Re: [pfSense] Is pfSense the Best Open Source Firewall/IDS/IPS in the World?

On Fri, May 25, 2018 at 4:56 AM, Turritopsis Dohrnii Teo En Ming < tdteoenm...@gmail.com> wrote: > Questions are: > > (1) Is pfSense, coupled with Snort IDS, the best open source > firewall/IDS/IPS in the world? > It is my preferred one, for sure, and I have used it for multiple office locations

Re: [pfSense] memstick-2.4.3-RELEASE-amd64.img debugflags needed for ZFS

On Wed, May 23, 2018 at 4:10 PM, Jason Hellenthal wrote: > Sorry for the long subject but has anyone experienced in the ZFS install > for a mirrored setup of two disks that you need to set > kern.geom.debugflags=16 to allow shooting yourself in the foot just to get > the

Re: [pfSense] boot/loader.conf.local deleted upon reboot

On Wed, May 16, 2018 at 2:03 PM, PiBa wrote: > Looks like everything that has the word 'console' in there gets deleted > from loader.conf.local.. > > I suppose the 'platform' is not one of these.?: > if ($specific_platform['name'] == 'RCC-VE' || >

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

On Wed, May 16, 2018 at 10:50 AM, WebDawg wrote: > I upgrade via the console now. Not to say that the GUI is broken, but > I must have been a victim of when it was. I have seen what kpa is > talking about in that forum thread too. It is why I always ssh in and > update from

[pfSense] boot/loader.conf.local deleted upon reboot

I run pfSense on an official pfSense branded C2758 system. It has a BMC controller that permits me to use a serial over LAN to COM2. In order to make the system console connect to COM2, the following line needs to be added to loader.conf or loader.conf.local: comconsole_port="0x2F8" in addition

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

I just did the upgrade from the console from 2.4.3 to 2.4.3_1 with no problems in the upgrade. I run on an official pfSense brand C2758 device. On Tue, May 15, 2018 at 11:28 PM, John Kline wrote: > Many of us a e seeing this. >

Re: [pfSense] Host override without host part

On Thu, Apr 12, 2018 at 4:03 AM, Marco wrote: > Hi, > > I need assistance setting up a host override. I successfully set up > a host override for the www host: > > # Services → DNS → Resolver → General Settings → Host Overrides > # works fine > www.foobar.com →

Re: [pfSense] ZFS on 2.4.2

On Thu, Mar 8, 2018 at 3:00 PM, Walter Parker wrote: > Are the FreeBSD 10.2 instructions ( > https://www.netgate.com/docs/platforms/rcc-dff-2220/freebsd.html) still > valid for 11.1? > > >- Connect the console cable (I have that setup) >- Boot from from a memstick

Re: [pfSense] ZFS on 2.4.2

On Thu, Mar 8, 2018 at 11:10 AM, Zandr Milewski wrote: > As someone who has spent easily 100 hours troubleshooting, rebuilding, and > restoring UFS based Netgate boxes that have to function in environments > with less-that-datacenter grade power availability, I'll take

Re: [pfSense] ZFS on 2.4.2

On Wed, Mar 7, 2018 at 8:18 PM, Walter Parker wrote: > don't use ECC. Can anyone show why my solution should switch file systems > (given that I'm keeping my existing hardware) without changing the subject? > I've read many of the scare stories from FreeNAS and they all seem

Re: [pfSense] ZFS on 2.4.2

On Wed, Mar 7, 2018 at 2:04 PM, Walter Parker wrote: > without ECC. If there is a time bomb, then it exists for all file systems > running on computers without ECC. As this one of multiple backups for the > system, the risks are acceptable. > > If you have an actual failure

Re: [pfSense] ZFS on 2.4.2

On Tue, Mar 6, 2018 at 6:51 PM, Peder Rovelstad wrote: > Here's a ZFS tuning guide if you have not seen. > https://wiki.freebsd.org/ZFSTuningGuide > > But only goes to v9. > You 100% do not want nor need to turn on de-dupe. Especially on a boot volume of pfSense.

Re: [pfSense] ZFS on 2.4.2

Here's my simple backup script function. Just stick it into a /bin/sh script (should work in bash too) and call it once per pfSense instance. I've been using this for years to backup my production firewalls. pfsense_config() { local FWNAME FWURL FWPASS CSRF CSRF2 COOKIEFILE PFDATE

Re: [pfSense] ZFS on 2.4.2

You don't need to export the pool on shutdown. Even an unclean shutdown should survive automatically on the reboot. I can't think of a reason ZFS would fail like you describe. On Wed, Feb 21, 2018 at 12:23 PM, Walter Parker wrote: > Hi, > > I have 2.4.2 installed on an

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

If you're going to use IPSec mobile client with an iPhone, it does not seem to propose the GCM variants of AES, only the CBC ones with SHA2. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] pfSense 2.4 consistently crashes daily

0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 12 (irq267: vmx0) > > On Mon, 20 Nov 2017 at 20:55 Vick Khera <vi...@khera.org> wrote: > > > On Mon, Nov 20, 2017 at 7:36 AM, Liwei &l

Re: [pfSense] pfSense 2.4 consistently crashes daily

On Mon, Nov 20, 2017 at 7:36 AM, Liwei wrote: > > Anyone has any idea what's going on? Restoring to pfSense 2.3 seems to > solve this problem, so it is more likely a software than hardware issue. > > What's your hardware? Have you tested your RAM using memtest86?

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

There are wide-spread reports of ASRock C2750D4I board failures in the FreeNAS forums. I've suffered from it. Not sure if that applies to the board you are considering. There are also wide-spread reports of issues with the Supermicro board you are considering. I have 4 of these in service for 3+

Re: [pfSense] IPv6 1:1 NAT problems

P.) That's one of the specific use cases for Network Prefix > Translation. (I don't have the RFC handy, sorry.) > -Adam > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick > > Khera > > Sent: August 2, 2017 21:20 &

Re: [pfSense] IPv6 1:1 NAT problems

Is NAT even a thing with IPv6? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] RFC2136 Dynamic DNS doesn't update when the "Public IP" option is set

On Thu, May 11, 2017 at 3:40 PM, Julian Heisz wrote: > Are you using the default public IP finder (forget the specific term > pfSense uses and not in a position to check at the moment) or do you have a > custom one set up? I have a custom one set up, which works for other

Re: [pfSense] Wifi

1. Assign a static IP for the device to control via the DHCP server. Force the device to re-fetch its IP so it can get this new dedicated address. 2. create a schedule entry in the Firewall -> Schedules configuration. For example, 4pm - 8pm Sunday through Thursday (I call this "school

Re: [pfSense] RFC2136 Dynamic DNS doesn't update when the "Public IP" option is set

On Thu, May 11, 2017 at 1:06 AM, Julian Heisz wrote: > This appears to be an issue with pfSense, however the wiki suggests that I > use the forum or mailing list before submitting a ticket in Redmine. Of > "works for me". My DNS server runs BIND 9. My pfSense sits behind

Re: [pfSense] looking for silent and powerful pfsense hardware

On Tue, Mar 28, 2017 at 12:50 PM, Matthew Hall wrote: > > The only silent systems I have are based on the Atom C2758 processor, > and I > > do not think those will handle a full gigabit connection at full speed. > > This isn't right, the SG-2440 can do it. > I stand

Re: [pfSense] looking for silent and powerful pfsense hardware

On Tue, Mar 28, 2017 at 9:00 AM, Eero Volotinen wrote: > Well, I don't know PPS values :) This is just home gigabit connection for > .. surfing/movies/4K streaming :) > Oh, well I don't think you'll need much more than one of the models Netgate sells, then, aside from

Re: [pfSense] looking for silent and powerful pfsense hardware

On Tue, Mar 28, 2017 at 2:59 AM, Eero Volotinen wrote: > Looking for pfsense hardware that can handle 1000M/1000M internet > connection with NAT. > I would recommend at least a Xeon processor base system for that traffic. Really, the limit is PPS; do you know what that

Re: [pfSense] SIP through IKEv2-tunnel

You only need siproxyd if you have multiple SIP clients inside your network trying to talk outside. SIP should work just fine in your situation where your PBX software and your client are within the same VPN and do not block any traffic. That is, I have a situation like this and it works just

Re: [pfSense] Running newer then released?

Isn't it on the *same* > version as the official release? > > On Sat, Mar 4, 2017 at 3:10 AM, Vick Khera <vi...@khera.org> wrote: > > > What number exactly are you fretting about? > > > > As of Feb 16, FreeBSD 10.3-p16 was current, and pfsense 2.3.3 was and is >

Re: [pfSense] Running newer then released?

What number exactly are you fretting about? As of Feb 16, FreeBSD 10.3-p16 was current, and pfsense 2.3.3 was and is still current. On Fri, Mar 3, 2017 at 9:07 AM, Stephen Shkardoon wrote: > The issue is that the message displayed is, exactly: > ``` > 2.3.3-RELEASE

Re: [pfSense] Documentation about acme

On Thu, Feb 16, 2017 at 5:12 PM, Travis Hansen wrote: > The certs should show up in System -> Cert Manager -> Certificates > If DNS works for you great, otherwise you may be interested in the > following links for integration with haproxy (at least haproxy running on >

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Thu, Jan 26, 2017 at 3:12 PM, Vick Khera <vi...@khera.org> wrote: > ahci_load="YES" > Indeed, this line is leftover from olden days. This is not necessary anymore with the FreeBSD 10.x kernel. ___ pfSense mailing list htt

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Thu, Jan 26, 2017 at 12:17 PM, Karl Fife wrote: > Would you mind sharing a snapshot of your Rangeley-optimized tunables? > > IIRC there are un-editable tunables that show on your tunables page that > are not called out in the XML config. > > Thanks Vick > > This is the

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Wed, Jan 25, 2017 at 4:01 PM, Karl Fife wrote: > I recently did a virgin install of 2.3.2 nano on an older atom (a Soekris > 6501), and found there were no tunables for kern.ipc.nmbclusters nor > kern.ipc.nmbufs. Maybe it's a nano/full-install difference?I would >

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

On Wed, Jan 25, 2017 at 1:10 PM, Karl Fife wrote: > pfsense 2.2.6 was running without issue on our Supermicro A1SRi-2758F > rangeley board (Intel Atom C2758) > Are you sure you didn't hard-code them before in the system tunables section under 2.2? On my C2758 system (exact

[pfSense] system CA certificate generator change

I just made a new certificate using my own CA with the UI in pfsense 2.3.2-p1 for one of my firewalls. It appears that how it is generated does not allow Chrome or Firefox to recognize it by the CN, only the aliases. A certificate I generated using the UI in 2014 does however, work with the

Re: [pfSense] Aliases grouping

On Wed, Dec 7, 2016 at 2:56 PM, Luc Paulin wrote: > For curiosity how do you manage the aliases naming ? Do you have some sort > on naming convention depending of the aliases is an IP/Host/Network and or > if it's and aliase of aliases ? > I tend to use names like

Re: [pfSense] pfsense + carp + ha

I use commodity x86 (64-bit) hardware. I tend to make my pairs identical, so I know the backup can handle the load if the primary keels over. There's no hard requirement for that, though. On Tue, Nov 15, 2016 at 3:19 PM, Eero Volotinen wrote: > Hi List, > > What are

Re: [pfSense] pfsense default firewall configuration

On Tue, Nov 15, 2016 at 3:17 AM, user49b wrote: > I have heavily modified my IPcop configuration and just wanted to know if > pfSesnse's default firewall configuration is good enough. The default is deny everything inbound, and allow everything outbound. Nobody can say what's

Re: [pfSense] Diagnosing System lag

On Sun, Oct 23, 2016 at 1:38 PM, Ryan Coleman wrote: > Why? 57,265 pings sent. 57,625 pings received. If you get more pings than you send, someone thinks they're you. Find out who is sharing the IP and fix that. ___ pfSense

Re: [pfSense] Diagnosing System lag

You get that same lag from all devices? I agree you should investigate the wires and switches. Try wiring your computer directly to the LAN port on the APU and see if you get any delays. On Sat, Oct 22, 2016 at 2:41 PM, Ryan Coleman wrote: > I had in the past.. but I’ll

Re: [pfSense] Lightning strike

On Thu, Oct 13, 2016 at 6:25 PM, Walter Parker wrote: > Problem is that all of the current OS do this sort of renumbering (I'd have > to check, but I think it could be a hardware/driver issue). IIRC Linux > systems have had this sort of problem in even greater measure than the

[pfSense] dpinger data collection

I'm trying to trace how the data gets from dpinger into the RRD file and ultimately into the UI. I see dpinger is writing to a socket, but I cannot for the life of me find what process is reading that socket and writing to the RRD file. How does that happen? My ultimate goal is to see if I can

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle wrote: > On 09/30/2016 11:53 AM, Steve Yates wrote: >> >> So you could keep your list somewhere else on a web server. > > > This is what I do. > > And I grab the list from > > http://www.wizcrafts.net/chinese-iptables-blocklist.html

[pfSense] shaper wizard LAN queues

Is there a reason the traffic shaper makes queues on the LAN? None of the firewall rules it makes references the LAN queues. Is it just for my future use convenience? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the

[pfSense] shaper questions

I'm reading over the shaper guide at https://doc.pfsense.org/index.php/Traffic_Shaping_Guide and I find I still have some confusion. The document seems to be in need of some updating. There are no definitions of what the scheduler types FAIRQ and CODELQ are not defined. What would be their use

Re: [pfSense] Export user account/password issue

On Wed, Sep 14, 2016 at 10:44 AM, Satish Patel wrote: > How do i convert old style password to new FreeBSD style password in > master.passwd file? is it possible with pwd_mkdb? You cannot; they are one-way hashes. The first part of the resulting string identifies which

Re: [pfSense] looking for perfect pfsense box for home?

My home office is protected by a Netgate APU box (which it seems they have replaced with some other device at the low end now). It is a little pricey, but they offer great support and it supports the project in the best way. On Wed, Aug 3, 2016 at 3:37 AM, Eero Volotinen

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

On Sat, Jul 30, 2016 at 12:19 AM, Jim Thompson wrote: > As a reminder, pfSense 2.4 will not support i386, and will not support the > 'nano' image. Does this imply that we will need to do a full re-install on our Netgate APU's or will there be a clean self-upgrade process?

Re: [pfSense] Installation issues of latest release (2.3.2) resolved?

On Fri, Jul 29, 2016 at 10:37 PM, Ryan Coleman wrote: > So does this effect APUs running the AMD64 architecture? I updated from 2.3.1 to 2.3.2 the APU at my home office with zero problems. It just took a good long time to clone the boot slice before updating, which also

[pfSense] IPv6 being used for NTP even though IPv6 is not configured

According to the System/Advanced/Networking page, there is an option to prefer IPv4. However, it says this: "if IPv6 is configured and a hostname resolves IPv6 and IPv4 addresses, IPv6 will be used." I do not have IPv6 configured -- all my interfaces are statically configured. The only IPv6 I see

Re: [pfSense] 502 Bad Gateway

On Thu, Jul 7, 2016 at 2:16 PM, Bill Arlofski wrote: > I guess I will remove it the next time this happens and see if there is any > change. > It seems to me you should remove it *before* to see if you avoid it happening. ___

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

On Wed, Jun 8, 2016 at 6:31 AM, David White wrote: > I didn't think I would have to setup a new server / port for each remote > office. I thought that, with the SSL/TLS setup, I could have a single > server and configure it so that clients can see & interact with each

Re: [pfSense] Question about OpenVPN Point-to-Multi-Point Setup

On Tue, Jun 7, 2016 at 3:03 PM, David White wrote: > I know that this can be done, but I've never actually done it. Are there > some good resources I can review, besides > https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site > > ? For branch offices, > If you can manage

Re: [pfSense] FreeBSD on uFW

On Wed, Jun 1, 2016 at 5:58 PM, Jim Thompson wrote: > you prefer ‘m1cr0Wall’, perhaps? > I'm totally the wrong person to brand a product. > > Netgate used to have a m1n1wall product (which shipped with m0n0wall at > first, then pfSense). > I remember that...

Re: [pfSense] FreeBSD on uFW

On Wed, Jun 1, 2016 at 4:54 PM, Jim Thompson wrote: > Vick, no, it’s not in the Netgate storefront (yet). There are a handful > of boards in the world. This one is on my desk at home. > https://twitter.com/gonzopancho/status/738098254890471424 > > > > Cool. I found the

Re: [pfSense] FreeBSD on uFW

What is a uFW? Google is not my friend (keeps finding some stupid firewall package for linux) and I see nothing on the netgate storefront that seems to be it. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project

Re: [pfSense] IPSec nat issue

On Wed, May 25, 2016 at 8:54 PM, Lyle wrote: > The other end has a conflict with our LAN addressing(192.168.1.0/24). So > in phase 2, we setup a Tunnel IPv4 using 193.168.1.0/24 > > for the local Network. NAT/BINAT network of 192.168.85.0/24. Their > remote network is

Re: [pfSense] Unbound connections: excessive???

On Sun, May 22, 2016 at 8:26 PM, Bryan D. wrote: > Is it normal to have this kind of increase in the number of UDP DNS-port > states when moving to unbound with this kind of configuration? > One would expect that a dns resolver would have to communicate with hundreds if not

Re: [pfSense] 2.2.6 HA to 2.3 Upgrade Advice

On Tue, May 10, 2016 at 4:55 PM, Mike Montgomery wrote: > I have two servers, setup in high availability that are currently running > 2.2.6. I have been running 2.3 at home and my test servers and am ready to > upgrade the office to 2.3 as well. I have been reading

Re: [pfSense] Aggregated WAN traffic

On Tue, May 10, 2016 at 9:45 AM, Randy Morgan wrote: > Having said that there is some question in my mind as to how this actually > works. Some of what I read indicates that the aggregation actually causes > the LAGG port to, effectively, operate on QOS functionality,

Re: [pfSense] 2.3_1 ?

On Thu, May 5, 2016 at 3:05 PM, Jim Thompson wrote: > it’s documented that you need to (re)start NTP manually. > Where would one learn this? The update page doesn't say anything about "after applying this update, do XYZ". That would be the ideal place, IMO.

Re: [pfSense] 2.3_1 ?

On Thu, May 5, 2016 at 9:47 AM, Jeppe Øland wrote: > This install is running a 4G NANO image ... maybe there's a problem with > that? > I just did the update on a nano image system (netgate, not vanilla pfsense) and had success other than having to manually restart ntpd.

Re: [pfSense] 2.3_1 ?

On Tue, May 3, 2016 at 11:24 AM, Jeppe Øland wrote: > Does this update actually work? > > After hitting install and crunching for a while, it showed "firmware > installation failed!" at the top. > I just did the upgrade and it succeeded. However, ntpd was not restarted on

Re: [pfSense] Site to Site VPN behind nat

On Sun, May 1, 2016 at 8:18 PM, Dane Reugger wrote: > I've seen this done with Aruba but not sure it's possible with PfSense but > if it is I would love a guide to get it going. > Use OpenVPN. It doesn't care at all about the NAT. Many guides online for setting up whole

Re: [pfSense] NTP Drift file not retained (NanoBSD) and "clipping" of

On Fri, Apr 22, 2016 at 5:10 PM, Karl Fife wrote: > Obviously not retained in the case of an abend, but notably ALSO not > retained during a normal reboot. Is there a strategic reason this hard-won > calibration is not retained? I agree this should be preserved the same

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

oh never mind. i first read you did an upgrade. that is a weird symptom... On Thu, Apr 21, 2016 at 8:21 AM, Vick Khera <vi...@khera.org> wrote: > > On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers <g...@weijers.org> wrote: > >> I just performed a clean install of 2.3

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

On Thu, Apr 21, 2016 at 1:53 AM, Gé Weijers wrote: > I just performed a clean install of 2.3 on an AMD64 PC. Everything is fine, > Was your prior install 32-bit? When you switch/upgrade from 32 to 64 bit the RRD graphs break. ___

[pfSense] cannot backup one device

I have 5 pfSense devices: one at my home office, and two set up in pairs at my data center and main office respectively. The data center are running stock pfSense on beefy hardware; the others are all Netgate units running Netgate pfSense. Since the most recent update added CSRF checking, I

Re: [pfSense] APinger times wrong after a few hours

On Wed, Feb 24, 2016 at 8:28 PM, Jim Thompson wrote: > Apinger is… not very good. > > This is why we’ve gone to dpinger in pfSense software v2.3 Yay. I'll be glad to not have that PoS software being critical to my infrastructure.

Re: [pfSense] PFSense for high-bandwith environments

On Tue, Feb 23, 2016 at 9:01 PM, Jim Thompson wrote: > Fun fact, this ’Netflix’ success is using the AES-GCM code that Netgate > co-developed with the FreeBSD Foundation for use with IPsec. > > https://lists.freebsd.org/pipermail/freebsd-security/2014-November/008029.html > > >

Re: [pfSense] Best automated configuration backup options for 2.1.5?

Here's my config file backup script bits for pfSense: curl -k -c ${COOKIEFILE} -d "login=Login=admin=$FWPASS" https://${FWHOST}/diag_backup.php curl -k -b ${COOKIEFILE} -d "Submit=download=checked" -o config-${FWHOST}.xml https://${FWHOST}/diag_backup.php where COOKIEFILE is some secure temp

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote: > > Setting up BIND 9 to manage a dynamic zone is not very difficult. > > Do I need an additional BIND instance besides the unbound that's > already running on the pfSense box? > unbound != bind. I do not know anything about

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

On Wed, Nov 11, 2015 at 2:46 AM, Marco wrote: > How to access the mobile hosts via the same hostname regardless if > they are connected to the LAN or VPN? > Via some form of dynamic DNS perhaps? It seems it should be possible to have the openvpn client run some script that

Re: [pfSense] github.com/google/google-authenticator/ on pfSense 2.2x

> On Oct 14, 2015, at 3:34 PM, Vick Khera <vi...@khera.org> wrote: > > > > and only on FreeBSD servers (not pfSense) > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > S

Re: [pfSense] github.com/google/google-authenticator/ on pfSense 2.2x

The freebsd port for GA works great. I've only ever used it for SSH logins when no public key is used, and only on FreeBSD servers (not pfSense). The only files you really need from the package are /usr/local/bin/google-authenticator /usr/local/lib/pam_google_authenticator.so The configuration

Re: [pfSense] pfSense IP stack crashing.

On Wed, Oct 7, 2015 at 8:20 AM, Bryant Zimmerman wrote: > Any ideas would be appreciated. This units has been stable for 3 years > only rebooted when upgrades occur. This is so out of character for this box > and I need to figure this out ASAP. > I will vote hardware

Re: [pfSense] client VPN on IOS

On Tue, Sep 15, 2015 at 9:18 AM, Ray Bagby wrote: > Anyone have any luck connecting iphone via VPN? > Yes, with the built-in Cisco VPN client. Works great unless you have pfSense 2.2.3 (older and newer work ok) ___ pfSense

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

On Mon, Sep 7, 2015 at 9:24 PM, Ryan Coleman wrote: > How do you get this to function with Dyn.com (formerly DynDNS.com < > http://dyndns.com/ > > >)? I have the paid domain and I’ve gotten CenturyLink DSL modems to > negotiate the IP without issue before but I cannot seem

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

On Tue, Sep 8, 2015 at 8:14 AM, Chris Bagnall <pfse...@lists.minotaur.cc> wrote: > Would you be willing to share your RFC2136/bind9 config? > Here's a copy of my notes: Dynamic DNS Update <http://projects/confluence/display/INF/Dynamic+DNS+Update> - Created by Vick Kher

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client, and HE.net service types

On Mon, Sep 7, 2015 at 2:37 PM, David Christensen wrote: > Do they refer to Hurricane Electric (he.net > > )? > yes. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] pfSense no access to web configurator from internal network

On Sat, Aug 8, 2015 at 5:01 AM, Alfredo Tapia Sabogal alfred.ta...@gmail.com wrote: Vick, Thank you for your prompt response, i change my LAN IP address to 192.168.1.40/24 and the WAN to 192.168.0.10 /24 so when I go to the internet explorer and I wrote the LAN ip address or I ping tolds me

Re: [pfSense] pfSense no access to web configurator from internal network

On Thu, Aug 6, 2015 at 1:12 PM, Alfredo Tapia Sabogal alfred.ta...@gmail.com wrote: internal network (LAN) em1 far as I did well, but I have some problems with my IP's range of IP's from my provider are 192.168.0.1 (router) in the PFSENSE I assigned the network card for the WAN 192.168.0.10

Re: [pfSense] Problem with load vpn status

On Wed, Jul 29, 2015 at 3:18 PM, Edward Josette Ortega Salas edward.jose...@gmail.com wrote: Yes, it was quick: - For setkey -D its took: 0.253u 0.276s 0:31.37 1.6% 93+178k 0+0io 0pf+0w - And for setkey -DP: 0.017u 0.008s 0:00.02 50.0% 204+408k 0+0io 0pf+0w And.. we are talking about

Re: [pfSense] Problem with load vpn status

is that.. that happen it just with ipsecc status bar, the rest work just fine. Thanks again 2015-07-30 10:25 GMT-04:30 Vick Khera vi...@khera.org: On Wed, Jul 29, 2015 at 3:18 PM, Edward Josette Ortega Salas edward.jose...@gmail.com wrote: Yes, it was quick: - For setkey -D its took: 0.253u

Re: [pfSense] Connect pfSense as client to a Hotel WLAN?

On Thu, Jul 30, 2015 at 4:10 AM, Seth Mos seth@dds.nl wrote: The current crown goes to the Dlink DIR510L which is a dual band travel router with dual radios (dual band) and a 4Ah battery for charging The DLink DIR505 has been in my travel bag for a few years. It makes life very easy when

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

On Tue, Jul 28, 2015 at 4:12 PM, Moshe Katz mo...@ymkatz.net wrote: Again, I agree with you that this shouldn't affect your score. I am simply explaining why they do it. based on this explanation, i agree. there's no reason for them to demand your certificate also signs any other domain

Re: [pfSense] Problem with load vpn status

On Wed, Jul 29, 2015 at 10:24 AM, Edward Josette Ortega Salas edward.jose...@gmail.com wrote: Status - Ipsec, i have between 15 and 20min delay for show the information. How long do these commands take to run on the command line: setkey -D setkey -DP If these are quick, I'd suspect that

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

On Sun, Jul 26, 2015 at 10:31 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: I have an issue with Qualy’s: They ding my certification because I have domain.com http://domain.com/ on it and not www.domain.com http://www.domain.com/ (multi-site cert). That’s not a reason to lower a

Re: [pfSense] IPSEC Tunnel with NAT not working under 2.2.3

On Tue, Jul 7, 2015 at 8:39 AM, compdoc comp...@hotrodpc.com wrote: The same thing happened to me. I had to change the Encryption algorithm from AES256 to 3DES to get it to work. Another option is to disable the AES-NI hardware acceleration in 2.2.3.

Re: [pfSense] iphone roaming client stopped routing

On Wed, Jul 1, 2015 at 12:25 PM, Vick Khera vi...@khera.org wrote: With pfSense 2.2.3, the iPhone connects to the pfSense firewall to negotiate the VPN. The status seems to be normal and as far as I can tell all the IPSec bits are in order. Nothing unexpected in the logs. SAD and SPD look

Re: [pfSense] Issues with IPsec and 2.2.3

On Sun, Jul 5, 2015 at 12:03 PM, Ryan Coleman ryan.cole...@cwis.biz wrote: Neither my desktop nor my mobile (OS X 10.10.3 and iOS 8.3) are able to negotiate on a previously-functioning IPsec configuration. Only change I can determine right now is the updated OS of the firewall to CURRENT. I

Re: [pfSense] Loading pfSense on Netgate 1U rack mount server c2758

Are you trying to put the CD ISO image on the USB stick? That doesn't work. You have to use the memstick image. This is not like some linux distros where you use the CD image like this. On Thu, Jul 2, 2015 at 2:31 PM, Paul Upson pmup...@thewestmoreland.org wrote: I recently purchased this

Re: [pfSense] Improving OpenVPN performance

On Wed, Jul 1, 2015 at 10:40 AM, Jon Gerdes gerd...@blueloop.net wrote: Your first job is to establish a real baseline. That is: How fast can you really move data between the two sites without any tunnels? You may have to be creative with NATting and other tricks to get a system at each end

[pfSense] iphone roaming client stopped routing

For years I've had the iPhone roaming client IPSec configuration (using the Cisco IPSec built-in client for iPhone). It has always worked great. I set it up using the instructions on the pfSense forums. With pfSense 2.2.3, the iPhone connects to the pfSense firewall to negotiate the VPN. The

Re: [pfSense] upgrade Openssl Package 0.9.8y in to 0.9.8zd) in pfsense 2.1

pfsense is not distributed with a developer environment. On Thu, Mar 26, 2015 at 5:53 AM, amit saxena amit.linux@gmail.com wrote: Hello Everyone I am going to upgrade Openssl Package* ( 0.9.8y in to 0.9.8zd) *in pfsense 2.1 release Step 1 I have downloaded Openssl-0.9.8zd.tar.gz Step 2

Re: [pfSense] 2.2.1-RELEASE sudo issues?

On Tue, Mar 17, 2015 at 10:23 PM, Manojav Sridhar mano...@manojav.com wrote: on APU1D4, 64-bit. Looks like the user stuff is all buggered up, it wasn't creating the admins group, but am quite sure its got to do w/ permissions and group membership. The only way this could be permissions

Re: [pfSense] pfSense FreeBSD Version

On Tue, Mar 10, 2015 at 12:53 PM, WebDawg webd...@gmail.com wrote: Where is this tracked. I remember I used to be able to install the next version of pfSense, can I still do this? What you're saying you want to try is debugging, not a production solution. pfSense 2.2 already runs the most

Re: [pfSense] NIC Offloading Setting Questions

On Fri, Mar 6, 2015 at 4:02 PM, Jim Thompson j...@netgate.com wrote: Second, none of these were offload-related. Third, the config file doesn't overwrite loader.conf.local. I didn't say they were related; I just said it would be a nice thing if the hardware specific settings were publicly

Re: [pfSense] NIC Offloading Setting Questions

On Wed, Mar 4, 2015 at 5:08 PM, Jim Thompson j...@netgate.com wrote: Ah, so I should have asked _before_ ordering the NICs? $;-) There are many of you, and few of us. As a Netgate and pfSense customer, I think it would help *everyone* if you just posted the special settings for the devices

Re: [pfSense] Pretend to be google's DNS

On Thu, Mar 5, 2015 at 1:48 PM, Marc Peiser li...@nerens.com wrote: Any ideas how I might make this work? Or is there a better solution to this problem? It seems like you should figure out why your client VPN software is broken, and fix that. My personal solution was to just make the

  1   2   3   >