Re: [pfSense] ssh public key in user manager (pfSense 2.0.1)

2012-01-13 Thread Paul Mather
On Jan 13, 2012, at 9:58 AM, newsgroups.ma...@stefanbaur.de wrote: Hi List, is there any particular reason why the user manager only accepts ssh-rsa keys instead of both ssh-rsa and ssh-dss? I pasted a ssh-dss key into the Authorized Keys area for a user in the User Manager and it works

Re: [pfSense] Recommended DynDns Service for PFsense

2012-04-04 Thread Paul Mather
On Apr 4, 2012, at 10:25 AM, David Miller wrote: Dyn.com's free service has been working well for me for years. -- David On Wed, Apr 4, 2012 at 9:16 AM, Gavin Will gavin.w...@exterity.com wrote: Hi there, Can people please give me their experience / recommendations with regards to a

[pfSense] Non-default Frequency Probe value in gateway definition apparently wreaks havoc

2012-08-09 Thread Paul Mather
I am running pfSense 2.0.1-RELEASE (i386). To cut a long story short, recently I changed the Frequency Probe setting under the Advanced section of System: Gateways: Edit gateway and subsequently had all kinds of trouble as a result. The main observed annoying phenomenon was that remote SSH

Re: [pfSense] Cisco IPSEC configuration

2012-09-14 Thread Paul Mather
On Sep 14, 2012, at 11:27 AM, Ian Bowers wrote: Whoever hosts the instructions. they open themselves up for cease and desist letters and potentially litigation. Not trying to be a wet blanket, just saying... in the open source community we have to be careful and respectful of

[pfSense] Problem with IPsec in 2.0.2

2013-02-15 Thread Paul Mather
I have a problem with an IPsec VPN setup in pfSense 2.0.2 that I wonder if anyone can help me solve. I am trying to set up a pfSense IPsec VPN for mobile clients. The clients will be using the built-in Cisco IPSec client in Mac OS X 10.7 and 10.8 to connect. I have assigned the Virtual

[pfSense] Question about pfSense Mobile IPsec on 2.0 document

2013-02-27 Thread Paul Mather
I have been bashing my head against a wall trying to get Mobile IPSec (Mutual PSK + Xauth) working on pfSense 2.0.2. As I've reported previously here, I can only get traffic to flow in both directions if I set NAT Traversal to Force instead of Enable in the Phase 1 tunnel definition.

Re: [pfSense] timezone problem

2013-04-17 Thread Paul Mather
On Apr 17, 2013, at 10:18 AM, Moshe Katz mo...@ymkatz.net wrote: On Wed, Apr 17, 2013 at 8:39 AM, Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com wrote: On Wed, 17 Apr 2013, Moshe Katz wrote: Did you reboot the machine after you changed the time zone? As I understand it,

[pfSense] Frequent bge0: watchdog timeout -- resetting problems

2013-05-13 Thread Paul Mather
I'm running pfSense 2.0.3-RELEASE (i386) on a Dell 2650 rack-mount server. I'm using the built-in Broadcom gigabit ethernet NICs for WAN and LAN: bge0: Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x000105 mem 0xfca1-0xfca1 irq 28 at device 6.0 on pci4 miibus0: MII bus on

Re: [pfSense] Frequent bge0: watchdog timeout -- resetting problems

2013-05-13 Thread Paul Mather
On May 13, 2013, at 10:40 AM, Giles Coochey gi...@coochey.net wrote: On 13/05/2013 15:07, Paul Mather wrote: bge0: watchdog timeout -- resetting bge0: link state changed to DOWN bge0: link state changed to UP bge0: watchdog timeout -- resetting bge0: link state changed to DOWN bge0: link

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-10 Thread Paul Mather
On Oct 10, 2013, at 9:08 AM, Giles Coochey gi...@coochey.net wrote: On 10/10/2013 13:55, Ian Bowers wrote: On Thu, Oct 10, 2013 at 8:17 AM, Alexandre Paradis alexandre.para...@gmail.com wrote: indeed, i vote to continue. Because you don't mind being overlooked by NSA doesn't mean everybody

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-10 Thread Paul Mather
On Oct 10, 2013, at 10:13 AM, Thinker Rix thinke...@rocketmail.com wrote: On 2013-10-10 16:52, Paul Mather wrote: On Oct 10, 2013, at 9:08 AM, Giles Coochey gi...@coochey.net wrote: *BLINK!* Incredible the way I am seeing the reaction to the initial question, and trying to query

Re: [pfSense] naive suggestion: conform to US laws

2013-10-12 Thread Paul Mather
On Oct 12, 2013, at 11:23 AM, Oliver Hansen oliver.han...@gmail.com wrote: On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix thinke...@rocketmail.com wrote: On 2013-10-09 19:38, Jim Thompson wrote: So asking the question is stupid On 2013-10-09 19:50, Jim Thompson wrote: IMO, this bullshit

Re: [pfSense] AES-NI support of the CPU: Does it make sense for VPN with pfSense?

2013-11-06 Thread Paul Mather
On Nov 6, 2013, at 1:43 PM, Jim Thompson j...@netgate.com wrote: On Nov 6, 2013, at 8:06 AM, Thinker Rix thinke...@rocketmail.com wrote: On 2013-11-06 15:29, Jim Thompson wrote: On Nov 6, 2013, at 7:22, Vick Khera vi...@khera.org wrote: pfSense lists the AES-NI as a supported option for

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-08 Thread Paul Mather
On Apr 8, 2014, at 4:39 PM, Rainer Duffner rai...@ultra-secure.de wrote: Am 08.04.2014 um 21:04 schrieb Jim Thompson j...@smallworks.com: Well, that’s the point, Paul. (You hit the nail on the head.) If you don’t have an openssl service exposed, the problem doesn’t affect you.

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-08 Thread Paul Mather
On Apr 8, 2014, at 3:04 PM, Jim Thompson j...@smallworks.com wrote: Well, that’s the point, Paul. (You hit the nail on the head.) If you don’t have an openssl service exposed, the problem doesn’t affect you. Since normally the web GUI isn’t exposed to the WAN, the attack surface is

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

2014-04-08 Thread Paul Mather
On Apr 8, 2014, at 9:35 PM, Paul Mather p...@gromit.dlib.vt.edu wrote: On Apr 8, 2014, at 3:04 PM, Jim Thompson j...@smallworks.com wrote: Well, that’s the point, Paul. (You hit the nail on the head.) If you don’t have an openssl service exposed, the problem doesn’t affect you. Since

Re: [pfSense] Problems with pfsense on ProfitBrick

2014-04-14 Thread Paul Mather
On Apr 14, 2014, at 10:36 AM, Tim Nelson tnel...@rockbochs.com wrote: - Original Message - I'll put here the amount of info that I can before my server's security may be compromised. I want to install pfsense to an server that's hosted by ProfitBrick and using KVM as

Re: [pfSense] Weird routing issue with pfSense-2.1.3-RELEASE-i386, Debian Wheezy, kvm and virtio

2014-06-11 Thread Paul Mather
On Jun 10, 2014, at 5:37 PM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 10.06.2014 22:52, schrieb Karsten Gorling: * Stefan Baur newsgroups.ma...@stefanbaur.de [140610 17:59]: This works all fine and dandy as long as I'm not using virtio: I had the same Problem. Essentially the

Re: [pfSense] ZFS warning message on local console during boot

2014-07-30 Thread Paul Mather
On Jul 30, 2014, at 5:37 AM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Hi list, I'm seeing the following warning on my pfsense 2.1.4-RELEASE (i386): ZFS WARNING: Recommended minimim kmem_size is 512MB; expect unstable behavior. Consider tuning vm.kmem_size and vm.kmem_size_max in

[pfSense] LDAP PAM auth with Local Database accounts?

2014-07-30 Thread Paul Mather
At our organisation we have a central LDAP database that contains administrative information. For Unix purposes, it's only useful for PAM auth, as its schema does not contain the requisite Posix attributes required by Unix accounts. Nevertheless, it is still very useful for password

Re: [pfSense] ZFS warning message on local console during boot

2014-07-30 Thread Paul Mather
a nanobsd setup at heart... Cheers, Paul. -lsf 30. juli 2014 21:44 skrev Stefan Baur newsgroups.ma...@stefanbaur.de følgende: Am 30.07.2014 um 16:43 schrieb Vick Khera: On Wed, Jul 30, 2014 at 9:50 AM, Paul Mather p...@gromit.dlib.vt.edu wrote: Personally, I think ZFS on i386 has become

Re: [pfSense] ZFS warning message on local console during boot

2014-07-30 Thread Paul Mather
getting ARC to play nicely on high-memory systems under memory pressure... :-) To OP; Set it to 640MB and be a happy camper. Well, at least that will make that message go away, which seems to be the main concern. :-) Cheers, Paul. -lsf 30. juli 2014 22:24 skrev Paul Mather p

Re: [pfSense] ZFS warning message on local console during boot

2014-07-31 Thread Paul Mather
On Jul 30, 2014, at 9:07 PM, Jim Thompson j...@smallworks.com wrote: On Jul 30, 2014, at 7:20 PM, Paul Mather p...@gromit.dlib.vt.edu wrote: Despite all that FreeBSD ZFS love, I still would not recommend it on FreeBSD/i386-based installations (as the OP said he was using). It is much

Re: [pfSense] pfsense, IPSec, and Mac OS X

2014-08-20 Thread Paul Mather
On Aug 19, 2014, at 5:19 PM, Paul Galati paulgal...@gmail.com wrote: Anybody on the list using Mac OS X 10.6 or later and the built in Cisco IPSec Client connecting to pfSense with any reliability? I am having a heck of a time getting the expected result. I have a couple users that want to

Re: [pfSense] pfsense, IPSec, and Mac OS X

2014-08-22 Thread Paul Mather
On Aug 22, 2014, at 11:38 AM, Paul Galati paulgal...@gmail.com wrote: thanks for your reply. I have looked at that page already to verify my initial settings were correct, and they are. It is the final tweak that I am trying to locate. I just don’t understand why simply turning NAT-T on

Re: [pfSense] 32 or 64?

2015-01-06 Thread Paul Mather
On Jan 6, 2015, at 12:57 PM, Márcio Merlone marcio.merl...@a1.ind.br wrote: Happy 2015 for all! I am planning to replace some Linksys boxes on remote offices with a virtual pfSense in the next months and was wondering what's recommended for a new install today: 32 or 64 bits? I ask

Re: [pfSense] Block Torrentz

2015-08-19 Thread Paul Mather
On Aug 19, 2015, at 1:32 AM, A Mohan Rao mohanra...@gmail.com wrote: sorry not clear your point...! I believe the point is that focusing on blocking port ranges like 6881-6889 is horribly outdated with modern BitTorrent clients. :-) Many BitTorrent clients will choose a random port on

[pfSense] Unbound DNS Resolver doesn't listen on IP aliases even when selected in settings

2015-11-12 Thread Paul Mather
I recently started using "DNS Resolver" on my pfSense 2.2 system, which had been previously using "DNS Forwarder." The pfSense install has a WAN network and two local networks, LAN and INTERNAL. The INTERNAL network has two IP aliases defined for it. In DNS Resolver -> General Settings ->

Re: [pfSense] Unbound DNS Resolver doesn't listen on IP aliases even when selected in settings

2015-11-18 Thread Paul Mather
On Nov 17, 2015, at 12:45 PM, Steve Yates <st...@teamits.com> wrote: > Paul Mather wrote on Thu, Nov 12 2015 at 1:38 pm: > >> Unfortunately, with this configuration, unbound does not listen on the >> IP aliases: it only listens on the primary IP addresses of LAN, &g

Re: [pfSense] 2.3_1 ?

2016-05-05 Thread Paul Mather
The update status shows it is at version 2.3_1 after the update. The only issue I encountered is ntpd being stopped and having to start it manually. Cheers, Paul. > > Regards, > -Jeppe > > On Thu, May 5, 2016 at 6:26 AM, Paul Mather <p...@gromit.dlib.vt.edu> wrote

Re: [pfSense] 2.3_1 ?

2016-05-05 Thread Paul Mather
On May 5, 2016, at 9:13 AM, Vick Khera wrote: > On Tue, May 3, 2016 at 11:24 AM, Jeppe Øland wrote: > >> Does this update actually work? >> >> After hitting install and crunching for a while, it showed "firmware >> installation failed!" at the top. >> > >

[pfSense] CAS or Shibboleth authentication?

2017-01-24 Thread Paul Mather
Does anyone know whether CAS or Shibboleth is supported as an authentication method by pfSense 2.3.2? CAS is the preferred authentication method for Web applications at our organisation and so it would be great if pfSense could use it---at least with the WebGUI. Is there anyone on the list

Re: [pfSense] pfsense twitter account making rude comments.

2017-02-21 Thread Paul Mather
On Feb 21, 2017, at 11:30 AM, Ryan Coleman wrote: > Not that we are anyone who would know anything about that… The best thing to come out of this ugly spat, for me, is that I went to the pfSense Twitter feed to see what all the fuss was about (I'm not on Twitter) and

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-21 Thread Paul Mather
On Aug 21, 2016, at 4:03 PM, Bryan D. <pfse...@derman.com> wrote: > On 2016-Aug-21, at 5:50 AM, Paul Mather <p...@gromit.dlib.vt.edu> wrote: > >> Even on that page it's incorrect to say it "only" offers the XG-2758. >> That's the only one

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-21 Thread Paul Mather
On Aug 21, 2016, at 2:56 AM, Dave Warren wrote: > On 2016-08-20 04:02, Jim Thompson wrote: >>> On Aug 20, 2016, at 3:10 AM, Dave Warren wrote: >>> On 2016-08-03 08:43, Steve Yates wrote: I'm being serious but what is your rationale for not

Re: [pfSense] MBR restore

2017-06-30 Thread Paul Mather
On Jun 30, 2017, at 10:11 AM, Nicola Ferrari (#554252) wrote: > On 30/06/2017 16:04, Eric Landry wrote: >> You could always write a new boot0 to your disk. If you load a FreeBSD disc >> and run the following command on your pfsense hard disk. >> >> fdisk -B -b

Re: [pfSense] Squid transparent with SSL interception - CA certificate problem

2018-02-06 Thread Paul Mather
On Feb 6, 2018, at 10:03 AM, Roberto Carna wrote: > Dear Alex, so there is no solution to the given problem ??? > > I refer to install a CA private certificate in mobile devices and let > them navigate and use applications through a transparent proxy without > SSL

Re: [pfSense] Configs or hardware?

2018-02-19 Thread Paul Mather
On Feb 19, 2018, at 10:10 AM, Eero Volotinen wrote: > Well. Does it require so much power, that I cannot run it on intel core2 > quad Q9400, 2.66Ghz processor (4 cores) ? What a curious question. It does not require "so much power" but it does require a minimum

Re: [pfSense] ZFS on 2.4.2

2018-03-06 Thread Paul Mather
On Mar 6, 2018, at 12:39 PM, Walter Parker wrote: > On Mon, Mar 5, 2018 at 6:38 PM, Curtis Maurand wrote: > >> ZFS is a memory hog. you need 1 GB of RAM for each TB of disk. > > > Curtis, can you provide some more details? I have been testing this

[pfSense] 10GBASE-T hardware

2018-03-27 Thread Paul Mather
A 10GBASE-T port became available to us in our server rack. The rack currently has a 20-node Hadoop cluster, each node having dual Intel i350 1000BASE-T NICs. The Hadoop nodes connect to an old HP 2910al-48G 48-port GbE switch that, in turn, connects to an old Dell R310 server running pfSense

Re: [pfSense] 10GBASE-T hardware

2018-03-28 Thread Paul Mather
On Mar 27, 2018, at 8:47 PM, Yehuda Katz wrote: > I agree with everything my brother said except recommending the Uniquiti > EdgeSwitch. > We have seen a few instances of the EdgeSwitch locking up without any > apparent reason (once we traced it to a thermal issue, but we

Re: [pfSense] 10GBASE-T hardware

2018-03-28 Thread Paul Mather
On Mar 27, 2018, at 8:10 PM, Moshe Katz wrote: Many thanks for the information and advice. It is much appreciated. > According to the specs that I found on HP's website, your HP switch does > not support 10Gb, only 1Gb on its mini-GBIC ports. You will definitely need > a new

Re: [pfSense] 10GBASE-T hardware

2018-04-02 Thread Paul Mather
On Mar 29, 2018, at 11:12 AM, Moshe Katz <mo...@ymkatz.net> wrote: > On Wed, Mar 28, 2018 at 9:44 PM, Paul Mather <p...@gromit.dlib.vt.edu> > wrote: > >> On Mar 27, 2018, at 8:10 PM, Moshe Katz <mo...@ymkatz.net> wrote: >> >> Many thanks for the in