I'd suggest installing pfSense at a home location for benefits that pfSense
provides. The ability for you to see what is going on on your network is
much greater than with any of the consumer routers.
If you get a little Netgate SBC, you can have a ofSense router with the
same size and power specs
The big problem with asking the question "Has the NSA required you to add a
back door?" is that no small company that wants to say in business can or
will say yes (If they do, no one will trust/use the product unless forced
themselves). The company will agree/be forced to say no. How does one tell
About that made in the USA thing, the NSA has deals with overseas companies
as well...
Plus, the GCHQ and several other foreign spy agency's have done similar
things, so if you starting asking, you discover that the major governments
are trying to do this and have succeed more often than we would
To answer your question about throwing the first stone. Your question reads
a bit like the "Are you a criminal/commie?" questions. Many people would
object to the question at the start because it implies that the people
being asked the question has done something wrong. Watching the reactions
to po
Also, per the founder's statements, this was not the first request. He had
"helped" the government with requests for information about other users in
the past...
See the latest Wired/Ars Tech write ups for what was different this time.
Walter
On Wed, Oct 9, 2013 at 1:16 PM, David Ross wrote:
wife yet?" and
tell me if you would be upset if someone asked you that question.
Walter
On Wed, Oct 9, 2013 at 1:26 PM, Thinker Rix wrote:
> Hi Walter,
>
>
> On 2013-10-09 21:53, Walter Parker wrote:
>
>> To answer your question about throwing the first stone. Your qu
gards, Pim
>
>
> On 9 okt. 2013, at 22:26, Thinker Rix wrote:
>
> > Hi Walter,
> >
> > On 2013-10-09 21:53, Walter Parker wrote:
> >> To answer your question about throwing the first stone. Your question
> reads a bit like the "Are you a criminal/commie?&
There is an issue with doing NanoBSD (the embedded image) upgrades from
2.0.X to 2.1 that can cause /var to fill up. The fallout effect of this
causes the interfaces to not come up. If you search the mailing list
archives you will see that it has hit other people and that workarounds are
required t
As I see it, there are are two things that can happen here
1) NSA breaks into pfSense without knowledge of the staff => The only
solution is source code and binary review. This is not an option for people
like Thinker Rix or other non coders. The mostly spot for this to happen is
upstream from the
Who would you trust more that ESF? Why,specifically, would you trust
another group of people to be more trustworthy? I admit to have a USA bias,
but for the issue in question, I don't there being a much better choice.
The UK has less freedoms in this matter. But then this is turning into a
case of
s). But that is me, maybe you
prefer to decide to move first and then figure out where you are going
after you have left (rather than planning where you are going before you
leave).
Walter
On Fri, Oct 11, 2013 at 12:11 PM, Thinker Rix wrote:
> On 2013-10-11 21:20, Walter Parker wrote:
>
&
to the targeted countries. It is probably no exaggeration to
state that this 20th century version of the "Trojan horse" is quite likely
the greatest sting in modern history.
On Fri, Oct 11, 2013 at 12:49 PM, Adrian Zaugg wrote:
>
>
> On 10/11/13 8:20 PM, Walter Parker
So, if I have an ALIX that I would like to upgrade, how much would I have
to increase /tmp and /var by to have the upgrade run to completion without
filling the partitions?
Walter
On Fri, Oct 11, 2013 at 2:25 PM, Jim Pingle wrote:
> On 10/11/2013 4:58 PM, Jens Kühnel wrote:
> > I'm not a Free
I have a pfSense 2.0.3 box with 5 interfaces, two of which are on
motherboard ethernet controllers using the NVIDIA nForce4 CK804 MCP9
Networking Adapter chipset.
These two connections connect to the upstream IP (WAN) and to the old IP
space for the local network (LAN).
I've been seeing the the c
Hi,
I've got a pfSense router with a WAN connection that has 4 interfaces:
WAN - A 200 mbs connection. This is on a /20 subnet and the other side is
the default route.
LAN - This is a static routed /24 network from the company providing the
200 mbs WAN connection
COMCAST - This is a static routed
You don't need to open your rule set to allow every one on the internet to
ping any address. Just allow the HE broker subnet to ping any address in
the tunnel subnet.
On Dec 5, 2013 11:51 PM, wrote:
>
> Hello list,
>
> The DynDNS logic seems to work in this wrong order:
>
> 1 Figure out the new
I've been asked if pfSense has multiple routing tables. Specifically, there
is kernel option in FreeBSD:
options ROUTETABLES=2
Which enables you to setup a second routing table for a second interface.
Does pfSense use multiple ROUTETABLES? If not, why not and does the
existing policy based rou
Hi,
I have a pfSense box with multiple WAN connections (on on TW and one on
Comcast)
I appear to got MultiWAN working for outbound traffic, in that:
I can ping/traceroute from either interface and the traffic routes out and
comes back.
But inbound traffic only appears to work if it comes into the
Once you create a gateway, you can not rename it from the GUI. I had to
delete and re-create my gateway in order to rename it.
On Tue, Jan 7, 2014 at 12:02 PM, Matthias May wrote:
> Am 07.01.2014 20:52, schrieb Joe Landman:
>
> Hi folks:
>>
>> I am trying to match a spec we've been given as
By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
traffic, you will need to allow it (add rules on both the WAN and LAN
sides). But you might want to notice something else. If PFSense is
operating as a straight up router where you don't want NATing of the LAN
packets, then you w
n of 192.168.1.1 of which is dhcp
> assigns my laptop .101 when plugged in.
>
> Brian
>
>
> On 1/14/2014 12:50 PM, Walter Parker wrote:
>
> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
> traffic, you will need to allow it (add rules on both
gt; So for whatever reason its not being passed to the lan.
>
>
> On 1/14/2014 1:13 PM, Walter Parker wrote:
>
> From the PFSense UI, select Firewall->NAT. Then click on the Outbound tab.
> Then select the Manual Outbound NAT rule generation radio button (this
> turns of
l. Wouldn't that cover it?
>
> Sent from my HTC
>
>
> - Reply message -
> From: "Walter Parker"
> To: "pfSense support and discussion"
> Subject: [pfSense] WAN not accepting traffic
> Date: Tue, Jan 14, 2014 8:04 pm
>
>
> You mi
You could try installing a packet sniffer and watching the traffic.
Walter
On Sun, Mar 23, 2014 at 2:38 PM, Brian Caouette wrote:
> How can this happen with only two computers powered up on the lan? Any
> way to get more details?
>
>
> On 3/19/2014 7:58 AM, Brian Caouette wrote:
>
>
>
>
> --
>From the status menu, select System Logs
>From the system logs page, click on Settings
Scroll down to Remote logging Options
Enable Remote logging
For the remote Syslog Servers, enter the address of your syslog server (any
Linux or FreeBSD server running a copy of syslog that will take outside
lo
That's what I would recommend. The VPN can serve as a second gateway to
protect the RDP from the outside world, so you could pitch this solution as
higher security method of network access.
Walter
On Thu, Mar 27, 2014 at 1:09 PM, compdoc wrote:
> > I'm not very familiar with TMG from Microsof
The big problem that I see people have that that want to do networking
based on hostnames rather than IP addresses. Such as how named virtual
hosting works on Apache. But the problem is that the hostname is translated
to an IP address on the client side and the only thing the server sees is
the IP
I upgraded my ALIX system running 2.0 to 2.1.1. The base upgrade appeared
to go fine, I got the screen that said the system was upgrading all of the
packages, but after the system restarted, none of the pacakges on the old
system were listed as installed on the new system.
But the service screen s
I'd expect that you should be able to enable SNMP, set a non default
password (please don't use public) and add a firewall rule to allow UDP on
port 161 to/from your mrtg server. I'd recommend using Cacti as your mrtg
server (if you want a FOSS solution).
Walter
On Mon, Apr 7, 2014 at 10:23 AM,
quickly
become expensive (1000's to 10,000's dollars) as the size of your network
grows.
Walter
On Mon, Apr 7, 2014 at 10:47 AM, Brian Caouette wrote:
> What is Cacti? FOSS?
>
>
> On 4/7/2014 1:42 PM, Walter Parker wrote:
>
> I'd expect that you should be a
Of *Chuck
> Mariotti
> *Sent:* April-07-14 1:04 PM
>
> *To:* pfSense Support and Discussion Mailing List
> *Subject:* Re: [pfSense] Network Traffic Monitoring w/o Webgui
>
>
>
> It's been a few years, but a simple windows version...
>
>
>
> http://oss.oetik
How about configuring the firewall to block everything and then then create
a rule that forwards/allows only port 80 and 443 to the reverse proxy
server. Configure the reverse proxy server to only support HTTP traffic (on
port 80 and using SSL on 443). Then you don't need to do DPI. I'd say you
don
a rule for each of these
> domains will be painfull after a while i assume. But on the other hand, i
> will be using this reverse proxy node as the first entry point to my DDoS
> protection network, so not sure whether DPI is a good thing here or not.
>
>
> On Sat, Apr 12, 2014 at 11:
pfSense has menu options that allow to move/create /tmp and /var in RAM.
These can be found in System>Advanced>Miscellaneous.
Then logging would be written to the RAM disk.
Note that the logs will be lost when the power goes out. You will need to
setup a scheduled job that does backups if you wis
The amd64 is for all 64 bit machines (amd64 and Intel EMT64)
The x86 is for all 32 bit machines (Intel and AMD)
According the spec sheet,
http://www.dell.com/downloads/global/products/pedge/en/2850_specs.pdf, that
is a 64 bit machine.
Note, because AMD developed 64 for the x86 first, the BSDs cal
D64. I’ve never touched an
> Itanium-driven machine.
>
>
> On May 19, 2014, at 18:06, Walter Parker wrote:
>
> The amd64 is for all 64 bit machines (amd64 and Intel EMT64)
> The x86 is for all 32 bit machines (Intel and AMD)
>
> According the spec sheet,
> http://www.d
Given than pfSense 2.1.3 uses FreeBSD 8.3 as the base OS, wouldn't
http://ftp1.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/perl5/ be
better location to use for packages?
Walter
On Wed, May 21, 2014 at 11:57 AM, Moshe Katz wrote:
> On Wed, May 21, 2014 at 2:39 PM, Florio, Christop
If you wish to learn more about how UNIX operating systems work, there are
a few pages that about what devfs does and means.
http://www.freebsd.org/cgi/man.cgi?query=devfs&sektion=5
http://en.wikipedia.org/wiki/Device_file
A very short summary is that UNIX systems use multiple mount points in th
There is a way to auto configure the proxy settings on modern browsers, so
that you don't have to manually configure them individually
WPAD and Proxy auto-config
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
http://en.wikipedia.org/wiki/Proxy_auto-config
Walter
On Wed, Jun 18,
HTTPS was designed to cause a transparent proxy to fail (that was one of
the major design goals, no third party [such as squid] could read to the
traffic). As mentioned before, to make this work, you must either drop the
requirement that the proxy be transparent (Note, explicit proxies can be
auto
I think you might have a misconception in your request. Whe you say:
>To resolve this issue I need to "mangle" forwarded IP packets by
>incrementing their TTL by 1. This would effectively hide the above
>included results. If anyone knows how to do this either through the web
>interface or throug
I disagree that this is a vulnerability/weakness. If this is truly your
only issue with the network, I'd call it good and done if you are not the
DOD/NSA.
If you are, then you need to start again with an even more secure
foundation.
Walter
On Thu, Jul 10, 2014 at 2:25 PM, Blake Cornell <
bcorn
00
>> Garden City, NY 11530 USAhttp://www.integrissecurity.com/
>> O: +1(516)750-0478
>> M: +1(516)900-2193
>> PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572
>> Free Tools: https://www.integrissecurity.com/SecurityTools
>> Follow us on Twitter: @integrissec
>>
>> O
I see a few things going on here:
>From the Netgate site, the difference between the APU1C and the APU1C4 DIY
kits is 2GB vs 4GB.
The Kits are $179 and $199 and include the board, a case and power plug.
The kit from PCEngines is just the board (I don't see any that says it
comes with a plug or a
Yes, check to make sure that the WebConsole interface (on 443) is not
conflicting with with your other rules.
Check for allow/deny rules in both Squid and pfSense to make sure that you
don't have a conflict.
On Tue, Sep 9, 2014 at 1:34 PM, Satvinder Singh <
satvinder.si...@nc4worldwide.com> wrot
To see which client is eating your bandwidth, when using Traffic Graph,
switch from WAN to LAN. Then the dynamic list of hosts will show client IP
addresses and not your link address.
On Wed, Sep 24, 2014 at 7:55 AM, Muhammad Yousuf Khan
wrote:
> Exactly this is how i learn that my whole link is
A suggestion: Null route all facebook addresses. That usually kills any
traffic. Be aware that it kills all traffic to those addresses (HTTP,
HTTPS, SMTP, POP3, DNS).
FYI, getting snotty to people that are asking for help usually turns them
off of wanting to help you...
Walter
On Wed, Sep 24,
First time I would do is make sure that you have added static IP address
reservations for those the MAC addresses using the DHCP server page for
each piece of IP gear that your children have. If you click on All Leases,
it will show you every device that has tried to get an address. You can
take th
I use imgburn to burn all of my pfSense CDs (and Windows, Linux and FreeBSD
DVDs). I second the recommendation. If you have picked the correct image,
it should boot unless there is something strange with the HP hardware. The
fact that a Windows disk boots doesn't prove that hardware isn't "strange"
I'd be a little worried about the SD card and squid, but not the current
ADD solution from Netgate.
On Nov 27, 2014 2:05 PM, "Brian Caouette" wrote:
> I've been looking at the kit at Netgate for $199 to replace my poweredge
> 2850 for pfSense. My concern is the sd/flash memory and the use of squi
If you are getting the Netgate kit, I'd suggest just getting the Intel m525
SSD that they offer. This is a modern SSD with wear leveling that keeps
software like a squid cache from burning out the drive early. It will fit
and work without having to build a custom cable and have to tape a drive to
t
too? I don't understand your comment
> about get it now before it has any issues.
>
> Brian
>
>
> On 11/30/2014 3:07 PM, Walter Parker wrote:
>
> If you are getting the Netgate kit, I'd suggest just getting the Intel
> m525 SSD that they offer. This is a modern SSD
Just thought I'd note that Paul Venezia, who does the Deep End column for
Infoworld, just gave a positive heads up to pfSense and the APU1 DIY kit
from Netgate.
http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html
Walter
--
The greatest dangers
Hi,
I just put pfSense 2.2RC on my filewall and I noticed that the PHP code
that generates the resolv.conf file will add the line "options edns0" to
resolv.conf if the the unbound config has the edns option set.
I didn't see any way in the GUI to set this option. I'm I missing
something, or has t
First, pfSense is from FreeBSD, not OpenBSD. Second xBSD uses libc by
default, not glibc. glibc is a GNU/Linux port of the libc from UNIX
systems. I wouldn't expect to see recent glibc errors in xBSD, as there are
separate code bases at the system level.
Walter
On Tue, Jan 27, 2015 at 10:45 AM,
I've used pfSense in a VM on my ESXi application server. This is mostly to
firewall the Windows VMs from the Internet.
If you want fail-over, I'd suggest getting one of the new Netgate (
http://store.netgate.com/NetgateAPU2.aspx or
http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSens
n Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt wrote:
>
> Ive ran as vm's using vmxnet3's as well as physical on these
> http://m.newegg.com/Product/index?itemnumber=16-101-837
>
>
>
> Both are viable options.
>
>
>
> Jason
>
> Sent from my iPhone
&g
In Realtime, you can use the dashboard app.
For plugins, BandwidthD and Darkstat have some information.
I've used netflow on other systems to get this sort of information, but for
pfSense you would have to setup a second box that ran the netflow
visualizer to see the traffic information from one
a "bit of programming" might
radically differ from yours :)
If I can find the time, I'll see if I can find any notes.
Walter
On Mon, Feb 16, 2015 at 2:58 PM, Volker Kuhlmann
wrote:
> On Tue 17 Feb 2015 10:33:21 NZDT +1300, Walter Parker wrote:
>
> > In Realtime, y
; On Feb 16, 2015, at 6:27 PM, Walter Parker wrote:
>
> For the real time monitor, if you switch from WAN to LAN, you can see who
> is doing spikes. For the other items, you can see how much bandwidth each
> internal IP addresses has used in one of those packages. Unless you have
> se
I had a problem like this, so I replaced the cheap converted with one
"made" by a California company (it was much nicer, real drivers and
instructions for $5 more). I got no output until I remembered that I might
need a null modem adapter. Once I added that to mix everything worked like
a charm (te
I installed it on an ALIX with a 4GB card without issues. I'd suggest
getting a serial cable so that you can see the output from the system as it
boots (make sure you a null modem cable or adapter).
Walter
On Mon, Mar 9, 2015 at 5:11 AM, Kostas Backas wrote:
> Hello,
>
> I have difficulties in
To do this, you will have to grab the sources for pfsense, then grab the
build tools, and then try building a custom version of pfSense using a
snapshot from https://www.freebsd.org/snapshots/ as the base OS rather than
FreeBSD 10.1 as the base OS.
You should also check if the person was suggestin
Using a chart like
http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf
you
can see the different /28 and /29 subnets that exist on a /24 network.
You would bind the .248/29 network to the WAN interface (use a /29 to leave
a few extra addresses).
Then you would bind an
A /32 net mask is not used for used for regular routing interfaces. It has
a specialized use, usually used for virtual interfaces. On a Cisco router,
it would be used for a loopback interface. It is sometimes used as the
subnet mask for an IP alias address on host systems (where all routing is
done
After renabling my account, I saw this email (but not the earlier emails
from today).
Walter
On Wed, Apr 8, 2015 at 11:58 AM, Mike Montgomery
wrote:
> I got the same re-enable email to my gmail account.
>
> On Wed, Apr 8, 2015 at 2:48 PM, WebDawg wrote:
>
> > Same here,
> >
> > >
> > > Viruse
Thank you.
On Wed, Apr 8, 2015 at 12:16 PM, Chris Buechler wrote:
> This should be fixed. mailer-daemon@ ended up as a list member in
> mailman, AFAICT from day one of this list, but in the past few days
> ended up being spoofed to send a couple viruses to the list. Those
> messages bounced for
There is a serverfault question about this:
http://serverfault.com/questions/380778/vmware-seems-to-throttle-scp-copies-what-can-be-the-reason?rq=1
SCP does (did) have performance problems. They fall into two groups.
First, over a WAN the internal buffer was a bit too small for high
speed (100 meg
If your network is large enough to have a monitoring package (like
Nagios), some of them support certificate checking.
Walter
On Thu, Jun 18, 2015 at 7:19 AM, Philipp Tölke wrote:
> Hi all,
>
> we use incoming OpenVPN to access some external installations. Some of those
> installations are in r
, Philipp Tölke wrote:
> Hi Walter,
>
> thanks for your answer!
>
> On 19.06.2015 01:24, Walter Parker wrote:
>>
>> If your network is large enough to have a monitoring package (like
>> Nagios), some of them support certificate checking.
>
>
> Can nagios access
The Project sells hardware: http://store.pfsense.org/hardware/
I bought small form factor routers from Netgate before and I'm happy.
http://store.netgate.com/Routers-C178.aspx
Walter
On Sun, Aug 2, 2015 at 10:04 PM, Cheyenne Deal
wrote:
> Does anyone have any recommendations for a small form
Years ago, there was a package for pfSense that graphed total bandwidth for
the Day, Month, Year using bar charts. It would show the top days with
bandwidth and total usage for the month.
It was not bandwidthD or the RRD graphs. I can't find it anymore. What was
it called and why was it removed?
the
> developer.
>
>
> > On Oct 16, 2015, at 1:11 AM, Walter Parker wrote:
> >
> > Years ago, there was a package for pfSense that graphed total bandwidth
> for
> > the Day, Month, Year using bar charts. It would show the top days with
> > bandwidth and
There is an optimization coming for pfsense. There is a new user space
routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88
Mpps). There was a BSDCon that talked about a future version of pfsense
using this system. It uses ipfw, so there a bit a work to adapt it to
pfsense.
On Tue, Feb 23, 2016 at 3:19 PM, Giles Davis wrote:
> On 19/02/2016 17:12, David Burgess wrote:
> > I'm a little surprised at your experience. A few years ago I built a
> > PFSense unit with an Intel motherboard, 1st gen Core i3 CPU, and a
> > single onboard Intel (em) GBE NIC. All routing was do
For a list of Packages in 2.3, see
https://doc.pfsense.org/index.php/Package_Port_List
For a list of packages removed from 2.3, see
https://doc.pfsense.org/index.php/2.3_Removed_Packages
Walter
On Wed, Apr 13, 2016 at 3:17 PM, Steve Yates wrote:
> I should restate/clarify that I was looking a
Hi,
I just upgraded from my old ALIX router that I brought from Netgate several
years ago (which has worked great for the past several years).
The new box is nice, it is much faster. I restored my old 2.2.5 config on
the new system and I have a few questions:
Where are the RRD graphs (I don't se
Hi,
I just plugged a small WDC USB 2.0 hard drive into my pfSense firewall as
an external, second drive and everything booted:
da1 at umass-sim1 bus 1 scbus7 target 0 lun 0
da1: Fixed Direct Access SCSI device
da1: 40.000MB/s transfers
da1: 238475MB (488397168 512 byte sectors)
da1: quirks=0x2
B
In IPv6, Link Local fe80::1:1 is like what IPv4 does when there isn't a
DHCP server (it auto assigns an address from 169.254.0.0/16 ). The IPv6 RFC
documents two ways to generate these link local address. The second method
generates addresses that are not dependent on the MAC address. Unlike the
I
You could try copying the the entries from the old XML and paste it in the
new XML file.
Walter
On Sun, May 29, 2016 at 3:32 PM, Dave Warren wrote:
> Howdy!
>
> I am looking at replacing my 2.2.something pfSense box with a fresh
> install of 2.3. Is it possible to restore just the DHCP configu
I restored from that config and things
worked just fine.
Walter
On Sun, May 29, 2016 at 4:44 PM, Dave Warren wrote:
> On 2016-05-29 17:35, Walter Parker wrote:
>
>> You could try copying the the entries from the old XML and paste it in the
>> new XML file.
>>
>
>
Not that I have seen.
I had an idea for authenticated NTP awhile back, but was waiting until I
had upgraded to 2.3 before I looked at what it would take to add. This
weekend I had the time to build a test environment, so I might try doing it
over the next few months.
Walter
On Mon, May 30, 2016
Hi,
I've be doing a bit of remodeling in the household and I noticed an
interesting issue with the temperature of the the router (an SG-2220). If I
put the router flat, it heated up to 53 Celsius (9AM mid 70's Fahrenheit
room temp). WHen I turned the router in the side, it dropped from 53 to 46
in
On Thu, Sep 1, 2016 at 3:06 PM, compdoc wrote:
> >>Coming back tonight to do memtest, SpinRite on the SSD, etc...,
>
> Spinrite on an ssd is a terrible idea. It's an ancient program thats even a
> bad idea to use on hard drives.
>
> It doesn't even work on drives larger than 1TB, because it was w
On Thu, Oct 13, 2016 at 2:40 PM, Volker Kuhlmann
wrote:
> On Wed 27 Jul 2016 13:40:16 NZST +1200, Chris Buechler wrote:
>
> > > I find this really really annoying of pfsense! Especially for headless
> > > systems. Hey, why run with only one interface and some functionality
> > > missing when one
I moved from IPCop to pfSense years ago. It was good enough then. It is
better now. Without an idea of what you customization are, we can't tell
you how many rules you might need to add to get the same functionality from
a pfSense setup.
On Tue, Nov 15, 2016 at 8:19 AM, Ryan Coleman wrote:
> I w
One thing to consider with a DNS query to mapping system is the effect of
DNS caching. Many systems now have local caches, so you will only see the
DNS lookup once. For the traffic flows. you might want to look at netflow.
It can be setup to send the data to a collector system and you will be able
I think I'm missing something simple with my Acme Client setup in pfsense.
I followed the following steps and I'm get a TSIG error (note NSUPDATE
worked when run by hand).
- dnssec-keygen -a HMAC-MD5 -b 512 -n HOST fw.sample.com
- Copy secret from Kfw.sample.com.*.key (note this secret has
Walter
On Sun, Aug 6, 2017 at 5:48 PM, Jim Pingle wrote:
> On 8/6/2017 8:03 PM, Walter Parker wrote:
> > I think I'm missing something simple with my Acme Client setup in
> pfsense.
> > I followed the following steps and I'm get a TSIG error (note NSUPDATE
> >
le.com; };
notify yes;
};
On Sun, Aug 6, 2017 at 7:05 PM, Jim Pingle wrote:
>
> On 8/6/2017 9:47 PM, Walter Parker wrote:
> > How do I get the Acme package to let me update the sample.com
> > <http://sample.com> zone, to add the host for
> > _acme-challenge.f
On Tue, Oct 10, 2017 at 12:57 PM, Doug Lytle wrote:
> >>> Or do you think I am absolutely crazy? Or maybe Just one Hardware and
> one virtual?
>
> Quite a few of my firewalls are virtualized using ESXI and have done so
> for a few years now.
>
> Doug
>
On Thu, Nov 16, 2017 at 4:22 AM, Brian Candler wrote:
> On 16/11/2017 10:30, Brian Candler wrote:
>
>> Unfortunately in the pfSense (2.4.1) GUI, I can't see a way to configure
>> this.
>>
>> I would like either:
>>
>> - an extra setting for "dynamic update zone", which is appended to the
>> nsupd
On Fri, Dec 22, 2017 at 8:25 PM, Antonio wrote:
> Hi,
>
> I'm not sure how you move traffic between the above interfaces. I was
> under the impression that all you needed was a "Default allow LAN to any
> rule" and job done. Yet i'm struggling to get devices of different
> interfaces to communica
On Wed, Jan 3, 2018 at 2:25 PM, Steve Yates wrote:
> I'm not a developer but I would think it's dependent on FreeBSD releasing
> the update, plus testing by pfSense/Netgate. However, I would think
> there's not much concern with PCs running pfSense, since raw code would not
> normally be running
Well, both Intel and AMD starting shipping the AES-NI instructions 8 years
ago...
How long does a project need to wait before it can require a feature found
on all major x64 processors? Waiting 8-9 years seems reasonable to me.
Given the fact that the project is only supporting 64-bit and suggest
this, but I fear that I will *have to* if I can't
> replace my hardware by the time support for software AES ends entirely.
>
> See:
> https://ark.intel.com/Search/FeatureFilter?productType=
> processors&SocketsSupported=LGA771&AESTech=true
>
>
> I thank you fo
rtant enough to you switch gets addressed in 2.5
> but not in 2.4 might occur (gosh that’s an awful sentence, Jim).
>
> > I understand that a lot of people are effectively threatening to switch
> > to OpnSense due to this, but I fear that I will *have to* if I can't
> > replace
Hi,
I have 2.4.2 installed on an SG-2220 from Netgate [nice box]. I just bought
a 6TB powered USB drive from Costco and it works great (the drive has its
own power supply and a USB hub). I want to use it take ZFS backups from my
home server.
I edited /boot/loader.conf.local and /etc/rc.conf.local
Forgot to CC the list.
On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker wrote:
> Thank you for the backup script.
>
> By my calculations, 2G should be enough. If I limit the ARC cache to 1G,
> that leaves 1G for applications & kernel memory. As I'm not serving the 6TB
> d
sniping or do you know
something that will cause my specific use case to fail at some point in the
future?
Walter
> On 3/1/2018 1:49 AM, Walter Parker wrote:
>
>> Forgot to CC the list.
>>
>> On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker
>> wrote:
>>
&g
1 - 100 of 103 matches
Mail list logo