Re: [pfSense Support] vpn ipsec
Or you could think of this as self tuning. From everything I can gather it seems "normal". Scott On 8/4/05, Chris Buechler <[EMAIL PROTECTED]> wrote: > On 8/1/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > > > > [kernel: tl0: tx underrun -- increasing tx threshold to 512 bytes] > > > [kernel: tl0: tx underrun -- increasing tx threshold to 768 bytes] > > > [kernel: tl0: tx underrun -- increasing tx threshold to 1024 bytes] > > > [kernel: xl0: transmission error: 90] > > > [kernel: xl0: tx underrun, increasing tx start threshold to 120 bytes] > > > > I get these as well. Its something since the interface changes in > > FreeBSD behind the scenes. This is on my list of things to ping the > > FreeBSD lists with closer to final 6 release if it persists. It > > doesn't seem to harm anything, however. > > > > these underruns are normal on many NIC drivers, since 5.x IIRC, maybe > 4.x did it too, I don't recall for sure. The tx threshold starts low, > and as traffic increases, the threshold is increased if need be. The > transmission errors are caused by the tx underruns. It's perfectly > normal, and will happen after every reboot. > > dug that info up on google quite a while ago. found this explanation > with a quick search today. > > -- > The NIC starts transmitting a packet before the whole packet has been > copied to the NIC's memory. If it takes too long for the rest of the > packet to get onto the NIC, a bit won't be there when its time for > transmission comes. This is called an underrun. The driver then > raises the threshold for how much of the packet has to be on the NIC > before transmission starts. > -- > > -cmb > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] vpn ipsec
On 8/1/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > > [kernel: tl0: tx underrun -- increasing tx threshold to 512 bytes] > > [kernel: tl0: tx underrun -- increasing tx threshold to 768 bytes] > > [kernel: tl0: tx underrun -- increasing tx threshold to 1024 bytes] > > [kernel: xl0: transmission error: 90] > > [kernel: xl0: tx underrun, increasing tx start threshold to 120 bytes] > > I get these as well. Its something since the interface changes in > FreeBSD behind the scenes. This is on my list of things to ping the > FreeBSD lists with closer to final 6 release if it persists. It > doesn't seem to harm anything, however. > these underruns are normal on many NIC drivers, since 5.x IIRC, maybe 4.x did it too, I don't recall for sure. The tx threshold starts low, and as traffic increases, the threshold is increased if need be. The transmission errors are caused by the tx underruns. It's perfectly normal, and will happen after every reboot. dug that info up on google quite a while ago. found this explanation with a quick search today. -- The NIC starts transmitting a packet before the whole packet has been copied to the NIC's memory. If it takes too long for the rest of the packet to get onto the NIC, a bit won't be there when its time for transmission comes. This is called an underrun. The driver then raises the threshold for how much of the packet has to be on the NIC before transmission starts. -- -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] NATed interface to bridged interface
On 8/3/05, Simon SZE-To <[EMAIL PROTECTED]> wrote: > Hello, > > I'm using m0n0wall and due to the issue between ipnat and bridging ( > http://www.m0n0.ch/wall/docbook/faq-bridge.html ), I can't > access servers under bridged OPT1 from LAN. I would like to know is this > issue on pfSense too? > hard telling. might be, might not be. at this stage of the game, best we can offer is "try it, and let us know." -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Two ISP configuration
It sure does :) I had an ISP failure last night, quite annoying :) I've now got a duplicate of all my rules with different gateways setup. I enable/disable the rules depending on which ISP I need/want the traffic to head out at that time. Can't wait 'til this weekend so we can make all that automatic instead of manually doing it :) So, yes to answer the unasked question...the people that know how to fix this are getting annoyed by it too so it _will_ be fixed. It's not just a feature that we think would be cool so we're putting it in, it's going to work because we want it to work for ourselves too :) --Bill On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > Configure opt 1 with publicips and set gateway to (LMDS). > Configure wan the same way with yourdchp setting. > > Now on the lan use advanced outbound nat and 1 to nat to configure the > clients to there respective gateway. > > Nofailover but dual WAN works > > -Original Message- > From: Charrua [mailto:[EMAIL PROTECTED] > Sent: 03 August 2005 21:45 > To: Scott Ullrich > Cc: support@pfsense.com > Subject: Re: [pfSense Support] Two ISP configuration > > Great ! Thanks for your prompt reply. > Right now I'm trying version 0.73.2. > > Could you please give me a hint on how to accomplish each point ? > > Thanks in advance, > Andrés > > - Original Message - > From: "Scott Ullrich" <[EMAIL PROTECTED]> > To: "Charrua" <[EMAIL PROTECTED]> > Cc: > Sent: Wednesday, August 03, 2005 5:36 PM > Subject: Re: [pfSense Support] Two ISP configuration > > > On 8/3/05, Charrua <[EMAIL PROTECTED]> wrote: > > Hi > > > > I have two Internet connections from two different ISPs. Connection "A" is > > ADSL, connection "B" is another kind of broadband connection (LMDS). In > > the > > ADSL link I have 1 public ip which changes dynamically, and in the "B" > > connection I have 28 fixed public IP's that I can use. Each of them come > > into my network through a standard Ethernet 10BaseT connection. > > > > I would like to have the following configuration: > > > > 1. A few users will be assigned public IPs (belonging to the "B" > > connection). > > This is doable. > > > 2. The rest of the users will be assigned private IPs, and their traffic > > will go out using NAT > > Should be ok. > > > 3. I want to route some of the users which have private IPs through > > conection "A" (ADSL) and other users having private IPs through the "B" > > connection (kind of static balance of the traffic). > > No load balancing available yet. Its scheduled for the weekend. > > > 4. If there is no Internet connectivity through the "B" connection, I want > > that all the users with private IPs, be automatically routed through the > > "A" > > (ADSL) link. > > Not doable until after this weekend. > > Scott > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > Internal Virus Database is out-of-date. > Checked by AVG Anti-Virus. > Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 19/07/2005 > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] USB Keyboard on 73.2
Chris, Thanks for looking into this for me! Since this has been slowing us down, I went back to our desktop support group and asked if they had any GX270s left. They had one, so we swapped our GX280 for it... Unfortunately, we now know why they still had it.. Looks like the floppy drive doesn't work and the hard drive is dead. So, we may be swapping this back for the GX280 soon if we can't get a new drive tomorrow. Paul -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 03, 2005 5:46 PM To: Paul Taylor Cc: support@pfsense.com Subject: Re: [pfSense Support] USB Keyboard on 73.2 On 8/2/05, Paul Taylor <[EMAIL PROTECTED]> wrote: > > I'm still getting the same problem with the USB keyboard on the > GX280 with the new build 73.2 from last night... > I verified with Scott this afternoon that I'm seeing the same thing on a GX280. I'm even using a USB -> PS/2 adapter with a PS/2 keyboard because I couldn't find a USB keyboard anywhere. I'm downloading the iso of FreeBSD 6.0 beta 1 to see if it exhibits the same behavior. Will find out more tomorrow. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] USB Keyboard on 73.2
On 8/2/05, Paul Taylor <[EMAIL PROTECTED]> wrote: > > I'm still getting the same problem with the USB keyboard on the > GX280 with the new build 73.2 from last night… > I verified with Scott this afternoon that I'm seeing the same thing on a GX280. I'm even using a USB -> PS/2 adapter with a PS/2 keyboard because I couldn't find a USB keyboard anywhere. I'm downloading the iso of FreeBSD 6.0 beta 1 to see if it exhibits the same behavior. Will find out more tomorrow. -cmb
RE: [pfSense Support] Two ISP configuration
Configure opt 1 with publicips and set gateway to (LMDS). Configure wan the same way with yourdchp setting. Now on the lan use advanced outbound nat and 1 to nat to configure the clients to there respective gateway. Nofailover but dual WAN works -Original Message- From: Charrua [mailto:[EMAIL PROTECTED] Sent: 03 August 2005 21:45 To: Scott Ullrich Cc: support@pfsense.com Subject: Re: [pfSense Support] Two ISP configuration Great ! Thanks for your prompt reply. Right now I'm trying version 0.73.2. Could you please give me a hint on how to accomplish each point ? Thanks in advance, Andrés - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: "Charrua" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, August 03, 2005 5:36 PM Subject: Re: [pfSense Support] Two ISP configuration On 8/3/05, Charrua <[EMAIL PROTECTED]> wrote: > Hi > > I have two Internet connections from two different ISPs. Connection "A" is > ADSL, connection "B" is another kind of broadband connection (LMDS). In > the > ADSL link I have 1 public ip which changes dynamically, and in the "B" > connection I have 28 fixed public IP's that I can use. Each of them come > into my network through a standard Ethernet 10BaseT connection. > > I would like to have the following configuration: > > 1. A few users will be assigned public IPs (belonging to the "B" > connection). This is doable. > 2. The rest of the users will be assigned private IPs, and their traffic > will go out using NAT Should be ok. > 3. I want to route some of the users which have private IPs through > conection "A" (ADSL) and other users having private IPs through the "B" > connection (kind of static balance of the traffic). No load balancing available yet. Its scheduled for the weekend. > 4. If there is no Internet connectivity through the "B" connection, I want > that all the users with private IPs, be automatically routed through the > "A" > (ADSL) link. Not doable until after this weekend. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Internal Virus Database is out-of-date. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 19/07/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Two ISP configuration
On 8/3/05, Charrua <[EMAIL PROTECTED]> wrote: > > Right now I'm trying version 0.73.2. > > Could you please give me a hint on how to accomplish each point ? > given the amount of work that's to be done on that area this weekend at the hackathon, I'd say *don't* do it yet. Things are bound to change, and they're definitely going to improve. Give it a week, and it should be more functional and user friendly. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Two ISP configuration
On 8/3/05, Charrua <[EMAIL PROTECTED]> wrote: > Great ! Thanks for your prompt reply. > Right now I'm trying version 0.73.2. > > Could you please give me a hint on how to accomplish each point ? Thats an exercise left to the reader. Check the blog for multi-wan hints. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] problems
That means its not able to mount them as cloop. Most likely a CD-Reader issue. On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > There forgives that insists, but I finish of > downloading the image > http://pfsense.er33t.net/downloads/pfSense-LiveCD-0.73.2.iso > and continue having exactly the same problem. > I probe in two different PC and the same thing. > I must do something while it initiates? > I must modify something in the CD image. > The CD directory /usr and /var are empty, it this > well? > > thank's > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote: > > > I was going to say, I tested that CD last night in > > VMWare and it > > looked fine.Maybe I shouldnt pull the ISO's from > > knee jerk > > reactions so quickly :P > > > > On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > > > I used this CD with no issues today > > > > > > -Original Message- > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > Sent: 03 August 2005 15:32 > > > To: pablo hide > > > Cc: support@pfsense.com > > > Subject: Re: [pfSense Support] problems > > > > > > That does not look good. I will remove the CD > > and copy a new one up > > > tonite. > > > > > > Scott > > > > > > On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > > > > hi, i have download pfSense-LiveCD-0.73.4.1.iso, > > make > > > > the CD and boot with it. > > > > after message Bootup complete i get this > > message: > > > > init: cant't exec getty > > > > '/usr/libexec/getty' for port /dev/console: No > > such > > > > file or directory > > > > > > > > the message repites every time... > > > > > > > > what's i do wrong?? > > > > i use ipcop and monowall in same machine without > > > > problems. > > > > > > > > thank's and sorry for my english. > > > > > > > > > > > > > > > > > > > > > > Start your day with Yahoo! - make it your home > > page > > > > http://www.yahoo.com/r/hs > > > > > > > > > > > > > > > - > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > -- > > > Internal Virus Database is out-of-date. > > > Checked by AVG Anti-Virus. > > > Version: 7.0.323 / Virus Database: 267.9.2/52 - > > Release Date: 19/07/2005 > > > > > > > > > > > > > > - > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Two ISP configuration
Great ! Thanks for your prompt reply. Right now I'm trying version 0.73.2. Could you please give me a hint on how to accomplish each point ? Thanks in advance, Andrés - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: "Charrua" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, August 03, 2005 5:36 PM Subject: Re: [pfSense Support] Two ISP configuration On 8/3/05, Charrua <[EMAIL PROTECTED]> wrote: Hi I have two Internet connections from two different ISPs. Connection "A" is ADSL, connection "B" is another kind of broadband connection (LMDS). In the ADSL link I have 1 public ip which changes dynamically, and in the "B" connection I have 28 fixed public IP's that I can use. Each of them come into my network through a standard Ethernet 10BaseT connection. I would like to have the following configuration: 1. A few users will be assigned public IPs (belonging to the "B" connection). This is doable. 2. The rest of the users will be assigned private IPs, and their traffic will go out using NAT Should be ok. 3. I want to route some of the users which have private IPs through conection "A" (ADSL) and other users having private IPs through the "B" connection (kind of static balance of the traffic). No load balancing available yet. Its scheduled for the weekend. 4. If there is no Internet connectivity through the "B" connection, I want that all the users with private IPs, be automatically routed through the "A" (ADSL) link. Not doable until after this weekend. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] problems
There forgives that insists, but I finish of downloading the image http://pfsense.er33t.net/downloads/pfSense-LiveCD-0.73.2.iso and continue having exactly the same problem. I probe in two different PC and the same thing. I must do something while it initiates? I must modify something in the CD image. The CD directory /usr and /var are empty, it this well? thank's --- Scott Ullrich <[EMAIL PROTECTED]> wrote: > I was going to say, I tested that CD last night in > VMWare and it > looked fine.Maybe I shouldnt pull the ISO's from > knee jerk > reactions so quickly :P > > On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > > I used this CD with no issues today > > > > -Original Message- > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Sent: 03 August 2005 15:32 > > To: pablo hide > > Cc: support@pfsense.com > > Subject: Re: [pfSense Support] problems > > > > That does not look good. I will remove the CD > and copy a new one up > > tonite. > > > > Scott > > > > On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > > > hi, i have download pfSense-LiveCD-0.73.4.1.iso, > make > > > the CD and boot with it. > > > after message Bootup complete i get this > message: > > > init: cant't exec getty > > > '/usr/libexec/getty' for port /dev/console: No > such > > > file or directory > > > > > > the message repites every time... > > > > > > what's i do wrong?? > > > i use ipcop and monowall in same machine without > > > problems. > > > > > > thank's and sorry for my english. > > > > > > > > > > > > > > > > Start your day with Yahoo! - make it your home > page > > > http://www.yahoo.com/r/hs > > > > > > > > > > - > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > - > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > -- > > Internal Virus Database is out-of-date. > > Checked by AVG Anti-Virus. > > Version: 7.0.323 / Virus Database: 267.9.2/52 - > Release Date: 19/07/2005 > > > > > > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Two ISP configuration
On 8/3/05, Charrua <[EMAIL PROTECTED]> wrote: > Hi > > I have two Internet connections from two different ISPs. Connection "A" is > ADSL, connection "B" is another kind of broadband connection (LMDS). In the > ADSL link I have 1 public ip which changes dynamically, and in the "B" > connection I have 28 fixed public IP's that I can use. Each of them come > into my network through a standard Ethernet 10BaseT connection. > > I would like to have the following configuration: > > 1. A few users will be assigned public IPs (belonging to the "B" > connection). This is doable. > 2. The rest of the users will be assigned private IPs, and their traffic > will go out using NAT Should be ok. > 3. I want to route some of the users which have private IPs through > conection "A" (ADSL) and other users having private IPs through the "B" > connection (kind of static balance of the traffic). No load balancing available yet. Its scheduled for the weekend. > 4. If there is no Internet connectivity through the "B" connection, I want > that all the users with private IPs, be automatically routed through the "A" > (ADSL) link. Not doable until after this weekend. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Two ISP configuration
Hi I have two Internet connections from two different ISPs. Connection "A" is ADSL, connection "B" is another kind of broadband connection (LMDS). In the ADSL link I have 1 public ip which changes dynamically, and in the "B" connection I have 28 fixed public IP's that I can use. Each of them come into my network through a standard Ethernet 10BaseT connection. I would like to have the following configuration: 1. A few users will be assigned public IPs (belonging to the "B" connection). 2. The rest of the users will be assigned private IPs, and their traffic will go out using NAT 3. I want to route some of the users which have private IPs through conection "A" (ADSL) and other users having private IPs through the "B" connection (kind of static balance of the traffic). 4. If there is no Internet connectivity through the "B" connection, I want that all the users with private IPs, be automatically routed through the "A" (ADSL) link. Is it possible to carry out this configuration using pfSense ? Thanks and best regards, Andrés
Re: [pfSense Support] Problem with pfSense on EPIA with DiskOnModule
The embedded images do not have VGA :) Install from the ISO to the DoC. Scott On 8/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi all, > > I'm trying to get pfSense working on my EPIA setup with the > following configuration: > > * EPIA PD1 (C3 1Ghz "Nehemiah", dual LAN connection, Mini-ITX) > * 512MB DDR SDRAM (KingMax) > * PQI DiskOnModule (256MB Capacity) > * Morex Procase/Cubid 2677 Mini-ITX case with 60W PSU > * Intel i82559 NIC (PCI card) > > I used this image => pfSense-Embedded-0.73-megs.bin.gz > (Dated : 04-Aug-2005 00:31, 28.2MB) > > And used Manuel Kasper's "physdiskwrite" tool to write the image > onto the 256MB DOM in Win2k Pro SP4. > > That was OK, until when I tried to boot with it... > > The following is what appears : > > > > FreeBSD/i386 bootstrap loader, Revision 1.1 > ([EMAIL PROTECTED], Sun Jul 31 22:20:50 UTC 2005) > Loading /boot/defaults/loader.conf > /boot/kernel/kernel text=0x523f93 data=0x7f48c+0x43c20 \ > \ > Hit [Enter] to boot immediately, or any other key for command prompt. > Booting [/boot/kernel/kernel]... > /boot/kernel/acpi.ko text=0x409fc data=0x2060+0x1090 > syms=[0x4+0x7680+0x4+0x9ddd] > \ > > > At this point, it just hangs. > > I previously used the same system for M0n0Wall ver 1.1, and it worked fine. > I currently have two Cable ISP connections which I want to use pfSense on. > (consolidate two routers into one with pfSense's multi-WAN capability). > > Can anyone help or explain what the above means? > > Regards > -Stmok > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multi-WAN capabilities...
On 8/3/05, Paul Taylor <[EMAIL PROTECTED]> wrote: > I've seen somewhere the multi-WAN works with DHCP on both WANs now, but will > it work with PPPoe on one interface and DHCP on the other? If so, is this a > failover situation by default (where one interface can be designated as a > primary), or for load balancing only? Use the PPPoE connection on the wan interface and the other dhcp connection on a optional interface. Load balancing wont be done until after this weekend. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Multi-WAN capabilities...
I’ve seen somewhere the multi-WAN works with DHCP on both WANs now, but will it work with PPPoe on one interface and DHCP on the other? If so, is this a failover situation by default (where one interface can be designated as a primary), or for load balancing only? At home I have both cable (DHCP) and DSL (PPPoe)… My DSL is actually DSL Lite (256 down, 128 up) and really only there for backup purposes… Paul
[pfSense Support] Problem with pfSense on EPIA with DiskOnModule
Hi all, I'm trying to get pfSense working on my EPIA setup with the following configuration: * EPIA PD1 (C3 1Ghz "Nehemiah", dual LAN connection, Mini-ITX) * 512MB DDR SDRAM (KingMax) * PQI DiskOnModule (256MB Capacity) * Morex Procase/Cubid 2677 Mini-ITX case with 60W PSU * Intel i82559 NIC (PCI card) I used this image => pfSense-Embedded-0.73-megs.bin.gz (Dated : 04-Aug-2005 00:31, 28.2MB) And used Manuel Kasper's "physdiskwrite" tool to write the image onto the 256MB DOM in Win2k Pro SP4. That was OK, until when I tried to boot with it... The following is what appears : FreeBSD/i386 bootstrap loader, Revision 1.1 ([EMAIL PROTECTED], Sun Jul 31 22:20:50 UTC 2005) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x523f93 data=0x7f48c+0x43c20 \ \ Hit [Enter] to boot immediately, or any other key for command prompt. Booting [/boot/kernel/kernel]... /boot/kernel/acpi.ko text=0x409fc data=0x2060+0x1090 syms=[0x4+0x7680+0x4+0x9ddd] \ At this point, it just hangs. I previously used the same system for M0n0Wall ver 1.1, and it worked fine. I currently have two Cable ISP connections which I want to use pfSense on. (consolidate two routers into one with pfSense's multi-WAN capability). Can anyone help or explain what the above means? Regards -Stmok - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec tunnel to remote gateway
I would think if you did that it would all just work. Was going to have a closer look at weather the remote end needs The rules that I gave it. personally I think the the ipsec will have configured the firewall rules already for you at the remote end so the only addition would be the outbound nat at the remote end. And in some configurations this might not be required. Thanks alan -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 03 August 2005 18:39 To: alan walters Cc: support@pfsense.com Subject: Re: [pfSense Support] ipsec tunnel to remote gateway Would it help if we allowed 0.0.0.0 to be entered in the WebGUI? On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > Below is the xml of the remote tunnel. > > > > On the remote side I added a the following rules > > > > (1) Advanced out bound NAT > > > > 192.168.168.110 to any use gateway xxx.xxx.xxx.xxx > > > > (2) firewall rules > > > > Allow 192.168.168.110 to any on interface LAN > > > > Then the following tunnel was hacked into the xml configuration file. > > > > > > > wan > > > > > 192.168.168.110 > > > > > 0.0.0.0/0 > > > xxx.xxx.xxx.xxx > > > > > aggressive > > > > > > > > > > 3des > > > sha1 > > > 2 > > > 3600 > > > > > > > > > > > > > pre_shared_key > > > > > > > esp > > > 3des > > > blowfish > > > cast128 > > > rijndael > > > hmac_sha1 > > > hmac_md5 > > > 0 > > > 3600 > > > > test > > > > > > > > Give it a try > > > > Alan > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Internal Virus Database is out-of-date. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 19/07/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipsec tunnel to remote gateway
Would it help if we allowed 0.0.0.0 to be entered in the WebGUI? On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > Below is the xml of the remote tunnel. > > > > On the remote side I added a the following rules > > > > (1) Advanced out bound NAT > > > > 192.168.168.110 to any use gateway xxx.xxx.xxx.xxx > > > > (2) firewall rules > > > > Allow 192.168.168.110 to any on interface LAN > > > > Then the following tunnel was hacked into the xml configuration file. > > > > > > > wan > > > > > 192.168.168.110 > > > > > 0.0.0.0/0 > > > xxx.xxx.xxx.xxx > > > > > aggressive > > > > > > > > > > 3des > > > sha1 > > > 2 > > > 3600 > > > > > > > > > > > > > pre_shared_key > > > > > > > esp > > > 3des > > > blowfish > > > cast128 > > > rijndael > > > hmac_sha1 > > > hmac_md5 > > > 0 > > > 3600 > > > > test > > > > > > > > Give it a try > > > > Alan > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ipsec tunnel to remote gateway
Below is the xml of the remote tunnel. On the remote side I added a the following rules (1) Advanced out bound NAT 192.168.168.110 to any use gateway xxx.xxx.xxx.xxx (2) firewall rules Allow 192.168.168.110 to any on interface LAN Then the following tunnel was hacked into the xml configuration file.wan 192.168.168.110 0.0.0.0/0 xxx.xxx.xxx.xxx aggressive myident> 3des sha1 2dhgroup> 3600 pre_shared_keyauthentication_method> esp 3des blowfish cast128 rijndael hmac_sha1 hmac_md5 0pfsgroup> 3600 testdescr> Give it a try Alan
Re: [pfSense Support] ipsec more info
I would to help with this but I have to admit that this is a new prospect for me. Let me know how it turns out and it would be nice if we could document this behavior. On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > Ok I have made a bit of progress with this one. > I have setup a vpn by editing the xml file in the vpn section > > The local vpn is configured like so > The remote subnet becomes 0.0.0.0/0. > > At the remote end I made a outbout nat rule for my local subnet > And added firewall rules to allow those out my remote LAN. > > the traceroute to www.google.ie completes in a lot less hops than it > would via our route 14 instead of 22. I checks the firewall on the > remote end and it seems to be gatewaying the traffic as well. > > The problem seems to now be that out of the fourteen hops on the new > route > 9 of them seem to time out. Would love some insight into this. > > I am now going to look into the static route bit as well. And see if > trying to tie the gateway down better helps. > > I believe one of two issues would now apply. Either the nat on the far > end is causing a problem. Or something that I just don't understand > > > Regards alan > > > > > I think there's somebody doing this with m0n0wall. I recall it being > discussed on the list in the past. I believe how they accomplished it > was adding a site to site VPN, then adding a static route on the LAN > for 0.0.0.0/0 (i.e. everything; this route wasn't possible in the GUI > without changing the code, not sure if that's been changed here or > not) pointing to the other end LAN side of the VPN tunnel. I could be > way off on that though, it's been a while. > > Worth a shot at least, might also want to google with site:m0n0.ch to > see if you come up with anything. > > > > Is it possible to route all traffic from opt1 across an ipsec vpn. > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] problems
I was going to say, I tested that CD last night in VMWare and it looked fine.Maybe I shouldnt pull the ISO's from knee jerk reactions so quickly :P On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > I used this CD with no issues today > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: 03 August 2005 15:32 > To: pablo hide > Cc: support@pfsense.com > Subject: Re: [pfSense Support] problems > > That does not look good. I will remove the CD and copy a new one up > tonite. > > Scott > > On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > > hi, i have download pfSense-LiveCD-0.73.4.1.iso, make > > the CD and boot with it. > > after message Bootup complete i get this message: > > init: cant't exec getty > > '/usr/libexec/getty' for port /dev/console: No such > > file or directory > > > > the message repites every time... > > > > what's i do wrong?? > > i use ipcop and monowall in same machine without > > problems. > > > > thank's and sorry for my english. > > > > > > > > > > Start your day with Yahoo! - make it your home page > > http://www.yahoo.com/r/hs > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > Internal Virus Database is out-of-date. > Checked by AVG Anti-Virus. > Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 19/07/2005 > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] problems
I used this CD with no issues today -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 03 August 2005 15:32 To: pablo hide Cc: support@pfsense.com Subject: Re: [pfSense Support] problems That does not look good. I will remove the CD and copy a new one up tonite. Scott On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > hi, i have download pfSense-LiveCD-0.73.4.1.iso, make > the CD and boot with it. > after message Bootup complete i get this message: > init: cant't exec getty > '/usr/libexec/getty' for port /dev/console: No such > file or directory > > the message repites every time... > > what's i do wrong?? > i use ipcop and monowall in same machine without > problems. > > thank's and sorry for my english. > > > > > Start your day with Yahoo! - make it your home page > http://www.yahoo.com/r/hs > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Internal Virus Database is out-of-date. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.2/52 - Release Date: 19/07/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec more info
Ok I have made a bit of progress with this one. I have setup a vpn by editing the xml file in the vpn section The local vpn is configured like so The remote subnet becomes 0.0.0.0/0. At the remote end I made a outbout nat rule for my local subnet And added firewall rules to allow those out my remote LAN. the traceroute to www.google.ie completes in a lot less hops than it would via our route 14 instead of 22. I checks the firewall on the remote end and it seems to be gatewaying the traffic as well. The problem seems to now be that out of the fourteen hops on the new route 9 of them seem to time out. Would love some insight into this. I am now going to look into the static route bit as well. And see if trying to tie the gateway down better helps. I believe one of two issues would now apply. Either the nat on the far end is causing a problem. Or something that I just don't understand Regards alan I think there's somebody doing this with m0n0wall. I recall it being discussed on the list in the past. I believe how they accomplished it was adding a site to site VPN, then adding a static route on the LAN for 0.0.0.0/0 (i.e. everything; this route wasn't possible in the GUI without changing the code, not sure if that's been changed here or not) pointing to the other end LAN side of the VPN tunnel. I could be way off on that though, it's been a while. Worth a shot at least, might also want to google with site:m0n0.ch to see if you come up with anything. > > Is it possible to route all traffic from opt1 across an ipsec vpn. > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] problems
Just hang tight. I'll have a new image up in a bit. Scott On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > what's the pfSense-LiveCD-0.7x.x.x.iso image that > realy work? > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote: > > > That does not look good. I will remove the CD and > > copy a new one up tonite. > > > > Scott > > > > On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > > > hi, i have download pfSense-LiveCD-0.73.4.1.iso, > > make > > > the CD and boot with it. > > > after message Bootup complete i get this message: > > > init: cant't exec getty > > > '/usr/libexec/getty' for port /dev/console: No > > such > > > file or directory > > > > > > the message repites every time... > > > > > > what's i do wrong?? > > > i use ipcop and monowall in same machine without > > > problems. > > > > > > thank's and sorry for my english. > > > > > > > > > > > > > > > > > Start your day with Yahoo! - make it your home > > page > > > http://www.yahoo.com/r/hs > > > > > > > > > > > > - > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] problems
what's the pfSense-LiveCD-0.7x.x.x.iso image that realy work? --- Scott Ullrich <[EMAIL PROTECTED]> wrote: > That does not look good. I will remove the CD and > copy a new one up tonite. > > Scott > > On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > > hi, i have download pfSense-LiveCD-0.73.4.1.iso, > make > > the CD and boot with it. > > after message Bootup complete i get this message: > > init: cant't exec getty > > '/usr/libexec/getty' for port /dev/console: No > such > > file or directory > > > > the message repites every time... > > > > what's i do wrong?? > > i use ipcop and monowall in same machine without > > problems. > > > > thank's and sorry for my english. > > > > > > > > > > > Start your day with Yahoo! - make it your home > page > > http://www.yahoo.com/r/hs > > > > > > > - > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Asked, but never answered -> IPSec / VPN ??
On 8/3/05, David Strout <[EMAIL PROTECTED]> wrote: > Probably answered, but can't locate the specifics > .. > > 1. can you run 3DES/MD5 tunnels wo/ hardware > crypto accelerators? > 2. can you build a tunnel on two different > phase1&2 encryption/hash(s) ... > or do they have to match? > > eg: > > I build tunnel this way ... > > phase1 > Blowfish / SHA1 / PSK > phase2 > ESP / Blowfish / SHA1 > > Could I built it this way ... > > phase1 > Blowfish / SHA1 / PSK > phase2 > ESP / 3DES / MD5 > > Please excuse my ignorance ... ! http://marc.theaimsgroup.com/?t=11229314195&r=1&w=2 --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Asked, but never answered -> IPSec / VPN ??
Bill answered this yesterday. Check the archives. On 8/3/05, David Strout <[EMAIL PROTECTED]> wrote: > Probably answered, but can't locate the specifics > .. > > 1. can you run 3DES/MD5 tunnels wo/ hardware > crypto accelerators? > 2. can you build a tunnel on two different > phase1&2 encryption/hash(s) ... > or do they have to match? > > eg: > > I build tunnel this way ... > > phase1 > Blowfish / SHA1 / PSK > phase2 > ESP / Blowfish / SHA1 > > Could I built it this way ... > > phase1 > Blowfish / SHA1 / PSK > phase2 > ESP / 3DES / MD5 > > Please excuse my ignorance ... ! > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] problems
That does not look good. I will remove the CD and copy a new one up tonite. Scott On 8/3/05, pablo hide <[EMAIL PROTECTED]> wrote: > hi, i have download pfSense-LiveCD-0.73.4.1.iso, make > the CD and boot with it. > after message Bootup complete i get this message: > init: cant't exec getty > '/usr/libexec/getty' for port /dev/console: No such > file or directory > > the message repites every time... > > what's i do wrong?? > i use ipcop and monowall in same machine without > problems. > > thank's and sorry for my english. > > > > > Start your day with Yahoo! - make it your home page > http://www.yahoo.com/r/hs > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] problems
hi, i have download pfSense-LiveCD-0.73.4.1.iso, make the CD and boot with it. after message Bootup complete i get this message: init: cant't exec getty '/usr/libexec/getty' for port /dev/console: No such file or directory the message repites every time... what's i do wrong?? i use ipcop and monowall in same machine without problems. thank's and sorry for my english. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Feature Question / Request - Trafshow
Use pftop from the console menu. Scott On 8/3/05, Wesley Joyce <[EMAIL PROTECTED]> wrote: > > > > > Does pfsense have trafshow or trafshow like capability from the shell? > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Asked, but never answered -> IPSec / VPN ??
Probably answered, but can't locate the specifics .. 1. can you run 3DES/MD5 tunnels wo/ hardware crypto accelerators? 2. can you build a tunnel on two different phase1&2 encryption/hash(s) ... or do they have to match? eg: I build tunnel this way ... phase1 > Blowfish / SHA1 / PSK phase2 > ESP / Blowfish / SHA1 Could I built it this way ... phase1 > Blowfish / SHA1 / PSK phase2 > ESP / 3DES / MD5 Please excuse my ignorance ... ! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Remote Shutdown
Thanks for the help. I just use a simple plink script from a windows machine to login via ssh and issue a "shutdown -h now" command. Chris Buechler wrote: On 8/2/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: Use execraw.php to issues shutdown -h now that probably won't actually power off the machine though, will just keep it running at the "press any key to restart" screen. there's a way to make it power off if the machine supports it, though I don't recall what it is offhand. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Regards, __ Roger Miranda Corporate Technical Manager Email: [EMAIL PROTECTED] Cell: 204.228.2032 Digital Relay - Corporate It Brokers 1130 Wall Street. Winnipeg, MB R3M 2R9 VoIP: 204.480.1234 w w w . d i g i t a l r e l a y . c a Business Voice Over IP - Online Stores - Network Security - Secure Internet Gateway - Customer Management Systems - Helpdesk Software - Voice Recording Solutions - Multifunction Copiers - Web Design - Web and Email Hosting - Domain Names - SSL Certificates - Automated Off-Site Backup
[pfSense Support] Feature Question / Request - Trafshow
Does pfsense have trafshow or trafshow like capability from the shell?
[pfSense Support] NATed interface to bridged interface
Hello, I'm using m0n0wall and due to the issue between ipnat and bridging ( http://www.m0n0.ch/wall/docbook/faq-bridge.html ), I can't access servers under bridged OPT1 from LAN. I would like to know is this issue on pfSense too? Thanks.
Re: [pfSense Support] Enable 'routed'
Bill Marquette wrote: You can use for this (http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=135&actionargs[]=62) Bill, Thanks, works like a charm. Scott. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
