[pfSense Support] Traffic Graph kills FireFox 2.0.0.11

[Chuck Benson]

I see some earlier discussion of either the same or a similar problem on 
the forum, but with no resolution. I upgraded to 1.2-RC4 and still have 
crashes trying to display the traffic graph. I would install the Adobe 
viewer, but see that it is scheduled for end of life. Any work around 
for this?


Chuck Benson


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Traffic Graph kills FireFox 2.0.0.11

[Chuck Benson]

RB wrote:

On Jan 16, 2008 10:22 PM, Scott Ullrich <[EMAIL PROTECTED]> wrote:
  

I cannot duplicate this behavior on OSX nor on Windows Xp.  Anyone else?



OSX negative - both the full graph and the embedded ones (5
concurrent) in the Dashboard package.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  
The only additions I can make right now, are that I did try with a priv 
account with all extensions disabled. The fault occurs in ivplugin.dll.


Chuck Benson

Re: [pfSense Support] Traffic Graph kills FireFox 2.0.0.11

[Chuck Benson]

Scott Ullrich wrote:



On Jan 17, 2008 1:24 AM, Chuck Benson <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


The only additions I can make right now, are that I did try with a
priv account with all extensions disabled. The fault occurs in
ivplugin.dll.


Good ol'  Norton Internet Security installed??

Scott


Oh, I see. That probably is the source of the difficulty. Thank you.

I wonder if that is what the previous cases were too.

Chuck Benson


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Traffic Graph kills FireFox 2.0.0.11

[Chuck Benson]

Scott Ullrich wrote:



On Jan 17, 2008 1:24 AM, Chuck Benson <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


The only additions I can make right now, are that I did try with a
priv account with all extensions disabled. The fault occurs in
ivplugin.dll.


Good ol'  Norton Internet Security installed??

Scott


Yes, is this a problem?

Chuck Benson

Re: [pfSense Support] pfsense and soekris 5501

[Chuck Benson]

Ronald L. Rosson Jr. wrote:
Has nyone had any issues with a NET5501 and pfsense? Either with a HD 
or CF install?


TIA

-Ron


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Did my install using VMware on a laptop. Did most of config and set 
serial console. Then installed SATA disk into 5501. Works well. If you 
want to support VLANs, Soekris 4 port Ether seems to work well.


Chuck Benson


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] tail -f and crappy output

[Chuck Benson]

Günter Warfmeier wrote:

Whenever I use the tail command on filter.log, ipsec.log, system.log or
dhcpd.log I'm ending up with something like "3CLOG
" and tail stops
producing output.
I must admit that I'm relative new to FreeBSD, I'm mostly using Linux
and google didn't help, so please forgive me if this question is silly  =]

Cheers,
Günter


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  
The log file is a circular log, as such, tail is not appropriate. If you 
use remote logging to another machine, you can apply "tail -f" there 
with success.


The circular log prevents continual growth and allows in memory logging 
on embedded systems.


If all of the machines that you are protecting are M$ flavored, consider 
Kiwi Syslog.


Chuck Benson


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] In IPSec, phase 1 auth mode rsa signature generates errors

[Chuck Benson]

racoon: WARNING: /var/etc/racoon.conf:9: ""peer1-signed.pem" Please use 
'peers_certfile x509 "peer1-signed.pem";' instead
racoon: WARNING: /var/etc/racoon.conf:9: ""peer1-signed.pem" This 
directive without certtype will be removed!


Also, it appears that the peer identifier gets set to address, even when 
you have fqdn for my_identifier and want to make things symmetric.


Am I missing something, or must I use just what is used in the example 
to get this to work?


Chuck Benson


smime.p7s
Description: S/MIME Cryptographic Signature

[pfSense Support] In IPSec, phase 1 auth mode rsa signature generates errors

[Chuck Benson]

racoon: WARNING: /var/etc/racoon.conf:9: ""peer1-signed.pem" Please use 
'peers_certfile x509 "peer1-signed.pem";' instead
racoon: WARNING: /var/etc/racoon.conf:9: ""peer1-signed.pem" This 
directive without certtype will be removed!


Also, it appears that the peer identifier gets set to address, even when 
you have fqdn for my_identifier and want to make things symmetric.


Am I missing something, or must I use just what is used in the example 
to get this to work?


Chuck Benson

P.S.: Sorry for the re-post, but I it has been pointed out that I 
generated the first post as part of another thread, inappropriately. If 
someone replies, please answer this message and not the previous.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [pfSense Support] SSL Offloading

[Chuck Benson]

Nathan Eisenberg wrote:


Hey PfSense Gurus –

I’ve got a half dozen redundant PFSense WWW load balancing clusters in 
production, and yet I’ve never had to worry about this particular 
requirement before now. I suspect I already know the answer, but I 
wanted to check in and make sure.


I have a client whose IIS application must be blissfully unaware that 
it is being encapsulated in SSL. There is an ISAPI filter they wrote 
to handle their custom authentication system, and having the internal 
traffic pass through the SSL encapsulation in IIS breaks it. Their 
solution was to use an old F5 SSL accelerator to offload the SSL 
traffic out of the environment.


Now, I have utterly no interest in using that particular piece of 
equipment to accomplish this task, but I am also unsure how to exactly 
accomplish this goal. My preference would be to do this at the PFSense 
load balancer, rather than installing additional hardware for this 
purpose. Is there some functionality like this in PFSense, perhaps via 
a package?


If not, is there another open source solution that you’d recommend 
(probably off list since it would be offtopic)? When thinking about 
what I want to accomplish, my brain said ‘apache SSL proxy’ – would I 
be on the right track there?


Best Regards

Nathan Eisenberg

Sr. Systems Administrator

Atlas Networks, LLC

supp...@atlasnetworks.us <mailto:supp...@atlasnetworks.us>

http://support.atlasnetworks.us/portal

Use the stunnel package? Though load balancing it may interfere with 
load balancing (or load balancing may interfere with it). I'd try it and 
see how it works for a single address.


Chuck Benson



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [pfSense Support] AINA Bogon List Update

[Chuck Benson]

Evgeny Yurchenko wrote:

Chris Buechler wrote:

On Wed, Aug 5, 2009 at 7:27 AM, Joseph Hardeman wrote:
  

Greetings Everyone,

Just wanted to make you aware, if you weren't already, that on Aug 3rd 2009
IANA has recently assigned two IP Ranges that were previously Bogon Ranges
out to the wild.  The IP Ranges are:

  

---clipped
The bogon list on our servers updates automatically, which your
firewalls pull from automatically on the first of each month. It's
generally updated well in advance of new IP space being used, so it's
not anything you need to be concerned about, or even pay attention to
their mailing list unless you manually maintain bogon listings
elsewhere.

  
Nevertheless once I run into this issue 
http://forum.pfsense.org/index.php/topic,12603.0.html

So, it's better to be informed
Eugene.
---clipped 
As an example of why someone might be doing this elsewhere, if you are 
using a dual-wan configuration, checking bogons on the second network 
can be useful.


Unfortunately, when I went to look this month, the site was not 
available. A temporary flag was in its place.


Chuck Benson

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org