitter.com/Squidblacklist⁩> 8h8 
> hours ago <https://twitter.com/Squidblacklist/status/833756019696209920>
> More
> @gonzopancho <https://twitter.com/gonzopancho> Is there a reason you are 
> calling me spammy? Its called social media, you use it or you dont, we dont 
> work for free.
> 1 reply0 retweets0 likes
> Reply 1 Retweet  
> Like 
> ⁨Jim Thompson ‏@gonzopancho ⁩ <⁨https://twitter.com/gonzopancho⁩> 7h7 hours 
> ago <https://twitter.com/gonzopancho/status/833778454978031617>
> More
> @Squidblacklist <https://twitter.com/Squidblacklist> maybe if you had 
> something to say...
> 2 replies0 retweets0 likes
> Reply 2 Retweet  
> Like 
> ⁨Squidblacklist ‏@Squidblacklist ⁩ <⁨https://twitter.com/Squidblacklist⁩> 7h7 
> hours ago <https://twitter.com/Squidblacklist/status/833780612557217792>
> More
> @gonzopancho <https://twitter.com/gonzopancho> Maybe if you'd be enjoying 
> life, if you weren't spreading ur misery on Twitter.
> 2 replies0 retweets0 likes
> Reply 2 Retweet  
> Like 
> ⁨
> pfSense® Project
> ‏@pfsense
> ⁩ <⁨https://twitter.com/pfsense⁩>
>  Follow
> More
> @Squidblacklist <https://twitter.com/Squidblacklist> dude, you blocked me, so 
> I'll respond here. I've been snowboarding in Vail the past 2 days. I am 
> enjoying my life.
> 6:12 PM - 20 Feb 2017
> You know what you’re doing… I would highly recommend you walk away - you 
> aren’t going to win many friends here. From the looks of it you’re the one on 
> the soap box.
> 
> 
> 
> 
>> On Feb 20, 2017, at 8:28 PM, Benjamin E. Nichols 
>> <webmas...@squidblacklist.org <mailto:webmas...@squidblacklist.org>> wrote:
>> 
>> Whomever is running the pfsense twitter account is making uncalled for, and 
>> rude remarks.
>> 
>> I submit to you that the official pfsense twitter account is not a platform 
>> for one individual to abuse as a soap box to cast insults at whatever 
>> persons targeted.
>> 
>> We reserve the right to, and will respond accordingly.
>> 
>> 
>> -- 
>> --
>> 
>> Signed,
>> 
>> Benjamin E. Nichols
>> http://www.squidblacklist.org <http://www.squidblacklist.org/>
>> 
>> 1-405-397-1360 - Call Anytime.
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-20 Thread Ryan Coleman
Really?

> 
⁨Jim Thompson ‏@gonzopancho ⁩ <⁨https://twitter.com/gonzopancho⁩> 9h9 hours ago 

More
@Squidblacklist  is there a reason you're 
so spammy?
1 reply0 retweets0 likes
Reply 1 Retweet  
Like 
⁨Squidblacklist ‏@Squidblacklist ⁩ <⁨https://twitter.com/Squidblacklist⁩> 8h8 
hours ago 
More
@gonzopancho  Is there a reason you are 
calling me spammy? Its called social media, you use it or you dont, we dont 
work for free.
1 reply0 retweets0 likes
Reply 1 Retweet  
Like 
⁨Jim Thompson ‏@gonzopancho ⁩ <⁨https://twitter.com/gonzopancho⁩> 7h7 hours ago 

More
@Squidblacklist  maybe if you had something 
to say...
2 replies0 retweets0 likes
Reply 2 Retweet  
Like 
⁨Squidblacklist ‏@Squidblacklist ⁩ <⁨https://twitter.com/Squidblacklist⁩> 7h7 
hours ago 
More
@gonzopancho  Maybe if you'd be enjoying life, 
if you weren't spreading ur misery on Twitter.
2 replies0 retweets0 likes
Reply 2 Retweet  
Like 
⁨
pfSense® Project
‏@pfsense
⁩ <⁨https://twitter.com/pfsense⁩>
 Follow
More
@Squidblacklist  dude, you blocked me, so 
I'll respond here. I've been snowboarding in Vail the past 2 days. I am 
enjoying my life.
6:12 PM - 20 Feb 2017
You know what you’re doing… I would highly recommend you walk away - you aren’t 
going to win many friends here. From the looks of it you’re the one on the soap 
box.




> On Feb 20, 2017, at 8:28 PM, Benjamin E. Nichols 
>  wrote:
> 
> Whomever is running the pfsense twitter account is making uncalled for, and 
> rude remarks.
> 
> I submit to you that the official pfsense twitter account is not a platform 
> for one individual to abuse as a soap box to cast insults at whatever persons 
> targeted.
> 
> We reserve the right to, and will respond accordingly.
> 
> 
> -- 
> --
> 
> Signed,
> 
> Benjamin E. Nichols
> http://www.squidblacklist.org
> 
> 1-405-397-1360 - Call Anytime.
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Fake OpenVPN / IPSec IP

2017-02-05 Thread Ryan Coleman
I don’t think it can… I’ve never tried but the server handles the 
communications, I presume due to the security nature it’s a my way or the 
highway situation.

> On Feb 5, 2017, at 6:40 AM, Chris  wrote:
> 
> Eero Volotinen wrote:
>> it depends on ipsec configuration.
> 
> Well, it is IKEV2,
> 
> Remote Gateway: Mobile Client
> 
> [x] Provide virtual IP address to client
> 
> x.x.x.x/26 as pool to take those IPs from is specified.
> 
> Now, isn't is possible that a client just uses another address from this
> pool? Are any additional settings required?
> 
> I've entered another IP in the Windows VPN Client. It just ignored it and
> used that assigned by pfSense. Is this the same with all clients?
> 
> - Chris
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] can I run dhcp v4 and v6 relay on the same LAN interface pfsense

2016-11-16 Thread Ryan Coleman
Are you running the most current?

I ask only as a web developer - and some of the Rubicon team monitors this list 
and they will ask that question.



> On Nov 16, 2016, at 1:28 PM, Shivaram Mysore  
> wrote:
> 
> DHCPv6 relay from WebUI does not work.
> 
> I was able to successfully get the v6 working from Command line (ssh to
> pfsense box and run the command)
> 
> I had to issue the following command to get it going.
> 
> *# /usr/local/sbin/dhcp6relay -d -r fd22:db8::290:fbff:fe34:5aed igb1*
> 
> If you are using a ISC DHCP Server, then
> 
> *# more /var/lib/dhcp6/db/dhcpd6.leases*
> 
> # The format of this file is documented in the dhcpd.leases(5) manual page.
> # This lease file was written by isc-dhcp-4.3.3
> 
> server-duid "\000\001\000\001\037\276\311\006\000\220\3734Z\355";
> 
> ia-na "\000\261\021\304\000\001\000\001\037\237g`RT\000\261\021\304" {
>  cltt 3 2016/11/16 17:22:54;
>  iaaddr fd22:db8:0:0::: {
>binding state active;
>preferred-life 604800;
>max-life 2592000;
>ends 5 2016/12/16 17:22:54;
>  }
> }
> 
> server-duid "\000\001\000\001\037\276\311\006\000\220\3734Z\355";
> 
> ia-na "\000\261\021\304\000\001\000\001\037\237g`RT\000\261\021\304" {
>  cltt 3 2016/11/16 18:22:54;
>  iaaddr fd22:db8:0:0::: {
>binding state active;
>preferred-life 604800;
>max-life 2592000;
>ends 5 2016/12/16 18:22:54;
>  }
> }
> 
> ia-na "\001\000\000\000\000\001\000\001\035X\023B\254\2742{/\363" {
>  cltt 3 2016/11/16 18:56:23;
>  iaaddr fd22:db8::fffe:e050:603f:42a5 {
>binding state active;
>preferred-life 162;
>max-life 2592000;
>ends 5 2016/12/16 18:56:23;
>  }
> }
> 
> ia-na "\001\000\000\000\000\001\000\001\035X\023B\254\2742{/\363" {
>  cltt 3 2016/11/16 18:56:24;
>  iaaddr fd22:db8::fffe:e050:603f:42a5 {
>binding state active;
>preferred-life 162;
>max-life 2592000;
>ends 5 2016/12/16 18:56:24;
>  }
> }
> 
> 
> On Wed, Nov 16, 2016 at 9:40 AM, Shivaram Mysore 
> wrote:
> 
>> dhcpv6 relay does not start.
>> 
>> Here is more info:
>> 
>> Version 2.3.2-RELEASE-p1 (amd64)
>> built on Tue Sep 27 12:13:07 CDT 2016
>> FreeBSD 10.3-RELEASE-p9
>> 
>> 
>> 
>> 
>> WAN  100baseTX 
>> 192.168.15.4
>> LAN  1000baseT 
>> 10.10.22.1
>> fd22:db8:0:0:ff10::2201
>> 
>> On Tue, Nov 15, 2016 at 11:45 PM, Shivaram Mysore <
>> shivaram.mys...@gmail.com> wrote:
>> 
>>> Hello,
>>> I have a separate DHCP sever and am running both v4 & v6 servers on the
>>> same eth1 interface.
>>> 
>>> On pfSense, I have one LAN interface configured it with both v4 & v6
>>> static IP addresses.  I am also running DHCP v4 relay on the same.  v4
>>> relay works fine.  v6 relay, I get a syslog message:
>>> 
>>> /services_dhcpv6_relay.php: No suitable interface found for running
>>> dhcrelay -6!
>>> 
>>> What could be an issue here?
>>> 
>>> Thanks
>>> 
>>> /Shivaram
>>> 
>> 
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] pfsense default firewall configuration

2016-11-15 Thread Ryan Coleman
I would add that it is “good enough” to start from and do what you need after 
that.


> On Nov 15, 2016, at 7:46 AM, Vick Khera  wrote:
> 
> On Tue, Nov 15, 2016 at 3:17 AM, user49b  wrote:
>> I have heavily modified my IPcop configuration and just wanted to know if
>> pfSesnse's default firewall configuration is good enough.
> 
> The default is deny everything inbound, and allow everything outbound.
> Nobody can say what's "good enough" for you without knowing your
> requirements.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense 2.3.x 32bit?

2016-11-02 Thread Ryan Coleman
https://blog.pfsense.org/?cat=53 

2.3.2 is current.


> On Nov 2, 2016, at 12:42 PM, Larry Rosenman  wrote:
> 
> On 2016-11-02 12:40, Eero Volotinen wrote:
>> Well, it just don't find any updates. (from console or from webgui)
>> Eero
>> 2016-11-02 19:29 GMT+02:00 Renato Botelho :
>>> > On 2 Nov 2016, at 14:59, Eero Volotinen  wrote:
>>> >
>>> > thanks.
>>> >
>>> > Any idea why I cannot upgrade 2.2.x (32bit) to 2.3.x from console/gui
>>> You should,
>>> What is the error you are experiencing?
>>> --
>>> Renato Botelho
> is 2.3 actually released?  I'm running dev snaps, but.
> -- 
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 214-642-9640 E-Mail: l...@lerctr.org
> US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Diagnosing System lag

2016-10-24 Thread Ryan Coleman
I’m changing my approach… I have had pings going for hours internally and 
externally and it’s probably a dying WAP.
I’ll know more in a few days.

The biggest issue I have is the site is over 90 minutes away so going and 
testing things doesn’t always mean anything it might not repeat the symptom for 
a few hours and by that point I could be home already. :-\

That said… if it’s the WAP that’s dying they’re getting replaced next weekend 
and the switch is going to be replaced as well with a pre-programmed one.


> On Oct 24, 2016, at 8:24 AM, Eero Volotinen <eero.voloti...@iki.fi> wrote:
> 
> How about trying another hardware?
> 
> it's cheap nowadays..
> 
> Eero
> 
> 2016-10-22 20:40 GMT+03:00 Ryan Coleman <ryan.cole...@cwis.biz>:
> 
>> My NetGate APU installation hangs, seemingly randomly… and has for most of
>> the two years since purchase and installation.
>> 
>> How might I diagnose these issues?
>> 
>>> --- 10.20.0.1 ping statistics ---
>>> 296 packets transmitted, 271 packets received, 8.4% packet loss
>>> round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms
>> 
>> Many of the lost packets easily came in late. 48 seconds for pings? The
>> network seems to be fine - rebooting switches does not effect the issue. It
>> will resolve itself after 3-4 minutes but our radio in the bar is fed over
>> the net so it gets frustrating at times.
>> 
>> Thanks!
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Diagnosing System lag

2016-10-24 Thread Ryan Coleman
Typo.


> On Oct 24, 2016, at 7:09 AM, Vick Khera <vi...@khera.org> wrote:
> 
> On Sun, Oct 23, 2016 at 1:38 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> Why? 57,265 pings sent. 57,625 pings received.
> 
> If you get more pings than you send, someone thinks they're you. Find
> out who is sharing the IP and fix that.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Diagnosing System lag

2016-10-23 Thread Ryan Coleman
I’ve been pinging the external IP for the last 16 hours and I think it’s likely 
one of two things:

1) Switch failure
2) NetGate Port failure. 

Why? 57,265 pings sent. 57,625 pings received.

I’ll know more next week when I swap out the switch. If the port failed I can 
double up ports and VLANs and make the failover we have for the time being in 
the DSL and Cable work.



> On Oct 23, 2016, at 9:20 AM, Vick Khera <vi...@khera.org> wrote:
> 
> You get that same lag from all devices?
> 
> I agree you should investigate the wires and switches. Try wiring your
> computer directly to the LAN port on the APU and see if you get any
> delays.
> 
> On Sat, Oct 22, 2016 at 2:41 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> I had in the past.. but I’ll admit right now… I’m not in the spot to check. 
>> I will do when I get home tonight (I live 90 miles from this customer)
>> 
>> 
>>> On Oct 22, 2016, at 1:35 PM, WebDawg <webd...@gmail.com> wrote:
>>> 
>>> did you look at the freebsd system logs?
>>> 
>>> On Sat, Oct 22, 2016 at 1:32 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>>>> Because I blamed it on the local phone company. :)
>>>> 
>>>> Ping time, as you can see in the quoted text, hits up to 48 seconds. I 
>>>> cannot get it to reply and I am not seeing anything in the logs.
>>>> 
>>>> It’s not the switch - rebooting does not resolve. Switching ports is not 
>>>> viable for testing at the time of the issue because of VLANs.
>>>> 
>>>> I honestly suspect it’s the firewall hardware failing more than anything 
>>>> else.
>>>> 
>>>> —
>>>> Ryan
>>>> 
>>>> 
>>>>> On Oct 22, 2016, at 1:06 PM, WebDawg <webd...@gmail.com> wrote:
>>>>> 
>>>>> Whoa.  2 years?  Why are you just looking at it now?
>>>>> 
>>>>> Do you have any other ports you could try your lan cables in?  Is
>>>>> something else using that IP?
>>>>> 
>>>>> Why do you say hangs, no web ui access?  No logs?
>>>>> 
>>>>> I mean it could be anything.
>>>>> 
>>>>> On Sat, Oct 22, 2016 at 12:40 PM, Ryan Coleman <ryan.cole...@cwis.biz> 
>>>>> wrote:
>>>>>> My NetGate APU installation hangs, seemingly randomly… and has for most 
>>>>>> of the two years since purchase and installation.
>>>>>> 
>>>>>> How might I diagnose these issues?
>>>>>> 
>>>>>>> --- 10.20.0.1 ping statistics ---
>>>>>>> 296 packets transmitted, 271 packets received, 8.4% packet loss
>>>>>>> round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms
>>>>>> 
>>>>>> Many of the lost packets easily came in late. 48 seconds for pings? The 
>>>>>> network seems to be fine - rebooting switches does not effect the issue. 
>>>>>> It will resolve itself after 3-4 minutes but our radio in the bar is fed 
>>>>>> over the net so it gets frustrating at times.
>>>>>> 
>>>>>> Thanks!
>>>>>> ___
>>>>>> pfSense mailing list
>>>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>>>> Support the project with Gold! https://pfsense.org/gold
>>>>> ___
>>>>> pfSense mailing list
>>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>>> Support the project with Gold! https://pfsense.org/gold
>>>> 
>>>> ___
>>>> pfSense mailing list
>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>> Support the project with Gold! https://pfsense.org/gold
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Diagnosing System lag

2016-10-22 Thread Ryan Coleman
I had in the past.. but I’ll admit right now… I’m not in the spot to check. I 
will do when I get home tonight (I live 90 miles from this customer)


> On Oct 22, 2016, at 1:35 PM, WebDawg <webd...@gmail.com> wrote:
> 
> did you look at the freebsd system logs?
> 
> On Sat, Oct 22, 2016 at 1:32 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> Because I blamed it on the local phone company. :)
>> 
>> Ping time, as you can see in the quoted text, hits up to 48 seconds. I 
>> cannot get it to reply and I am not seeing anything in the logs.
>> 
>> It’s not the switch - rebooting does not resolve. Switching ports is not 
>> viable for testing at the time of the issue because of VLANs.
>> 
>> I honestly suspect it’s the firewall hardware failing more than anything 
>> else.
>> 
>> —
>> Ryan
>> 
>> 
>>> On Oct 22, 2016, at 1:06 PM, WebDawg <webd...@gmail.com> wrote:
>>> 
>>> Whoa.  2 years?  Why are you just looking at it now?
>>> 
>>> Do you have any other ports you could try your lan cables in?  Is
>>> something else using that IP?
>>> 
>>> Why do you say hangs, no web ui access?  No logs?
>>> 
>>> I mean it could be anything.
>>> 
>>> On Sat, Oct 22, 2016 at 12:40 PM, Ryan Coleman <ryan.cole...@cwis.biz> 
>>> wrote:
>>>> My NetGate APU installation hangs, seemingly randomly… and has for most of 
>>>> the two years since purchase and installation.
>>>> 
>>>> How might I diagnose these issues?
>>>> 
>>>>> --- 10.20.0.1 ping statistics ---
>>>>> 296 packets transmitted, 271 packets received, 8.4% packet loss
>>>>> round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms
>>>> 
>>>> Many of the lost packets easily came in late. 48 seconds for pings? The 
>>>> network seems to be fine - rebooting switches does not effect the issue. 
>>>> It will resolve itself after 3-4 minutes but our radio in the bar is fed 
>>>> over the net so it gets frustrating at times.
>>>> 
>>>> Thanks!
>>>> ___
>>>> pfSense mailing list
>>>> https://lists.pfsense.org/mailman/listinfo/list
>>>> Support the project with Gold! https://pfsense.org/gold
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Diagnosing System lag

2016-10-22 Thread Ryan Coleman
Because I blamed it on the local phone company. :)

Ping time, as you can see in the quoted text, hits up to 48 seconds. I cannot 
get it to reply and I am not seeing anything in the logs.

It’s not the switch - rebooting does not resolve. Switching ports is not viable 
for testing at the time of the issue because of VLANs.

I honestly suspect it’s the firewall hardware failing more than anything else.

—
Ryan


> On Oct 22, 2016, at 1:06 PM, WebDawg <webd...@gmail.com> wrote:
> 
> Whoa.  2 years?  Why are you just looking at it now?
> 
> Do you have any other ports you could try your lan cables in?  Is
> something else using that IP?
> 
> Why do you say hangs, no web ui access?  No logs?
> 
> I mean it could be anything.
> 
> On Sat, Oct 22, 2016 at 12:40 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> My NetGate APU installation hangs, seemingly randomly… and has for most of 
>> the two years since purchase and installation.
>> 
>> How might I diagnose these issues?
>> 
>>> --- 10.20.0.1 ping statistics ---
>>> 296 packets transmitted, 271 packets received, 8.4% packet loss
>>> round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms
>> 
>> Many of the lost packets easily came in late. 48 seconds for pings? The 
>> network seems to be fine - rebooting switches does not effect the issue. It 
>> will resolve itself after 3-4 minutes but our radio in the bar is fed over 
>> the net so it gets frustrating at times.
>> 
>> Thanks!
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Diagnosing System lag

2016-10-22 Thread Ryan Coleman
My NetGate APU installation hangs, seemingly randomly… and has for most of the 
two years since purchase and installation.

How might I diagnose these issues? 

> --- 10.20.0.1 ping statistics ---
> 296 packets transmitted, 271 packets received, 8.4% packet loss
> round-trip min/avg/max/stddev = 1.274/9254.705/48807.578/16024.851 ms

Many of the lost packets easily came in late. 48 seconds for pings? The network 
seems to be fine - rebooting switches does not effect the issue. It will 
resolve itself after 3-4 minutes but our radio in the bar is fed over the net 
so it gets frustrating at times.

Thanks!
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Active/Backup set of nics

2016-10-18 Thread Ryan Coleman
You’d have them both as active… 
https://doc.pfsense.org/index.php/Multi-WAN 

https://forum.pfsense.org/index.php?topic=28121.0 




> On Oct 18, 2016, at 4:47 PM, Matt .  wrote:
> 
> Hi Guys,
> 
> Is there a way to find to have 2 nics (a bridge) where online
> interface is Active and the other one is Backup like Cisco Flexlink ?
> 
> The backup becomes active when there is no connection anymore on the
> Active, so first interface.
> 
> This because I have one pfsense box connected using a bridge to two
> other Pfsense boxes which do CARP on the connected interface between
> the 2 boxes.
> 
> As Pfsense doesn't understand STP traffic doesn't float back over the
> VIP which seems to be needed when coming from the single box over the
> bridge.
> 
> Ideas are welcome.
> 
> Thanks,
> 
> Matt
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-14 Thread Ryan Coleman
It’s been around since 2.3.0 was released, I believe.




> On Oct 13, 2016, at 8:23 PM, Volker Kuhlmann  wrote:
> 
> On Fri 14 Oct 2016 11:21:10 NZDT +1300, Jim Pingle wrote:
> 
>> There are no installers for 2.3.2-p1. You have to install 2.3.2 and
>> update to patch 1 once it's installed.
> 
> Ah, I see, that's why pre-2.3.2 doesn't offer it as an update either.
> I haven't noticed this situation having existed before, would it be
> useful to mention it inthe release note?
> 
> Thanks Jim,
> 
> Volker
> 
> -- 
> Volker Kuhlmann   is list0570 with the domain in header.
> http://volker.top.geek.nz/Please do not CC list postings to me.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Mailing List Posts from Non-Members

2016-09-22 Thread Ryan Coleman
Yay! You mean when I send from the wrong address it will just reject? WOOHOO!


:)


> On Sep 22, 2016, at 11:50 AM, Jim Pingle  wrote:
> 
> Hello,
> 
> Lately the mailing list moderation queues have been overrun with a large
> volume of spam on a daily basis. To make it easier on the list admins,
> we have changed the default list policy to discard messages from
> non-members on all of our lists rather than holding them for manual
> moderation.
> 
> The change should not impact many people because only on rare occasions,
> usually once a month or less, would someone post a message without being
> a list member. We had to manually look for and approve such requests
> among the thousands of spam messages in the queues.
> 
> If you want to post from multiple addresses, you can subscribe from the
> additional addresses and set the alternate addresses to "nomail" that
> way you won't receive multiple copies of the list mail but it can still
> post. The same procedure can be used for an address where the sender
> does not want to receive the list by e-mail, but follows the list using
> the list's web archive and occasionally wants to post.
> 
> You can change your mailing list subscription options or sign up your
> other addresses from the list management pages, such as
> https://lists.pfsense.org/mailman/listinfo/list
> 
> Thanks!
> 
> Jim P.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] New feature in ISC DHCP server v.4.3+ ( pfSense feature request )

2016-09-09 Thread Ryan Coleman
Touché.


> On Sep 9, 2016, at 9:48 AM, Jim Thompson <j...@netgate.com> wrote:
> 
> 
> 
>> On Sep 9, 2016, at 8:49 AM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> 
>> 
>>> On Sep 8, 2016, at 10:37 PM, Jim Thompson <j...@netgate.com> wrote:
>>> 
>>> 
>>>> On Sep 8, 2016, at 10:30 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>>>> 
>>>> 
>>>>> On Sep 8, 2016, at 9:14 PM, Jim Thompson <j...@netgate.com> wrote:
>>>>> 
>>>>> On Thu, Sep 8, 2016 at 7:36 PM, Karl Fife <karlf...@gmail.com> wrote:
>>>>> 
>>>>>> There is a brand new feature/option in ISC dhcpd 4.3.0 (the DHCP server
>>>>>> version in pfSense 2.3+).
>>>>> 
>>>>> you could say, "Thank you".  I drove the old crud out.
>>>> 
>>>> You could say “you’re welcome” but… I know you’re not capable :)
>>> 
>>> Thank you, Ryan. 
>>> 
>>> It was a bit of a tussle with some of the other team members. I still 
>>> believe it was the correct decision. 
>>> 
>>> And, "you're welcome", for whatever I've done that might have been useful 
>>> to you.
>> 
>> At least I know we can laugh at each other, right? :)
> 
> 
> "With" is one thing. 
> "At" is quite another. 
> 
> 
> Jim
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] New feature in ISC DHCP server v.4.3+ ( pfSense feature request )

2016-09-09 Thread Ryan Coleman

> On Sep 8, 2016, at 10:37 PM, Jim Thompson <j...@netgate.com> wrote:
> 
> 
>> On Sep 8, 2016, at 10:30 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> 
>> 
>>> On Sep 8, 2016, at 9:14 PM, Jim Thompson <j...@netgate.com> wrote:
>>> 
>>> On Thu, Sep 8, 2016 at 7:36 PM, Karl Fife <karlf...@gmail.com> wrote:
>>> 
>>>> There is a brand new feature/option in ISC dhcpd 4.3.0 (the DHCP server
>>>> version in pfSense 2.3+).
>>> 
>>> you could say, "Thank you".  I drove the old crud out.
>> 
>> You could say “you’re welcome” but… I know you’re not capable :)
> 
> Thank you, Ryan. 
> 
> It was a bit of a tussle with some of the other team members. I still believe 
> it was the correct decision. 
> 
> And, "you're welcome", for whatever I've done that might have been useful to 
> you. 


At least I know we can laugh at each other, right? :)


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] New feature in ISC DHCP server v.4.3+ ( pfSense feature request )

2016-09-08 Thread Ryan Coleman

> On Sep 8, 2016, at 9:14 PM, Jim Thompson  wrote:
> 
> On Thu, Sep 8, 2016 at 7:36 PM, Karl Fife  wrote:
> 
>> There is a brand new feature/option in ISC dhcpd 4.3.0 (the DHCP server
>> version in pfSense 2.3+).
>> 
> 
> you could say, "Thank you".  I drove the old crud out.

You could say “you’re welcome” but… I know you’re not capable :)

> 
> 
>> I would like to see this new feature available in the pfSense GUI
>> 
>> The new feature allows the DHCP server to ignore client UIDs as the
>> primary identifier for the lease.  A host that presents a UID will have its
>> lease assigned/keyed to that UID instead of having it be keyed to the
>> client's MAC address.
>> 
>> Rationale for this feature request:
>> 
>> Honoring the client-presented UID is a DHCP specification, but in
>> practice, A *single* host, with multiple OSes (or a host with a multi-step
>> boot process, e.g. PXE boot) will end up receiving multiple different IP
>> leases if one stack's DHCP client happenst to present a Client Identifier
>> UID's versus another that does not (versus yet another that present a
>> differently-formatted UID). Thus the ISC created a server feature in 4.3.0+
>> allowing client identifier UID to be ignored by the server.
>> 
>> In practice, I often see the example where a host that boots PXE, into
>> iPXE, into Linux (e.g. Fog's Linux stack) on its way to say, Windows, often
>> ends up having different IP addresses along the way.  I tend to see where
>> the Intel PXE stack presents a UDI, iPXE does not, and Windows can't be
>> bothered with a DHCP discover at all (going straight to a DHCP Request
>> which may be out-of-pool). :-)
>> 
>> Unfortunately it is NOT a command-line option, thus can't be passed as an
>> advanced option.  I think it would be necessary to add a simple GUI
>> checkbox.  Since it can be desirable for a host to be identified by the
>> same IP throughout the stages of the boot process (not to mention a
>> cluttered DHCP lease table with multiple entries for a the client's MAC),
>> it would be helpful to ENABLE the use of this feature in pfSense.
>> 
>> Is this in the pipeline?  Before making a formal feature request I thought
>> I'd bounce it off my peers here on the mailing list.
>> 
>> Cheers.
>> 
>> -Karl Fife
>> 
>> https://www.freebsd.org/cgi/man.cgi?query=dhcpd.conf
>> 
>> " ignore-client-uids flag;
>> If the ignore-client-uids statement is present and has a value of
>> true or on, the UID for clients will not be recorded.  If this
>> statement is not present or has a value of false or off, then client
>> UIDs will be recorded.  "
>> 
> 
> Well, it's in the FreeBSD tree, so it seems that it should be
> straight-forward to install support for this in pfSense > 2.3
> 
> Jim
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Ryan Coleman
Ahh, well, it’s hard to tell when you don’t give a name but a blanket response 
without a quoted email.


> On Aug 3, 2016, at 8:59 PM, Jim Thompson <j...@netgate.com> wrote:
> 
> My response was not directed at you, Ryan.
> 
> 
> 
> 
> On Wed, Aug 3, 2016 at 8:44 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
>> Correction. Instead the system is ON an open-SOURCE platform.
>> 
>>> On Aug 3, 2016, at 8:43 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>>> 
>>> Instead the system is open platform.
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Ryan Coleman
Correction. Instead the system is ON an open-SOURCE platform.

> On Aug 3, 2016, at 8:43 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
>  Instead the system is open platform.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Ryan Coleman
Jim,

I realize that - I’ve purchased thousands of dollars of your branded equipment 
to be installed at my corporate customer sites. However I find them lacking in 
some regards and have moved on to buying other hardware.

If you wanted to sell just your hardware to support the system you’d find a way 
to make it closed environment. Instead the system is open platform.

We’re guests, as is the pfSense product in our homes and business.

We are nice. We praise the product.

I simply find the cost for the hardware and the functionality of it beyond what 
I can personally purchase for small businesses that cannot even afford to buy 
the equipment themselves.

Ryan

> On Aug 3, 2016, at 8:36 PM, Jim Thompson  wrote:
> 
> Here's all you need to know:
> 
> 1) we only test releases on the hardware we sell, or have sold in the past
> two years.  (Obviously doesn't include VM images.)
> 
> We don't intentionally break anything, but your J1900 box isn't in the test
> matrix, nor will it ever be.  That said, we have included
> fixes for hardware that we'll never ship.  The i217s on recent Intel NUCs
> is one example.
> 
> 2) Many people are employed making pfSense.   Appliance sales make up  the
> largest part of the revenue that keeps them employed working on pfSense.
> 
> If you want to support the project and make pfSense better, you’re welcome
> to submit bugs or develop fixes. If you’re not a developer but want to
> support the project, you can always purchase a Gold Subscription"
> 
> 3) At the ram densities involved, ECC isn't going to buy you much.  If we
> were doing storage, the story would be different, but given the relative
> error rates of Ethernet and non-ECC RAM, you're unlikely to ever detect a
> bit error.  Those of you still running on CF or "SD Cards" should worry
> about your storage, not ECC ram.
> 
> We could have put ECC on the RCC-VE boards, and chose not to.  There isn't
> a good reason for raising the cost (and therefore price).
> 
> 4) Your enthusiasm for your j1900 box is understood, but this is the
> pfsense list.
> 
> You're a guest.  Be nice.
> 
> Jim
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Ryan Coleman
And there are many people on the list here who have vouched for the J1900 box 
mentioned earlier.

I am pretty sure we’ve vetted it; I know I have and I am going to start 
deploying it at customer sites over NetGate hardware.


> On Aug 3, 2016, at 10:58 AM, Karl Fife  wrote:
> 
> +1
> 
> You can buy the 'blessed' hardware alone (e.g. CentOS) from netgate for $300 
> (2-port) and $350 (4-port).   Cheaper than if you buy a preconfigured pfSense 
> appliance with support.  Seems like REALLY inexpensive insurance to be using 
> vetted hardware that others are also using.  In general, I consider cheap 
> networking gear to be a false economy.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Ryan Coleman
Mine is footprint vs function. For $200 I have a box that takes up less room on 
the wall than the NetGate product and offers more functionality (the J1900 
device mentioned earlier).

The SG-2220 is $100 more than I paid with half the ports.

I’ll pass.

> On Aug 3, 2016, at 10:43 AM, Steve Yates  wrote:
> 
> I'm being serious but what is your rationale for not using 
> pfSense's/NetGate's?
> 
> https://www.pfsense.org/products/ 
> 
> The "cheap" part (< $299)?  We tried a "build our own" approach and it's 
> tough to get a small package.  Any old PC will do just fine if one adds an 
> SSD but as someone pointed out that may use far more power in the long run.
> 
> --
> 
> Steve Yates
> ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Ryan Coleman
I second this product. Using it at home. VPN works great to my main servers 100 
miles away. Tested local throughput in VPN to about 850Mbps. For USD200 it is a 
great product. I purchased mine through Amazon in April. Only hiccup I had was 
needing a VGA monitor to configure it. :)



> On Aug 3, 2016, at 7:34 AM, Eero Volotinen  wrote:
> 
> Does this look good:
> http://www.aliexpress.com/item/XCY-Mini-PC-J1900-with-4-LAN-port-using-pfsense-as-small-router-firewall-fanless-PC/32694972050.html?spm=2114.30010308.3.7.M55nl4_ab_test=searchweb201556_7,searchweb201602_5_10057_10056_10055_10049_10059_10058_10017_405_404_10060_10061_10062_412,searchweb201603_2=fffddf79-e2d3-471d-a595-20e06e8226c8
> 
> Eero
> 
> 2016-08-03 15:03 GMT+03:00 Peder Rovelstad :
> 
>> If my old hardware died today, I might get one of these.  Or go virtual.
>> 
>> http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007
>> 
>> 
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>> Volotinen
>> Sent: Wednesday, August 03, 2016 2:37 AM
>> To: pfSense Support and Discussion Mailing List 
>> Subject: [pfSense] looking for perfect pfsense box for home?
>> 
>> Any ideas where to find perfect pfsense box for home usage.
>> 
>> Must be cheap and silent? netgate device? shuttle box?
>> 
>> --
>> Eero
>> 
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Alias duplicate - can't delete any of them

2016-08-02 Thread Ryan Coleman
Two choices that I’m aware of:

1) delete the main rule and recreate
2) Download backup config, remove from the file, upload new config and watch it 
wipe.


> On Aug 2, 2016, at 6:58 PM, Ugo Bellavance  wrote:
> 
> Hi,
> 
> First problem: some time ago a duplicate of an alias got created, I don't 
> know why or how.
> 
> Second problem: when I try to delete one of the duplicate, I get the standard 
> warning saying that all elements that still use this alias will become 
> invalid.  I click OK and both are still here.  I get an errer message saying 
> "Cannot delete alias. Currently in use by /rule name/.
> 
> How should I proceed?  Remove it temporarily from the rule, then delete one 
> of them, then add it back to the rule?
> 
> Thanks,
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

2016-07-31 Thread Ryan Coleman
As I remember it Alix support is not part of 2.4.



> On Jul 31, 2016, at 5:33 AM, Adrian Zaugg  wrote:
> 
> 
> 
> On 30.07.16 06:19, Jim Thompson wrote:
>> As a reminder, pfSense 2.4 will not support i386, and will not support the
>> 'nano' image.
> Do you mean by "i386" 32-bit X86 or really just i386 (asking because of
> Alix)?
> 
> Regards, Adrian.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

2016-07-30 Thread Ryan Coleman
Thank you :)

> On Jul 29, 2016, at 11:19 PM, Jim Thompson  > wrote:
> 
> 
> SG-2220 (eMMC and M.2), SG-2440 (eMMC and mSATA), SG-4860 (eMMC and mSATA),
> SG-8860 (eMMC and mSATA), 7541 (CF and SSD), 7551 (CF and SSD), APU (not
> APU2) (nano on SD, full install on SD, and mSATA), ALIX, C2758, XG-1540,
> XG2758, AWS, Azure, OVA (VMware), as well as a KVM and bhyve images for
> internal use.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] Installation issues of latest release (2.3.2) resolved?

2016-07-29 Thread Ryan Coleman
Have we established an official bug for the newest release? I can babysit one 
installation on Sunday without an issue but it’s the one I cannot afford to 
lose (retail shop) that needs updating sooner rather than later (as I won’t 
have the time for a month)….

So does this effect APUs running the AMD64 architecture?

Please advise.

Thanks,
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Limiter on WAN based on time?

2016-05-24 Thread Ryan Coleman
This might be what I did incorrectly… The firewall was delivered this afternoon 
and we’ll see if it’s even needed now (politics, guh).


> On May 24, 2016, at 9:43 AM, Steve Yates <st...@teamits.com> wrote:
> 
> The schedules are created under Firewall/Schedules and then can be applied to 
> a limiter.  On a limiter you'd need at least two Bandwidth entries, one for 
> each schedule (day/night).
> 
> --
> 
> Steve Yates
> ITS, Inc.
> 
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Coleman
> Sent: Tuesday, May 24, 2016 10:00 AM
> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
> Subject: [pfSense] Limiter on WAN based on time?
> 
> So I’ve tried floating rules (blocks all traffic outside of schedule) and LAN 
> rules (limits 24/7 or blocks outside of schedule).
> 
> How do I throttle WAN from 9am to 10pm, say, and then open it up after hours? 
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Limiter on WAN based on time?

2016-05-24 Thread Ryan Coleman
So I’ve tried floating rules (blocks all traffic outside of schedule) and LAN 
rules (limits 24/7 or blocks outside of schedule).

How do I throttle WAN from 9am to 10pm, say, and then open it up after hours? 


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] What might be throttling my wireless?

2016-05-15 Thread Ryan Coleman

> On May 15, 2016, at 7:19 PM, Moshe Katz <kohenk...@gmail.com> wrote:
> 
> When I had problems with throughput through Unifi Access Points with
> pfSense, I replaced every network component, including the pfSense box and
> the access points. In the end, my problem turned out to be an issue in how
> some of the VLANs were handled by the (defective) switch.

Possible but unlikely. This switch was in my apartment working fine but not 
processing VLANs over SSIDs.


> Can you test to see what happens if you hook up a computer directly in the
> place of one of the access points and see how the speed is there?

I was previously on one of the ports working at 500mbps through the internet 
but I didn’t try that today before I left.

> Also, have you tried doing iperf from Wi-Fi clients to each of your pfSense
> machines (real and virtual) as opposed to doing an online speed test?

That I didn’t. Because I was using mobile platforms to test. I was hoping to 
get another laptop but was not able.

That said - the mobile devices are not the issue; they will process 3x that 
speed easily and have in my experience.

The switch, for those who may want to know, is a Cisco Small Business SG300-28P


> On May 15, 2016 5:09 PM, "Ryan Coleman" <ryan.cole...@cwis.biz> wrote:
> 
>> I have a bit of an odd setup, but it is working thus far.
>> 
>> I have fiber -> GbE service from USInternet in Minneapolis
>> 
>> That goes into my 28-port GbE managed switch.
>> 
>> That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the
>> FiberVLAN) and my SuperMicro 1U firewall (FiberVLAN) which then feeds back
>> into the switch for servicing the ESXi and LAN.
>> 
>> I get speed tests from Windows 7 through the default/global VLAN of
>> 600x300 (below rated but not the worry right now) from my management PC -
>> this is my benchmark test location.
>> 
>> I have a pfSense VM running that is routing through the real pfSense
>> server and is getting the rated speed through the firewall on the VLAN.
>> When I isolate a PC VM to the VLAN601/602 networks it gets speeds similar
>> to that of the Management PC (different computer).
>> 
>> For radios I have just installed Ubiquiti UniFi AC LITEs (just installed).
>> They are the ones giving between 30mbps and 60mbps rated performance. This
>> is well below 50% of their link speed (1000mbps), and about 10% of the
>> confirmed throughput speed from both the isolated VM.
>> 
>> Items of note:
>>• They are linked to the switch at 1000mbps
>>• There is no listed throttling on them
>>• TrendNET 653APs I had before (100mbps links) were similarly
>> underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps
>> wired connections.
>> 
>> I'm a little lost on where I might have a hangup. I have to go the
>> double-firewall route for sanity purposes.
>> 
>> If I was having issues solely in the second firewall then I might have an
>> idea as to what is going on but instead I'm flabbergasted. I'd like to tell
>> the customer that it's OK to start pushing customers over to the new
>> network but without this piece working at the speed I am attempting to
>> provide it's proving difficult.
>> 
>> Thoughts?
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] What might be throttling my wireless?

2016-05-15 Thread Ryan Coleman

> On May 15, 2016, at 7:32 PM, WebDawg <webd...@gmail.com> wrote:
> 
> So much information and I still do not think we know enough!
> 
> Do you have a UniFi controller installed somewhere?   Are the units
> upgraded fully?  Are you using VLAN networks on the unifi devices to
> do more then one network.

Controlled from the second Windows VM mentioned.

Yes, 2 VLANs, no more.


> You could start by not doing the internet speed test first.  I would
> go from unifi to closest server first...something on the same unifi
> network (like the mangement server) and do an iperf test as suggested
> to that.

I’ll look into it the next time I’m at the shop.

> I would then move closer and closer to the outside of your internal
> network and test all connection points utilizing iperf the entire time.

In all honesty it could be RFI or signal collision. There is a fair amount (but 
not too much, IME) noise in the air for the tests. The difference on that 
being, of course, the AC Apple Airport Extreme they have on cable right now 
pushes 400mbps easily on its own but I’m not plugging it into my network to 
play with (yet).





> 
> 
> On Sun, May 15, 2016 at 3:08 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>> I have a bit of an odd setup, but it is working thus far.
>> 
>> I have fiber -> GbE service from USInternet in Minneapolis
>> 
>> That goes into my 28-port GbE managed switch.
>> 
>> That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the 
>> FiberVLAN) and my SuperMicro 1U firewall (FiberVLAN) which then feeds back 
>> into the switch for servicing the ESXi and LAN.
>> 
>> I get speed tests from Windows 7 through the default/global VLAN of 600x300 
>> (below rated but not the worry right now) from my management PC - this is my 
>> benchmark test location.
>> 
>> I have a pfSense VM running that is routing through the real pfSense server 
>> and is getting the rated speed through the firewall on the VLAN. When I 
>> isolate a PC VM to the VLAN601/602 networks it gets speeds similar to that 
>> of the Management PC (different computer).
>> 
>> For radios I have just installed Ubiquiti UniFi AC LITEs (just installed). 
>> They are the ones giving between 30mbps and 60mbps rated performance. This 
>> is well below 50% of their link speed (1000mbps), and about 10% of the 
>> confirmed throughput speed from both the isolated VM.
>> 
>> Items of note:
>>   • They are linked to the switch at 1000mbps
>>   • There is no listed throttling on them
>>   • TrendNET 653APs I had before (100mbps links) were similarly 
>> underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps 
>> wired connections.
>> 
>> I'm a little lost on where I might have a hangup. I have to go the 
>> double-firewall route for sanity purposes.
>> 
>> If I was having issues solely in the second firewall then I might have an 
>> idea as to what is going on but instead I'm flabbergasted. I'd like to tell 
>> the customer that it's OK to start pushing customers over to the new network 
>> but without this piece working at the speed I am attempting to provide it's 
>> proving difficult.
>> 
>> Thoughts?
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] What might be throttling my wireless?

2016-05-15 Thread Ryan Coleman
I have a bit of an odd setup, but it is working thus far.

I have fiber -> GbE service from USInternet in Minneapolis

That goes into my 28-port GbE managed switch.

That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the FiberVLAN) 
and my SuperMicro 1U firewall (FiberVLAN) which then feeds back into the switch 
for servicing the ESXi and LAN.

I get speed tests from Windows 7 through the default/global VLAN of 600x300 
(below rated but not the worry right now) from my management PC - this is my 
benchmark test location.

I have a pfSense VM running that is routing through the real pfSense server and 
is getting the rated speed through the firewall on the VLAN. When I isolate a 
PC VM to the VLAN601/602 networks it gets speeds similar to that of the 
Management PC (different computer).

For radios I have just installed Ubiquiti UniFi AC LITEs (just installed). They 
are the ones giving between 30mbps and 60mbps rated performance. This is well 
below 50% of their link speed (1000mbps), and about 10% of the confirmed 
throughput speed from both the isolated VM.

Items of note:
• They are linked to the switch at 1000mbps
• There is no listed throttling on them
• TrendNET 653APs I had before (100mbps links) were similarly 
underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps 
wired connections.

I'm a little lost on where I might have a hangup. I have to go the 
double-firewall route for sanity purposes.

If I was having issues solely in the second firewall then I might have an idea 
as to what is going on but instead I'm flabbergasted. I'd like to tell the 
customer that it's OK to start pushing customers over to the new network but 
without this piece working at the speed I am attempting to provide it's proving 
difficult.

Thoughts?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread Ryan Coleman

> On Apr 14, 2016, at 4:54 PM, WebDawg  wrote:
> 
> https://blog.pfsense.org/?p=1716 
> 
> They have an appliance you can purchase now.

That’s why they killed the VM download… ::smdh::

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Broke my NAT reflection

2016-03-24 Thread Ryan Coleman

> On Mar 24, 2016, at 9:38 AM, WebDawg <webd...@gmail.com> wrote:
> 
> On Wed, Mar 23, 2016 at 7:14 PM, Ryan Coleman <ryan.cole...@cwis.biz 
> <mailto:ryan.cole...@cwis.biz>> wrote:
>> And it would appear to be fixed again… clueless, I am.
>> 
>> 
>>> On Mar 23, 2016, at 6:14 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
>>> 
>>> So I moved my server and firewall to a new location and am trying to get a 
>>> sliced network set up for the new location (trading gigabit internet for 
>>> electricity… great deal!) and I am having some issues with the NAT 
>>> reflection on my 1:1.
>>> 
>>> Everything going out is OK but I everything is resolving internally and I’m 
>>> clueless as to what I broke.
>>> 
>>> At this point I’m completely lost so any direction of what you’d expect 
>>> please let me know.
>>> 
>>> Thanks!
>>> ___
> 
> 
> I have had problems with openvpn routing not working until a reboot.
> 
> Could be what happened to you?

Nope, didn’t reboot the firewall at all… It’s been up for 5 days (since the 
relocation) and it’s working now. I think I butchered some of the routing rules 
and fixed it.

PITA. Oh well.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Broke my NAT reflection

2016-03-23 Thread Ryan Coleman
And it would appear to be fixed again… clueless, I am.


> On Mar 23, 2016, at 6:14 PM, Ryan Coleman <ryan.cole...@cwis.biz> wrote:
> 
> So I moved my server and firewall to a new location and am trying to get a 
> sliced network set up for the new location (trading gigabit internet for 
> electricity… great deal!) and I am having some issues with the NAT reflection 
> on my 1:1.
> 
> Everything going out is OK but I everything is resolving internally and I’m 
> clueless as to what I broke.
> 
> At this point I’m completely lost so any direction of what you’d expect 
> please let me know.
> 
> Thanks!
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Broke my NAT reflection

2016-03-23 Thread Ryan Coleman
So I moved my server and firewall to a new location and am trying to get a 
sliced network set up for the new location (trading gigabit internet for 
electricity… great deal!) and I am having some issues with the NAT reflection 
on my 1:1.

Everything going out is OK but I everything is resolving internally and I’m 
clueless as to what I broke.

At this point I’m completely lost so any direction of what you’d expect please 
let me know.

Thanks!
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Android and Windows use of RoadWarrior IPSec from guide?

2015-12-27 Thread Ryan Coleman
Using this guide 
(https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To 
) I 
have successfully gotten it to work on my Mac, iPhones and iPad.

However I cannot get it to work in my Android emulators or on my old S4. I am 
internal to the VPN but I have a hot spot I’ve been using to test the VPN 
connection.

The Android portion is outdated as nothing I have looks like it so if someone 
can give me leads on that and Windows (7, 8 and 10) I would be most 
appreciative.

Thanks!

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] DHCP/Local DNS ping host name

2015-12-12 Thread Ryan Coleman
I’m totally having a brain far weekend on this… but there’s a way (or so I 
think) to link the DNS and DHCP hostnames… How do I do that?

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] darkstat

2015-11-08 Thread Ryan Coleman
From October 16 (Subject: "Bandwidth graph”):

> Was it darkstat?  https://unix4lyfe.org/darkstat/ 
> 
> 
> Packages are maintained by independent coders.



> On Nov 7, 2015, at 8:11 PM, Josh Karli  wrote:
> 
> Hello all!
> 
> Anyone know what happened to the darkstat package? Had it installed on 
> pfsense 2.2.4 x64, upgraded to 2.2.5 and it's gone. If it's no longer 
> supported, anyone have any suggestions on another pfsense package that also 
> lets you drill down to see traffic types by IP address?
> 
> 
> Cheers!
> Josh Karli
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Bandwidth graph

2015-10-16 Thread Ryan Coleman
Typically packages are removed because they are no longer supported by the 
developer.


> On Oct 16, 2015, at 1:11 AM, Walter Parker  wrote:
> 
> Years ago, there was a package for pfSense that graphed total bandwidth for
> the Day, Month, Year using bar charts. It would show the top days with
> bandwidth and total usage for the month.
> 
> It was not bandwidthD or the RRD graphs. I can't find it anymore. What was
> it called and why was it removed?
> 
> 
> Walter
> 
> -- 
> The greatest dangers to liberty lurk in insidious encroachment by men of
> zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] github.com/google/google-authenticator/ on pfSense 2.2x

2015-10-15 Thread Ryan Coleman
So… you don’t know how well it will work in pfSense, then.


> On Oct 14, 2015, at 3:34 PM, Vick Khera  wrote:
> 
> and only on FreeBSD servers (not pfSense)

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] client VPN on IOS

2015-09-15 Thread Ryan Coleman
I have had IPSEC going in the past but an initial 2.2 change broke it and I 
haven’t tried since.

I intend to do it again soon and it’s way easier than openvpn, IMO. 


> On Sep 15, 2015, at 8:54 AM, Olivier Mascia  wrote:
> 
>> Le 15 sept. 2015 à 15:18, Ray Bagby  a écrit :
>> 
>> Greetings,
>> 
>> Anyone have any luck connecting iphone via VPN?
>> 
>> Thanks
> 
> Very easily, I would say.  And very stable once setup.
> 
> I use "OpenVPN Connect" iOS App (just search "openvpn" in iOS AppStore, 
> should be the first choice or close to). There may be others, I merely use 
> that one and it fits my needs.
> 
> On pfSense, do not forget to first install the package "OpenVPN Client Export 
> Utility" and use it to package the config file you will need on the iOS 
> device. You will then have a new tab "Client Export" within the OpenVPN menu. 
> Most settings it not all should be OK by default (for a first try at least). 
> On the lower right of the screen click on the tiny link "OpenVPN Connect" and 
> you will get a proper file for your device.
> 
> You will have to either move the exported config file through iTunes/USB or 
> send it to yourself by email (much less secure of course), in order to import 
> it in the App and then use it.
> 
> -- 
> Meilleures salutations, Met vriendelijke groeten,
> Best Regards. Olivier Mascia, integral.be/om
> 
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] client VPN on IOS

2015-09-15 Thread Ryan Coleman
I have had IPSEC going in the past but an initial 2.2 change broke it and I 
haven’t tried since.

I intend to do it again soon and it’s way easier than openvpn, IMO. 


> On Sep 15, 2015, at 8:54 AM, Olivier Mascia  wrote:
> 
>> Le 15 sept. 2015 à 15:18, Ray Bagby  a écrit :
>> 
>> Greetings,
>> 
>> Anyone have any luck connecting iphone via VPN?
>> 
>> Thanks
> 
> Very easily, I would say.  And very stable once setup.
> 
> I use "OpenVPN Connect" iOS App (just search "openvpn" in iOS AppStore, 
> should be the first choice or close to). There may be others, I merely use 
> that one and it fits my needs.
> 
> On pfSense, do not forget to first install the package "OpenVPN Client Export 
> Utility" and use it to package the config file you will need on the iOS 
> device. You will then have a new tab "Client Export" within the OpenVPN menu. 
> Most settings it not all should be OK by default (for a first try at least). 
> On the lower right of the screen click on the tiny link "OpenVPN Connect" and 
> you will get a proper file for your device.
> 
> You will have to either move the exported config file through iTunes/USB or 
> send it to yourself by email (much less secure of course), in order to import 
> it in the App and then use it.
> 
> -- 
> Meilleures salutations, Met vriendelijke groeten,
> Best Regards. Olivier Mascia, integral.be/om
> 
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-08 Thread Ryan Coleman
Yes. As I previously noted it already works from CenturyLink’s DSL modems.


> On Sep 8, 2015, at 7:04 AM, Vick Khera  wrote:
> 
> 
> You'd have to ask Dyn if they can make host names within your own domain
> dynamic. The dynamic DNS configuration in pfSense is for working with their
> existing dynamic DNS domains, like foo.dyndns.org .

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman
Yes, I know. I didn’t actually message you directly to ask - I asked the 
subscribers on the mailing list.


> On Sep 7, 2015, at 11:08 PM, David Christensen <dpchr...@holgerdanske.com> 
> wrote:
> 
> On 09/07/2015 06:24 PM, Ryan Coleman wrote:
>> How do you get this to function with Dyn.com (formerly DynDNS.com 
>> <http://dyndns.com/>)?
> 
> My current setup has nothing to do with Dyn.  It's he.net and pfSense, 
> exclusively.
> 
> 
> David
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman
Thank you. I’ll give it a whirl in a few days.


> On Sep 7, 2015, at 9:15 PM, Chris Bagnall <pfse...@lists.minotaur.cc> wrote:
> 
> On 8/9/15 2:24 am, Ryan Coleman wrote:
>> How do you get this to function with Dyn.com (formerly DynDNS.com 
>> <http://dyndns.com/>)? I have the paid domain and I’ve gotten CenturyLink 
>> DSL modems to negotiate the IP without issue before but I cannot seem to 
>> figure out the configuration for pfSense.
> 
> I've just logged into one of our clients' pfSense boxes that's doing 
> precisely this (albeit with Virgin Media cable here in the UK, but the 
> dyn.com setup should be similar).
> 
> Service type: DynDNS (dynamic)
> Interface to monitor: WAN (or change in multi-wan environment)
> Hostname: FQDN you've set up on dyn.com
> Username / Password: your dyn.com login
> 
> That's about it.
> 
> Kind regards,
> 
> Chris
> -- 
> This email is made from 100% recycled electrons
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman
This begs the question from me, then…

How do you get this to function with Dyn.com (formerly DynDNS.com 
)? I have the paid domain and I’ve gotten CenturyLink DSL 
modems to negotiate the IP without issue before but I cannot seem to figure out 
the configuration for pfSense.

Thanks!

—
Ryan


> On Sep 7, 2015, at 3:03 PM, David Christensen  
> wrote:
> 
> On 09/07/2015 12:19 PM, David Christensen wrote:
>> But, myself and he.net technical support are unclear as to what needs to
>> be done on the he.net end.
> 
> he.net created the DDNS record, username, and password hash for me.  I 
> entered the information into pfSense and now it works!  :-)
> 
> 
> David
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman

> On Sep 7, 2015, at 8:58 PM, Andrew Mitchell  wrote:
> 
> Ryan,
> I know this is not your question but, my company setup Dynster.net 
>  for DDNS needs. It's not built in to pfSense because we 
> are trying to get info from devs but, we do support a simple manual pfSense 
> integration work around. It does work.
> Maybe it will help.
> Andrew 

Andrew,

I appreciate your message but I have no intention of moving my domain anytime 
soon. It’s just one that I use this for and with it I pay $30/year… I have 15 
named hosts on my personal domain (NS’d there).

I looked at your website and it appears that your service rate of $3/host after 
the first one per month I wouldn’t be able to use the service at all.

Thank you,
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] GUI performance on an ALIX 2d3

2015-08-14 Thread Ryan Coleman
 On Aug 13, 2015, at 5:47 PM, Chris Buechler c...@pfsense.com wrote:
 
 On Thu, Aug 13, 2015 at 4:50 PM, Rainer Duffner rai...@ultra-secure.de 
 wrote:
 
 I just checked - I ordered it at the end of September 2008.
 It’s going to be seven years old in a couple of weeks.
 That’s quite impressive - do you still get firmware-updates for seven year 
 old commercial DSL-routers?
 
 
 Nope. Often not even when backdoors or other serious security issues
 are disclosed and they're not nearly that old.


I’d like to point out here for argument’s sake we’re comparing oranges to 
Chevrolets…  a commercial firewall and a commercial DSL router are different 
items. Most establishments, in my experience, have their router and their 
firewall completely separate; 7-year old commercial firewalls do get updates, 
provided the company doesn’t abandon them.

And, yes, abandonment does happen. AdTran is famous for that. And also making 
finding upgrades difficult at times.

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

2015-07-28 Thread Ryan Coleman

 On Jul 28, 2015, at 2:50 PM, Moshe Katz mo...@ymkatz.net wrote:
 
 On Tue, Jul 28, 2015 at 3:44 PM, Vick Khera vi...@khera.org 
 mailto:vi...@khera.org wrote:
 
 On Sun, Jul 26, 2015 at 10:31 PM, Ryan Coleman ryan.cole...@cwis.biz
 wrote:
 
 I have an issue with Qualy’s: They ding my certification because I have
 domain.com
 
 http://domain.com/
 
 on it and not www.domain.com
 
 http://www.domain.com/
 
 (multi-site cert).
 
 That’s not a reason to lower a score on security.
 
 
 The only way I can make sense of your sentence is that they are dinging you
 for having a certificate that does not match the name of the site you are
 visiting because one has www. and the other does not. That seems to be
 reasonable for them to ding you.
 
 
 Vick,
 
 Qualys *does* take off points if you have a certificate for your bare
 domain name without it having www as an alternate name.  For example, a
 certificate for 'example.com http://example.com/' that doesn't work for 
 'www.example.com http://www.example.com/' is
 penalized, even if it is really only used for 'example.com 
 http://example.com/'.
 
 I believe that the reason they do this is because they assume that people
 always have their sites set up so that www redirects to bare, bare
 redirects to www, or both bare and www show the same content.  While this
 may not always be true, it is an assumption that Qualys and many other
 people make, so it is included in the grade.

Sure but if you try to load www.domain.com http://www.domain.com/ it sends 
you to the clean domain immediately. I am not testing www.domain.com 
http://www.domain.com/ - I am testing domain.com http://domain.com/ and 
there’s no evidence they’re trying to load www.domain.com 
http://www.domain.com/, only reading the certificate and seeing it doesn’t 
cover it.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Passing local data through firewall to NAT'd IPs

2015-07-27 Thread Ryan Coleman
I know this has been discussed but a quick reminder - how do I get the firewall 
to pass local remote traffic? Domains are locally hosted but only accessible 
from remote IP.

Thanks!
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Passing local data through firewall to NAT'd IPs

2015-07-27 Thread Ryan Coleman
Answered myself:

NAT reflection here - /system_advanced_firewall.php


 On Jul 27, 2015, at 5:22 PM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 I know this has been discussed but a quick reminder - how do I get the 
 firewall to pass local remote traffic? Domains are locally hosted but only 
 accessible from remote IP.
 
 Thanks!
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

2015-07-24 Thread Ryan Coleman
First off you’d upgrade the installation of pfSense - what version do you have 
installed/running? The current version is 2.2.3.


 On Jul 24, 2015, at 3:51 PM, Ted Byers r.ted.by...@gmail.com wrote:
 
 I have checked our installation of our website (a classic protected LAN
 with a DMZ formed by two pfsense machines serving as our inner and outer
 firewall, and one machine in the DMZ and the rest behind the inner
 firewall) using a PCI scanner.
 
 The PCI scan identified two vulnerabilities WRT our pfsense machines.
 
 First, the scanner complains that TLS1 is supported and we need to restrict
 it to TLS1.2.  We modified the configuration of lighttpd to use TLS1.2, but
 that did not make the complaint go away, so is there anything else that
 uses TLS that we need to reconfigure to use only TLS1.2?
 Second, it appears that ssh-server on pfsense is version 6.6 and it would
 be good if we can upgrade that to 6.9 or better (well, if there is better -
 the scan only complains the version if earlier than 6.9)
 
 If we can fix these two things, a little over half of the complaints from
 the scanner will be resolved.  I have spent a couple days using google,
 trying to resolve these, but to no avail (compounded by the fact the signal
 to noise ratio in my searches was abysmal).
 
 Thanks
 
 Ted
 
 -- 
 R.E.(Ted) Byers, Ph.D.,Ed.D.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

2015-07-24 Thread Ryan Coleman

 On Jul 24, 2015, at 7:18 PM, Ted Byers r.ted.by...@gmail.com wrote:
 
 On Fri, Jul 24, 2015 at 6:29 PM, Chris Buechler c...@pfsense.com wrote:
 
 On Fri, Jul 24, 2015 at 5:20 PM, Ted Byers r.ted.by...@gmail.com wrote:
 This is an external scan.  We forward ports such as 443 and 22 to
 specific
 Ubuntu machines.  But both sshd and apache have been configured to accept
 only TLS1.2
 
 
 In the case of forwarded ports it's the Ubuntu machines that are
 triggering it. That has nothing to do with the firewall.
 
 
 In that case, then, the scan is wrong as all our Ubuntu machines are
 configured to use only TLS1.2
 


I am curious as to what tool you were using.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Access Point Recommendations?

2015-07-20 Thread Ryan Coleman
Well… this is my area of expertise at work: cheap hardware begets bad 
experiences.

OTC hardware is cheap. Even if you pay a lot for it.

Firetide, FluidMesh and Rajant are the best hardware on the market for what 
you’re describing. And VERY expensive.



 On Jul 20, 2015, at 12:31 PM, Karl Fife karlf...@gmail.com wrote:
 
 Both Zero Handoff and Wireless Backhaul for Wi-Fi  have proven to be *not 
 useful* technologies for us due to the transient and unpredictable nature of 
 Wi-Fi interference.  Both technologies have correlated risk factors that 
 cause cascading performance degredation.  As interference or load increases, 
 the probability of adverse loss, jitter, and latency also increase.  That 
 breaks the network's suitability to many applications.
 
 SNR in the backhaul band can be fine for days, then can become absolute shit 
 for hours, seemingly for no reason.  Site analysis shows an energy spike in 
 the backhaul band.  Maybe somebody's 'smart' AP has changed channels.  Maybe 
 someone is microwaving a baby monitor.  Maybe the UFO's just outside probe my 
 brain using the Wi-Fi bands to steal my secret plans.  Architecture using 
 these technologies can be acceptable for hobbyists, or for when there is 
 literally no other option within budget, but IMO architecting a system with 
 them is similar to setting out for a day on the ocean with a life jacket 
 (i.e. no boat).
 
 Zero Handoff?
 This we've measured less carefully, but performance appears to tank far 
 sooner in this scenario too.  Please chime in if you have specific expertise 
 on this technology, but this appears that ZH depends upon low interference on 
 a single channel across the entire handoff 'campus'.   That's a pipe dream in 
 dense condominiums and high-rise office buildings.  It may be OK if you live 
 in a Faraday cage or on a drilling platform in the ocean.  Apart from those 
 scenarios, we've never been on the fence as to whether we should use it.
 
 Now AC on the other hand...  I love me come AC.  Plus, they tend to serve 
 double duty as space heaters.
 -KF
 
 
 
 
 
 On 7/17/2015 10:37 AM, Zandr Milewski wrote:
 Be aware, though, the UAP-AC is missing some banner UniFi features.
 
 No Zero-Handoff
 No Wireless Backhaul
 
 I can't tell if any of the UniFi indoor stuff does the UNII-2e/DFS stuff. 
 The AC's certainly don't.
 
 On 7/17/15 08:29, David Burgess wrote:
 On Fri, Jul 17, 2015 at 8:45 AM, Chuck Mariotti cmario...@xunity.com 
 wrote:
 We are having a number of issues with Engenius Access Points... they seems 
 to have the features we need but for some reason, connectivity is not 
 reliable (seems Mac related). As much time as I would like to spend 
 debugging it, it would be cheaper to replace.
 
 Does anyone have any recommendations for small office access points?
 
 
 I second both of the previous replies. I use Unifi and Tomato
 exclusively for wireless.
 
 For budget installs with plenty of features, try Shibby's Tomato on
 the ASUS RT-N12 or RT-AC66U.
 
 For POE, top aesthetics or mass deployment and central management,
 spend a little more on the Unifi.
 
 db
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Access Point Recommendations?

2015-07-20 Thread Ryan Coleman
On Jul 20, 2015, at 1:20 PM, Jim Thompson j...@netgate.com wrote:
 
 
 Firetide?
 
 LOL
 
 I’m good friends with the guy who did the design for Firetide.  He was, after 
 all, the director of engineering there prior to the VCs moving the company 
 from Hawaii to California.
 He’s the one who also contributed the OLSR port freeBSD (which pfSense picked 
 up).  Said it was just as good, if not better, than the proprietary algorithm 
 in the Fireturd firmware.
 
 Firetide was based on Soekris for the longest time.  I don’t know what they 
 do these days.

You actually have no idea what they do at all. But that’s fine - I’m not 
replying in this manner to tear your opinion to shreds because I don’t have the 
time, energy or patience to read it.  And from here on out I stripped out all 
the extra stuff because, well, it doesn’t actually matter to anyone on the list.

And, Jim, you just successfully got me to stop providing real world feedback in 
this forum.
well, actually, you got me to stop reading your replies. No formatting, no 
sense and not warranted/needed in the discussion. So I move on without you.

What does matter is: You get what you pay for. If you buy a $50 solution for a 
$5,000 problem it’s not going to work. 

I do video surveillance and door access control design and installations. I 
also do high-capacity, high-speed wireless network deployments across large 
areas. 
You get what you pay for.

If you put a $25 lockset on a door and someone breaks it open - you got what 
you paid for.

If you put a $100 wireless access point outside that doesn’t have 
weatherproofing (Ubiquiti) and it fails under temperature or conditions - you 
got what you paid for.

Off the shelf hardware does off the shelf function; Mesh, mobility and hand-off 
functions of wireless devices are not off the shelf functions. Even if they 
claim they support it - you get what you pay for.

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Access Point Recommendations?

2015-07-17 Thread Ryan Coleman
I have Trendnet 653APs that work really well. it’s B/G/N (no AC or A or 5GHz) 
and runs as 2x3 quite well. 

They’re POE or DC, handle VLANs well, too. $65 on amazon NIB and I think they 
come with the AC/DC adapter.


 On Jul 17, 2015, at 2:21 PM, compdoc comp...@hotrodpc.com wrote:
 
 Does anyone have any recommendations for small office access points?
 
 
 I use a Zyxel WAP3205 v1, which was fairly inexpensive. I use pfSense to
 provide DHCP and rules for the clients, and have the features in the WAP
 that are said to be easy to hack disabled. (like WPA Compatible, and WPS) 
 
 So, it's basically used as a dumb  802.11 b/g/n  radio. However, I do use
 the mac filter in the WAP. This is more work for me to add a device, but I
 only have a couple of devices that use it.
 
 Range is great, and I actually set the Output Power to 50% so it can't be
 seen as far away. 
 
 Newer versions are about $45 on amazon.
 
 
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Any update on 2.2.4?

2015-07-16 Thread Ryan Coleman
For those of us with IPsec needs: is there an update on the release of 2.2.4? 
I’m avoiding upgrading my secondary firewall because I cannot afford to lose 
some basic VPN functionality.

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] QoS for fairness usage

2015-07-14 Thread Ryan Coleman
My experience is on par with yours - especially with low-power connections (DSL 
or Cable under 10mbit). 

On my 50Mb cable line at home - no problems in my testing. I haven’t tested the 
Fiber yet but should be doing so in the next month. The DSL at the bar, 
however, QoS throttling was so horrible I had to dump it altogether.


 On Jul 14, 2015, at 2:55 AM, Lorenzo Milesi max...@ufficyo.com wrote:
 
 Hi
 I found this [1] nice and quick howto which explains how to set up pfSense 
 QoS to obtain fair usage between clients, so that one will not suck all the 
 available bandwidth.
 Has anyone tried it? is it working for you? 
 
 I made a quick check and doesn't really seem to, I started a download on my 
 laptop and then on the server and the latter was going nearly full speed, 
 leaving less than 100kB/s to my client.
 
 
 
 [1] http://www.gridstorm.net/pfsense-traffic-limiting-fair-share/
 
 -- 
 Lorenzo Milesi - lorenzo.mil...@yetopen.it
 
 YetOpen S.r.l. - http://www.yetopen.it/
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Cannot Spoof MAC

2015-07-11 Thread Ryan Coleman

 On Jul 11, 2015, at 5:22 PM, Chris Buechler c...@pfsense.com wrote:
 
 On Sat, Jul 11, 2015 at 10:13 AM, Doug Lytle supp...@drdos.info wrote:
 Everyone,
 
 I talked a small automotive shop into replacing their aging pfSense computer
 with a GA-J1900N-D3V.  They purchased an all-in-one unit from mini-box.com
 
 http://www.mini-box.com/SYS-M350-Gigabyte-J1900N-D3V-picoPSU-90-60W
 http://www.gigabyte.com/products/product-page.aspx?pid=4918#ov
 
 I got it loaded up, restored their 2.2.3 config from the old system and took
 it over after work the following day.  I ended up spending over an hour
 trying to get that little system to pick up a DHCP address for their Comcast
 router.
 
 I finally gave up and put the old system back in.
 
 Working on it today, I've tracked it down to pfSense not being able to spoof
 their MAC address.  When trying to spoof any address, I get the below (ISC
 DHCP logs)
 
 
 Is it link cycling on that NIC? What type of NIC is it? There are
 certain NICs that get weird and start link cycling with MAC spoofing
 (possibly plus DHCP client). If that's the case it's not that it's not
 accepting the lease, it is, but then loses link and regains it, which
 triggers another DHCP request as part of the linkup process, which
 cycles link again, rinse and repeat.

According to the spec page he linked to:   • 2 x Realtek® GbE LAN chips 
(10/100/1000 Mbit)
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP issues on 1:1

2015-07-09 Thread Ryan Coleman
I switched it to port 21 and it’s still not working externally, either.

PASV ports are opened up in Firewall Rules.

It requests approving the TLS certificate.


 On Jul 8, 2015, at 11:03 AM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 
 On Jul 8, 2015, at 9:30 AM, ED Fochler soek...@liquidbinary.com 
 mailto:soek...@liquidbinary.com wrote:
 
 10.20.*.* really shouldn’t be on your wan, that’s not routable.  Also, 
 214*256+167=54951, outside the range you say you dictated in the conf 
 (49500-52500) 
 I’ll give you that. PITA.
 
 I don’t think PFSense is going to provide you an ftp proxy, both because 
 you’re not using port 21, and this document:
 https://doc.pfsense.org/index.php/FTP_without_a_Proxy 
 https://doc.pfsense.org/index.php/FTP_without_a_Proxy  
 
 I’m not convinced that ProFTPd is actually using your conf.  I think you’re 
 now fighting with ProFTPd, not PFSense.  wireshark (or Microsoft Network 
 Monitor) is your friend.
 
 It connects locally on 10.50.1.2 on port 9000.
 
 10.20.1.49 is the local IP of my computer when I was out of the house 
 yesterday. Not the LAN IP of the server.
 
 1:1 is routing things correctly to 1.2 otherwise (website is loading without 
 issue).
 
 I’ll look more into it tonight.
 
 
  ED
 
 On 2015, Jul 7, at 10:49 PM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 Yes.
 
 ProFTPd reports the masquerading address properly when starting the service.
 
 —
 Ryan
 
 
 On Jul 7, 2015, at 5:14 PM, Steve Yates st...@teamits.com wrote:
 
 Ryan Coleman wrote on Tue, Jul 7 2015 at 4:48 pm:
 
 http://www.proftpd.org/docs/directives/linked/config_ref_MasqueradeAddress.html
 
 Yep - I’m using that.
 
 Command:  PORT 10,20,1,49,214,167
 
Pretty sure this would be IP 10.20.1.49, not the public one...is 
 10.20.1.x on your WAN?
 
 --
 
 Steve Yates
 ITS, Inc.
 
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list 
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold 
 https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP issues on 1:1

2015-07-08 Thread Ryan Coleman

 On Jul 8, 2015, at 9:30 AM, ED Fochler soek...@liquidbinary.com wrote:
 
 10.20.*.* really shouldn’t be on your wan, that’s not routable.  Also, 
 214*256+167=54951, outside the range you say you dictated in the conf 
 (49500-52500) 
I’ll give you that. PITA.
 
 I don’t think PFSense is going to provide you an ftp proxy, both because 
 you’re not using port 21, and this document:
 https://doc.pfsense.org/index.php/FTP_without_a_Proxy  
 
 I’m not convinced that ProFTPd is actually using your conf.  I think you’re 
 now fighting with ProFTPd, not PFSense.  wireshark (or Microsoft Network 
 Monitor) is your friend.

It connects locally on 10.50.1.2 on port 9000.

10.20.1.49 is the local IP of my computer when I was out of the house 
yesterday. Not the LAN IP of the server.

1:1 is routing things correctly to 1.2 otherwise (website is loading without 
issue).

I’ll look more into it tonight.


   ED
 
 On 2015, Jul 7, at 10:49 PM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 Yes.
 
 ProFTPd reports the masquerading address properly when starting the service.
 
 —
 Ryan
 
 
 On Jul 7, 2015, at 5:14 PM, Steve Yates st...@teamits.com wrote:
 
 Ryan Coleman wrote on Tue, Jul 7 2015 at 4:48 pm:
 
 http://www.proftpd.org/docs/directives/linked/config_ref_MasqueradeAddress.html
 
 Yep - I’m using that.
 
 Command:   PORT 10,20,1,49,214,167
 
 Pretty sure this would be IP 10.20.1.49, not the public one...is 
 10.20.1.x on your WAN?
 
 --
 
 Steve Yates
 ITS, Inc.
 
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP issues on 1:1

2015-07-07 Thread Ryan Coleman
No port forwarding. Just 1:1 and Rules.

ProFTPd is told to use port 9000. That works perfectly internally.

Rules set up to allow port 9000 out through the firewall. Connection happens - 
but no directory structure is delivered.
This is working for other services on the internal server including Apache.


 On Jul 6, 2015, at 10:35 PM, Jim Pingle li...@pingle.org wrote:
 
 On 7/6/2015 7:59 PM, Ryan Coleman wrote:
 Using 1:1 has turned most of my knowledge in pfSense completely useless. I 
 feel like a beginner again.
 
 FTP worked on port 21. But for security reasons I do not want it there so I 
 moved it to port 9000.
 
 ProFTPd is set up for Masquerading on its 1:1 IP, passive ports are dictated 
 in the conf (49500-52500) and configured as such in the Firewall Rules. 
 Firewall Rules also have port 8999-9001 open for the FTP server.
 
 FTP works internal to the network so the issue isn’t in the configuration of 
 ftp server but in the configuration of the firewall.
 
 Seems the actual question/problem statement is missing. What exactly
 isn't working?
 
 Did you actually change the binding port in ProFTPd or did you redirect
 21 to 9000 with a port forward?
 
 If you mix 1:1 NAT and port forwards you will find a couple things you
 may not expect due to the way pf works and how NAT happens before
 firewall rules:
 
 1. Port forwards override 1:1 NAT, which is good for doing what you want
 
 -but-
 
 2. If you forward a different port (e.g. 9000 to 21) your rule still
 passes to the local IP on port 21 so BOTH ports are actually accessible.
 In other words, you can't relocate a port and block access to the
 original port.
 
 Changing the binding in ProFTPd to 9000 should work around that.
 
 If that's what you did, then your rule would pass to the local IP on
 port 9000.
 
 If that doesn't help, give us a bit more detail about the exact NAT and
 firewall rules you have and what isn't working as expected. Include
 firewall logs, states for the test connections, and perhaps a packet
 capture.
 
 Jim
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP issues on 1:1

2015-07-07 Thread Ryan Coleman
And is included in the Kernel in 2.x but, alas, it’s not working.

SFTP is not an option.

 On Jul 7, 2015, at 1:10 PM, ED Fochler soek...@liquidbinary.com wrote:
 
 an ftp proxy is what the linux guys usually do, as iptables has a module for 
 that.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP issues on 1:1

2015-07-07 Thread Ryan Coleman

 On Jul 7, 2015, at 4:41 PM, Steve Yates st...@teamits.com wrote:
 
 ED Fochler wrote on Tue, Jul 7 2015 at 1:10 pm:
 
 FTP is a nasty beast.  There’s active, passive, and extended passive
 connections.  You may need a client that does extended passive (epsv?) to 
 work
 properly.  Standard passive will hand back the server’s IP  data port over 
 the
 control connection, so unless PFSense is altering the packets as they leave, 
 or
 ProFTPd knows that it needs to respond to that IP range with a masqueraded
 IP, standard passive will get hung up.
 
 http://www.proftpd.org/docs/directives/linked/config_ref_MasqueradeAddress.html
 
 Basically that should hand out the public IP for the passive connection, 
 instead of the server's LAN IP.  However (not tested) that may well break 
 internal FTP, unless perhaps requests to the WAN IP are reflected back 
 inside.  I think I would even expect internal FTP users to have to connect 
 via the WAN IP also.

Yep - I’m using that.

Status: Resolving address of domain.ltd
Status: Connecting to public.IP:9000...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Connected
Status: Retrieving directory listing...
Command:PWD
Response:   257 / is the current directory
Command:TYPE I
Response:   200 Type set to I
Command:PORT 10,20,1,49,214,167
Response:   200 PORT command successful
Command:MLSD
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

But internally it immediately connects.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP issues on 1:1

2015-07-07 Thread Ryan Coleman
Yes.

ProFTPd reports the masquerading address properly when starting the service.

—
Ryan


 On Jul 7, 2015, at 5:14 PM, Steve Yates st...@teamits.com wrote:
 
 Ryan Coleman wrote on Tue, Jul 7 2015 at 4:48 pm:
 
 http://www.proftpd.org/docs/directives/linked/config_ref_MasqueradeAddress.html
 
 Yep - I’m using that.
 
 Command: PORT 10,20,1,49,214,167
 
   Pretty sure this would be IP 10.20.1.49, not the public one...is 
 10.20.1.x on your WAN?
 
 --
 
 Steve Yates
 ITS, Inc.
 
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Issues with IPsec and 2.2.3

2015-07-06 Thread Ryan Coleman
Ahh good to know - that would explain the other thing I was experiencing but 
decided no to pursue right away.


 On Jul 6, 2015, at 9:49 AM, Vick Khera vi...@khera.org wrote:
 
 On Sun, Jul 5, 2015 at 12:03 PM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to
 negotiate on a previously-functioning IPsec configuration. Only change I
 can determine right now is the updated OS of the firewall to CURRENT.
 
 
 I had the issue with iPhone IPSec connection not routing any packets, but
 negotiating properly otherwise. It turns out there is a bug in 2.2.3 with
 respect to using AES-256 encryption and having the AES-NI hardware
 acceleration enabled. Release 2.2.4 expected soon will fix this.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


[pfSense] FTP issues on 1:1

2015-07-06 Thread Ryan Coleman
Using 1:1 has turned most of my knowledge in pfSense completely useless. I feel 
like a beginner again.

FTP worked on port 21. But for security reasons I do not want it there so I 
moved it to port 9000.

ProFTPd is set up for Masquerading on its 1:1 IP, passive ports are dictated in 
the conf (49500-52500) and configured as such in the Firewall Rules. Firewall 
Rules also have port 8999-9001 open for the FTP server.

FTP works internal to the network so the issue isn’t in the configuration of 
ftp server but in the configuration of the firewall.

Thoughts?

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Issues with IPsec and 2.2.3

2015-07-05 Thread Ryan Coleman
Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to 
negotiate on a previously-functioning IPsec configuration. Only change I can 
determine right now is the updated OS of the firewall to CURRENT.

Has anyone else experienced this?

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Issues with IPsec and 2.2.3

2015-07-05 Thread Ryan Coleman
I decided to destroy and start over and it’s working.


 On Jul 5, 2015, at 11:03 AM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to 
 negotiate on a previously-functioning IPsec configuration. Only change I can 
 determine right now is the updated OS of the firewall to CURRENT.
 
 Has anyone else experienced this?
 
 —
 Ryan
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How to Install PFSENSE in VM

2015-06-30 Thread Ryan Coleman
There’s an OVA floating around somewhere still that had 2.0 on it, you could 
upgrade it through to 2.2.3 pretty easily…

I typically, though, use the ISO these days so I can have a little more 
flexibility in my installation. 



 On Jun 30, 2015, at 3:32 AM, putra kurnia Ramadana 
 ramadana.sibar...@gmail.com wrote:
 
 Dear Friends,
 
 I was completed download pfsense on my laptop, so, I want to install
 pfsense use my laptop in VM. but why it can't install ?
 the format file of pfsense is iso.gz
 
 please help me to install pfsense on my laptop ?
 
 Thank You.
 
 *Sincerely Yours, *
 
 
 *Putra Kurnia Ramadana*
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Dashboard Width

2015-06-30 Thread Ryan Coleman
What I think really needs to be added is a little device type CSS/JS so that 
mobile devices look cleaner not just fluidness. Having to scroll and pinch and 
zoom to see the menu on my iPhone or iPad is a royal PITB.

And for the work… I’d be happy to contribute my time and experience as a web 
developer directly to the Electric Sheep guys (I’m talking to you, Jim 
Thompson!) I’ve been programming in PHP for 15 years


 On Jun 30, 2015, at 8:25 AM, Paul Galati paulgal...@gmail.com wrote:
 
 All,
 
 Am I doing something wrong or is the current dashboard themes limited to 2 
 columns across?  With computer screens being wider than taller, it would be 
 nice to be able to have a 3rd or 4th row of data rather than scrolling up and 
 down.
 
 Just curious. Thanks.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Setting up for 1:1 with block of statics?

2015-06-29 Thread Ryan Coleman
It’s working. www.test.d3photo.com http://www.test.d3photo.com/

I don’t know why I cannot access ANY of it from my other network, though… I 
have to be outside the building to see it.

 On Jun 27, 2015, at 10:03 PM, Ryan Coleman ryan.cole...@cwis.biz wrote:
 
 I agree. But if they’re redirecting all the traffic to a specific MAC address 
 (which they say are - the firewall I have has to be registered) I guess you 
 could, in theory, do some L2 voodoo and make it work.
 
 The email from the support tech earlier this week:
 The usable IP range and gateway IP will depend on your firewall setup, for 
 example if you were to use a 1-to-1 NAT to internal IP addresses for each 
 public IP, you would be able to use every address in the range.
 
 
 And I wouldn’t believe it except that when I ping the Network address (.16) 
 from my existing ISP (Comcast) it shows up on the firewall as traffic.
 
 
 
 On Jun 27, 2015, at 9:47 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote:
 
 On 28 Jun 2015, at 03:35, Ryan Coleman ryan.cole...@cwis.biz wrote:
 The ISP has actually stated otherwise, which is the reason I brought it up.
 
 That’s a new one on me. If you get that working, I’d be fascinated to hear 
 how - it seems to go against the basics of IP networks.
 
 Kind regards,
 
 Chris
 -- 
 C.M. Bagnall
 This email is made from 100% recycled electrons
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Setting up for 1:1 with block of statics?

2015-06-29 Thread Ryan Coleman
The thing is right now I’m on my Comcast account and the other server is on a 
completely different subnet. Yes on my same network but it goes out via 
Comcast, through them to US Internet to the firewall downstairs and into the VM 
that is on that specific network.


 On Jun 29, 2015, at 10:52 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote:
 
 On 29/6/15 4:41 pm, Ryan Coleman wrote:
 I don’t know why I cannot access ANY of it from my other network, though… I 
 have to be outside the building to see it.
 
 System - Advanced - NAT Reflection perhaps?
 
 Might be worth playing with some of the options in there...
 
 (but personally, I'd just set a local DNS override so www.test.d3photo.com 
 resolves to the server's internal LAN IP)
 
 Kind regards,
 
 Chris
 -- 
 This email is made from 100% recycled electrons
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Setting up for 1:1 with block of statics?

2015-06-27 Thread Ryan Coleman
The ISP has actually stated otherwise, which is the reason I brought it up.

I am going to try the VLAN route since physical OPT1 will be connected to 
another ISP.

 On Jun 27, 2015, at 9:32 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote:
 
 On 28 Jun 2015, at 02:38, Ryan Coleman ryan.cole...@cwis.biz wrote:
 which is the preferred mind you because it would give me all three 
 additional IPs (gateway, network address and broadcast) as addressable…
 
 No it won’t. Your network is 18.25.125.16/29. You still have to follow the 
 normal rules about gateway, network and broadcast - you can’t get around 
 that. If you need more than the 5 usable addresses, you need to ask your 
 service provider to give you a /28. This is not a pfSense limitation.
 
 So in the example I gave, I used .17 for pfSense’s OPT1 interface. This gives 
 you .18 - .22 inclusive for your stuff. .23 is the broadcast.
 
 Kind regards,
 
 Chris
 -- 
 C.M. Bagnall
 This email is made from 100% recycled electrons
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Setting up for 1:1 with block of statics?

2015-06-27 Thread Ryan Coleman
I agree. But if they’re redirecting all the traffic to a specific MAC address 
(which they say are - the firewall I have has to be registered) I guess you 
could, in theory, do some L2 voodoo and make it work.

The email from the support tech earlier this week:
 The usable IP range and gateway IP will depend on your firewall setup, for 
 example if you were to use a 1-to-1 NAT to internal IP addresses for each 
 public IP, you would be able to use every address in the range.


And I wouldn’t believe it except that when I ping the Network address (.16) 
from my existing ISP (Comcast) it shows up on the firewall as traffic.



 On Jun 27, 2015, at 9:47 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote:
 
 On 28 Jun 2015, at 03:35, Ryan Coleman ryan.cole...@cwis.biz wrote:
 The ISP has actually stated otherwise, which is the reason I brought it up.
 
 That’s a new one on me. If you get that working, I’d be fascinated to hear 
 how - it seems to go against the basics of IP networks.
 
 Kind regards,
 
 Chris
 -- 
 C.M. Bagnall
 This email is made from 100% recycled electrons
 
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

  1   2   3   >