from:"Jeppe Øland"

Re: [pfSense] Multiple DMZs isolated from each other

2017-06-26 Thread Jeppe Øland

Well, at least that matches what I found: That I can't get connections to
the internet working without allowing everything else too.

That seems like a pretty bad design... It would be much better to be able
to allow something to just the WAN interface...

On Mon, Jun 26, 2017 at 11:26 AM, Jim Spaloss <jspal...@gmail.com> wrote:

> The rule(s) that allow internet access are the "Allow to Any" rule(s). This
> could be accomplished as one rule on a floating or interface group ruleset.
> (Allow any from any to any).
>
> The trick is to block the things that you don't want the DMZ to have access
> to first. I also use an alias to keep the DMZs from talking to each other.
>
> If you want, I could post some screenshots of my config.
>
>
> On Jun 26, 2017 9:32 AM, "Jeppe Øland" <jol...@gmail.com> wrote:
>
> > The thing is I couldn't figure out what rules are needed to get out to
> the
> > Internet!
> >
> > If I add no rules at all, then the PC can get a DHCP address, but it
> can't
> > even ping pfSense.
> >
> > I tried adding several rules (simultaneously), but didn't find anything
> to
> > allow me out to the Internet.
> >
> > Simply adding a "DMZnet -> WANnet" rule did not let me get out.
> > Adding the firewall specifically (since that is the GW it will go
> through)
> > did not help either.
> > (I tried a few more things in desperation, but nothing changed)
> >
> > Obviously the "DMZnet -> !LANnet" worked, but that doesn't block off all
> > the other DMZs :-(
> >
> > Regards,
> > -Jeppe
> >
> >
> > On Sun, Jun 25, 2017 at 8:28 PM, Leandro de la Paz <lean...@jovenclub.cu
> >
> > wrote:
> >
> > > Hi, it should be simple. pfsense deny all the traffic in the absence of
> > > any rules so it should be blocking all communication between DMZs by
> > > default. To allow the traffic to reach Internet, all you need to do is
> > > create a rule that permit the traffic that goes everywhere except to an
> > > alias that contains the private network (RFC1918) subnets. I recommend
> it
> > > that you do it at the floating rules tab, that way you may select
> several
> > > interfaces in one rule. However, you still may need to edit the rule
> > every
> > > time that new DMZ is added.
> > >
> > > ⁣---
> > > Regards,
> > > Leandro
> > >
> > > En 25 jun. 2017 4:04 p. m., en 4:04 p. m., "Jeppe Øland" <
> > jol...@gmail.com>
> > > escribió:
> > > >Does anybody know how to do this more easily.
> > > >
> > > >Lets say I have 10 different isolated DMZs.
> > > >(They are created as VLANs on the "inside" interface so I can connect
> > > >servers to them).
> > > >
> > > >Now I want each VLAN to be able to get an IP address from a DHCP pool,
> > > >and
> > > >to hit the Internet.
> > > >Nothing else.
> > > >No DMZ<->DMZ or DMZ->LAN traffic.
> > > >
> > > >The default LAN rules allow me to hit each DMZ from the LAN, so that
> > > >part
> > > >is good.
> > > >The problem is getting each DMZ isolated from each other.
> > > >
> > > >The only thing I have working is to create 10 rules on each DMZ (to
> > > >block
> > > >access to the other DMZs and the LAN), and an accept "any" rule to be
> > > >able
> > > >to get out.
> > > >
> > > >I really don't like this as it's error prone.
> > > >If I add a new DMZ, I have to remember to add that rule to all the
> > > >others.
> > > >
> > > >Is there an easy set of rules I can make to allow the DMZ access to
> > > >only
> > > >its own net, and the Internet?
> > > >
> > > >Regards,
> > > >-Jeppe
> > > >___
> > > >pfSense mailing list
> > > >https://lists.pfsense.org/mailman/listinfo/list
> > > >Support the project with Gold! https://pfsense.org/gold
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> > >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multiple DMZs isolated from each other

2017-06-26 Thread Jeppe Øland

The thing is I couldn't figure out what rules are needed to get out to the
Internet!

If I add no rules at all, then the PC can get a DHCP address, but it can't
even ping pfSense.

I tried adding several rules (simultaneously), but didn't find anything to
allow me out to the Internet.

Simply adding a "DMZnet -> WANnet" rule did not let me get out.
Adding the firewall specifically (since that is the GW it will go through)
did not help either.
(I tried a few more things in desperation, but nothing changed)

Obviously the "DMZnet -> !LANnet" worked, but that doesn't block off all
the other DMZs :-(

Regards,
-Jeppe


On Sun, Jun 25, 2017 at 8:28 PM, Leandro de la Paz <lean...@jovenclub.cu>
wrote:

> Hi, it should be simple. pfsense deny all the traffic in the absence of
> any rules so it should be blocking all communication between DMZs by
> default. To allow the traffic to reach Internet, all you need to do is
> create a rule that permit the traffic that goes everywhere except to an
> alias that contains the private network (RFC1918) subnets. I recommend it
> that you do it at the floating rules tab, that way you may select several
> interfaces in one rule. However, you still may need to edit the rule every
> time that new DMZ is added.
>
> ⁣---
> Regards,
> Leandro
>
> En 25 jun. 2017 4:04 p. m., en 4:04 p. m., "Jeppe Øland" <jol...@gmail.com>
> escribió:
> >Does anybody know how to do this more easily.
> >
> >Lets say I have 10 different isolated DMZs.
> >(They are created as VLANs on the "inside" interface so I can connect
> >servers to them).
> >
> >Now I want each VLAN to be able to get an IP address from a DHCP pool,
> >and
> >to hit the Internet.
> >Nothing else.
> >No DMZ<->DMZ or DMZ->LAN traffic.
> >
> >The default LAN rules allow me to hit each DMZ from the LAN, so that
> >part
> >is good.
> >The problem is getting each DMZ isolated from each other.
> >
> >The only thing I have working is to create 10 rules on each DMZ (to
> >block
> >access to the other DMZs and the LAN), and an accept "any" rule to be
> >able
> >to get out.
> >
> >I really don't like this as it's error prone.
> >If I add a new DMZ, I have to remember to add that rule to all the
> >others.
> >
> >Is there an easy set of rules I can make to allow the DMZ access to
> >only
> >its own net, and the Internet?
> >
> >Regards,
> >-Jeppe
> >___
> >pfSense mailing list
> >https://lists.pfsense.org/mailman/listinfo/list
> >Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Multiple DMZs isolated from each other

2017-06-25 Thread Jeppe Øland

Does anybody know how to do this more easily.

Lets say I have 10 different isolated DMZs.
(They are created as VLANs on the "inside" interface so I can connect
servers to them).

Now I want each VLAN to be able to get an IP address from a DHCP pool, and
to hit the Internet.
Nothing else.
No DMZ<->DMZ or DMZ->LAN traffic.

The default LAN rules allow me to hit each DMZ from the LAN, so that part
is good.
The problem is getting each DMZ isolated from each other.

The only thing I have working is to create 10 rules on each DMZ (to block
access to the other DMZs and the LAN), and an accept "any" rule to be able
to get out.

I really don't like this as it's error prone.
If I add a new DMZ, I have to remember to add that rule to all the others.

Is there an easy set of rules I can make to allow the DMZ access to only
its own net, and the Internet?

Regards,
-Jeppe
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Firewall rules enabled/disabled depending on WAN status?

2017-05-28 Thread Jeppe Øland

For a while, I was playing around with having 2 WAN connections to my house.

The primary connection was the only one I cared about, and the secondary
was just there so I could get to important services in the event my primary
ISP was down.

I had a super cheap wireless connection (through FreedomPop) ... but over
time it started costing more and more due to web traffic hitting my web
server.
Nothing pointed to the secondary IP, so I assume this was either bad luck
in the IP I got - or script kiddies scanning the Internet and attacking
anything visible.

I was thinking this problem could be eliminated if I could turn the WAN2
rules off if WAN1 was up and running
This is probably not possible to do, but would it be simple to add?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] RRD alternatives

2017-02-18 Thread Jeppe Øland

Yeah I much prefer the old graphs too.
The new ones are lacking a ton of information that the old ones provided.
For example, you can no longer see the amount of data that has been passed
over an interface in the past X months.

On Fri, Feb 17, 2017 at 2:44 PM, PiBa  wrote:

> Or just open Status/Monitoring. And use wrench icon to switch to different
> stats.. That contains most if not all of the old rrd stats.
>
> Op 17-2-2017 om 22:20 schreef Ivo Tonev:
>
> zabbix ( via agent package or snmp )
>> nagios  ( snmp )
>> http://nfsen.sourceforge.net/ ( softflowd )
>>
>> On Fri, Feb 17, 2017 at 7:00 PM, Antonio Cortes Alhambra <
>> antonio.cor...@incatel.cl> wrote:
>>
>> http://www.cacti.net/
>>>
>>>
>>> Saludos Cordiales
>>>
>>>
>>>
>>>
>>>
>>> 
>>>
>>> 2017-02-17 17:30 GMT-03:00 Cheyenne Deal :
>>>
>>> Is there an alternative to what were the rrd graphs in 2.2?
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

 ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>>>
>>
>>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Wifi

2016-07-19 Thread Jeppe Øland

On Mon, Jul 18, 2016 at 11:21 PM, Eero Volotinen 
wrote:

> What is wrong with UniFI AC "square models" ?
>
> Currently running three of them at office -- they work fine :)
>

A lot of people have problems with them (stability, overheating, low range)
- but obviously not everybody or the product would have been recalled.

Also, it seems like Ubiquiti is more or less abandoning the square models -
for example the 802.11rkv support they are working on so far is only going
to be done for the new AC models.

Regards,
-Jeppe
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Wifi

2016-07-18 Thread Jeppe Øland

On Sun, Jul 17, 2016 at 3:13 PM, WebDawg  wrote:

> UniFi AP-AC-Pro is a great AP.  Though to control it you have to run the
> controller software on a server, does not need to stay active all the time
> unless you need to use some of the active features.

My experience with WiFi through pfSense has left a lot to be desired, and
as you said it really doesn't support much hardware.

The new line of UniFi AC APs is indeed great (avoid the previous generation
"square models").
Setup can be done without a controller PC (you use your cellphone), and if
you have to have some of the advanced features that require the controller,
Ubiquiti also sells a little embedded system for that purpose.

Regards
-Jeppe
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Update 2.3_1 to 2.3.1 failed

2016-05-24 Thread Jeppe Øland

Is the "NanoBSD filesystem is mounted r/w" a temporary thing until you fix
these issues?

On Tue, May 24, 2016 at 1:10 PM, Chris Buechler  wrote:

> On Tue, May 24, 2016 at 2:47 PM, Karl Fife  wrote:
> > On 5/24/2016 2:30 PM, Chris Buechler wrote:
> >>
> >> On Tue, May 24, 2016 at 2:25 PM, WebDawg  wrote:
> >>>
> >>> On Tue, May 24, 2016 at 2:18 PM, Chris Buechler 
> wrote:
> >>>
>  On Tue, May 24, 2016 at 1:28 PM, WebDawg  wrote:
> >
> > On Tue, May 24, 2016 at 11:34 AM, Chris Buechler 
> 
>  wrote:
> >>
> >> On Tue, May 24, 2016 at 5:33 AM, OSN | Marian Fischer 
> 
>  wrote:
> >>>
> >>> Hi list,
> >>>
> >>> when i try to update one carp member from 2.3_1 to the latest
> update
> >>
> >> (2.3.1) it fails after
> >>>
> >>> # snip
> >>> Updating pfSense-core repository catalogue...
> >>> Unable to update repository pfSense-core
> >>> Updating pfSense repository catalogue...
> >>> # snip
> >>>
> >>> the other member did the update well. Both are running on 4GB  CF
> >>> nano
> >>
> >> install.
> >>>
> >>> any solution out there?
> >>
> >> Diag>NanoBSD, set to permanent rw, and reboot for good measure. It
> >> work
> >> then?
> >> ___
> >>
> >
> > I have a few pfSense devices that I purchased, do I need to set
> > permanent
> > rw on them for 2.3.1?
> 
>  If you have problems with them, yes. Once upgraded to 2.3.1, they'll
>  be set permanent rw with no option to go ro.
> 
> >>>
> >>> So if I already have them up to 2.3.1, I am fine.
> >>
> >> Yes.
> >> ___
> >> pfSense mailing list
> >> https://lists.pfsense.org/mailman/listinfo/list
> >> Support the project with Gold! https://pfsense.org/gold
> >
> >
> > So is the R/O,R/W issue the same cause as here?
> >
>
> No. There is some issue in that case where pkg's status reporting has
> a problem with nanobsd, where it makes the GUI think it failed, but
> it's actually successful and still running fine in the background. The
> upgrade still completed fine.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] [Announce] pfSense 2.3.1-RELEASE Now Available!

2016-05-19 Thread Jeppe Øland

6/61] Extracting cpdup-1.18: .. done
[57/61] Upgrading bsnmp-ucd from 0.4.1 to 0.4.2...
[57/61] Extracting bsnmp-ucd-0.4.2: .. done
[58/61] Installing uclcmd-0.1...
[58/61] Extracting uclcmd-0.1:  done
[59/61] Upgrading pfSense-default-config from 2.3 to 2.3.1...
[59/61] Extracting pfSense-default-config-2.3.1:  done
[60/61] Upgrading pfSense-base-nanobsd from 2.3 to 2.3.1...
===> Keeping a copy of current version mtree
[60/61] Extracting pfSense-base-nanobsd-2.3.1: . done
===> Removing schg flag from base files
===> Extracting new base tarball
===> Removing static obsoleted files
[61/61] Upgrading pfSense from 2.3_1 to 2.3.1...
[61/61] Extracting pfSense-2.3.1:  done
Message from python27-2.7.11_2:
===

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

bsddb   databases/py-bsddb
gdbmdatabases/py-gdbm
sqlite3 databases/py-sqlite3
tkinter x11-toolkits/py-tkinter

===
Message from perl5-5.20.3_12:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:

#!/usr/local/bin/perl

or

#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from smartmontools-6.4_2:
smartmontools has been installed

To check the status of drives, use the following:

/usr/local/sbin/smartctl -a /dev/ad0 for first ATA/SATA drive
/usr/local/sbin/smartctl -a /dev/da0 for first SCSI drive
/usr/local/sbin/smartctl -a /dev/ada0 for first SATA drive

To include drive health information in your daily status reports,
add a line like the following to /etc/periodic.conf:
daily_status_smart_devices="/dev/ad0 /dev/da0"
substituting the appropriate device names for your SMART-capable disks.

To enable drive monitoring, you can use /usr/local/sbin/smartd.
A sample configuration file has been installed as
/usr/local/etc/smartd.conf.sample
Copy this file to /usr/local/etc/smartd.conf and edit appropriately

To have smartd start at boot
echo 'smartd_enable="YES"' >> /etc/rc.conf
Message from openvpn-2.3.11:
### --------
###  Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
###  startup. See /usr/local/etc/rc.d/openvpn for details.
### 
###  Connect to VPN server as a client with this command to include
###  the client.up/down scripts in the initialization:
###  openvpn-client .ovpn
### 
###  For compatibility notes when interoperating with older OpenVPN
###  versions, please, see <http://openvpn.net/relnotes.html>
### 
Message from dnsmasq-devel-2.76.0test12:
*** To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
*** set dnsmasq_enable="YES" in /etc/rc.conf[.local]
***
*** Further options and actions are documented inside
*** /usr/local/etc/rc.d/dnsmasq
>>> Setting secondary partition as active... done.
Upgrade is complete.  Rebooting in 10 seconds.
>>> Locking package pfSense-kernel-pfSense... done.


On Thu, May 19, 2016 at 6:36 PM, Jeppe Øland <jol...@gmail.com> wrote:

> I saw the same problem.
> (Reported in another thread).
>
> Basically I get a failure on any package update.
> The package installs/uninstalls correctly, but for some reason pfSense
> thinks they all fail.
>
> On Thu, May 19, 2016 at 5:18 PM, Karl Fife <karlf...@gmail.com> wrote:
>
>> I just upgraded pfSense community edition from 2.2.6 to 2.3 on two
>> different Lanner FW-7541D's
>>
>> In both cases the UI reported "Firmware Installation Failed"
>>
>> thusly:  https://imagebin.ca/v/2hkICOAnJnbs
>>
>> however the unit rebooted, correctly showing the updated version.
>>
>> The install logs didn't seem to have any smoking guns:
>>
>> http://pastebin.com/vFMqWNHK
>>
>> Any thoughts?
>>
>>
>>
>> On 5/18/2016 4:33 PM, Chris Buechler wrote:
>>
>>> We are happy to announce the release of pfSense® software version 2.3.1!
>>>
>>> This is a maintenance release in the 2.3.x series, bringing a number
>>> of bug fixes, two security fixes in the GUI, as well as security fixes
>>> for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg.
>>>
>>> Please see the release announcement for all the details.
>>> https://blog.pfsense.org/?p=2050
>>> ___
>>> Announce mailing list
>>> annou...@lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/announce
>>>
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] [Announce] pfSense 2.3.1-RELEASE Now Available!

2016-05-19 Thread Jeppe Øland

I saw the same problem.
(Reported in another thread).

Basically I get a failure on any package update.
The package installs/uninstalls correctly, but for some reason pfSense
thinks they all fail.

On Thu, May 19, 2016 at 5:18 PM, Karl Fife  wrote:

> I just upgraded pfSense community edition from 2.2.6 to 2.3 on two
> different Lanner FW-7541D's
>
> In both cases the UI reported "Firmware Installation Failed"
>
> thusly:  https://imagebin.ca/v/2hkICOAnJnbs
>
> however the unit rebooted, correctly showing the updated version.
>
> The install logs didn't seem to have any smoking guns:
>
> http://pastebin.com/vFMqWNHK
>
> Any thoughts?
>
>
>
> On 5/18/2016 4:33 PM, Chris Buechler wrote:
>
>> We are happy to announce the release of pfSense® software version 2.3.1!
>>
>> This is a maintenance release in the 2.3.x series, bringing a number
>> of bug fixes, two security fixes in the GUI, as well as security fixes
>> for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg.
>>
>> Please see the release announcement for all the details.
>> https://blog.pfsense.org/?p=2050
>> ___
>> Announce mailing list
>> annou...@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/announce
>>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Upgraded to new pfSense Router, can't find RRD graphs after restore

2016-05-07 Thread Jeppe Øland

They are in "Status/Monitoring".
Look prettier than before, but leaves a lot to be desired in the detail
department if you ask me :-(

On Sat, May 7, 2016 at 11:08 AM, Walter Parker  wrote:

> Hi,
>
> I just upgraded from my old ALIX router that I brought from Netgate several
> years ago (which has worked great for the past several years).
>
> The new box is nice, it is much faster. I restored my old 2.2.5 config on
> the new system and I have a few questions:
>
> Where are the RRD graphs (I don't see a menu option for the graphs)
> How do I remove the vnstat2 menu item (the package was removed during
> upgrade because it is not supported in 2.3).
>
>
> Walter
>
> --
> The greatest dangers to liberty lurk in insidious encroachment by men of
> zeal, well-meaning but without understanding.   -- Justice Louis D.
> Brandeis
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3_1 ?

2016-05-06 Thread Jeppe Øland

The release notes actually says "The NTP service needs to be manually
restarted under Status>Services afterwards".
To me that implies that the old one keeps running, and you have to restart
it for the new version to take effect.
What in fact happens is that the old one is stopped, and no NTP service
will be running until you start the new one.

Still doesn't address the bug I was experiencing - all package
install/uninstalls fail, but actually do everything(?) they should.

The only thing not done for me as far as I can tell is to change the
version number to 2.3_1 ... but maybe that will change if I reboot the
firewall.

On Fri, May 6, 2016 at 8:04 AM, Oliver Hansen 
wrote:

> On May 6, 2016 6:01 AM, "Vick Khera"  wrote:
> >
> > On Thu, May 5, 2016 at 3:05 PM, Jim Thompson  wrote:
> >
> > > it’s documented that you need to (re)start NTP manually.
> > >
> >
> > Where would one learn this? The update page doesn't say anything about
> > "after applying this update, do XYZ". That would be the ideal place, IMO.
>
> I don't recall if there's a link from the update page but the release notes
> have it which are in the usual place. https://blog.pfsense.org/?cat=53
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3_1 ?

2016-05-05 Thread Jeppe Øland

So the update failed, and pfSense still says 2.3 - but NTP was indeed
updated (but not restarted).

I then tried installing the RRD_Summary package.
That one also said it failed, but still completed enough that the menu
appeared and worked.

I forget if it said "failed" when I uninstalled it again ... probably did.

This install is running a 4G NANO image ... maybe there's a problem with
that?

Regards,
-Jeppe

On Thu, May 5, 2016 at 6:26 AM, Paul Mather <p...@gromit.dlib.vt.edu> wrote:

> On May 5, 2016, at 9:13 AM, Vick Khera <vi...@khera.org> wrote:
>
> > On Tue, May 3, 2016 at 11:24 AM, Jeppe Øland <jol...@gmail.com> wrote:
> >
> >> Does this update actually work?
> >>
> >> After hitting install and crunching for a while, it showed "firmware
> >> installation failed!" at the top.
> >>
> >
> > I just did the upgrade and it succeeded. However, ntpd was not restarted
> on
> > either of the two systems upgraded. I had to manually restart ntpd.
>
>
> Same here.  In fact, in my case, ntpd ended up in the stopped state, and I
> had to start it manually.
>
> Cheers,
>
> Paul.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

2016-05-03 Thread Jeppe Øland

Found it (Status/Monitoring), but buy do I dislike the new setup.

I really liked the old one where I could see several time-periods at a
glance.

But worse is I can't seem to get the new UI to show me "total data passed
in/out" for the interfaces over a period. I use(d) this for accounting :-(

On Tue, May 3, 2016 at 8:31 AM, Jeppe Øland <jol...@gmail.com> wrote:

> Where did RRD graphs move to in 2.3?
> Can't seem to find them anywhere (am I blind?)
>
> On Thu, Apr 21, 2016 at 5:22 AM, Vick Khera <vi...@khera.org> wrote:
>
>> oh never mind. i first read you did an upgrade. that is a weird symptom...
>>
>> On Thu, Apr 21, 2016 at 8:21 AM, Vick Khera <vi...@khera.org> wrote:
>>
>> >
>> > On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers <g...@weijers.org> wrote:
>> >
>> >> I just performed a clean install of 2.3 on an AMD64 PC. Everything is
>> >> fine,
>> >>
>> >
>> > Was your prior install 32-bit? When you switch/upgrade from 32 to 64 bit
>> > the RRD graphs break.
>> >
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

2016-05-03 Thread Jeppe Øland

Where did RRD graphs move to in 2.3?
Can't seem to find them anywhere (am I blind?)

On Thu, Apr 21, 2016 at 5:22 AM, Vick Khera  wrote:

> oh never mind. i first read you did an upgrade. that is a weird symptom...
>
> On Thu, Apr 21, 2016 at 8:21 AM, Vick Khera  wrote:
>
> >
> > On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers  wrote:
> >
> >> I just performed a clean install of 2.3 on an AMD64 PC. Everything is
> >> fine,
> >>
> >
> > Was your prior install 32-bit? When you switch/upgrade from 32 to 64 bit
> > the RRD graphs break.
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3_1 ?

2016-05-03 Thread Jeppe Øland

Does this update actually work?

After hitting install and crunching for a while, it showed "firmware
installation failed!" at the top.

Log window showed:
firmware installation failed!

>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Unlocking package pfSense-kernel-pfSense... done.
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (5 candidates): . done
Processing candidates (5 candidates): ... done
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense: 2.3 -> 2.3_1 [pfSense]
ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]

The process will require 2 KiB more space.
493 KiB to be downloaded.
Fetching pfSense-2.3_1.txz: . done
Fetching ntp-4.2.8p7.txz: .. done
Checking integrity... done (0 conflicting)
>>> Upgrading necessary packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (5 candidates): . done
Processing candidates (5 candidates): ... done
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense: 2.3 -> 2.3_1 [pfSense]
ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]

The process will require 2 KiB more space.
[1/2] Upgrading ntp from 4.2.8p6 to 4.2.8p7...
[1/2] Extracting ntp-4.2.8p7: .. done
[2/2] Upgrading pfSense from 2.3 to 2.3_1...
[2/2] Extracting pfSense-2.3_1: ... done
>>> Removing unnecessary packages... done.
>>> Cleanup pkg cache... done.
>>> Locking package pfSense-kernel-pfSense... done.


On Mon, May 2, 2016 at 8:24 AM, Olivier Mascia  wrote:

>
> > Le 2 mai 2016 à 16:19, Jason Hellenthal  a
> écrit :
> >
> > Signé partie PGP
> > _1 would not be a development release. That would be a patch or an
> addendum which I would assume handles the ntp security flaw patched in
> recent FreeBSD security release.
> >
> > https://www.freebsd.org/security/advisories/FreeBSD-SA-16:16.ntp.asc
> >
> > On May 2, 2016, at 08:54, Olivier Mascia  wrote:
> >
> > The update check on 2.3-REL GUI offers me 2.3_1, yet I don't see mention
> of it on pfsense.org.
> > Could it be that my system polls for dev branch releases and not only
> released builds?
> > Or that the auto-update only revealed the beast before the blog on
> pfsense.org?
>
> Indeed.
>
> Installed packages to be UPGRADED:
> pfSense: 2.3 -> 2.3_1 [pfSense]
> ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]
>
> --
> Meilleures salutations, Met vriendelijke groeten, Best Regards,
> Olivier Mascia, integral.be/om
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] testing email

2015-04-08 Thread Jeppe Øland

Same here ... hard to believe Gmail is bouncing...

On Wed, Apr 8, 2015 at 11:58 AM, Mike Montgomery
onezero1010...@gmail.com wrote:
 I got the same re-enable email to my gmail account.

 On Wed, Apr 8, 2015 at 2:48 PM, WebDawg webd...@gmail.com wrote:

 Same here,

 
  Viruses being detected by my ASSP spam filter coming in from the list and
  denying delivery.  Had to re-enable my account this AM.
 
  Doug
 
  --
  Ben Franklin quote:
 
  Those who would give up Essential Liberty to purchase a little Temporary
  Safety, deserve neither Liberty nor Safety.
 
 
 
 I am on gmail and I received an email to follow to re enable my account.
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] RRD persistence

2015-01-07 Thread Jeppe Øland

Doesn't it automatically save the latest files when you reboot?
I don't reboot often, but I don't remember ever having lost data
(except if the firewall crashes - which did happen a few times in the
past).

Regards,
-Jeppe

On Wed, Jan 7, 2015 at 5:05 AM, Peder Rovelstad provels...@comcast.net wrote:
 System: Advanced: Miscellaneous: RAM Disk Settings (near page bottom)

 -Original Message-
 From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
 Nenhum_de_Nos
 Sent: Wednesday, January 07, 2015 6:01 AM
 To: list@lists.pfsense.org
 Subject: [pfSense] RRD persistence

 Hail,

 I have a couple of pfsense using the nanobsd approach. Great stability,
 great for flash memory.
 But I always loose my rrd data when I reboot.

 is there a way to have it written like once a day/week ?

 thanks,

 matheus


 --
 We will call you cygnus,
 The God of balance you shall be

 A: Because it messes up the order in which people normally read text.
 Q: Why is top-posting such a bad thing?

 http://en.wikipedia.org/wiki/Posting_style
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 32 or 64?

2015-01-06 Thread Jeppe Øland

 That is only partially true, but you will have to do it manually...
 Before backup/upgrade/restore, convert your RRD files to XML and store
 them on another machine.

 Read the next paragraph below the one you quoted. :-)

Apparently I'm blind!
Awesome that this is already in place!

 It does precisely that provided you start with pfSense 2.1.x.
 What doesn't work is a 2.0.x backup w/RRD 32-bit to 2.1 64-bit.

Ah that makes sense.
The last time I had to do the manual conversion was from way before 2.1 days.
I guess the RRD backup in 2.0 (and earlier) was just the raw
platform-dependent files...

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 32 or 64?

2015-01-06 Thread Jeppe Øland

 https://doc.pfsense.org/index.php/Upgrade_Guide#Changing_architecture_.2832-bit_to_64-bit_or_vice_versa.29_during_upgrade

From that link:
 Upgrading from 32-bit to 64-bit mostly works fine with a couple caveats - the
 32-bit RRD data is invalid on the 64-bit version and will have to be deleted 
 by
 running rm -rf /var/db/rrd*. All RRD history will be lost, this cannot be 
 converted.

That is only partially true, but you will have to do it manually...
Before backup/upgrade/restore, convert your RRD files to XML and store
them on another machine.
Then after the new machine is running, convert/replace the XML files
to the new installation.

Somebody detailed it here: https://forum.pfsense.org/index.php?topic=49955.0

rrdtool is actually installed on pfSense itself, so you don't need
any additional machines if you don't mind ssh'ing to pfSense and doing
it there.

Actually, I guess it would be nice to have an option to make a backup
of the pfSense configurations, with RRD data stored as an XML blob.
It should probably come with a warning that the backup will be
significantly larger, but that it's useful when changing
architectures.
This might also be useful in the future if ARM/MIPS platforms become
more commonplace...

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-11-03 Thread Jeppe Øland

On Mon, Nov 3, 2014 at 4:25 PM, Sean m...@thegeekclub.net wrote:
 http://www.newegg.com/Product/Product.aspx?Item=N82E16820161493  -- notice
 the 4,000,000 MTBF

 Of course this stuff is all no longer for sale but my point here is I went
 out of my way to get an mSATA chip designed for embedded systems with a very
 high MTBF as I built this little sucker to last 7-10 years if possible.

I hope they printed that MTBF on soft paper since then it will at
least be usable for wiping with.

(In my case, the Kingston S100 8GB embedded/industrial SSD had a
measly MTBF of 1,000,000 which I apparently went through 3 times in 2
years).

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jeppe Øland

 3 year old Kingston SSDs are not like new Kingston SSDs.

Agreed.

On the other hand, I tend to distrust manufacturers that shipped
completely unreliable drives without any thought.
Kingston/OCZ/Crucial are all in this boat for me.

As for Nano, I thought it mounted almost everything as RO and only
changed settings to write down settings changes, and RRD databases etc
on reboots?
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] APU and SSD: full install or NanoBSD

2014-10-30 Thread Jeppe Øland

On Thu, Oct 30, 2014 at 8:33 AM, Jim Thompson j...@smallworks.com wrote:
 On the other hand, I tend to distrust manufacturers that shipped
 completely unreliable drives without any thought.
 Kingston/OCZ/Crucial are all in this boat for me.

 I’m sure I’ve been burned at least as badly by these, and others, and I
 still buy from them.

What can you do? The speed increase from SSDs in a PC means its almost
impossible to go back to an HDD.
And in a firewall/appliance, the benefits from no moving parts/lower
power/heat/noise is hard to ignore.

 As for Nano, I thought it mounted almost everything as RO and only
 changed settings to write down settings changes, and RRD databases etc
 on reboots?

 I think I’ve already responded to this.

 nano is a  10 year old “solution” to the problems that existed at the time.
 http://markmail.org/message/rxe4xfpmdwva7q3e

 That doesn’t mean it’s a bad solution, but though it’s author is a brilliant
 individual, he obviously didn’t envision SSD in 2004.

Are you saying the nano release only covers the boot-slices?
I thought the nano/embedded versions also write less to the disk.
I don't have a full install handy to check, but the nano install
definitely mounts the drive RO, and all runtime stuff (/var, /tmp) is
run out of RAM disks.

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-30 Thread Jeppe Øland

Whatever somebody did, it worked.
Thanks!

On Fri, Aug 29, 2014 at 10:25 AM, Jeppe Øland jol...@gmail.com wrote:
I'm running amd64.

Doesn't the updater check the files here?
http://updates.pfsense.org/_updaters/amd64/

As you can see, a lot of those files are old.

On Fri, Aug 29, 2014 at 10:10 AM, Jeremy Porter
jpor...@electricsheepfencing.com wrote:
Are you running i386 or amd64? and what hardware?
It looks like the upgrades are there to me:
http://files.atx.pfsense.org/mirror/updates/pfSense-2.1.5-RELEASE-4g-amd64-nanobsd-vga-upgrade.img.gz
http://files.atx.pfsense.org/mirror/updates/pfSense-2.1.5-RELEASE-4g-i386-nanobsd-vga-upgrade.img.gz

On 8/29/2014 10:02 AM, Jeppe Øland wrote:
Found out why.
I'm running 2.1.4-nanobsd-vga-4g
Only the regular and plain nanobsd images have been updated but
nanobsd-vga users are still left out in the cold.

Hopefully the pfSense guys will release them soon.

On Fri, Aug 29, 2014 at 7:57 AM, Jeppe Øland jol...@gmail.com wrote:
I cleared the cache/cookies etc, did ctrl+f5, and a few other random
things.
Still says 2.1.4 is the latest version :(

On Fri, Aug 29, 2014 at 7:47 AM, Jim Thompson j...@netgate.com wrote:
again, the CSS changed, and the browsers love to cache that stuff.

On Fri, Aug 29, 2014 at 8:47 AM, Peder Rovelstad provels...@comcast.net
wrote:
I did note the Code Red color scheme wraps the page header bar,
putting
Help under System. I have such problems...
It did this for me a well, but holding the shift key down and doing a
browser refresh fixed it.

Doug

And there you go. Thanks!

P
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Jeppe Øland

Hmm, my pfSense 2.1.4 (amd64) release says its on the latest release...

On Thu, Aug 28, 2014 at 2:19 PM, RB aoz@gmail.com wrote:
 On Thu, Aug 28, 2014 at 2:59 PM, Ryan Coleman ryanjc...@me.com wrote:
 FYI.

 Oh, hey - sweet!  I didn't even realize I wasn't subscribed to announce@
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Jeppe Øland

I cleared the cache/cookies etc, did ctrl+f5, and a few other random things.
Still says 2.1.4 is the latest version :(

On Fri, Aug 29, 2014 at 7:47 AM, Jim Thompson j...@netgate.com wrote:
 again, the CSS changed, and the browsers love to cache that stuff.

 On Fri, Aug 29, 2014 at 8:47 AM, Peder Rovelstad provels...@comcast.net 
 wrote:

 I did note the Code Red color scheme wraps the page header bar, putting
 Help under System.   I have such problems...

 It did this for me a well, but holding the shift key down and doing a
 browser refresh fixed it.

 Doug

 And there you go.  Thanks!

 P
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Jeppe Øland

Found out why.
I'm running 2.1.4-nanobsd-vga-4g
Only the regular and plain nanobsd images have been updated but
nanobsd-vga users are still left out in the cold.

Hopefully the pfSense guys will release them soon.

On Fri, Aug 29, 2014 at 7:57 AM, Jeppe Øland jol...@gmail.com wrote:
 I cleared the cache/cookies etc, did ctrl+f5, and a few other random things.
 Still says 2.1.4 is the latest version :(

 On Fri, Aug 29, 2014 at 7:47 AM, Jim Thompson j...@netgate.com wrote:
 again, the CSS changed, and the browsers love to cache that stuff.

 On Fri, Aug 29, 2014 at 8:47 AM, Peder Rovelstad provels...@comcast.net 
 wrote:

 I did note the Code Red color scheme wraps the page header bar, putting
 Help under System.   I have such problems...

 It did this for me a well, but holding the shift key down and doing a
 browser refresh fixed it.

 Doug

 And there you go.  Thanks!

 P
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: [Announce] 2.1.5 Release

2014-08-29 Thread Jeppe Øland

I'm running amd64.

Doesn't the updater check the files here?
http://updates.pfsense.org/_updaters/amd64/

As you can see, a lot of those files are old.

Hopefully the pfSense guys will release them soon.

On Fri, Aug 29, 2014 at 7:57 AM, Jeppe Øland jol...@gmail.com wrote:
I cleared the cache/cookies etc, did ctrl+f5, and a few other random things.
Still says 2.1.4 is the latest version :(

On Fri, Aug 29, 2014 at 7:47 AM, Jim Thompson j...@netgate.com wrote:
again, the CSS changed, and the browsers love to cache that stuff.

Doug

And there you go. Thanks!

P
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense version 2.1.1 has been released

2014-04-06 Thread Jeppe Øland

(server-side) fix mentioned in the other thread worked.
Thanks!

Regards,
-Jeppe

On Sat, Apr 5, 2014 at 11:13 AM, Jeppe Øland jol...@gmail.com wrote:
 On Fri, Apr 4, 2014 at 8:58 AM, Jim Thompson j...@netgate.com wrote:
 Please see the blog post
 https://blog.pfsense.org/?p=1238

 Hmmm... mine gives an error that it can't verify the image signature...
 (I'm on 4gb 2.1 nano vga 64bit)

 Regards,
 -Jeppe
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense version 2.1.1 has been released

2014-04-05 Thread Jeppe Øland

On Fri, Apr 4, 2014 at 8:58 AM, Jim Thompson j...@netgate.com wrote:
 Please see the blog post
 https://blog.pfsense.org/?p=1238

Hmmm... mine gives an error that it can't verify the image signature...
(I'm on 4gb 2.1 nano vga 64bit)

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Traffic Graph: Not reflecting reality?

2013-11-06 Thread Jeppe Øland

Dave Warren da...@hireahit.com wrote:
 Is there any pattern? Could it be happening only on VLAN interfaces?

Possible ... my box only has 2 NICs and I have 2 WANs.
LAN is its own interface.
2 WANs are VLANd onto the other interface.

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Jeppe Øland

 I also understand your point though, since the software is OSS, it should
 be fairly easy to check for backdoors :)

 Yes, you *could* check. But does anybody? Check the *entire* code and
 get the big picture?

Realistically speaking, that wouldn't be enough anyways.

What is the percentage of pfSense users that download source and build
it themselves vs. download the prebuilt binary?

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Traffic Graph discrepancy in 2.1

2013-10-01 Thread Jeppe Øland

Hi there,

I just noticed that there seems to be a discrepancy in the speeds
reported on 2.1.
(I never noticed on earlier versions, but it could have been there too).

When traffic is running, the Traffic Graph for WAN will show
input/output traffic.
On the right will be a list of IPs generating the traffic along with
their I/O speeds.
The speeds for IN match up, but the speeds for OUT don't.
It appears the graph is showing 2x the actual bandwidth used.
The IP breakup on the right seems correct.

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 2.1 on WRAP

2013-09-20 Thread Jeppe Øland

Supermicro has a ton of Atom boards (they just announced a new 8 core
model).
http://www.supermicro.com/products/motherboard/ATOM/

I'm using an old D510 based board, with an enclosure + picoPSU:
http://www.mini-box.com/M350-enclosure-with-picoPSU-80-and-60W-adapter

Regards,
-Jeppe


On Fri, Sep 20, 2013 at 5:49 AM, Eugen Leitl eu...@leitl.org wrote:

 On Fri, Sep 20, 2013 at 07:41:11AM -0500, Jim Thompson wrote:
 
   On Sep 20, 2013, at 6:45 AM, Odette Nsaka odette.ns...@libero.it
 wrote:
  
   Does somebody know other reliable and cheap embedded platforms
 running pfSense with no problem?
 
  http://store.netgate.com/Netgate-FW-525B-P1919C83.aspx

 Some Supermicros qualify as well:


 http://www.thomas-krenn.com/en/products/server-systems/rack-server/1u-servers/intel-atom/intel-atom-d525-cse502.html

 There might be successor models to that system, but I haven't
 seen it advertised yet.

 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Dynamic DNS

2012-10-20 Thread Jeppe Øland

 Yes. We'd have thousands of people screaming if that wasn't the case,
 and I've never seen that not work. /etc/rc.newwanip runs when any IP
 changes, which does the update. It's not shown there in your log. When
 it runs it logs, not sure how much you snipped out.

 Since some of us have the problem, there's obviously something going on.

ISP had DHCP problems again yesterday and today, and yet again pfSense
failed to update!

Log from yesterday (System was rebooted the box to see if the problem
was local):
(Snipped a bunch of repeated or irrelevant lines)

Oct 19 07:28:12 dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Oct 19 07:28:12 dhcpleases: Could not deliver signal HUP to process
because its pidfile does not exist, No such file or directory.
Oct 19 07:28:12 dhcpleases: Could not deliver signal HUP to process
because its pidfile does not exist, No such file or directory.
Oct 19 07:28:12 check_reload_status: Updating all dyndns
Oct 19 07:28:12 dnsmasq[41848]: started, version 2.55 cachesize 1
Oct 19 07:28:12 dnsmasq[41848]: compile time options: IPv6 GNU-getopt
no-DBus I18N DHCP TFTP
Oct 19 07:28:12 dnsmasq[41848]: reading /etc/resolv.conf
Oct 19 07:28:12 dnsmasq[41848]: using nameserver 8.8.4.4#53
Oct 19 07:28:12 dnsmasq[41848]: using nameserver 8.8.8.8#53
Oct 19 07:28:12 dnsmasq[41848]: using nameserver 8.8.4.4#53
Oct 19 07:28:12 dnsmasq[41848]: using nameserver 8.8.8.8#53
Oct 19 07:28:12 dnsmasq[41848]: ignoring nameserver 127.0.0.1 - local 
interface
Oct 19 07:28:12 dnsmasq[41848]: ignoring nameserver 127.0.0.1 - local 
interface
Oct 19 07:28:12 dnsmasq[41848]: read /etc/hosts - 17 addresses
Oct 19 07:28:13 check_reload_status: Linkup starting em0
Oct 19 07:28:13 kernel: em0: link state changed to UP
Oct 19 07:28:17 php: : DynDns: updatedns() starting
Oct 19 07:28:17 php: : There was an error trying to determine the IP
for interface - wan(em1_vlan1001). Probably interface has no ip or is
down. Dyndns update not possible for dyndns.
Oct 19 07:28:27 php: : OpenNTPD is starting up.
Oct 19 07:28:29 check_reload_status: Restarting ipsec tunnels
Oct 19 07:28:32 php: : Creating rrd update script
Oct 19 07:28:32 kernel: p4tcc0: CPU Frequency Thermal Control on cpu0
Oct 19 07:28:32 kernel: p4tcc1: CPU Frequency Thermal Control on cpu1
Oct 19 07:28:32 kernel: p4tcc2: CPU Frequency Thermal Control on cpu2
Oct 19 07:28:32 kernel: p4tcc3: CPU Frequency Thermal Control on cpu3
Oct 19 07:28:33 php: : Restarting/Starting all packages.
Oct 19 07:28:34 login: login on ttyv0 as root
Oct 19 07:28:34 sshlockout[24879]: sshlockout/webConfigurator v3.0 
starting up
Oct 19 07:28:35 php: : IPSEC: One or more IPsec tunnel endpoints has
changed its IP. Refreshing.
Oct 19 07:28:37 check_reload_status: Reloading filter
Oct 19 07:28:44 dnsmasq[41848]: read /etc/hosts - 23 addresses
Oct 19 07:29:10 dhclient: FAIL
Oct 19 07:29:34 php: /index.php: Successful webConfigurator login for
user 'admin' from 10.10.10.10
Oct 19 07:29:34 php: /index.php: Successful webConfigurator login for
user 'admin' from 10.10.10.10
Oct 19 07:30:12 dhclient: FAIL
Oct 19 07:31:14 dhclient: FAIL
Oct 19 07:55:52 dhclient: ARPSEND
Oct 19 07:55:54 dhclient: ARPCHECK
Oct 19 07:57:10 dhclient: FAIL
Oct 19 07:58:12 dhclient: FAIL
Oct 19 09:03:37 dhclient: ARPSEND
Oct 19 09:03:39 dhclient: ARPCHECK
Oct 19 09:03:39 dhclient: BOUND
Oct 19 09:03:39 dhclient: Starting add_new_address()
Oct 19 09:03:39 dhclient: ifconfig em1_vlan1001 inet IP_OLD netmask
MASK broadcast BROADCAST
Oct 19 09:03:39 dhclient: New IP Address (em1_vlan1001): IP_OLD
Oct 19 09:03:39 dhclient: New Subnet Mask (em1_vlan1001): MASK
Oct 19 09:03:39 dhclient: New Broadcast Address (em1_vlan1001): 
BROADCAST
Oct 19 09:03:39 dhclient: New Routers (em1_vlan1001): GW
Oct 19 09:03:39 dhclient: Adding new routes to interface: em1_vlan1001
Oct 19 09:03:39 dhclient: /sbin/route add default GW
Oct 19 09:03:39 dhclient: Creating resolv.conf
Oct 19 09:15:59 dnsmasq[41848]: read /etc/hosts - 21 addresses
Oct 19 09:18:16 dnsmasq[41848]: read /etc/hosts - 21 addresses
Oct 19 09:28:45 dnsmasq[41848]: read /etc/hosts - 20 addresses
Oct 19 09:33:46 dhclient: RENEW
Oct 19 10:03:53 dhclient: RENEW

Notice DynDns did NOT run.
Midnight rolls around, and NOW the script runs (from cron):

Oct 20 00:39:17 dhclient: RENEW
Oct 20 01:01:00 php: : DynDns: updatedns() starting
Oct 20 01:01:00 php: : DynDns debug information: IP_OLD extracted
from local system.
Oct 20 01:01:00 php: : DynDns: Current WAN IP: IP_OLD Cached IP:

Re: [pfSense] Dynamic DNS

2012-10-20 Thread Jeppe Øland

On Sat, Oct 20, 2012 at 5:30 PM, Adam Thompson athom...@athompso.net wrote:
 I see a race condition (of sorts) in that log output - dyn update is 
 happening (triggered, anyway) before the i/f is fully up.

Do you mean the first one at Oct 19 07:28:17?
At that time, the DHCP server was down, so the interface came up but
no IP was given out.

At Oct 19 09:03:39 the DHCP server came back and gave out an IP, but
this time DynDns didn't run.
(This time it didn't matter as the IP was the same anyways ... as you
can see in the midnight update).

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] DynDNS troubles, once again

2012-07-26 Thread Jeppe Øland

On Thu, Jul 26, 2012 at 4:25 PM, Stefan Baur
newsgroups.ma...@stefanbaur.de wrote:
 There's got to be more in the log than just that!
 Nope, there isn't... but...
 Exactly from there:
 Do me a favor and see if you maybe by accidend checked the disable
 And GH, it seems that I hit that disable checkbox some time when I

Haha - that's classic. :-P

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Dynamic DNS

2012-06-06 Thread Jeppe Øland

On Thu, May 31, 2012 at 1:12 AM, Chris Buechler c...@pfsense.org wrote:
 It runs immediately after every IP change, and once a day to check if
 it needs to do an update (if one hasn't been done in 25 days (IIRC,
 somewhere around that) it'll update). No need for anything else.

 Are you sure about this?

 Yes. We'd have thousands of people screaming if that wasn't the case,
 and I've never seen that not work. /etc/rc.newwanip runs when any IP
 changes, which does the update. It's not shown there in your log. When
 it runs it logs, not sure how much you snipped out.

Since some of us have the problem, there's obviously something going on.

How exactly is the dyndns script triggered?

Anything specific I can do to troubleshoot?

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Dynamic DNS

2012-05-31 Thread Jeppe Øland

On Tue, Jan 10, 2012 at 6:26 PM, Chris Buechler c...@pfsense.org wrote:
 Okay, I think I found out what's going on:

 /etc/crontab contains
 1       1       *       *       *       root    /usr/bin/nice -n20
 /etc/rc.dyndns.update

 which means that the script only gets called at 01:01 AM each day.

 Is there any particular reason why this rather long interval was chosen?

 It runs immediately after every IP change, and once a day to check if
 it needs to do an update (if one hasn't been done in 25 days (IIRC,
 somewhere around that) it'll update). No need for anything else.

Are you sure about this?

I have seen DHCP fail for a while, finally succeeding - and dyndns did
NOT update.

Here's a quick system log for the latest occurrence of the problem (I
had rebooted the box a hour earlier to see if that would bring the
connection back, so the IP was currently listed as 0.0.0.0 in the UI):

May 31 00:19:04 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 3
May 31 00:19:07 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 5
May 31 00:19:12 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 10
May 31 00:19:22 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 12
May 31 00:19:34 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 7
May 31 00:19:41 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 19
May 31 00:20:00 dhclient[33083]: No DHCPOFFERS received.
May 31 00:20:00 dhclient[33083]: No working leases in persistent
database - sleeping.
May 31 00:20:00 dhclient: FAIL
May 31 00:20:01 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 2
May 31 00:20:03 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 2
May 31 00:20:05 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 2
May 31 00:20:07 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 5
May 31 00:20:12 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 5
May 31 00:20:17 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 12
May 31 00:20:29 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 15
May 31 00:20:44 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 18
May 31 00:21:02 dhclient[33083]: No DHCPOFFERS received.
May 31 00:21:02 dhclient[33083]: No working leases in persistent
database - sleeping.
May 31 00:21:02 dhclient: FAIL
May 31 00:21:03 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 1
May 31 00:21:04 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 1
May 31 00:21:05 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 1
May 31 00:21:06 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 1
May 31 00:21:07 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 1
May 31 00:21:08 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 1
May 31 00:21:09 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 2
May 31 00:21:11 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 4
May 31 00:21:15 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 10
May 31 00:21:25 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 12
May 31 00:21:37 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 15
May 31 00:21:52 dhclient[33083]: DHCPDISCOVER on em1_vlan1001 to
255.255.255.255 port 67 interval 12
May 31 00:21:54 dhclient[33083]: DHCPOFFER from x.x.x.x
May 31 00:21:54 dhclient: ARPSEND
May 31 00:21:56 dhclient: ARPCHECK
May 31 00:21:56 dhclient[33083]: DHCPREQUEST on em1_vlan1001 to
255.255.255.255 port 67
May 31 00:21:56 dhclient[33083]: DHCPACK from x.x.x.x
May 31 00:21:56 dhclient: BOUND
May 31 00:21:56 dhclient: Starting add_new_address()
May 31 00:21:57 dhclient: ifconfig em1_vlan1001 inet y.y.y.y netmask
255.255.255.192 broadcast z.z.z.z
May 31 00:21:57 dhclient: New IP Address (em1_vlan1001): y.y.y.y
May 31 00:21:57 dhclient: New Subnet Mask (em1_vlan1001): 
255.255.255.192
May 31 00:21:57 dhclient: New Broadcast Address (em1_vlan1001): z.z.z.z
May 31 00:21:57 dhclient: New Routers (em1_vlan1001): x.x.x.x
May 31 00:21:57 dhclient: Adding new routes to

Re: [pfSense] Dynamic DNS

2012-05-31 Thread Jeppe Øland

 I agree it obviously works for the majority of users, but some of us
 aren't so lucky...

I just noticed something strange.

The connection has been up for a while now, but the Dashboard gateways
pane shows:
   WAN1 | y.y.y.y | Gathering data | Gathering data | Gathering data

RRD graphs are correctly updating Traffic, but Quality is not updating.

After editing the system gateway (it's dynamic, so all I did is hit
SAVE with the same blank values ... then reload configuration), the
Dashboard and RRD graphs are updating correctly again.

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense error, maybe hard drive?

2012-03-21 Thread Jeppe Øland

 I deployed about a dozen Kingston 64G SSDs about a
 year and a half ago  (in laptops and desktops) and I've seen about a quarter
 of them fail with different symptoms in each case. Garbage

Totally agree. I have gone through 2 Kingston 4GB industrial SSDs so
far - and it didn't take long either. They fail fast! (Now I'm using
the 3rd one with an embedded install ... it seems to stay alive when
nobody is writing to it).

On the OCZ Vertex drives, I would avoid Vertex1 ... they die pretty
quick too if you write a lot. Vertex2 has been rock solid.

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense error, maybe hard drive?

2012-03-21 Thread Jeppe Øland

 I'm getting the following error when logging into the box. It's at the top
 of the page when presented with the username and password prompt. You can
 not go past the login page.  pretty sure it's due to faulty hard drives.

 Indeed it is. We discussed this with the vendor you got them from at
 length, seems they got a bad batch of SSDs. Judging by recent
 experiences, I'd stay away from Kingston SSDs.

Are you saying you have discussed the issue with Kingston, and that
they admitted problems?
If so, are their problems resolved (ie. is it worth doing an RMA?)

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Internet down after IP change?

2012-01-26 Thread Jeppe Øland

Twice now, I've had this problem ... and I'm stumped.

My ISP (like most) provisions IP via DHCP - and it rarely changes.

However, earlier today the ISP changed the IP ... and since then, the
Internet was down for me.
I am using pfSense 2.0.1 nanobsd_vga on amd64, and it had been up for
almost 35 days.
(The previous time they only changed the GW, and that did the trick
too - I *think* that was pfSense 2.0.0 full release on amd64 ...
search for WAN DHCP change of default GW ... on 12/16/2011).

Trying to find the problem was interesting (I didn't find it ... again
had to reboot pfSense to get the connection back). This is a summary
of what I found:
Any PC from my local LAN was unable to reach the Internet.
pfSense UI worked fine, and reported the connection being DOWN in
the Gateways widget.
System log contained nothing but a million copies of the following line:
firewall kernel: arpresolve: can't allocate llinfo for x.x.x.x
(address being what I believe was the previous GW).
Status/Gateways showed the device DOWN. Interestingly, Gateway and
Monitor IP were not the same.
All other screens looked reasonable.
!And finally, I could SSH to the pfSense box  and from
here, Internet access worked perfectly!

After trying to reset states etc, I took a screenshot of the pages I
thought might be interesting, and rebooted.
After rebooting, everything works normally.

Comparing different status screens after the reboot:
Dashboard: Identical aside from uptime etc.
Gateways: Monitor IP is now the same as the GW, and the connection
is reported as UP.
Interfaces: Identical
ARP table: Identical
Routes: Identical (except now there are routes defined for 8.8.8.8
and 8.8.4.4 which I use ... but I assume thats not the problem).

Any idea at all what could be going on here?

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN DHCP change of default GW ...

2011-12-19 Thread Jeppe Øland

 are you using Canal Digital as ISP by any chance?

No this was on a local San Francisco ISP.

It's not something they do on a regular basis, so chances are I will
never see the problem again - but I would like to understand what
happened!

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] WAN DHCP change of default GW ...

2011-12-16 Thread Jeppe Øland

Hi all,

The other day I got bitten by a change my ISP did.
Basically they changed some networking around, and as part of doing
that, they changed the default gateway.

My box got its IP and GW from the DHCP server.
Then they changed the DHCP server to serve the exact same information
- except the GW was changed (x.x.x.1 - x.x.x.2).
The old GW continued working for a good long while, and so I didn't
notice anything adverse at first.
Finally some time later (several days I believe), they killed the
x.x.x.1 GW ... and all my traffic ground to a halt.

I could ping the (new) GW they delivered to me since it was on the
same subnet as my WAN ... but DNS and any routed data was broken.
I could release the DHCP lease, and get a new one ... but routing
continued to be broken.
Clearing the state table had no effect either.

Not knowing what the cause of the problem was, I ended up rebooting
pfSense box - and that fixed the problem.

Now my question is: Why might pfSense have failed to work after the GW changed?

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Migrate RRD data between 32-bit and 64-bit systems.

2011-10-13 Thread Jeppe Øland

Since a bunch of people have asked about this, here's a quick HOWTO.

First locate your current DB files.
Since my box isn't running any more, I can't remember where they live
- probably /var/db/rrd ... but if it's a full install, it could also
be in /conf/db/rrd if I remember correctly.

I didn't actually do that ... I just made a backup of my configuration
including the RRD data (in the pfSense GUI). The old install was a
full HDD install).

When I restored it on the new install (a nano install only as I've
been having problems with drive reliability), it put a file rrd.tgz
in /conf ... that one contained all the files.

With the .rrd files in hand, you first have to get them exported to XML.
On a 32-bit system (can be a plain Linux box), use rrdtool to dump
the DB to an xml file:
rrdtool dump rrdfile xmlfile

With these XML files, you can create new platform RRD files.
On a 64-bit system (again, can be a plain Linux box), use rrdtool to
create a new DB file:
rrdtool restore xmlfile rrdfile

The resulting .rrd files can simply be copied into the var/db/rrd
directory - overwriting the files already there.

It gets a little trickier if you need to merge RRD files
For example if you install the new version pfSense for a few days,
regret and revert back to the old version.
Now your RRD graphs will have a big fat hole in them ... unless you
merge the 2 sets of graphs.

It used to be simple enough to do (there's a python tool called
merge-rrd), but when I tried it earlier, I found out that the tool no
longer works due to a small change in the exported XML.
In any case, I solved it ... look here if you need it.
http://forums.cacti.net/viewtopic.php?f=21t=38560

Regards,
-Jeppe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

46 matches

Mail list logo