Re: [pfSense] Wireless Issues

On Sep 23, 2011, at 11:45 PM, Chris Brennan wrote: > I've got pfSense 2.0 running and for the wired side of my LAN, it works fine. > The problem is my Wireless LAN. I can associate just fine, but none of my > wireless devices (Blu-Ray Player, Sony TV, iPod, Android Phone) cannot browse > to th

Re: [pfSense] Wireless Issues

On Sep 24, 2011, at 12:07 AM, Chris Brennan wrote: > On Sat, Sep 24, 2011 at 2:52 AM, Chris L wrote: > Umm. > > On the wireless clients, check: > > Assigned addresses > Assigned netmask > Assigned default gateway > Assigned DNS servers > > There's

Re: [pfSense] Wireless Issues

On Sep 24, 2011, at 8:22 AM, Chris Brennan wrote: > On Sat, Sep 24, 2011 at 3:34 AM, Chris L wrote: > > Yes, all the clients are assigned IP's via DHCP, so that wouldn't matter > > anyway. > > It matters if they're given wrong info. > > > I

Re: [pfSense] Wireless Issues

On Sep 24, 2011, at 5:29 PM, Chris Brennan wrote: > > Oh and here is a screenshot of my Wireless firewall settings -> > http://i.imgur.com/wFgnn.png, If more information is needed, please, > let me know and I will provide it. > Are you trying to use the same IP network on the Wireless interfac

Re: [pfSense] Wireless Issues

On Sep 24, 2011, at 11:44 PM, Chris Brennan wrote: > On Sun, Sep 25, 2011 at 1:58 AM, Chris Brennan wrote: > As far as I know, it is bridged. I was looking around today but I > couldn't find any kind of bridging interface in the pfsense GUI. I'm > not home right now, but will be shortly, then to

Re: [pfSense] Wireless Issues

On Sep 25, 2011, at 12:26 PM, Chris Brennan wrote: > On Sun, Sep 25, 2011 at 2:57 AM, Chris L wrote: > Yes, it certainly seems that both the LAN and Wireless interfaces should be > in the same bridge group. > > Interfaces->(assign)->Bridges > > According to that

Re: [pfSense] Wireless Issues

On Sep 25, 2011, at 12:48 PM, Chris Brennan wrote: > On Sun, Sep 25, 2011 at 3:30 PM, Chris L wrote: > It doesn't make sense to me to have the LAN interface in two different bridge > groups. > > If you want LAN, WLAN, and OPT1 in the same bridge, why not put them in one

[pfSense] PPTP Firewall Rules

pFsense 2.0.1 I just had some trouble getting inbound PPTP sessions to work. Configured it, created a user, created a rule allowing PPTP traffic to the destination LAN, and couldn't connect from the outside because the server would not respond and the connection would time out. I checked the

Re: [pfSense] [Filters engaged]

On Oct 9, 2013, at 3:20 PM, Joe Landman wrote: > I just worked out setting up new filters for the recent S/N destroying, high > tin-foil-hat content, on gmail. Since people pleading for this to go away > hasn't worked, technological measures to restore S/N for my inbox on this > list have be

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

On Oct 9, 2013, at 9:06 PM, Michael Schuh wrote: > ridiculous Head, meet sand. Then again, consider the country of origin. They have a history of not recognizing naked tyranny and evil until it's far too late. They will be in good company with all the apologists for the current American sur

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

, 2013, at 10:46 PM, Michael Schuh wrote: > @Chris L > > i am not responsible, if you didn't get it. > > if one comes to me with worries about an completely free open source system > by using an Closed Source SHIT. > <<< this is ridoculous > > He sho

Re: [pfSense] naive suggestion: conform to US laws

> On 2013-10-12 01:40, Jim Thompson wrote: >> >> I'm not willing to endure this uninformed Alex Jonesian crapfest. Nice position to take, except Alex Jones was right. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinf

Re: [pfSense] newsyslog: No such file or directory

On Oct 17, 2013, at 6:43 AM, Andreas Meyer wrote: > Vick Khera wrote: > >> curious. i have email notifcations on, but I do not receive errors from >> cron. i wonder why. >> >> the newsyslog binary seems to not be on the system. normally on freebsd it >> is in /usr/sbin. seems like an error to

Re: [pfSense] issue a STARTTLS command

On Oct 17, 2013, at 3:31 AM, Andreas Meyer wrote: > Warren Baker wrote: > >> On Thu, Oct 17, 2013 at 11:43 AM, Andreas Meyer wrote: >>> I thougt if I set "Notification E-Mail auth username (optional)" >>> with the password, some kind of SASl is used. If I set it, the log says: >>> >>> php: /

Re: [pfSense] Very slow printing when 2 of pfSense on network

On Oct 24, 2013, at 1:16 PM, "Pete Boyd" wrote: > From what you've given me I've managed to fix the printing issue by making > this alteration on Windows workstations: > > Windows Firewall -> Advanced -> ICMP -> Settings -> [*] Allow redirect > > I'm going to investigate the performance issues

Re: [pfSense] Apple Messages Blocked

On Jan 15, 2014, at 2:29 PM, Paul Galati wrote: > I must have something misconfigured. Since I was not able to successfully > create the right NAT and/or RULES to make this work, I decided to change the > IP address of the client behind the pf firewall to a static address that does > have a 1

Re: [pfSense] Captive Portal Bug in 2.1.1

You could look at the commit below, download the appropriate /etc/inc/captiveportal.inc file, and manually apply it. No need to reinstall firmware for one change to one file. On Feb 24, 2014, at 2:45 PM, Brian Caouette wrote: > OK but you said it was fixed for latest snapshot. When should I t

Re: [pfSense] Captive Portal questions - Interstitial page

I don’t think so. Your remote system will not have access to the things pfSense needs to add the captive portal bypass entries to ipfw. Namely the MAC address associated with the IP Address. A RADIUS Server could be remote. On Feb 27, 2014, at 8:17 AM, Ryan Coleman wrote: > Can I have the i

Re: [pfSense] Captive Portal questions - Interstitial page

per POST URL based on what property the request is coming from unless they’re all the same. Pre-Auth URL such as: http://my_thanks_for_coming_host.com/thanks.php?property=property_one Would probably get you there. > > On Feb 28, 2014, at 9:34 PM, Chris L wrote: > >> I don’t th

Re: [pfSense] pfSense version 2.1.1 has been released

Does “custom screens” mean customizations to index.php as well? captiveportal.inc and index.php always get whacked in an upgrade. On Apr 7, 2014, at 10:46 AM, Brian Caouette wrote: > I love the CP. Have some nice customs screens made up for it. Not sure what > happen. > > On 4/7/2014 1:26 PM,

Re: [pfSense] Network Traffic Monitoring w/o Webgui

See Also: www.opennms.org > > > FOSS = Free/Open Source Software (what MRTG, Linux, FreeBSD, pfSense are, as > different from what Microsoft or HP sell) > > > > Cacti is a web based system, from http://www.cacti.net/, that uses the > technology that powers MRTG to build a nice web based sy

Re: [pfSense] blog.pfsense.org OCSP lookup fails

On May 11, 2014, at 7:21 AM, Angus Scott-Fleming wrote: > I was trying to read a post at https://blog.pfsense.org/ > but Firefox reports an OCSP failure at this site. > >Problem loading page >https://blog.pfsense.org/?p=1287 > >Secure Connection Failed > >An error occurred dur

Re: [pfSense] pfsense 2.1.3 and IPv6 problem

Instead of generic, local ifconfig information, it might be more beneficial to concentrate on a specific site that isn’t working and work back from there. If you fix one, you might just fix them all. In dual-stack, I have found that the problem is usually receiving a good record when query

Re: [pfSense] pfsense 2.1.3 and IPv6 problem

configured” page for both. That’s expected (HTTP 1.1) and indicates it’s all working as it should. Note that the nameserver at 192.168.223.1/2001:470:f00e:223::1 is pfsense 2.1.3 with an IPv4 connection and an HE tunnel over that. What do you get? See Also: www.whatismyipv6.com > regards

Re: [pfSense] pfsense 2.1.3 and IPv6 problem

On May 15, 2014, at 7:15 AM, R. Svejda wrote: > > On 14/05/14 17:55, Chris L wrote: >> On May 14, 2014, at 2:51 AM, R. Svejda wrote: >> >>> Hi Chris >>> >>> generally full agreement with your suggestion, but that's not my problem. >>

Re: [pfSense] Poweredge 2850

Citrix XenServer is worth a look too. On May 20, 2014, at 11:03 AM, Ryan Coleman wrote: > Same here - 4 servers around the country running it. > > > On May 20, 2014, at 12:57, Doug Lytle wrote: > What software is available to do virtual machines? >> >> I'm currently using ESXi 5.1

Re: [pfSense] vmware

I call [OT] Please read a manual / move to an ESXi list. On May 28, 2014, at 8:34 AM, Brian Caouette wrote: > virtual switch? > > On 5/28/2014 11:18 AM, Doug Lytle wrote: With a hardware configuration of two nics wan/lan how does each vm use them? >> On my home ESXi system, the com

Re: [pfSense] Network Topology - Home Lab

On Jun 28, 2014, at 11:18 PM, Jonatas Baldin wrote: > Hi guys, how are you doing? I hope someone can bring me some lights here haha > I know this thread isn't about pfSense specific, it's more a network > discussion, but I know someone here can help! Plus, if you know some good > mailing list

[pfSense] Hang Outs

Is there an official way to request/suggest hangout topics? I’d love to see “Traffic Shaping with HFSC" ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Sizing DHCP for Captive Portal

All - I’m trying to be sure a fairly decent sized captive portal install has a good chance at working when I turn it on. Current DHCP pool is 1437 Active, 6264 Expired (free) on a /19 with no active portal. DHCP Settings are Default 86400 Max 86460 (1 day.) Captive portal settings are: No Au

Re: [pfSense] IPv6 and OS X?

On Aug 14, 2014, at 9:47 PM, Benno Rice wrote: > > > Even though the network configuration is set up to automatically configure > IPv6 (and has done in the past, when I was using a FRITZ!Box on Internode > ADSL in Australia) and the pfSense system is definitely sending the router > advertis

[pfSense] Crash Dump Analysis?

Looks like this is the crucial text from the dump: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x420 fault code = supervisor read data, page not present instruction pointer = 0x20:0x8023be83 stack pointer = 0x2

Re: [pfSense] pfsense DNS routing issue

On Sep 24, 2014, at 8:58 AM, Ehsan Sabri wrote: > Hey everyone, > > I hope you are well. I am having some issues in connecting to the internet to > install packages using my pfsense box [2.1.5-RELEASE] and was looking for > some help if possible. I have 1 WAN (with gateway) and 2 LAN interfac

Re: [pfSense] NIC support

On Oct 15, 2014, at 12:59 AM, Ulrik Lunddahl wrote: > Will A SMB without L3 capable switches, that needs routing between 3-4 local > subnets (LAN, SERVERS, WIRELESS/GUEST, OTHER/DMZ) as close to wirespeed as > possible, be happy with a C2758. ? > > Very. > > Is a dual socket Xeon a bit f

Re: [pfSense] pfsense h/w

On Oct 23, 2014, at 9:06 AM, Jim Thompson wrote: > We don't release the tuning info, and, incredibly, a couple people a month > write in demanding it. Does this mean there’s a special, hardware-specific version of pfSense (or a package or ?) or is the tuning in the hardware itself? __

Re: [pfSense] pfsense h/w

On Oct 23, 2014, at 1:13 PM, Adam Thompson wrote: > On 14-10-23 03:06 PM, Chris L wrote: >>> We don't release the tuning info, and, incredibly, a couple people a month >>> write in demanding it. >> Does this mean there’s a special, hardware-specific version

Re: [pfSense] Vlan Question

On Oct 29, 2014, at 10:54 AM, Jon Munford wrote: > I have an "internet vlan" that is Vlan 10. Right now I have the traffic > tagged on my L3 switch and PFsense and all is working well. My issue is that > my internet filter that sits between the two needs to have an untagged vlan. > While my

Re: [pfSense] Vlan Question

On Wed, Oct 29, 2014 at 12:59 PM, Chris L wrote: > On Oct 29, 2014, at 10:54 AM, Jon Munford wrote: > > > I have an "internet vlan" that is Vlan 10. Right now I have the traffic > > tagged on my L3 switch and PFsense and all is working well. My issue is > > t

Re: [pfSense] Limit bandwith pr user / ip

On Nov 1, 2014, at 4:07 PM, Morten Christensen wrote: > I am going to setup pfSense as gateway/firewall in front of a small wireless > broadband system with 10 to 20 houses connected. > > We want to prevent one single house from taking up all bandwith, when other > users can use their share,

Re: [pfSense] Limit bandwith pr user / ip

On Nov 1, 2014, at 11:15 PM, Vassilis V. wrote: > Thank you Chris! > > Since I am interested in this too, are there any tricks when you want to > do the same but you have a multi-WAN setup, or ,probably even worse, a > multi-WAN setup with different WAN bandwidth? With multi-WAN, you would pr

Re: [pfSense] secure management access on transparent bridge firewall

Management VLAN. On Dec 8, 2014, at 9:08 AM, Richard Lussier wrote: > Hi, > > We are providing Internet access to coop housing (50 units) > We have a transit access to the exchange via Fiber and a /26 public IPV4 > addresses. > > I purchased a Netgate C2758 router to be able to do limiter an

Re: [pfSense] Aliases are auto-deleted

On Dec 9, 2014, at 1:13 PM, Volker Kuhlmann wrote: > Is this why gateway monitoring is active by default? I'd have guessed > most pfsense installs to be single WAN. What would gw monitoring be > useful for then? Nothing could be done about the Internet going > offline. It’s nice to have the RRD

Re: [pfSense] Aliases are auto-deleted

On Dec 9, 2014, at 2:04 PM, Volker Kuhlmann wrote: > On Wed 10 Dec 2014 07:39:36 NZDT +1300, Ryan Clough wrote: > >> I, too, am using aliases which do not retain domain names or IP addresses. > > I opened https://redmine.pfsense.org/issues/4087 > > What happens is that a rule reload, which ca

Re: [pfSense] Client-Side 1:1 NAT for IP address conflicts w/ VPN

On Dec 9, 2014, at 8:53 PM, Karl Fife wrote: > In the wild, I'm seeing a an increasing number of crappy consumer/ISP > routers with subnets that conflict with ours (10../8). Comcast appears > to be a common offender, curiously allocating the largest private subnet > to their smallest customers.

Re: [pfSense] Very slow traffic from other VM's through pfSense 2.2RC on XenServer

> On Dec 27, 2014, at 3:25 PM, Morten Christensen wrote: > > > Den 22-12-2014 kl. 20:43 skrev Morten Christensen: >> >> Den 20-12-2014 23:33, Morten Christensen skrev: >>> I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver Creedence >>> beta 3. >>> >>> Both have a pfSense 2.2 R

Re: [pfSense] How to change driver for NIC

> On Jan 4, 2015, at 1:42 PM, Morten Christensen wrote: > > > Den 04-01-2015 kl. 18:57 skrev compdoc: >>> Is it impossible to try to improve on pfSense 2.2's problem in pfSense >> You might not be the only person having the problem, but I haven't >> researched to know for sure. >> >> Sometimes

Re: [pfSense] Enforcing policy routing gateway

On every rule that specifies a gateway, set a mark on the traffic then block the traffic with the mark on the interface(s) you don’t want it to egress. Say you have GW_WAN1 and GW_WAN2. On the rule that policy routes traffic out GW_WAN2, make the rule also set a mark of WAN2_ONLY. Then make a

Re: [pfSense] New pfSense 2.2 install

> On Jan 29, 2015, at 8:53 AM, compdoc wrote: > >> The link I'm working with is: > >> http://www.malwaredomainlist.com/hostslist/ip.txt > > > When an alias is created with this url, do you know where the list is stored > on pfSense? I just want to see if I've created the alias correctly and t

Re: [pfSense] 2.2 Packages

> On Jan 30, 2015, at 12:07 PM, Brian Caouette wrote: > > Where is a good place to monitor for package updates for 2.2? I had to revert > back to 2.1.5 after a fatal error shut me down. > I have had pretty good success getting an RSS feed on the 2.1 branch of the main pfsense github reposito

Re: [pfSense] 2.2-RELEASE (i386) - FTP passive mode broken

> On Feb 9, 2015, at 9:18 AM, Sergii Cherkashyn > wrote: > > After pfSense upgrade to 2.2, clients’ connection to FTP server is broken. > > > > On the server side we see that the server tells the client to connect to port > in 5000-5050 range per our settings, but the client that is behind

Re: [pfSense] Multi-WAN port forwarding

SIP is UDP, not TCP. > On Feb 12, 2015, at 12:33 PM, Tiernan OToole wrote: > > Morning all. > > I have a question I hope someone can help me with. > > I have my PFSense server with 3 WAN connections, load balanced and I need to > start forwarding ports, specifically SIP ports. I have done p

Re: [pfSense] serial port sadness

> On Feb 25, 2015, at 12:12 PM, Volker Kuhlmann wrote: > > On Thu 26 Feb 2015 07:19:04 NZDT +1300, Jim Pingle wrote: > >> http://www.amazon.com/gp/product/B00AHYJWWG > > Yes useful for many occasions. > However as a first step having a two bucks gender bender and trying with > and without will

Re: [pfSense] default firewall rules

Look again. The default WAN rules block all inbound traffic on 2.1.5 and 2.2. This is actually implemented by the absence of any default rules on WAN. > On Feb 26, 2015, at 4:19 PM, Randy Bush wrote: > > could someone whack me with a clue bat as to why the default install has > filters for rf

Re: [pfSense] Running as a VM, multiple WAN subnets

Hopefully the provider can just route the additional subnet to your existing WAN IP. Then you don’t need to do anything with CARP/HA except make sure primary and secondary are both set up to deal with the routed traffic. > On Feb 27, 2015, at 9:59 AM, Steve Yates wrote: > > After learni

Re: [pfSense] Running as a VM, multiple WAN subnets

> On Feb 27, 2015, at 10:21 AM, Chuck Mariotti wrote: > > I am starting this weekend to setup the same situation... So a simple > failover situation requires that we have TWO public IP addresses then? > I am starting to second guess if it's smart to use a VLAN on a shared switch. > If it fails

Re: [pfSense] Running as a VM, multiple WAN subnets

> On Feb 27, 2015, at 12:37 PM, Steve Yates wrote: > > Chris L wrote on Fri, Feb 27 2015 at 12:10 pm: > >> Hopefully the provider can just route the additional subnet to your existing >> WAN IP. Then you don’t need to do anything with CARP/HA except make sure >>

Re: [pfSense] how to get to CARP settings in 2.2?

To set up the actual CARP VIPs you go to Firewall > Virtual IPs then create a VIP of type CARP. That’s where you set the freq, skew, etc. > On Feb 28, 2015, at 7:18 AM, Vick Khera wrote: > > I must be totally blind here, but I cannot get to CARP configuration settings > on my 2.2 install. > >

Re: [pfSense] VIPs : CARP vs IP Alias

> On Mar 9, 2015, at 2:38 AM, Brian Candler wrote: > > On 09/03/2015 09:33, Bryan D. wrote: >> So, for what I'm doing, an IP Alias VIP seems like it should work where a >> CARP VIP works -- but it doesn't appear that a Proxy ARP VIP should, since I >> think I'm using them by the "firewall itse

Re: [pfSense] VIPs : CARP vs IP Alias

> On Mar 9, 2015, at 2:56 AM, Brian Candler wrote: > > On 09/03/2015 09:51, Bryan D. wrote: >> So it sounds like the IPsec and OpenVPN traffic would be such traffic? > IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp > 500 is, since it is received by strongswan/racoon

Re: [pfSense] VIPs : CARP vs IP Alias

> On Mar 9, 2015, at 3:01 AM, Bryan D. wrote: > > On 2015-Mar-09, at 2:43 AM, Chris L wrote: > >>> On Mar 9, 2015, at 2:38 AM, Brian Candler wrote: >>> >>> On 09/03/2015 09:33, Bryan D. wrote: >>>> So, for what I'm doing, an IP Al

Re: [pfSense] VIPs : CARP vs IP Alias

> On Mar 9, 2015, at 3:07 AM, Brian Candler wrote: > > On 09/03/2015 10:05, Chris L wrote: >>> Are you saying you want different clients' IPSEC tunnels to terminate on >>> different public IP addresses on the firewall WAN side? That I've never >>

Re: [pfSense] Setup Question - Routing

> On Mar 24, 2015, at 5:12 PM, Joseph H wrote: > > I have a buddy and he wants to use pfSense as his firewall to protect his > devices and also provide a gateway for customers. And he has asked me if I > know of a good way to set this up, so I decided to ask the list > > He has gotten a /24

Re: [pfSense] Setup Question - Routing

On Mar 24, 2015, at 5:46 PM, Walter Parker wrote: > > Using a chart like > http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf > you can see the different /28 and /29 subnets that exist on a /24 network. > > You would bind the .248/29 network to the WAN interface (u

Re: [pfSense] CARP sync of skew results in blank Status on backup router, breaking failover

> On Mar 24, 2015, at 9:47 AM, Steve Yates wrote: > > I'm going to start a new thread since I think this is a different issue. > > I have a rule to allow all IPv4 from PFSYNC net to PFSYNC net. That > network is on a VLAN with only those two interfaces on it. > > The failov

Re: [pfSense] best way to change WAN interface after migration

> On Apr 11, 2015, at 11:58 AM, Espen Johansen wrote: > > In the past I have edited a config backup and restored it. Maybe there are > better ways, but find and replace in a editor does the trick :-) > > Brgds, Espen Be careful you don’t match anything in any certificates and keys or other bas

Re: [pfSense] from LAN to OPT1, pfsense forces all http connections to https

> On Apr 19, 2015, at 12:50 PM, Bob McClure Jr wrote: > > Now I see why Shorewall has a fourth zone, the firewall. And I'm > surprised pfsense didn't provide access to the firewall config on some > non-standard port like 1080 or 8080 or something. You can set it to any port you want. System >

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

> On Jul 24, 2015, at 5:18 PM, Ted Byers wrote: > > On Fri, Jul 24, 2015 at 6:29 PM, Chris Buechler wrote: > >> On Fri, Jul 24, 2015 at 5:20 PM, Ted Byers wrote: >>> This is an external scan. We forward ports such as 443 and 22 to >> specific >>> Ubuntu machines. But both sshd and apache ha

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

On Nov 13, 2015, at 7:09 AM, David White wrote: > > I have a unique scenario: > > The higher ups require a multi-wan high availability setup, but assuming > both ISPs are working, some traffic is required to use 1 ISP and some > traffic is required to use the other. > > I've read in some pfSens

Re: [pfSense] Lost limiter config after upgrade

Yeah there’s a difference between the upgrade fails and the upgraded system just doesn’t work with limiters. It seems either traffic just doesn’t flow or limiters don’t limit. I am really looking forward to this being fixed. Until then, 2.1.5 rules the roost. It’s a pretty sad state. > On Dec

Re: [pfSense] changes made in web GUI not sticking, yet claims "saved".

Check that the users/groups do not have the User - Config:Deny Config Write privilege set. > On Oct 5, 2016, at 10:42 AM, Rodrigo Cunha wrote: > > Hello greg, send for this list a checksun this pfsense iso, i have pfsense > but i not have this problems. > I have pfsense 2.3.2 too, but i dont h

Re: [pfSense] pfsense + carp + ha

> On Nov 15, 2016, at 1:50 PM, Eero Volotinen wrote: > > same ports? you mean that same port assigment and nic can be different type? > > eero No. Hardware should be as identical as possible. 100% identical is best. If LAN is em0 on one side, it must be em0 on the other. > > 15.11.2016 11.

Re: [pfSense] pfsense + carp + ha

considered an available workaround to get you out of a jam until the real problem can be fixed. If it’s worth doing HA at all, it’s worth doing right. Use a matching set of HA nodes. > > 2016-11-16 7:14 GMT+02:00 Chris L : > >>> On Nov 15, 2016, at 1:50 PM, Eero Volotinen >&g

Re: [pfSense] Host Overrides in Services/DNS Forwarder not working until manual restart of DNS Forwarder Service

Maybe this: "Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS.” > On May 13, 2017, at 9:08 AM, Stefan Baur > wrote: > > Hi, > > I'm seeing this on 2.3.3-RELEASE and 2.3.4-RELEASE, not sure

Re: [pfSense] two GWs in WAN, correct static routes to second GW however deault is used and second GW ignored

Oleg - WAN interfaces (interfaces with a gateway set on them) are treated differently. The rule set forces all connections out that interface to a specific gateway (the interface gateway) with route-to. You can add floating pass rules on WAN in the outbound direction to the destinations on the

Re: [pfSense] two GWs in WAN, correct static routes to second GW however deault is used and second GW ignored

are > redundant than. > > Any thoughts about RIP/BGP/OSP routing if my second gateway advertise routing > tables? Do I need to add floating rules as well for advertised routes via > RIP/BGP/OSP? Or with EBFPd daemon it would be more flexible. > > > Thank you! > >

Re: [pfSense] static route issue

> On Jun 23, 2017, at 2:41 AM, Arjen wrote: > > > Hi, > > I sent email below a day ago but haven't seen it appearing in the list. Sorry > for the double post if applicable. > > best > Arjen. > > > Forwarded Message > Subject: static route issue > Date: Thu, 22 Jun 2017 0

Re: [pfSense] Multiple DMZs isolated from each other

> On Jun 26, 2017, at 5:27 PM, Jeppe Øland wrote: > > Well, at least that matches what I found: That I can't get connections to > the internet working without allowing everything else too. > > That seems like a pretty bad design... It would be much better to be able > to allow something to just

Re: [pfSense] IPsec NAT/BINAT not working

On Aug 22, 2017, at 8:09 AM, Kilian Ries wrote: > > Hi, > > > my setup is the following: > > > Site A: > > Lan: 192.168.100.0/24 > > Lan_IP: 192.168.100.1 > > Transfer: 10.2.81.0/24 > > Transfer_IP: 10.2.81.1 > > > Site B: > > Lan: 10.2.82.0/24 > > Lan_IP: 19.2.82.1 > > > I'm doing

Re: [pfSense] Multi-WAN and HA. Established connections through a not default gateway are broken when I disable CARP in the master unit.

> On Sep 27, 2017, at 12:43 PM, dayer wrote: > > 2017-09-27 20:29 GMT+02:00 Steve Yates : >>I'm not sure if I am following you correctly, but the WAN CARP IP has >> to be the same on both routers. So router1 has a WAN of a.a.a.a and CARP of >> a.a.a.b, and router2 has a WAN of a.a.a.c

Re: [pfSense] block DNS queries to external resolvers rule

> On Sep 30, 2017, at 5:38 PM, Antonio wrote: > > Hi, > > I tried to add the "block DNS queries to external resolvers" as > described here > (https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers > ) to my LAN config and noticed that traffic would not go anywhere on the >

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

> On Oct 11, 2017, at 12:54 PM, Adam Cage wrote: > > Dear people, I have pfSense 2.3 with Squid and Squidguard installed. > > I need a transparent proxy in order to let every cell phone that uses the > WiFi service, go to the web without any extra configuration...just go to > the web in a 100%

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

ce but you cannot get a standard “site blocked” page you just get broken SSL negotiations for blocked sites. The best thing to do, if you have pfSense Gold, is to watch the hangout from January 2017 "Squid, SquidGuard, and Lightsquid” This is all covered. > > 2017-10-11 16:56 GMT-03:00 Chr

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

> On Oct 19, 2017, at 8:36 AM, Adam Cage wrote: > > Dear Volker and others, > > If I just inspect on host name only, do I have to create a CA and > Certificate to install in the proxy server of pfSense anyway ??? > > Thnks a lot, > > ADAM You do have to create a CA and tell squid to use it b

Re: [pfSense] Multiple OpenVPNs (site to site) to one head end

> On Nov 22, 2017, at 9:34 AM, Ryan Coleman wrote: > > I want to pass the entire traffic from a few locations through one master. > > I have one site working. But when I try to connect the second site it kills > the first. > > I have IPSec for some basic network connections as a backup for t

Re: [pfSense] single pfsense to ha conversion

On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote: > > Well. is that really so hard? > > thinking to add carp ip addresses and switching them to main addresses by > editing xml backup and then restoring it to firewall.. > > I have same hardware (3* sg-8860). one for backup.. It depends on how c

Re: [pfSense] single pfsense to ha conversion

g sync to > replicate it to secondary.. > > I guess do whatever feels right then. > -- > Eero > > 2017-12-04 18:41 GMT+02:00 Chris L : > >> On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote: >>> >>> Well. is that really so hard? >>>

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

AES-GCM with all hashes disabled in the ESP/Phase 2. > On Dec 9, 2017, at 12:03 PM, Karl Fife wrote: > > You might try... > > (Wait for it) > > ...AES. > > > On 12/9/2017 4:02 AM, Eero Volotinen wrote: >> Hi, >> >> What is the best ipsec ciphers for aes-ni ipsec acceleration? >> >> Eero >

Re: [pfSense] Moving traffic between LAN & OPT1

> On Dec 23, 2017, at 9:10 PM, Matthew Hall wrote: > > I did run into various bugs involving interfaces != LAN. One common one is > that the other interfaces are missing a default allow rule for reaching > pfSense on 53/udp. This makes all your DNS requests fail and then it can seem > like n

Re: [pfSense] Moving traffic between LAN & OPT1

> On Dec 24, 2017, at 10:08 AM, Matthew Hall wrote: > > >> On Dec 24, 2017, at 9:45 AM, Chris L wrote: >> >> Not a bug. That is by design. Create the rules to pass the traffic you need >> to pass on OPTX interfaces after you create them. > > Tha

Re: [pfSense] Slow/impossible updates to 2.4?

> On Dec 27, 2017, at 6:41 AM, David Jenner wrote: > > I was finally able to update from the console. It took a total of one hour. > I have almost 200 megabits per second of wan connection, 51 MB of updates to > download. > > Similar behavior from Package Manager. It does not succeed in sh

Re: [pfSense] Open ports with OpenVPN tunnel

What are the Firewall > Rules on your OpenVPN tab and the OpenVPN assigned interface tab for the ExpressVPN connection? > On Jan 1, 2018, at 1:48 PM, Antonio wrote: > > Hi, > > I recently managed to get pfSense to run a OpenVPN connection with my VPN > provider (ExpressVPN). All traffic is

Re: [pfSense] Open ports with OpenVPN tunnel

80, 81, 443 actually arrives at your location and is responded to. That is highly doubtful. For an OpenVPN provider connection, which is essentially a WAN connection, you should have no rules (which is a default deny all) on the OpenVPN tab or the assigned interface tab. > Il 01/01/2018 21

Re: [pfSense] Squid crash: assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

> On Jan 8, 2018, at 8:39 AM, Eero Volotinen wrote: > > try removing squid package from package manager and then reinstalling. > > 8.1.2018 18.24 "Roberto Carna" kirjoitti: > >> Dear Eero, >> >> How do I have to remove Squid + config files in a good manner ? >> >> Squid I suppose by the pa

Re: [pfSense] IPSec not routing traffic over tunnel

> On Feb 9, 2018, at 5:25 AM, Mark Wiater wrote: > > > > On 2/9/2018 6:42 AM, Roland Giesler wrote: >> Ok, I'll try again with real (fake) addresses to make it better understood. >> >> WAN gateway: 197.212.127.194 (primary firewall interface), next hop >> gateway 197.212.127.193 >> >> Phas

Re: [pfSense] Port forwards don't work on one machine

> On Feb 11, 2018, at 11:12 AM, Marco wrote: > > 6) Packet capture: > >https://i.imgur.com/xT3qFXW.png What interface is that taken on? Take one on the interface the destination server is connected to (WLAN?) and test again. While you’re capturing also do another Diagnostics > Test Port

Re: [pfSense] Port forwards don't work on one machine

> On Feb 11, 2018, at 1:29 PM, Marco wrote: > > On Sun, 11 Feb 2018 20:46:41 + > "Joseph L. Casale" wrote: > >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris >> L Sent: Sunday, February

Re: [pfSense] 1:1 NAT - Packets not leaving WAN interface

> On Feb 15, 2018, at 7:29 AM, ad^2 wrote: > > Hello all, > > Objective - Connect to services from the Internet hosted on an internal > server assigned an RFC1918 address. > > pfSense version 2.4.2-RELEASE-p1 > > I have followed the instructions listed here - h_t_t_p_s:// > doc.pfsense.org/i

Re: [pfSense] Maximum CARP Addresses?

On Feb 15, 2018, at 11:35 AM, ad^2 wrote: > > Hello all, > > I read in the forum (h_t_t_p_s://forum.pfsense.org/index.php?topic=109346.0) > the 255 VHID limitation in CARP is no longer an issue in recent versions. I > cannot find any documentation to support it. > > I have a need to host a lot

Re: [pfSense] Limiters

> On Feb 15, 2018, at 9:22 AM, user49b wrote: > > Hi > > I currently have some limiters setup on my WiFi interface. > I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700 Kbit/s. > > So every IP (device) has 700 Kbit/s. > > I want to add a "global" limit on Wifi interface so

Re: [pfSense] Seeking local support/reseller

On Apr 2, 2018, at 4:32 PM, Ryan Coleman wrote: > > Jim, Ivork, et al Rubicon Employees on this list… > > My boss is looking for a regional support/reseller… is there a list of > authorized resellers and outside support providers? Might help if you told people where you are local to. https:/

  1   2   >