testing, but would also be good for admins to check whether they seem to have
gotten things configured correctly.
On 2013-Mar-20, at 2:51 AM, mayak-cq ma...@australsat.com wrote:
On Tue, 2013-03-19 at 23:19 -0700, Bryan D. wrote:
I've searched both
-if capability to be added to pfSense. While I'm a little surprised
that something like this doesn't already exist, given its obvious value, I'd
also guess that it'd be a rather involved task.
On 2013-Mar-20, at 11:16 AM, Jim Pingle li...@pingle.org wrote:
On 3/20/2013 1:58 PM, Bryan D. wrote
I hope I'm not just having a senior's moment, but I can't find any place on
the GUI where the OpenVPN server's keepalive option is set but one is being
generated in the server config file.
I'm running pfSense 2.1 release. Couldn't find an answer via the pfSense
forums or via Mr. Google nor
I have a problem that I've been unable to make much progress with and could use
some suggestions on how to proceed.
The problem is that whenever the WAN interface link on the pfSense box goes
down, pfSense goes into some sort of loop/run-away condition and requires a
reboot. This problem is
On 2014-Feb-19, at 6:17 AM, Jim Pingle li...@pingle.org wrote:
Try pfSense 2.1.1. There were some issues with link cycling in certain cases
that you might be hitting which were fixed on 2.1.1.
On 2/19/2014 2:07 AM, Bryan D
understand why routing doesn't take care of it and why NAT is
required for certain things to work, but this was the only way I could get it
to work in my setup. Of course, I'd like to be educated if someone has an
On 2014-Feb-26, at 11:41 AM, Muhammad
On 2014-Mar-02, at 11:52 PM, Ryan Coleman ryanjc...@me.com wrote:
How do I set up multiple static addresses? I used Virtual IP to create x.2
and I can ping it internally but not externally.
I’ve tried using guides I’ve found online but I cannot seem to get them to
What I want to
PiBA was correct: only the WAN rule is required for pings (learn something new
every day!). My testing was via an outside network as pings always work
internally, with our setup.
Previously you wrote:
I’ve done this, but I won't route traffic out (NAT) until I have verifiable
On 2014-Mar-19, at 2:24 AM, A Mohan Rao mohanra...@gmail.com wrote:
i have configured openvpn road warrior also client is properly connected
from outside internet network.
but not able to access server end network and servers's.
can anybody give any help where is do any
I have an issue that I've been unable to solve and could use some suggestions
(or confirmation that it can't be done).
The problem is that I can only access IPs on the other side of a VPN connection
via a static route when on one of our LANs. Here's an overview of the
On 2014-Apr-20, at 12:33 AM, Volker Kuhlmann list0...@paradise.net.nz wrote:
Ever since upgrading to pfsense 2.1 I have been let down by it. It looks
like there are multiple issues and I am trying to separate them. One is
system suicide by memory gobbling - but it's been a little tricky to
On 2014-Apr-21, at 6:28 AM, Jim Pingle li...@pingle.org wrote:
The Spoofed MAC address issue was a problem in the past with certain
drivers that sounds very similar because it got into a chicken-and-egg
scenario that went a little something like this:
* pfSense sets the MAC
to know to route all
traffic for 10.0.0.1/24, 192.168.10.0/24, 192.168.20.0/24, and possibly
172.16.0.0/24 over the VPN connection).
I've put up a bunch of stuff on iOS VPN with pfSense that could be of some help
On Wed, Dec 24, 2014 at 5:15 AM, Lorenzo Milesi max...@ufficyo.com wrote:
Hi. Is it possible to route OpenVPN clients to the available IPSec routes?
I currently have 3 IPSec tunnels on my pfSense, and seldomly I need to access
those routes outiside my office. Is it possible to do so?
On 2015-Jan-19, at 8:28 PM, Mark Wass m...@market-analyst.com wrote:
I've checked my WAN firewall rules and can see that the Wizard has added an
open port to 1196 in the rules.
Is there some sort of rule that does not allow me to have multiple OpenVPN
servers running? I have 3
On 2015-Jan-19, at 1:48 PM, Jeremy Porter jpor...@electricsheepfencing.com
The configuration your trying to use in pfsense is TLS Authentication,
which is a static (shared) TLS key.
In the Server Mode box, you need to select SSL/TLS or SSL/TLS User
You will need to
I have a relatively low-traffic pfSense 2.1.5 i386 setup on a system with 1.5
GB of memory that always shows 50% used.
This setup has normally been reliable but, since upgrading to 2.1.5, today is
the 4th time I've run into a problem after making changes to some aliases. For
some reason that
I think this issue has been solved:
- issue was errors similar to:
[ There were error(s) loading the rules: pfctl: DIOCADDRULE: Invalid argument -
The line in question reads : ]
and/or an error indicating that it can't allocate memory (but there's over 50%
of the memory reported as
We've had a pfSense-to-pfSense always on IPsec VPN connecting 2 offices since
2008 (pfSense 1.2 IIRC) and it's:
- been ultra reliable (if VPN is down, suspect ISP issue or pfSense box failure)
- it's been quick to connect (about 1 second, almost unnoticeable)
- it's worked across numerous
On 2015-Mar-09, at 3:34 AM, Matthias May matth...@may.nu wrote:
A CARP address has it's own MAC. The IP alias shares the MAC of it's parent
If you change this while running, your upstream routers/switches will have
the wrong MAC address for your IP cached.
Sending a GARP might
On 2015-Mar-05, at 11:46 AM, Chris Buechler c...@pfsense.com wrote:
The description of what's enabled/disabled got confused from Jim's
earlier post I think. LRO and TSO are both disabled by default,
hardware checksum offloading is enabled by default.
Just for the record, Jim's message ended
I have a v2.2 64-bit config running on a Core2 Duo system. The config uses a
number of aliases (including aliases that include other aliases, etc.). Rules
are based upon the aliases (du-oh!).
PROBLEM: if I change the name of 1 of the IP aliases, the name of the
corresponding table doesn't
... which means that it's likely to get
Thanks, again, to all who participated.
On 2015-Mar-09, at 6:57 AM, Jim Pingle li...@pingle.org wrote:
On 03/08/2015 06:50 PM, Bryan D. wrote:
My interpretation of the nice chart and notes on
On 2015-Mar-08, at 3:53 PM, Espen Johansen pfse...@gmail.com wrote:
I beleive the key to this is proxy arp.
8. mars 2015 23:50 skrev Bryan D. pfse...@derman.com:
While we're on the topic, I have a functioning v2.2 setup that uses a /29
set of static IPs:
- 1 IP
On 2015-Mar-09, at 2:38 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:33, Bryan D. wrote:
So, for what I'm doing, an IP Alias VIP seems like it should work where a
CARP VIP works -- but it doesn't appear that a Proxy ARP VIP should, since I
think I'm using them
On 2015-Mar-09, at 3:05 AM, Chris L c...@viptalk.net wrote:
On Mar 9, 2015, at 2:56 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:51, Bryan D. wrote:
So it sounds like the IPsec and OpenVPN traffic would be such traffic?
IPSEC traffic is addressed *to* the firewall
On 2015-Mar-09, at 2:56 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 09:51, Bryan D. wrote:
So it sounds like the IPsec and OpenVPN traffic would be such traffic?
IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp
500 is, since it is received
On 2015-Mar-09, at 3:11 AM, Chris L c...@viptalk.net wrote:
On Mar 9, 2015, at 3:07 AM, Brian Candler b.cand...@pobox.com wrote:
On 09/03/2015 10:05, Chris L wrote:
Are you saying you want different clients' IPSEC tunnels to terminate on
different public IP addresses on the firewall WAN
While we're on the topic, I have a functioning v2.2 setup that uses a /29 set
of static IPs:
- 1 IP is the gateway address and 5 IPs are usable (quite common, I believe)
- one of the usable IPs is assigned to the WAN interface
- the other 4 usable IPs are assigned to VIPs
- the WAN IP and VIPs
On 2015-Mar-23, at 7:34 AM, Christopher CUSE cc...@ccuse.com wrote:
just got dropped again -- fourth time in last few hours -- something is
upgraded all my pfsenses to 2.2.1 over the weekend.
For me, the VPN drops in the absence of end-to-end traffic ... within
benefit, I've submitted a slightly
edited/formatted version of this to be included in the WiKi's applicable
pfSense documentation page.
pfSense mailing list
On 2015-Mar-04, at 2:08 PM, Jim Thompson j...@netgate.com wrote:
On Mar 4, 2015, at 2:02 PM, Bryan D. pfse...@derman.com wrote:
On 2015-Mar-04, at 6:20 AM, compdoc comp...@hotrodpc.com wrote:
For me, what happens after enabling or disabling those settings are
FWIW, since my original report, I've noticed some other things:
- since it's not yet deployed, the v2.2.1 (at both ends) site-to-site IPsec
VPN has only 1 laptop and 1 wireless access point on the LAN and virtually
nothing else happening on the WAN (it's tied to a cable modem)
- the condition,
On 2015-Mar-23, at 5:24 PM, Chris Buechler c...@pfsense.com wrote:
There's nothing to go on to offer any worthwhile suggestions. IPsec
logs best place to start.
If you can be more specific, I'll try to help. Sorry, but I don't have enough
background with IPsec to ferret things out on my
On 2015-Apr-11, at 12:51 AM, Fabian Wenk fab...@wenks.ch wrote:
I had a similar problem, but already when switching from 2.1.x to 2.2. I got
it working again with not selecting any interface(s) in the NTP Server
I've created a bug report
On 2015-Sep-04, at 1:18 PM, David Hatch wrote:
> We are having all the same symptoms above. All of our firewalls are
> running 2.2.4. Everything that has 2 phase 2 entries is on IKE v2. ...
> Has anyone figured this out? ... nothing I can do will fix it short of pining
On 2015-Sep-15, at 6:18 AM, Ray Bagby wrote:
>Anyone have any luck connecting iphone via VPN?
You can also see:
pfSense mailing list
On 2015-Sep-15, at 11:39 PM, Andrej Ferčič [PCklinika]
> I am sure that this issue has been already discussed, but I can not find any
> arhive. So, please give me some directions where to search or any link to
> thread containig the following:
On 2016-Jun-17, at 2:02 PM, Peder Rovelstad wrote:
> This help? https://forum.pfsense.org/index.php?topic=8640.0
Thanks, but I don't see anything there that tells me what the current packages
are for pfSense 2.3.1 Update 5 (i.e., without having to first install pfSense
How does one determine the currently supported packages for the current
released version of pfSense without installing pfSense, first.
I did find https://doc.pfsense.org/index.php/Features_List but, since there's
no stated pfSense version associated with the page and since I've found it to
On 2016-Jun-17, at 4:03 PM, Steve Yates wrote:
> I suspect package compatibility is not maintained on per-pfSense-version
> basis. Meaning, packages worked on 2.x up until the package changes on 2.3,
> and probably will work on into the future until the next breaking change.
On 2016-Jun-17, at 2:35 PM, compdoc wrote:
> I think this is complete:
Thanks. Looks like I can proceed with an update to 2.3.
Regardless, I still think there should be a way to authoritatively determine
this info via the pfSense web site -- ideally, for all
On pfSense 2.2.6, I switched from dnsmasq to unbound.
Resolver/unbound is configured for DNSSEC (i.e., no forwarding) and has about
150 overrides to function as our internal/split DNS (with 5 domain overrides
for internal/private-address reverse lookups). The "Network Interfaces"
On 2016-May-10, at 10:14 AM, WebDawg wrote:
> Usually the only thing that you
> can do in this situation is put your connection at its lowest setting
> and control the connection from there. The problem with this is that
> the connection will always be this lowest speed.
I'm in the process of enabling IPv6 on a working IPv4 3-LAN, 2-WAN setup using
pfSense 2.2.6 (I'm also in the process of testing 3.0 and did a cursory test
and got the same results with our 3.0 test setup). We're getting IPv6 via a
Hurricane Electric tunnel.
There are 3 LANs each with a /24
> Good day,
> I have an issue routing related..
> I found that page:
> It represent exactly what I'm having as issue..
> I did
On 2016-Aug-16, at 8:47 AM, Gé Weijers wrote:
> Trying to define a pfBlockerNG IPv6 alias for the US. It seems that the
> GeoIP database has over a million entries, which causes a crash
> Any idea why the US ranges are this humongous?
I use pfBlockerNG and
On 2016-Aug-21, at 5:50 AM, Paul Mather wrote:
> Even on that page it's incorrect to say it "only" offers the XG-2758. That's
> the only one they show in the main table on that page ...
There's likely good science behind the fact that nearly all e-stores will
Applying the suggested "Custom Options" to the Unbound/DNS Resolver
configuration in pfSense 2.2.6 does not work, with logs indicating that
"forward-ssl-upstream" is invalid.
I tried various incantations using
On 2018-Apr-04, at 10:05 PM, Dave Warren wrote:
> I can also confirm that 184.108.40.206@853 does work here which re-enforces that
> this is a Cloudflare specific issue.
So it looks like the following config works on pfSense 2.2.6's unbound/DNS
Resolver (so should work with
On 2018-Apr-05, at 10:47 PM, Dave Warren wrote:
> Cloudflare has pushed an update, and things seem to be working from here. For
> those having issues, try again now?
Thanks for the "heads up." Works for me, also (i.e., on pfSense 2.2.6
configured as stated in previous
Mail list logo