Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - deadmalc

Pages: [1]
Official pfSense Hardware / SG-1000 and suricata
« on: October 14, 2017, 10:05:17 am »
I've just enabled suricata on my SG-1000 at home.
I was expecting to have to factory reset it due to the load, however it performs fine.
I'm really surprised.
I only have a max of 80MBit download and 10Mbit upload, although it does seem to clobber it quite a lot it doesn't affect speedtest.
Also ping times are still 1ms (Fibre)
I have only enabled it at the default set, so no real tweaking done.
I'm not really sure it's of any use at home to be honest, but it's a bit of fun.
Has anyone else given it a go since it turned up for the SG-1000?

OpenVPN / Site2Site VPN debugging
« on: May 18, 2017, 12:46:21 pm »
I've setup a site2site vpn.
It connects fine.
The routes show on both (PFSense) firewalls fine.
From the LAN either side (or firewall to other LAN) I cannot ping on the other side.
traceroute doesn't show anything.
I've even tries any/any rules to the LAN and openvpn on both sides.
I have remote connection vpns working fine, to both firewalls.
The only thing left is using a remote connection and manually adding nat's and routes.
Not something I want to do really, but I'm at a loss.

I've checked the docs and it matches up OK.
This is SG-1000 (2.4) to 2.3.x

2.4 Development Snapshots / Losing wan causes high load
« on: May 09, 2017, 03:04:40 pm »
For some reason I've yet to work out, possibly ISP related I lose my WAN port link every so often.
When it goes pfsense (SG-1000) becomes unresponsive, the load continually climbs and the web interface becomes unresponsive until the WAN port (and pppoe) comes back and the load also drops.
Is anyone else seeing this?

2.4 Development Snapshots / reroot not working and causing fsck
« on: March 15, 2017, 04:19:24 pm »
On an SG-1000, I've been having weird problems the last few nights,
(There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads
  • :

PF was wedged/busy and has been reset.
I think this was possibly down to a wlan interface being removed.
anyway...after cleaning up I thought I'd update the FW as well.

To install the firmware update I needed to reboot as DNS totally died along with other things (the GUI was unavaliable)
So I rebooted from the console, thought I'd try reroot:

Enter an option: 5

pfSense will reboot. This may take a few minutes, depending on your hardware.
Do you want to proceed?

    Y/y: Reboot normally
    R/r: Reroot (Stop processes, remount disks, re-run startup sequence)
    Enter: Abort

Enter an option: r
bla bla....

U-Boot SPL 2016.03 (Dec 28 2016 - 11:09:45)
Trying to boot from MMC
Card doesn't support part_switch
MMC partition switch failed
*** Warning - MMC partition switch failed, using default environment

bla bla bla reboots:
WARNING: / was not properly dismounted
warning: no time-of-day clock registered, system time will not be set accurately
Configuring crash dumps...
No suitable dump device was found.
** SU+J Recovering /dev/ufsid/58480ee2a77beec6
** Reading 7503872 byte journal from inode 4.
** Building recovery table.
** Resolving unreferenced inode list.
** Processing journal entries.
** 193 journal records in 18432 bytes for 33.51% utilization
** Freed 43 inodes (3 dirs) 7 blocks, and 46 frags.


Everything is back and normal, but if the system doesn't support reroot it would be better not to offer it as an option.
But even if there is dying and forcing an fsck isn't what I would expect.

Is this a bug?

General Questions / Upgrade to 0.20!
« on: March 07, 2017, 01:30:36 pm »
Current Base System 2.3.3
Latest Base System 0.20
(On the stable branch)

Seems a little strange!

Packages / acme/letsencrypt with sftp webroot
« on: February 05, 2017, 08:05:31 am »
I'm using an sftp webroot.
I can sftp from PFSense to the server with the credentials entered.
However it gives this:

Fatal error: Using $this when not in object context in /usr/local/pkg/acme/ on line 553

Call Stack:
0.0001 233600 1. {main}() /usr/local/pkg/acme/
0.0398 10234696 2. pfsense_pkg\acme\challenge_response_cleanup() /usr/local/pkg/acme/

PHP ERROR: Type: 1, File: /usr/local/pkg/acme/, Line: 553, Message: Using $this when not in object context[Sun Feb 5 13:53:03 GMT 2017] xxxxx:Verify error:Invalid response from http://xxxxxxx/.well-known/acme-challenge/BjwthyFk4OS51Kd8HELz5D0DSuXpd-7z6aNMP1jOzjw:
[Sun Feb 5 13:53:03 GMT 2017] Error rm webroot api for domain:pfSenseacme
[Sun Feb 5 13:53:03 GMT 2017] Please check log file for more details: /tmp/acme/xxxx/acme_issuecert.log

The log simply shows that acme didn't verify, which given it's not put the challenge on the server is not a surprise.
There is no entry to show even an attempt to sftp the challenge to the server.

Has anyone else tried this, or should I raise a bug report.

Hardware / ARM port
« on: March 01, 2012, 04:46:15 pm »
I've done a search on the forum for arm support, and can't find anything.
I'm really interested in this, and I have a spare guruplug (changed my router to a dreamplug) and I've ordered a raspberry pi as well. (pi would have to be a dodgy usb ethernet for secondary ethernet....:-( )
Assuming there isn't already a port, is it just a case of using the same version of freebsd as pfsense and compiling it all together?
I figure using a vm is the best way to start this off?
Ideas and suggestions very welcome.



Pages: [1]