Re: [pfSense] Vlan Trunk

2012-05-02 Thread Espen Johansen
What exactly is your question here? I don't see any issue implementing this. -lsf On Wed, May 2, 2012 at 7:08 PM, steel max steelmax11...@gmail.com wrote: Dear All, I am trying to implement a wireless network on my corporate environment using, Authentication by Domain Controller windows AD

Re: [pfSense] Vlan Trunk

2012-05-02 Thread Espen Johansen
With one exception, it seems you want to use the same vlan as both lan and wan (Vlan 10)??? On Wed, May 2, 2012 at 8:34 PM, Espen Johansen pfse...@gmail.com wrote: What exactly is your question here? I don't see any issue implementing this. -lsf On Wed, May 2, 2012 at 7:08 PM, steel max

Re: [pfSense] pfSense routing and TCP sequence numbers

2013-09-14 Thread Espen Johansen
-in-wireshark-captures/ On Sat, Sep 14, 2013 at 1:12 PM, Espen Johansen pfse...@gmail.com wrote: Try tcpdump + wireshark. Then read this: http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/ pfSense should not change sequence numbers unless you tell it to do so

Re: [pfSense] Hardware requirements for gigabit wirespead

2013-10-24 Thread Espen Johansen
What else is new with thinker as op. 25. okt. 2013 02:18 skrev Jim Thompson j...@netgate.com følgende: The topic has wandered away from pfSense. -- Jim On Oct 24, 2013, at 18:48, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 24/10/13 7:31 pm, Adam Thompson wrote: If I upgraded to

Re: [pfSense] Restoring from XML prevents VM from booting

2014-02-05 Thread Espen Johansen
Might be that serial redirection makes it show nothing. Bad drives might also cause files to be corrupted. same goes for bad memory. Make sure both are same versions. 5. feb. 2014 18:42 skrev Brian Candler b.cand...@pobox.com følgende: This is a really strange behaviour, I wonder if anyone has

Re: [pfSense] Wireless Card

2014-02-05 Thread Espen Johansen
Check the wireless section in the pfsense forum. 5. feb. 2014 19:40 skrev Brian Caouette bri...@dlois.com følgende: What are some pci wireless cards that are compatible with pfSense 2.1? Are they all capable of making the box an access point? I tried my old Linksys wpc11 and the machine

Re: [pfSense] Gateway on a gateway...

2014-05-17 Thread Espen Johansen
Tell your provider to do what mojo said. Or set it up yourself if you have access to the provider routers. Third option is VPN between the pfsense boxes so you can override the routing. 17. mai 2014 21:53 skrev Klaus Wunder kl...@net-wunder.de følgende: Hello, you can use pfSense as a BGP

Re: [pfSense] default gateway over MPLS VPN

2014-05-20 Thread Espen Johansen
You asked this already and it has been responded to. Dont double post! 20. mai 2014 17:54 skrev Michael Schuh michael.sc...@gmail.com følgende: 2014-05-20 11:31 GMT+02:00 Faisal Gillani faisal.gill...@akesp.org: Hello all I am using Pfsense with everything, Pfsense based multi homed firewall

Re: [pfSense] Disk Space

2014-06-07 Thread Espen Johansen
1kb size should clue you in. This is however completely normal. 7. juni 2014 12:45 skrev Brian Caouette bri...@dlois.com følgende: Mounted Filesystems*Type**Partition**Percent Capacity**Free**Used**Size* /dev/da0s1a 17%4.38 GB988.37 MB5.81 GB/dev/md0 2%3.26 MB62.00 KB3.61 MB devfs 100%0.00

Re: [pfSense] Host Connectivity on a Specific Subnet

2014-07-11 Thread Espen Johansen
Please provide a network drawing. I suspect you have a arp leak or a switch that needs to be restarted to clear its arp cache. Restart switche (s) without nothing connected and add the cetos and pfsense only and only after you have cleared both units arp cache (arp -d). Then take it from there.

Re: [pfSense] Unbound vs stock

2014-07-11 Thread Espen Johansen
Add it to pfsense dns list. Remove it from dhcp etc. If it's used there. 12. juli 2014 01:26 skrev Brian Caouette bri...@dlois.com følgende: So the fix to make it work the same would be to add 127.0.0.1 to resolv.conf manually? Sent from my iPad On Jul 11, 2014, at 6:19 PM, Dave Warren

Re: [pfSense] Host Connectivity on a Specific Subnet

2014-07-12 Thread Espen Johansen
I get rid of it? SystemRoutingRoutes indicates that no static routes are set up. Is there a routing configuration file somewhere? Best Regards, -Stefan On 7/11/2014 6:35 PM, Espen Johansen wrote: Please provide a network drawing. I suspect you have a arp leak or a switch that needs

Re: [pfSense] Host Connectivity on a Specific Subnet

2014-07-12 Thread Espen Johansen
-enabled, I would need to run a cronjob every second or so. And even that is not a great solution -- I'd reinstall before that. I'd really prefer a more elegant solution if possible. Any other ideas? Am I searching for the wrong thing? Best Regards, -Stefan On 7/12/2014 2:46 AM, Espen

Re: [pfSense] Host Connectivity on a Specific Subnet

2014-07-12 Thread Espen Johansen
remote as I´m on vacation with flaky 3G mobile. On Sun, Jul 13, 2014 at 12:37 AM, Stefan Maerz stefan.ma...@thecommunitypartnership.org wrote: No 3rd party routing installed. -Stefan On 7/12/2014 5:19 PM, Espen Johansen wrote: Only thing I can think of is that a package with a seperate

Re: [pfSense] ZFS warning message on local console during boot

2014-07-30 Thread Espen Johansen
ZFS = FS+LVM. Its efficient in many ways. Its highly resillient to things like silent data corruption ( disk FW bugs, power spikes). It has on the fly checking and repair. Copy on write, snapshoting, NFSv4 native acls and a few more nice things. I dont understand the bashing? -lsf 30. juli 2014

Re: [pfSense] ZFS warning message on local console during boot

2014-07-30 Thread Espen Johansen
Also remeber that pfsense has had packages like freenas (for some the Ultimate all in one home device). -lsf 30. juli 2014 22:24 skrev Paul Mather p...@gromit.dlib.vt.edu følgende: On Jul 30, 2014, at 4:09 PM, Espen Johansen pfse...@gmail.com wrote: ZFS = FS+LVM. Its efficient in many ways

Re: [pfSense] Dual IP nets over one ethernet connector

2014-08-16 Thread Espen Johansen
If you have a vlan capable switch (most managed switches can do this) then you can split one interface into several virtuals. Pfsense supports this. If not, a USB ethernet interface would be an option. 16. aug. 2014 19:48 skrev Bob Gustafson bob...@rcn.com følgende: I have a small Alix board

Re: [pfSense] Dual IP nets over one ethernet connector

2014-08-16 Thread Espen Johansen
Not doable in a sensible way. 16. aug. 2014 20:06 skrev Bob Gustafson bob...@rcn.com følgende: I'm interested in doing it all within the Alix using pfsense. A minimum hardware approach. Think of my WAN mentioned below as the LAN network created by the modem/router furnished by the ISP and

Re: [pfSense] Dual IP nets over one ethernet connector

2014-08-16 Thread Espen Johansen
You would have to do a major code rewrite to get this done. And it would be insecure and it would make no pf sense :-) this is network basics. You dont seem to understand some network fundamentals. Sorry but this is not doable without using vlans or 2 physical interfaces. 16. aug. 2014 20:06

Re: [pfSense] Dual IP nets over one ethernet connector

2014-08-16 Thread Espen Johansen
. Again, do not do it. 16. aug. 2014 22:13 skrev Adam Thompson athom...@athompso.net følgende: On 14-08-16 01:13 PM, Espen Johansen wrote: You would have to do a major code rewrite to get this done. And it would be insecure and it would make no pf sense :-) this is network basics. You dont seem

Re: [pfSense] Delete last Alias IP when CARP address in subnet

2014-08-18 Thread Espen Johansen
Export config. Edit. Then import. 18. aug. 2014 19:21 skrev Adam Williams a...@spreedly.com følgende: Hello. I am running 2.1-RELEASE (built on Wed Sep 11 18:16:44 EDT 2013), which I believe includes the fix for the bug documented here https://redmine.pfsense.org/issues/2406, according to

Re: [pfSense] Delete last Alias IP when CARP address in subnet

2014-08-18 Thread Espen Johansen
that simple, I can use `viconfig` to delete the `ipalias` element, then in FreeBSD, simply remove the IP address from the WAN interface. I just am not terribly sure of the lifecycle of the config file. On Mon, Aug 18, 2014 at 1:53 PM, Espen Johansen pfse...@gmail.com wrote: Export config. Edit

Re: [pfSense] Netgate APU2 SSD module question

2014-08-25 Thread Espen Johansen
I personally don't think you will have an issue with too many writes in a normal environment. Why squid tho? if its for filtering fine. For acceleration and 3-6 persons it will most likely not do you much good. Also check MLC vs SLC. SLC based SSD will last longer. Approximately 10 times longer.

Re: [pfSense] Netgate APU2 SSD module question

2014-08-27 Thread Espen Johansen
: Thank you Espen, Squid is for filtering purpose only, not to save bandwidth. On Netgate they have only this SSD as an option. But I’ll keep your advice in mind. Best regards, Sergii Cherkashyn Date: Mon, 25 Aug 2014 20:45:46 +0200 From: Espen Johansen pfse...@gmail.com

Re: [pfSense] Netgate APU2 SSD module question

2014-08-27 Thread Espen Johansen
: Espen Johansen pfse...@gmail.com To: pfSense support and discussion list@lists.pfsense.org Subject: Re: [pfSense] Netgate APU2 SSD module question Message-ID: caadq7-adzhlsv1p6rl7kwaaomaws1uqcet6fxa5ngdn8sl5...@mail.gmail.com Content-Type: text/plain; charset=utf-8

Re: [pfSense] Netgate APU2 SSD module question

2014-08-27 Thread Espen Johansen
bandwidth. On Netgate they have only this SSD as an option. But I’ll keep your advice in mind. Best regards*,* *Sergii Cherkashyn* Date: Mon, 25 Aug 2014 20:45:46 +0200 From: Espen Johansen pfse...@gmail.com To: pfSense support and discussion list@lists.pfsense.org Subject: Re: [pfSense] Netgate

Re: [pfSense] Netgate APU2 SSD module question

2014-08-28 Thread Espen Johansen
of the early fracas around SSDs.) I’m not going to depend on what someone said in the forum over 3 years ago, since it’s unlikely to apply today. Jim On Aug 27, 2014, at 1:32 PM, Espen Johansen pfse...@gmail.com wrote: For completeness sake. Just to clarify. You can get SDHC cards that are SLC

Re: [pfSense] understand the CARP advskew option

2014-09-11 Thread Espen Johansen
advbase: This optional parameter specifies how often, in seconds, to advertise that we're a member of the redundancy group. The default is 1 second. Acceptable values are from 1 to 255. advskew: This optional parameter specifies how much to skew the advbase when sending CARP advertisements. By

Re: [pfSense] Routing between LAN interfaces

2014-09-12 Thread Espen Johansen
This should work wothout any special magic. Can a pc on a vlan segment ping the gateway and reach internet? Also did you configure the ip on the vlan interface or the physical? What does a traceroute show if you trace to an unreachable part. Does arp register hosts on the vlan interface? -lsf 12.

Re: [pfSense] Adding Ethernetports

2014-09-19 Thread Espen Johansen
check dmesg and pciconf -lv. If its not seen at all then try different slots and try to verify that card/slot is working. -lsf On Fri, Sep 19, 2014 at 4:31 PM, Brian Caouette bri...@dlois.com wrote: I added a dual port nic to my pfsense box and it doesn't show the additional ports. The new

Re: [pfSense] Pftop confusion.

2014-09-24 Thread Espen Johansen
Run pftop in interactive mode (-i) then press capital K for who is peaking. Or capital B for byte amount sorting. Or try capital R for instant speed rate. See man page for all options in interactive mode. -lsf 24. sep. 2014 17:04 skrev Muhammad Yousuf Khan sir...@gmail.com følgende: Darkstat

Re: [pfSense] Https blocking

2014-09-24 Thread Espen Johansen
Sorry. That just means you are incompetent at your job. There is no way in h...l you can demand others to do your job. We are all here for free. Buy a pfSens support agreement and pay for it! People like you annoys me. -lsf 24. sep. 2014 19:22 skrev A Mohan Rao mohanra...@gmail.com følgende:

Re: [pfSense] Reports

2014-09-26 Thread Espen Johansen
You can install time based access control apps on most devices. Same goes for time based rules. I use this for the kids. 26. sep. 2014 21:23 skrev Brian Caouette bri...@dlois.com følgende: Is there a way to do a weekly report based on MAC address showing times used, total time and date for the

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-28 Thread Espen Johansen
If this is to be implemented it should be a tick box on each interfance. Dropping all states if you want to move a cable/reroute it is not a good idea. This needs to be user controllable or only affect interface if is_interface_type=pppoe. Just my 2 cents. -lsf 28. sep. 2014 19:19 skrev Hannes

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Espen Johansen
You might want to use google insted og relying on others. Maybe try to do your own homework?

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Espen Johansen
Depends on what you want. A splitt design is normaly better and safer then a all in one box. If you want suricata +snorby and barnyard its not recommended to run it all on pfsense. There are many deps. that will cause a security nightmare and you will probably run out of hw resources as well. OK,

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Espen Johansen
with firewall rules enabled ??? Really thanks, Roberto 2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com: Depends on what you want. A splitt design is normaly better and safer then a all in one box. If you want suricata +snorby and barnyard its not recommended to run it all

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Espen Johansen
you recommend to setup the Pfsense WAN and LAN interfaces in bridge mode with firewall rules enabled ??? Really thanks, Roberto 2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com: Depends on what you want. A splitt design is normaly better and safer then a all

Re: [pfSense] Adding Ethernetports

2014-10-03 Thread Espen Johansen
Bridge to LAN. 3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com følgende: Just wanted to thank those of you who replied. Finally got the card noticed in pFsense. Had to use the add hardware feature on the VM. Now the problem is getting it to route traffic. I am able to ping the two

Re: [pfSense] Adding Ethernetports

2014-10-03 Thread Espen Johansen
of my issues does it solve? On 10/3/2014 12:08 PM, Espen Johansen wrote: Bridge to LAN. 3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com følgende: Just wanted to thank those of you who replied. Finally got the card noticed in pFsense. Had to use the add hardware feature on the VM

Re: [pfSense] pfsense crash dump

2014-10-13 Thread Espen Johansen
Is this a RAID? Seen this on dells with PERC/megaraid controllers when they run the sceduled BBU test. 13. okt. 2014 18:44 skrev Mark Loza ml...@morphlabs.com følgende: Hi, pfsense is running fine for now. Is there any pfsense package that I can perform a live test on the drive? On 10/14/14

Re: [pfSense] pfsense crash dump

2014-10-15 Thread Espen Johansen
Mark Loza ml...@morphlabs.com følgende: Does this something have to do with faulty PERC controller? On 10/14/14 1:29 AM, Mark Loza wrote: Yes, a hardware raid and pfsense is physically running on a Dell PE R515 machine. On 10/14/14 12:49 AM, Espen Johansen wrote: Is this a RAID? Seen

Re: [pfSense] little problem with pfsense

2014-11-24 Thread Espen Johansen
Just a hunch. Did you by any chance drop udp port 137/138 traffic between client and dhcp server? As in, is this traffic allowed? Try tcpdump and check for requests from a problem machine. You might block something win7 has decided it needs. MS tends to have strange/unexpected needs ;) -lsf Hi

Re: [pfSense] little problem with pfsense

2014-11-24 Thread Espen Johansen
Tcpdump and you will know the answer to that. 24. nov. 2014 13:35 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr følgende: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But

Re: [pfSense] little problem with pfsense

2014-11-24 Thread Espen Johansen
Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr Le 24 nov. 2014 à 13:56, Espen Johansen pfse...@gmail.com a écrit

Re: [pfSense] Gold hangout - what time?

2014-11-25 Thread Espen Johansen
Is should be... i also had to think twice about it. CMB, maybe you can note that for the future? 25. nov. 2014 17:16 skrev Adam Thompson athom...@athompso.net følgende: On 14-11-25 10:14 AM, Espen Johansen wrote: https://blog.pfsense.org 25. nov. 2014 17:11 skrev Adam Thompson athom

Re: [pfSense] Message could not be delivered

2015-01-26 Thread Espen Johansen
It's not from list. Sender is spoofed. -lsf 26. jan. 2015 10:28 skrev Geoff Jankowski geoff.jankow...@me.com: Am I the only person to receive this? It contains a .scr file which would not do anything to me but will to any gamers out there. I hope the lists address has not been compromised

Re: [pfSense] Visual seperators?

2015-02-10 Thread Espen Johansen
A seperator might make sense. But grouping and hiding rules is a bad idea based on my experience. A tree structure that is allways collapsed is annoying when you need overview of all rules. And defaulting to a expanded look will just act as a seperator. Imho interface tabs acts as grouping

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Espen Johansen
My bad. The IP can be in the same subnet as well as in a different subnet. As far as a true alias goes it is not implemented afaik. Try ifconfig in a shell and see if your aliases are listed as ips on the interface. If they where they would respond to ping and have a derived mac from the main

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Espen Johansen
the mac/arp timeout. And if so a reboot of pfsense and router/modem should clear that up quickly. If the modem is a true bridge then you might have to wait for the uplink router to update its arp table. I have had issues with that in the past. Brgds, Espen 9. mars 2015 12:24 skrev Espen Johansen pfse

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Espen Johansen
told you tho. If ifconfig shows multiple IPs it is a true alias. If not then they are something else. Brgds, Espen 9. mars 2015 12:51 skrev Brian Candler b.cand...@pobox.com: On 09/03/2015 11:24, Espen Johansen wrote: As far as a true alias goes it is not implemented afaik. Try ifconfig

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Espen Johansen
Actually you cant use proxy arp as it has a limit affecting you. Proxyarp IPs cant be in same subnet. Sorry. Carp is what you want/need. As for your issue with not reaching the firewall when WAN is down is probably something else. What you really want is a alias ip on the interface and pfsense

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-09 Thread Espen Johansen
9. mars 2015 11:52 skrev Brian Candler b.cand...@pobox.com: On 09/03/2015 10:47, Espen Johansen wrote: Actually you cant use proxy arp as it has a limit affecting you. Proxyarp IPs cant be in same subnet. Sorry. Are you sure? I have a pfsense box where it's working. For 2.2 I'm not sure

Re: [pfSense] Have you set up a system with no default route?

2015-03-10 Thread Espen Johansen
Are you going to load a full internet BGP routing table? Is that why you do not want a default? Remember that even if you have a default route any route that is more specific will take preference. I dont see the problem? And if you want to prevent any unknown IP destination being routed to your

Re: [pfSense] VIPs : CARP vs IP Alias

2015-03-08 Thread Espen Johansen
I beleive the key to this is proxy arp. Brgds, Espen 8. mars 2015 23:50 skrev Bryan D. pfse...@derman.com: While we're on the topic, I have a functioning v2.2 setup that uses a /29 set of static IPs: - 1 IP is the gateway address and 5 IPs are usable (quite common, I believe) - one of the

Re: [pfSense] PF 2.15 Release (AMD64) Gateway Monitoring with OSPF

2015-03-07 Thread Espen Johansen
to static route the path to the monitoring ip on your front routers so that each front router will allways send it out on the correct wan. Hth. Brgds, Espen 8. mars 2015 00:06 skrev Espen Johansen pfse...@gmail.com: Let ne see if i understand this correctly. You have 2 wans on your pfsense box. You

Re: [pfSense] msk or em Legacy?

2015-02-22 Thread Espen Johansen
Intel em is normally what I prefer. If its old or not does not matter that much. Just my 2 cents. 22. feb. 2015 00:17 skrev Joe Laffey j...@laffey.tv: Hi, Which would you favor the msk driver with some on board Marvel controllers (P6T Deluze) or the em driver with a Legacy 10.4 Intel card?

Re: [pfSense] best way to change WAN interface after migration

2015-04-11 Thread Espen Johansen
In the past I have edited a config backup and restored it. Maybe there are better ways, but find and replace in a editor does the trick :-) Brgds, Espen 11. apr. 2015 20:46 skrev Martin Fuchs mar...@fuchs-kiel.de: Hi ! Does anyone have any experience with changing WAN-interfaces ? We

Re: [pfSense] Using on Fiber

2015-06-05 Thread Espen Johansen
Any chance you have set something in the shaper that causes it? fre. 5. juni 2015, 17:43 skrev Ryan Coleman ryan.cole...@cwis.biz: On Jun 5, 2015, at 10:12 AM, Brennan H. McNenly bmcne...@singularisit.com wrote: And those of you with VMware experience… if I run the virtual firewall I

Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table

2015-06-03 Thread Espen Johansen
Don't double post please. Brgds, Espen 3. juni 2015 15:00 skrev Lukas Hubschmid lukas.hubsch...@pop.agri.ch: Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g.

Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table

2015-06-03 Thread Espen Johansen
Pfsense is based on openbsds PF (PacketFilter) and runs freebsd as base OS. That should give you enough to google how it works. Also remeber that this is opensource and everything is freely available. The source code tells you everything there is to know ;-) Good luck :-) ons. 3. juni 2015,

Re: [pfSense] reverse proxy situation

2015-05-31 Thread Espen Johansen
Exclude varnish its primarily made for frontend LB proxy. søn. 31. mai 2015, 15:32 skrev Adam Thompson athom...@athompso.net: Oh, shoot, that's a good point - I probably do need SNI support for SSL. I may be able to get a wildcard cert, but that will be an issue one way or another. Varnish

Re: [pfSense] reverse proxy situation

2015-05-31 Thread Espen Johansen
Actually. Are you looking for reverse proxy or a user proxy. I'm confused after reading your mail a few times. Brgds, Espen 31. mai 2015 15:35 skrev Espen Johansen pfse...@gmail.com: Exclude varnish its primarily made for frontend LB proxy. søn. 31. mai 2015, 15:32 skrev Adam Thompson athom

Re: [pfSense] Block Torrentz

2015-08-18 Thread Espen Johansen
Focus on layer 7. Most torrent clients use dynamic ports. And disable upnp as that will defeat the ports blocking as well. -lsf tir. 18. aug. 2015, 21.21 skrev A Mohan Rao mohanra...@gmail.com: Hello pfSense experts, I find out torrents ports like 6881-6889 etc. And create firewall block

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

2015-11-14 Thread Espen Johansen
VLANs ? VLAN is l2 not L3. I have no idea what you are trying to do with VLANs in the mix. Policy routing is easy and probably what you need. -lsf fre. 13. nov. 2015, 23.29 skrev David White : > I have a unique scenario: > > The higher ups require a multi-wan high

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-14 Thread Espen Johansen
Bsed on your need I think you should convert to l2tp. https://doc.pfsense.org/index.php/L2TP/IPsec -lsf lør. 14. nov. 2015, 03.22 skrev Vick Khera : > On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote: > > > > Setting up BIND 9 to manage a dynamic zone is not

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-11 Thread Espen Johansen
I think you have to set up a radius server and assign ip based on the user. That way they will be "static" and then add DNS entries to that static IP. My 2cents, -lsf ons. 11. nov. 2015, 15.47 skrev Marco : > Hello, > > we use pfSense since quite a while with success and are

Re: [pfSense] IPSec tunnel and routing on a CentOS 7 machine

2016-01-04 Thread Espen Johansen
er running: > systemctl stop firewalld; systemctl disable firewalld; systemctl enable > iptables; systemctl start iptables > > You can manage rules the old fashioned way by either editing > /etc/sysconfig/iptables or by running iptables directly and using > iptables-save > /etc/s

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-10 Thread Espen Johansen
Firewall disable = no state = asymmetric routing will not get return packets dropped. Are your servers multihomed? On Wed, Feb 10, 2016, 22:48 Romain Lapoux wrote: > I am not agree, because how do you explain that all works correctly when I > disable only the

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-07 Thread Espen Johansen
Sounds like it drops state, connection reset? Try to set optimization longer. -lsf On Sun, Feb 7, 2016, 18:20 Romain Lapoux wrote: > Hi, > > It's my first post here. > > Context: > - pfSense in HA (CARP) > - HAProxy used in pfSense for: > - SFTP: tcp,

Re: [pfSense] WLAN reboot loop

2016-02-24 Thread Espen Johansen
Do not bridge and do not use same subnet. If you want lan and wlan to talk add rules for the subnets to talk to each other. On Wed, Feb 24, 2016, 19:12 Sean Pohl wrote: > The problem is an endless boot-loop on my pfSense installation after I > made one > change to

Re: [pfSense] WLAN reboot loop

2016-02-24 Thread Espen Johansen
et it out of the endless > boot loop? Or will my path of least resistance be to simply do a fresh > install again? Many thanks. > On Feb 24, 2016 12:26, "Espen Johansen" <pfse...@gmail.com> wrote: > > > Do not bridge and do not use same subnet. If you want lan and w

Re: [pfSense] WLAN reboot loop

2016-02-24 Thread Espen Johansen
Reboots usually happen when irq is shared and/or memory. On Wed, Feb 24, 2016, 20:17 Espen Johansen <pfse...@gmail.com> wrote: > You might try to put the wlan card in another slot on the motherboard. > Also use bios to disable stuff like sound card, unused usb ports, Lpt, com

Re: [pfSense] WLAN reboot loop

2016-02-24 Thread Espen Johansen
You might try to put the wlan card in another slot on the motherboard. Also use bios to disable stuff like sound card, unused usb ports, Lpt, com ports etc. On Wed, Feb 24, 2016, 20:15 Espen Johansen <pfse...@gmail.com> wrote: > Remove the wlan card. Then remove config. It sounds like

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-26 Thread Espen Johansen
t over 12Mpps on this hardware (about 80% of line-rate on a 10g interface). Neither pfSense or FreeBSD (nor Linux) will do 1/10th of this rate. Jim On Thursday, January 26, 2017, Espen Johansen <pfse...@gmail.com> wrote: > It should autotune by default based on memory iirc. > > On

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-26 Thread Espen Johansen
Are you saying worst case is 80%? Its not normal to have all minimum size packets unless you are under ddos. Default ethernet is 1526 (1530 with vlan) with a MTU 1500 on a layer 1 frame. A layer 2 frame is 1518 (1522 with vlan). If you want to include all layer headers then 1542 including vlan is

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-25 Thread Espen Johansen
It should autotune by default based on memory iirc. On Wed, Jan 25, 2017, 23:27 Peder Rovelstad wrote: > FWiW - My nano (4 NICs, 1GB, Community), PuTTY says: > > kern.ipc.nmbufs: 131925 > kern.ipc.nmbclusters: 20612 > > but nothing explicitly set on the tunables page,

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-27 Thread Espen Johansen
gigabit/s if you are able yo push 1200 pps with that payload. Your statement of 80% is just confusing, that is all. On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@netgate.com> wrote: > On Thursday, January 26, 2017, Espen Johansen <pfse...@gmail.com> wrote: > > > Are you

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-27 Thread Espen Johansen
should > have no problem pushing 10GE. A MTU of 600 should give you about 53 > gigabit/s if you are able yo push 1200 pps with that payload. Your > statement of 80% is just confusing, that is all. > > On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@netgate.com> wrote: > >&g

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

2017-01-25 Thread Espen Johansen
Karl fife. Take a look at a config backup. I assume you at some point set them manually? On Wed, Jan 25, 2017, 21:42 Peder Rovelstad wrote: > There were changes in the defaults from FreeBSD 9 to 10. > > https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning > > Could

Re: [pfSense] Bridging to wireless interface issues (ping not working) on 2.3.2

2016-09-08 Thread Espen Johansen
Did you add a rule to allow ICMP on the wlan? -lsf On Thu, Sep 8, 2016, 15:58 Moshe Katz wrote: > Ray, > > Can you clarify which IP range is assigned where? > We can make an educated guess based on the information you provided, but > it's always better to have confirmation. >

Re: [pfSense] 3 hard locks this week... any ideas?

2016-09-08 Thread Espen Johansen
Compdoc: Your spinrite comments just show how dangerous some knowledge is without propper understanding. Spinrite does indeed force SSDs to "fix" themselves because it reads extensively (causes heat) and forces "half" working areas to be marked bad. Most SSDs has minor defects from day one. Just

Re: [pfSense] 2 networks Cards, but OPT1 not acess internet.

2016-09-23 Thread Espen Johansen
And you need to add a nat rule for the opt1 network as well. Either that or turn of nat on pfsense and add routes on your router to all networks behind your pfsense. -lsf On Fri, Sep 23, 2016, 21:48 Moshe Katz wrote: > You need to add a firewall rule on the OPT1 interface to

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-10 Thread Espen Johansen
They usually do. And with kernel updates you have to. On Mon, Oct 10, 2016, 19:20 Morten Christensen wrote: > You should consider to state clearly in such announcements, if the > upgrade includes a reboot of the box. > > > > Den 06-10-2016 21:29, skrev Jim Thompson: > > Details

Re: [pfSense] Lightning strike

2016-10-14 Thread Espen Johansen
Map interfaces based on mac and give them a name. Then adress the interfaces based on that name. When it comes to reorganization of interfaces the answer is; don't do it. Let the user remap interfaces manually only. If the user wants to drop their DMZ to get wan back online then it should be a

Re: [pfSense] massive CARP Failover

2017-06-07 Thread Espen Johansen
Are you sure you disabled IGMP completely? On Wed, Jun 7, 2017, 16:44 Mark Wiater wrote: > > > On 6/7/2017 10:10 AM, Daniel wrote: > > Hi, > > > > the Sync interface is connected directly without a Switch. > > But Carp is running WAN/LAB for example. > > Let's go back

Re: [pfSense] massive CARP Failover

2017-06-08 Thread Espen Johansen
7/Screenshot%202017-06-08%2011.19.07.png?dl=0 > > Yes i am sure ;) > > > -- > Grüsse > > Daniel > > Am 08.06.17, 01:12 schrieb "List im Auftrag von Espen Johansen" < > list-boun...@lists.pfsense.org im Auftrag von pfse...@gmail.com>: > > Are

Re: [pfSense] massive CARP Failover

2017-06-07 Thread Espen Johansen
I assume you did a pfsync (HA) interface on each firewall? If so did you connect this directly without going thru the switch? A direct connection is prefered for the sync interface. Also make sure that if you do direct connection then use a 6ft cable first to connect them. Some interfaces have