2012/12/5 Tim Nelson tnel...@rockbochs.com
- Original Message -
1: You need 3 IPs in the same subnet.
hello, to clearify this answer:
Is following correct ?:
- on WAN SIDE you need:
version a)
-- 3 WAN IP's in same WAN subnet, e.g. 5.6.7.1 - 3
version b) alternative (to save WAN
2012/12/5 Eugen Leitl eu...@leitl.org
On Wed, Dec 05, 2012 at 06:07:19PM +0100, WolfSec-Support wrote:
Which CPU? Atom?
Yes, with a Singlecore 1.6 Ghz Atom,
and alternatively with a 1.86 Ghz Dualcore Atom
Which Performance / Bandwith in an OpenVPN Tunnel will be realizable
Hi,
do you have special rules in VPN tunnel ?
make sure to open OpenVPN ruleset as necessary
this is new in 2.x; 1.2.x. had no rules in OpenVPN tunnels
but per default normally tunnel is open anyany
br
stephan
http://www.wolfsec.ch
___
List mailing
WolfSec-Support supp...@wolfsec.ch:
Hi,
do you have special rules in VPN tunnel ?
make sure to open OpenVPN ruleset as necessary
this is new in 2.x; 1.2.x. had no rules in OpenVPN tunnels
but per default normally tunnel is open anyany
br
stephan
defining the defaut gateway for lan
traffic. To permit the traffic to remote vpn site, I have to add a rule
earlier for the remote network with no gateway so it will follow
normal routing.
My 2 cents...
Le Wed, 19 Dec 2012 14:39:36 +0100,
WolfSec-Support supp...@wolfsec.ch a écrit
and the clients on each side can reach internet trough their local pfsense ?
so GW info etc is ok ?
sometimes it's simply a typo etc in mask/gw etc
generally your setup seems to be fine
rgds
stephan
http://www.wolfsec.ch
___
List mailing list
single /24 to single 24 site2site needs no push of routes
only if multiple subnets are on end of tunnel and not described in VPN
info/routing
I would simplyfy this issue to a simple site2site vpn
additional:
- is it a plain v2 install, or an upgraded v1.2.x to v2
I had some isues with upgrades
hello,
in pfsense 2.0.2 it is now new and great,
that the CARP master will handle the tunnels of openvpn,
and the CARP backup will stop the openvpn _SERVER_
however:
- setup site2site
- outpost has also 2 pfsense boxes for HA
- both in OpenVPN CLIIENT mode
- OpenVPN sync in Virtual IP / carp
Hi Chris,
2013/1/5 Chris Buechler c...@pfsense.org
It's done automatically in 2.0.2 and newer.
nope, only on CARP members with usage of openvpn server it will work.
here in my v2.0.2 setup with 2 openvpn clients it won't work.
also the carp backup tries permanently to open the tunnel via
);
}
}
}
but both will:
--- openvpn_restart('client', $settings);
should the rc.carpbackup not stop the client ?
I'm not yet that familiar wit the pfsense code in rc. scripts ;-/
thanks in advance
stephan
2013/1/5 WolfSec-Support supp...@wolfsec.ch
Hi Chris,
2013/1/5 Chris Buechler c...@pfsense.org
hi jim,
2013/1/5 Jim Pingle li...@pingle.org
On 1/4/2013 7:39 PM, WolfSec-Support wrote:
--- openvpn_restart('client', $settings);
That code is smart enough to not start if it's in backup mode.
The key is that the VPN must be bound to a CARP VIP.
ah, ok.
- only the LAN of the outpost has
hi chris
2013/1/5 Chris Buechler c...@pfsense.org
That's not a proper supported HA config, but it should work if you
for sure, I know.
simply here is necessary http and VPN für users.
so we need no CARP / VIP on WAN.
also the ISP can not provide in this contractmodel fixed PA's
bind
Hello,
following works:
a)
- 2 ISP's (via DHCP) - each on one box
- 2 pfsenses
- CARP on LAN IP
in an outpost setup.
so a box failure can be covered.
also an ISP failure can be covered (manually, of automatically after
editing somefiles)
(to cover WAN link down, and not only box failures)
update:
I will try:
http://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#VMware_ESX.2FESXi_Users
Changing Net.ReversePathFwdCheckPromisc
and report result here.
2013/1/15 WolfSec-Support supp...@wolfsec.ch:
hello,
I have 2 boxes:
- VM's under ESX 5.1
- promisc, mac
hello
2013/1/15 WolfSec-Support supp...@wolfsec.ch:
update:
I will try:
http://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#VMware_ESX.2FESXi_Users
Changing Net.ReversePathFwdCheckPromisc
and report result here.
this solved my issue:
Changing
could
be the issue
I have not yet investigated this deeper;
will go on in 1-2 weeks on that.
br
stephan
2013/3/23 Michael Schuh michael.sc...@gmail.com:
2013/3/23 Michael Schuh michael.sc...@gmail.com
2013/3/21 WolfSec-Support supp...@wolfsec.ch
hi,
I can confirm similar dns-forwarder
Hello,
found nothing useable till now.
setup in place / clear for me:
- 2 boxes in HA setup / CARP IP only in LAN
- all connections to both boxes via vlans in a failover LAGG on 2 nics per box
- 2 cheap internet links via 2 different providers (cable and pppoe)
- vlan 100 for cable modem
Hello all,
any hint ?
thanks in advance
stephan
2013/5/17 WolfSec-Support supp...@wolfsec.ch:
Hello,
found nothing useable till now.
setup in place / clear for me:
- 2 boxes in HA setup / CARP IP only in LAN
- all connections to both boxes via vlans in a failover LAGG on 2 nics per box
Hello,
in general DNS forwarder works.
resolving external records works fine
but if you want to use an overwrite for an domain e.g. mydomain.local,
and pointing it to an internal IP behind a OpenVPN tunnel,
it is not working
the given DNS behind the tunnel is responding fine; rules are open.
lightsquid seems broken since release v2.2
on our v2.1.5 pfsenses it worked fine
br
stephan
2015-02-11 14:36 GMT+01:00 Brian Caouette bri...@dlois.com:
I noticed an update posted yesterday. I installed it but when I click the
report tab the screen is still white. I let it go over night as
Hello,
ALIX issue:
I can confirm this.
In WebGUI on Alix the WoL is not working any more
I can confirm:
wake vr0 e0:cb:4e:xx.yy.zz
is working on command line
May also other platforms are affected ?
I have actuall only some ALIXes which use WoL feature fore some clients
Best Regards,
Stephan
hello all,
we have general problems with v2.2
I tried to update 13 devices, and only some worked fine (1 ALIX),
and one virtual machine (afterwards crashes see below)
Most we had problems, e.g:
- looping packet installations without ending - reboot is not solving it
- packets cron / squid /
2015-01-27 22:13 GMT+01:00 Chris Buechler c...@pfsense.com:
we have general problems with v2.2
I tried to update 13 devices, and only some worked fine (1 ALIX),
and one virtual machine (afterwards crashes see below)
Most we had problems, e.g:
- looping packet installations without
well, no kernel crash ?
if kernel crashs:
seems to me you did the same mistake like me:
setup with HA and limiters ?
see:
https://doc.pfsense.org/index.php/Upgrade_Guide#Limiters_with_High_Availability_not_working
br
stephan
2015-01-28 10:47 GMT+01:00 Toni Garcia toni.gar...@sistel.es:
I'm
Hello all
it is a known issue that some pfsenses generated with the update to v2.2
new ssk keys
so sshd is not accessable / service down.
it is not possible to start the service
deleting and regenerating keys doesn't help
also updte v2.2 to 2.2.1 doenstr resolved issue
has anyone a short
Hi Martin
Do you have a dot at the end of the fqdn like in bind configs ?
Pfsense doesnt like a dot at the end.
With e.g.
host.domain.tld
It works fine
With
host.domain.tld.
It works not
So if you use a dot at the end please remove it
Br
Stephan
Am 18.05.2016 00:12 schrieb "Martin Fuchs"
t-boun...@lists.pfsense.org] On Behalf Of
> WolfSec-Support
> Sent: Tuesday, May 03, 2016 11:37 AM
> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
> Subject: Re: [pfSense] never ending update status / "Obtaining update
> status" endless / on v2.3 on
Update:
all i386 nanoBSD installs are affected
An ALIX with i386 on SSD and normal pfsense image works well
so seems only i386 nanoBSD installs are affected
2016-05-03 14:32 GMT+02:00 WolfSec-Support <supp...@wolfsec.ch>:
> Hello,
>
>
> have seen this behaviour on all my
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
> WolfSec-Support
> Sent: Tuesday, May 03, 2016 7:36 AM
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] never ending update status / "Obtaining update
> status" endless / on
Hello
Yesterday I tried to update some v2.3.1-5 to v2.3.2
the update was interupted on all with:
Fetching php-xdebug-2.4.0.txz: .. done
Fetching pfSense-rc-2.3.2.txz: . done
Fetching pfSense-kernel-pfSense-2.3.2.txz: .. done
Fetching pfSense-default-config-2.3.2.txz: .
r
Stephan
Besten Dank.
Freundliche Grüsse,
WolfSec-Support
WolfSec
Postanschrift:
Swiss Post Box: 104213
Zürcherstrasse 161
CH-8010 Zürich
Office ZH:
Seestrasse 59
CH-8708 Männedorf
http://www.wolfsec.ch
2016-07-28 5:56 GMT+02:00 Chris Buechler <c...@pfsense.com>:
> On Wed, Jul 2
Hi all
out of an issue I had the idea to automatize (not full / partly
interactive) my updates of pfsenses
is there any special thing to do - or does it be enough to script some
templates etc with.
pfSense-upgrade -c
pkg clean
pkg update
pkg upgrade
reboot
pfSense-upgrade -d
Idea is also to
; <li...@pingle.org>:
> On 07/27/2016 12:48 AM, WolfSec-Support wrote:
> > Any hint to solve the broken upbated-boxes ?
>
> Use ssh or the console and either use option 13, or use option 8 and
> from the shell, execute "pfSense-upgrade -d"
>
> Early in the upg
Hello
Following scenario
HA setup
3 NICs each device
2 NICs Lagg with vlans for lan and 2 Internet uplinks
3rd nic for additional ISP
These 3rd nic is connected to a router from Provider directly. When this
router will be rebooted the NICs for sure go down and up on 3rd nic
3rd NIC is
nope, upgraded about 20 different test boxes/vm's already without any issue
had same prob in past with (nearly) death harddisk/ssd.
so download was good, storing bad = bad checksum.
Besten Dank.
Freundliche Grüsse,
WolfSec-Support
WolfSec
Postanschrift:
Swiss Post Box: 104213
Zürcherstrasse
Hello
No.
Hardware as nic type can be anything.
For sure the 2nd node should be able to handle traffic and load
E.g. one can be physical with vlan assignments.
Other can ve virtual with vNiC per assignment.
Will work fine.
Simply interface name must be same.
And yes. For sure I agree to use
Hi,
- does the Testclient .50.20 has as Standard gateway the .50.1 ?
- does the L3 switch know in routing table that the 192.168.0.0/24 network
is behind .50.2
- check pfsense NAT setup - may NAT on pfsense causes this ? try to disable
nat here for a test
- also check routes on pfsense
BR
Hello,
as written in documentation, a Factory Default does NOT:
- remove binaries of packages
- removes old configuration data backups
- may not removing other things / logs etc
Is there a way / document / script to cleanup a pfSense WITHOUT
reinstallation ?
Any help is appreciated.
I would
Well, no one any hint ?
2017-07-27 10:46 GMT+02:00 WolfSec-Support <supp...@wolfsec.ch>:
> Hello,
>
>
> as written in documentation, a Factory Default does NOT:
> - remove binaries of packages
> - removes old configuration data backups
> - may not remov
dea before - if it foits not YOUR
requirements, may it fits THEIRS ;)
Cheers
Stephan
2017-08-07 13:33 GMT+02:00 Jim Pingle <li...@pingle.org>:
> On 8/7/2017 2:20 AM, WolfSec-Support wrote:
> > Goal is to put devices on stock for replacements in a nearly clean state
> >
?
Any help and hint is welcome
Br
Stephan
Am 05.08.2017 03:08 schrieb "Jim Pingle" <li...@pingle.org>:
> On 7/27/2017 4:46 AM, WolfSec-Support wrote:
> > Is there a way / document / script to cleanup a pfSense WITHOUT
> > reinstallation ?
>
> If you need t
Hi
KVM works well
ESXi also
In HA take care of the vSwitch setups and that CARP needs directed multicast
On own infra often no problem.
On IaaS mostly a show stopper by provider who drops that for security
reasons at min on WAN side.
Cheers
Stephan
Am 10.10.2017 21:51 schrieb "Daniel"
generated traffic.
If we reduce to 6 NICs all is fine;
If we have 7 = problem
if we have 8 = problem
Any known bug in new release ?
BR
Stephan
Besten Dank.
Freundliche Grüsse,
WolfSec-Support
WolfSec
Postanschrift:
Swiss Post Box: 104213
Zürcherstrasse 161
CH-8010 Zürich
http://www.wolfsec.ch
both cases same behaviour that machine is not working well :-(*
remark:
as written v2.3.4 works well WITHOUT tuned anything
so seems to have an dependency with freebsd 11.1 kernel ?
BR
Stephan
Besten Dank.
Freundliche Grüsse,
WolfSec-Support
WolfSec
Postanschrift:
Swiss Post Box: 104213
Zürcherstr
Hi Jim,
have seen no errors while boot
all nics are shown in ifconfig
in this case it is an virtualized system (KVM / OpenStack)
netstat I need to make a test for you - actual system runs with 6 nics,
so I need to modify before.
BR
Stephan
Besten Dank.
Freundliche Grüsse,
WolfSec-Support
45 matches
Mail list logo
