Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jimp

Pages: [1] 2 3 4 5 ... 1434
2.3.5 is listed in the GUI for updates if you have the correct update branch selected, but 2.3.6 isn't that different from 2.3.5 at the moment (or 2.3.5-p1 when that happens). You may as well just stay there for the time being.

Works fine here on Chrome 62 and FF 57, sure there aren't any ad blockers, addons, or other things there that might interfere?

Something must be up with your browser then, once you select 2.3.5 it should prompt for a file type and unlock i386. Somehow you've managed to confuse the JavaScript that controls the form.

On the main download page, same as 2.4.x.

General Questions / Re: Problem with certificate manager
« on: December 08, 2017, 02:40:03 pm »
What version are you on?

What exact settings are you putting in each field when creating the CA and certificate? Anything special about it?


You can try forcing a reinstall of the php56-simplexml package.

Code: [Select]
pkg clean -ay
pkg install -fy php56-simplexml

We don't use extensions.ini anymore, there are module-specific ini files in a common directory.

For example,  the simplexml module would be loaded from /usr/local/etc/php/ext-20-simplexml.ini

Development / Re: Testing packages
« on: December 08, 2017, 10:03:57 am »
When the package is made properly, the pkg add will perform the exact same install procedure as the GUI would.

IPsec / Re: IPsec with a transparent firewall
« on: December 08, 2017, 08:10:09 am »
That isn't going to work out of the box because there is no way for the devices on your bridged interfaces to know that the IPsec client traffic needs to return to the firewall. They will address it to their gateway and pfSense won't pick it up.

You'd have to put a static route on each device on LAN/OPT1 pointing your IPsec client subnet traffic to the firewall. If you only need to reach from IPsec to the LAN/OPT1 you might be able to workaround that with manual outbound NAT on LAN/OPT1 to translate the IPsec subnet to the firewall's IP address, but that could still have some quirks.

In short, it's difficult to tell the firewall to both not be a gateway and also be a gateway.

Then the second link for setting up OpenVPN as a Remote Access Server using the wizard is what you're after.

Installation and Upgrades / Re: SG-3100 on 2.4.1 not updating to to 2.4.2
« on: December 07, 2017, 01:28:28 pm »
Connect to the console or ssh and run option 13, or go to a shell prompt (console or ssh option 8) and run this:

Code: [Select]
pfSense-upgrade -d
If that produces any errors, post them here.

IPsec / Re: site-to-site wan traffic through site B BUT with exceptions
« on: December 07, 2017, 10:16:23 am »
Gateways and routing mean nothing to IPsec. Traffic either matches the P2 definition or it doesn't.

OpenVPN-AS is a commercial server distribution from the OpenVPN project itself, and has no relation to pfSense. The article you linked about that is for pfSense acting as a *client* connecting to a remote OpenVPN-AS instance.

The second article you linked is about setting up pfSense as an OpenVPN server itself to accept connections from remote clients.

Two completely different scenarios and roles.

What is your goal? To act as a VPN server for clients? Or something else?

IPsec / Re: Anything similar to Juniper's st interface?
« on: December 07, 2017, 09:03:21 am »
The support is there at the OS level in 2.4.x (see if_ipsec(4)) but we don't have any code to hook into it yet. No ETA though.

Captive Portal / Re: Unused Vouchers shown as expired
« on: December 07, 2017, 08:53:22 am »
I have not seen this personally but I have seen someone say it happened when they made custom shorter keys and made the bit counts lower so they could have shorted voucher codes. At some point there isn't enough randomness in the voucher codes and things get unpredictable, which is why the defaults are where they are.

If your hypervisor crashes, that is 100% a problem with your hypervisor or hardware. A problem in the guest OS should never cause the hypervisor to crash.

Pages: [1] 2 3 4 5 ... 1434