[pfSense Support] Multiwan suggestions before v. 2.0 ...
Hi all. I've read that complete multiwan support will be available only with 2.0 version of pfsense, but I'd like to know if You've some suggestion for doing something similar, also using many pfsense instead of single one, or something else. Thanks and cheers. Tebano. _ More than messages–check out the rest of the Windows Live™. http://www.microsoft.com/windows/windowslive/
Re: [pfSense Support] Multiwan suggestions before v. 2.0 ...
On Sun, May 31, 2009 at 7:03 AM, Tebano epaminonda l_epa_m_ino...@hotmail.com wrote: Hi all. I've read that complete multiwan support will be available only with 2.0 version of pfsense, but I'd like to know if You've some suggestion for doing something similar, also using many pfsense instead of single one, or something else. I have no idea what you're talking about. There is complete multi-WAN support in 1.2.x. What are you wanting to accomplish? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
Benjamin Fromme wrote: Hi List, we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we have configured AES256 as the only encryption algorithm and everything works fine. Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on this box are broken. The 1.2.2 boxes show the tunnel as working, on the 1.2.3RC1 box we see the following in the logs: [snip] When we configure the tunnels with 3DES instead of AES every works fine again?! Any ideas? Thanks! Can you try a more recent 1.2.3-RC snapshot based on FreeBSD 7.2? ipsec-tools was upgraded to a version from their CVS tree, 0.8-something. It's been working great for me, it fixed a lot of DPD/Peer Loss issues, and seems to work fine. I haven't tried it with AES yet, but it may help in your situation. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Milliseconds latency QOS
Hi! El vie, 29-05-2009 a las 13:50 -0600, David Burgess escribió: On Fri, May 29, 2009 at 1:07 PM, Jeppe Øland jol...@gmail.com wrote: So... if a priorice a host over alll, why if I do a ping from the priorized hots I have 27 millisenconds, but when from othre host in the LAN I upload a file, the latency of the icmp grows to 220-270? Yes that is normal. Unless you also set ICMP to use a high-priority queue, it will go in the same queue as the upload. VOIP should still go in the high priority one. But I priorize a entire host... I priorize the thost 192.168.1.1, I upload a file from host 192.168.1.12 to internet, and theping in 192.168.1.11 increases a lot... If I set the rule, that says all the traffica originated from 192.168.1.11 it includes ICMP to... I want priorize 192.168.1.11 over ALL of my hosts, so a ping in this host moe or less, have to be the same no? Thanks You can try something like www.testyourvoip.com from your PC and see what latency it reports with/without an upload running at the same time. You can also make a VOIP call and look at the Status/Queues graphs ... all the VOIP traffic should go to the higher priority queue, and the upload should be in the default one. Definitely check your queues. My experience is that even higher priority packets show increased latency when the queue is full. I suppose it has to do with the length of the queue, or perhaps the increased load of sorting the queue when busy. At the same time, I have found that the ill effects on voip are imperceptible. In other words, if your QoS is properly set up, you may see the numbers change, but the subjective experience should be little to no different regardless of how busy the network is. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Milliseconds latency QOS
So... if a priorice a host over alll, why if I do a ping from the priorized hots I have 27 millisenconds, but when from othre host in the LAN I upload a file, the latency of the icmp grows to 220-270? Yes that is normal. Unless you also set ICMP to use a high-priority queue, it will go in the same queue as the upload. VOIP should still go in the high priority one. But I priorize a entire host... I priorize the thost 192.168.1.1, I upload a file from host 192.168.1.12 to internet, and theping in 192.168.1.11 increases a lot... If I set the rule, that says all the traffica originated from 192.168.1.11 it includes ICMP to... Ah yes I missed that bit. Indeed in that case I would say you should probably see *some* increase in latency - but +250 ms seems too high. Again, try watching the Queue display while making a call/upload - maybe your queues are not set right. Another thing to try is to set the upstream pipe to be a lot smaller than the actual availability on your line. So if you have 512 kbit upstream, set it to 256 kbit. It has to be set to something less than what you actually have available - maybe 5% less. If you are one a shared bandwith circuit (like cable or most wireless ISPs) you can either set it at the worst case ever observed, or at something you feel is a reasonable tradeoff. With shared bandwith the shaper can only do so much. Also, make sure your DOWNSTREAM pipe size is set *higher* than your connection. You really can't do much to shape the downstream connection, so you want the limits to be high so as to essentially do nothing. Things really go haywire latency-wise when you try enforcing limits on the downstream channel. Regards, -Jeppe
Re: [pfSense Support] Recom mended pfSense Hardware (UK ~£100) ?
On Sat 14 Feb 2009 02:14:35 NZDT +1300, Gavin Spurgeon wrote: These are the units I have had as my 1st choice:- http://linitx.com/viewproduct.php?prodid=12346 ALIX 2C3 + case. What are my options if I need 4 NICs (not UK, but the options so far have been international)? Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Recommended pfSense Hardware ( UK ~£100) ?
soekris.com comes to mind. I use a net5501, but I think some of their less expensive boards might have 4 nics. Of course there is a variety of pci cards available that provide 2 or 4 nics as well. On Sun, May 31, 2009 at 7:20 PM, Volker Kuhlmann list0...@paradise.net.nzwrote: On Sat 14 Feb 2009 02:14:35 NZDT +1300, Gavin Spurgeon wrote: These are the units I have had as my 1st choice:- http://linitx.com/viewproduct.php?prodid=12346 ALIX 2C3 + case. What are my options if I need 4 NICs (not UK, but the options so far have been international)? Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
