Re: [pfSense] NIC Failover

2011-09-11 Thread Jim Thompson
Most of the issues with STP are dealt with via 802.1w (rapid spanning tree) On Sep 11, 2011, at 9:15 AM, Joseph Hardeman wrote: Hey Everyone, So I can do the failover and yes all of the switches are managed. I did see where to setup the LAGG on the pfSense system. I have to deconfigure

Re: [pfSense] Wireless Issues

2011-09-24 Thread Jim Thompson
-- Jim On Sep 24, 2011, at 5:22 PM, Chris Brennan xa...@xaerolimit.net wrote: Configuring WIRELESS interface...wlan0: changing name to 'ath0_wlan0' -- what's this and why? I don't remember seeing this before... The version of FreeBSD under pfSense changed between 1.2.3 and 2.0. Did you

Re: [pfSense] Suggestions for embedded hardware

2011-12-27 Thread Jim Thompson
-- Jim On Dec 26, 2011, at 1:38 PM, Chris Buechler c...@pfsense.org wrote: On Mon, Dec 26, 2011 at 1:17 PM, Mike Montgomery m...@cityofscottsburg.com wrote: Hello all, I have been running pfsense at home on an old pc now for some time and loving it. I run several m0n0wall soekris devices

Re: [pfSense] pfSense as an 802.11 access point

2012-01-13 Thread Jim Thompson
On Jan 13, 2012, at 8:24 PM, mdh wrote: Hey folks, a few quick questions. 1 If I want to use pfSense as an 802.11g access point, does this work well? It works well-enough. It's not perfect, and there is no 802.11n support, currently. 2 Any specific suggestions on sub-$50 [USD] PCI or

Re: [pfSense] pfSense error, maybe hard drive?

2012-03-22 Thread Jim Thompson
On Mar 22, 2012, at 2:08, Dimitri Alexandris d.alexand...@gmail.com wrote: On Thu, Mar 22, 2012 at 01:39, Jim Thompson j...@netgate.com wrote: Hmm, No, close, but not really correct. *all* flash will eventually fail if you write to it enough. It's physics. I do not disagree

Re: [pfSense] pfSense error, maybe hard drive?

2012-03-22 Thread Jim Thompson
On Mar 22, 2012, at 10:15 AM, Adam Piasecki wrote: On 3/22/2012 9:52 AM, Jim Thompson wrote: Yes, and I discussed this, but better than this is wear-leveling, which works to avoid the issue, rather than reacting to failure. Combine this with some of the advanced error correction, and you

Re: [pfSense] Pfsense Ipad / Iphone - Android - Smartphone App

2012-04-23 Thread Jim Thompson
I've considered making this type of thing work with the Redpark serial cables. -- Jim On Apr 23, 2012, at 9:45, Robert Guerra rgue...@privaterra.org wrote: An ideal iOS app would be more a configuration and logging tool for pfSense, then one that provides VPN services. -- R.

Re: [pfSense] Low(ish) cost pfSense platforms

2012-06-25 Thread Jim Thompson
On Jun 25, 2012, at 6:45 PM, Diego Barrios s...@techsystem.com.br wrote: Hi Chris, I have the same problem here, need a low-power low-cost solution like the excelent Alix board, but with 4 or more 10/100 ports. After weeks of research I discovered that there is nothing like the Alix

Re: [pfSense] Encrypt Microwave Link?

2012-06-26 Thread Jim Thompson
On Jun 26, 2012, at 4:54 PM, David Burgess apt@gmail.com wrote: That said, it's good practice to keep the beam as narrow as is practical and reduce transmit power accordingly. This reduces the amount of noise you are spreading to the neighbours as well as the probability of others

Re: [pfSense] 2.1 timeline?

2012-06-28 Thread Jim Thompson
On Jun 28, 2012, at 6:36 PM, Nenhum_de_Nos math...@eternamente.info wrote: Jim, It will be based on what freebsd version? 8.3 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Turning UDP broadcast into a unicast on another interface

2012-10-02 Thread Jim Thompson
Without writing a small program? No, I can't think of a way. But it's not a big program, assuming you don't care about the packets on the opposite flow. -- Jim On Oct 2, 2012, at 5:24 PM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Hi list, is it possible to have pfSense act

Re: [pfSense] fast CF cards?

2012-11-06 Thread Jim Thompson
I've got a FIrewire 800-based CF gadget, and the SanDisk cards go very fast while running dd to program them with pfSense. The error, isn't, really. The CF reports its entire size, but has kept some sectors in reserve. freeBSD attempts to access these during boot, and the error results.

Re: [pfSense] fast CF cards?

2012-11-07 Thread Jim Thompson
On Nov 7, 2012, at 1:59 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On the other hand, Transcend cards are usually available for less than 10 GBP, which if you're ordering lots of them, is a consideration. We order a lot of CF (1,000 at a time), we don't buy Transcend or on price

Re: [pfSense] How to setup DHCP server so no default gateway specified

2012-11-16 Thread Jim Thompson
On Nov 16, 2012, at 3:04 AM, Will Wagner will_wag...@carallon.com wrote: I guess I'll just have to use something else as the dhcp server on that network. is DHCP relay an option? ___ List mailing list List@lists.pfsense.org

Re: [pfSense] 2.0.2 release now available

2012-12-21 Thread Jim Thompson
On Dec 21, 2012, at 5:52 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 21/12/12 11:31 pm, James Caldwell wrote: I'm always a little leary of the 'beta' term. Once you guys stamp it as a release quality build I'll move up to it no problem. If you want v6 support, you don't get a

Re: [pfSense] WRAP

2013-01-05 Thread Jim Thompson
On Jan 5, 2013, at 11:16 AM, David Burgess apt@gmail.com wrote: On 2013-01-05 4:59 AM, Eugen Leitl eu...@leitl.org wrote: With the speed of courrent connections (100+ MBit/s) lulz. You noticed Hugo is in Canada, eh? To be fair, we can get up to 250 Mbps in a few urban centres,

Re: [pfSense] mPCIe Recommendations?

2013-02-11 Thread Jim Thompson
Tim, I'm about to attempt the same thing. Will keep you updated. Jim On Feb 11, 2013, at 3:26 PM, Tim Nelson tnel...@rockbochs.com wrote: Greetings- I've just (unsuccessfully) tried setting up an Atheros AR5280 based mPCIe card for use with pfSense 2.0.2. The results were not

Re: [pfSense] Microsoft Outlook Blocked

2013-03-17 Thread Jim Thompson
iPhone, iPad and thunderbird may be configured differently than outlook, especially if exchange is involved (or the problem is really with authentication.) See: http://support.microsoft.com/kb/176466 -- Jim On Mar 17, 2013, at 12:06 PM, Gerald Waugh gwa...@frontstreetnetworks.com wrote:

Re: [pfSense] Microsoft Outlook Blocked

2013-03-17 Thread Jim Thompson
Try hitting Testexchangeconnectivity.com (it's a Microsoft service) or running the Test-OutlookConnectivity tasklet and send the report. But what you have above (below) shows that you're not reaching a POP(3) server at the given IP address. Any chance you're talking to a different DNS server

Re: [pfSense] Open Source WAN Optimization

2013-04-12 Thread Jim Thompson
On Apr 12, 2013, at 12:42 PM, Warren Baker war...@decoy.co.za wrote: On Fri, Apr 12, 2013 at 4:50 PM, James Caldwell jamescaldw...@hurricanecs.com wrote: Has anyone had any kind of success running an open source or commercial alternative to riverbed for WAN optimization? It would be

Re: [pfSense] Open Source WAN Optimization

2013-04-12 Thread Jim Thompson
[mailto:list-boun...@lists.pfsense.org] On Behalf Of Jim Thompson Sent: April-12-13 1:32 PM To: pfSense support and discussion Cc: pfSense support and discussion Subject: Re: [pfSense] Open Source WAN Optimization On Apr 12, 2013, at 12:42 PM, Warren Baker war...@decoy.co.za wrote

Re: [pfSense] Best practice for SSD installs

2013-06-07 Thread Jim Thompson
On Jun 7, 2013, at 7:06 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: Thanks for the response. On 8/6/13 12:54 am, Jim Thompson wrote: Difficulty? Is this some kind of Brit understatement? Impossible is a more accurate description of the situation. :-) I've seen other AMD

Re: [pfSense] Best practice for SSD installs

2013-06-09 Thread Jim Thompson
On Jun 8, 2013, at 2:24 PM, Michael Schuh michael.sc...@gmail.com wrote: i wouldn't only rely on the manufacturer but on the chip type; just saying If by 'chip' you mean 'controller', I agree. If by 'chip' you mean the actual flash (memory), then… you're likely mistaken. Intel and

Re: [pfSense] Best practice for SSD installs

2013-06-09 Thread Jim Thompson
On Jun 9, 2013, at 3:44 PM, Michael Schuh michael.sc...@gmail.com wrote: 2013/6/9 Jim Thompson j...@smallworks.com On Jun 8, 2013, at 2:24 PM, Michael Schuh michael.sc...@gmail.com wrote: Intel actually sells MLC instead of SLC ( iirc they had a series with SLC

Re: [pfSense] IPv6 HE.net tunnel - MTU problem confirmed

2013-08-15 Thread Jim Thompson
On Aug 15, 2013, at 12:13 PM, Adam Hunt voxa...@gmail.com wrote: Thanks for confirming this. I'm glad that I'm not the only one and/or I'm not completely inept. I'll sit down later today and play with the various MTU settings (WAN, HEv6 tunnel, and the setting on the advanced tab of Tunnel

Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

2013-09-05 Thread Jim Thompson
On Sep 5, 2013, at 7:57 AM, Jim Pingle li...@pingle.org wrote: But it doesn't matter if the vendors issue a patch, people actually have to install the update to fix it, and odds are high that typical end users have no idea that is even possible or something they have to do. This speaks to a

Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

2013-09-05 Thread Jim Thompson
Read ‘em and weep: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0 My take is that most places don’t enable PFS (because it’s “hard”) in IPSec. In theory, Transport Layer Security (TLS) can choose appropriate ciphers since SSLv3, but in everyday practice

Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

2013-09-05 Thread Jim Thompson
On Sep 5, 2013, at 12:08 PM, Mark Tinka mark.ti...@seacom.mu wrote: On Thursday, September 05, 2013 04:55:31 PM Jim Pingle wrote: I'm not opposed to auto-update if it's done securely and opt-in. Especially if you can schedule the time it takes place (e.g. specific day, specific time

Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

2013-09-05 Thread Jim Thompson
On Sep 5, 2013, at 6:49 PM, Bob Gustafson bob...@rcn.com wrote: The new Apple operating system = Mavericks or iOS 7 will have an autoupdate feature. Which can be disabled. ___ List mailing list List@lists.pfsense.org

Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

2013-09-07 Thread Jim Thompson
(getting back to the actual subject…) The actual documents are worthy of a look. For example, at http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=uspagewanted=all (Goal for CY2013): Complete enabling for [redacted] encryption chips

Re: [pfSense] PBI packaging: BGPd vs OSPFd

2013-09-15 Thread Jim Thompson
On Sep 15, 2013, at 11:50 AM, Adam Thompson athom...@athompso.net wrote: Is BGPd in Quagga likely to be a huge PITA? If not, I'll probably take a stab at integrating it into the GUI. If I can figure out how to build packages, anyway. (I'd prefer OpenOSPFd instead of Quagga, but that

Re: [pfSense] PBI packaging: BGPd vs OSPFd

2013-09-15 Thread Jim Thompson
On Sep 15, 2013, at 12:30 PM, Jim Pingle li...@pingle.org wrote: On 9/15/2013 1:17 PM, Adam Thompson wrote: If we mix Quagga and BIRD, don't we wind up with fragmentation problems very similar to what we have now? No because as far as I can see BIRD's binaries are bird, birdc, and

Re: [pfSense] 2.1 on WRAP

2013-09-20 Thread Jim Thompson
On Sep 20, 2013, at 6:45 AM, Odette Nsaka odette.ns...@libero.it wrote: Does somebody know other reliable and cheap embedded platforms running pfSense with no problem? http://store.netgate.com/Netgate-FW-525B-P1919C83.aspx ___ List mailing list

Re: [pfSense] 2.1 on WRAP

2013-09-20 Thread Jim Thompson
On Sep 20, 2013, at 9:09 AM, Bill Arlofski waa-pfse...@revpol.com wrote: To be clear, when I said non-ALIX, I meant to say Netgate FW-7535H with 2GB (maybe 4GB, not sure right now) RAM. If you put 4GB in it, you're a magician. ___ List mailing

Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption

2013-09-30 Thread Jim Thompson
Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want to complain that Netgate couldn’t… what, exactly? There are thousands of FW-75xx systems in the world, happily running pfSense.

Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption

2013-09-30 Thread Jim Thompson
that. You do not need to point that out. Yudhvir On Mon, Sep 30, 2013 at 8:23 AM, Jim Thompson j...@netgate.com wrote: Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
(TIC mode: on) I think it’s obvious that: - ESF is a front for the NSA - the acquisition which closed last year was really just about gaining control of a critical component of Internet infrastructure. - the delays getting 2.1 out the door were exclusively about getting some last-minute

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
prior threads about FreeBSD security. Walter On Wed, Oct 9, 2013 at 9:10 AM, Thinker Rix thinke...@rocketmail.com wrote: On 2013-10-09 19:03, Jim Thompson wrote: (TIC mode: on) Sorry, but I guess the whole matter - not only concerning pfSense, but the current threat to our

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 6:38 PM, Thinker Rix thinke...@rocketmail.com wrote: My main question was not if the code includes bad things, but if the company behind pfSense has been approached (yet) by authorities to comply with their Orwellian global police state phantasy. already answered.

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 6:46 PM, David Burgess apt@gmail.com wrote: On Wed, Oct 9, 2013 at 10:38 AM, Jim Thompson j...@netgate.com wrote: So asking the question is stupid(*), because a lie is indistinguishable from the truth. I disagree on that point. Even if one is sure to get

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 6:56 PM, Eugen Leitl eu...@leitl.org wrote: On Wed, Oct 09, 2013 at 06:50:53PM +0200, Jim Thompson wrote: IMO, this bullshit thread only serves to assist those asking the question in stroking their own ego. Sorry, this is not BS. The situation has changed, and we have

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 7:03 PM, Thinker Rix thinke...@rocketmail.com wrote: Hello Jim! Thank you for your answer. On 2013-10-09 19:38, Jim Thompson wrote: No, the NSA hasn’t approached us about pfSense, or adding a “back door”, or anything similar. Nor has anyone else. Do you work

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 7:13 PM, Thinker Rix thinke...@rocketmail.com wrote: Hello Jim! On 2013-10-09 19:50, Jim Thompson wrote: IMO, this bullshit thread only serves to assist those asking the question in stroking their own ego. This is already the second time that you insult me indirectly

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 7:36 PM, Thinker Rix thinke...@rocketmail.com wrote: On 2013-10-09 20:04, Walter Parker wrote: About that made in the USA thing, the NSA has deals with overseas companies as well... Plus, the GCHQ and several other foreign spy agency's have done similar things, so if

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jim Thompson
On Oct 9, 2013, at 7:41 PM, Thinker Rix thinke...@rocketmail.com wrote: We all know that the governments currently force on a daily base one company after the other to comply to their New World Order-Orwellian-global-surveillance phantasies and make them compromise their software or

Re: [pfSense] Can pfSense be considered trusted? What implementations of VPNs can now be trusted?

2013-10-10 Thread Jim Thompson
On Oct 10, 2013, at 4:34 PM, Yehuda Katz yeh...@ymkatz.net wrote: Since we keep coming back to FreeBSD as it pertains to security: 3) FreeBSD is very mature, and very well reviewed. I've looked into FreeBSD to my personal satisfaction. OpenBSD may be abrasive as a community at times,

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-10 Thread Jim Thompson
On Oct 10, 2013, at 5:42 PM, Paul Mather p...@gromit.dlib.vt.edu wrote: I first started using mailing lists back in the mid/late 1980s, You’re not the only one. :-) I too was entertained by the n00b trying to tell grandpa how to use email. Jim

Re: [pfSense] pfSense 2.1: which FreeBSD version?

2013-10-10 Thread Jim Thompson
On Oct 10, 2013, at 6:25 PM, Jim Pingle li...@pingle.org wrote: You shouldn't need the -archive bits since 8.3 is still a supported release. Until next April, anyway. ___ List mailing list List@lists.pfsense.org

Re: [pfSense] Can pfSense be considered trusted? What implementations of VPNs can now be trusted?

2013-10-10 Thread Jim Thompson
On Oct 10, 2013, at 4:49 PM, Giles Coochey gi...@coochey.net wrote: On 10/10/2013 15:04, Chris Bagnall wrote: What made you change from AES to Blowfish, and is there any evidence to suggest that Blowfish is more 'secure' than AES? My understanding is that AES was championed by an agency

Re: [pfSense] naive suggestion: conform to US laws

2013-10-12 Thread Jim Thompson
out of my way to inhibit those who wish to fork. However, in any case, such a community would be prohibited from naming the result “pfSense”. But since 33% of the ESF - namely Jim Thompson You greatly inflate my ownership interest here. - prefers bullying, insulting, frightening and muzzling

Re: [pfSense] Upgrade Guide: Needs update for Auto Update

2013-10-12 Thread Jim Thompson
On Oct 12, 2013, at 3:33 PM, Thinker Rix thinke...@rocketmail.com wrote: Hello all, I just performed an upgrade to 2.1 via the Auto update feature in the web UI, which worked flawlessly. When studying the Upgrade Guide (https://doc.pfsense.org/index.php/Upgrade_Guide) prior the

Re: [pfSense] naive suggestion: conform to US laws

2013-10-12 Thread Jim Thompson
On Oct 12, 2013, at 1:35 PM, Chris L c...@viptalk.net wrote: On 2013-10-12 01:40, Jim Thompson wrote: I'm not willing to endure this uninformed Alex Jonesian crapfest. Nice position to take, except Alex Jones was right. Sigh. As much as this doesn’t belong on the pfsense list… I

[pfSense] not all backdoors are NSA backdoors

2013-10-13 Thread Jim Thompson
It occurs to me that being more ‘conversational’ with the community might be a good thing. Describing what is happening with pfSense, and why, and engaging the pfsense community in the process could be a good thing. My first attempt is included herein. But first, on the tail of the recent

Re: [pfSense] naive suggestion: conform to US laws

2013-10-15 Thread Jim Thompson
On Oct 15, 2013, at 8:53 AM, Alex DiMarco a...@cs.toronto.edu wrote: On Tue, Oct 15, 2013 at 8:20 AM, Robert Skinner rob...@robertskinner.com wrote: You would have hated the 90s then. Interesting time that was, no particular hate though for that period.. Now the 80's on the other hand

Re: [pfSense] Hardware requirements for gigabit wirespead

2013-10-24 Thread Jim Thompson
On Oct 24, 2013, at 12:02 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 24/10/13 5:30 pm, Thinker Rix wrote: I want to have: - full Gigabit wire speed between the DMZ and the LAN zone (i.e. 2x Gigabit at max) Would have thought you'd be fine here. - full 450Mbps between the

Re: [pfSense] Hardware requirements for gigabit wirespead

2013-10-24 Thread Jim Thompson
The topic has wandered away from pfSense. -- Jim On Oct 24, 2013, at 18:48, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 24/10/13 7:31 pm, Adam Thompson wrote: If I upgraded to a better-quality unit, or switched to licensed spectrum, I could probably eliminate the variability and

Re: [pfSense] Disk Read failure (but it seems to work anyway)

2013-10-28 Thread Jim Thompson
https://doc.pfsense.org/index.php/DMA_and_LBA_Errors On Mon, Oct 28, 2013 at 12:18 PM, Bob Gustafson bob...@rcn.com wrote: I installed 2.1 on a SanDisk 4GB Ultra (200x) for use on an Alix board. I configured the ethernet ports using the serial connection and then left the connection and

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-06 Thread Jim Thompson
On Nov 6, 2013, at 7:22, Vick Khera vi...@khera.org wrote: pfSense lists the AES-NI as a supported option for crypto acceleration. pfSense will use it for OpenVPN and IPsec if you tell it to. There's a config setting for it. I'm not aware if any performance testing for AES-NI on

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-06 Thread Jim Thompson
On Nov 6, 2013, at 8:06 AM, Thinker Rix thinke...@rocketmail.com wrote: On 2013-11-06 15:29, Jim Thompson wrote: On Nov 6, 2013, at 7:22, Vick Khera vi...@khera.org wrote: pfSense lists the AES-NI as a supported option for crypto acceleration. pfSense will use it for OpenVPN and IPsec

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-06 Thread Jim Thompson
The issue may not be that easy to fix. Current theory is that it's is a structural issue in cryptdev. -- Jim On Nov 6, 2013, at 20:59, Chris Buechler c...@pfsense.org wrote: I have done some brief testing of AES-NI a few months back, though I can't seem to find the results at the moment

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-06 Thread Jim Thompson
The Xeon CPUs are almost idle. The old Intel 32-bit Pentium 4 2.4GHz dual core server, however is the other end of that IPSEC tunnel. It's unlikely to be as idle as the Xeon. -- Jim On Nov 6, 2013, at 8:04, Thinker Rix thinke...@rocketmail.com wrote: On 2013-11-06 15:22, Vick Khera

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-11 Thread Jim Thompson
I was at the FreeBSD Vendor Summit last week, and raised the AES-NI issue as important to be solved in the next six months. The issue and fix are understood, it just needs someone to implement it (and then, presumably, backport it to 8.3, so we can release an update to 2.1 (2.1.1 or similar).

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-11 Thread Jim Thompson
with the relevant skill were open to a bounty for implementing the necessary fixes? On Mon, Nov 11, 2013 at 1:36 PM, Jim Thompson j...@netgate.com wrote: I was at the FreeBSD Vendor Summit last week, and raised the AES-NI issue as important to be solved in the next six months. The issue and fix

Re: [pfSense] Compile on Sun v215

2013-12-09 Thread Jim Thompson
Unlikely. -- Jim On Dec 9, 2013, at 4:07, Denny Fuchs linuxm...@4lin.net wrote: hi, I want to use old two of Sun Fire SPARC v215 for pfsense. FreeBSD 8/98 runs without any problems, so the only question is, if it does make sense to compile pfsense on that hosts. Ram: 12GB # cat

Re: [pfSense] IPSec problem with mobile IOS and Android

2014-01-04 Thread Jim Thompson
you lost me at “port forwarding”. Making NAT work for IPSEC (passthrough) can be … quite challenging. Hopefully you’re attempting to terminate IPSEC on the pfSense box, and the ISP router is configured to: IP Protocol ID 50: For both inbound and outbound filters. Should be set to allow

Re: [pfSense] Apple Messages Blocked

2014-01-15 Thread Jim Thompson
Turning on UPNP might make things better. It just works for me, too. -- Jim On Jan 15, 2014, at 10:00, Vick Khera vi...@khera.org wrote: On Tue, Jan 14, 2014 at 3:01 PM, Paul Galati paulgal...@gmail.com wrote: I have tried searching the forums for find a fix to allow Apple Messages app

Re: [pfSense] January Project News

2014-01-21 Thread Jim Thompson
It still needs attention in the editing and formatting departments, but all the tech is there, yes. -- Jim On Jan 21, 2014, at 5:00, Michał Karas m.ka...@hafis.pl wrote: Hi, than you for your reply. Is the electronically available version already finished. Does it cover all features of

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-11 Thread Jim Thompson
Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim On Feb 11, 2014, at 7:25, Eugen Leitl eu...@leitl.org wrote: http://rtfm.net/FreeBSD/ERL/ FreeBSD 10.0 on Ubiquiti EdgeRouter Lite The Ubiquiti

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 9:05 AM, David Burgess apt@gmail.com wrote: On Feb 11, 2014 5:55 AM, Jim Thompson j...@netgate.com wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim That's great

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
The reality is “when it’s done”. I’m hoping for “mid-May”. On Feb 12, 2014, at 9:28 AM, Brian Caouette bri...@dlois.com wrote: What is the time frame for 2.2? On 2/11/2014 7:55 AM, Jim Thompson wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 9:41 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 08:05:17AM -0700, David Burgess wrote: That's great news. Does anybody care to speculate whether FreeBSD will be able to take advantage of the packet forwarding acceleration of this hardware at some

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 9:55 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 09:44:46AM -0600, Jim Thompson wrote: On Feb 12, 2014, at 9:41 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Feb 12, 2014 at 08:05:17AM -0700, David Burgess wrote: That's great news. Does anybody

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread Jim Thompson
On Feb 12, 2014, at 12:16 PM, Brian Caouette bri...@dlois.com wrote: Sounds good. Is there a planned feature list we can look forward too? On 2/12/2014 10:43 AM, Jim Thompson wrote: The reality is “when it’s done”. I’m hoping for “mid-May”. On Feb 12, 2014, at 9:28 AM, Brian

Re: [pfSense] Netgate's customized pfSense release

2014-02-13 Thread Jim Thompson
On Feb 13, 2014, at 12:10 PM, Chris Buechler c...@pfsense.org wrote: On Thursday, February 13, 2014, Andrew Hull l...@coffeebreath.org wrote: Hi List, Having purchased several pfSense devices assembled by Netgate (m1n1wall and FW-7541), I've noticed that the pfSense pre-install image was

Re: [pfSense] Netgate's customized pfSense release

2014-02-13 Thread Jim Thompson
and tunings to make all NICs work and work good (props to ESF staff who assisted). Quick history: BSD Perimeter moved from Kentucky (in 2012) to Texas and reinstated as ESF. Jim Thompson from Netgate (also Texas) got involved with ESF, he is actually active in both companies. In mid-2012, Chris

Re: [pfSense] Netgate's customized pfSense release

2014-02-14 Thread Jim Thompson
On Feb 14, 2014, at 5:15 AM, Jostein Elvaker Haande jehaa...@gmail.com wrote: On 14 February 2014 11:54, Brian Candler b.cand...@pobox.com wrote: On 13/02/2014 19:43, Jostein Elvaker Haande wrote: The thing that brand names as Netgear now sells out of the box [..] I welcome Netgear to

Re: [pfSense] pfsync state full resync

2014-02-17 Thread Jim Thompson
See your link http://www.openbsd.org/faq/pf/carp.html It's all in there. -- Jim On Feb 16, 2014, at 12:03, rajan agarwal rajanagarwa...@gmail.com wrote: I was about to post the same question. Thanks Brian, been facing a problem with this in my 2 pfsense setup. On Sun, Feb 16, 2014

Re: [pfSense] Wifi/WAN issues

2014-03-06 Thread Jim Thompson
On Mar 6, 2014, at 5:26, Jeremy Bennett jbenn...@hikitechnology.com wrote: What am I doing wrong? You're running a more modern card than supported in pfSense 2.1, which is based on FreeBSD 8.3. Perhaps 2.2 will fix the issue. Jim ___ List

Re: [pfSense] Wifi/WAN issues

2014-03-06 Thread Jim Thompson
On Mar 6, 2014, at 12:51 PM, Jeremy Bennett jbenn...@hikitechnology.com wrote: I spoke to the good folks at Netgate, and they assured me that the card was indeed compatible with 2.1. From what I've seen, they've always been very responsible with the products they sell and they were very

Re: [pfSense] (no subject)

2014-03-19 Thread Jim Thompson
Chris had to rebuild lists.pfsense.org, as one of the databases became corrupted. You might have gotten added in that process. On Mar 19, 2014, at 1:54 PM, Doug Barton do...@dougbarton.us wrote: Actually I'm sort of curious as to how I got on the list in the first place. I certainly did

Re: [pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs

2014-03-24 Thread Jim Thompson
What's your time worth? -- Jim On Mar 24, 2014, at 9:03, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 24.03.2014 14:18, schrieb Chris Bagnall: However, the new tenant found that performance was erratic - certain websites loaded instantly, but others wouldn't load at all. This

Re: [pfSense] successor to ALIX is here

2014-04-02 Thread Jim Thompson
On Apr 2, 2014, at 3:17 PM, Thinker Rix thinke...@rocketmail.com wrote: On 2014-04-02 17:35, Eugen Leitl wrote: Apu.1c http://www.heise.de/newsticker/meldung/Embeddded-Mainboard-mit-x86-CPU-und-Coreboot-2160404.html http://www.pcengines.ch/apu1c.htm in stock, €105.13 Unfortunately

Re: [pfSense] successor to ALIX is here

2014-04-02 Thread Jim Thompson
On Apr 2, 2014, at 3:24 PM, Ryan Coleman ryanjc...@me.com wrote: Wouldn’t a layer-3 switch be a good investment in this situation? Put the load on another device instead of, what is for all intents and (definitely) purpose a thin, light-weight piece of hardware? It doesn’t even need to be

Re: [pfSense] successor to ALIX is here

2014-04-02 Thread Jim Thompson
On Apr 2, 2014, at 5:01 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 2/4/14 9:17 pm, Thinker Rix wrote: Unfortunately again only 3 NICs... and Realteks with bad performance. I would love to see such a board one day with at least 4-8 NICs. On that subject, we've recently been

Re: [pfSense] New intel atom board

2014-04-05 Thread Jim Thompson
On Apr 5, 2014, at 12:48 PM, Ugo Bellavance u...@lubik.ca wrote: http://techcrunch.com/2014/04/03/intel-releases-99-minnowboard-max-an-open-source-single-board-computer/?utm_campaign=fbncid=fb An interesting platform for pfSense? It looks like it only has 1 NIC though. I looked at this

Re: [pfSense] 2.1 can't auto-update anymore?

2014-04-05 Thread Jim Thompson
Kevin, Glad you like the update. You won’t get ‘mutlicore’ PF until pfSense 2.2 (which is based on FreeBSD 10). Snapshots are available now. Rangely hardware, you say? http://store.netgate.com/Firewall/C2758.aspx Also available “real soon now at the pfSense store. We believe in the C2000,

Re: [pfSense] New intel atom board

2014-04-05 Thread Jim Thompson
On Apr 5, 2014, at 5:06 PM, Adam Thompson athom...@athompso.net wrote: On 14-04-05 02:02 PM, Jim Thompson wrote: http://techcrunch.com/2014/04/03/intel-releases-99-minnowboard-max-an-open-source-single-board-computer/?utm_campaign=fbncid=fb An interesting platform for pfSense? It looks like

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-08 Thread Jim Thompson
Well, that’s the point, Paul. (You hit the nail on the head.) If you don’t have an openssl service exposed, the problem doesn’t affect you. Since normally the web GUI isn’t exposed to the WAN, the attack surface is minimized. We are working at cutting a new release. Jim On Apr 8, 2014, at

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-08 Thread Jim Thompson
On Apr 8, 2014, at 12:34 PM, Paul Heinlein heinl...@madboa.com wrote: On Tue, 8 Apr 2014, b...@todoo.biz wrote: This might not be enough as there are two versions of openssl installed… One in /usr/bin/openssl and one in /usr/local/bin/openssl Both should be ok. Not on 2.1:

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-08 Thread Jim Thompson
On Apr 8, 2014, at 3:39 PM, Rainer Duffner rai...@ultra-secure.de wrote: Am 08.04.2014 um 21:04 schrieb Jim Thompson j...@smallworks.com: Well, that’s the point, Paul. (You hit the nail on the head.) If you don’t have an openssl service exposed, the problem doesn’t affect you

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-09 Thread Jim Thompson
snapshots. -- Jim On Apr 8, 2014, at 21:05, Paul Mather p...@gromit.dlib.vt.edu wrote: On Apr 8, 2014, at 9:35 PM, Paul Mather p...@gromit.dlib.vt.edu wrote: On Apr 8, 2014, at 3:04 PM, Jim Thompson j...@smallworks.com wrote: Well, that’s the point, Paul. (You hit the nail on the head

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-09 Thread Jim Thompson
2.1.2 wasn’t “UP”. Chris cut a version of something he called “2.1.2” that he indicated *might* become 2.1.2, but it was incomplete. So I asked him to pull it back down. Jim On Apr 9, 2014, at 4:59 PM, Ryan Coleman ryanjc...@me.com wrote: There was a post to the list at 0400 central US today

Re: [pfSense] 2.1.2-RELEASE up for testing

2014-04-10 Thread Jim Thompson
The final testing (testing updates against the real update servers, which can’t be effectively simulated) is happening now. jim On Apr 10, 2014, at 12:50 PM, k_o_l k_...@hotmail.com wrote: Any update to when the fix will be released?! -Original Message- From: List

[pfSense] pfSense 2.1.2 is released

2014-04-10 Thread Jim Thompson
https://blog.pfsense.org/?p=1253 pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1, and is primarily a security release. The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by

Re: [pfSense] pfSense 2.1.2 is released

2014-04-10 Thread Jim Thompson
On Apr 10, 2014, at 4:10 PM, Volker Kuhlmann hid...@paradise.net.nz wrote: On Fri 11 Apr 2014 07:23:52 NZST +1200, Jim Thompson wrote: pfSense release 2.1.2 is now available. Thank you for all the quick work! May I ask though why this isn't simultaneously posted on pfsense-announce

Re: [pfSense] pfSense 2.1.2 is released

2014-04-10 Thread Jim Thompson
On Apr 10, 2014, at 4:25 PM, Dimitri Rodis dimit...@integritasystems.com wrote: Can we also get information as to which versions of pfSense are affected aside from 2.1.1? Or is 2.1.1 the only affected version? https://pfsense.org/security/advisories/pfSense-SA-14_04.openssl.asc

Re: [pfSense] pfSense 2.1.2 is released

2014-04-12 Thread Jim Thompson
They're built; we're waiting on Amazon. -- Jim On Apr 11, 2014, at 22:41, linbloke linbl...@fastmail.fm wrote: On 11/04/2014 5:23 am, Jim Thompson wrote: https://blog.pfsense.org/?p=1253 pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less than a week after

Re: [pfSense] pfSense 2.1.2 is released

2014-04-12 Thread Jim Thompson
On Apr 12, 2014, at 18:55, Volker Kuhlmann hid...@paradise.net.nz wrote: On Fri 11 Apr 2014 18:43:18 NZST +1200, Ryan Coleman wrote: He gave you an option to subscribe to the list. You seem to have missed the point I was making: critical security fixes (the 2.1.2 release in this case,

Re: [pfSense] pfSense 2.1.2 is released

2014-04-16 Thread Jim Thompson
On Apr 16, 2014, at 4:34 PM, Brian Candler b.cand...@pobox.com wrote: On 15/04/2014 20:12, Jim Thompson wrote: We dropped the price, too. -- Jim Which price are you referring to? On the EC2 instance(s). I see that a support subscription is now $200 for 2 hours plus $200 per extra hour

Re: [pfSense] Interface options for pfsense

2014-04-22 Thread Jim Thompson
On Apr 22, 2014, at 10:39, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: In fact, I'd be petty disappointed, too, if a newer pfSense release stopped working on my hardware and it the whole issue appeared out of the blue (== no hwe driver no longer supported or similar notice in the

  1   2   3   >