Re: [pfSense] Not able to access https sites
Try implementing WPAD. Em 08/11/2014 13:21, Rupesh Gujrathi gujrathirupe...@gmail.com escreveu: Hi, friends I have configured pfsesnse ver 2.1.5 with squid3 for transparent proxy. All the sites are working fine but I am not able to access the https sites. Is there any configuration that I may be missing? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Limit bandwith pr user / ip
You can limit using captive portal, also. 2014-11-02 4:15 GMT-02:00 Vassilis V. bigracc...@gmx.net: Thank you Chris! Since I am interested in this too, are there any tricks when you want to do the same but you have a multi-WAN setup, or ,probably even worse, a multi-WAN setup with different WAN bandwidth? Thank you all! Vassilis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] VLAN Issue - pfSense/VMware/Cisco
Using the same configuration, but excluding the ESXi host (using a physical pfSense) it worked smoothly. I tried to remove the VLAN ID Tag from the vSwitch, but didn't work too :/ 2014-07-13 23:55 GMT-03:00 Justin Edmands shockwav...@gmail.com: Here is some interesting info about esxi NICs when used with Cisco, or other, VLAN: Only allowing through VLAN traffic on physical switch ports connecting to ESX reduces TCP/IP overhead. Native VLANs do not tag the out going VLAN packets toward ESX NICs and if the same VLAN ID is used to configure the vSwitch port group, the vSwitch drops any packet that is not tagged for it, causing the connection to fail. Unnecessary VLAN traffic on a TRUNK port that connects to ESX can cause major performance issues. Note: Do not use the Native VLAN ID of a physical switch as a VLAN on ESX/ESXi portgroups. Also the link shows the proper Cisco trunk config http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=1006628 On Sun, Jul 13, 2014 at 10:07 PM, Alex Needham alex.need...@gmail.com wrote: Hi If the port group is already in vlan 10 then you don't need to create a vlan in pfsense as the vswitch is already untaging it. Just add teh interface and assign an ip, or set the vswitch to be vlan 4095 and it will send tagged traffic through. Which is what I do so that you can make changes to pfSense without rebooting to detect a new interface that has been added through esx. Also throw an ip on the cisco switch ion vlan 10, that will help you trouble shoot the problem. Hope that helps Cheers Alex On 13 July 2014 18:03, Jonatas Baldin jonatas.bal...@gmail.com wrote: Hi guys, how u doing? I'm doing a home lab for VLAN studying and it's going bad. I don't know where the problem is. Here's my setup: VMware ESXi 5.5 pfSense 2.3.4 (VM) Cisco SF300 - The ESXi has o vSwitch attached to a port group in a physical interface with VLAN 10. - The pfSense has this port group attached and recognizing as em2. - In the pfSense I created a VLAN interface binding on em2 with de ID 10. - The FW rules are allowed everything in this interface and a DHCP server is configured on the VLAN interface. - Physically, this em2 interface is connected to the SF300 on a TRUNK port (port 10), with the VLAN 10 allowed. - And the port 11 is configured as an access port with VLAN 10, where I connected a laptop expecting to receive a DHCP address and got I ICMP response which I didn't, even configuring a static IP. Does anyone have a clue where the problem is? Thx! Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] VLAN Issue - pfSense/VMware/Cisco
*ISSUE SOLVED!* I use the VLAN ID in the vSwitch and took off the TAG in the pfSense (just adding a simple interface) Thanks for the help guys! 2014-07-14 17:43 GMT-03:00 Jonatas Baldin jonatas.bal...@gmail.com: Using the same configuration, but excluding the ESXi host (using a physical pfSense) it worked smoothly. I tried to remove the VLAN ID Tag from the vSwitch, but didn't work too :/ 2014-07-13 23:55 GMT-03:00 Justin Edmands shockwav...@gmail.com: Here is some interesting info about esxi NICs when used with Cisco, or other, VLAN: Only allowing through VLAN traffic on physical switch ports connecting to ESX reduces TCP/IP overhead. Native VLANs do not tag the out going VLAN packets toward ESX NICs and if the same VLAN ID is used to configure the vSwitch port group, the vSwitch drops any packet that is not tagged for it, causing the connection to fail. Unnecessary VLAN traffic on a TRUNK port that connects to ESX can cause major performance issues. Note: Do not use the Native VLAN ID of a physical switch as a VLAN on ESX/ESXi portgroups. Also the link shows the proper Cisco trunk config http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=1006628 On Sun, Jul 13, 2014 at 10:07 PM, Alex Needham alex.need...@gmail.com wrote: Hi If the port group is already in vlan 10 then you don't need to create a vlan in pfsense as the vswitch is already untaging it. Just add teh interface and assign an ip, or set the vswitch to be vlan 4095 and it will send tagged traffic through. Which is what I do so that you can make changes to pfSense without rebooting to detect a new interface that has been added through esx. Also throw an ip on the cisco switch ion vlan 10, that will help you trouble shoot the problem. Hope that helps Cheers Alex On 13 July 2014 18:03, Jonatas Baldin jonatas.bal...@gmail.com wrote: Hi guys, how u doing? I'm doing a home lab for VLAN studying and it's going bad. I don't know where the problem is. Here's my setup: VMware ESXi 5.5 pfSense 2.3.4 (VM) Cisco SF300 - The ESXi has o vSwitch attached to a port group in a physical interface with VLAN 10. - The pfSense has this port group attached and recognizing as em2. - In the pfSense I created a VLAN interface binding on em2 with de ID 10. - The FW rules are allowed everything in this interface and a DHCP server is configured on the VLAN interface. - Physically, this em2 interface is connected to the SF300 on a TRUNK port (port 10), with the VLAN 10 allowed. - And the port 11 is configured as an access port with VLAN 10, where I connected a laptop expecting to receive a DHCP address and got I ICMP response which I didn't, even configuring a static IP. Does anyone have a clue where the problem is? Thx! Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin -- Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] VLAN Issue - pfSense/VMware/Cisco
Hi guys, how u doing? I'm doing a home lab for VLAN studying and it's going bad. I don't know where the problem is. Here's my setup: VMware ESXi 5.5 pfSense 2.3.4 (VM) Cisco SF300 - The ESXi has o vSwitch attached to a port group in a physical interface with VLAN 10. - The pfSense has this port group attached and recognizing as em2. - In the pfSense I created a VLAN interface binding on em2 with de ID 10. - The FW rules are allowed everything in this interface and a DHCP server is configured on the VLAN interface. - Physically, this em2 interface is connected to the SF300 on a TRUNK port (port 10), with the VLAN 10 allowed. - And the port 11 is configured as an access port with VLAN 10, where I connected a laptop expecting to receive a DHCP address and got I ICMP response *which I didn't*, even configuring a static IP. Does anyone have a clue where the problem is? Thx! Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Network Topology - Home Lab
Hi guys, how are you doing? I hope someone can bring me some lights here haha I know this thread isn't about pfSense *specific*, it's more a network discussion, but I know someone here can help! Plus, if you know some good mailing list for Network discussion, please send me! Well, I got some equipment to make a network home lab for study, and before I start to set everything up, I need to fill up some issues. First, I want to my topology to looks more or less like this: http://imgur.com/aDBbBZK - My pfSense box is facing the Internet, using PPPoE DSL authentication from my ISP, and providing a DMZ and a LAN subnet. - After, this subnet is connected do VyoS (router OS, fork from Vyatta), that finally routes to the clients (and another VyOS, where I'll use OSPF). My doubts are: - Are this generally ok? It is recommended? - If I want to make NAT rules for my clients in LAN A, a 8080 port for example, what configuration should I make? Because pfSense doesn't know directly the LAN subnet... Should I make a NAT for the VyOS and there make another one? - If I make a mobile IPsec VPN in the pfSense box, will I get access normally to the LANs? - What should the clients Default Gateway be? Should it be the IP from the router (and than, the router default GW the IP from pfSense)? I know some how-to for configuring the pfSense and router, but I'm stuck in the theory behind the topology. PS: I still didn't developed this physically, it's just on the scratch... I want to know if this is correct before start. Best regards, Jonatas B. Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Network Topology - Home Lab
Thanks a lot man! Everything I tought is what it is, then! About the CARP, I can have connection to the router and DMZ (and know how to conf), I just can't have a shared WAN IP due the PPPoE authentication, I guess. Em 29/06/2014 04:40, Chris L c...@viptalk.net escreveu: On Jun 28, 2014, at 11:18 PM, Jonatas Baldin jonatas.bal...@gmail.com wrote: Hi guys, how are you doing? I hope someone can bring me some lights here haha I know this thread isn't about pfSense specific, it's more a network discussion, but I know someone here can help! Plus, if you know some good mailing list for Network discussion, please send me! Well, I got some equipment to make a network home lab for study, and before I start to set everything up, I need to fill up some issues. First, I want to my topology to looks more or less like this: http://imgur.com/aDBbBZK Fairly straightforward. - My pfSense box is facing the Internet, using PPPoE DSL authentication from my ISP, and providing a DMZ and a LAN subnet. - After, this subnet is connected do VyoS (router OS, fork from Vyatta), that finally routes to the clients (and another VyOS, where I'll use OSPF). My doubts are: - Are this generally ok? It is recommended? Looks fine if what’s in the diagram is what you want to accomplish. - If I want to make NAT rules for my clients in LAN A, a 8080 port for example, what configuration should I make? Because pfSense doesn't know directly the LAN subnet... Should I make a NAT for the VyOS and there make another one? NAT needs to happen where NAT needs to happen. You probably don’t need to NAT between 10.0.0.0/24 and 192.168.10.0/24. You would set up NAT in pfSense to the 192.168.10.X address. Note that pfSense will need routes so it knows to send traffic for 192.168.10.0/24 and 192.168.10.20.0/24 to 10.0.0.10. - If I make a mobile IPsec VPN in the pfSense box, will I get access normally to the LANs? You will need to tell IPsec to tell its clients that they can reach all the networks over the VPN connection (The clients need to know to route all traffic for 10.0.0.1/24, 192.168.10.0/24, 192.168.20.0/24, and possibly 172.16.0.0/24 over the VPN connection). - What should the clients Default Gateway be? Should it be the IP from the router (and than, the router default GW the IP from pfSense)? What clients? The default gateway for each client needs to be the gateway of last resort to get off its subnet. A default gateway must be on the same subnet as the client. You probably want LANA to be 192.168.10.1, LANB 192.168.20.1, and the VyOS routers 10.0.0.1. I know some how-to for configuring the pfSense and router, but I'm stuck in the theory behind the topology. It’s all in the diagram. ;) You can do the active/standby with two pfSenses and CARP. Note that it would require switching for the outside and DMZ interfaces that isn’t pictured. PS: I still didn't developed this physically, it's just on the scratch... I want to know if this is correct before start. Best regards, Jonatas B. Jonatas Baldin de Oliveira Profissional de TI Skype: jonatas.baldin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Fan Control
Hi everyone. I got two Sophos UTM 220 for my home lab and sucessfully installed pfSense in each one. The problem is that they make LOUD NOISE, and when I say loudy, I have to leave the room haha They start their fans in high velocity and don't change it anymore. Is there any fan control in pfSense (even in console)? Best regards. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Fan Control
My UTM start on 100% and stay the same all the time. On the BIOS setup there's no configuration for fan control too. It's getting annoying :( Em 11/06/2014 11:38, martin.krali...@accenture.com escreveu: Hi. This feature could be very good, I think that this is the freebsd issue. Because when the air conditioning fail and server temperatures starts be high and fans are on 100% after fixing the air conditioning it never come back to the normal and reboot is required. We have some HP DL380 G4 and G5, yes these servers are very old but as router are working very well J Thanks and best regards. Martin *From:* List [mailto:list-boun...@lists.pfsense.org] *On Behalf Of *Jonatas Baldin *Sent:* 11. června 2014 16:16 *To:* pfSense support and discussion *Subject:* [pfSense] Fan Control Hi everyone. I got two Sophos UTM 220 for my home lab and sucessfully installed pfSense in each one. The problem is that they make LOUD NOISE, and when I say loudy, I have to leave the room haha They start their fans in high velocity and don't change it anymore. Is there any fan control in pfSense (even in console)? Best regards. -- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. __ www.accenture.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] issue Downloading package from Pfsense.com
It looks like you can ping. The packet is taking much time to return than the average, in my servers its take about 100ms (and I don't know where you are from, so it can be normal there). Once, I got an issue that the domain pfsense.com was blocking my IP address (I had two links, and using the second one I could access the packages section). I did nothing to solve, but someday it started to access normally. 2014-02-13 19:12 GMT-02:00 Muhammad Yousuf Khan sir...@gmail.com: On Fri, Feb 14, 2014 at 1:54 AM, Dave Warren da...@hireahit.com wrote: But can you ping *domains* from the pfSense box, like www.google.com ? The point isn't to see if you can ping, but if ping can complete a DNS lookup and retrieve an IP successfully. This is potentially more useful than using DNS specific lookup tools, since ping will rely on the OS DNS resolution settings rather than (potentially) using it's own. Thanks for sharing Dave, BTW just FYKI i am new to pfsense but not to the IT field. Ping output: PING google.com (74.125.226.233): 56 data bytes 64 bytes from 74.125.226.233: icmp_seq=0 ttl=46 time=314.505 ms --- google.com ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 314.505/314.505/314.505/0.000 ms Note my DNS are set to 8.8.8.8 AND 8.8.4.4 -- Dave Warrenhttp://www.hireahit.com/http://ca.linkedin.com/in/davejwarren On 2014-02-13 12:03, Muhammad Yousuf Khan wrote: Yes i can ping, here is the result from web console Diagnosticsping Ping output: PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=40 time=293.328 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=40 time=295.391 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=40 time=293.850 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 293.328/294.190/295.391/0.876 ms On Fri, Feb 14, 2014 at 12:39 AM, Jonatas Baldin jonatas.bal...@gmail.com wrote: Can you ping domains from the pfSense box, like www.google.com ? 2014-02-13 17:19 GMT-02:00 Muhammad Yousuf Khan sir...@gmail.com: Hello all, I am Newbie, my pfsense is behind the ISP router, having a private ip of 192.x.x.x i can ping via ssh and via web console both i can also check dnslookup from console and ssh they are working fine. however when i click on available packages. i see this Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity. any idea what i am mistaking. i even uncheck block private ip addressess option from Interfaces and WAN still i can ping to 8.8.8.8 but can not see anything in available packages tab except above error. Thanks, MYK ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Jonatas Baldin de Oliveira Consultor de TI ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Jonatas Baldin de Oliveira Consultor de TI ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] issue Downloading package from Pfsense.com
Can you ping domains from the pfSense box, like www.google.com ? 2014-02-13 17:19 GMT-02:00 Muhammad Yousuf Khan sir...@gmail.com: Hello all, I am Newbie, my pfsense is behind the ISP router, having a private ip of 192.x.x.x i can ping via ssh and via web console both i can also check dnslookup from console and ssh they are working fine. however when i click on available packages. i see this Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity. any idea what i am mistaking. i even uncheck block private ip addressess option from Interfaces and WAN still i can ping to 8.8.8.8 but can not see anything in available packages tab except above error. Thanks, MYK ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Jonatas Baldin de Oliveira Consultor de TI ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list