Re: [pfSense Support] Plugins
On 1/22/2010 7:41 PM, Fabian Abplanalp wrote: [snip - I don't use siproxd or spamd so I can't comment there] > OpenVPN is also a lot that should be improved asap, for testing purposes > I've installed an endian box (which has other ugly limitations), but at > least SIP and OpenVPN work as expected with a nice GUI. What exactly do you think needs "improved" in OpenVPN? Have you tried the 2.0 beta to see if the improvements have already been made? OpenVPN has always been solid for me and my customers, between the GUI options and custom options boxes I have been able to make most anything work. The 2.0 GUI and Certificate Manager make it even better, too. If you want to offer criticism, please be much more specific. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Plugins
Hi Mailinglist
Just a small comment about the Plugins:
spamd and sipproxy are some "musts" for many of my installations, but
the current state of those are very bad.
Usually I have to reboot the pfSense box to get a stable SIP connection,
and also SPAMD doesn't work as espected ("useless" buttons etc... mostly
it's used as a filter/forwarder to a m$ exchange server)... It would be
very nice if some people find time to fix them.
OpenVPN is also a lot that should be improved asap, for testing purposes
I've installed an endian box (which has other ugly limitations), but at
least SIP and OpenVPN work as expected with a nice GUI.
I am only a sysadmin, not a programmer, so I am sorry that I can't help
you on this.
Greetings,
Fabian
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense ad vmware
On Jan 23, 2010, at 7:17 PM, Eddy Ruiz Azcuy wrote: > Hi friends > > I've being experiencing some problems installing pfsense under vmware in > Windows XP, the problem is that pfsense only detects one interface.one le0 > and one plip0, Please help me .Thanks in advance. > > Add more interfaces by editting the VMware settings for your machine. -- /"\ Best regards,| re...@freebsd.org \ / Remko Lodder | re...@efnet Xhttp://www.evilcoder.org/| / \ ASCII Ribbon Campaign| Against HTML Mail and News - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Fwd: bogon filter update required
On Fri, Jan 22, 2010 at 10:26 AM, Paul Mansfield wrote: > > just a heads-up really about new IPv4 blocks now in use, so check your > bogon filter update scripts are working and you don't drop 1/8 and 27/8 > They update automatically and already have those removed. 1./8 finally assigned, knew it would happen eventually. For whatever reason I've seen a few networks using 1./8 as "private" address space. Connectivity problems are coming soon for those networks. Of course I've also seen networks using random assigned and active public IP space as their "private" IP space. Why I don't know, in those cases I've always been helping people who inherited a network wreck and helping clean it up. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Pfsense ad vmware
Hi friends I've being experiencing some problems installing pfsense under vmware in Windows XP, the problem is that pfsense only detects one interface.one le0 and one plip0, Please help me .Thanks in advance. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Fwd: bogon filter update required
just a heads-up really about new IPv4 blocks now in use, so check your bogon filter update scripts are working and you don't drop 1/8 and 27/8 Paul -- Forwarded message -- From: Leo Vegoda Date: 2010/1/21 Hi, The IANA IPv4 registry has been updated to reflect the allocation of two /8 IPv4 blocks to APNIC in January 2010: 1/8 and 27/8. You can find the IANA IPv4 registry at: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt Please update your filters as appropriate. The IANA free pool contains 24 unallocated unicast IPv4 /8s. Regards, Leo Vegoda Number Resources Manager, IANA ICANN - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Certificate Errors (Safari and Internet Explorer) using GoDaddy Wildcard SSL Certificates for Captive Portal SSL Login Page
On Thu, Jan 21, 2010 at 3:58 PM, Chris Buechler wrote: > That's a problem with the cert. That means the CA that signed your > cert isn't trusted by those browsers. That's what you get at times > with cut rate CAs like Godaddy, though that's where we get our certs > and I haven't seen any such issues on ours, I have on other certs I've > gotten from Godaddy in the past. I would contact them and complain, > any cert you pay for should be recognized by all the major browsers. > > I thought I might correct this misconception about why certificate chains exist. GoDaddy and other CAs have a master certificate which is installed in browsers. If they would use this master certificate to sign regular certificates and it would be compromised, they would need to have the certificate removed from everywhere it is installed (not an simple task). Instead, they create several other certificates and use those to generate regular certificates. Then, if there is a problem, they can revoke the sub-certificate. So your browser almost certainly has the GoDaddy root certificate installed, it just does not know the chain. The way I solved this problem (I get certs from StartSSL, and almost no one has the intermediate certificates from them) was by pasting the intermediate cert i nthe regular certificate box in the admin area. I am not sure if that is supposed to work, but I have not had any problems with it. - YK
AW: [pfSense Support] About promiscuous mode
-Ursprüngliche Nachricht- Von: Koray AGAYA [mailto:insanad...@gmail.com] Gesendet: Freitag, 22. Januar 2010 14:38 An: support@pfsense.com Betreff: [pfSense Support] About promiscuous mode Hi, I use 1.2.3-RELEASE Pfsense, System log have a error, I dont understand What is problem ? Jan 22 15:29:01 kernel: vge0: promiscuous mode disabled Jan 22 15:29:01 kernel: vge0: promiscuous mode enabled Jan 22 15:28:58 kernel: vge0: promiscuous mode disabled Jan 22 15:28:57 kernel: vge0: promiscuous mode enabled Jan 22 15:28:54 kernel: vge0: promiscuous mode disabled Jan 22 15:28:54 kernel: vge0: promiscuous mode enabled Jan 22 15:28:51 kernel: vge0: promiscuous mode disabled Jan 22 15:28:51 kernel: vge0: promiscuous mode enabled Jan 22 15:28:48 kernel: vge0: promiscuous mode disabled Jan 22 15:28:48 kernel: vge0: promiscuous mode enabled Jan 22 15:28:45 kernel: vge1: promiscuous mode disabled Jan 22 15:28:45 kernel: vge1: promiscuous mode enabled Jan 22 15:28:42 kernel: vge1: promiscuous mode disabled Jan 22 15:28:41 kernel: vge1: promiscuous mode enabled Jan 22 15:28:38 kernel: vge1: promiscuous mode disabled Jan 22 15:28:38 kernel: vge1: promiscuous mode enabled Jan 22 15:28:35 kernel: vge1: promiscuous mode disabled Jan 22 15:28:35 kernel: vge1: promiscuous mode enabled Jan 22 15:28:33 kernel: vge0: promiscuous mode disabled Jan 22 15:28:33 kernel: vge0: promiscuous mode enabled --- Do you have the rate package installed ? Then it's this... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] About promiscuous mode
On 1/22/2010 8:38 AM, Koray AGAYA wrote: > Hi, > > I use 1.2.3-RELEASE Pfsense, System log have a error, I dont > understand What is problem ? > > Jan 22 15:29:01 kernel: vge0: promiscuous mode disabled This is a part of how the Rate package operates. In that scenario, it's harmless log spam, there is no problem. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] DNS: domain override for PTR records
Hello, I'm using a redundant pfsense CARP cluster for providing firewall/DHCP/DNS to several servers and clients. To have more control over local DNS records, I have setup a powerdns daemon on a linux server behind the pfsense cluster and entered a domain override for a test domain in the DNS forwarder configuration page on both pfsense boxes. This works flawlessly, the pfsense forwards requests for the local domains to my linux box, while still using my ISP DNS servers for internet DNS lookups. However, I can't seem to add a domain override for my internal ip ranges reverse dns lookups (PTR records) My local network is a 10.150.0.0/16 divided in lots of /24 chunks using vlans. If I put 150.10.in-addr.arpa in the pfsense DNS domain override, it seems to have no effect. My powerdns server on my linux box is never receiving any queries from the pfsense boxes. (Tested using tcpdump, and also direct PTR queries to my powerdns work as they should) I know I could just hand out the ip of the powerdns server to the clients through dhcp, but that would cripple my redundant setup. As long as the powerdns only handles internal requests, internet connectivity won't be affected if the single powerdns server goes down for some reason. And setting up a secundary local DNS server and keeping it in sync with the primary, just for this purpose, just seems a bit overkill. What is the correct way to override the DNS server setup for local reverse dns lookups ? Thanks! Hans - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] About promiscuous mode
On Jan 22, 2010, at 2:38 PM, Koray AGAYA wrote: > Hi, > > I use 1.2.3-RELEASE Pfsense, System log have a error, I dont > understand What is problem ? > > Jan 22 15:29:01 kernel: vge0: promiscuous mode disabled > Jan 22 15:29:01 kernel: vge0: promiscuous mode enabled > Jan 22 15:28:58 kernel: vge0: promiscuous mode disabled > Jan 22 15:28:57 kernel: vge0: promiscuous mode enabled > Jan 22 15:28:54 kernel: vge0: promiscuous mode disabled > Jan 22 15:28:54 kernel: vge0: promiscuous mode enabled > Jan 22 15:28:51 kernel: vge0: promiscuous mode disabled > Jan 22 15:28:51 kernel: vge0: promiscuous mode enabled > Jan 22 15:28:48 kernel: vge0: promiscuous mode disabled > Jan 22 15:28:48 kernel: vge0: promiscuous mode enabled > Jan 22 15:28:45 kernel: vge1: promiscuous mode disabled > Jan 22 15:28:45 kernel: vge1: promiscuous mode enabled > Jan 22 15:28:42 kernel: vge1: promiscuous mode disabled > Jan 22 15:28:41 kernel: vge1: promiscuous mode enabled > Jan 22 15:28:38 kernel: vge1: promiscuous mode disabled > Jan 22 15:28:38 kernel: vge1: promiscuous mode enabled > Jan 22 15:28:35 kernel: vge1: promiscuous mode disabled > Jan 22 15:28:35 kernel: vge1: promiscuous mode enabled > Jan 22 15:28:33 kernel: vge0: promiscuous mode disabled > Jan 22 15:28:33 kernel: vge0: promiscuous mode enabled > Could it be that you have a status, where the current active IP's are listed? I know that there is one feature that has this, but I do not instantly remember it's name (pftop or something). Cheers, REmko -- /"\ Best regards,| re...@freebsd.org \ / Remko Lodder | re...@efnet Xhttp://www.evilcoder.org/| / \ ASCII Ribbon Campaign| Against HTML Mail and News - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] About promiscuous mode
Hi, I use 1.2.3-RELEASE Pfsense, System log have a error, I dont understand What is problem ? Jan 22 15:29:01 kernel: vge0: promiscuous mode disabled Jan 22 15:29:01 kernel: vge0: promiscuous mode enabled Jan 22 15:28:58 kernel: vge0: promiscuous mode disabled Jan 22 15:28:57 kernel: vge0: promiscuous mode enabled Jan 22 15:28:54 kernel: vge0: promiscuous mode disabled Jan 22 15:28:54 kernel: vge0: promiscuous mode enabled Jan 22 15:28:51 kernel: vge0: promiscuous mode disabled Jan 22 15:28:51 kernel: vge0: promiscuous mode enabled Jan 22 15:28:48 kernel: vge0: promiscuous mode disabled Jan 22 15:28:48 kernel: vge0: promiscuous mode enabled Jan 22 15:28:45 kernel: vge1: promiscuous mode disabled Jan 22 15:28:45 kernel: vge1: promiscuous mode enabled Jan 22 15:28:42 kernel: vge1: promiscuous mode disabled Jan 22 15:28:41 kernel: vge1: promiscuous mode enabled Jan 22 15:28:38 kernel: vge1: promiscuous mode disabled Jan 22 15:28:38 kernel: vge1: promiscuous mode enabled Jan 22 15:28:35 kernel: vge1: promiscuous mode disabled Jan 22 15:28:35 kernel: vge1: promiscuous mode enabled Jan 22 15:28:33 kernel: vge0: promiscuous mode disabled Jan 22 15:28:33 kernel: vge0: promiscuous mode enabled - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Certificate Errors (Safari and Internet Explorer) using GoDaddy Wildcard SSL Certificates for Captive Portal SSL Login Page
On 21 Jan 2010, at 22:14, Tancinco, Jon wrote:
> Thanks for your help Lyle. I’ve seen this solution...
>
> SSLEngine On
> SSLCertificateFile /etc/httpd/ssl/*.serverdensity.com.crt
> SSLCertificateKeyFile /etc/httpd/ssl/*.serverdensity.com.key
> SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt
>
> But since pfSense uses lighttpd, I don’t know how to add this line. And it
> get’s overwritten by the xml config file during reboot.
>
>
> -Jon
Jon,
I use Lighttpd for other production sites and also use GoDaddy for their SSL
certs.
Here's the relevant section from my lighttpd config
$SERVER["socket"] == "XXX.XXX.XXX.XXX:443" {
ssl.engine = "enable",
ssl.pemfile = "/etc/apache2/ssl/DOMAIN.ucc.pem"
ssl.ca-file = "/etc/apache2/ssl/gd_intermediate_bundle.crt"
}
BR
Merul
Re: [pfSense Support] Squid Stopping
squid need gateway, if use multi gateway, there must be a tcp_outgoing address defined on config squid.conf (squid.inc), if not define, squid use default gateway manual squid : http://www1.il.squid-cache.org/Versions/v2/2.7/cfgman/tcp_outgoing_address.html From: Rafael Cristian Sent: Friday, January 22, 2010 5:25 AM To: support@pfsense.com Subject: [pfSense Support] Squid Stopping HI guys, I'm having problems with the PFsense in version 1.2.2 in one of my clients. There are more or less installed pfsense squid 2.7.8.1 ,with squidguard+ 1.3.2, and load balance 2 adsl links. There are 2 days behind the pfsense caught when he called again and had lost all settings. I did the restore from a backup, but as there was no backup settings load balance had to redo it. I reversed, I made a little different, I left a link with adls PPPoE and the other adls with the router. OK But the problem is that from time to time my users complain that the internet connection drops. and after about 2 minutes it returns. What I could identify q is the service squid and squidguard are stopping. There is some problem in pfsense to do with pfsense loadbalance doing pppoe and other connected to a router? Has anyone had this problem or guide me what can I do? []'s Rafael Ávila __ Information from ESET NOD32 Antivirus, version of virus signature database 4791 (20100120) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 4791 (20100120) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
