Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - 2chemlud

Pages: [1] 2

On two different pfSense boxes after updating to 2.3 or 2.3.1 on all 5 DHCP servers the option "Enable static ARP entries" was UNCHECKED, although checked before on all instances.

Can anybody confirm?

kind regards


Hi I have a fresh install of 2.3 i368 full with an imported config.xml from 2.2.6, which has two IPsec tunnels configured, but disabled. Doing fine so far (even populating the firewall logs now :-D ), but the log is spammed by permanent

"unable to find ipsec daemon leases file", see below.

Any hint what to do to stop this?

Many thanx in advance!


Firewalling / 2.3 fresh install - no firewall logs...
« on: April 13, 2016, 03:21:33 am »

Downloaded 2.3 i.86 full, installed it to SSD, copied over config from 2.2.6, booted. OK, no packages, installed them manually and started looking around. No firewall logs, see pic in appendix.

But I know there are connections blocked. Pressed the "reset logs" button on the settings tab. No change. Did a reboot. No change...

Moreover, I toggled two firewall rules (port 80 and 443) from inactive to active, worked fine initially, but later the firewall forgot about it and blocked the host from reaching internet. STRANGE! Reboot didn't help, after some looking around I found the two ALLOW rules  were inactive again. 

General Discussion / OpenSSL and random numbers...
« on: April 13, 2016, 03:01:25 am »

General Discussion / New global mod in town - Not worth a message?
« on: April 09, 2016, 02:54:32 pm »
.... that there is a new, in fact a derelict global mod in town? :-(

Hardware / Openvox IPC110 not recognizing Intel 535 SSD on boot
« on: February 18, 2016, 10:00:20 am »
Hi again!

Have here an older Openvox IPC110 with Atom Z5 on board, booting fine from CF-card as well as Samsung EVO 850 SSD (which, however, does not support TRIM for pfSense).

When I try booting from a 120 GB Intel 535 SSD installation of pfSense 2.2.6 (full, i386), the SSD is not detected on booting. "Searching for primary...", end of game.

I disabled "quick boot" in the BIOS, no help. The Intel SSD boots fine in an old Dell Precision...

Any suggestions which BIOS settings might help in recognition of the SSD during boot?

Kind regards


General Discussion / Feature request - Wanna be like Cisco....
« on: February 11, 2016, 02:14:36 am »
Can we have this here too...

...pleaaaaaase, sounds absolutely cool!


I have some networks with DHCP IPv4 enabled, dynamic range defined and some static clients at the upper end of the IP range (.99.12, .99.13, .99.14), see attached. Whenever a dynamic IP is handed out, the client can not access the internet, while static clients have no problems at all.

Nothing in the firewall, simply no states are established for dynamic clients, no DNS, nothing...

DHCP and DNS / "Deny unknown clients" enabled, getting an IP anyway...
« on: January 09, 2016, 11:10:29 am »
Hi again!

Have here a box with 2.2.6 32bit full-install (no vga). Setup WAN (fiber modem), LAN and OPT1, both DHCP enabled. For the sake of completeness: The client has no wireless card, all RJ45-cable-bound...

I connected a computer (Dell notebook with opensuse 12.3 32bit) to OPT1, DHCP is on (config see pic no. 1), "Deny unknown clients is ENABLED (tried it with "Enable Static ARP entries" both checked and unchecked, makes no difference, by the way).

Was surprised to get an IP and could start networking :-O

The DHCP protocol is attached (pic no. 2).

Rebooted, tried again, same result.

Changed the HDD to an installation of Win7 pro 32 bit, same Dell notebook. Same trick works there, just the protocol looks a little different (pic no. 3).

What did I get wrong with this "Deny unknown clients" feature? Thought it keep unknown clients out of my network, first hand? Not?

Kind regards


Hardware / MSI MS-9877 - OK for SOHO pfSense with Snort?
« on: December 07, 2015, 10:42:16 am »
Hello again! :-)

Planning a new SOHO pfsense, nothing exciting, up to 100Mbit in/out, only running Snort on all interfaces (typically 3 but might be 4 after all, WAN, 3x LAN).

Is this an option?

MSI MS-9877, Atom D525 2x1,8 GHz, 4GB DDR3, 30 GB SSD

specifications of board see below...

Any known issues with the board?

Many thanks in advance for helpful reply!


General Questions / Motherborad loosing BIOS settings - battery is fresh
« on: November 21, 2015, 02:29:01 pm »
Hi again!

I'm running pfsense ( ;-) ) on an Openvox IPC110, working fine. But the CMOS battery was empty, replaced it (soldering out/in), fine. With some of these boards. But 2 of them loose the BIOS settings when powered off, even with a fresh battery.

Has anybody ANY idea what is going on here? I don't know how to solve this....

Kind regards


General Questions / DynDNS update fails - no retry
« on: October 17, 2015, 02:51:48 pm »

Had two incidences of failed updates of DynDNS service recently, most likely due to downtimes of the DynDNS server.

I learned from these cases that pfsense tries exactly ONE time to update the IP after a new IP has been obtained. Is there any possibility to make pfsense retry until it succeeds?

Would be very helpful to re-establish my tunnels... :-D

Kind regards


Installation and Upgrades / No way to download pfsense
« on: September 21, 2015, 04:04:35 am »

I wanted to make a fresh install of 2.2.4 32bit nano/serial/4GB and tried to download. All European sites are not reachable, time out etc.

For the Austin/NY site Firefox (up to date, both Linux and Win 7) does not establish a secure connection (see below), BluegrassNet also "unable to connect".

So currently no way to download pfsense?



PS: attaching .jpg is beyond the capabilities of this forum, so the error from Texas/NY is "This connection is untrusted" and "invalid security certificate"

OpenVPN / Logjam - DH and OpenVPN
« on: May 20, 2015, 02:11:12 pm »

What is the implication of this here for my OpenVPN connections:

...and what to do now? :-o

kind regards


Installation and Upgrades / Travel pfsense box - things to consider
« on: May 10, 2015, 05:17:06 am »

I think about setting up pfsense on an old norebook  with

- an 3G stick as the WAN interface
- built-in RJ45 as LAN

for traveling, as a firewall and for establishing some VPN tunnels.

First question(s):

Is the 3G setup feasible (got a noname XS stick P14 Made in China), considering drivers in  pfsense?

Do I have to remove the PIN from the SIM card or can pfsense meanwhile handle this?

Is dial-up automatically when pfsense starts up?

What is the config to absolutely minimize the "baseline" traffic via WAN?

Many thanks for any help/hints...


Pages: [1] 2