[pfSense] Interface Assignment Change - Requires Bridge Save?

2015-07-28 Thread Tim Nelson
Greetings- I've run into what appears to be a bug in pfSense. When changing interface assignments, if those interfaces are part of a bridge, the bridge will not be updated. Instead a reboot is required, or going to each bridge affecting and re-saving it's parameters. A specific case I've

Re: [pfSense] Strange problems with pfSense 2.1.4

2014-08-11 Thread Tim Nelson
- Original Message - One, the problem first appeared with the Tranquilnet unit. Two, I forgot to mention that I noticed that the heat problem (it's hard to miss if you don't read the directions -- the units are almost hot enough to burn skin :) and am using a laptop cooler for

Re: [pfSense] HELP

2014-07-10 Thread Tim Nelson
- Original Message - Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 2. interface on LAN (lan ) - em1 -

Re: [pfSense] Extended link down state, no connectivity after link up

2014-06-27 Thread Tim Nelson
- Original Message - Greetings- I'm experiencing an odd situation. On a system running pfSense 2.1.3-RELEASE on i386 (6x Intel NICs, Intel G2030 CPU, 1GB RAM, etc), the use case lends the unit's LAN to be physically disconnected (think lab environment). If the interface is left

Re: [pfSense] Problems with pfsense on ProfitBrick

2014-04-14 Thread Tim Nelson
- Original Message - I'll put here the amount of info that I can before my server's security may be compromised. I want to install pfsense to an server that's hosted by ProfitBrick and using KVM as virtualization enviroment which may became a problem. It has two nics. One for WAN

[pfSense] Heartbleed and OpenVPN

2014-04-11 Thread Tim Nelson
Greetings- Hot on the heels of the OpenSSL debacle, and a fresh new release of pfSense (THANK YOU), I'm curious about the Heartbleed vulnerabilitie's actual surface attack area. All of the relevant information, reports, and PoC's are pointing at exploit only via an affected HTTPS webserver.

[pfSense] IPv6 - Subnetting/Routing with HE?

2013-09-27 Thread Tim Nelson
Alright, I understand IPv6 is a 'different animal'. BUT, I'm trying to do something that seems logical, but not working. Hoping someone can shed light on it? I have an IPv6 tunnel from Hurricane Electric. The /64 is routed to my GIF interface. I requested another /48 for assignment internally.

[pfSense] mPCIe Recommendations?

2013-02-11 Thread Tim Nelson
Greetings- I've just (unsuccessfully) tried setting up an Atheros AR5280 based mPCIe card for use with pfSense 2.0.2. The results were not spectacular. Errors included randomly dropping traffic, dropping carrier, and the infamous scrolling errors 'ath0: stuck beacon...'. So, I'm on a quest

Re: [pfSense] CARP Sync States - Not the same on both hosts?!?

2013-01-23 Thread Tim Nelson
- Original Message - On Tue, Jan 22, 2013 at 11:24 AM, Tim Nelson tnel...@rockbochs.com wrote: I have two hosts in a CARP setup, working as expected for failover. States are set to sync between the primary system and the secondary system. However, when I look at the state table

Re: [pfSense] CARP Master/Slave Status Change Notification

2013-01-22 Thread Tim Nelson
- Original Message - On 1/22/2013 9:27 AM, Vick Khera wrote: the SMTP alerts will tell you when a carp cluster change occurs, but no details on what exactly it was. On 2.1 the message is quite a bit more informative: Carp cluster member 192.168.x.y - (wan_vip241) has resumed

[pfSense] CARP Sync States - Not the same on both hosts?!?

2013-01-22 Thread Tim Nelson
Greetings- I have two hosts in a CARP setup, working as expected for failover. States are set to sync between the primary system and the secondary system. However, when I look at the state table of the slave system, it does not match that of the master system. For example, the master shows

[pfSense] CARP Master/Slave Status Change Notification

2013-01-21 Thread Tim Nelson
Greetings- I have an installation where two pfSense 2.x systems are configured with CARP IPs on 6 interfaces. This is working quite well after I resolved some OpenVPN oddities. CARP works as expected when simulating failure (link, power, etc). BUT, the question is, how do I know when a CARP

Re: [pfSense] 2.0.2 release now available

2012-12-21 Thread Tim Nelson
- Original Message - info here: http://blog.pfsense.org/?p=676 And just in time for insert your holiday preferrence here! Fantastic! Thanks for your amazing software, and brilliant work! --Tim ___ List mailing list List@lists.pfsense.org

Re: [pfSense] CARP Questions on pfSense 2.x

2012-12-05 Thread Tim Nelson
- Original Message - 1: You need 3 IPs in the same subnet. 2: For site-to-site i would honestly set up 2 separate tunnels (one on each WAN) and create an internal loadbalancer/failover pool for the other side via the two gateways of the openVPN tunnels. Thank you for the IP

Re: [pfSense] CARP Failover Initiation

2012-12-05 Thread Tim Nelson
- Original Message - On 12/5/2012 10:11 AM, Tim Nelson wrote: I've successfully setup 2x pfSense boxen with CARP. It is working properly, with ~1 second failover. The following test scenarios work well: -Unplugging a link (WAN, LAN, etc) -Causing system crash (kill -9 1

Re: [pfSense] pfSense 2.x on Dell 1950

2012-11-28 Thread Tim Nelson
- Original Message - I'm looking at possibly running a CARP setup between 2x Dell 1950's in a failover configuration. My perusal of the mailing list archives, and the pfSense forum seems to indicate they should work just fine, no 1950 specific issues on the latest pfSense releases.

Re: [pfSense] Multiwan

2012-08-08 Thread Tim Nelson
- Original Message - e.g. I will be getting an internal IP of 192.168.0.20, 0.102, 0.87 and then 1.101 for example, however all the 0.'s will have the same 0.1 gateway yet be totally different connections to the web… Not sure if that would matter… Every WAN needs to have a unique

Re: [pfSense] Odd CARP Question

2012-06-29 Thread Tim Nelson
- Original Message - I guess you could tcp dump on the sync interface. Or set the advertise frequency to something really high. If it switches to slave there is somewhere a higher priorised slave which became master. However a lot people are running CARP VIP's simply to get a

Re: [pfSense] Low(ish) cost pfSense platforms

2012-06-08 Thread Tim Nelson
- Original Message - Greetings list, For many years I've been deploying pfSense on ALIX boards. They've proven to be reliable and a good balance between cost and performance. Price in the UK is about 120 GBP (including PSU and chassis), which means that they're cost-comparable with

Re: [pfSense] can it be that having WAN on RFC1918 space fucks up site to site IPsec tunnel?

2012-06-01 Thread Tim Nelson
- Original Message - On Fri, Jun 01, 2012 at 02:36:21PM -0400, Sean Cavanaugh wrote: If provider is providing you NATed internet access...my best guess is you It's not NATed. They're rewriting the packet headers. The only NAT there is is our own. Isn't rewriting of the packet

Re: [pfSense] pfsense on sun v100 server

2012-05-10 Thread Tim Nelson
- Original Message - I was not aware of the fact the OpenBSD runs natively on Sun Server with SPARC architecture. It's because i bought the V100 few months ago, so that's why i would like to integrate it,...and with OpenBSD - of -course- are quite a few possibilities. Last I

Re: [pfSense] pfsense on sun v100 server

2012-05-10 Thread Tim Nelson
- Original Message - Op 10 mei 2012, om 22:09 heeft Tim Nelson het volgende geschreven: - Original Message - I was not aware of the fact the OpenBSD runs natively on Sun Server with SPARC architecture. It's because i bought the V100 few months ago, so that's why i

Re: [pfSense] pfsense on sun v100 server

2012-05-10 Thread Tim Nelson
- Original Message - Ooh, I have a bunch of E450s I'd love to give away! :-) (Shipping would still be expensive, though.) -Adam I gave my E450s and other Enterprise line stuff away a couple years back to another BSD project, and a local youngster interested in such things. Ah, the

Re: [pfSense] OpenVPN Status Package in 2.0.1...

2012-01-13 Thread Tim Nelson
- Original Message - - Original Message - On Thu, Jan 12, 2012 at 1:00 PM, Tim Nelson tnel...@rockbochs.com wrote: Greetings- I understand the functionality of the OpenVPN Status package from the 1.x versions is now integrated into the 2.x versions. *However

[pfSense] OpenVPN Status Package in 2.0.1...

2012-01-12 Thread Tim Nelson
Greetings- I understand the functionality of the OpenVPN Status package from the 1.x versions is now integrated into the 2.x versions. *However*, let's say... hypothetically a 1.2.2 config was uploaded to a fresh 2.0.1 installation, and the OpenVPN Status package XML(every package XML for that

Re: [pfSense] pfSense 2.0 - Filtering traffic on OpenVPN

2011-10-13 Thread Tim Nelson
- Original Message - On Thu, Oct 13, 2011 at 16:03, Tim Nelson tnel...@rockbochs.com wrote: I would expect it to work this way also. However, I've removed the OPT interfaces corresponding to the OpenVPN servers. Next, I've added one rule to 'Allow all traffic, any protocol, any

Re: [pfSense] pfSense 2.0 - Filtering traffic on OpenVPN

2011-10-13 Thread Tim Nelson
- Original Message - In 2.0 each interface is renamed in a unique way so you do not need dev tun or any similar entries in the options. You can assign the interfaces if you want (set an IP type of 'none' on them) and filter individually if you want, too. I run with two of mine

Re: [pfSense] Replacing a Linux router with pfSense

2011-09-21 Thread Tim Nelson
are pointed straight up(vertically), signal should be coming horizontally. This is an oversimplified view, but roughly correct. I'm not a wireless expert, but I hope these tips give you a few items to go on for better performance. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105