Re: [pfSense] FreeBSD on uFW

2016-06-01 Thread Ian Bowers
looks like there's some progress being made on getting pfsense running on netgate ufw https://www.reddit.com/r/PFSENSE/comments/4m07jm/pfsense_24dev_now_runs_on_ufw/ which also tells me it's new and perhaps incomplete at best. On Wed, Jun 1, 2016 at 11:21 AM, Vick Khera wrote:

Re: [pfSense] Cisco VPN

2016-04-21 Thread Ian Bowers
How/when is it failing? On Thu, Apr 21, 2016 at 10:01 AM, user49b wrote: > Hi > > Please could someone point me to some descent documentation. > I'm struggling to get IPsec VPN connection working to a Cisco VPN server > from behind pfSense. > > So I have a terminal server

Re: [pfSense] Very slow printing when 2 of pfSense on network

2013-10-23 Thread Ian Bowers
are both pfSense A and pfSense B on the same subnet? such that pfSense A is the default gateway for clients, but pfSense B is how they have to get to the printer? if this is the case, and both firewalls are on the same subnet, you're going to have issues. the A firewall will forward the

Re: [pfSense] cipher suites and NIST

2013-10-11 Thread Ian Bowers
On Fri, Oct 11, 2013 at 12:23 AM, James A. Donald jam...@echeque.comwrote: There is a smoking gun on one of random number generators. There is strong circumstantial evidence, reason for suspicion, on suggested Suite B. AES and SHA look to be fine, but using them gives the appearance to end

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-10 Thread Ian Bowers
On Thu, Oct 10, 2013 at 9:07 AM, Thinker Rix thinke...@rocketmail.comwrote: On 2013-10-10 15:55, Ian Bowers wrote: On Thu, Oct 10, 2013 at 8:17 AM, Alexandre Paradis alexandre.para...@gmail.com wrote: indeed, i vote to continue. Because you don't mind being overlooked by NSA doesn't

Re: [pfSense] Can pfSense be considered trusted? What implementations of VPNs can now be trusted?

2013-10-10 Thread Ian Bowers
On Thu, Oct 10, 2013 at 9:50 AM, Giles Coochey gi...@coochey.net wrote: Trying to get this back on-topic, I will change the subject however, to alleviate the issues the anti-tin-foil-hat-brigade have. (ps I am also top-posting on purpose as I believe the conversation below has near to no

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Ian Bowers
You got your answer of no a while back. But you're still talking. What are you going to do with the answer now that you have it? What's YOUR plan? -Ian On Wed, Oct 9, 2013 at 2:55 PM, Thinker Rix thinke...@rocketmail.comwrote: On 2013-10-09 20:16, Gé Weijers wrote: I think it's unlikely

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Ian Bowers
, or was it just a question you had that has since been answered? -Ian On Wed, Oct 9, 2013 at 4:14 PM, Thinker Rix thinke...@rocketmail.comwrote: On 2013-10-09 22:11, Ian Bowers wrote: You got your answer of no a while back. But you're still talking. What are you going to do with the answer now

Re: [pfSense] Cisco IPSEC configuration

2012-09-14 Thread Ian Bowers
...@khera.org wrote: On Wed, Sep 12, 2012 at 3:47 PM, Ian Bowers iggd...@gmail.com wrote: posting instructions on doing it could cause trouble. Trouble for whom? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo

Re: [pfSense] Cisco IPSEC configuration

2012-09-12 Thread Ian Bowers
This might be tough only because there are license issues. Technically the license for using the client software dictates you're not allowed to use it with anything but Cisco head end gear. While that may not stop people from using it with other gear, posting instructions on doing it could cause

Re: [pfSense] PF Sense Appliance on VMWARE 5.0 ESX

2012-08-21 Thread Ian Bowers
FreeBSD has historically had issues with the default clock timer. A clock that's not running right can screw with the machine's perception of time intervals, and thusly with CPU usage calculations. on the CLI run: sysctl kern.timecounter.hardware if the result is: kern.timecounter.hardware:

Re: [pfSense] VM woes

2012-08-21 Thread Ian Bowers
From my understanding, pfsense has a generally much different boot process than most unix boxen because of how it's been built. classical alterations may not function as expected. On Tue, Aug 21, 2012 at 2:43 PM, Matthew Patton mpat...@inforelay.comwrote: On Tue, 21 Aug 2012 13:25:51 -0400,

Re: [pfSense] Help in Configuring my pfsense 2.0 firewall for IPSec tunneling with a Cisco router ASA5505

2012-07-11 Thread Ian Bowers
What information precisely are you missing? -Ian Pro VPN Monkey On Tue, Jul 10, 2012 at 10:59 PM, Joseph Rotan joseph.ro...@gmail.comwrote: Hi, I'm configuring my pfsense 2.0 firewall to do tunneling with a remote Cisco Router ASA5505 and with the provided *VPN Device Host Information, *

Re: [pfSense] Help in Configuring my pfsense 2.0 firewall for IPSec tunneling with a Cisco router ASA5505

2012-07-11 Thread Ian Bowers
What information precisely are you missing? Or unsure on? Apologies, it's not completely clear from your email -Ian Pro VPN Monkey On Tue, Jul 10, 2012 at 10:59 PM, Joseph Rotan joseph.ro...@gmail.comwrote: Hi, I'm configuring my pfsense 2.0 firewall to do tunneling with a remote Cisco

Re: [pfSense] Encrypt Microwave Link?

2012-06-26 Thread Ian Bowers
Given the relatively low CPU power to perform encryption these days and still maintain wire speed, it's just not worth taking the risk of *not* encrypting. Wire-speed on fiber-optic links is much higher than you relate here. It's unlikely that any off-the-shelf pfSense box would handle

Re: [pfSense] can it be that having WAN on RFC1918 space fucks up site to site IPsec tunnel?

2012-06-01 Thread Ian Bowers
If you can paste some debugs from the Cisco side I could probably tell you where the issue is. debug crypto isakmp debug crypto ipsec term mon and paste when the failure or retransmit loop happens. -Ian On Fri, Jun 1, 2012 at 12:53 PM, Sean Cavanaugh millenia2...@hotmail.comwrote: How are

Re: [pfSense] can it be that having WAN on RFC1918 space fucks up site to site IPsec tunnel?

2012-06-01 Thread Ian Bowers
What people commonly think of as NAT is more correctly called dynamic PAT. 1:1 mapping of network addresses is static nat. Not trying to nitpick, just letting on why some people might be confused. One problem might be the identity check ISAKMP does. Your ID in ISAKMP is probably your private

Re: [pfSense] 2.01 / 2.1 - Email alerting on unsuccessful login ?

2012-04-26 Thread Ian Bowers
OSSEC can do just this sort of log scraping and can email you as an action. On Thu, Apr 26, 2012 at 3:52 AM, Olivier Mascia o...@tipgroup.com wrote: Hello all, Is there a mean to configure an alerting mechanism (email for instance) on unsuccessful login at the web admin interface? Same for

Re: [pfSense] THREAD HIJACK

2012-04-25 Thread Ian Bowers
Serves them right for hijacking! On Wed, Apr 25, 2012 at 9:26 AM, Giles Coochey gi...@coochey.net wrote: Just a note - When starting a new thread or question can you please not reply to an existing email and modify the subject. Some of us with threaded mail readers might be ignoring the

Re: [pfSense] DHCP server - on pfsense or on another box?

2012-01-05 Thread Ian Bowers
On Thu, Jan 5, 2012 at 2:05 PM, Ugo Bellavance u...@lubik.ca wrote: Hi, Seeking for opinions. We are currently using a CheckPoint firewall and are planning to change to pfSense. We currently have a RHEL VM that acts as DHCP server and the firewall acts as a DHCP relay. We have about 80

Re: [pfSense] anyone running snort?

2011-12-21 Thread Ian Bowers
On Wed, Dec 21, 2011 at 8:41 AM, Eugen Leitl eu...@leitl.org wrote: On Wed, Dec 21, 2011 at 02:38:32PM +0100, Eugen Leitl wrote: I'm getting a Warning: opendir(/usr/local/etc/snort/snort_10053_igb1/rules/): failed to open dir: No such file or directory in

Re: [pfSense] ipsec tunnel closes

2011-12-19 Thread Ian Bowers
On Mon, Dec 19, 2011 at 9:49 AM, Nick Upson n...@telensa.com wrote: I'm running 1.2.3 I have an IPsec tunnel to another site, which closes unless there is traffic I want it up 24/7 so I put a remote IP in the keep alive, automatically ping host section of the setup. It still behaves the

Re: [pfSense] ipsec tunnel closes

2011-12-19 Thread Ian Bowers
:03 AM, Nick Upson n...@telensa.com wrote: Nick Upson On 19 December 2011 15:00, Ian Bowers iggd...@gmail.com wrote: On Mon, Dec 19, 2011 at 9:49 AM, Nick Upson n...@telensa.com wrote: I'm running 1.2.3 I have an IPsec tunnel to another site, which closes unless there is traffic I

Re: [pfSense] four-interface embedded board for pfSense?

2011-12-16 Thread Ian Bowers
Sounds like Soekris might be right up your alley if you want physical interfaces. http://soekris.com/ . I've had a net5501 running openbsd for ages, its been one of my longest operating devices, and I've literally never had an issue with it. The net6501 is looking very appealing too. I ran

Re: [pfSense] Encryption domain?

2011-12-16 Thread Ian Bowers
On Fri, Dec 16, 2011 at 8:35 AM, Jim Pingle li...@pingle.org wrote: On 12/16/2011 8:06 AM, Ståle Johnsen wrote: 2011/12/16 Jim Pingle li...@pingle.org mailto:li...@pingle.org On 12/16/2011 5:43 AM, Ståle Johnsen wrote: We have an ipsec between pfsense 2.0 and a cisco system. The