Re: [pfSense] Wireless Issues

2011-09-24 Thread Chris L
On Sep 23, 2011, at 11:45 PM, Chris Brennan wrote: I've got pfSense 2.0 running and for the wired side of my LAN, it works fine. The problem is my Wireless LAN. I can associate just fine, but none of my wireless devices (Blu-Ray Player, Sony TV, iPod, Android Phone) cannot browse to the

Re: [pfSense] Wireless Issues

2011-09-24 Thread Chris L
On Sep 24, 2011, at 12:07 AM, Chris Brennan wrote: On Sat, Sep 24, 2011 at 2:52 AM, Chris L c...@viptalk.net wrote: Umm. On the wireless clients, check: Assigned addresses Assigned netmask Assigned default gateway Assigned DNS servers There's not much more to it. Yes, all

Re: [pfSense] Wireless Issues

2011-09-24 Thread Chris L
On Sep 24, 2011, at 8:22 AM, Chris Brennan wrote: On Sat, Sep 24, 2011 at 3:34 AM, Chris L c...@viptalk.net wrote: Yes, all the clients are assigned IP's via DHCP, so that wouldn't matter anyway. It matters if they're given wrong info. I've double-checked and even triple-checked all

Re: [pfSense] Wireless Issues

2011-09-24 Thread Chris L
On Sep 24, 2011, at 5:29 PM, Chris Brennan wrote: Oh and here is a screenshot of my Wireless firewall settings - http://i.imgur.com/wFgnn.png, If more information is needed, please, let me know and I will provide it. Are you trying to use the same IP network on the Wireless interface as

Re: [pfSense] Wireless Issues

2011-09-25 Thread Chris L
On Sep 24, 2011, at 11:44 PM, Chris Brennan wrote: On Sun, Sep 25, 2011 at 1:58 AM, Chris Brennan xa...@xaerolimit.net wrote: As far as I know, it is bridged. I was looking around today but I couldn't find any kind of bridging interface in the pfsense GUI. I'm not home right now, but will be

Re: [pfSense] Wireless Issues

2011-09-25 Thread Chris L
On Sep 25, 2011, at 12:48 PM, Chris Brennan wrote: On Sun, Sep 25, 2011 at 3:30 PM, Chris L c...@viptalk.net wrote: It doesn't make sense to me to have the LAN interface in two different bridge groups. If you want LAN, WLAN, and OPT1 in the same bridge, why not put them in one bridge

[pfSense] PPTP Firewall Rules

2012-02-14 Thread Chris L
pFsense 2.0.1 I just had some trouble getting inbound PPTP sessions to work. Configured it, created a user, created a rule allowing PPTP traffic to the destination LAN, and couldn't connect from the outside because the server would not respond and the connection would time out. I checked the

Re: [pfSense] [Filters engaged]

2013-10-09 Thread Chris L
On Oct 9, 2013, at 3:20 PM, Joe Landman land...@scalableinformatics.com wrote: I just worked out setting up new filters for the recent S/N destroying, high tin-foil-hat content, on gmail. Since people pleading for this to go away hasn't worked, technological measures to restore S/N for my

Re: [pfSense] naive suggestion: conform to US laws

2013-10-12 Thread Chris L
On 2013-10-12 01:40, Jim Thompson wrote: I'm not willing to endure this uninformed Alex Jonesian crapfest. Nice position to take, except Alex Jones was right. ___ List mailing list List@lists.pfsense.org

Re: [pfSense] newsyslog: No such file or directory

2013-10-17 Thread Chris L
On Oct 17, 2013, at 6:43 AM, Andreas Meyer anme...@anup.de wrote: Vick Khera vi...@khera.org wrote: curious. i have email notifcations on, but I do not receive errors from cron. i wonder why. the newsyslog binary seems to not be on the system. normally on freebsd it is in /usr/sbin.

Re: [pfSense] issue a STARTTLS command

2013-10-17 Thread Chris L
On Oct 17, 2013, at 3:31 AM, Andreas Meyer anme...@anup.de wrote: Warren Baker war...@decoy.co.za wrote: On Thu, Oct 17, 2013 at 11:43 AM, Andreas Meyer anme...@anup.de wrote: I thougt if I set Notification E-Mail auth username (optional) with the password, some kind of SASl is used. If I

Re: [pfSense] Very slow printing when 2 of pfSense on network

2013-10-24 Thread Chris L
On Oct 24, 2013, at 1:16 PM, Pete Boyd petes-li...@thegoldenear.org wrote: From what you've given me I've managed to fix the printing issue by making this alteration on Windows workstations: Windows Firewall - Advanced - ICMP - Settings - [*] Allow redirect I'm going to investigate the

Re: [pfSense] Apple Messages Blocked

2014-01-15 Thread Chris L
On Jan 15, 2014, at 2:29 PM, Paul Galati paulgal...@gmail.com wrote: I must have something misconfigured. Since I was not able to successfully create the right NAT and/or RULES to make this work, I decided to change the IP address of the client behind the pf firewall to a static address

Re: [pfSense] Captive Portal Bug in 2.1.1

2014-02-25 Thread Chris L
You could look at the commit below, download the appropriate /etc/inc/captiveportal.inc file, and manually apply it. No need to reinstall firmware for one change to one file. On Feb 24, 2014, at 2:45 PM, Brian Caouette bri...@dlois.com wrote: OK but you said it was fixed for latest snapshot.

Re: [pfSense] Captive Portal questions - Interstitial page

2014-02-28 Thread Chris L
I don’t think so. Your remote system will not have access to the things pfSense needs to add the captive portal bypass entries to ipfw. Namely the MAC address associated with the IP Address. A RADIUS Server could be remote. On Feb 27, 2014, at 8:17 AM, Ryan Coleman ryanjc...@me.com wrote:

Re: [pfSense] pfSense version 2.1.1 has been released

2014-04-07 Thread Chris L
Does “custom screens” mean customizations to index.php as well? captiveportal.inc and index.php always get whacked in an upgrade. On Apr 7, 2014, at 10:46 AM, Brian Caouette bri...@dlois.com wrote: I love the CP. Have some nice customs screens made up for it. Not sure what happen. On

Re: [pfSense] blog.pfsense.org OCSP lookup fails

2014-05-11 Thread Chris L
On May 11, 2014, at 7:21 AM, Angus Scott-Fleming an...@geoapps.com wrote: I was trying to read a post at https://blog.pfsense.org/ but Firefox reports an OCSP failure at this site. Problem loading page https://blog.pfsense.org/?p=1287 Secure Connection Failed An error

Re: [pfSense] pfsense 2.1.3 and IPv6 problem

2014-05-14 Thread Chris L
Instead of generic, local ifconfig information, it might be more beneficial to concentrate on a specific site that isn’t working and work back from there. If you fix one, you might just fix them all. In dual-stack, I have found that the problem is usually receiving a good record when

Re: [pfSense] pfsense 2.1.3 and IPv6 problem

2014-05-14 Thread Chris L
expected (HTTP 1.1) and indicates it’s all working as it should. Note that the nameserver at 192.168.223.1/2001:470:f00e:223::1 is pfsense 2.1.3 with an IPv4 connection and an HE tunnel over that. What do you get? See Also: www.whatismyipv6.com regards, Radim On 14/05/14 10:06, Chris L

Re: [pfSense] pfsense 2.1.3 and IPv6 problem

2014-05-15 Thread Chris L
On May 15, 2014, at 7:15 AM, R. Svejda r...@balsec.com wrote: On 14/05/14 17:55, Chris L wrote: On May 14, 2014, at 2:51 AM, R. Svejda r...@balsec.com wrote: Hi Chris generally full agreement with your suggestion, but that's not my problem. Same IPv6 setup works well with the very

Re: [pfSense] Poweredge 2850

2014-05-20 Thread Chris L
Citrix XenServer is worth a look too. On May 20, 2014, at 11:03 AM, Ryan Coleman ryanjc...@me.com wrote: Same here - 4 servers around the country running it. On May 20, 2014, at 12:57, Doug Lytle supp...@drdos.info wrote: What software is available to do virtual machines? I'm

Re: [pfSense] vmware

2014-05-28 Thread Chris L
I call [OT] Please read a manual / move to an ESXi list. On May 28, 2014, at 8:34 AM, Brian Caouette bri...@dlois.com wrote: virtual switch? On 5/28/2014 11:18 AM, Doug Lytle wrote: With a hardware configuration of two nics wan/lan how does each vm use them? On my home ESXi system, the

Re: [pfSense] Network Topology - Home Lab

2014-06-29 Thread Chris L
On Jun 28, 2014, at 11:18 PM, Jonatas Baldin jonatas.bal...@gmail.com wrote: Hi guys, how are you doing? I hope someone can bring me some lights here haha I know this thread isn't about pfSense specific, it's more a network discussion, but I know someone here can help! Plus, if you know

[pfSense] Hang Outs

2014-07-03 Thread Chris L
Is there an official way to request/suggest hangout topics? I’d love to see “Traffic Shaping with HFSC ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Crash Dump Analysis?

2014-08-19 Thread Chris L
Looks like this is the crucial text from the dump: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x420 fault code = supervisor read data, page not present instruction pointer = 0x20:0x8023be83 stack pointer =

Re: [pfSense] pfsense DNS routing issue

2014-09-24 Thread Chris L
On Sep 24, 2014, at 8:58 AM, Ehsan Sabri ehsa...@gmail.com wrote: Hey everyone, I hope you are well. I am having some issues in connecting to the internet to install packages using my pfsense box [2.1.5-RELEASE] and was looking for some help if possible. I have 1 WAN (with gateway) and 2

Re: [pfSense] NIC support

2014-10-15 Thread Chris L
On Oct 15, 2014, at 12:59 AM, Ulrik Lunddahl u...@proconsult.dk wrote: Will A SMB without L3 capable switches, that needs routing between 3-4 local subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as possible, be happy with a C2758. ? Very. Is a dual socket

Re: [pfSense] pfsense h/w

2014-10-23 Thread Chris L
On Oct 23, 2014, at 9:06 AM, Jim Thompson j...@netgate.com wrote: We don't release the tuning info, and, incredibly, a couple people a month write in demanding it. Does this mean there’s a special, hardware-specific version of pfSense (or a package or ?) or is the tuning in the hardware

Re: [pfSense] pfsense h/w

2014-10-23 Thread Chris L
On Oct 23, 2014, at 1:13 PM, Adam Thompson athom...@athompso.net wrote: On 14-10-23 03:06 PM, Chris L wrote: We don't release the tuning info, and, incredibly, a couple people a month write in demanding it. Does this mean there’s a special, hardware-specific version of pfSense

Re: [pfSense] Vlan Question

2014-10-29 Thread Chris L
On Oct 29, 2014, at 10:54 AM, Jon Munford jon.munf...@nlcsd.org wrote: I have an internet vlan that is Vlan 10. Right now I have the traffic tagged on my L3 switch and PFsense and all is working well. My issue is that my internet filter that sits between the two needs to have an untagged

Re: [pfSense] Vlan Question

2014-10-29 Thread Chris L
, Oct 29, 2014 at 12:59 PM, Chris L c...@viptalk.net wrote: On Oct 29, 2014, at 10:54 AM, Jon Munford jon.munf...@nlcsd.org wrote: I have an internet vlan that is Vlan 10. Right now I have the traffic tagged on my L3 switch and PFsense and all is working well. My issue is that my

Re: [pfSense] Limit bandwith pr user / ip

2014-11-01 Thread Chris L
On Nov 1, 2014, at 4:07 PM, Morten Christensen mc-m...@g.mc.cx wrote: I am going to setup pfSense as gateway/firewall in front of a small wireless broadband system with 10 to 20 houses connected. We want to prevent one single house from taking up all bandwith, when other users can use

Re: [pfSense] Limit bandwith pr user / ip

2014-11-02 Thread Chris L
On Nov 1, 2014, at 11:15 PM, Vassilis V. bigracc...@gmx.net wrote: Thank you Chris! Since I am interested in this too, are there any tricks when you want to do the same but you have a multi-WAN setup, or ,probably even worse, a multi-WAN setup with different WAN bandwidth? With

Re: [pfSense] secure management access on transparent bridge firewall

2014-12-08 Thread Chris L
Management VLAN. On Dec 8, 2014, at 9:08 AM, Richard Lussier richard.luss...@inter-node.com wrote: Hi, We are providing Internet access to coop housing (50 units) We have a transit access to the exchange via Fiber and a /26 public IPV4 addresses. I purchased a Netgate C2758 router to

Re: [pfSense] Aliases are auto-deleted

2014-12-09 Thread Chris L
On Dec 9, 2014, at 1:13 PM, Volker Kuhlmann list0...@paradise.net.nz wrote: Is this why gateway monitoring is active by default? I'd have guessed most pfsense installs to be single WAN. What would gw monitoring be useful for then? Nothing could be done about the Internet going offline. It’s

Re: [pfSense] Aliases are auto-deleted

2014-12-09 Thread Chris L
On Dec 9, 2014, at 2:04 PM, Volker Kuhlmann list0...@paradise.net.nz wrote: On Wed 10 Dec 2014 07:39:36 NZDT +1300, Ryan Clough wrote: I, too, am using aliases which do not retain domain names or IP addresses. I opened https://redmine.pfsense.org/issues/4087 What happens is that a rule

Re: [pfSense] Client-Side 1:1 NAT for IP address conflicts w/ VPN

2014-12-09 Thread Chris L
On Dec 9, 2014, at 8:53 PM, Karl Fife karlf...@gmail.com wrote: In the wild, I'm seeing a an increasing number of crappy consumer/ISP routers with subnets that conflict with ours (10../8). Comcast appears to be a common offender, curiously allocating the largest private subnet to their

Re: [pfSense] Very slow traffic from other VM's through pfSense 2.2RC on XenServer

2014-12-27 Thread Chris L
On Dec 27, 2014, at 3:25 PM, Morten Christensen mc-m...@g.mc.cx wrote: Den 22-12-2014 kl. 20:43 skrev Morten Christensen: Den 20-12-2014 23:33, Morten Christensen skrev: I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver Creedence beta 3. Both have a pfSense 2.2 RC as

Re: [pfSense] Enforcing policy routing gateway

2015-01-20 Thread Chris L
On every rule that specifies a gateway, set a mark on the traffic then block the traffic with the mark on the interface(s) you don’t want it to egress. Say you have GW_WAN1 and GW_WAN2. On the rule that policy routes traffic out GW_WAN2, make the rule also set a mark of WAN2_ONLY. Then make a

Re: [pfSense] Multi-WAN port forwarding

2015-02-12 Thread Chris L
SIP is UDP, not TCP. On Feb 12, 2015, at 12:33 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Morning all. I have a question I hope someone can help me with. I have my PFSense server with 3 WAN connections, load balanced and I need to start forwarding ports, specifically SIP

Re: [pfSense] New pfSense 2.2 install

2015-01-29 Thread Chris L
On Jan 29, 2015, at 8:53 AM, compdoc comp...@hotrodpc.com wrote: The link I'm working with is: http://www.malwaredomainlist.com/hostslist/ip.txt When an alias is created with this url, do you know where the list is stored on pfSense? I just want to see if I've created the alias

Re: [pfSense] 2.2 Packages

2015-01-30 Thread Chris L
On Jan 30, 2015, at 12:07 PM, Brian Caouette bri...@dlois.com wrote: Where is a good place to monitor for package updates for 2.2? I had to revert back to 2.1.5 after a fatal error shut me down. I have had pretty good success getting an RSS feed on the 2.1 branch of the main pfsense

Re: [pfSense] 2.2-RELEASE (i386) - FTP passive mode broken

2015-02-09 Thread Chris L
On Feb 9, 2015, at 9:18 AM, Sergii Cherkashyn ser...@accurategroup.com wrote: After pfSense upgrade to 2.2, clients’ connection to FTP server is broken. On the server side we see that the server tells the client to connect to port in 5000-5050 range per our settings, but the

Re: [pfSense] How to change driver for NIC

2015-01-04 Thread Chris L
On Jan 4, 2015, at 1:42 PM, Morten Christensen mc-m...@g.mc.cx wrote: Den 04-01-2015 kl. 18:57 skrev compdoc: Is it impossible to try to improve on pfSense 2.2's problem in pfSense You might not be the only person having the problem, but I haven't researched to know for sure.

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Chris L
On Mar 9, 2015, at 2:56 AM, Brian Candler b.cand...@pobox.com wrote: On 09/03/2015 09:51, Bryan D. wrote: So it sounds like the IPsec and OpenVPN traffic would be such traffic? IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp 500 is, since it is received by

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Chris L
On Mar 9, 2015, at 3:07 AM, Brian Candler b.cand...@pobox.com wrote: On 09/03/2015 10:05, Chris L wrote: Are you saying you want different clients' IPSEC tunnels to terminate on different public IP addresses on the firewall WAN side? That I've never tried, and I don't know if it's

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Chris L
On Mar 9, 2015, at 2:38 AM, Brian Candler b.cand...@pobox.com wrote: On 09/03/2015 09:33, Bryan D. wrote: So, for what I'm doing, an IP Alias VIP seems like it should work where a CARP VIP works -- but it doesn't appear that a Proxy ARP VIP should, since I think I'm using them by the

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Chris L
On Mar 9, 2015, at 3:01 AM, Bryan D. pfse...@derman.com wrote: On 2015-Mar-09, at 2:43 AM, Chris L c...@viptalk.net wrote: On Mar 9, 2015, at 2:38 AM, Brian Candler b.cand...@pobox.com wrote: On 09/03/2015 09:33, Bryan D. wrote: So, for what I'm doing, an IP Alias VIP seems like

Re: [pfSense] Setup Question - Routing

2015-03-24 Thread Chris L
On Mar 24, 2015, at 5:46 PM, Walter Parker walt...@gmail.com wrote: Using a chart like http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf you can see the different /28 and /29 subnets that exist on a /24 network. You would bind the .248/29 network to the WAN

Re: [pfSense] Setup Question - Routing

2015-03-24 Thread Chris L
On Mar 24, 2015, at 5:12 PM, Joseph H jharde...@cirracore.com wrote: I have a buddy and he wants to use pfSense as his firewall to protect his devices and also provide a gateway for customers. And he has asked me if I know of a good way to set this up, so I decided to ask the list He

Re: [pfSense] CARP sync of skew results in blank Status on backup router, breaking failover

2015-03-25 Thread Chris L
On Mar 24, 2015, at 9:47 AM, Steve Yates st...@teamits.com wrote: I'm going to start a new thread since I think this is a different issue. I have a rule to allow all IPv4 from PFSYNC net to PFSYNC net. That network is on a VLAN with only those two interfaces on it.

Re: [pfSense] how to get to CARP settings in 2.2?

2015-02-28 Thread Chris L
To set up the actual CARP VIPs you go to Firewall Virtual IPs then create a VIP of type CARP. That’s where you set the freq, skew, etc. On Feb 28, 2015, at 7:18 AM, Vick Khera vi...@khera.org wrote: I must be totally blind here, but I cannot get to CARP configuration settings on my 2.2

Re: [pfSense] best way to change WAN interface after migration

2015-04-11 Thread Chris L
On Apr 11, 2015, at 11:58 AM, Espen Johansen pfse...@gmail.com wrote: In the past I have edited a config backup and restored it. Maybe there are better ways, but find and replace in a editor does the trick :-) Brgds, Espen Be careful you don’t match anything in any certificates and keys

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

2015-07-25 Thread Chris L
On Jul 24, 2015, at 5:18 PM, Ted Byers r.ted.by...@gmail.com wrote: On Fri, Jul 24, 2015 at 6:29 PM, Chris Buechler c...@pfsense.com wrote: On Fri, Jul 24, 2015 at 5:20 PM, Ted Byers r.ted.by...@gmail.com wrote: This is an external scan. We forward ports such as 443 and 22 to specific

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

2015-11-13 Thread Chris L
On Nov 13, 2015, at 7:09 AM, David White wrote: > > I have a unique scenario: > > The higher ups require a multi-wan high availability setup, but assuming > both ISPs are working, some traffic is required to use 1 ISP and some > traffic is required to use the other. > >

Re: [pfSense] Lost limiter config after upgrade

2015-12-15 Thread Chris L
Yeah there’s a difference between the upgrade fails and the upgraded system just doesn’t work with limiters. It seems either traffic just doesn’t flow or limiters don’t limit. I am really looking forward to this being fixed. Until then, 2.1.5 rules the roost. It’s a pretty sad state. > On

Re: [pfSense] changes made in web GUI not sticking, yet claims "saved".

2016-10-05 Thread Chris L
Check that the users/groups do not have the User - Config:Deny Config Write privilege set. > On Oct 5, 2016, at 10:42 AM, Rodrigo Cunha wrote: > > Hello greg, send for this list a checksun this pfsense iso, i have pfsense > but i not have this problems. > I have

Re: [pfSense] pfsense + carp + ha

2016-11-16 Thread Chris L
That should probably be considered an available workaround to get you out of a jam until the real problem can be fixed. If it’s worth doing HA at all, it’s worth doing right. Use a matching set of HA nodes. > > 2016-11-16 7:14 GMT+02:00 Chris L <c...@viptalk.net>: > >>>

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Chris L
> On Nov 15, 2016, at 1:50 PM, Eero Volotinen wrote: > > same ports? you mean that same port assigment and nic can be different type? > > eero No. Hardware should be as identical as possible. 100% identical is best. If LAN is em0 on one side, it must be em0 on the

Re: [pfSense] IPsec NAT/BINAT not working

2017-08-22 Thread Chris L
On Aug 22, 2017, at 8:09 AM, Kilian Ries wrote: > > Hi, > > > my setup is the following: > > > Site A: > > Lan: 192.168.100.0/24 > > Lan_IP: 192.168.100.1 > > Transfer: 10.2.81.0/24 > > Transfer_IP: 10.2.81.1 > > > Site B: > > Lan: 10.2.82.0/24 > > Lan_IP:

Re: [pfSense] Host Overrides in Services/DNS Forwarder not working until manual restart of DNS Forwarder Service

2017-05-14 Thread Chris L
Maybe this: "Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS.” > On May 13, 2017, at 9:08 AM, Stefan Baur > wrote: > > Hi, > > I'm seeing this on

Re: [pfSense] Multiple DMZs isolated from each other

2017-06-26 Thread Chris L
> On Jun 26, 2017, at 5:27 PM, Jeppe Øland wrote: > > Well, at least that matches what I found: That I can't get connections to > the internet working without allowing everything else too. > > That seems like a pretty bad design... It would be much better to be able > to

Re: [pfSense] two GWs in WAN, correct static routes to second GW however deault is used and second GW ignored

2017-05-28 Thread Chris L
Oleg - WAN interfaces (interfaces with a gateway set on them) are treated differently. The rule set forces all connections out that interface to a specific gateway (the interface gateway) with route-to. You can add floating pass rules on WAN in the outbound direction to the destinations on

Re: [pfSense] two GWs in WAN, correct static routes to second GW however deault is used and second GW ignored

2017-05-29 Thread Chris L
gt; Thank you! > > Oleg > > > On 28. mai 2017 22:05, Chris L wrote: >> Oleg - >> >> WAN interfaces (interfaces with a gateway set on them) are treated >> differently. >> >> The rule set forces all connections out that interface to a spe

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

2017-10-12 Thread Chris L
it with SSL Peek/Splice but you cannot get a standard “site blocked” page you just get broken SSL negotiations for blocked sites. The best thing to do, if you have pfSense Gold, is to watch the hangout from January 2017 "Squid, SquidGuard, and Lightsquid” This is all covered. > >

Re: [pfSense] Multi-WAN and HA. Established connections through a not default gateway are broken when I disable CARP in the master unit.

2017-09-27 Thread Chris L
> On Sep 27, 2017, at 12:43 PM, dayer wrote: > > 2017-09-27 20:29 GMT+02:00 Steve Yates : >>I'm not sure if I am following you correctly, but the WAN CARP IP has >> to be the same on both routers. So router1 has a WAN of a.a.a.a and CARP of >>

Re: [pfSense] block DNS queries to external resolvers rule

2017-09-30 Thread Chris L
> On Sep 30, 2017, at 5:38 PM, Antonio wrote: > > Hi, > > I tried to add the "block DNS queries to external resolvers" as > described here > (https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers > ) to my LAN config and noticed that traffic

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

2017-10-11 Thread Chris L
> On Oct 11, 2017, at 12:54 PM, Adam Cage wrote: > > Dear people, I have pfSense 2.3 with Squid and Squidguard installed. > > I need a transparent proxy in order to let every cell phone that uses the > WiFi service, go to the web without any extra configuration...just go

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

2017-10-19 Thread Chris L
> On Oct 19, 2017, at 8:36 AM, Adam Cage wrote: > > Dear Volker and others, > > If I just inspect on host name only, do I have to create a CA and > Certificate to install in the proxy server of pfSense anyway ??? > > Thnks a lot, > > ADAM You do have to create a CA and

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

2017-11-25 Thread Chris L
> On Nov 22, 2017, at 9:34 AM, Ryan Coleman wrote: > > I want to pass the entire traffic from a few locations through one master. > > I have one site working. But when I try to connect the second site it kills > the first. > > I have IPSec for some basic network

Re: [pfSense] single pfsense to ha conversion

2017-12-04 Thread Chris L
ig to main firewall and use config sync to > replicate it to secondary.. > > I guess do whatever feels right then. > -- > Eero > > 2017-12-04 18:41 GMT+02:00 Chris L <c...@viptalk.net>: > >> On Dec 4, 2017, at 8:11 AM, Eero Volotinen <eero.voloti...@iki.f

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Chris L
AES-GCM with all hashes disabled in the ESP/Phase 2. > On Dec 9, 2017, at 12:03 PM, Karl Fife wrote: > > You might try... > > (Wait for it) > > ...AES. > > > On 12/9/2017 4:02 AM, Eero Volotinen wrote: >> Hi, >> >> What is the best ipsec ciphers for aes-ni ipsec

Re: [pfSense] single pfsense to ha conversion

2017-12-04 Thread Chris L
On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote: > > Well. is that really so hard? > > thinking to add carp ip addresses and switching them to main addresses by > editing xml backup and then restoring it to firewall.. > > I have same hardware (3* sg-8860). one for

Re: [pfSense] DNS configurazione under VPN

2018-05-13 Thread Chris L
> On May 13, 2018, at 11:39 AM, WebDawg wrote: > > "In any case, if you configure your DNS Resolver to use the LAN > interface as outgoing interface, the DNS Resolver should use the same > routing than your computer, VPN or not." > > Can anyone confirm that this is true? I

Re: [pfSense] Bandwidth Mismatch between pfSense and Data Center Provider...

2018-05-24 Thread Chris L
On May 23, 2018, at 10:57 AM, Chuck Mariotti wrote: > > We've run into a data overage situation at a datacenter... We get charged a > premium per GB over 500GB (yes I know, stupid). Their reporting system seems > to indicate significantly less data usages vs pfSense's RRD

Re: [pfSense] Slow/impossible updates to 2.4?

2017-12-27 Thread Chris L
> On Dec 27, 2017, at 6:41 AM, David Jenner wrote: > > I was finally able to update from the console. It took a total of one hour. > I have almost 200 megabits per second of wan connection, 51 MB of updates to > download. > > Similar behavior from Package Manager. It

Re: [pfSense] Moving traffic between LAN & OPT1

2017-12-24 Thread Chris L
> On Dec 24, 2017, at 10:08 AM, Matthew Hall <mh...@mhcomputing.net> wrote: > > >> On Dec 24, 2017, at 9:45 AM, Chris L <c...@viptalk.net> wrote: >> >> Not a bug. That is by design. Create the rules to pass the traffic you need >> to pass on OPTX

Re: [pfSense] Moving traffic between LAN & OPT1

2017-12-24 Thread Chris L
> On Dec 23, 2017, at 9:10 PM, Matthew Hall wrote: > > I did run into various bugs involving interfaces != LAN. One common one is > that the other interfaces are missing a default allow rule for reaching > pfSense on 53/udp. This makes all your DNS requests fail and

Re: [pfSense] Squid crash: assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

2018-01-08 Thread Chris L
> On Jan 8, 2018, at 8:39 AM, Eero Volotinen wrote: > > try removing squid package from package manager and then reinstalling. > > 8.1.2018 18.24 "Roberto Carna" kirjoitti: > >> Dear Eero, >> >> How do I have to remove Squid + config files

Re: [pfSense] Port forwards don't work on one machine

2018-02-11 Thread Chris L
> On Feb 11, 2018, at 11:12 AM, Marco wrote: > > 6) Packet capture: > >https://i.imgur.com/xT3qFXW.png What interface is that taken on? Take one on the interface the destination server is connected to (WLAN?) and test again. While you’re capturing also do another

Re: [pfSense] Port forwards don't work on one machine

2018-02-11 Thread Chris L
> On Feb 11, 2018, at 1:29 PM, Marco <li...@homerow.info> wrote: > > On Sun, 11 Feb 2018 20:46:41 + > "Joseph L. Casale" <jcas...@activenetwerx.com> wrote: > >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.or

Re: [pfSense] IPSec not routing traffic over tunnel

2018-02-10 Thread Chris L
> On Feb 9, 2018, at 5:25 AM, Mark Wiater wrote: > > > > On 2/9/2018 6:42 AM, Roland Giesler wrote: >> Ok, I'll try again with real (fake) addresses to make it better understood. >> >> WAN gateway: 197.212.127.194 (primary firewall interface), next hop >> gateway

Re: [pfSense] 1:1 NAT - Packets not leaving WAN interface

2018-02-15 Thread Chris L
> On Feb 15, 2018, at 7:29 AM, ad^2 wrote: > > Hello all, > > Objective - Connect to services from the Internet hosted on an internal > server assigned an RFC1918 address. > > pfSense version 2.4.2-RELEASE-p1 > > I have followed the instructions listed here -

Re: [pfSense] Maximum CARP Addresses?

2018-02-15 Thread Chris L
On Feb 15, 2018, at 11:35 AM, ad^2 wrote: > > Hello all, > > I read in the forum (h_t_t_p_s://forum.pfsense.org/index.php?topic=109346.0) > the 255 VHID limitation in CARP is no longer an issue in recent versions. I > cannot find any documentation to support it. > > I

Re: [pfSense] Limiters

2018-02-18 Thread Chris L
> On Feb 15, 2018, at 9:22 AM, user49b wrote: > > Hi > > I currently have some limiters setup on my WiFi interface. > I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700 Kbit/s. > > So every IP (device) has 700 Kbit/s. > > I want to add a "global" limit

Re: [pfSense] Open ports with OpenVPN tunnel

2018-01-01 Thread Chris L
What are the Firewall > Rules on your OpenVPN tab and the OpenVPN assigned interface tab for the ExpressVPN connection? > On Jan 1, 2018, at 1:48 PM, Antonio wrote: > > Hi, > > I recently managed to get pfSense to run a OpenVPN connection with my VPN > provider

Re: [pfSense] Open ports with OpenVPN tunnel

2018-01-01 Thread Chris L
see if the traffic to 80, 81, 443 actually arrives at your location and is responded to. That is highly doubtful. For an OpenVPN provider connection, which is essentially a WAN connection, you should have no rules (which is a default deny all) on the OpenVPN tab or the assigned interface tab.

Re: [pfSense] Seeking local support/reseller

2018-04-02 Thread Chris L
On Apr 2, 2018, at 4:32 PM, Ryan Coleman wrote: > > Jim, Ivork, et al Rubicon Employees on this list… > > My boss is looking for a regional support/reseller… is there a list of > authorized resellers and outside support providers? Might help if you told people where