On 2018-04-06 00:09, Bryan D. wrote:
On 2018-Apr-05, at 10:47 PM, Dave Warren wrote:
Cloudflare has pushed an update, and things seem to be working from here. For
those having issues, try again now?
Thanks for the "heads up." Works for me, also (i.e., on pfSense 2.2.6
con
On 2018-04-05 01:25, Bryan D. wrote:
On 2018-Apr-04, at 10:05 PM, Dave Warren wrote:
I can also confirm that 9.9.9.9@853 does work here which re-enforces that this
is a Cloudflare specific issue.
-
So it looks like the following config works on pfSense 2.2.6's unbound/DNS
Resolve
I'm running 2.4.3-RELEASE (amd64). I can't get it working here either
after a couple hours of poking at it on and off, it now looks like this
is actually a Cloudflare issue:
https://community.cloudflare.com/t/1-1-1-1-was-working-but-not-anymore/15136/4
"Thanks for the report! This is going to
Howdy!
Is there a way to firewall traffic based on the ASN?
The underlying reason is that we've recently enabled HE's tunnelbroker
which, for the most part, works great.
However we've run into certain services *cough*Netflix*cough* which
reject traffic sent through a HE tunnel. I'd like to r
There is an upcoming issue with Let's Encrypt using the standalone HTTP
server, and in fact it is already broken on the Let's Encrypt Test
environment.
In the near future Let's Encrypt will start performing multiple HTTP
verification calls from different origins to complete the validation.
However
For anyone else still having issues, it looks like the package was
updated November 16th.
On Sat, Nov 18, 2017, at 20:39, WebDawg wrote:
> Did you report this as a bug?
>
> On Thu, Nov 16, 2017 at 4:36 AM, Brian Candler
> wrote:
> > Trying to use the acme package with pfsense 2.4.1 and the LetsE
On Wed, Feb 22, 2017, at 10:23, Eero Volotinen wrote:
> The process will require 14 MiB more space.
>
> 73 MiB to be downloaded.
>
> Fetching php56-5.6.30.txz: .. done
>
> pkg: php56-5.6.30 failed checksum from repository
>
> something wrong with the packages?
I upgraded a couple pfSen
On Thu, Oct 13, 2016, at 20:41, Jim Thompson wrote:
> What should pfSense do in this instance?
Point taken about all the possible things that can go wrong and various
permutations from pfSense's perspective.
As a starting point for a generalized solution, isn't it possible to
read the hardware M
Howdy!
I'm building out a new pfSense box, but the NICs have not yet arrived
and I'm wondering how much configuration I can do in advance. My
configuration will be a quad port Intel NIC, two ports will be WAN ports
directly connected to a pair of modems, and the other two will be a LACP
LAGG group
100CAD on a 1U server from eBay that will
probably do more than I'll need for the immediate future. I'll probably
just buy Gold and call it a day.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense
On 2016-08-20 04:02, Jim Thompson wrote:
On Aug 20, 2016, at 3:10 AM, Dave Warren wrote:
On 2016-08-03 08:43, Steve Yates wrote:
I'm being serious but what is your rationale for not using pfSense's/NetGate's?
https://www.pfsense.org/products/
The "cheap" part (&l
ckage. Any old PC will do just fine if one adds an SSD but as someone pointed out
that may use far more power in the long run.
For me, it's the fact that I want to rackmount my gear, but $1,799.00 is
the cheapest option offered on pfSense.org that can rackmount.
--
Dave Warren
ht
e XML right now,
although if the data appears similar, it may be worth considering.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project w
be convenient if IP assignments didn't
need to change as this makes it easier to bring the new firewall up side
by side with the old one and transfer over relatively seamlessly.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejw
rname and proxy
the session forward if needed, or use a SSH tunnel to tunnel through to
the eventual destination.
This would obviously involve a lot more complexity than is available
from pfSense.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com
een spam)
But maybe that's just me.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
ll make a difference, and it only causes
issues on specific hardware, but if you capture and analyze the packets,
you'll see correct data was sent by the DHCP server.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
maintained, and does not work on any
modern version of pfSense.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https
making it configurable, nor should it be enabled by
default unless the guest network is enabled.
Ultimately I'm not unhappy with the overall performance of the unit, but
it's still not one I'd wholeheartedly recommend, mostly because of the
support experience.
--
Dave Warren
http
concerns me that support doesn't understand how it's a
potential issue. If you use it for NAT/routing/anything, does it listen
on the WAN interface, or only the LAN side?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
__
rably, both upstream and downstream,
but it did help.
Ultimately we just brought in a second pipe from the ISP and now we
route high-bandwidth users to that pipe and let them fight it out
amongst themselves. That has worked quite reliably.
--
Dave Warren
http://www.hireahit.com/
y that actually
applies that extension block list wasn't enabled. It is now.
Thanks!
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support t
duplicate every rule
with a "Or else just reject the above..."
It's functional, but a hassle.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/lis
On 2014-10-30 17:15, Jim Thompson wrote:
On Oct 30, 2014, at 3:39 PM, Dave Warren wrote:
Buy quality instead of junk?
<...>
Even a cheapo 30GB/60GB/whatever SSD is more than enough for pfSense and makes
a far more reliable solution than external flash.
I strongly disagree.SSDs h
se and
makes a far more reliable solution than external flash.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
On 2014-08-29 07:47, Jim Thompson wrote:
again, the CSS changed, and the browsers love to cache that stuff.
Not if the HTML that calls the CSS throws a version into the filename or
query, in which case there is no caching issues at all when the version
is incremented.
--
Dave Warren
http
o be clear, I'm wanting pfSense's DHCP server to register the IPs
in the appropriate upstream DNS server, not in the DNS forwarder as
in my configuration the DNS forwarder is not authoritative or in a
position to intercept queries)
--
Dave Warren
http://www.hireahit.co
t zfs
would give me a lot more resiliency here (but possibly not, perhaps
squid simply can't ever recover gracefully)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
other messages in this thread, it appears that it's harmless
and can be ignored since no zfs partitions are actually mounted, but the
error still appears.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing
xy level cache these days.
Or at least that was my experience when our office was stuck on a 3Mb
pipe instead of our usual dual 100Mb for a few months.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List m
without a DNS
server, then it will find itself unable to find pfsense.org to download
packages.
Ultimately the fix will be for pfSense to recognize unbound as a local
DNS server and add it to resolv.conf by default, similar to dnsmasq.
--
Dave Warren
http://www.hireahit.com/
http://
peer-supernodes-for-scalability-not-surveillance-717215/
it doesn't sound like Skype uses Supernodes anymore anyway, so that
probably isn't relevant.
(Also not a Skype expert, I just remember reading about it and went
Googling :)
--
Dave Warren
http://www.hireahit.com/
http://ca.li
r a set of "One size fits some" defaults, with only a
handful of the most common options directly exposed to the user.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
ht
ite nicely.
I'll check it out, thanks for the pointer.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
On 2014-05-30 09:54, Michael Hardrick wrote:
Graphs are usually rounded off to the 90th percentile (or similar).
Graphs of one-day, one-week, one-month, one-year will reflect more
of a relative percentage of the total bandwidth for the period.
A bit of rounding is fine, but we're not talking ab
th.php.png
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
want to stay there), so it makes me wonder if other lists could be
subject to the same "phantom" entries?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://li
is what makes pfSense awesome, and again, I
really appreciate all the feedback.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
On 2014-05-09 15:13, Jason McClung wrote:
On 5/9/2014 3:02 PM, Dave Warren wrote:
Anyone have experience with a Intel Pro/1000 PT Quad Port PCI-e
Gigabit Ethernet Server Adapter EXP19404PT on pfSense?
From wandering the forums it looks like it should be supported in
pfSense 2, but I can&#
else recommend a quad port that's available
at a reasonable price for a small deployment?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
doesn't come back up automatically.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
On 2014-05-03 00:49, Ermal Luçi wrote:
On Sat, May 3, 2014 at 12:14 AM, Dave Warren <mailto:da...@hireahit.com>> wrote:
Howdy!
A quick question, is it possible for one NIC to use a different
MAC address on a different VLANs?
Well FreeBSD supports this if ng_vlan
#3, or if I connect #3 to a
DHCP-assigned bridge on a different ISP, everything works. The IPs on
all three ranges are in different subnets, so there's no gateway
conflicts, as far as I can tell it's just the MAC address conflict.
Is there a better approach?
--
Dave Warren
modem is down completely.
*None meaning less than 1%, per RRD and a normal ping from a workstation.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org
On 2014-04-04 19:29, Chris Buechler wrote:
On Fri, Apr 4, 2014 at 9:13 PM, Peder Rovelstad wrote:
Worked for me on my home FW, but didn't reboot on own (I did receive mail
message that it would reboot in 10 sec). Power cycle brought it back on the
right slice. Looking good!
Did you inadverte
sfully unbound
attempts to connect.
Is there any harm in flipping unbound's IPv6 support off in the package?
Is there any reason to leave it on? Is it doing any harm?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
__
their
hardware.
This seems like a good thing to me, and arguably the whole point of
being open source and BSD licensed. Reading the other messages on the
list, this arrangement definitely seems mutually beneficial for both
pfSense and Netgate.
--
Dave Warren
http://www.hireahit.com/
http://
S DNS
resolution settings rather than (potentially) using it's own.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 2014-02-13 12:03, Muhammad Yousuf Khan wrote:
Yes i can ping, here is the result from web console Diagnostics>ping
Ping output:
PING 8.8.8.8
switch (and of course puts
us back to forwarding, rather than resolving locally, which is less than
ideal)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
1832-Curling is introduced to the U.S., giving Americans
a sport combining the surface of hockey with the
,
so I read up and found some directions that suggested setting it to the
OpenVPN tunnel itself.
I'll experiment once I'm back in the office and see what happens if I
change it to a WAN.
Thanks.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Light tra
orking again since I
commented out this validation in the PHP code, thereby allowing the
parameters to be saved and the connection to be updated.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Men are from Earth. Women are from
On 2013-11-28 14:23, Dave Warren wrote:
This is an issue again in 2.1... ?
Same scenario as before, I reconfigured an interface, rebooted, now
I'm getting "Cannot get data about interface em0_vlan4" on an
unrelated interface.
And here we are, got forced into another reboot
me to save changes and
successfully connect to the VPN.
While this code likely makes sense when setting up and OpenVPN server,
it should not apply when setting up an OpenVPN client.
Am I missing something or is this a bug?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/da
show nearly mirror images for the 2
interfaces.
I don't use SNMP here, but I see the same, RRDs appear to be accurate.
Oddly it's only some interfaces that double in the traffic graphs, but
not all.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com
On 2013-03-05 17:14, Dave Warren wrote:
On 3/5/2013 04:27, Jim Pingle wrote:
That's a known issue on 2.0.2, fixed on 2.0.3. Check the forum.
Thanks, I appreciate the info.
This is an issue again in 2.1... ?
Same scenario as before, I reconfigured an interface, rebooted, now I'
appened on all of my interfaces, but I'm 100% VLAN'd
here, my entire box runs on one single port.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.
arent proxy on port 80) and it happens with NNTP
connections which are not proxied.
RRD graphs look closer to being possible, and the WAN and LAN seem to
match roughly what I'd expect.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/d
hen we're under load.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
e were only using it because it did a
better job of splitting load across the two WANs, otherwise unbound
looks like a far better solution.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@li
on the net, or 2) You were just
protected against an attack.
Either way, everything worked the way it's supposed to. There's
absolutely no upside to disabling DNS rebinding attack detection unless
your networks are supposed to be interconnected and you are supposed to
be able to access eac
of a way to do this using layer7 filtering, at least at
this time, but someone else might chime in with a suggestion.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://li
ffic from that machine out via your VPN.
This may still be somewhat problematic as BitTorrent really does need an
inbound port opened as well, but that's between you and your VPN
provider. An external seedbox might be a better approach, along with the
VPN to handle other traffic.
--
D
it. pfSense is
rarely CPU-bound (unless you do a lot of high speed VPN connections or
proxying), but pfSense is latency sensitive and Hyperthreading might
actually increase latency very slightly.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com
the URL bar.
It's a longshot, but it's not outside the realm of possibility.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
traffic to the specific destination IP, are you able to confirm
that Outlook is attempting a connection at all or could this be an issue
on Outlook's side of things?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
great deal of success.
The only catch is that when one of the WAN interfaces' undergoes an IP
change, someone needs to manually update the pfSense load balancer.
Is there any way to specify an interface IP rather than hard-coding the
external IP for each interface?
--
Dave W
On 3/5/2013 04:27, Jim Pingle wrote:
That's a known issue on 2.0.2, fixed on 2.0.3. Check the forum.
Thanks, I appreciate the info.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
;s not entirely consistent, I'm in a multi-WAN environment, initially
my main WAN wasn't working, today it is and my second WAN (named "DSL")
isn't working.
Any pointers?
Chrome: 25.0.1364.97 m
pfSense: 2.0.2-RELEASE (i386)
--
Dave Warren
http://www.hireahit.co
but the new system will have a different NIC driver, so at a minimum, it
will rename the interfaces.
Can I search/replace the references in the XML file and/or are there any
other options?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedi
ck with the P4 until something better shows up.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
other pfSense members if you're using CARP. If you don't know what CARP
is and only have one firewall, ignore the setting completely, it does
absolutely nothing.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
On 3/14/2012 1:10 PM, Ugo Bellavance wrote:
I know it is less secure and creates load on the firewall and DNS
servers, but is it possible to create an alias to create rules, that
would allow one to deny traffic for hosts that has a PTR that contains
a string?
The short answer is no, at least
ot sure if I've understood the logic or not, am I in the right place?
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
nt part of the holidays banging my
head against it and the remote site was always reporting that my client
sent no username/password at all.
Oh well, it works now, thanks!
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/d
AM, Andrew Mitchell wrote:
Perhaps I am misunderstanding but could you setup a separate tunnel?
Peer to peer shared key as an example?
Andrew
On Tue, Dec 27, 2011 at 4:16 AM, Dave Warren <mailto:li...@hireahit.com>> wrote:
Does anyone happen to know if pfSense (2.x)'s OpenVPN
his requirement, and I'd like to move the VPN
connection from the desktop to the firewall level if feasible.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http
the network. It's
not perfect since some applications still cache IP addresses internally
(and don't respect TTLs) but most well-written applications rely on the
OS cache instead, so it works more than it doesn't.
--
Dave Warren, CEO
Hire A Hit Consulting S
your
original message, you said "If I block some websites..."
How are you attempting to block some sites? What else did you do to set
this up? If you aren't attempting to block "some websites" does
everything work as expected?
--
Dave Warren, CEO
Hire A Hit Consu
On 11/22/2011 5:11 PM, Jim Pingle wrote:
On 11/22/2011 7:45 PM, Dave Warren wrote:
Is there any way to tell pfSense that these entries should represent
interface IPs rather than hardcoding specific IPs?
I don't recall if we reject the syntax in the GUI, but I believe relayd
supports us
ies should represent
interface IPs rather than hardcoding specific IPs?
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
EASE since
the week it came out without difficulties.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
81 matches
Mail list logo
