Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - bcruze

Pages: [1]
OpenVPN / Nordvpn OVPN working but unable to view Netflix, its blocked
« on: December 22, 2017, 07:36:47 pm »
it took about 3 days of trying to get nordvpn 256 abc setup and working on my sg2220.  it is working now basically following a PIA instruction but adding each IP of every machine to firewall > rules > lan.   then changing the gateway to the nord interface.       

tv has a static ip of

i went to firewall > rules > lan   

action =pass
interface =lan
address =ip4
protocol =any

source =ip of tv
destination = any

gateway = wan_dhcp.

the TV from the browser actually shows my spectrum external address NOT the nordvpn ip address.  so i know it is setup properly.  but when i log netflix  it will not load it says its blocked due to origin.    Amazon prime opens and plays just fine.      4 hours into this and i am at a total loss

any suggestions?   i have seen several youtube video's and i have followed them,  but it still does not work...

this SAME setup workings with PIA with no extra changes,   Nordvpn i can not figure this out

Nordvpn support is of no help whatsoever even from trying to get the initial setup to work.  they keep forwarding their directions that do not work at all.  i factory defaulted my unit 3 times and set it up from scratch and it did not work

Hardware / Netgate MBT-2220 in use anywhere?
« on: December 12, 2017, 09:24:31 am »
I am a home user using a SG2220 W AES NI have been VERY happy with my device

looking to replace/ have a backup device for my house.

using PIA for my connection.  Tv's go through the local gateway address for netflix/ amazon.     wondering if the MBT 2220 will be sufficient, of if i should spend the extra 100 dollars for the MBT-4220 System (

the slower processor is a slight alarm,  so i would like real life feedback from someone who has purchased one..

OpenVPN / SG 2220 with PIA strong 256 bit openvpn encryption errors
« on: December 08, 2017, 06:06:25 am »
I have been using PIA service for about a year and a few months.  the past few weeks i have been getting several interruptions of service and it leaves my home connection down until i restart the open vpn services.    here are the openvpn logs on the device:

am i actually connection at 256bit ?  the below seems to think no.   are these a reason for concern?

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'

WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'

WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'

WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

here are the settings suggested by PIA a year ago:

You may want to try the strong encryption (more info below):

Router VPN setups are by nature considerably slower than computer based ones, due to the encryption that secure VPN services utilizes. Routers typically lack the hardware capability to process the encryption in real-time, causing connection lag.

For example, you may be using a router that's considered a fairly good router by today's standards. However, even with a 700mhz processor, and 256mb of RAM, those are specs you might have seen on a high-end Windows 98/ low-end WinXP computer, 10-15 years ago. Basically, it's trying to run modern technology on hardware that can barely support it.

The only reason one should use a router based VPN setup is (a) to connect devices that do not support VPN installation (TVs, gaming consoles, etc.) or (b) to connect more than 5 devices simultaneously. If you are concerned with speed, you should avoid using a router VPN setup.

That said, I can suggest trying to tweak your MTU setting a bit; typically, if you lower it slightly, it makes it easier for the router to handle it, and in fact increases your speeds. Try reducing your MTU to around 1400 or so (pretty much any level between 1350 -1450), and hopefully it will help.

Next, please try using the following ports and protocols for your OpenVPN client:

UDP 1198
TCP 502

Please ensure the Certificate Authority field contains the ca.rsa.2048.crt certificate file from here: Download Certificate

However, if you're using the strong encryption settings "AES-256-CBC SHA256" please try the following ports and protocols for your OpenVPN client:

UDP 1197
TCP 501

For strong encryption, please ensure the Certificate Authority field contains the ca.rsa.4096.crt file from here: Download Certificate

Finally, try using an IP instead of a hostname in the Server Address field, to avoid any DNS resolution issues, which can help speed up the connection somewhat. To obtain an IP address from our servers, please open Command Prompt or a Terminal Window and type:

ping (hostname of server you want IPs for. A list of our servers can be found here:

and hit enter. You should get an IP address for the hostname you put in.

A reboot of the router may necessary to activate any changes made in your router settings.

Official pfSense Hardware / SG 2220 to Netgate MBT-2220
« on: November 07, 2017, 07:23:13 am »
has anyone moved from the SG 2220 to the slightly lower end MinnowBoard Turbot Dual Ethernet?

any reviews or links to reviews for the minnowboard are appreciated.

i've had my SG 2220 for about 2 years and looking for a backup device,  the SG has been 100% reliable and i'd like to get it that way!

Pages: [1]