[pfSense] spd.conf and setkey

2014-02-12 Thread Erik Friesen
I have been trying to set up an ipsec vpn to only route from/to tcp port 80 and 440. The vpn sets up fine, but since there is no setting in the gui for ports, I have taken to hand trying some different SPDs. From the command line: setkey -FP - erases current spd's setkey -f filename - loads new

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread David Burgess
On Feb 11, 2014 5:55 AM, Jim Thompson j...@netgate.com wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim That's great news. Does anybody care to speculate whether FreeBSD will be able to take advantage

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Brian Caouette
What is the time frame for 2.2? On 2/11/2014 7:55 AM, Jim Thompson wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim On Feb 11, 2014, at 7:25, Eugen Leitl eu...@leitl.org wrote:

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 9:05 AM, David Burgess apt@gmail.com wrote: On Feb 11, 2014 5:55 AM, Jim Thompson j...@netgate.com wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim That's great

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Eugen Leitl
On Wed, Feb 12, 2014 at 08:05:17AM -0700, David Burgess wrote: That's great news. Does anybody care to speculate whether FreeBSD will be able to take advantage of the packet forwarding acceleration of this hardware at some point? IIRC you need NDAs for that, so unless it's cleanroom reversed

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
The reality is “when it’s done”. I’m hoping for “mid-May”. On Feb 12, 2014, at 9:28 AM, Brian Caouette bri...@dlois.com wrote: What is the time frame for 2.2? On 2/11/2014 7:55 AM, Jim Thompson wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 9:41 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 08:05:17AM -0700, David Burgess wrote: That's great news. Does anybody care to speculate whether FreeBSD will be able to take advantage of the packet forwarding acceleration of this hardware at some

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Eugen Leitl
On Wed, Feb 12, 2014 at 09:44:46AM -0600, Jim Thompson wrote: On Feb 12, 2014, at 9:41 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 08:05:17AM -0700, David Burgess wrote: That's great news. Does anybody care to speculate whether FreeBSD will be able to take

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread David Burgess
On Wed, Feb 12, 2014 at 8:30 AM, Jim Thompson j...@netgate.com wrote: you know it’s ipv4-only, right? (there should be a layer2 version as well, but you can’t run both.) If I had a choice between v4-only acceleration and no acceleration, I'd take the former. I'm using two of these devices

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 9:55 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 09:44:46AM -0600, Jim Thompson wrote: On Feb 12, 2014, at 9:41 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 08:05:17AM -0700, David Burgess wrote: That's great news. Does anybody

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Brian Caouette
Sounds good. Is there a planned feature list we can look forward too? On 2/12/2014 10:43 AM, Jim Thompson wrote: The reality is “when it’s done”. I’m hoping for “mid-May”. On Feb 12, 2014, at 9:28 AM, Brian Caouette bri...@dlois.com wrote: What is the time frame for 2.2?

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 12:16 PM, Brian Caouette bri...@dlois.com wrote: Sounds good. Is there a planned feature list we can look forward too? On 2/12/2014 10:43 AM, Jim Thompson wrote: The reality is “when it’s done”. I’m hoping for “mid-May”. On Feb 12, 2014, at 9:28 AM, Brian

Re: [pfSense] spd.conf and setkey

2014-02-12 Thread Ermal Luçi
You need to tell even racoon about this. On Wed, Feb 12, 2014 at 2:35 PM, Erik Friesen e...@aercon.net wrote: I have been trying to set up an ipsec vpn to only route from/to tcp port 80 and 440. The vpn sets up fine, but since there is no setting in the gui for ports, I have taken to hand

Re: [pfSense] IPSEC VPN - NAT in Phase 2 - NAT Rules?

2014-02-12 Thread Chris Buechler
On Tue, Feb 11, 2014 at 2:35 PM, Mark Street mstr...@alliancemed.org wrote: From the 2.1 book: If you need to perform NAT on your local IPs to make them appear as a different subnet, or one of your public IPs, you may do so using the NAT fields underneath Local Network. If you specify a single

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Eugen Leitl
On Wed, Feb 12, 2014 at 10:35:56AM -0600, Jim Thompson wrote: Can the blobs be reversed so easily? (Too bad about lack of IPv6 offloading, but we can live with that for a while, I guess). I don’t know. If you’re really curious, you can read this: