pfSense Support Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - GruensFroeschli

Pages: [1] 2 3 4 5 ... 383
Gaming / Re: Freelancer Server UDP 2302
« on: Today at 02:36:23 am »
mibtech, please take a look at the link in my signature, and start over ;)

Wireless / Re: EAPOL Key Timeout
« on: January 18, 2018, 01:53:06 am »
I tend to agree with johnpoz.

If you want to continue to debug this:
Log in via SSH, kill the hostapd process and start it again by hand.
Add -ddd as argument, to get more debug output.

I do know that with multiple virtual interfaces, in certain combination the EAPOL frames are sent on the wrong interface.

Wireless / Re: EAPOL Key Timeout
« on: January 17, 2018, 07:39:55 am »
Since you're on _wlan3, are you using multiple virtual BSSIDs?
Which frequency are you using?
Are you on a DFS channel?

Wireless / Re: EAPOL Key Timeout
« on: January 17, 2018, 07:39:12 am »
Obfuscating MAC addresses?

Wireless / Re: EAPOL Key Timeout
« on: January 17, 2018, 07:10:58 am »
11:11:11:11:11:11 is a multicast address
Don't use this for anything ever unless you know what you are doing.

General Questions / Re: Suggestion: Two Improvements to Pfsense
« on: January 15, 2018, 12:56:47 am »
You may also want to consider setting up the LAN as a bridge by default.  If you have only one LAN port, then the bridge will only have a LAN connection on it.  This will make it an order of magnitude faster to add LAN ports after the fact.

Bridge in pfSense is discouraged, as it is software based and lacks performance in comparision to a switch. So making this a default is quite stupid.

There has to be some way for Pfsense to have the same performance as a switch when the equipment it is installed on has multiple ethernet ports.

You're comparing apples with oranges.
One is a general purpose PC.
The other is an ASIC.

General Questions / Re: Is this ethernet port setup possible?
« on: January 15, 2018, 12:53:03 am »
I assume you're still trying to workaround this:
You'd get better responses if you'd actually described what you want to achieve instead of asking for random nonsense snippets.

Read the link in my signature, and describe your problem accordingly.

Hardware / Re: Off the shelf box < $300
« on: January 14, 2018, 02:21:35 pm »
I can sympathize with OP's challenge. Why do people think that everything needs to be 100% secure when I recon majority of VPN users only actually need a bit of obfuscation or proxy...

As for solution - I have been advised to try something different - wireguard (which pfsense unfortunately doesn't support yet). Your router supports LEDE, so you can try wireguard client on that ( if you can find a server). it's supposedly 4-5 times more perfomant than openvpn...
If you don't need security, then don't use a VPN.
If all you need is a normal tunnel, then use one.

General Questions / Re: Port Forwarding and 802.1X
« on: January 13, 2018, 03:17:29 am »
A port forward needs the frames to be TCP or UDP (ethertype 0x0800 for IPv4, 0x86DD for IPv6).
No other protocol has ports.

EAPOL frames are a L2 protocol with ethertype 0x888E which is NOT based on IP.

Routing and Multi WAN / Re: gateway tier priority backwards?
« on: January 05, 2018, 03:13:38 pm »
As Derelic already pointed out: The Loadbalancer balances connections, not traffic.

How do you know that your clients are actually creating new connections all the time?
Those 2.52/4.18 GiB you see on VPN B#1 could be from a single connection.

General Questions / Re: traceroute not working on linux
« on: January 04, 2018, 05:20:32 pm »
You don't happen to do something strange and created a rule which blocks ICMP?

NAT / Re: mask IP:port pairs as a dummy IP
« on: January 02, 2018, 02:38:25 pm »

In such a scenario i guess you can't use split DNS, thus have to go the NAT reflection route.

I suggest you set up "Method2: split DNS" since it is the cleaner solution to your problem.

As for the port to run the webinterface on:
System --> Advanced
allows you to configure which protocol and which port to run the webinterface.
Best is to set it to https.
If you need port 443 to be forwarded, set the webinterface to something else as well (8443 is a port i often see in such a scenario).

DHCP and DNS / Re: force client get ip with /32 subnet in dhcp server
« on: December 30, 2017, 03:02:32 am »
If your usecase is an AP which doesn't have the option for client isolation, then this will not help you.
All the other clients will still be able to get the traffic you want to isolate.

You're trying to implement an L3 solution for an L2 problem.
The only solution is to get an AP which allows you to configure client isolation.

Pages: [1] 2 3 4 5 ... 383