Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Darkk

Pages: [1] 2
1
General Questions / 2 Factor Authenication
« on: July 26, 2016, 09:20:08 pm »
It seems 2 Factor Authentication is becoming more and more the norm to add extra layer of security.  Any plans to add something like Google Authenticatior to the admin login page pf pfSense?

2 Factor authentication with SMS is no longer desired so thinking Google Authenticatior would be better.

Thanks.

2
After I did the upgrade to 2.2.6 only one package got reinstalled.  So went to install manually I got this warning message:

 System: Package Manager help

   exclamation    The package server's SSL certificate could not be verified. The SSL certificate itself may be invalid, its chain of trust may have failed validation, or the server may have been impersonated. Downloaded packages may come from an untrusted source. Proceed with caution.

Should I be concerned about this?

I will hold off installing any packages.

3
DHCP and DNS / Assigning Static IP not working properly
« on: July 08, 2015, 03:24:23 pm »
I am using version 2.2.3 so when I created a static IP from DHCP's online list it's not removing the dynamic IP from the list.  I had to do that manually when I forced reboot on the device and restarting the DHCP services so it'll show as offline. 

Didn't have this problem before so don't know if something been changed.

Not a huge deal since I can manually remove the dynamic IP but it should be automatic.

I am assigning the IPs outside the DHCP scope.

4
Hardware / Gigabyte Intros Bay Trail J1800 Based Mini-ITX Board
« on: February 05, 2014, 10:20:56 pm »
New ITX motherboard about to be released.  Total TDP is 10 watts!


http://www.tomshardware.com/news/gigabyte-ga-j1800-d2h-motherboard-celeron,25942.html

5
Glad PfSense is getting the spotlight on this:


https://www.facebook.com/photo.php?fbid=10152186202189433&set=a.112258614432.84824.58079349432&type=1&theater

Wish there is a direct link that bypasses facebook but least it's being promoted.  Saw this on my newsfeed. :)


6
Hardware / ECS KBN-I/2100 AMD APU E1-2100 ITX board
« on: December 06, 2013, 12:13:01 am »
I've been using PfSense for several years and firm believer of this project.  I was using dual core Intel ATOM ITX motherboard by JetWay for several years and decided it's time for an upgrade.  Biggest reason for the upgrade is passive heat sink and more RAM for packages.  Did some digging around for best board that won't break the bank so I found one on newegg:

ECS KBN-I/2100 AMD E1-2100 Dual Core processor Mini ITX Motherboard/CPU/VGA Combo

http://www.newegg.com/Product/Product.aspx?Item=N82E16813135364

After rebate it's around $50 which isn't bad at all.  But had to get a new power supply combo because the original jetway case the DC-to-DC converter only supplied 20 pins instead of 24 required on the new board.  I found a very neat product that actually puts all of this directly onto the connector thus saving some space inside the case:

http://www.mini-box.com/picoPSU-150-XT-102-power-kit

It's picoPSU-150-XT + 102W Adapter Power Kit which replaced the DC-to-DC converter and power supply with a beefier setup.  Pretty easy to install after I remove the old components out of the case.

Then had to get the PCI-express riser card and dual gigabit NIC by Intel.

Took awhile to get the old stuff removed and then had to modify rear of the the case to accommodate new PCI express card since it didn't align up exactly like my old PCI cards due to different height of the riser card.  Few mins with a wire cutter was able to remove extra pieces of the metal to make room.  Pretty easy to do.

After I got all of the mix of old and new stuff together in the modified old case.  Off to fire up fresh PfSense CD to install.   Ran into an interesting quirk soon after I defined the NIC card as WAN and LAN it immediately rebooted.  This happened every time so had to fiddle around with the settings in the BIOS by turning off extra stuff I don't need.  Took awhile finally found it.  I had to disable the ACPI power management.  Soon as I did that system became very stable.  Everything else left as default in BIOS except disabled the onboard LAN which is by Realtek and didn't seem to recognize it.  No big deal since it's not a great network card to begin with.

Then after reading around the forums about this type of APU processor I noticed somebody mentioned about AES-NI feature.  It was disabled by default in PfSense so I turned it on and reboot.  Behold got this in the log (yay!):

kernel: aesni0: <AES-CBC,AES-XTS> on motherboard

So far it's been running great.  Performance-wise it's a little better over the dual core ATOM 1.6Ghz.  But like the idea the new processor runs alot cooler and low power consumption.

Below is what I am using:

AMD E1-2100 APU with Radeon(TM) HD Graphics
Current: 400 MHz, Max: 1000 MHz
2 CPUs: 1 package(s) x 2 core(s)

4 Gigs of RAM PC12800 but running as 1066 which is fine.


2.1-RELEASE (amd64)
built on Wed Sep 11 18:17:48 EDT 2013
FreeBSD 8.3-RELEASE-p11

Enjoy!



7
Hardware / Linksys / Cisco WUSB600N in PfSense 8.1 build
« on: January 01, 2013, 01:26:32 pm »
Looking through some old threads going far back as 2009.  Will this Linksys / Cisco WUSB600N ever be supported in PfSense 2.0.2 or later?  If not what is a good wireless-N USB stick I can use that works well?

http://forum.pfsense.org/index.php/topic,13964.msg74334.html#msg74334

Thanks.

Running:

2.0.2-RELEASE (amd64)
built on Fri Dec 7 22:39:43 EST 2012
FreeBSD 8.1-RELEASE-p13

8
OpenVPN / OpenVPN 2.2.1 -- released on 2011.07.06
« on: February 21, 2012, 01:55:33 am »
Seems OpenVPN 2.2.1 been out for awhile and the current version of PfSense 2.0.1 does not have this.  Any idea when it'll be updated?

https://www.openvpn.net/index.php/download/community-downloads.html

Thanks,
Darkk

9
Hardware / Install PfSense 2.0 on Sonicwall TZ180 or NSA 3500?
« on: August 09, 2011, 12:03:22 pm »
I am curious if anybody had any luck installing PfSense on the Sonicwall TZ180 device?  It's a solid piece of hardware just wanted to get rid of their crappy firmware.

I'd imagine the NSA 3500 would be easier since it's almost like WatchGuard's.

Darkk

10
DHCP and DNS / Decent Dynamic DNS service
« on: July 16, 2011, 02:14:03 pm »
I've googled around for this but different answers.  Figured I ask you guys for PfSense 2.0

I am based in USA and looking to use Dynamic DNS service for OpenVPN and IPSec.  I have Comcast cable and my IP would change once every few months.  Not big deal to update the IPSec info but for OpenVPN and if I am on the road I have a problem. 

I see over a dozen hosts to choose from but wondering which one is reliable with PfSense 2.0? I don't mind for either free or pay service.

DynDNS seems to always come up but I read in the forums if they don't receive an update for over 30 days the account will expire?  Situations like that I would like to avoid.  FreeDNS looks cool but don't know how reliable they are as hard drives of theirs seems to fail every month due to over subscribing their service?  NameCheap seems new?

Thanks.

Darkk

11
I haven't touched DHCP in ages

Current build:    2.0-RC3 (i386)
built on Fri Jul 8 19:24:31 EDT 2011

When editing the LAN's DHCP I get this error:

The following input errors were detected:

    The gateway address does not lie within the chosen interface's subnet.

I normally leave the gateway entry blank as I figured it will pull the default gateway info on it's own.   Has this changed?  For now I put in the gateway IP and working fine.

This happened when I was trying to add a static IP mapping which brought me to that error on the page.

Thanks,
Darkk

12
I spent a couple of weeks trying to get the OpenVPN to work with road warriors.  I searched and googled this and that.  Turns out for whatever reason old settings in the config.xml remains after I deleted the OpenVPN.  

So basically I deleted all certs and users that pertains to OpenVPN, deleted the OpenVPN, deleted the firewall rules for it and uninstalled the client export package.  Then went into the config.xml and deleted remnants of the settings.  Then installed the OpenVPN Client export package and used the wizard to set things up.  Once I did that everything worked fine except for revoke cert issue which is an easy fix by creating a dummy cert and then revoke it.

Yes I searched all over the fourms and no matter what I did it never fixed the problem.  It would have been nice the settings in config.xml actually clear itself after purging the OpenVPN so I can use the defaults.

Just wanted to pass the info along if you guys are still having issues with it.

2.0 looks awesome!

Darkk

13
I get this on my PfSense 2.0 console screen whenever it first makes a IPsec connection:

WARNING: pseudo-random number generator used for IPsec processing

Should I be concerned about it or it's just largely cosmetic? 

I am using the 2.0-RC1 (i386) built on Mon Mar 28 16:37:49 EDT 2011 snapshot but been seeing this for a month or so now with previous snapshots.

Darkk

14
For some reason if I use any snapshots after built on Wed Aug 12 08:40:28 EDT 2009 my cpu would always peg at 100%.  No matter what I do it'll always stay at 100%.  So when I revert back to this built on Wed Aug 12 08:40:28 EDT 2009  snapshot CPU goes back to normal with no changes.

I tried disabling the add-ons with no avail. 

Any ideas?

Darkk

15
Well, since I've used the 1.2.3 RC2 snapshot a couple of weeks ago and it borked the ability to receive the updates I had to start over.  I made a backup of the settings and did a complete re-install using the latest snapshot this morning which is  1.2.3-RC2 built on Sat Jul 18 20:43:43 EDT 2009 FreeBSD 7.2-RELEASE-p2 i386.  Lucky the restore of the settings made things less painful.  Although I wasn't too happy that I wasn't able to save the logs but no biggie tho.  I know I can copy the log folders and etc but too lazy to deal with it.  Besides, starting over from scratch ensures me things will work correctly.

The latest snapshot seems to work fine but then again I only got it running for half a day so far.  

Great work guys in fixing the problems with the earlier snapshots! :)

Darkk

Pages: [1] 2