date:20171123

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Jim Thompson

If there is no response from the bootloader (coreboot) on the serial port, then 
the hardware died, and the upgrade’s only involvement was the reboot at the 
end. 

Jim

> On Nov 23, 2017, at 10:59 AM, Ryan Coleman  wrote:
> 
> There’s likely a package you added to your APU4 that is stopping the upgrade.
> 
> If you use reddit you can get some assistance from more NetGate staff there: 
> http://reddit.com/r/pfsense/
> 
>> On Nov 23, 2017, at 10:08 AM, Elijah Savage  wrote:
>> 
>> I know it is an older model but after my attempt to upgrade my APU4 it would
>> not reboot. I let it sit for 24 hours as it was still passing traffic but no
>> reboot. Logged into the console from my laptop and rebooted it and nothing
>> comes back. It doesn't give anything on the console and doesn't beep anymore
>> when booting up, I believe it doesn't get to that point.
>> 
>> 
>> 
>> Interesting enough I was able to get 2.4 loaded on an older dell optiplex
>> 780 with 3 nics to replace it just fine.
>> 
>> 
>> 
>> This is not intended to bash pfSense, I like it so much that I do contribute
>> monetarily. This meant to be nothing more than a public service announcement
>> for others with this platform. Maybe it was just time for mine to dye and it
>> potentially has nothing to do with pfSense.
>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Eero Volotinen

from usb stick?

Eero

23.11.2017 23.25 "Elijah Savage"  kirjoitti:

> Can't get it to boot on any image.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
> Volotinen
> Sent: Thursday, November 23, 2017 4:23 PM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate
>
> reinstall with factory factory image from usb stick?
>
> 23.11.2017 18.09 "Elijah Savage"  kirjoitti:
>
> > I know it is an older model but after my attempt to upgrade my APU4 it
> > would not reboot. I let it sit for 24 hours as it was still passing
> > traffic but no reboot. Logged into the console from my laptop and
> > rebooted it and nothing comes back. It doesn't give anything on the
> > console and doesn't beep anymore when booting up, I believe it doesn't
> > get to that point.
> >
> >
> >
> > Interesting enough I was able to get 2.4 loaded on an older dell
> > optiplex
> > 780 with 3 nics to replace it just fine.
> >
> >
> >
> > This is not intended to bash pfSense, I like it so much that I do
> > contribute monetarily. This meant to be nothing more than a public
> > service announcement for others with this platform. Maybe it was just
> > time for mine to dye and it potentially has nothing to do with
> > pfSense.
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Elijah Savage

Can't get it to boot on any image.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
Volotinen
Sent: Thursday, November 23, 2017 4:23 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate

reinstall with factory factory image from usb stick?

23.11.2017 18.09 "Elijah Savage"  kirjoitti:

> I know it is an older model but after my attempt to upgrade my APU4 it 
> would not reboot. I let it sit for 24 hours as it was still passing 
> traffic but no reboot. Logged into the console from my laptop and 
> rebooted it and nothing comes back. It doesn't give anything on the 
> console and doesn't beep anymore when booting up, I believe it doesn't 
> get to that point.
>
>
>
> Interesting enough I was able to get 2.4 loaded on an older dell 
> optiplex
> 780 with 3 nics to replace it just fine.
>
>
>
> This is not intended to bash pfSense, I like it so much that I do 
> contribute monetarily. This meant to be nothing more than a public 
> service announcement for others with this platform. Maybe it was just 
> time for mine to dye and it potentially has nothing to do with 
> pfSense.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Eero Volotinen

reinstall with factory factory image from usb stick?

23.11.2017 18.09 "Elijah Savage"  kirjoitti:

> I know it is an older model but after my attempt to upgrade my APU4 it
> would
> not reboot. I let it sit for 24 hours as it was still passing traffic but
> no
> reboot. Logged into the console from my laptop and rebooted it and nothing
> comes back. It doesn't give anything on the console and doesn't beep
> anymore
> when booting up, I believe it doesn't get to that point.
>
>
>
> Interesting enough I was able to get 2.4 loaded on an older dell optiplex
> 780 with 3 nics to replace it just fine.
>
>
>
> This is not intended to bash pfSense, I like it so much that I do
> contribute
> monetarily. This meant to be nothing more than a public service
> announcement
> for others with this platform. Maybe it was just time for mine to dye and
> it
> potentially has nothing to do with pfSense.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Elijah Savage

Good advice but I think this is hardware related. No bootup at all nothing 
shows on the console but I still may give it a try.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Coleman
Sent: Thursday, November 23, 2017 11:59 AM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] 2.4 Bricked my APU4 Netgate

There’s likely a package you added to your APU4 that is stopping the upgrade.

If you use reddit you can get some assistance from more NetGate staff there: 
http://reddit.com/r/pfsense/

> On Nov 23, 2017, at 10:08 AM, Elijah Savage  wrote:
> 
> I know it is an older model but after my attempt to upgrade my APU4 it 
> would not reboot. I let it sit for 24 hours as it was still passing 
> traffic but no reboot. Logged into the console from my laptop and 
> rebooted it and nothing comes back. It doesn't give anything on the 
> console and doesn't beep anymore when booting up, I believe it doesn't get to 
> that point.
> 
> 
> 
> Interesting enough I was able to get 2.4 loaded on an older dell 
> optiplex
> 780 with 3 nics to replace it just fine.
> 
> 
> 
> This is not intended to bash pfSense, I like it so much that I do 
> contribute monetarily. This meant to be nothing more than a public 
> service announcement for others with this platform. Maybe it was just 
> time for mine to dye and it potentially has nothing to do with pfSense.
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] 2.4 Bricked my APU4 Netgate

2017-11-23 Thread Elijah Savage

I know it is an older model but after my attempt to upgrade my APU4 it would
not reboot. I let it sit for 24 hours as it was still passing traffic but no
reboot. Logged into the console from my laptop and rebooted it and nothing
comes back. It doesn't give anything on the console and doesn't beep anymore
when booting up, I believe it doesn't get to that point.

 

Interesting enough I was able to get 2.4 loaded on an older dell optiplex
780 with 3 nics to replace it just fine.

 

This is not intended to bash pfSense, I like it so much that I do contribute
monetarily. This meant to be nothing more than a public service announcement
for others with this platform. Maybe it was just time for mine to dye and it
potentially has nothing to do with pfSense.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] acme package: DNS-nsupdate configurable update zone

2017-11-23 Thread Brian Candler

I found another way to use DNS01 challenges without which doesn't 
require modifying the pfSense acme package, and doesn't use CNAME records.


Simply, for each  you create a separate zone 
_acme-challenge., with its own TSIG key.  This is a better 
solution than CNAME into a shared dynamic update zone, because a 
compromised server can't issue certificates for any domain other than 
its own.


Step-by-step instructions are below, in case they are useful to anyone else.

Regards, Brian.

-=-=-=-=-

For each certificate that the firewall wants:

1. In the DNS, add an NS record for `_acme-challenge.` pointing 
at .


2. Create new TSIG host key named `_acme-challenge.`

dnssec-keygen -r /dev/urandom -a hmac-md5 -b 128 -n HOST 
_acme-challenge.


The only bit you need is the base64 key from 
K_acme-challenge..+157+.key.  Note this and you can 
delete the K*.key and K*.private files.


3. Create new zone `_acme-challenge.` on 

key "_acme-challenge." {
  algorithm hmac-md5;
  secret "";
};
zone "_acme-challenge." {
  type master;
  file "/var/cache/bind/_acme-challenge.";
  masterfile-format text;
  allow-update { key "_acme-challenge."; };
};

Ensure that this config snippet is in a separate file only readable by 
nameserver (chown bind:bind, chmod 400) and included from the main config.


4. Create skeleton zone file `/var/cache/bind/_acme-challenge.` 
and ensure it is writable by server (chown bind:bind)


$TTL 60
@ SOA . hostmaster.. ( 20 3600 
1800 604800 60 )

@ NS .

5. Validate and reload server

named-checkconf /etc/bind/named.conf
rndc reload
grep _acme-challenge /var/log/syslog

Then configure the pfSense acme client under Domain SAN List with:

Method: DNS-NSupdate / RFC 2136
Server: 
Key Type: host key
Key Algorithm: HMAC-MD5
Key: 

DNS Sleep: 2

(The sleep assumes you are only pointing at a single nameserver, which 
is fine for this purpose. In fact you can have a separate nameserver 
just for ACME challenges, which is unrelated to your main DNS 
infrastructure)

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.4.2 release

2017-11-23 Thread Luna Jernberg

Downloaded and burned the ISO will update after the OpenBSD/FreeBSD meetup
in Stockholm tonight:
https://www.meetup.com/BSD-Users-Stockholm/events/244055780/

On Wed, Nov 22, 2017 at 6:32 PM, Steve Yates  wrote:

> They emailed partners, since we got an email yesterday afternoon.  It just
> came out since I upgraded a router to 2.4.1 overnight Monday night.
>
> --
>
> Steve Yates
> ITS, Inc.
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan
> Coleman
> Sent: Wednesday, November 22, 2017 10:50 AM
> To: pfSense Support and Discussion Mailing List 
> Subject: Re: [pfSense] pfSense 2.4.2 release
>
> Tis. And it works. I’m surprised I didn’t get a notification.
>
> > On Nov 22, 2017, at 3:30 AM, Doug Lytle  wrote:
> >
> > I just noted that it's out.
> >
> > pfSense 2.4.2  available.html>
> >
> > Doug
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense in AWS VPC

2017-11-23 Thread Watson Kamanga

Services, DHCP Server  . untick enable dhcp .

Watz . 

On 11/23/17, 4:42 PM, "List on behalf of André Rodier" 
 wrote:

Hello,

Thanks for this great BSD distribution.

We are actually using pfSense on a dedicated hardware infrastructure of
multiple server, with one of them being a web portal application.

We are using the OpenVPN server to restrict access this web application,
on a specific domain (https://app.london.sq). The web application is
only exposed through this interface, and therefore not accessible
externally.

We are now facing a challenge, to replicate this infrastructure on AWS,
inside a VPC. The VPC service from AWS is having a dedicated DHCP
server, that would conflict with the DHCP server of the firewall.

In this scenario, how can we run the pfSense as a firewall in a AWS
powered virtual private cloud, but without using the DHCP server that
comes with pfSense.

Thanks for your help and advices.

Kind regards,
André Rodier
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense in AWS VPC

2017-11-23 Thread André Rodier

Hello,

Thanks for this great BSD distribution.

We are actually using pfSense on a dedicated hardware infrastructure of
multiple server, with one of them being a web portal application.

We are using the OpenVPN server to restrict access this web application,
on a specific domain (https://app.london.sq). The web application is
only exposed through this interface, and therefore not accessible
externally.

We are now facing a challenge, to replicate this infrastructure on AWS,
inside a VPC. The VPC service from AWS is having a dedicated DHCP
server, that would conflict with the DHCP server of the firewall.

In this scenario, how can we run the pfSense as a firewall in a AWS
powered virtual private cloud, but without using the DHCP server that
comes with pfSense.

Thanks for your help and advices.

Kind regards,
André Rodier
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.4 Bricked my APU4 Netgate

Re: [pfSense] 2.4 Bricked my APU4 Netgate

Re: [pfSense] 2.4 Bricked my APU4 Netgate

Re: [pfSense] 2.4 Bricked my APU4 Netgate

Re: [pfSense] 2.4 Bricked my APU4 Netgate

[pfSense] 2.4 Bricked my APU4 Netgate

Re: [pfSense] acme package: DNS-nsupdate configurable update zone

Re: [pfSense] pfSense 2.4.2 release

Re: [pfSense] pfSense in AWS VPC

[pfSense] pfSense in AWS VPC

10 matches

Site Navigation

Mail list logo

Footer information