[pfSense] Migrating existing install to another drive

[Dan Langille]

Hello,

I have a NetGate APU2 running pfSense 2.3.  It came pre-installed and I've 
upgraded it over the past two years.
It also came a 16GB mSata card and an 8GB SD card, both of which I think are 
unused.

I write for advice on how best to start using these unused resources.

The questions:

- Where is pfSense installed if not on either of ada0 or da0?

- Does it make sense to start using ada0 and install pfSense there?

- Do you have other recommendations?

- Oh, look at that in dmesg: If you agree with the license, set 
legal.intel_ipw.license_ack=1 in /boot/loader.conf
  Things seem to be working fine without that.  What am I missing out on?

# df -h
Filesystem   SizeUsed   Avail Capacity  Mounted on
/dev/ufs/pfsense11.8G822M876M48%/
devfs1.0K1.0K  0B   100%/dev
/dev/ufs/cf   49M7.7M 38M17%/cf
/dev/md0  38M384K 35M 1%/tmp
/dev/md1  58M 26M 27M48%/var
devfs1.0K1.0K  0B   100%/var/dhcpd/dev

But the system does have two drives:

# sysctl kern.disks
kern.disks: ada0 da0

>From dmesg (full output at end of email):

ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0:  ATA-7 SATA 2.x device
ada0: Serial Number YTAK13450285
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 15258MB (31248704 512 byte sectors)
ada0: Previously was known as ad4

umass0:  on 
usbus6
da0 at umass-sim0 bus 0 scbus6 target 0 lun 0
da0:  Removable Direct Access SPC-2 SCSI device
da0: Serial Number 058F63666485
da0: 40.000MB/s transfers
da0: 7580MB (15523840 512 byte sectors)
da0: quirks=0x2

Full dmesg output:

Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.3-RELEASE #4 05adf0a(RELENG_2_3_0): Mon Apr 11 19:09:19 CDT 2016

root@factory23-amd64-builder:/builder/factory-230/tmp/obj/builder/factory-230/tmp/FreeBSD-src/sys/pfSense
 amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x500f20  Family=0x14  Model=0x2  Stepping=0
  
Features=0x178bfbff
  Features2=0x802209
  AMD Features=0x2e500800
  AMD 
Features2=0x35ff
  SVM: NP,NRIP,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 2115289088 (2017 MB)
avail memory = 2007412736 (1914 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
random:  initialized
ioapic0  irqs 0-23 on motherboard
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in 
/boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0x806208b0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in 
/boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0x80620960, 0) error 1
ipw_monitor: You need to read the LICENSE file in 
/usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 
in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0x80620a10, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in 
/boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0x80647bb0, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in 
/boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0x80647c60, 0) error 1
iwi_monitor: You need to read the LICENSE file in 
/usr/share/doc/legal/intel_iwi/.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 
in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0x80647d10, 0) error 1
netmap: loaded module
kbd0 at kbdmux0
module_register_init: MOD_LOAD (vesa, 0x810166d0, 0) error 19
cryptosoft0:  on motherboard
padlock0: No ACE support.
acpi0:  on motherboard
acpi0: Power Button (fixed)
cpu0:  on acpi0
cpu1:  on acpi0
atrtc0:  port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz 

Re: [pfSense] pfsync_undefer_state: unable to find deferred state

[Steve Yates]

This may or may not be related but after he upgrade to 2.3.1 I did find a 
continual stream of checksum error alerts in Suricata.  As found online, 
disabling Hardware Checksum Offloading fixed it, even though this is on a 
virtual machine.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates
Sent: Friday, July 8, 2016 4:30 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] pfsync_undefer_state: unable to find deferred state

I found thread
https://forum.pfsense.org/index.php?topic=87541.60
...and posted there but it's old and references 2.1.x and 2.2.x versions.  
After upgrading from 2.2.6 to 2.3.1_5 we get a long spew of this logged during 
a Limiter-limited rsync each night (it also shows on the console screen):

Jul 8 02:47:36  kernel  defer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred state

Jul 8 02:47:36  kernel  _undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_und
 efer_state: unable to find deferred statepf

Jul 8 02:47:36  kernel  ync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_undefer_state: unable to find deferred statepfsync_undefer_state: 
unable to find deferred statepfsync_undefer_state: unable to find deferred 
statepfsync_
 undefer_state: unable to find deferred stat


It continues while traffic that triggers the limiter rule is in effect and ends 
immediately upon traffic's end.

The Limiter set up is only using Firewall\Traffic Shaper\Limiters:
LimitBackupUpLAN
50Mbit/sOvernight [Mon - Sun / 0:00-6:45]
15Mbit/sDay
LimitBackupUpLAN
50Mbit/sOvernight
15Mbit/sDay

The limiter is on a rule on the LAN interface, with "In / Out pipe" set.  It 
only matches to one IP.  Neither checking "No pfSync" nor setting "State type" 
to None seem to have any effect.  I think that's the equivalent of what they 
mentioned in the forum thread... 'unchek  the flag "State Type" to "NO pfsync".'

I can duplicate this at will...in this case an "rsync --dry-run" is plenty.

It doesn't seem to have any effect on traffic since the copy works fine, it 
appears to just be a logging issue.

--

Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

[Chris Buechler]

On Fri, Jul 15, 2016 at 2:08 PM, Marc R. Meshurle Jr.  wrote:
> x.x.x.x is the PFSense and y.y.y.y is the Cisco
>
> Jul 16 00:05:54 charon: 11[IKE]  deleting IKE_SA con2000[673] 
> between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> Jul 16 00:05:54 charon: 11[IKE]  received DELETE for IKE_SA 
> con2000[673]
> Jul 16 00:05:54 charon: 11[ENC]  parsed INFORMATIONAL_V1 request 
> 303027 [ HASH D ]
> Jul 16 00:05:54 charon: 11[NET]  received packet: from 
> y.y.y.y[500] to x.x.x.x[500] (84 bytes)
> Jul 16 00:05:54 charon: 05[IKE]  received NO_PROPOSAL_CHOSEN 
> error notify
> Jul 16 00:05:54 charon: 05[ENC]  parsed INFORMATIONAL_V1 request 
> 1608868438 [ HASH N(NO_PROP) ]

No proposal means something doesn't match in your config. The ASA is
sending that, it might be logging something more useful as to why it's
sending NO_PROP. No way to tell anything other than "config doesn't
match" from the logs on that side. It's a mismatch in P1.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

[Eero Volotinen]

Provide also logs from Cisco ASA.

NO_PROPOSAL_CHOSEN usually means that cipher specs does not match on both
sides. Could you provide screenshot from cipher settings.

--
Eero

2016-07-15 22:08 GMT+03:00 Marc R. Meshurle Jr. :

> x.x.x.x is the PFSense and y.y.y.y is the Cisco
>
> Jul 16 00:05:54 charon: 11[IKE]  deleting IKE_SA con2000[673]
> between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> Jul 16 00:05:54 charon: 11[IKE]  received DELETE for IKE_SA
> con2000[673]
> Jul 16 00:05:54 charon: 11[ENC]  parsed INFORMATIONAL_V1
> request 303027 [ HASH D ]
> Jul 16 00:05:54 charon: 11[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (84 bytes)
> Jul 16 00:05:54 charon: 05[IKE]  received NO_PROPOSAL_CHOSEN
> error notify
> Jul 16 00:05:54 charon: 05[ENC]  parsed INFORMATIONAL_V1
> request 1608868438 [ HASH N(NO_PROP) ]
> Jul 16 00:05:54 charon: 05[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (84 bytes)
> Jul 16 00:05:54 charon: 05[NET]  sending packet: from
> x.x.x.x[500] to y.y.y.y[500] (396 bytes)
> Jul 16 00:05:54 charon: 05[ENC]  generating QUICK_MODE
> request 4135665263 [ HASH SA No KE ID ID ]
> Jul 16 00:05:54 charon: 05[IKE]  maximum IKE_SA lifetime
> 86369s
> Jul 16 00:05:54 charon: 05[IKE]  scheduling reauthentication
> in 85829s
> Jul 16 00:05:54 charon: 05[IKE]  IKE_SA con2000[673]
> established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> Jul 16 00:05:54 charon: 05[IKE]  received DPD vendor ID
> Jul 16 00:05:54 charon: 05[ENC]  parsed ID_PROT response 0 [
> ID HASH V ]
> Jul 16 00:05:54 charon: 05[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (84 bytes)
> Jul 16 00:05:54 charon: 05[NET]  sending packet: from
> x.x.x.x[500] to y.y.y.y[500] (100 bytes)
> Jul 16 00:05:54 charon: 05[ENC]  generating ID_PROT request 0
> [ ID HASH N(INITIAL_CONTACT) ]
> Jul 16 00:05:54 charon: 05[ENC]  received unknown vendor ID:
> 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
> Jul 16 00:05:54 charon: 05[ENC]  received unknown vendor ID:
> 11:84:28:cb:63:c1:36:01:1c:b0:82:fb:98:db:9d:aa
> Jul 16 00:05:54 charon: 05[IKE]  received XAuth vendor ID
> Jul 16 00:05:54 charon: 05[IKE]  received Cisco Unity vendor
> ID
> Jul 16 00:05:54 charon: 05[ENC]  parsed ID_PROT response 0 [
> KE No V V V V NAT-D NAT-D ]
> Jul 16 00:05:54 charon: 05[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (304 bytes)
> Jul 16 00:05:54 charon: 05[NET]  sending packet: from
> x.x.x.x[500] to y.y.y.y[500] (244 bytes)
> Jul 16 00:05:54 charon: 05[ENC]  generating ID_PROT request 0
> [ KE No NAT-D NAT-D ]
> Jul 16 00:05:54 charon: 05[IKE]  received FRAGMENTATION
> vendor ID
> Jul 16 00:05:54 charon: 05[IKE]  received NAT-T (RFC 3947)
> vendor ID
> Jul 16 00:05:54 charon: 05[ENC]  parsed ID_PROT response 0 [
> SA V V ]
> Jul 16 00:05:54 charon: 05[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (128 bytes)
> Jul 16 00:05:54 charon: 11[NET]  sending packet: from
> x.x.x.x[500] to y.y.y.y[500] (200 bytes)
> Jul 16 00:05:54 charon: 11[ENC]  generating ID_PROT request 0
> [ SA V V V V V V ]
> Jul 16 00:05:54 charon: 11[IKE]  initiating Main Mode IKE_SA
> con2000[673] to y.y.y.y
> Jul 16 00:05:54 charon: 09[KNL] creating acquire job for policy
> x.x.x.x/32|/0 === y.y.y.y/32|/0 with reqid {20}
> Jul 16 00:05:53 charon: 11[IKE]  deleting IKE_SA con2000[672]
> between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> Jul 16 00:05:53 charon: 11[IKE]  received DELETE for IKE_SA
> con2000[672]
> Jul 16 00:05:53 charon: 11[ENC]  parsed INFORMATIONAL_V1
> request 3572694564 [ HASH D ]
> Jul 16 00:05:53 charon: 11[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (84 bytes)
> Jul 16 00:05:53 charon: 09[IKE]  received NO_PROPOSAL_CHOSEN
> error notify
> Jul 16 00:05:53 charon: 09[ENC]  parsed INFORMATIONAL_V1
> request 4230419079 [ HASH N(NO_PROP) ]
> Jul 16 00:05:53 charon: 09[NET]  received packet: from
> y.y.y.y[500] to x.x.x.x[500] (84 bytes)
> Jul 16 00:05:53 charon: 09[NET]  sending packet: from
> x.x.x.x[500] to y.y.y.y[500] (396 bytes)
> Jul 16 00:05:53 charon: 09[ENC]  generating QUICK_MODE
> request 1039796497 [ HASH SA No KE ID ID ]
> Jul 16 00:05:53 charon: 09[IKE]  maximum IKE_SA lifetime
> 85885s
> Jul 16 00:05:53 charon: 09[IKE]  scheduling reauthentication
> in 85345s
> Jul 16 00:05:53 charon: 09[IKE]  IKE_SA con2000[672]
> established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> Jul 16 00:05:53 charon: 09[IKE] 

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

[Marc R. Meshurle Jr.]

x.x.x.x is the PFSense and y.y.y.y is the Cisco

Jul 16 00:05:54 charon: 11[IKE]  deleting IKE_SA con2000[673] 
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:54 charon: 11[IKE]  received DELETE for IKE_SA 
con2000[673]
Jul 16 00:05:54 charon: 11[ENC]  parsed INFORMATIONAL_V1 request 
303027 [ HASH D ]
Jul 16 00:05:54 charon: 11[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:54 charon: 05[IKE]  received NO_PROPOSAL_CHOSEN error 
notify
Jul 16 00:05:54 charon: 05[ENC]  parsed INFORMATIONAL_V1 request 
1608868438 [ HASH N(NO_PROP) ]
Jul 16 00:05:54 charon: 05[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:54 charon: 05[NET]  sending packet: from x.x.x.x[500] 
to y.y.y.y[500] (396 bytes)
Jul 16 00:05:54 charon: 05[ENC]  generating QUICK_MODE request 
4135665263 [ HASH SA No KE ID ID ]
Jul 16 00:05:54 charon: 05[IKE]  maximum IKE_SA lifetime 86369s
Jul 16 00:05:54 charon: 05[IKE]  scheduling reauthentication in 
85829s
Jul 16 00:05:54 charon: 05[IKE]  IKE_SA con2000[673] established 
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:54 charon: 05[IKE]  received DPD vendor ID
Jul 16 00:05:54 charon: 05[ENC]  parsed ID_PROT response 0 [ ID 
HASH V ]
Jul 16 00:05:54 charon: 05[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:54 charon: 05[NET]  sending packet: from x.x.x.x[500] 
to y.y.y.y[500] (100 bytes)
Jul 16 00:05:54 charon: 05[ENC]  generating ID_PROT request 0 [ ID 
HASH N(INITIAL_CONTACT) ]
Jul 16 00:05:54 charon: 05[ENC]  received unknown vendor ID: 
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Jul 16 00:05:54 charon: 05[ENC]  received unknown vendor ID: 
11:84:28:cb:63:c1:36:01:1c:b0:82:fb:98:db:9d:aa
Jul 16 00:05:54 charon: 05[IKE]  received XAuth vendor ID
Jul 16 00:05:54 charon: 05[IKE]  received Cisco Unity vendor ID
Jul 16 00:05:54 charon: 05[ENC]  parsed ID_PROT response 0 [ KE No 
V V V V NAT-D NAT-D ]
Jul 16 00:05:54 charon: 05[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (304 bytes)
Jul 16 00:05:54 charon: 05[NET]  sending packet: from x.x.x.x[500] 
to y.y.y.y[500] (244 bytes)
Jul 16 00:05:54 charon: 05[ENC]  generating ID_PROT request 0 [ KE 
No NAT-D NAT-D ]
Jul 16 00:05:54 charon: 05[IKE]  received FRAGMENTATION vendor ID
Jul 16 00:05:54 charon: 05[IKE]  received NAT-T (RFC 3947) vendor 
ID
Jul 16 00:05:54 charon: 05[ENC]  parsed ID_PROT response 0 [ SA V 
V ]
Jul 16 00:05:54 charon: 05[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (128 bytes)
Jul 16 00:05:54 charon: 11[NET]  sending packet: from x.x.x.x[500] 
to y.y.y.y[500] (200 bytes)
Jul 16 00:05:54 charon: 11[ENC]  generating ID_PROT request 0 [ SA 
V V V V V V ]
Jul 16 00:05:54 charon: 11[IKE]  initiating Main Mode IKE_SA 
con2000[673] to y.y.y.y
Jul 16 00:05:54 charon: 09[KNL] creating acquire job for policy x.x.x.x/32|/0 
=== y.y.y.y/32|/0 with reqid {20}
Jul 16 00:05:53 charon: 11[IKE]  deleting IKE_SA con2000[672] 
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:53 charon: 11[IKE]  received DELETE for IKE_SA 
con2000[672]
Jul 16 00:05:53 charon: 11[ENC]  parsed INFORMATIONAL_V1 request 
3572694564 [ HASH D ]
Jul 16 00:05:53 charon: 11[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 09[IKE]  received NO_PROPOSAL_CHOSEN error 
notify
Jul 16 00:05:53 charon: 09[ENC]  parsed INFORMATIONAL_V1 request 
4230419079 [ HASH N(NO_PROP) ]
Jul 16 00:05:53 charon: 09[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 09[NET]  sending packet: from x.x.x.x[500] 
to y.y.y.y[500] (396 bytes)
Jul 16 00:05:53 charon: 09[ENC]  generating QUICK_MODE request 
1039796497 [ HASH SA No KE ID ID ]
Jul 16 00:05:53 charon: 09[IKE]  maximum IKE_SA lifetime 85885s
Jul 16 00:05:53 charon: 09[IKE]  scheduling reauthentication in 
85345s
Jul 16 00:05:53 charon: 09[IKE]  IKE_SA con2000[672] established 
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:53 charon: 09[IKE]  received DPD vendor ID
Jul 16 00:05:53 charon: 09[ENC]  parsed ID_PROT response 0 [ ID 
HASH V ]
Jul 16 00:05:53 charon: 09[NET]  received packet: from 
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 09[NET]  sending packet: from x.x.x.x[500] 
to y.y.y.y[500] (100 bytes)
Jul 16 00:05:53 charon: 09[ENC]  

Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

[Chris Buechler]

On Fri, Jul 15, 2016 at 11:32 AM, Marc R. Meshurle Jr.
 wrote:
> I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with 
> the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've 
> matched the Phase 2 proposals up and it still fails on the Phase 2 side. I've 
> tried every combination of SA protocols and none stay connected.
>
> Any thoughts?
>

What do your IPsec logs show?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC

[Marc R. Meshurle Jr.]

I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with 
the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've 
matched the Phase 2 proposals up and it still fails on the Phase 2 side. I've 
tried every combination of SA protocols and none stay connected.


Any thoughts?

Marc R. Meshurle, Jr.
Sr. Engineer
KatoTech
(Division of Bullets & Bytes, Inc.)
Exton, PA. 19341
610-280-3566
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Notification e-mail settings

[Edward Holcroft]

OK, thanks. I'll keep an eye on it.

On Thu, Jul 14, 2016 at 8:48 PM, Michael kellogg 
wrote:

> there is an open bug for the mail bomb
>
> On Thu, Jul 14, 2016 at 7:00 PM, Edward Holcroft 
> wrote:
>
> > I have my pfSense set to notify if one of my gateways goes down. It does
> > this very well. Too well, in fact. I get hundreds of emails, even if a gw
> > is down for just a few minutes.
> >
> > Is there a way to make it send less notifications?
> >
> > ed
> >
> > --
> >
> > _
> >
> > *Edward O. Holcroft*
> > IT Operations Manager
> >
> > *Madsen, Kneppers & Associates, Inc.*
> > Construction Consultants & Engineers
> > 11695 Johns Creek Parkway, Suite 250
> > Johns Creek, GA 30097
> >
> > *O*  770.446.9606  |  *F*  770.446.9612  |  *C*  770.630.0949  |
> > eholcr...@mkainc.com
> >
> > www.mkainc.com
> >
> > --
> > MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc.
> WARNING/CONFIDENTIALITY
> > NOTICE: This message may be confidential and/or privileged. If you are
> not
> > the intended recipient, please notify the sender immediately then delete
> it
> > - you should not copy or use it for any purpose or disclose its content
> to
> > any other person. Internet communications are not secure. You should scan
> > this message and any attachments for viruses. Any unauthorized use or
> > interception of this e-mail is illegal.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
>
>
>
> --
> Grand River Jersey Farm
> grandriv...@gmail.com
> 440-813-8298
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 

_

*Edward O. Holcroft*
IT Operations Manager

*Madsen, Kneppers & Associates, Inc.*
Construction Consultants & Engineers
11695 Johns Creek Parkway, Suite 250
Johns Creek, GA 30097

*O*  770.446.9606  |  *F*  770.446.9612  |  *C*  770.630.0949  |
eholcr...@mkainc.com

www.mkainc.com

-- 
MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. WARNING/CONFIDENTIALITY 
NOTICE: This message may be confidential and/or privileged. If you are not 
the intended recipient, please notify the sender immediately then delete it 
- you should not copy or use it for any purpose or disclose its content to 
any other person. Internet communications are not secure. You should scan 
this message and any attachments for viruses. Any unauthorized use or 
interception of this e-mail is illegal.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold