AW: [pfSense Support] iperf question
From the m0n0 documentation (hidden options in the config.xml file). Same like m0n0: interfaces/(if)/media and interfaces/(if)/mediaopt If you need to force your NIC to a specific media type (e.g. 10Base-T half duplex), you can use these two options. Refer to the appropriate FreeBSD manpage for the driver you're using to see which options are available (or run ifconfig -m). You can diagnosticsedit file /conf/config.xml to make this from the webgui. Example (but issue ifconfig -m from diagnosticscommand to see the options of your specific card first, they might be different): opt1 descrMichelbach entfernt/descr ifsis2/if mtu576/mtu media10baseT/UTP/media mediaoptfull-duplex/mediaopt ipaddr10.10.15.10/ipaddr subnet24/subnet bridge/ enable/ /opt1 Holger -Ursprüngliche Nachricht- Von: Randy B [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 18. August 2005 04:51 An: support@pfsense.com Betreff: [pfSense Support] iperf question I know this isn't likely the best forum for this question, but please bear with me. I've been seeing a lot of these iperf comments/questions, and decided to try to track down why my connection to my home firewall seems *so slow*. Installed the package and fired it up, and sure enough - although both ends are reporting they're negotiated at 100Mb/s, I'm only getting ~22Mb, which reeks strongly of 10Mb full-duplex. It's switch-independent - already swapped that out and tried. My next step is to hook a laptop directly up to both machines and give it a whirl (rule out a faulty cable). In the meantime, is there anything I can do on pfSense to fiddle with autonegotiation settings like I can with ethtool on my Linux machines? I don't have any traffic shaping set up, so I can't see why that would come into play, but I'm all ears here. RB *BTW - I noticed a while back that pfSense had my favorite alias 'll'. It doesn't now, and looking in root's home directory, it looks like .tcshrc is zeroed out - either it was originally linked to .cshrc or someone's whacked it. Minor bug that should be ironed out before beta, I should think - I'll post a ticket when I get around to it, unless someone beats me to it (fixing or otherwise). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Mirror ?'s
All, Is it safe to assume that the 08.18.2005 date on the 76.4.iso means that there has been some re-working done on that image and I should try it again? I first saw this iso on 08.16.2005 and tried it then but it failed / hung on the old Waiting for Backend screen. Sorry for my ignorance, but I go on the dates of the upgrades/images and am a little confused when I see the same iso cange dates over a couple/several days. BTW: I generally go to the Seattle mirrors for downloads/updates. David L. Strout - [EMAIL PROTECTED] DBA:Engineering Systems Plus, LLC {Internet E-Mail Confidentiality Statement} This communication and all of its contents are for the sole use of the intended recipient. If you have received this communication in error you are required by law to delete all instances of this communication. If this communication has been printed, again, you are required by law to destroy all printed copies. ENGINEERING SYSTEMS PLUS, LLC -- https://www.espmaine.net/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Carp and syncing rules?
OK, because I can't use private IP's on WAN, I victimize 3 official IPs and start the first real test of pfsense ;-) I've an setup with 6 Interfaces (1 SYNC,1 LAN, 1 WLAN, 1 DMZ and 2 WAN). At this time 1 WAN and the WLAN interface are not in use. I enabled CARP and defined few rules. The virtual CARP-IPs seems to switch very well, but the rules defined in the GUI on the MASTER are not synced to the BACKUP. There are no 1:1 NAT or port forwardings defined, no vpn tunnels and traffic shaper is also not enabled. I can't find any error in the log and with tcpdump on SYNC interface I can see the XML messages, wich sends the rules to the BACKUP, but got respond with errors, e.g.: ?xml.version=1.0.encoding=UTF-8? .methodResponse .fault ...value .struct ...member .namefaultCode/name .valueint104/int/value .../member ...member .namefaultString/name .valuestringXML.error:.not.well-formed.(invalid.token).at.line.236/string/value .../member ./struct .../value ./fault ./methodResponse Any advice? Version is 0.77 Regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ipsec and 0.77
I don't know about this I still am seeing problems with ipsec Auto generated rules being wrong and an empty tunnel still being made with 0.77. I know this is nothing to do with the above problem but 0.77 is problematic with ipsec mobile clients and no tunnels created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipsec and 0.77
Is this a fresh configuration? On 8/18/05, alan walters [EMAIL PROTECTED] wrote: I don't know about this I still am seeing problems with ipsec Auto generated rules being wrong and an empty tunnel still being made with 0.77. I know this is nothing to do with the above problem but 0.77 is problematic with ipsec mobile clients and no tunnels created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ipsec and 0.77
An upgrade from 0.48 Had to change the ipsec part of the xml file to delete the crap from the upgrade. But whenever you save a new rule it adds a blank tunnel again. And creates rubbish rules. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 18 August 2005 20:42 To: alan walters Cc: support@pfsense.com Subject: Re: [pfSense Support] ipsec and 0.77 Is this a fresh configuration? On 8/18/05, alan walters [EMAIL PROTECTED] wrote: I don't know about this I still am seeing problems with ipsec Auto generated rules being wrong and an empty tunnel still being made with 0.77. I know this is nothing to do with the above problem but 0.77 is problematic with ipsec mobile clients and no tunnels created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ipsec and 0.77
You have to zap the entire ipsec section after upgrading or this can continue to be a problem On 8/18/05, alan walters [EMAIL PROTECTED] wrote: An upgrade from 0.48 Had to change the ipsec part of the xml file to delete the crap from the upgrade. But whenever you save a new rule it adds a blank tunnel again. And creates rubbish rules. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 18 August 2005 20:42 To: alan walters Cc: support@pfsense.com Subject: Re: [pfSense Support] ipsec and 0.77 Is this a fresh configuration? On 8/18/05, alan walters [EMAIL PROTECTED] wrote: I don't know about this I still am seeing problems with ipsec Auto generated rules being wrong and an empty tunnel still being made with 0.77. I know this is nothing to do with the above problem but 0.77 is problematic with ipsec mobile clients and no tunnels created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] iperf question
On 8/17/05, Randy B [EMAIL PROTECTED] wrote: I know this isn't likely the best forum for this question, but please bear with me. I've been seeing a lot of these iperf comments/questions, and decided to try to track down why my connection to my home firewall seems *so slow*. Installed the package and fired it up, and sure enough - although both ends are reporting they're negotiated at 100Mb/s, I'm only getting ~22Mb, which reeks strongly of 10Mb full-duplex. Not unless you're running both a client and server at each end. iperf is only send or receive (by default). Even at that, you'd max out at 20 Mb. If your ifconfig says it's 100 Mb, it's 100 Mb. I'd look elsewhere. Messing with speed and duplex is more likely to cause problems (duplex mismatch) than anything. Unless you have a duplex mismatch already, are both ends negotiating the same duplex? If so, what are the specs of your hardware? -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]