Re: [pfSense Support] boot usb wothout bios support
Chris Buechler schrieb: On Tue, May 6, 2008 at 10:35 PM, Tortise [EMAIL PROTECTED] wrote: The older FreeBSD installations had a floppy boot disc, whether this could be adapted I have wondered? Not in this fashion, no. The only thing worse than booting from CDROM is booting from floppy - from a reliability point of view. Avoid it at all cost. Floppies are really previous-millenium-technology. Rainer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Road warrior on port 1194 and 1195
Hi all! I have 3 sites connected with 2 VPN tunnels each (A-B, A-C) Tunnel 1 is office net and tunnel 2 is education net. So I wonder if you can have Road warriors on both port 1194 and port 1195? I need to access both LAN and Education from @. Regards Leif - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] How to tell current OpenVPN clients
Thanks David. The management interface is easy to setup and use. However it presents a gaping security hole if you don't use localhost as you can kill current VPN connections. I also read this in the docs for the management interface after digging around to see if the interface could be secured: The management protocol is currently cleartext without an explicit security layer. For this reason, it is recommended that the management interface either listen on localhost (127.0.0.1) or on the local VPN address. It's possible to remotely connect to the management interface over the VPN itself, though some capabilities will be limited in this mode, such as the ability to provide private key passwords. (http://openvpn.net/index.php/documentation/miscellaneous/management-interface.html ) I tested it with two embedded boxes that I have in the wild (1.2RC4 and 1.2RELEASE), and the best thing IMHO is to add the custom option: management localhost 7505; And then SSH to the box and telnet localhost 7505. Out of curiousity, what was the reason you explicitly state not to use localhost? HTH and I appreciate the very useful pointer you gave. Merul On 6 May 2008, at 19:20, David Meireles wrote: Hi. Add this line in the costum options field of your OpenVPN Server: management PFSENSE-IP 7505; then telnet the pfsense host on port 7505 and type status or help :) NOTE: In PFSENSE-IP don't use 127.0.0.1!!! Type the LAN address of the pfsense host instead Ter, 2008-05-06 às 19:08 +0100, Merul Patel escreveu: Thanks Curtis, Does this work on the embedded version of pfSense? Thought I'd been pretty diligent about googling pre-posting, but apologies if not. BR Merul On 6 May 2008, at 19:03, Curtis LaMasters wrote: Enable the management interface or download the Java (All Platform). There's pretty good information on the management interface and GUI's for it on the OpenVPN website. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] boot usb wothout bios support
people have already suggested booting the live CD with the config on USB, so that problem's solved. try www.bootdisk.com for useful stuff, and I recommend Ultimate Boot CD as a valuable resource. http://www.ultimatebootcd.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] How to tell current OpenVPN clients
God point. The clear text problem is the least of your problems, since that you're not asked for any password when you connect to the management port. I supose that it could be defined some CIDR range in the costum options (like: management 192.168.1.1/24 7505), but not sure about it, and not going to test it now (if the VPN goes down now, my clients would kill me!!!) I advised you not to use localhost because I assumed that you would, like I do, were not the only one accessing the management interface. In my case, there is another person that has to access the management to check the client's IP and then VNC it Qua, 2008-05-07 às 10:25 +0100, Merul Patel escreveu: Thanks David. The management interface is easy to setup and use. However it presents a gaping security hole if you don't use localhost as you can kill current VPN connections. I also read this in the docs for the management interface after digging around to see if the interface could be secured: The management protocol is currently cleartext without an explicit security layer. For this reason, it is recommended that the management interface either listen on localhost (127.0.0.1) or on the local VPN address. It's possible to remotely connect to the management interface over the VPN itself, though some capabilities will be limited in this mode, such as the ability to provide private key passwords. (http://openvpn.net/index.php/documentation/miscellaneous/management-interface.html ) I tested it with two embedded boxes that I have in the wild (1.2RC4 and 1.2RELEASE), and the best thing IMHO is to add the custom option: management localhost 7505; And then SSH to the box and telnet localhost 7505. Out of curiousity, what was the reason you explicitly state not to use localhost? HTH and I appreciate the very useful pointer you gave. Merul On 6 May 2008, at 19:20, David Meireles wrote: Hi. Add this line in the costum options field of your OpenVPN Server: management PFSENSE-IP 7505; then telnet the pfsense host on port 7505 and type status or help :) NOTE: In PFSENSE-IP don't use 127.0.0.1!!! Type the LAN address of the pfsense host instead Ter, 2008-05-06 às 19:08 +0100, Merul Patel escreveu: Thanks Curtis, Does this work on the embedded version of pfSense? Thought I'd been pretty diligent about googling pre-posting, but apologies if not. BR Merul On 6 May 2008, at 19:03, Curtis LaMasters wrote: Enable the management interface or download the Java (All Platform). There's pretty good information on the management interface and GUI's for it on the OpenVPN website. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] How to tell current OpenVPN clients
Aside from writing a patch/package to pfsense to allow monitoring of OpenVPN clients, it seems to me that the easiest solution for finding the current OpenVPN connections is to write a shell script which you can call from the Diagnostics Execute command section of the UI. Something like this works fine and dandy: #!/bin/sh ( echo status sleep 2 echo quit ) | telnet localhost 7505 I just uploaded this using the Diagnostics tab of the UI, then logged in via SSH and moved it to a permanent location and set the script executable. Then you can just type it's path and execute it to get the current client list. On 7 May 2008, at 11:04, David Meireles wrote: God point. The clear text problem is the least of your problems, since that you're not asked for any password when you connect to the management port. I supose that it could be defined some CIDR range in the costum options (like: management 192.168.1.1/24 7505), but not sure about it, and not going to test it now (if the VPN goes down now, my clients would kill me!!!) I advised you not to use localhost because I assumed that you would, like I do, were not the only one accessing the management interface. In my case, there is another person that has to access the management to check the client's IP and then VNC it Qua, 2008-05-07 às 10:25 +0100, Merul Patel escreveu: Thanks David. The management interface is easy to setup and use. However it presents a gaping security hole if you don't use localhost as you can kill current VPN connections. I also read this in the docs for the management interface after digging around to see if the interface could be secured: The management protocol is currently cleartext without an explicit security layer. For this reason, it is recommended that the management interface either listen on localhost (127.0.0.1) or on the local VPN address. It's possible to remotely connect to the management interface over the VPN itself, though some capabilities will be limited in this mode, such as the ability to provide private key passwords. (http://openvpn.net/index.php/documentation/miscellaneous/management-interface.html ) I tested it with two embedded boxes that I have in the wild (1.2RC4 and 1.2RELEASE), and the best thing IMHO is to add the custom option: management localhost 7505; And then SSH to the box and telnet localhost 7505. Out of curiousity, what was the reason you explicitly state not to use localhost? HTH and I appreciate the very useful pointer you gave. Merul On 6 May 2008, at 19:20, David Meireles wrote: Hi. Add this line in the costum options field of your OpenVPN Server: management PFSENSE-IP 7505; then telnet the pfsense host on port 7505 and type status or help :) NOTE: In PFSENSE-IP don't use 127.0.0.1!!! Type the LAN address of the pfsense host instead Ter, 2008-05-06 às 19:08 +0100, Merul Patel escreveu: Thanks Curtis, Does this work on the embedded version of pfSense? Thought I'd been pretty diligent about googling pre-posting, but apologies if not. BR Merul On 6 May 2008, at 19:03, Curtis LaMasters wrote: Enable the management interface or download the Java (All Platform). There's pretty good information on the management interface and GUI's for it on the OpenVPN website. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] How to tell current OpenVPN clients
Would it be possible to write a firewall rule to only allow specific IP addresses inside to connect to the management interface on that specific port? I know IP's can be spoofed but it would at least lower some concern. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense Support] How to tell current OpenVPN clients
If a user has SSH or GUI access they can do anything they want with the box since AFAIK there is no conditional user access. Consequently I'm not sure what's wrong with binding the OpenVPN management interface to localhost and either telneting from within a SSH session or just running a shell script through the GUI. However in answer to your question I can't see any issue with setting up a firewall rule to block access to the port the interface is bound to. Just seems more hassle than it's worth. If my PHP were worth more than diddly squat I'd be tempted to write something. On 7 May 2008, at 16:47, Curtis LaMasters [EMAIL PROTECTED] wrote: Would it be possible to write a firewall rule to only allow specific IP addresses inside to connect to the management interface on that specific port? I know IP's can be spoofed but it would at least lower some concern. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
[pfSense Support] brilliant advice from a security audit...
This one is precious: quote Description: The remote host appears to be running a PPTP (VPN) service. This service allows remote users to connect to the internal network and gain a trusted user role. This service should be protected with a strong encryption scheme like IPSEC. By default the service leaks out such information as Server version (PPTP version), Hostname and Vendor string this could help an attacker better perpare her next attack. General solution: Restrict access to this port from untrusted networks. Make sure only encrypted channels are allowed through the PPTP (VPN) connection. /quote Seriously, if the client could use IPSEC why would you need PPTP?!??!?!?!?!!??!?! For those curious, the service doing the scanning is ScanAlert (the folks who bring you the HackerSafe seal of approval). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Unable to install pfSense 1.2 LiveCD
I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly These are a few of the errors. Others include: TEST_UNIT_READY SET MULTI SET FEATURES TRANSFER MODE. ad4 76298 MB WDC WD800AAJ5-18TDA 01.004 at ata2master UDMA33. I am looking through the archives now. Any help would be appreciated. Thank you, Dwane
Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Why on a so powerfull machine!? I think that you'll be wasting hardware ressources doing that setup... Anyway, do you get to the point of the instalation where you choose your kernel? Qua, 2008-05-07 às 16:15 -0500, Atkins, Dwane P escreveu: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly These are a few of the errors. Others include: TEST_UNIT_READY SET MULTI SET FEATURES TRANSFER MODE. ad4 76298 MB WDC WD800AAJ5-18TDA 01.004 at ata2master UDMA33. I am looking through the archives now. Any help would be appreciated. Thank you, Dwane
Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Try using a different CD-ROM drive, FreeBSD has been shown to be extremely picky with certain CD-ROM drives. Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly These are a few of the errors. Others include: TEST_UNIT_READY SET MULTI SET FEATURES TRANSFER MODE. ad4 76298 MB WDC WD800AAJ5-18TDA 01.004 at ata2master UDMA33. I am looking through the archives now. Any help would be appreciated. Thank you, Dwane - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
David, We do not get to a point of kernel installation. Dwane From: David Meireles [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:18 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Why on a so powerfull machine!? I think that you'll be wasting hardware ressources doing that setup... Anyway, do you get to the point of the instalation where you choose your kernel? Qua, 2008-05-07 às 16:15 -0500, Atkins, Dwane P escreveu: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly These are a few of the errors. Others include: TEST_UNIT_READY SET MULTI SET FEATURES TRANSFER MODE. ad4 76298 MB WDC WD800AAJ5-18TDA 01.004 at ata2master UDMA33. I am looking through the archives now. Any help would be appreciated. Thank you, Dwane
Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfSense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Thank you, Chris. I could get to the point where it brought the reboot screen. I chose to reboot into safemode where we saw an issue with IRQ 6 which is the embedded SATA IRQ. However, it did allow to start the install process of pfSense. I will try this tomorrow. Thank you for all your help. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Couple other suggestions: -Disable ACPI -make sure the BIOS is up to date. and other items here may help if all else fails. http://devwiki.pfsense.org/BootTroubleShooting Atkins, Dwane P wrote: Thank you, Chris. I could get to the point where it brought the reboot screen. I chose to reboot into safemode where we saw an issue with IRQ 6 which is the embedded SATA IRQ. However, it did allow to start the install process of pfSense. I will try this tomorrow. Thank you for all your help. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Chris, My apologies. Which file should I download. I did the pfSense.iso.gz, however it would not allow me to unzip this using winzip. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Unable to install pfSense 1.2 LiveCD
I will try that as well. Thanks all Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 5:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Couple other suggestions: -Disable ACPI -make sure the BIOS is up to date. and other items here may help if all else fails. http://devwiki.pfsense.org/BootTroubleShooting Atkins, Dwane P wrote: Thank you, Chris. I could get to the point where it brought the reboot screen. I chose to reboot into safemode where we saw an issue with IRQ 6 which is the embedded SATA IRQ. However, it did allow to start the install process of pfSense. I will try this tomorrow. Thank you for all your help. Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 4:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Atkins, Dwane P wrote: I am attempting to install pfSense on a Dell PowerEdge RS200 server. This has a 64 bit ES4500 2.2 Ghz Processor with 1 GB memory and 80 gig SATA hard drive. The install goes so far and then I start getting ad4: and acd0 errors (errors that occur on ad4 seem to occur on acd0 acd0: SET FEATURE ENABLE RCACHE: task timeout completing request directly acd0: SET FEATURE ENABLE WCACHE task timeout completing request directly SATA support in FreeBSD 6.2 doesn't always work well, 6.3 has proven to work much better with any box with SATA devices. I suggest trying this iso: http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfS ense_RELENG_1_2/ Which is pfSense 1.2 with a FreeBSD 6.3 base. There are about a dozen people running it in production, it works fine. It's similar to what 1.2.1 will be. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD
I had this same problem on the same model Dell server and resolved it by disabling ACPI: On the BSD boot menu, choose the disable acpi option Configure pfsense and install to the hard drive On the reboot, be prepared and quickly choose the disable acpi option again (you don't have but a couple of seconds) Add the following line to the end of /boot/loader.conf hint.acpi.0.disabled=1 Reboot and verify that pfsense loads Adam On May 7, 2008, at 3:09 PM, Atkins, Dwane P wrote: I will try that as well. Thanks all Dwane -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 07, 2008 5:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD Couple other suggestions: -Disable ACPI -make sure the BIOS is up to date. and other items here may help if all else fails. http://devwiki.pfsense.org/BootTroubleShooting - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Unable to install pfSense 1.2 LiveCD
Am 08.05.2008 um 00:09 schrieb Atkins, Dwane P: I will try that as well. Can't you unplug the internal CD drive and use an USB one to install? Or does it complain nevertheless? Rainer -- Rainer Duffner CISSP, LPI, MCSE [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: brilliant advice from a security audit...
Vivek Khera wrote: This one is precious: quote Description: The remote host appears to be running a PPTP (VPN) service. This service allows remote users to connect to the internal network and gain a trusted user role. This service should be protected with a strong encryption scheme like IPSEC. By default the service leaks out such information as Server version (PPTP version), Hostname and Vendor string this could help an attacker better perpare her next attack. General solution: Restrict access to this port from untrusted networks. Make sure only encrypted channels are allowed through the PPTP (VPN) connection. /quote Seriously, if the client could use IPSEC why would you need PPTP?!??!?!?!?!!??!?! Ease of setup is usually the reason. The main reason of the warning is that it is possible to use PPTP with no or very weak encryption. For those curious, the service doing the scanning is ScanAlert (the folks who bring you the HackerSafe seal of approval). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: brilliant advice from a security audit...
On Wed, May 7, 2008 at 7:49 PM, Ugo Bellavance [EMAIL PROTECTED] wrote: Ease of setup is usually the reason. The main reason of the warning is that it is possible to use PPTP with no or very weak encryption. Sure, the issue isn't the output itself, it's the suggestion you run PPTP over IPsec. It's a wtf since if you're using IPsec, you're not going to be using PPTP. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
