Re: [pfSense] pfsense on watchguard XTM 810

Thanks. Do you have this device running pfsense? -- Eero 2016-05-03 17:51 GMT+03:00 WebDawg <webd...@gmail.com>: > On Tue, May 3, 2016 at 2:08 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > Hi, > > > > Does anyone has instructions how to

[pfSense] pfsense on watchguard XTM 810

Hi, Does anyone has instructions how to install pfsense on watchguard XTM 810? which image is requires? is console cable required? what type of console cable is needed? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list

[pfSense] looking for perfect pfsense box for home?

Any ideas where to find perfect pfsense box for home usage. Must be cheap and silent? netgate device? shuttle box? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Ipsec issue

Well, that sounds like lifetime setting is not correct on another endpoint? Eero 3.8.2016 3.07 ap. "Francois Roussy" kirjoitti: > Hi, > > I have a ipsec tunnel between a pfsense 2.3.2 and a fortigate 200d > > Every ~24h, there is a small disruption because it seem the

Re: [pfSense] looking for perfect pfsense box for home?

> > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Wednesday, August 03, 2016 2:37 AM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: [pfSense] looking for perfect pfse

Re: [pfSense] Wifi

<alfred.ta...@gmail.com>: > Any documentation about vlan ? Do u have some to share? > > Perhsps my pfsrnse have two nics lan and wan so u mean to get the third nic > for vlan? > > Alfredo Tapia Sabogal > El jul. 19, 2016 1:47 AM, "Eero Volotinen" <eero.voloti

Re: [pfSense] Wifi

What is wrong with UniFI AC "square models" ? Currently running three of them at office -- they work fine :) Eero 2016-07-18 17:51 GMT+03:00 Jeppe Øland : > On Sun, Jul 17, 2016 at 3:13 PM, WebDawg wrote: > > > UniFi AP-AC-Pro is a great AP. Though to

Re: [pfSense] Wifi

AP to the lan switcher and create a fw rule where this AP > comming from i guess so is the best way to simplify the headaches > > Regards > > Alfredo Tapia Sabogal > El jul. 19, 2016 1:21 AM, "Eero Volotinen" <eero.voloti...@iki.fi> > escrib

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

Provide also logs from Cisco ASA. NO_PROPOSAL_CHOSEN usually means that cipher specs does not match on both sides. Could you provide screenshot from cipher settings. -- Eero 2016-07-15 22:08 GMT+03:00 Marc R. Meshurle Jr. : > x.x.x.x is the PFSense and y.y.y.y is the Cisco >

Re: [pfSense] Fake OpenVPN / IPSec IP

it depends on ipsec configuration. Eero 4.2.2017 12.16 ip. "Chris" kirjoitti: > WebDawg wrote: > > On Sun, Jan 15, 2017 at 7:57 AM, Chris wrote: > > > >> is a client able to change his assigned OpenVPN or IPSec IP? > >> > >> Are packets still

Re: [pfSense] IPSec Bug?

how about disabling pfs? Eero 2017-02-03 13:25 GMT+02:00 Roland Giesler <roland@greentree.systems>: > On Fri, Feb 3, 2017 at 1:19 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >> It's a bit antique selection of ciphers. >> > > It is indeed.

Re: [pfSense] IPSec Bug?

It's a bit antique selection of ciphers. Problem is in DH group. try enabling same DH also in pfsense. -- Eero 2017-02-03 13:17 GMT+02:00 Roland Giesler <roland@greentree.systems>: > On Tue, Jan 24, 2017 at 8:16 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >

Re: [pfSense] IPSec Bug?

What hardware is other side running? Why you are trying to use 3des? Eero 2017-01-17 16:36 GMT+02:00 Roland Giesler : > We've battled all afternoon to establish an IPSec site-to-site connection. > Here's what happens: > > TimeProcessPIDMessage > Jan 17 15:58:53

[pfSense] pfsense upgrade problems?

The process will require 14 MiB more space. 73 MiB to be downloaded. Fetching php56-5.6.30.txz: .. done pkg: php56-5.6.30 failed checksum from repository something wrong with the packages? -- Eero ___ pfSense mailing list

Re: [pfSense] pfsense upgrade problems?

for some reason my pfsense crashed & corrupted fs during upgrade :( Eero 23.2.2017 2.57 ap. "Dave Warren" <da...@hireahit.com> kirjoitti: > On Wed, Feb 22, 2017, at 10:23, Eero Volotinen wrote: > > The process will require 14 MiB more space. > > > >

Re: [pfSense] looking for perfect pfsense box for home?

Who is reselling lanner units in europe? I just bought one lanner unit from china.it looks perfect for my home usage.. Eero 21.8.2016 10.22 ap. "Kendrick Vargas" kirjoitti: > Don't know how late I am to the game on this suggestion, but I am quite > happy with the Lanner Inc.

Re: [pfSense] Reports

Err. Impossible. Eero 2.9.2016 12.25 ip. "A Mohan Rao" kirjoitti: > I need https transparent squid3 without import CA Certificate at > client computer with https squid reports. > > pls give idea if any body already configured it. > > > Thanks > Mohan > > On Fri, Sep 2,

[pfSense] pfsense: how to route all traffic via ipsec?

how to configure this kind of setup to pfsense? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense gmirror installation and disk replacement

https://doc.pfsense.org/index.php/Create_a_Software_RAID1_(gmirror) .. backup and config restore works from management gui.. eero 24.10.2016 5.47 ip. "Chris" kirjoitti: > All, > > 1. I've a pfSense installation without software raid. Is it possible to > re-install

Re: [pfSense] pfsense + carp + ha

ok. does it also sync all settings like ipsec and openvpn keys? Eero 16.11.2016 7.14 ap. "Chris L" <c...@viptalk.net> kirjoitti: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean that same por

Re: [pfSense] pfsense + carp + ha

I think it is possible to use lagg interface for workaround with interface naming? Eero 2016-11-16 7:14 GMT+02:00 Chris L <c...@viptalk.net>: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean tha

[pfSense] pfsense + carp + ha

Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] pfsense + carp + ha

ility > Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > "Remote System Username" field. That field is ignored, and "admin" is > always used. > > -- > > Steve Yates > ITS, Inc. > > -----Original Message- > From: Lis

Re: [pfSense] pfsense 2.3.x 32bit?

Well, it just don't find any updates. (from console or from webgui) Eero 2016-11-02 19:29 GMT+02:00 Renato Botelho <ga...@freebsd.org>: > > On 2 Nov 2016, at 14:59, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > > thanks. > > > > Any idea why I

Re: [pfSense] pfsense 2.3.x 32bit?

Nanobsd on 2GB cf card. Eero 2016-11-02 20:18 GMT+02:00 Renato Botelho <ga...@freebsd.org>: > On 2 Nov 2016, at 15:40, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > Well, it just don't find any updates. (from console or from webgui) > > > What is your pla

Re: [pfSense] pfsense 2.3.x 32bit?

fixed problems by reinstalling whole system with 2.3 release. eero 2.11.2016 8.51 ip. "Eero Volotinen" <eero.voloti...@iki.fi> kirjoitti: > Nanobsd on 2GB cf card. > > Eero > > 2016-11-02 20:18 GMT+02:00 Renato Botelho <ga...@freebsd.org>: > &g

[pfSense] pfsense 2.3.x 32bit?

Hi All, Is there nowdays 32bit version of pfsense 2.3.x available? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two factor Authentication

Just configure radius with two factor authentication and point authentication server to it: sample how to configure two factor radius under linux: http://www.supertechguy.com/help/security/freeradius-google-auth I am using it with minor modifications for vpn and console+gui authentication.. --

Re: [pfSense] looking for silent and powerful pfsense hardware

gt; I have a SG-2220, which is silent and adequate for most needs. Most are > silent/fanless! > > Regards, > > Ian Jacobs > > > > On 28 Mar 2017, at 07:59, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > > Hi List, > > > > Looking for pfsens

[pfSense] looking for silent and powerful pfsense hardware

Hi List, Looking for pfsense hardware that can handle 1000M/1000M internet connection with NAT. Any recommendations? It must be silent.. -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] looking for silent and powerful pfsense hardware

Well, I don't know PPS values :) This is just home gigabit connection for .. surfing/movies/4K streaming :) Eero 2017-03-28 15:13 GMT+03:00 Vick Khera <vi...@khera.org>: > On Tue, Mar 28, 2017 at 2:59 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > L

Re: [pfSense] Migration from an old linux firewall

ok. that sounds really bad: http://dilbert.com/strip/1998-08-24 Eero 30.3.2017 5.40 ip. "Claudio M." kirjoitti: > In data mercoledì 29 marzo 2017 10:13:36, WebDawg ha scritto: > > You can do two different subnets on one network, but it is not the way to > > do things.

Re: [pfSense] Migration from an old linux firewall

How about using vlan tagging? Eero 2017-03-29 13:55 GMT+03:00 Claudio M. : > Hi > I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. > The old configuration was with 2 interfaces connected to adsl routers and > an > interface for the lan. Was configurated also a

Re: [pfSense] looking for silent and powerful pfsense hardware

http/https, vpn, torrent and 4k streaming :) 28.3.2017 7.50 ip. "Matthew Hall" <mh...@mhcomputing.net> kirjoitti: > On Tue, Mar 28, 2017 at 09:59:05AM +0300, Eero Volotinen wrote: > > Hi List, > > > > Looking for pfsense hardware that can handle 1000M/1

Re: [pfSense] SIP through IKEv2-tunnel

maybe you need something like this https://doc.pfsense.org/index.php/Siproxd_package Eero 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: > Hi ! > > I have a Fritz!Box (router) connected to the internet (no other > possibility). > > In i have NATted ESP, GRE, 4500, 500,

Re: [pfSense] problems with lagg interfaces?

It's netgate pfsense SG-4860 running 2.4 final release Eero 2017-10-17 17:23 GMT+03:00 <rai...@ultra-secure.de>: > Am 2017-10-17 15:36, schrieb Eero Volotinen: > >> Hi All, >> >> Tried to configure lagg0 interface with vlans. Looks like traffic is not >>

Re: [pfSense] problems with lagg interfaces?

So, you mean that it is not working? Eero 2017-10-17 17:32 GMT+03:00 <rai...@ultra-secure.de>: > Am 2017-10-17 16:28, schrieb Eero Volotinen: > >> It's netgate pfsense SG-4860 running 2.4 final release >> > > > So, these are intel nics? > > Can you loo

[pfSense] problems with lagg interfaces?

Hi All, Tried to configure lagg0 interface with vlans. Looks like traffic is not passing in the interface. Any ideas? It works fine, if I just configure interface with vlan, but not with lagg interface Setup is like this: -> Lagg0 with two interfaces in failover mode and vlan tagging top of

Re: [pfSense] problems with lagg interfaces?

so sad. how to downgrade to 2.3? Eero 2017-10-17 17:57 GMT+03:00 : > Am 2017-10-17 16:54, schrieb Ivo Tonev: > >> Even if your vlan dont bright up you can capture traffic on physical >> interfaces with tcpdump. >> See what you can capture before any other move. >> > >

Re: [pfSense] pfsense 2.4rc wirespeed?

en two VMs running on the > same hypervisor, more recently at a different ISP. > Use iperf or something (anything!) better to make more accurate > measurements before questioning pfSense, IMHO. > -Adam > > On September 3, 2017 3:59:24 AM CDT, Eero Volotinen <eero.voloti...@iki.f

Re: [pfSense] pfsense 2.4rc wirespeed?

over 800Mbit/s, why it cannot upload at same speed? (tester is speedtest-cli) Eero 2017-09-03 13:52 GMT+03:00 Alexandre Paradis <alexandre.para...@gmail.com>: > it might be your desktop cpu that is too weak. > > not enough info here. > > On Sun, Sep 3, 2017 at 4:

[pfSense] pfsense 2.4rc wirespeed?

Hi, Is there any setting to optimize pfsense nat speed? Tried with speedtest and upload speed is abit slow? Retrieving speedtest.net configuration... Testing from Suomi Communications (77.246.193.181)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by

Re: [pfSense] Bug in loading configuration on device with different NICs

well. you cannot import config to different device without manually editing the xml configuration Eero 2017-10-24 14:03 GMT+03:00 Adrian Zaugg : > > Hi > > When loading a configuration file from a different device (with other > NICs) to a freshly installed pfSense, it

Re: [pfSense] pfsense openvpn speed?

rough the NetGate and it can not > handle the load. > > > > > > In other words, based on the limited info you provided, you have not > provided proof that it's a problem with the NetGate. > > > > > > Lyle Giese > > > >> On 11/25/17 06:34, Eero

[pfSense] pfsense 2.3 -> 2.4 upgrade?

just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there any known issues? it's not so complex setup, but running as our hq main firewall. so, some ipsec and openvpn connections are running against it. Eero ___ pfSense mailing list

Re: [pfSense] pfsense openvpn speed?

traffic through the NetGate and it can not > handle the load. > > > In other words, based on the limited info you provided, you have not > provided proof that it's a problem with the NetGate. > > > Lyle Giese > > > On 11/25/17 06:34, Eero Volotinen wrote: > >

Re: [pfSense] pfsense openvpn speed?

thanks for links. looks like it might be wise to upgrade pfsense 2.4 and enable --cipher AES-256-GCM on openvpn? Eero 2017-11-25 20:01 GMT+02:00 Joseph L. Casale <jcas...@activenetwerx.com>: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Be

Re: [pfSense] pfsense openvpn speed?

an do, as indicated, is to run the “MTU” up such that > the (OpenVPN) packet size increases, which reduces the overhead of both the > TUN/TAP interface, as well as some of the overhead of handing relatively > short packets to OpenSSL for encryption/decryption. > > Jim >

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Hi Ryan, Ipsec is the way you want to go. We have multiple sites connecting our HQ running sg-8860 with similar setup. Please note that you need different ip ranges on each site. (for example site1: 192.168.2.0/24, site2: 192.168.3.0/24 and hq site with 192.168.4.0/24 ) -- Eero 2017-11-22

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

Take look of this how to: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel adding site is simple, just replicate site A with different lan addressing. Eero 2017-11-23 8:19 GMT+02:00 Eero Volotinen <eero.voloti...@iki.fi>: > Hi Ryan,

Re: [pfSense] 2.4 Bricked my APU4 Netgate

Well. I have similar issue on my sg-8860. it complains about missing ssl and php libraries :) well. at least it boots from usb .. so I can do full reinstall + config restore.. Eero 2017-11-23 18:59 GMT+02:00 Ryan Coleman : > There’s likely a package you added to your

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

rewalls all without any problems. > > > > Am 26.11.17, 13:04 schrieb "List im Auftrag von Eero Volotinen" < > list-boun...@lists.pfsense.org im Auftrag von eero.voloti...@iki.fi>: > > just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there > any &

[pfSense] pfsense openvpn speed?

Hi list, We are running pfsense 2.3 on netgate sg-8860. Device is connected to internet with gigabit link, but openvpn speed is very slow (about 50Mbit/s). Any idea how to get more speed to vpn clients? Eero ___ pfSense mailing list

Re: [pfSense] 2.4 Bricked my APU4 Netgate

reinstall with factory factory image from usb stick? 23.11.2017 18.09 "Elijah Savage" kirjoitti: > I know it is an older model but after my attempt to upgrade my APU4 it > would > not reboot. I let it sit for 24 hours as it was still passing traffic but > no > reboot.

Re: [pfSense] 2.4 Bricked my APU4 Netgate

from usb stick? Eero 23.11.2017 23.25 "Elijah Savage" <esav...@digitalrage.org> kirjoitti: > Can't get it to boot on any image. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: T

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

ges for "major" version upgrades but (per my past thread > here ) I would think point versions are minor upgrades. > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.p

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

I got similar problems on my device :) reinstalled it with 2.4.2 and did restore from backup. Anyway, do you have strace or similar tools installed in the box? Eero 2017-12-04 21:57 GMT+02:00 Pete Boyd <petes-li...@thegoldenear.org>: > On 04/12/2017 19:52, Eero Volotinen wrote: > &

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

It might be possible to transfer static version of strace to box via ssh. this might a bit tricky, but .. -- Eero 2017-12-04 22:11 GMT+02:00 Pete Boyd : > strace isn't installed, no packages are installed. > > Ideally I'd like to recover this to 2.3.5 or 2.4.2 if

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

well. for temporary fix, try hardcoding needed hostnames in /etc/hosts and check also that your firewall rules allow access to dns server 53/udp and tcp. Eero 4.12.2017 22.41 "Pete Boyd" kirjoitti: > On 04/12/2017 20:39, Adam Thompson wrote: > > Do you have

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

Can you ssh into device and drop to shell? Eero 2017-12-04 21:19 GMT+02:00 Pete Boyd : > Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to > 2.4.2 using the web GUI. There were no packages installed. It appeared > to update OK, and rebooted

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

is dns (nameresolution) working correctly? Eero 4.12.2017 22.29 "Pete Boyd" kirjoitti: > On 04/12/2017 20:11, Steve Yates wrote: > > If you ssh to the device and pick the option to update from its console > menu, does it update there? > > No, those package

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

well. ssh into box and cat /etc/resolv.conf to see nameserver addresses. if it contains 127.0.0.1 entry, then it is using dnsmasq/unbound or similar dns cache. I think it is under services tab.. Eero 4.12.2017 23.56 "Pete Boyd" kirjoitti: > I'm not sure where to

[pfSense] pfsense crashing

Hi List, After updating and restoring config to my SG-8860, it goes to endless boot - reboot - crash loop. Any idea how to test if this is hardware or software issue? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense crashing

Need to test that tomorrow. Just wondering how to attach remote debugger or similar to get root cause of crash. Eero 17.12.2017 19.57 "Joseph L. Casale" <jcas...@activenetwerx.com> kirjoitti: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.

Re: [pfSense] pfsense crashing

ok. I might be able to use screen to save output from firewall :) good idea. Eero 2017-12-17 20:11 GMT+02:00 Joseph L. Casale <jcas...@activenetwerx.com>: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: S

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

n stick with latter u can test > 2.4.2 upgrade. > > > On Sun, Nov 26, 2017 at 4:04 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there any > > known issues? > > > > it's

[pfSense] pfsense adi 2.4.2-1 (p1)

is this install image available in net? for netgate devices. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense crashing

looks like turning pfsync from on to off resolved this issue. -- Eero 2017-12-17 20:11 GMT+02:00 Joseph L. Casale <jcas...@activenetwerx.com>: > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Sunday, Decem

[pfSense] pfsense ha issues

Hi, installed pfsense ha system on office. it works, but experiencing about 25% packet loss. any idea why? switch issue? failover works fine. VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip of fw) even dhcp offers .1 as gw. is this normal? Eero

Re: [pfSense] pfsense crashing

this long standing issue: https://redmine.pfsense.org/issues/4310 :( Eero 2017-12-18 10:07 GMT+02:00 Eero Volotinen <eero.voloti...@iki.fi>: > looks like turning pfsync from on to off resolved this issue. > > -- > Eero > > 2017-12-17 20:11 GMT+02:00 Joseph L. Casale &l

Re: [pfSense] pfsense ha issues

; gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > Are you getting packet loss if you ping the .1 address? The .7 address? > Or just out to the Internet? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list

Re: [pfSense] pfsense ha issues

e > > gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > > > Are you getting packet loss if you ping the .1 address? The .7 address? > > Or just out to the Internet? > > > > -- > > > > Steve Yates > > ITS, Inc. > >

[pfSense] pfsense ipv6 not working

Hi List, Running ipv6 with dhcpv6 from isp and it works on my laptop without pfsense, but on pfsense shell, I cannot even ping other network addresses that gw: ping6 fe80::208:20ff:fe4e:1c1b PING6(56=40+8+8 bytes) fe80::ae1f:6bff:fe43:a993%igb3 --> fe80::208:20ff:fe4e:1c1b 16 bytes from

Re: [pfSense] pfsense ipv6 not working

ftrag von st...@teamits.com>: > > Starting at the top level, do you have a firewall rule allowing ICMP > for IPv6? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On B

[pfSense] single pfsense to ha conversion

Hi List, I just bought two pieces of sg-8860 netgate devices and planning to convert old unit to ha solution. Is there simple way to convert units to ha with a bit editing xml backup? -- Eero ___ pfSense mailing list

Re: [pfSense] single pfsense to ha conversion

s in order to > sync firewall states (em0 to igb0 won't sync). > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Saturday, December 2, 2017 11:04 AM > To: p

Re: [pfSense] single pfsense to ha conversion

job ;) Eero 4.12.2017 19.16 "Chris L" <c...@viptalk.net> kirjoitti: > > > > On Dec 4, 2017, at 9:07 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > well. my plan was to add first carp vip addresses to old configuration > with > >

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

well. Just thinking site to site ipsec :) anyway. not happy with meraki aes speed, but that might be problem on meraki device.. Eero 10.12.2017 19.06 "Vick Khera" kirjoitti: > If you're going to use IPSec mobile client with an iPhone, it does not seem > to propose the GCM

[pfSense] best ipsec cipher for aes-ni on sg-8860

Hi, What is the best ipsec ciphers for aes-ni ipsec acceleration? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] single pfsense to ha conversion

t;c...@viptalk.net>: > On Dec 4, 2017, at 8:11 AM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > > Well. is that really so hard? > > > > thinking to add carp ip addresses and switching them to main addresses by > > editing xml backup and then restoring

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

well. take backup of config and ask operator to reinstall box from usb stick & restore backup? Eero 5.12.2017 11.53 "Pete Boyd" kirjoitti: > It was available to login to again after power cycling. > > From the log - General: > > check_reload_status

Re: [pfSense] Rebuilding confidence

Well. You should use VLANs to segment IoT devices into different network. Anyway... some commercial vendor might provide a bit better protection ;) You can replace you apple timemachine with unifi aps. https://www.ubnt.com/unifi/unifi-ap/ Eero On Sun, May 13, 2018 at 10:44 PM Richard A. Relph

Re: [pfSense] How could I block messages trying to pass as from my net?

You should use postscreen/blacklist to block spam? Eero pe 18. toukok. 2018 klo 17.43 Alberto José García Fumero < albe...@ettpartagas.co.cu> kirjoitti: > Hi all. > > I use PfSense 2.2.1. Of course I know it would very convenient to > upgrade, but right now it isn't possible. > > Im trying to

Re: [pfSense] Moving traffic between LAN & OPT1

Hi, Check out firewall / rules / interface_name Eero 2017-12-23 6:25 GMT+02:00 Antonio : > Hi, > > I'm not sure how you move traffic between the above interfaces. I was > under the impression that all you needed was a "Default allow LAN to any > rule" and job done. Yet i'm

Re: [pfSense] OpenVPN with pfSense and TLS handshake problems

you are missing something like ca certificate that is used to verify remote endpoint routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Dec 24 00:53:16 openvpn 10563 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=VG, ST=BVI, O=ExpressVPN,

[pfSense] pfsense force ipsec initiator

Hi List, Is there way to configure pfsense as ipsec initiator only? (on some ipsec connections) Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Squid 0.4.42_1 crashes in pfSense 2.4.2

See: http://lists.pfsense.org/pipermail/list/2018-January/011620.html -- Eero 2018-01-05 15:33 GMT+02:00 Roberto Carna : > Dear, I've moved from pfSEnse 2.4.0 with Squid 0.4.42 to pfSEnse > 2.4.42 with Squid 0.4.42_1. After the update, the Squid service > crashes and

Re: [pfSense] Squid crash: assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

from pfSense, but how do I have > to remove the config files ??? > > Thanks a lot, regards !!! > > 2018-01-03 13:30 GMT-03:00 Eero Volotinen <eero.voloti...@iki.fi>: > > Fix:https://forum.pfsense.org/index.php?topic=110155.0 > > > > remove squid+config file &

Re: [pfSense] IPSec not routing traffic over tunnel

how about not masking ip addresses? do you really need nat in phase 2 ? why? Eero 8.2.2018 18.17 "Roland Giesler" kirjoitti: > I'm trying to find a solution and know there are quite a few pfSense users > here, so here goes... > > We've set up some IPSec tunnels and

Re: [pfSense] IPSec not routing traffic over tunnel

and@greentree.systems> wrote: > On 8 February 2018 at 20:40, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > how about not masking ip addresses? > > > > I'm not allowed to show the ip addresses (by my client), hence the > masking... > > I thought I need NAT, b

Re: [pfSense] IPSec not routing traffic over tunnel

cannot expose the LAN ip address > to the tunnel (192.168.110.130), I need to use the public IP... > > thanks again > > > On 8 February 2018 at 23:51, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > > Well. Maybe You need to hire pfsense consultant with NDA, so

[pfSense] a bit offtopic, vga header cable for netgate device

Hi List, Does anyone know where I can buy this cable: https://store.netgate.com/Hamakua-VGA-Cable-P350.aspx Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Configs or hardware?

Hi, This hardware can do gigabit (wirespeed) NAT/FW https://www.amazon.com/gp/product/B016VHBA7C (tested on my home, using symmetric gigabit line...) but, I we use NetGate SG-8860 on our main offices:

Re: [pfSense] a bit offtopic, vga header cable for netgate device

le.com/search?q=VGA+header+to+15-pin+ribbon; > source=lnms=shop=X=0ahUKEwiwybq2ma3ZAhVI2oMKHf9zBWwQ_AUICigB < > https://www.google.com/search?q=VGA+header+to+15-pin+ > ribbon=lnms=shop=X=0ahUKEwiwybq2ma3ZAhVI2oMKHf9zB > WwQ_AUICigB> > > > On Feb 17, 2018, at 3:29 AM,

Re: [pfSense] Configs or hardware?

> I believe I read somewhere that the new version that requires aes-ni will > be 3.x, and they plan to continue the 2.x line alongside it, as 3.x will be > a major rewrite > > > -Ed > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eer

Re: [pfSense] Configs or hardware?

Please note that next pfsense will not install hardware that is not supporting aes-ni? Eero On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek wrote: > This board does round-up gigabit (something like 976 Mb/s) in both > directions on all 4 interfaces:

Re: [pfSense] Configs or hardware?

> saying "AES-NI CPU Crypto: No". > > On 02/15/2018 11:55 AM, Eero Volotinen wrote: > > Please note that next pfsense will not install hardware that is not > > supporting aes-ni? > > > > Eero > > > > On Thu, Feb 15, 2018 at 6:37 PM, Kyle Mar

Re: [pfSense] pfsense on watchguard xtm 810?

Thanks. that worked. It was a bit hard without console :) Eero On Fri, Feb 16, 2018 at 9:00 PM, Melvin <mel...@sleepydragon.net> wrote: > I've had good luck in similar cases by installing on a generic machine > then putting the media in the target box. > > On Feb 16, 2018, 13:

Re: [pfSense] Configs or hardware?

Maybe. I think that hardware can still do full gigabit nat and firewalling. -- Eero On Mon, Feb 19, 2018 at 7:12 PM, Moshe Katz <mo...@ymkatz.net> wrote: > On Mon, Feb 19, 2018 at 10:42 AM, Paul Mather <p...@gromit.dlib.vt.edu> > wrote: > > > On Feb 19, 2018,

Re: [pfSense] Configs or hardware?

y. I shouldn't have to replace my hardware to support a > > feature I will not use... > > > > I shame Netgate for such an artificial limitation... > > > > Thank you for the information. > > > > On 02/15/2018 12:20 PM, Eero Volotinen wrote: > > > Well: &g

  1   2   >