Maybe it can be useful for others: basically the solution was using on pfsense
side
the larges possibile 10.128.0.0/16 network offered from the remote peer
(checkpoint).
I did not understand well IKEv2 traffic selectors.
See https://wiki.strongswan.org/issues/2484
Enrico.
Hi there,
i updated HAProxa from Version 1.7.9 to 1.8 via GUI.
Afer upgrade haproxy seems not redirecting anymore.
Are they known issues with upgrading to version 1.8?
Cheers
Daniel
___
pfSense mailing list
https://lists.pfsense.org/m
Hi,
nope no mail notification is prepared.
Just some simple http frontend and backends with SSL. Nothing special.
I will spend more time in several days to see exactly what happen.
Am 04.12.17, 13:04 schrieb "PiBa" :
Hi Daniel,
Is it consuming 100% of a cpu?
Do you have mail a
I don't think it would qualify as "simple" since it involves setting up an
additional interface on each as well as the CARP virtual IPs.
If you're asking about linking your old router to a new router, the routers
have to use the same hardware interface (NIC) names in order to sync firewall
stat
Well. is that really so hard?
thinking to add carp ip addresses and switching them to main addresses by
editing xml backup and then restoring it to firewall..
I have same hardware (3* sg-8860). one for backup..
Eero
4.12.2017 17.49 "Steve Yates" kirjoitti:
> I don't think it would qualify as
On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote:
>
> Well. is that really so hard?
>
> thinking to add carp ip addresses and switching them to main addresses by
> editing xml backup and then restoring it to firewall..
>
> I have same hardware (3* sg-8860). one for backup..
It depends on how c
well. my plan was to add first carp vip addresses to old configuration with
gui and then
switching them to main addresses using search and replace.
and then just restore config to main firewall and use config sync to
replicate it to secondary..
--
Eero
2017-12-04 18:41 GMT+02:00 Chris L :
> On
> On Dec 4, 2017, at 9:07 AM, Eero Volotinen wrote:
>
> well. my plan was to add first carp vip addresses to old configuration with
> gui and then
> switching them to main addresses using search and replace.
>
> and then just restore config to main firewall and use config sync to
> replicate i
Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to
2.4.2 using the web GUI. There were no packages installed. It appeared
to update OK, and rebooted afterwards. However it came back as version
2.3.5 and now says it's on the latest version, despite going to the
update page and re-sa
Can you ssh into device and drop to shell?
Eero
2017-12-04 21:19 GMT+02:00 Pete Boyd :
> Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to
> 2.4.2 using the web GUI. There were no packages installed. It appeared
> to update OK, and rebooted afterwards. However it came back as v
On 04/12/2017 19:52, Eero Volotinen wrote:
> Can you ssh into device and drop to shell?
Yes, that's where I've been trying the pkg-static commands.
--
Pete Boyd
Open Plan IT - http://openplanit.co.uk
The Golden Ear - http://thegoldenear.org
___
pfSe
I got similar problems on my device :) reinstalled it with 2.4.2 and did
restore from backup.
Anyway, do you have strace or similar tools installed in the box?
Eero
2017-12-04 21:57 GMT+02:00 Pete Boyd :
> On 04/12/2017 19:52, Eero Volotinen wrote:
> > Can you ssh into device and drop to shell?
That sounds like what I saw a couple of times now. If you ssh to the
device and pick the option to update from its console menu, does it update
there?
Also see:
https://forum.pfsense.org/index.php?topic=135078.msg739919#msg739919
...in which I linked to:
https://forum.pfsense.org/index.
strace isn't installed, no packages are installed.
Ideally I'd like to recover this to 2.3.5 or 2.4.2 if possible.
I'd like to not have to do a fresh install and restore of config if
possible, though I can get local people brought in to do that, or have
it posted to me.
People on site can draft in
It might be possible to transfer static version of strace to box via ssh.
this might a bit tricky, but ..
--
Eero
2017-12-04 22:11 GMT+02:00 Pete Boyd :
> strace isn't installed, no packages are installed.
>
> Ideally I'd like to recover this to 2.3.5 or 2.4.2 if possible.
> I'd like to not hav
On 04/12/2017 20:11, Steve Yates wrote:
> If you ssh to the device and pick the option to update from its console menu,
> does it update there?
No, those package repository errors are what I'm seeing when doing that.
I tried the swapping to different repositories in the GUI, trying update
from c
uname -a says this is FreeBSD 11.1-RELEASE-p4 RELENG_2_4
--
Pete Boyd
Open Plan IT - http://openplanit.co.uk
The Golden Ear - http://thegoldenear.org
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Go
The "no address record" error is interesting... Do you have functional DNS from
the CLI?
-Adam
On December 4, 2017 2:29:09 PM CST, Pete Boyd
wrote:
>On 04/12/2017 20:11, Steve Yates wrote:
>> If you ssh to the device and pick the option to update from its
>console menu, does it update there?
>
is dns (nameresolution) working correctly?
Eero
4.12.2017 22.29 "Pete Boyd" kirjoitti:
> On 04/12/2017 20:11, Steve Yates wrote:
> > If you ssh to the device and pick the option to update from its console
> menu, does it update there?
>
> No, those package repository errors are what I'm seeing
On 04/12/2017 20:39, Adam Thompson wrote:
> Do you have functional DNS from the CLI?
No, I can't ping google.com or localdomain names.
--
Pete Boyd
Open Plan IT - http://openplanit.co.uk
The Golden Ear - http://thegoldenear.org
___
pfSense mailing l
Well, that explains why the rest isn't working.
Fix DNS and you problems will (hopefully) go away.
-Adam
On December 4, 2017 2:41:25 PM CST, Pete Boyd
wrote:
>On 04/12/2017 20:39, Adam Thompson wrote:
>> Do you have functional DNS from the CLI?
>
>No, I can't ping google.com or localdomain names
Great, thank you.
--
Pete Boyd
Open Plan IT - http://openplanit.co.uk
The Golden Ear - http://thegoldenear.org
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
well. for temporary fix, try hardcoding needed hostnames in /etc/hosts and
check also that your firewall rules allow access to dns server 53/udp and
tcp.
Eero
4.12.2017 22.41 "Pete Boyd" kirjoitti:
> On 04/12/2017 20:39, Adam Thompson wrote:
> > Do you have functional DNS from the CLI?
>
> N
Ah, I misread your message, sorry.
Per the other posters, check to see if your DNS resolver or forwarder service
is running. At one point I had DNS stop working during an upgrade and it
caused problems. I want to say it was when updating the second (primary)
router, because the DNS on the oth
On 04/12/2017 20:48, Eero Volotinen wrote:
> well. for temporary fix, try hardcoding needed hostnames in /etc/hosts and
> check also that your firewall rules allow access to dns server 53/udp and
> tcp.
Thanks for your help, everyone. I have to do something else for a while
but will get back to th
I'm not sure where to look for a DNS Forwarder issue.
I tried restarting the service.
I looked in firewall rules for WAN.
I changed DNS servers in System > General Setup to Google Public DNS.
I tried turning this off:
DNS Server Override [ ] Allow DNS server list to be overridden by
DHCP/PPP on WA
well. ssh into box and cat /etc/resolv.conf to see nameserver addresses. if
it contains 127.0.0.1 entry, then it is using dnsmasq/unbound or similar
dns cache.
I think it is under services tab..
Eero
4.12.2017 23.56 "Pete Boyd" kirjoitti:
> I'm not sure where to look for a DNS Forwarder issue.
On 04/12/2017 22:08, Eero Volotinen wrote:
> well. ssh into box and cat /etc/resolv.conf to see nameserver addresses. if
> it contains 127.0.0.1 entry, then it is using dnsmasq/unbound or similar
> dns cache.
Thanks for your help. If it comes back after people on site power cycle
it tomorrow then
28 matches
Mail list logo
