On Monday 30 October 2006 20:12, Bill Marquette wrote:
On 10/30/06, Pierre Frisch [EMAIL PROTECTED] wrote:
Hi Bill,
Now that 1.0 is out what is the idea for moving to kernel 6.2? Any
idea of the time frame?
Could we find a solution to keep the interface numbering stable i.e.
when
efforts?
/Peter
On Monday 30 October 2006 21:17, Scott Ullrich wrote:
On 10/30/06, Peter Curran [EMAIL PROTECTED] wrote:
I think you are being too subtle - why don't you tell it the way it is?
You volunteering to do the work or simply trying to throw grease on a fire
Guys
Interesting article (1st of 3) by Daniel Hartmeier (developer of pf) on
undeadly today. see
http://www.undeadly.org/cgi?action=articlesid=20060927091645mode=flat
Not suggesting there is a problem with pfsense, but it makes an interesting
read and may offer some potential things to
Bill
I identified this problem a few days ago when asking about the sizing of state
table entries. I have now had time to study the issue over a longer period
of time.
The site I am working with is pretty busy - they typically have around 10,000
punters on-line during the week: The site
Cacti is a pretty powerful tool, but does need a lot of integration work.
Years ago I used to use a tool called 'Whats UP?'. This was a great little tool for getting a snap-shot of what was working, what wasn't etc. This would be pretty useful in conjunction with pfsense's load balancing and
/sys/net/pfvar.h?rev=1.234content
-type=text/x-cvsweb-markup
--Bill
On 5/15/06, Peter Curran [EMAIL PROTECTED] wrote:
Thanks Holger
I thought I remembered seeing something about this in the past, but
google could not find it.
Interesting it is max 1K per state. I wonder what
:
http://forum.pfsense.org/index.php?topic=1000.msg5953#msg5953
Holger
-Original Message-
From: Peter Curran [mailto:[EMAIL PROTECTED]
Sent: Monday, May 15, 2006 8:54 PM
To: support@pfsense.com
Subject: [pfSense Support] Maximum state table size
Can I ask Scott/Bill/Chris how
It is probably more correct to say that Carp multicasts on all interfaces that
have Carp addresses assigned.
Just to clarify, as there seems to be some confusion over pfsync and Carp.
These are in fact not the same thing: Carp is the mechanism to automatically
fail-over from one interface to
I can confirm Scott's words - I was one of the people with the problem.
My results where exactly the same as you are seeing (except mine was only on
one interface). Carp multicasts stuff on the interface at regualr intervals
and expects to see multicasts from the other system coming in. It is
This problem is caused because IPsec tunnel mode creates 'implicit' tunnels.
These are not visible to the rest of the IP layer, because the decision to
tunnel the traffic is made after the packet has been forwarded.
One easy solution is to create an 'explicit' tunnel, using something like GRE,
-
From: Peter Curran [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 30, 2006 8:53 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Static routes over IPSec
This problem is caused because IPsec tunnel mode creates 'implicit'
tunnels.
These are not visible to the rest of the IP layer
Nuno
Good call - I got my Client onto the switch and checked through the config.
Sure enough one of the firewalls was plugged into a port that was mapped to a
different VLAN. Fixed that and it instantly sprang into life :-)
I am of course kicking myself:
a) Not checking the install
with Intel gigabit NICs. I haven't any spare HW at the
moment so can't myself.
Simon.
-Original Message-
From: Peter Curran [mailto:[EMAIL PROTECTED]
Sent: Saturday, 25 March 2006 7:18 a.m.
To: support@pfsense.com
Subject: Re: [pfSense Support] Carp is a bit confused
Refer to the instructions at www.openvpn.org
/peter
On Saturday 25 March 2006 03:14, jonathan gonzalez wrote:
hi,
can anybody point me how to create the certificates for the openvpn
package that is already enabled in beta 1?
thanks in advance,
jonathan
--
This message has been scanned
. Verify the netmask of the carp interface. It is the
same has the network.
-Original Message-
From: Peter Curran [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 24 de Março de 2006 0:09
To: support@pfsense.com
Subject: Re: [pfSense Support] Carp is a bit confused...
Hi Scott
On Thursday
Well I got most of my problems of last week sorted - a couple of configuration
errors is all it takes to get things badly confused.
I am now left with some 'real' errors
I have two boxes in parallel, running with Carp used to service 6 addresses in
total - 3 on the WAN interface and the
Hi Scott
On Thursday 23 March 2006 23:00, Scott Ullrich wrote:
I have two boxes in parallel, running with Carp used to service 6
addresses in total - 3 on the WAN interface and the remaining 3 spread
between 3 internal interfaces. All seems to work OK - when I check the
Carp status on
me an example of the rule?
On 3/18/06, Peter Curran [EMAIL PROTECTED] wrote:
The firewall rules to manage IPsec are being based on the (CARP) address
entered in the Failover IPsec dialog irrespective of the setting of the
Enable checkbox in the Failover IPsec dialog.
The only way to stop
March 2006 17:47, Scott Ullrich wrote:
I am running failover ipsec at home and work with no issues. I am
using a public IP as one of the carp ips but I am not running a 1:1.
I almost wonder if the 1:1 is stepping on the IPSEC connection.
On 3/19/06, Peter Curran [EMAIL PROTECTED] wrote:
Scott
Does anybody have experience of using the Beta2 embedded image on a larger CF?
I have placed the image on a SanDisk 256MB and a Lexar 256MB (both brands have
worked well for me in the past) and they both give disk access errors
immediately after the disk probe as the kernel boots.
The system
Thanks for the advise.
On Thursday 16 March 2006 02:53, Bill Marquette wrote:
On 3/15/06, Peter Curran [EMAIL PROTECTED] wrote:
I have been asked to setup a couple of pfsense boxes as a
high-availability pair, using CARP. One problem is that only 5 public IP
addresses are available
Is this the correct place to report bugs in pfsense?
/Peter
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
On Friday 03 March 2006 19:45, Scott Ullrich wrote:
It's a good start, yeah. We may ask you to file a ticket in cvstrac
if they are indeed real bugs :)
Thats OK - some of them seem to be listed in the changelog for BETA2, so I
will redo my testing of this afternoon once I have upgraded and
23 matches
Mail list logo