pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - robi

Pages: [1] 2 3 4
1
General Questions / System logs time interval?
« on: December 12, 2017, 01:54:53 pm »
I see that Sytem logs there's a filter functionality, but the 'Regular expression reference' doesn't contain any sensible information on how to simply filter out a time interval.
For example, I'dl like to see logs beween 2AM and 4AM. Any quick and dirty hints to check this out?

2
Packages / ACME client renewal cronjob - any logs?
« on: December 12, 2017, 01:51:31 pm »
How to prove if it ran successfully? Couldn't find any log entries related to the client renewal cron. Neither in the system logs, nor in /tmp/acme.
I'd check if this really runs as expected - certs expire in 90 days, but I really think I shouldn't need to wait that much time to confirm that the cron job actually does something.

3
Hardware / FTTH setups - connect fiber directly to pfSense
« on: June 16, 2017, 02:23:11 pm »
OK so most FTTH providers use GPON architecture to deploy the service at the customers. For the home and small business category users they give a CPE which already contains NAT functions with VoIP and TV out - this prevents the effective usage of pfSense.
The good way would be if there would be some hardware with an SFP slot in it (like a PCI card with an SFP slot), and use a GPON SFP module with it. See:
https://routerboard.com/SFPONU
http://dlink.am/mn/products/1383/1871.html
http://www.ingellen.com/c/gpon-onu-sfp_612

Another way would be to just use a GPON-Ethernet bridge:
https://www.alibaba.com/product-detail/GPON-ONU-for-fiber-to-the_1965826801.html
http://www.netsodis.com/ngn-02g
http://www.dlink.com/uk/en/service-provider-solutions/customer-premises-equipment/gpon
but it's questionable if these are really bridges, and what performance loss they include. And not talking about the extra power they need.

Anybody has experience on this?
Any PCI or PCI-E card with an SFP cage with proven working GPON stick in it?


4
On Supermicro A1SRi-2758F, using a 4GB CF card with v2.3.2 Nano 64bit freshly installed, and then upgraded to 2.3.2_1 from console (option 13).

No kernel found on the upgraded slice, no config found using the backup slice.
Took this photo through the system's IPMI.


5
OpenVPN / OpenVPN performance boost observation
« on: September 24, 2016, 10:34:12 am »
I've noticed drastic improvements on file transfers through OpenVPN, between two sites using the same Supermicro A1SRi-2758F systems, running both pfSense 2.3.2 64-bit, by just adding these lines to both client and server:

Code: [Select]
sndbuf 0;
rcvbuf 0;
fast-io;


6
General Questions / Unable to send notifications
« on: September 20, 2016, 03:36:31 pm »
On previous v2.2.x I had e-mail notifications working properly, now I upgraded to v2.3.2, and I get no more mails, but see this in the log:
Code: [Select]
/system_advanced_notifications.php: Could not send the message to xxx@xxx.xx -- Error: could not start TLS connection encryption protocol
The mail server (provided by a zimbra installation) requires STARTTLS at Secure SMTP Connection, and uses PLAIN Notification E-Mail auth mechanism.

Any idea how to fix?

7
Under new pfSense 2.3 it's impossible to assign/enable new LAN interface if previously doesn't exist. This is the case where you have a box with only one NIC, and your're trying to add VLANs to it.

When creating the new interface, it complains that a DHCP6 Server is active thus cannot be saved. But since that inteface doesn't exist yet, there's no present config on DHCPv6 page.

Detailed steps to reproduce here: https://redmine.pfsense.org/issues/6152

This used to work well on 2.2.6 and before.

8
Hello devs,
Congrats, all seems good in this new release.

I'm using a couple of FreeBSD packages independent from pfSense, like the well-known reverse proxy 'pound'. Pound hasn't got any pfSense-specific package, thus doesn't have any GUI, I used to install it manually on earlier versions with

pkg install pound (and even earlier with pkg_add)

Now what I'm seeing is:
Code: [Select]
[2.3-RELEASE][root@pfSense.localdomain]/root: pkg install pound
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Updating database digests format: 100%
pkg: No packages available to install matching 'pound' have been found in the repositories

How to add back FreeBSD official repository?

 :o

9
Installation and Upgrades / Install packages through LAN proxy
« on: November 22, 2015, 08:55:49 am »
Guys, I'm having an issue where pfSense is used as an internal network, which has no access to the internet. It just routes and firewalls some internal, industrial-purposed networks, where internet access is not needed/allowed.
However, I need some packages to install on it, and I can manage to get some temporary internet access through a host connected to one of the internal LANs behind it, by running an http proxy.

I've got in System: Advanced: Miscellaneous: Proxy support enabled an set up to the working proxy. The update checker in the dashboard uses it and correctly detects that I'm on the latest release.

But in System: Package Manager: Available Packages I still get an error message saying it's unable to download the packages list after some considerable timeout. It seems the Package Manager doesn't take into account the proxy setting specified in the Proxy support page. Only the update checker works.

Note the special case when the proxy is not seen through the WAN interface, but through one of the LANs. Could that be the cause?

10
Development / Use Network Aliases in OpenVPN configuration too?
« on: November 18, 2015, 02:33:58 pm »
Guys, do we have any chance to use the Aliases we can create in Firewall > Aliases area, in OpenVPN's configuration at Server or Client Tunnel Settings > IPv4 Local Network/s? I see that these Aliases are used not only in firewall, but also in routing and NAT functions. I wonder why not possible to do the same for OpenVPN.

There are many complex scenarios when various VPNs are set up and Aliases are used to set up correctly routing and NATting (for example creating an alias containing all the networks of the remote site, in order to handle routing and firewall rules in that direction). It would be very handy to use the Aliases the same way in OpenVPN's own config page.

Often it happens that a new network appears on one side, it is added to aliases properly everywhere, thus routes, NAT and rules apply automatically to the new network, but it has to be manually added to OpenVPN's Tunnel settings also, which is just a field containing comma separated CIDR values. I'm currently having 26 subnets separated here by commas, it's becoming a pain to overlook and also a serious place to make mistakes - while Aliases would be so much better...

Any chance to have that?

11
2.2.5 Snapshot Feedback and Issues / Gigabit PPPoE?
« on: October 16, 2015, 12:51:04 pm »
Guys, have you considered including the fix for PPPoE being handled on a single thread?
https://forum.pfsense.org/index.php?topic=100900.msg562791#msg562791
https://redmine.pfsense.org/issues/4821

It's mislabeled as "feature", while it's clearly a bug. Newest 8-core Atoms can't handle Gigabit speeds because of this...

12
NTP -> Serial GPS settings -> down the page GPS Initialization > Advanced "Show GPS Initialization commands", lots of random characters appear instead of the Initialization commands.

Select a Garmin, MediaTek, SiRF or some other GPS device to reproduce the proglem.

13
Hardware / A1SRi-2758f - no beep?
« on: July 31, 2015, 05:24:15 pm »
There's a nice beep script in pfSense which plays on the speaker when bootup is complete. Also there's a beep when somebody logs in the webgui.

But not on Supermicro A1SRi-2758f! This board is muted...
It does have an onboard speaker which works because it beeps at bios POST. But there's no beep coming out of pfSense.

I double-checked, the "Disable the startup/shutdown beep" in System: Advanced: Notifications is NOT ckecked.

14
Firewalling / Long time Configuring firewall... at boot
« on: July 31, 2015, 05:18:53 pm »
After adding an URL Table alias to the system, containing 17 FQDNs, and also using that alias in a couple of NAT rules, pfSense hangs a lot of time (minutes) during reboot at the first "Configuring firewall..." stage. There's another "Configuring firewall..." a few steps later, that goes on normally.

What did I do wrong?

Is there a timeout somewhere? Maybe it's trying to resolve the hostnames but at that time there's no network access yet through the WAN to outside?

15
Hardware / A1SRi-2758f and 2.2.4: Under 512 megabytes of ram detected
« on: July 30, 2015, 04:47:02 pm »
On my Supermicro A1SRi-2758f equipped with 4GB of RAM, running NanoBSD from a CF card,

with v2.2.4 I get "2097152K of memory above 4GB ignored" and ">>> Under 512 megabytes of ram detected. Not enabling APC." It stops after configuring the third interface, complaining that "kern.ipc.nmbclusters limit reached".

with v2.2.3 all is running perfectly; in dmesg I see this:
real memory  = 4294967296 (4096 MB)
avail memory = 4035674112 (3848 MB)
also hw.physmem: 4229382144

 :o :o :o :o :o :o :o

Something stupid with the first message at the beginning of the boot, "2097152K of memory above 4GB ignored" - the system has only 4GB, there's nothing above. What's that non-existing 2GB it's ignoring?

Pages: [1] 2 3 4