[pfSense] [OT] Re: serial port sadness

[Stefan Baur]

Am 27.02.2015 um 23:24 schrieb Sean:
> Although... you reminded me of a good story.  Once upon a time I worked
> for this startup company trying to develop a device that was programmed
> over serial.
> Some argument between owner and guy who did original dev work left us
> with a device and a crappy 16 bit dos executable to reverse engineer.
> Called a genius friend of mine and we actually rigged up a serial cable
> with two heads and many twisted wires and electrical tape that allowed
> us to "sniff" the data traversing it.
> So we figured out the entire command set of the device and were able to
> write a better app... 

Well, if we're already sharing war stories, this is how you flash a
Netgear router for your co-worker, when he bought the wrongly-gendered
cable and lunch break wasn't long enough to return to the store:


http://sneakpreview.stefanbaur.de/bilder/computer/routerflash.jpg

For some silly reason, the standard diameter of a regular paper clip is
specc'ed to be the same as the pins on a DB-9 connector.

Living in a 3-D world has its advantages.

-Stefan
PS: 9k6, 8N1.  Wouldn't connect at 14k4 or above.  But was sufficient to
re-flash.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

[Sean]

Although... you reminded me of a good story.  Once upon a time I worked for
this startup company trying to develop a device that was programmed over
serial.
Some argument between owner and guy who did original dev work left us with
a device and a crappy 16 bit dos executable to reverse engineer.
Called a genius friend of mine and we actually rigged up a serial cable
with two heads and many twisted wires and electrical tape that allowed us
to "sniff" the data traversing it.
So we figured out the entire command set of the device and were able to
write a better app...

On Fri, Feb 27, 2015 at 4:18 PM, Sean  wrote:

> LOL.  This guy gets it.
> When I get in trouble there's an almost retired telephony tech in my
> office who speaks this arcane serial language.
> I send him mfg pinouts and they'll make me a custom cable in a pinch.  To
> me it's all just voodoo.
>
> On Fri, Feb 27, 2015 at 2:16 PM, Jim Thompson  wrote:
>
>> Let me know when you want to hear the story of a paper tape reader, a
>> pick and place machine, and “speed select” (pin 23 on a DB-25 wired for EIA
>> RS-232-C)
>>
>> On Feb 27, 2015, at 1:55 PM, Sean  wrote:
>>
>> You also need a real NULL modem cable.  Actually there's probably nothing
>> wrong with your USB to Serial.
>> The blue Cisco cables are rollover cables.  They are not NULL modem
>> cables.  Welcome to serial cable pinout hell.  ;-)
>> Some of us have been here a long time.  I'm no expert but i've got 3
>> different serial cables and converters in my toolbag having learned the
>> hard way the variety of devices and requirements.
>>
>> On Wed, Feb 25, 2015 at 2:30 PM, Jeremy Bennett <
>> jbenn...@hikitechnology.com> wrote:
>>
>>> Thank you all for the suggestions. I put my own alix router in place for
>>> my client, and now that I have a little time, will go ahead and purchase a
>>> non-prolific USB to serial adapter, and the associated accessories.
>>>
>>> I have gotten into the habit of buying prebuilt Alix systems, and that
>>> has spoiled me.
>>>
>>> On Wed, Feb 25, 2015 at 10:12 AM, Volker Kuhlmann <
>>> hid...@paradise.net.nz> wrote:
>>>
 On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote:

 > http://www.amazon.com/gp/product/B00AHYJWWG

 Yes useful for many occasions.
 However as a first step having a two bucks gender bender and trying with
 and without will put the straight/null issue to rest. You'll still need
 if if the flashing gadget indicates as such. Smaller/cheaper than having
 two different cables too.

 > FTDI chip, too.

 Or what the Chinese make of that ;-)

 Volker

 --
 Volker Kuhlmann is list0570 with the domain in header.
 http://volker.top.geek.nz/  Please do not CC list postings to me.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

>>>
>>>
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>>
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

[Sean]

LOL.  This guy gets it.
When I get in trouble there's an almost retired telephony tech in my office
who speaks this arcane serial language.
I send him mfg pinouts and they'll make me a custom cable in a pinch.  To
me it's all just voodoo.

On Fri, Feb 27, 2015 at 2:16 PM, Jim Thompson  wrote:

> Let me know when you want to hear the story of a paper tape reader, a pick
> and place machine, and “speed select” (pin 23 on a DB-25 wired for EIA
> RS-232-C)
>
> On Feb 27, 2015, at 1:55 PM, Sean  wrote:
>
> You also need a real NULL modem cable.  Actually there's probably nothing
> wrong with your USB to Serial.
> The blue Cisco cables are rollover cables.  They are not NULL modem
> cables.  Welcome to serial cable pinout hell.  ;-)
> Some of us have been here a long time.  I'm no expert but i've got 3
> different serial cables and converters in my toolbag having learned the
> hard way the variety of devices and requirements.
>
> On Wed, Feb 25, 2015 at 2:30 PM, Jeremy Bennett <
> jbenn...@hikitechnology.com> wrote:
>
>> Thank you all for the suggestions. I put my own alix router in place for
>> my client, and now that I have a little time, will go ahead and purchase a
>> non-prolific USB to serial adapter, and the associated accessories.
>>
>> I have gotten into the habit of buying prebuilt Alix systems, and that
>> has spoiled me.
>>
>> On Wed, Feb 25, 2015 at 10:12 AM, Volker Kuhlmann > > wrote:
>>
>>> On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote:
>>>
>>> > http://www.amazon.com/gp/product/B00AHYJWWG
>>>
>>> Yes useful for many occasions.
>>> However as a first step having a two bucks gender bender and trying with
>>> and without will put the straight/null issue to rest. You'll still need
>>> if if the flashing gadget indicates as such. Smaller/cheaper than having
>>> two different cables too.
>>>
>>> > FTDI chip, too.
>>>
>>> Or what the Chinese make of that ;-)
>>>
>>> Volker
>>>
>>> --
>>> Volker Kuhlmann is list0570 with the domain in header.
>>> http://volker.top.geek.nz/  Please do not CC list postings to me.
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>>
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Chris L]

> On Feb 27, 2015, at 12:37 PM, Steve Yates  wrote:
> 
> Chris L wrote on Fri, Feb 27 2015 at 12:10 pm:
> 
>> Hopefully the provider can just route the additional subnet to your existing
>> WAN IP.  Then you don’t need to do anything with CARP/HA except make sure
>> primary and secondary are both set up to deal with the routed traffic.
> 
>   Would that require three "LAN side" public IPs for the two firewalls 
> out of that second subnet also?

It depends on what you want to do with them.

If pfSense just routes them to another IP address, then no.  You only need 3 
IPs when you have to create a pfSense interface with HA.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Steve Yates]

Chris L wrote on Fri, Feb 27 2015 at 12:10 pm:

> Hopefully the provider can just route the additional subnet to your existing
> WAN IP.  Then you don’t need to do anything with CARP/HA except make sure
> primary and secondary are both set up to deal with the routed traffic.

Would that require three "LAN side" public IPs for the two firewalls 
out of that second subnet also?

--

Steve Yates
ITS, Inc.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

[Joe Landman]

On 2/27/15 2:55 PM, Sean wrote:
You also need a real NULL modem cable.  Actually there's probably 
nothing wrong with your USB to Serial.
The blue Cisco cables are rollover cables.  They are not NULL modem 
cables.  Welcome to serial cable pinout hell.  ;-)
Some of us have been here a long time.  I'm no expert but i've got 3 
different serial cables and converters in my toolbag having learned 
the hard way the variety of devices and requirements.


+1

Not that I recommend this specific thing, but you could get the 
http://www.amazon.com/StarTech-com-10-Feet-RS232-Serial-SCNM9FF/dp/B6B8BJ 
or similar cable.  We've got a box full of them in the lab.


But really, we do most of our stuff as SOL on IPMI.  I don't know if the 
Alix units have that capability, though its highly recommended for 
remote lights out operations.



--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics, Inc.
e: land...@scalableinformatics.com
w: http://scalableinformatics.com
t: @scalableinfo
p: +1 734 786 8423 x121
c: +1 734 612 4615

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

[Adam Thompson]

Jim, do you read User Friendly?  The arc about putting Sid in the Home for 
Obsolete Programmers, in particular?  ;-)

But, yeah, having spent my early career in narrowband (serial of all shapes and 
sizes and speeds) it's a nightmare of incompatible connectors and protocols.
USB is freaking awesome in comparison.

-Adam

On February 27, 2015 2:16:14 PM CST, Jim Thompson  wrote:
>Let me know when you want to hear the story of a paper tape reader, a
>pick and place machine, and “speed select” (pin 23 on a DB-25 wired for
>EIA RS-232-C)
>
>> On Feb 27, 2015, at 1:55 PM, Sean  wrote:
>> 
>> You also need a real NULL modem cable.  Actually there's probably
>nothing wrong with your USB to Serial.
>> The blue Cisco cables are rollover cables.  They are not NULL modem
>cables.  Welcome to serial cable pinout hell.  ;-)
>> Some of us have been here a long time.  I'm no expert but i've got 3
>different serial cables and converters in my toolbag having learned the
>hard way the variety of devices and requirements.
>> 
>> On Wed, Feb 25, 2015 at 2:30 PM, Jeremy Bennett
>mailto:jbenn...@hikitechnology.com>>
>wrote:
>> Thank you all for the suggestions. I put my own alix router in place
>for my client, and now that I have a little time, will go ahead and
>purchase a non-prolific USB to serial adapter, and the associated
>accessories. 
>> 
>> I have gotten into the habit of buying prebuilt Alix systems, and
>that has spoiled me.
>> 
>> On Wed, Feb 25, 2015 at 10:12 AM, Volker Kuhlmann
>mailto:hid...@paradise.net.nz>> wrote:
>> On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote:
>> 
>> > http://www.amazon.com/gp/product/B00AHYJWWG
>
>> 
>> Yes useful for many occasions.
>> However as a first step having a two bucks gender bender and trying
>with
>> and without will put the straight/null issue to rest. You'll still
>need
>> if if the flashing gadget indicates as such. Smaller/cheaper than
>having
>> two different cables too.
>> 
>> > FTDI chip, too.
>> 
>> Or what the Chinese make of that ;-)
>> 
>> Volker
>> 
>> --
>> Volker Kuhlmann is list0570 with the domain in
>header.
>> http://volker.top.geek.nz/   Please
>do not CC list postings to me.
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>
>> Support the project with Gold! https://pfsense.org/gold
>
>> 
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>
>> Support the project with Gold! https://pfsense.org/gold
>
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>
>
>
>
>
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

[Jim Thompson]

Let me know when you want to hear the story of a paper tape reader, a pick and 
place machine, and “speed select” (pin 23 on a DB-25 wired for EIA RS-232-C)

> On Feb 27, 2015, at 1:55 PM, Sean  wrote:
> 
> You also need a real NULL modem cable.  Actually there's probably nothing 
> wrong with your USB to Serial.
> The blue Cisco cables are rollover cables.  They are not NULL modem cables.  
> Welcome to serial cable pinout hell.  ;-)
> Some of us have been here a long time.  I'm no expert but i've got 3 
> different serial cables and converters in my toolbag having learned the hard 
> way the variety of devices and requirements.
> 
> On Wed, Feb 25, 2015 at 2:30 PM, Jeremy Bennett  > wrote:
> Thank you all for the suggestions. I put my own alix router in place for my 
> client, and now that I have a little time, will go ahead and purchase a 
> non-prolific USB to serial adapter, and the associated accessories. 
> 
> I have gotten into the habit of buying prebuilt Alix systems, and that has 
> spoiled me.
> 
> On Wed, Feb 25, 2015 at 10:12 AM, Volker Kuhlmann  > wrote:
> On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote:
> 
> > http://www.amazon.com/gp/product/B00AHYJWWG 
> > 
> 
> Yes useful for many occasions.
> However as a first step having a two bucks gender bender and trying with
> and without will put the straight/null issue to rest. You'll still need
> if if the flashing gadget indicates as such. Smaller/cheaper than having
> two different cables too.
> 
> > FTDI chip, too.
> 
> Or what the Chinese make of that ;-)
> 
> Volker
> 
> --
> Volker Kuhlmann is list0570 with the domain in header.
> http://volker.top.geek.nz/   Please do not CC 
> list postings to me.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list 
> 
> Support the project with Gold! https://pfsense.org/gold 
> 
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list 
> 
> Support the project with Gold! https://pfsense.org/gold 
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] serial port sadness

[Sean]

You also need a real NULL modem cable.  Actually there's probably nothing
wrong with your USB to Serial.
The blue Cisco cables are rollover cables.  They are not NULL modem
cables.  Welcome to serial cable pinout hell.  ;-)
Some of us have been here a long time.  I'm no expert but i've got 3
different serial cables and converters in my toolbag having learned the
hard way the variety of devices and requirements.

On Wed, Feb 25, 2015 at 2:30 PM, Jeremy Bennett  wrote:

> Thank you all for the suggestions. I put my own alix router in place for
> my client, and now that I have a little time, will go ahead and purchase a
> non-prolific USB to serial adapter, and the associated accessories.
>
> I have gotten into the habit of buying prebuilt Alix systems, and that has
> spoiled me.
>
> On Wed, Feb 25, 2015 at 10:12 AM, Volker Kuhlmann 
> wrote:
>
>> On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote:
>>
>> > http://www.amazon.com/gp/product/B00AHYJWWG
>>
>> Yes useful for many occasions.
>> However as a first step having a two bucks gender bender and trying with
>> and without will put the straight/null issue to rest. You'll still need
>> if if the flashing gadget indicates as such. Smaller/cheaper than having
>> two different cables too.
>>
>> > FTDI chip, too.
>>
>> Or what the Chinese make of that ;-)
>>
>> Volker
>>
>> --
>> Volker Kuhlmann is list0570 with the domain in header.
>> http://volker.top.geek.nz/  Please do not CC list postings to me.
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Steve Yates]

Steve Yates wrote on Fri, Feb 27 2015 at 12:29 pm:

> Two WAN IP, two LAN IP, and two more for sync.

And reading this, I didn't write what I meant, so to just correct it 
all, 3 WAN, 3 LAN, and 2 for sync.

--

Steve Yates
ITS, Inc.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Steve Yates]

Chris L wrote on Fri, Feb 27 2015 at 12:32 pm:

> Three, actually.  One for each interface and one shared CARP address.  

I'm glad Chuck asked.  I looked at that page several times and read 
right past the shared one on the WAN side.  D'oh!  Well never mind my other 
reply to you...

--

Steve Yates
ITS, Inc.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Chris L]

> On Feb 27, 2015, at 10:21 AM, Chuck Mariotti  wrote:
> 
> I am starting this weekend to setup the same situation... So a simple 
> failover situation requires that we have TWO public IP addresses then?
> I am starting to second guess if it's smart to use a VLAN on a shared switch. 
> If it fails, then I have more problems at multiple levels vs. a simple dumb 
> switch.

Three, actually.  One for each interface and one shared CARP address.  It 
appears that using pfSense 2.2 you can use private addresses for the WAN 
interfaces and CARP hellos and a single, routable address for the shared CARP 
VIP but I don’t think ESF has approved that technique yet and if the public IPs 
are available that would be what I would do in production.

I can’t see a blank VLAN on a managed switch for your three WAN connections 
being any less reliable than a dumb switch and it would be tremendously more 
flexible (Think mirror ports and packet captures/monitoring on WAN, for 
instance.)

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Steve Yates]

Chuck Mariotti wrote on Fri, Feb 27 2015 at 12:21 pm:

> I am starting this weekend to setup the same situation... So a simple failover
> situation requires that we have TWO public IP addresses then?

That's what I took from 
https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29.
  Two WAN IP, two LAN IP, and two more for sync.

> I am starting to second guess if it's smart to use a VLAN on a shared switch. 
> If
> it fails, then I have more problems at multiple levels vs. a simple dumb 
> switch.

Yeah I thought about that a while.  In our case  I think the ability to 
move them around the cluster trumps that.  Downtime would be pretty much only 
during upgrades, which we could do during the day with the failover.


Chris L wrote on Fri, Feb 27 2015 at 12:10 pm:

> Hopefully the provider can just route the additional subnet to your existing
> WAN IP.  Then you don't need to do anything with CARP/HA except make sure
> primary and secondary are both set up to deal with the routed traffic.

But (per the above) we would have two WAN IPs?

--

Steve Yates
ITS, Inc.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Chuck Mariotti]

I am starting this weekend to setup the same situation... So a simple failover 
situation requires that we have TWO public IP addresses then?
I am starting to second guess if it's smart to use a VLAN on a shared switch. 
If it fails, then I have more problems at multiple levels vs. a simple dumb 
switch.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Running as a VM, multiple WAN subnets

[Chris L]

Hopefully the provider can just route the additional subnet to your existing 
WAN IP.  Then you don’t need to do anything with CARP/HA except make sure 
primary and secondary are both set up to deal with the routed traffic.

> On Feb 27, 2015, at 9:59 AM, Steve Yates  wrote:
> 
>   After learning of the CARP failover/sync features, we intend to use a 
> VM based firewall for our new private cloud, and have it sync to a failover 
> that would also be a VM.  If it all works, we would be able to move the VMs 
> around our cluster as necessary, while they are in use.  We figure we can set 
> up our switch to put all incoming packets on a VLAN for only the firewall(s), 
> have the servers on a different VLAN, and have pfSense route between them.  
> Possibly with NAT; not sure yet.
> 
>   In the data center, if we end up needing more than the default block of 
> IPs, there is a fee, so I was thinking about just getting another block 
> when/if it was necessary.  That gives up one more IP to the firewall, but it 
> will take years for that to cost more than to start with a bigger block up 
> front.  Can we just add a second subnet?  Does that simply show as a second 
> WAN network?  Would any common rules (say, blocking pings) need to be 
> duplicated for each or could they apply to both?
> 
> Thanks,
> 
> Steve Yates
> ITS, Inc.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Running as a VM, multiple WAN subnets

[Steve Yates]

After learning of the CARP failover/sync features, we intend to use a 
VM based firewall for our new private cloud, and have it sync to a failover 
that would also be a VM.  If it all works, we would be able to move the VMs 
around our cluster as necessary, while they are in use.  We figure we can set 
up our switch to put all incoming packets on a VLAN for only the firewall(s), 
have the servers on a different VLAN, and have pfSense route between them.  
Possibly with NAT; not sure yet.

In the data center, if we end up needing more than the default block of 
IPs, there is a fee, so I was thinking about just getting another block when/if 
it was necessary.  That gives up one more IP to the firewall, but it will take 
years for that to cost more than to start with a bigger block up front.  Can we 
just add a second subnet?  Does that simply show as a second WAN network?  
Would any common rules (say, blocking pings) need to be duplicated for each or 
could they apply to both?

Thanks,

Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold