lagg support (FEC and LACP) with VLAN trunking is in -HEAD currently,
it's up to coreteam to decide if it will be in 1.3 or not.
-Kyle
Chris Daniel wrote:
pfSense does not support link aggregation, but since it's FreeBSD, you
should be able to do it via lagg(4) (see
http://www.freebsd.org/do
http://doc.pfsense.org/index.php/HOWTO_disable_acpi
-Kyle
Sean Cavanaugh wrote:
just change the config to boot with ACPI off by default. there are
instructions how to do this in the Wiki.
-Sean
> Date: Fri, 17 Aug
I only open UDP 1194 in my WAN rules, uncheck block private networks on
WAN interfaces and unchanged default LAN rules.
Activated advanced outbond nat (AON) in NAT with only auto created rules.
I don't think you need to uncheck block private networks on the WAN
interface, nor mess with AON.
When you specify the CA Cert, you specify it on a per-client basis (in
myconfig.ovpn):
## SSL Options, must be modified with correct key/crt
tls-client
ca myca.crt
cert mycert.crt
key mykey.key
-Kyle
David L. Strout wrote:
I have the OpenVPN client setup and running on a Windows client and I
This is what I came up with, not sure if it will apply to what you need
it to do. Good luck!
http://chaos.untouchable.net/index.php/PfSense_advanced_outbound_nat_example
-Kyle
Wade Blackwell wrote:
OK that makes sense,
So if I understand correctly both scenarios are destination NAT,
you
ng flag #1
-proto2RTF_PROTO2 - set protocol specific routing flag #2
-llinfoRTF_LLINFO - validly translates proto addr to link addr
For now, I'll just add the above route to the shellcmd section in my
config.xml.
-Kyle
Kyle Mott wrote:
Hi,
I have a network (172.1.1.0/24)
Hi,
I have a network (172.1.1.0/24) on an interface, em0 (10.20.100.0/24)
that I need to be able to route to a different interface, em2
(10.10.100.0/24). I got this working with Shorewall on Linux by adding a
static route for 172.1.1.0/24 to 10.20.100.1 (IP of em0). However, when
I try it on
over later.
- Original Message -
From: "Chris Buechler" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 31, 2007 3:05 PM
Subject: Re: [pfSense Support] CDROM ISO boot using input/output from
COM1 (Serial)?
Kyle Mott wrote:
Ok, I got it to (sort of) boot by getting a
se?
http://lists.freebsd.org/pipermail/freebsd-stable/2007-January/032446.html
-Kyle
Tim Dickson wrote:
It will work... just means you missed something somewhere.
You also could setup everything on the harddrive on another machine and
then swap it over.
-tim
-Original Message-----
From:
abled.
Holger
-Original Message-
From: Kyle Mott [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 31, 2007 5:03 PM
To: support@pfsense.com
Subject: [pfSense Support] CDROM ISO boot using input/output
from COM1 (Serial)?
Hi,
Is there any way to get one of the snapshots to boot from a
Hi,
Is there any way to get one of the snapshots to boot from a CDROM, using
COM1 (serial) for the input/output? I've got a box that has 10 x gigabit
Intel NIC's, and I'm trying to get pfSense on it but it has no video
port. :<
-Kyle
rich wrote:
We need to audit check_reload_status and fix the bugs.
Scott
On 1/26/07, Kyle Mott <[EMAIL PROTECTED]> wrote:
Hi,
I just installed the snapshot from 01/24/2007, and after ~3 hours, I
made an ACL config change and applied changes. When I went to my client
PC to verify I could
Hi,
I just installed the snapshot from 01/24/2007, and after ~3 hours, I
made an ACL config change and applied changes. When I went to my client
PC to verify I could then connect to the host I wanted access to, I
still could not. I logged on to the pfSense box via SSH, and noticed
check_reloa
engths on our developer
list. I would start by auditing check_reload_status.
Scott
On 1/16/07, Kyle Mott <[EMAIL PROTECTED]> wrote:
Is there a bug open on this currently? I'd like to see what ya'll have
done so far, so I don't repeat myself.
-Kyle
Scott Ullrich wro
Is there a bug open on this currently? I'd like to see what ya'll have
done so far, so I don't repeat myself.
-Kyle
Scott Ullrich wrote:
Unfortunately none of us have a clue on this bug. How another program
can inherit anothers soket descriptor is just beyond our grasp.
O
Do you need help with the bug? Is there anything I can do?
Do you guys have any beta builds of 1.1 (or whatever the next version
will be) that I can try?
-Kyle
Scott Ullrich wrote:
On 1/15/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:
It is not normal but we do know of the bug*
--
re-start the services I
previously killed.
-Kyle
Kyle Mott wrote:
pfSense > *
Thanks Scott, works like a charm now.
-Kyle
Scott Ullrich wrote:
Upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-23-2006/
On 12/27/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Anybody?
-K
pfSense > *
Thanks Scott, works like a charm now.
-Kyle
Scott Ullrich wrote:
Upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-23-2006/
On 12/27/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Anybody?
-Kyle
Kyle Mott wrote:
> Hi,
>
> I just realized that I
Anybody?
-Kyle
Kyle Mott wrote:
Hi,
I just realized that I can't seem to get OpenVPN to listen on TCP/443 on
the WAN interface of my 1.0.1-SNAPSHOT-12-21-2006. I use this very
heavily to get access to my home systems from within a companies proxy
infrastructure.
Is there any way to
Hi,
I just realized that I can't seem to get OpenVPN to listen on TCP/443 on
the WAN interface of my 1.0.1-SNAPSHOT-12-21-2006. I use this very
heavily to get access to my home systems from within a companies proxy
infrastructure.
Is there any way to make TCP/443 always available so I can us
Hi,
I noticed that the "Access Darkstat" link under Diagnostics -> Darkstat
is not generated correctly if you are using SSL with a non-standard port
for the console. I use 65535, and the links end up coming up like this.
Can we do anything about this?
onClick="document.location='http://172.1
I tried adding a hostname to my IPSEC config for the remote gateway, and
it brought all of my other tunnels down. Should we be able to do this?
If not, could we possibly include it in a future release?
-Kyle
-
To unsubscribe,
y what I saw on both RC3 and 1.0
Wade B
On 11/1/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Hi Guys,
I recently updated to 1.0.1, but my OpenVPN config stopped working.
Naturally, I rebooted, and it worked for a while, then stopped again.
So, I disabled/enabled the tunnel, and that didn&
Hi Guys,
I recently updated to 1.0.1, but my OpenVPN config stopped working.
Naturally, I rebooted, and it worked for a while, then stopped again.
So, I disabled/enabled the tunnel, and that didn't get it working
either. I noticed the following in the OpenVPN logging tab:
Nov 1 22:27:51 open
I've got about 20 tunnels to several remote networks, some
PFSense/m0n0wall, others to WatchGuard v80's/v60's, and they all work great.
-Kyle
Fuchs, Martin wrote:
We have a FortiGate 400 and pfSense and it works with IPSec like a charm...
What's up with it ?
BTW: We're gonna kick out FG4
Thanks Scott, that fixed it!
-Kyle
Scott Ullrich wrote:
Upgrade to 1.0-RC3e.
Apply a, b, c, d then e in that order.
On 10/11/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Hi,
I'm running RC3, and every time I save my config, the webgui hangs. I
deleted my tun0 interface, but it
Hi,
I'm running RC3, and every time I save my config, the webgui hangs. I
deleted my tun0 interface, but it looks like it's still trying to bring
up the tun0 interface which is hosing openvpn. I am running my openvpn
on port 443, and I have deleted the tun0 interface in the gui.
Let me know
It's not required, but it is nice to have, as you can monitor traffic on
it via SNMP. Can we leave it assigned without harmful effects?
-Kyle
Scott Ullrich wrote:
On 9/30/06, Captain Bablam <[EMAIL PROTECTED]> wrote:
Good afternoon,
Anyone get a chance to look at the attached and make s
24/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Yeah, I just installed it yesterday (1.0-SNAPSHPT-09-21-06). Even with
no rules on tun0, all clients get full access to any internal system.
Has anyone else run into this?
Same situation with IPSEC, there is not fine control of traffic yet.
We cann
Yeah, I just installed it yesterday (1.0-SNAPSHPT-09-21-06). Even with
no rules on tun0, all clients get full access to any internal system.
Has anyone else run into this?
-Kyle
Rob Terhaar wrote:
have you tried out the latest nightly? :D
On 9/20/06, Kyle Mott <[EMAIL PROTECTED]>
Do we have any more info about this? Is it a bug?
-Kyle
Kyle Mott wrote:
No, that's not the case :D. All I did was follow the HowTo, and then
modify the ACL's.
-Kyle
Rob Terhaar wrote:
ok perhaps this is a stupid question, but can you provide more
information about your test
onnection while you're connected to the
local lan side of your pfsense box?
On 9/13/06, *Kyle Mott* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
I removed all of the rules on my TUN0 interface, and it still let me get
anywhere on the LAN when connected remo
it might be a
bug or a limitation (which I can't say for sure right now).
Holger
-Original Message-
From: Kyle Mott [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 13, 2006 10:09 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] OpenVPN Clients and FW ACL's
That&#x
, and see what your firewall does then?
On 9/12/06, *Kyle Mott* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
I've attached a JPG. Even with that ACL, I can get to RDP on my main
box
on the LAN interface from any OVPN client. I followed the HowTo, but the
llow access
to specific hosts/ports/protocols, which doesn't seem to be working as I
would expect.
-Kyle
Rob Terhaar wrote:
Did you follow the howto on the wiki to get openvpn setup?
what does your firewall ruleset look like for your openvpn interface on
the pfsense?
On 9/12/06,
Hi,
I'm noticing that no matter what kind of block statements I put on my
LAN or TUN0 interface, my OpenVPN clients can always get to anything it
wants on the LAN interface (and vice versa). Is this normal behaviour? I
was hoping to have a bit more granular control over what clients can
acces
Hi,
I think I already know the answer to this, but figured I'd ask anyways.
Does pfSense work on SPARC32/SPARC64 platforms?
-Kyle
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
be working :<
http://forum.pfsense.org/index.php/topic,1224.msg7214.html#msg7214
-Kyle
Gary Buckmaster wrote:
That's because you aren't following the instructions. Please consult
the documentation and pay careful attention to the part where you are
required to set up a virtual IP address on
:1 NAT and it works swimmingly.
Kyle Mott wrote:
Hi,
Quick question, is it possible to do SNAT somehow that I'm just not
thinking of? IE, 192.168.100.122 VIP on the WAN -> 10.20.100.1
(Interface IP of LAN), so when connections are made to other hosts in
the LAN network, it's coming from 10.
Hi,
Quick question, is it possible to do SNAT somehow that I'm just not
thinking of? IE, 192.168.100.122 VIP on the WAN -> 10.20.100.1
(Interface IP of LAN), so when connections are made to other hosts in
the LAN network, it's coming from 10.20.100.1 (instead of whatever it
happens to be out
I don't suppose there's any chance we can get that in the GUI sometime
in the future, can we? :<
-Kyle
Scott Ullrich wrote:
On 7/14/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Hi,
I was wondering if there's a way to hard-set a speed on an interface if
it's not
Hi,
I was wondering if there's a way to hard-set a speed on an interface if
it's not sync'ing correctly (IE, it's set to 100/half, and it should be
100/full)?
-Kyle
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
I'm using a non-standard config, and want to rename the WAN and LAN
interfaces to better reflect my network topology. Is that possible?
-Kyle
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
I've been getting this in my crontab message for my mirror:
rsync: send_files failed to open "/cvs.tgz" (in mirrors): Permission
denied (13)
rsync error: some files could not be transferred (code 23) at main.c(1173)
Looks like permissions in the mirror need to be checked.
-Kyle
Scott Ul
So, I've noticed that if I have a m0n0wall system configured to do SNMP
and Remote Syslog and I have a server in my DMZ behind pfSense (and of
course an IPSec tunnel between them), snmpwalk from the server in the
DMZ to the m0n0wall doesn't work, and nor does setting up the remote
syslog on the
order to get back to the shell.
BTW, is SSH broken in 0.89.2? I can't seem to SSH in to it.
-Kyle
Scott Ullrich wrote:
Maybe this screen shot will help:
http://www.pfsense.com/screens/redirect_lan_to_another_mail_server.PNG
Scott
On 10/26/05, Kyle Mott <[EMAIL PROTECTED]> wrote
Is there a way to set this up in pfSense though? I'm a bit confused as
to what my rules need to be (my first thought is LAN Subnet 80/TCP
=> DMZ Host:6060 via port forward). Is that correct?
-Kyle
Gary Buckmaster wrote:
I think the confusion here stems from where squid lives on the networ
Hey, so I have a Squid box running Dansguardian on my DMZ interface, and
I want to be able to direct (transparently of course) any HTTP/HTTPs
traffic destined for the internet to my Squid server in my DMZ.
Currently, I just use the manual proxy config (which is a PITA). Is
there a way to do thi
ed? I wanna try installing 0.67.8 and
then upgrading to 0.72 or 0.73.
-Kyle Mott
Wesley Joyce wrote:
Kyle, in my
experience, installing 0.67.8
from ISO and upgrading to 0.73 works. Installing 0.72 from ISO does
not work.
From: Kyle
Mott [mailto:[EMAIL PROT
for my WAN DHCLIENT config. I havent
been able to track it down, but I'll keep working on it.
-Kyle Mott
analyzerx wrote:
try installing a older version and upgrading (0.6.X seem
to be working fine)
also try the new version i think there are some changes for this
bug/thing
On
I'm getting the same exact error, every time I try to install the
0.71.12 ISO. I had to revert back to m0n0wall (hopefully temporarily).
-Kyle Mott
Scott Ullrich wrote:
Does this happen every time you attempt an install or did you only try once?
Scot
On 7/30/05, Wesley Joyce &l
Seems like everything is fine in 70.6. Keep up the good work guys!
-Kyle Mott
Scott Ullrich wrote:
Could be. If your not using the captive portal feature i would
suggest upgrading to 0.70.4 or check cvrstrac for when dhclient was
last changed http://cvstrac.ucsecurity.com/timeline
Just want to make sure I'm not going insane... Is there something wrong
with dhclient in 70.2?
-Kyle Mott
Kyle Mott wrote:
I did what you said, and everything was fixed, less the execve error.
I believe the dhclient binary has a compiled-in type-o (at least, as
far as I can tell).
]: exiting.
Jul 14 16:47:40 dhclient[1376]: exiting.
Jul 14 16:47:40 dhclient[1376]: execve (/etc/dhclient-script, ...):
No such file or directory
Jul 14 16:47:40 dhclient[1376]: execve (/etc/dhclient-script, ...):
No such file or directory
-Kyle Mott
Scott Ullrich wrote
[1101]: execve (/etc/dhclient-script, ...):
No such file or directory
Jul 14 16:47:11 dhclient[1099]: no such user: _dhcp, falling back to
"nobody"
Jul 14 16:47:11 dhclient[1099]: no such user: _dhcp, falling back to
"nobody"
Just thought I would let ya'll know. Great work thus far, keep it coming!
-Kyle Mott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
55 matches
Mail list logo
