Re: [pfSense] USB3 to ethernet adaptor

Op 2-5-2016 om 15:57 schreef WebDawg: > On May 2, 2016 1:56 AM, "Frans Meulenbroeks" > wrote: >> >> Hi, >> >> Has anyone experience using USB3 to ethernet adapters ? I need an extra >> interface but my HW (Intel NUC) does not have room for another card). >> Anything recommendable? >> >> Best regar

Re: [pfSense] IPV6 WAN/LAN routing

Op 20-4-2016 om 18:38 schreef Olivier Mascia: > Dear all, > > I must be tired or something but I have a strange thing with IPv6 on a new > box I just setup. > > Have a x:y:z:d800::/56 routed to me. > WAN is static IPv6 on x:y:z:d800::1/64, gateway is > x:y:z:d800::::: (not a nic

Re: [pfSense] 2.2.6 and IPv6 RA

Op 22-1-2016 om 12:15 schreef Antonio Prado: > On 1/22/16 11:02 AM, Seth Mos wrote: >>> on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 >>> not configured, pfSense starts advertising itself as IPv6 gateway on LAN >>> using its link-local addre

Re: [pfSense] 2.2.6 and IPv6 RA

Op 22-1-2016 om 8:53 schreef Antonio Prado: > Hi, > > on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 > not configured, pfSense starts advertising itself as IPv6 gateway on LAN > using its link-local address (fe80::/64). > > That's not the correct behavior I guess. > > Is

Re: [pfSense] Slow speed on 100Base TX full duplex.

Op 11-1-2016 om 14:46 schreef Muhammad Yousuf Khan: > em0@pci0:4:0:0: class=0x02 card=0x15d9 chip=0x10968086 rev=0x01 > hdr=0x00 > class = network > subclass = ethernet > em1@pci0:4:0:1: class=0x02 card=0x15d9 chip=0x10968086 rev=0x01 > hdr=0x00 > class = net

Re: [pfSense] Large amount of tunnels failing on 2.2.4 upgraded from 2.1.5

to stop around 150-200 entries. I've attempted to adjust the values in /etc/inc/vpn.inc but I don't think those relate to the lack of space for setkey to succeed. Has the kernel patch from FreeBSD 8.3 been ported to FreeBSD 10 for the increase in buffer size? Kind regards, Seth Seth M

[pfSense] pfSense 2.1.5 crashing

Hi, Just a heads up, this week we have had multiple 2.1.5 firewall on different hardware in different locations crashing hard and rebooting. These firewalls have been running for over a year before they rebooted, with no rule changes lately. Anybody else seeing these hard crashes with respect to

[pfSense] Large amount of tunnels failing on 2.2.4 upgraded from 2.1.5

in that respect. Still a shame that we missed 2600 calls just this morning because the network broke. Kind regards, Seth Mos ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Connect pfSense as client to a Hotel WLAN?

Chris Buechler schreef op 30-7-2015 om 8:55: > On Wed, Jul 29, 2015 at 7:59 PM, Ray wrote: >> Hi, >> >> I run pfSense on a few ALIX boxes, usually as tunnel end and as access >> point. When I can plug one of these machines into any (wired) network, I >> have easy access to my home network through

Re: [pfSense] Access Point Recommendations?

Karl Fife schreef op 23-7-2015 om 17:46: > Your point about having a one-off solution is a great one. Installing a > single UniFi AP would be unnecessarily complex. In a pinch I use the Linksys E2500 or EA2700 dual band wireless access points. Set a static IP, disable the DCHP server and connect t

Re: [pfSense] Improving OpenVPN performance

Chris Bagnall schreef op 1-7-2015 om 16:16: > Greetings list, > > I'm trying to improve OpenVPN performance on a site-to-site link I have > between 2 pfSense boxes. > > - upstream at each site is provided by a VDSL connection delivering > ~18Mbps You mean 18Mbps downstream? Not upstream? That

Re: [pfSense] Pfsense + Cloudflare

Roy Sandbergen - Webguru schreef op 30-4-2015 om 16:02: > Hi All, > > Does anyone have his site behind pfsense and cloudflare? > > I have the problem that my pfsense only see the ipadresses of the cloudflare > servers not the original ip of the client. Does anyone have a solution for > that pro

Re: [pfSense] 2.2-RELEASE now available!

d power on it eventually hung the network after half an hour or so. Due diligence. Regards, Seth Seth Mos schreef op 26-1-2015 om 11:12: > Chris Buechler schreef op 24-1-2015 om 3:24: >> Details on the blog: >> https://blog.pfsense.org/?p=1546 > > 2 Upgrades done so far, o

Re: [pfSense] 2.2-RELEASE now available!

Chris Buechler schreef op 24-1-2015 om 3:24: > Details on the blog: > https://blog.pfsense.org/?p=1546 2 Upgrades done so far, one had a different Architecture autoupdate URL, that one updated from AMD64 to i386, please don't do that. Also, I have issues with the Intel X540-2 10G card now, it's t

Re: [pfSense] Road Warrior open vpn

A Mohan Rao schreef op 22-1-2015 om 10:18: > someone more .. Are you sure that the devices on the LAN are using the same gateway as the pfSense machine, could be assymetric routing. Regards, Seth ___ pfSense mailing list https://lists.pfsense.org/mailma

Re: [pfSense] Road Warrior open vpn

A Mohan Rao schreef op 21-1-2015 om 11:30: > Hello, > > successfully configured Road Warrior OpenVpn also vpn client is > connected from remote area but not able to access server end LAN or > server's. Add firewall allow rules on the OpenVPN Server interface > > > Thanks > > Mohan > > > _

Re: [pfSense] 4 Byte ASN

Adam Thompson schreef op 8-1-2015 om 17:24: > On 15-01-08 10:02 AM, Seth Mos wrote: >> To clarify this a bit better. You speak BGP to your ISP from each >> pfSense node and generally use CARP as the router address on the >> internal side. You still need to exchange routes

Re: [pfSense] 4 Byte ASN

Bryant Zimmerman schreef op 8-1-2015 om 17:22: > > *From*: "Seth Mos" > *Sent*: Thursday, January 8, 2015 11:02 AM > *To*: list@lists.pfsense.org > *Subject*: Re: [pfSense] 4 Byte ASN > > J

Re: [pfSense] 4 Byte ASN

Jim Thompson schreef op 8-1-2015 om 16:52: >> On Jan 8, 2015, at 9:23 AM, Seth Mos wrote: >> >> You do not want to use CARP with with BGP in any situation. Each node >> needs it's own session with the remote BGP peer. You need to use iBGP >> between the nodes in

Re: [pfSense] 4 Byte ASN

Bryant Zimmerman schreef op 8-1-2015 om 15:28: > We are working on getting our own ASN with ARIN so we can get our own > blocks of address. > We are doing this because we are using multiple ISP's and want to > announce our own addresses, For better fail over. It's so much nicer then multi-wan, I d

Re: [pfSense] APU and SSD: full install or NanoBSD

Jim Thompson schreef op 30-10-2014 16:33: > >> On Oct 30, 2014, at 9:28 AM, Jeppe Øland > > wrote: >> >>> 3 year old Kingston SSDs are not like new Kingston SSDs. >> >> Agreed. >> >> On the other hand, I tend to distrust manufacturers that shipped >> completely unreliable

Re: [pfSense] LAN: IPv6 static configuration

Erik Anderson schreef op 10-10-2014 3:51: > Any thoughts on this? > > Unfortunately, all of the examples and documentation I can find on > IPv6 configures with pfSense are geared towards consumer-class > circuits using DHCP-PD, and I've not found anything about proper > static configuration. Well

Re: [pfSense] v2.1.5: OpenVPN + IPv6. Any success?

Erik Anderson schreef op 16-9-2014 6:32: > I recently got IPv6 turned up on my Comcast cable circuit. They're > delegating a /60 to my router. I have successfully configured > interface tracking on the LAN interface and that is working great. > > Next, I'd like to get the OpenVPN server configured

[pfSense] Upgrade from 2.1 to 2.1.3 RA misses subnet

Hi, Maybe it was just my install, but when I upgraded from 2.1 to 2.1.3 the RADVD settings changed. I did not explicitly setup a subnet to announce for radvd, it previously just picked up the interface subnet. I was wondering where my IPv6 went off to. Kind regards, Seth ___

[pfSense] Problems with gateways on IPv6 Tunnels?

Hi, I just upgraded to 2.1.3 at home and tried to switch my IPv6 default gateway around. Unfortunately, when I try to set my HE.net tunnel gateway as the default it throws an error that the gateway address is not in the interface subnet. I’ve set the prefix length in both the GIF interface se

Re: [pfSense] Bogon List

On 22-5-2014 22:11, Paul Galati wrote: > Hello all, > > I have a user that is coming in from 216.14.x.x and is getting stopped at the > firewall by the bogonimator. I tried looking for an accurate list of the IPs > still on the list but all the lists I found does not have this number listed. >

Re: [pfSense] ICMPv6 filtering recommendations with pfSense?

On 21-5-2014 9:11, Olivier Mascia wrote: > Le 14 mai 2014 à 03:37, Chris Buechler > a écrit : > >> > IMO, I agree that it's best to let ICMP flow free on IPv6. ICMP >> has had >> > a bad reputation for a long time, and it's mostly undeserved in >> recent >

Re: [pfSense] vzw uml290

On 18-4-2014 0:49, Ryan Coleman wrote: > I’ve found many devices do not honor this. +1 There is a AT command to reset the device, but this has the unfortunate side effect that it can cause FreeBSD to kernel panic. I noticed this when I was working on the 3G support. Regards, Seth > > > On Ap

Re: [pfSense] pfSense 2.1.2 is released

On 15-4-2014 7:41, Chris Buechler wrote: > On Sun, Apr 13, 2014 at 7:33 AM, Doug Lytle wrote: >> Jim Thompson wrote: >>> pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less >>> than a week after pfSense release 2.1.1, and is primarily a security >>> release. >> >> Okay, >

Re: [pfSense] Remote office redundancy

On 9-4-2014 16:50, Vick Khera wrote: > I just dug up this old thread to implement IPsec and OpenVPN failover > coming to my main office from a remote location. The main office > already has a gateway group for the two different ISPs, so my first > step is to set up a dynamic DNS for it. > > This i

Re: [pfSense] IPSEC bug in 2.1

On 12-12-2013 10:48, Jon Gerdes wrote: >> There exists an IPSEC bug in pfSense 2.1 >> >> When the router's modem is restarted, the IPSEC tunnel fails to come back >> up. The problem exists if you have IPsec tunnels with the hostname, the reload process fails to reload the firewall filters so

Re: [pfSense] naive suggestion: conform to US laws

On 11-10-2013 11:57, Adrian Zaugg wrote: > Dear all > > After having read the whole NSA thread on this list, it came up to my > mind that pfsense web GUI could declare itself "conform to US laws" upon > the point when there are known backdoors included or otherwise the code > was compromised on pr

Re: [pfSense] naive suggestion: conform to US laws

On 11-10-2013 11:57, Adrian Zaugg wrote: > Dear all > > After having read the whole NSA thread on this list, it came up to my > mind that pfsense web GUI could declare itself "conform to US laws" upon > the point when there are known backdoors included or otherwise the code > was compromised on pr

Re: [pfSense] rrd error after upgrade to 2.1

On 8-10-2013 14:05, Warren Baker wrote: > On Mon, Oct 7, 2013 at 4:04 PM, İhsan Doğan wrote: >> Hi, >> >> Since I've upgraded to 2.1 rrd graphs stopped working and I'm getting >> this error in the system log: >> >> php: /status_rrd_graph_img.php: Failed to create graph with error code >> 1, the er

Re: [pfSense] RRD traffic lost after 2.0.3 -> 2.1

On 7-10-2013 21:23, petes-li...@thegoldenear.org wrote: >> What you can try is dumping the old 2.0 config with RRD data, and then >> restore that after upgrade. Try that. >> >> It should also retrigger a config upgrade at that point and upgrade the >> databases. > > Thanks for your suggestion. I t

Re: [pfSense] RRD traffic lost after 2.0.3 -> 2.1

On 1-10-2013 11:45, petes-li...@thegoldenear.org wrote: > Additionally, I'm now seeing this in the log: > > php: /status_rrd_graph_img.php: Failed to create graph with error code 1, > the error is: ERROR: No DS called 'inpass6' in > '/var/db/rrd/wan-traffic.rrd'/usr/bin/nice -n20 /usr/local/bin/rr

Re: [pfSense] RRD traffic lost after 2.0.3 -> 2.1

On 1-10-2013 9:47, petes-li...@thegoldenear.org wrote: > Hi. After upgrading 2.0.3 to 2.1.0 on an x86 full install, RRD Graphs -> > Traffic says "There has been an error creating the graphs. Please check > your systemlogs for further details." > > This is from the log: > > php: rc.bootup: The com

Re: [pfSense] IPv6 - Subnetting/Routing with HE?

On 30-9-2013 10:53, Chris Bagnall wrote: > On 30/9/13 7:56 am, Seth Mos wrote: >> I finally bit the bullet and signed up for PI space with a ASN and >> hopefully that's that. > > Worth mentioning here that no more IPv4 PI ranges will be allocated - at > least

Re: [pfSense] IPv6 - Subnetting/Routing with HE?

On 27-9-2013 18:13, Adam Thompson wrote: > I firmly agree with previous posts that outline why this allocation > policy is suboptimal. > However, I do *not* want to be renumbering my IPv6 hosts down the road > simply because I wanted to be the most efficient guy on the block. Nor > do I want to b

Re: [pfSense] 2.1 on WRAP

On 20-9-2013 9:45, Odette Nsaka wrote: > First of all, thanks to the developers for the new fantastic 2.1 release. > > > > I've been using Alix by PC Engines (WRAP's successor) succesfully for a > lot of time. I was just wandering about PC Engines not releasing new > versions of Alix. > > And

Re: [pfSense] 2.1 on WRAP

On 19-9-2013 15:22, Ugo Bellavance wrote: > Hi, > > My old PC Engines WRAP is still surviving, and I'd like to install 2.1 > on it. Are these instructions still valid for 2.1? > https://doc.pfsense.org/index.php/NanoBSD_on_WRAP > > Anyone built a WRAP-compatible image for 2.1? There is a nasty

Re: [pfSense] Optimal Setup

On 19-9-2013 11:52, Joseph W. Joshua wrote: > Hello all, > Currently, my internet comes in through a linksys router, in which I have set > up the above rules. However, we would like to introduce a proxy server, and > also internet use monitoring and banning of excessive users. Squid with ldap o

Re: [pfSense] captive portal with sms for registration

On 18-9-2013 10:54, budi wibowo wrote: > Hi > have situation like this: > - user register via web portal and password sent via sms > any module in pfsense for this? > as i used before the captive portal not have registration page Not impossible to do if there is a 3G dongle connected to pfSense. Y

Re: [pfSense] pfSense and Cable Modem Throughput

On 13-9-2013 15:43, Adam Piasecki wrote: >> List mailing list >> List@lists.pfsense.org >> http://lists.pfsense.org/mailman/listinfo/list > I've checked all my ports, i highly doubt it's anything but the wan > port, because my old Ethernet circuit that can push around 20mbs never > has a problem, w

Re: [pfSense] pfSense and Cable Modem Throughput

On 12-9-2013 19:16, Bas van Dieren wrote: > Greetings, > > Most cable providers rate limit only when there are too many states at high > speeds. It clould be a combination of the two. > I know at least 2 cable providers who rate limit (drop packets) when you have > over 5k of sessions at 1Gbit

Re: [pfSense] pfSense and Cable Modem Throughput

On 12-9-2013 17:28, Adam Piasecki wrote: > First I'm almost certain this is a cable modem/provider problem. We have > a 20mb ethernet circuit that works fine with the same pfSense. > > We upgraded to a 100/10mb cable modem, when we put this on the WAN of > the pfsense, we are getting major packet

Re: [pfSense] insert a pfsense box to handle high network load (botnet attack)

On 6-9-2013 2:56, Roberto Nunnari wrote: > Hi all. > > I have a problem with my home internet connection. Aha! > My vdsl router gets on the wan interface about 40-50 requests per second > on port 80 and when I configure it so that it forwards that traffic to > my web server, the router can't bea

Re: [pfSense] A unique problem requires a unique solution. PFsense behind shorewall

On 5-9-2013 13:09, Asim Ahmed Khan wrote: > Hi, > > Let me first briefly explain my setup. I have redundant internet link > from two ISPs. Before pfsense, I was using two gateway boxes. One for > each internet link. Each box is CentOs, with Shorewall + Squid. I have > certain rules imposed on each

Re: [pfSense] Dibbler-client PD under PfSense

On 31-5-2013 10:58, Slawomir Kosowski wrote: > Hi Tomasz, > > PfSense/BSD dev team: any idea when/if prefix assignment (delegation) > for other interfaces will be available in BSD (PfSense) [Figure 4 page > 18 dibbler-user manual] ? That already works? On the LAN interface you enter prefix id 0,

Re: [pfSense] pfSense as a datacentre router (was: dual ISP BGP)

On 29-5-2013 11:05, Chris Bagnall wrote: > On 29/5/13 9:39 am, Eugen Leitl wrote: >> Which hardware are you using? If you're pushing 5 GBit/s you >> might be running into hardware limitations. There was a thread >> about it on nanog a week or two ago. > > I'm quite impressed Mikrotik hardware is a

Re: [pfSense] Dibbler-client PD under PfSense

On 29-5-2013 10:56, Slawomir Kosowski wrote: > I've tried to do that, but it does not get the address. It can be due > to the fact that online.net does not know how to do IA *and* PD > (putting both in dibbler-client does not work), shared feedback from > https://www.klub.com.pl/lists/dibbler/2013-

Re: [pfSense] Dibbler-client PD under PfSense

On 29-5-2013 10:13, Slawomir Kosowski wrote: > Thanks for your reply. > Following the advice, we've configured WAN in SLAAC, and then tried to > do track interface on LAN, but there was no interface in roll-down menu. > Not sure why (probably done something wrong - what ?). > Isn't it caused by fu

Re: [pfSense] dual ISP BGP

On 28-5-2013 1:13, Zach Underwood wrote: > Thanks for your help. I have made the change from -all to -self and > emailed the ISP to see if that fixed it. As far as optimization is I > will look into it. Right now we have large blocks many /24 that are not > in use at this time. We dont want to adve

Re: [pfSense] Remote office redundancy

On 23-5-2013 17:17, Peter Milazzo wrote: > Hi All, > > I have a remote office running version 2.0.3 with a T1 that has been > stable for years and recently added a Cable connection on a second WAN > port for faster web browsing etc... both connections are setup for > failover. There is also an IPs

Re: [pfSense] Need advise or best practice for pfsense NAT

On 22-5-2013 6:27, Makara wrote: > Hi List, > > We are using pfsense for NAT purpose, around 1000 customers concurrent > and the bandwidth is around 500MBPS. We have problem the pfsense is > stuck around 1 or 2 week always. > > HW: Dell Optiplex 7010 > OS: Pfsense 2.0-RC3(We downgrade the latest

Re: [pfSense] SOHO Router for VPN to pfSense

On 29-4-2013 16:01, j...@millican.us wrote: > On 4/29/2013 9:35 AM, j...@millican.us wrote: >> Hello, >> Thank You, >> JohnM > Forgot to add that I have been looking at the Buffalo WZR-300HP. Any > opinions? We almost exclusively use Draytek Vigor routers with IPsec tunnels and pfSense. We use De

Re: [pfSense] Shell Logout time

On 26-4-2013 10:48, Odhiambo Washington wrote: > I am using ShellGuard as the ssh client. My ssh sessions don't time > out with other hosts except my pfSense box. My pfSense box is > connected to the same switch as my workstation PC so I am lost as to > what causes these timeouts. BTW, I think it's

Re: [pfSense] Dandy pfSense appliance

On 25-4-2013 11:39, Odhiambo Washington wrote: > Hi Seth, > > Did you install pfSense (or other OS) in these? I am looking for how > to connect the Display:) pfSense 2.1 with serial console. > > On 25 April 2013 11:53, Seth Mos wrote: >> On 25-4-2013 10:42, Odhiambo

Re: [pfSense] Dandy pfSense appliance

On 25-4-2013 10:42, Odhiambo Washington wrote: > Hi Seth, > > Any pointers to these Intel Atom boards with dual NICs?? Gigabit or > otherwise, I think I am looking for something like that. I see the Lexcom Brik with 4x lan. Or a Lanner LEC2055 http://www.lannerinc.com/DM/LEC-2055_DM.pdf We use a

Re: [pfSense] Dandy pfSense appliance

On 25-4-2013 10:30, Odhiambo Washington wrote: > What I meant with high specs is to do with CPU, Disk Storage and RAM. > Why? For instance in the particular case I went to address, there was > a DDoS issue. Some app installed on one of the computers on that LAN > was sending millions of HTTP GET r

Re: [pfSense] Dandy pfSense appliance

On 24-4-2013 20:18, Chris Bagnall wrote: > On 24/4/13 7:05 pm, Mathieu Simon wrote: >> Depends what you think about "high specs" many 1 GE ports or even 10 GE, >> lots of cores etc? > > FWIW, we've been using the ALIX boards for several years, and despite > their apparently "low spec", they'll hap

Re: [pfSense] help

On 24-4-2013 18:24, Chris Bagnall wrote: >> Some ISPs that are particularly stingy with IPs and bad at routing have >> been doing this. > > I might be missing something, but it does seem like a pretty awful, and > at best very temporary 'solution' to IPv4 shortage. > > I must admit if I were the

Re: [pfSense] native IPv6 static

On 2-4-2013 23:58, Fuchs, Martin wrote: > have an installation in suisse with native IPv6 with a /48 net. > > It's needed to configure it with static IPv6 on the WAN interface, i too can > ping the externam WAN IPv6 address. The ISP should have set up a static route for the delegated /48 to the

Re: [pfSense] pfsense reload config.xml problems

On 27-3-2013 2:43, Simon tiong wrote: > Dear All, > > I am Simon from Malaysia. > I faced a error, which I manually edit the config.xml, and my concern is > without any reboot firewall needed. > Basically I changed, the IP address for my LAN Interface from 10.2.28.1 > to 10.10.10.1. > > I have co

Re: [pfSense] pfsense restore config.xml problems

On 27-3-2013 3:23, Bryant Zimmerman wrote: > I am having issues with 2.0.2 when restoring my config it crashes on > reboot and kills the install. > > It can be recreated here is how. > > Install 2.0.2 to a usb flash using the embedded mode option. > (Run CD or USB installer selected embedded.) >

Re: [pfSense] HA and bgp

On 20-3-2013 0:29, Zach Underwood wrote: > I am setting up a pair of pfsense servers in front of a web hosting > setup. I have two firewalls, two network switches(layer 3 stacked), and > two isp links using BGP. I plan on using OSPF on the network switches to > pass the routeing tables to pfsense.

Re: [pfSense] Blocking Websites

On 1-3-2013 22:44, Kevin Hayes wrote: > Hello, > > > > I am trying something that I thought would be fairly simple but is > turning out to be more confusing than I had hoped. > > > > We have several computers that are considered critical and I would like > to block the internet except for a

Re: [pfSense] Fwd: Congratulations to Germany, Netherlands and Portugal ; -)

On 13-12-2012 22:24, Jim Thompson wrote: > > On Dec 13, 2012, at 12:10 AM, Seth Mos wrote: > >> This is going to become such a fragfest in 2012. > > 2013? That too, well, Since UnityMedia in Germany is already deploying DS-lite to end users is this not effectively alr

Re: [pfSense] update 2.1-BETA1

On 13-12-2012 15:30, Chris Buechler wrote: > On Thu, Dec 13, 2012 at 8:25 AM, Eugen Leitl wrote: >> >> I had a hang with 2.1-BETA1 (i386) update to 2.1-BETA (amd64) (on >> Intel D510) which I solved by a reset. The upgrade seems to have >> succeeded, though. >> > > Changing architectures via upgr

[pfSense] Fwd: Congratulations to Germany, Netherlands and Portugal ; -)

Hi, Looks like our IPv6 support is already behind, this German cable internet ISP is rolling out DS-lite which we don't have. Maybe we should just target native IPv6 support? Not sure on there, DS-lite is native IPv6 with tunneled IPv4 (similar to gif) but with added brains iirc. I need to rea

Re: [pfSense] firewall rules: destination host or network

Op 18-9-2012 8:23, Vieri schreef: Hi, I'm having trouble understanding a very simple concept. Suppose I have several interfaces, eg. lan, wan, dmz, corp2. Most public IP addresses are in 'wan' but some may be accessible through 'corp2'. Let's say I would like to add a firewall rule for a speci

Re: [pfSense] Android VPN with pfSense

Hi, Op 8 sep 2012, om 09:29 heeft Chris Bagnall het volgende geschreven: > I've used PPTP without any difficulty connecting from Android devices to > pfSense in the past. > > I'll leave others to discuss the relative security merits of each (but yes, > L2TP by itself will not encrypt). If yo

Re: [pfSense] pfSense PPPoE server suitable for service providers?

Op 5-9-2012 23:19, Chris Bagnall schreef: - IPv6 support - is the PPPoE server ready for v6 in the latest 2.1 snapshots? Not yet, we don't list PPPoE servers yet for DHCPv6 and RA servers, which you'll need. It's pushed to 2.2, since it's a great bulking load of work to get right. Cheers,

Re: [pfSense] Using pfSense to route inbound traffic via Domain Name instead of IP

Op 26-7-2012 5:01, Moshe Katz schreef: On Wed, Jul 25, 2012 at 10:24 PM, Joseph Hardeman mailto:jharde...@cirracore.com>> wrote: There isn't really any built-in way to do this. What you really want is a reverse-proxy server (which could or could not be running on the pfSense box). However, y

Re: [pfSense] pfSense 2.0.1-RELEASE, Restoring partial config.xml does not work

Good news. Support for just that and a few other items have been included in pfSense 2.1 Regards, Seth Stefan Baur schreef: >Am 23.07.2012 15:10, schrieb Oliver Hansen: >> Hi Stefan, I can't be sure but I think I have run into this before. Have >> you tried uploading a config with ONLY those pa

Re: [pfSense] Routing stops momentarily and then recovers - How do I diagnose

Remember that your isp can have routing issues too. Im afraid this is not limited to pfsense. Ive had my shares of weird routing glitches where a upstream bgp router lost significant parts of the internet. This is not something ypu could work around short of having your own bgp router with mul

Re: [pfSense] wan interface losing ip address

Op 18-7-2012 0:30, b...@bitrate.net schreef: Jul 17 07:55:30 gw1 kernel: ue0: link state changed to DOWN Jul 17 07:55:30 gw1 kernel: ue0: link state changed to UP I see a few occasions of your ethernet link flapping, could be a modem rebooting or something else, bad cable, maybe. Although it s

Re: [pfSense] DHCP Issue

That is a general and very common issue related to failover dhcp. I remember it being one of the limitations of the isc dhcp failover. Maybe the newer 4.2 in pfSense 2.1 is any better. Do not know. Maybe existing clients will get their lease approved, but new clients will not. That is just a hy

Re: [pfSense] Forwarding Protocol 41 for 1:1 IP Addresses

Good question, Op 27 jun 2012, om 20:53 heeft Yehuda Katz het volgende geschreven: > I would like add a HE IPv6 tunnel to two of my servers without adding a > tunnel for the whole network. > I was looking at adding an option for each 1:1 to forward protocol 41 just > for that public IP. (maybe

Re: [pfSense] Possible bug in gateway monitoring in 2.1 snapshot (Sat Jun 16 08:16:08 EDT 2012)

Hi, Op 22 jun 2012, om 04:30 heeft Moshe Katz het volgende geschreven: > On Wed, Jun 20, 2012 at 4:50 PM, Jerome Alet wrote: > Hi there, > > While playing with gateways and monitoring alternative IP addresses, > I've noticed a problem. > > When you add an alternative IP address to monitor, a s

Re: [pfSense] Question about failover setup

Op 20-6-2012 5:34, Jerome Alet schreef: Hi, On Tue, Jun 19, 2012 at 08:35:38AM +0200, Seth Mos wrote: Op 18-6-2012 23:26, Jerome Alet schreef: So now that I'm trying to replicate the OpenBSD configuration on my pfSense 2.1 boxes, I'm wondering if I really need 3 distinct IP address

Re: [pfSense] Question about failover setup

Op 18-6-2012 23:26, Jerome Alet schreef: Hi there, So now that I'm trying to replicate the OpenBSD configuration on my pfSense 2.1 boxes, I'm wondering if I really need 3 distinct IP addresses on each vlan and what are the consequences of using only one on the carp interface ? For pfSense you

Re: [pfSense] CARP with public IP's and managed GW

Not with bridging, no. Cheers, Seth Op 12 jun 2012, om 23:55 heeft bsd het volgende geschreven: > Hello, > > > I have an ISP which is providing me a bloc of public IP's /27and a GW > (managed GW inside the given bloc). > Generally in order to filter in such situation, I create a bridge on t

Re: [pfSense] radvd config generation appears broken in current snapshot

Op 7-6-2012 22:13, Nathan Eisenberg schreef: I just gitsync'ed my install and it doesn't show what you see, try and edit the dhcpv6/ra entry and see if that resolves the issue. Gitsync'ed again - no change. On the dashboard, I now get this under Version: 2.1-BETA0 (i386) built on Wed Jun 6 0

Re: [pfSense] radvd config generation appears broken in current snapshot

Hi Nathan, Op 7 jun 2012, om 20:53 heeft Nathan Eisenberg het volgende geschreven: > Note that there's no interface specified. Editing the file to say em1 fixes > the issue but changes are wiped out when the new config is generated. I > temporarily worked around the issue by changing line 115

Re: [pfSense] High interrupt load on LAGG with LACP

Op 5-6-2012 3:53, Glenn Kelley schreef: Good to know. For us we just need 100-300mbps in the sky (literally 300 foot up a tower) The soekris net6501 may be a good fit, it can do PoE iirc. It's a 600-1.6Ghz Intel Atom. I've benchmarked the faster Intel Atom 1.8 Dual core in a Lanner Inc FW7

[pfSense] HEADSUP: 2.1 snaps currently broken

Under investigation, please hold off. More later. Seth ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Duplicate icmp echo

Hi, Op 1 jun 2012, om 23:03 heeft David Miller het volgende geschreven: > I have pfsense 2.01-release, built Mon Dec 12 17:53:52 EST 2011 running on a > soekris 6501. > > The WAN port is seeing duplicate icmp echo requests, and it happens > bi-directionally: > tcpdump run on the pfsense box sh

[pfSense] pfSense 2.1 gateway naming changes

Hi, On pfSense 2.1 we name the gateways a little bit different now and we never saved the actual IP version in our gateways causing all sorts of double entries and other fun. That field is now added on the gateway edit page. So if you see double entries because of dynamic interface you shoul

Re: [pfSense] modern hardware selection

Op 29-5-2012 15:50, Vick Khera schreef: Also, I have three IPsec VPNs connecting to other data centers and the main office, which need to push at peak 40Mbps for a couple of hours a day during backups. I use Dell PowerEdge 860 servers with a Core i3 3.2Ghz and I can flatten my 100mbit pipe wit

Re: [pfSense] pfsense on sun v100 server

Op 10 mei 2012, om 22:09 heeft Tim Nelson het volgende geschreven: > - Original Message - >> I was not aware of the fact the OpenBSD runs natively on Sun Server >> with SPARC architecture. >> It's because i bought the V100 few months ago, so that's why i would >> like to integrate it,...a

Re: [pfSense] OpenVPN: offsite configuration

Hi, To make sure things stay working as it is. I have a hostname in the remote access list so that even if the main office needs to relocate (DR) i can still access the remote machine. I also ship routers with a dyndns name that every now and then will turn up a rfc1918 ip but i can still see

Re: [pfSense] pfSense "product support lifecycle"?

Op 24-4-2012 10:59, Chris Buechler schreef: On Tue, Apr 24, 2012 at 4:54 AM, Stefan Baur wrote: Uh, don't get me wrong, I'm all for timely updates that fix security issues. I just don't want to drag fancy stuff along that I don't need. And at present, that's what full IPv6 support is for m

Re: [pfSense] pfSense "product support lifecycle"?

Op 24-4-2012 9:13, Stefan Baur schreef: Hi list, The thing is, I rolled out 2.0.1 (upgrading from 1.2.3) between November 2011 and February 2012, IIRC. I'd prefer to stay on 2.0.1 for a while, as I don't need the IPv6 features of 2.1 just yet. I'm just wondering how long after June 6, 2012 it

Re: [pfSense] Pfsense Ipad / Iphone - Android - Smartphone App

Op 23-4-2012 16:28, justino garcia schreef: Hi Group, I noticed Checkpoint, Cisco, Sonicwall, and bunch of other firewalls have a App for SmartPhones and Tabelts. Any idea for Pfsense, IPSEC ssl vpn app??? I would like simple setup for vpn Thanks, There is a OpenVPN app in the works for Android

Re: [pfSense] Upgrade 2.0.1 to 2.1

Op 23-4-2012 14:30, Chris Bagnall schreef: Are there any plans to incorporate something like NAT64 (or another 4-to-6 translation method) to allow v6-only networks? Yes, for 2.2 at it's earliest. There is a patch for pf in OpenBSD in circulation but that's not useful right now. http://redmin

Re: [pfSense] Upgrade 2.0.1 to 2.1

Op 23-4-2012 11:02, Eugen Leitl schreef: On Sun, Apr 22, 2012 at 10:54:51PM -0400, Chris Buechler wrote: On Sun, Apr 22, 2012 at 10:47 PM, Drew Lehman wrote: Apparently the Git option is not longer valid to upgrade 2.0.1 to 2.1 since so much has changed. Does anyone know if there is an upgrad

Re: [pfSense] IPv6 configuration in a delegated /64

Op 23-4-2012 9:53, bsd schreef: Le 23 avr. 2012 à 07:38, Seth Mos a écrit : So do you think I could manage to have a full IPv6 support on LAN by using DHCPv6 on WAN ? How would you manage to achieve this ? If you want to use DHCP6, select it on the WAN, Select a Prefix Delegation size

Re: [pfSense] IPv6 configuration in a delegated /64

Hi, Op 23 apr 2012, om 00:38 heeft bsd het volgende geschreven: >> If the CPE has a bridge mode you could configure the WAN in pfSense and >> configure the delegated /64 on your lan. Theoretically. > > The CPE has a bridge mode (which I am using since a very long time for IPv4), > It allows m

Re: [pfSense] IPv6 configuration in a delegated /64

Hi, Op 22 apr 2012, om 22:03 heeft bsd het volgende geschreven: > Hello my friends, > > > My ISP is providing a full /64 network which looks similar to > 2a01:e35:2436:7e20::/64 That's the limitation you get with the Free.fr, they only subnet a single /64. That means it's impossible to put

  1   2   >