Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - pbnet

Pages: [1]
1
Packages / Can we run Squid both as a proxy and as a reverse proxy ?
« on: January 31, 2018, 02:21:08 am »
I want to start configuring a reverse proxy on PFSense to replace my aging Microsoft TMG.
Can I run both Squid Proxy (forward proxy) and Squid Reverse Proxy ? Or do you guys recommend a different reverse proxy ?

Thanks,
Andy.

2
IPv6 / Monitoring IPv6 WAN logs
« on: January 14, 2018, 09:12:13 am »
Hello,

I have native IPv6 from my ISP assigned though PPPoE with Prefix Delegation (they assign a /64).
This week the ISP upgraded the firmware on the ONT providing the connection and so far I encounter the following issue:
- PFSense WAN interface periodically loses its IPv6 IP.
First I suspected a port flap or something, but the uptime of the interface is in the range of days.

Is there a way I can find in PFSense logs when the interface lost its IPv6 address ?

Thanks a lot,
Andy

3
pfBlockerNG / DNS Whitelist
« on: January 08, 2018, 02:58:42 am »
Hello,

I've configured PFBlockerNG on my PFSense box and just noticed that the ASUS Download page doesn't allow me to download drivers anymore.
If I look in the DNSBL logs, I see:
DNSBL Reject HTTPS,Jan 08 10:57:35,etrk.asus.com

is there a way I can whitelist this FQDN in DNSBL ?

Thanks a lot for all your help and support.

Best regards,
Andy

4
Hardware / Dell R710 Port Flapping
« on: December 21, 2017, 08:09:50 am »
Hello,

I have a DELL R710 server (with 4 Broadcom NICs) running PFSense 2.4.2-RELEASE-p1 and experience port flapping on the NIC port assigned to VLAN1.
The setup is the following:

- bce0 --> WAN over PPPoe
- bce1 --> unused
- bce2 --> LAN (VLAN1) --> connected to a cisco SG200-26 Switch
- bce3 --> LAN (VLAN10) --> connected to the same cisco switch.

Randomly, port bce2 starts flapping for a couple of seconds. Sometimes it doesn't even recognize the LAN cable that is plugged in.

I've followed this article: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards and created the loader.conf.local file in /boot:

kern.ipc.nmbclusters="131072"
hw.bce.tso_enable=0
hw.pci.enable_msix=0

The issue is less frequent, but still occurs.

I've tried connecting the LAN to a 100Mbps cisco switch (Old Catalyst) and the problem doesn't seem to occur.

Can anyone give me some advice ?

Thanks,
Andy

5
DHCP and DNS / Limit AAAA name resolution for specific hosts
« on: December 11, 2017, 12:38:37 am »
Hello,

I have an O365 subscription with Microsoft, and Skype for Business 2016 is not connecting when using a dual-stack machine (aka IPv4 and IPv6).
After 4 months of troubleshooting with Microsoft, they still have no clue on how to fix the issue, and, honestly, I'm getting tired on troubleshooting by myself.
Is there a way I can limit the AAAA resolution for Webdir.online.lync.com so that the name could only be resolved on IPv4?
Did anyone done such a limitation on PFSense 2.4.2 ?

Thanks a lot,
Andy.

6
IPv6 / IPv6 on 2VLANs
« on: October 31, 2017, 06:13:14 am »
Hello,

I'm trying to get IPv6 from my ISP on both VLANs I have.
Here's the setup:
- custom made PFSense 2.4.1 box with 2NIC
- NIC 1 --> Connects to the ISP via PPPoe on IPv4 and DHCP6 on IPv6, IPv6 prefix delegation /64. It requests an IPv6 prefix though the IPv4 connectivity link
- NIC 2 has 2 VLANS:
VLAN1: IPv4: Static IPv4; IPv6: Track Interface WAN with IPV6 prefix ID: 0
VLAN2: IPv4: Static IPv4; IPv6 --> here I need you guys help, since I cannot use the same prefix ID, and the PFSense GUI does not allow me to change the prefix ID to anything else than 0 which is already being used.

For the moment I have IPv6 on VLAN1, but not on VLAN2.

Thanks for all your help.

Andy.

7
Hello everybody,

I've just upgraded from 2.3.4 to 2.4.0 and now I've noticed that my OpenVPN iOS 11 client cannot connect to the VPN anymore.
Nothing was changed on the PFsense or Iphone part.

Here's what I have in the PFSense OpenVPN status:


Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954240) Sat Oct 14 07:10:40 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:9163 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954250) Sat Oct 14 07:10:50 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:14458 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954250) Sat Oct 14 07:10:50 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:14458 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1507954250) Sat Oct 14 07:10:50 2017 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Oct 14 07:10:54   openvpn   83939   109.166.133.171 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:109.166.133.171:14458 (via ::ffff:188.26.94.94%pppoe1)
Oct 14 07:10:54   openvpn   83939   109.166.133.171 peer info: IV_GUI_VER=net.openvpn.connect.ios_1.1.1-212
Oct 14 07:10:54   openvpn   83939   109.166.133.171 peer info: IV_VER=3.1.2
Oct 14 07:10:54   openvpn   83939   109.166.133.171 peer info: IV_PLAT=ios
Oct 14 07:10:54   openvpn   83939   109.166.133.171 peer info: IV_NCP=2
Oct 14 07:10:54   openvpn   83939   109.166.133.171 peer info: IV_TCPNL=1
Oct 14 07:10:54   openvpn   83939   109.166.133.171 peer info: IV_PROTO=2
Oct 14 07:11:12   openvpn   81622   WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional (or --client-cert-not-required) may accept clients which do not present a certificate
Oct 14 07:11:12   openvpn   81622   OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 8 2017
Oct 14 07:11:12   openvpn   81622   library versions: OpenSSL 1.0.2k-freebsd 26 Jan 2017, LZO 2.10
Oct 14 07:11:12   openvpn   81721   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 14 07:11:12   openvpn   81721   TUN/TAP device ovpns1 exists previously, keep at program end
Oct 14 07:11:12   openvpn   81721   TUN/TAP device /dev/tun1 opened
Oct 14 07:11:12   openvpn   81721   do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Oct 14 07:11:12   openvpn   81721   /sbin/ifconfig ovpns1 172.16.0.1 172.16.0.2 mtu 1500 netmask 255.255.255.0 up
Oct 14 07:11:12   openvpn   81721   /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 172.16.0.1 255.255.255.0 init
Oct 14 07:11:12   openvpn   81721   Could not determine IPv4/IPv6 protocol. Using AF_INET6
Oct 14 07:11:12   openvpn   81721   setsockopt(IPV6_V6ONLY=0)
Oct 14 07:11:12   openvpn   81721   UDPv6 link local (bound): [AF_INET6][undef]:34447
Oct 14 07:11:12   openvpn   81721   UDPv6 link remote: [AF_UNSPEC]
Oct 14 07:11:12   openvpn   81721   Initialization Sequence Completed
Oct 14 07:11:52   openvpn   81721   109.166.133.171 peer info: IV_GUI_VER=net.openvpn.connect.ios_1.1.1-212
Oct 14 07:11:52   openvpn   81721   109.166.133.171 peer info: IV_VER=3.1.2
Oct 14 07:11:52   openvpn   81721   109.166.133.171 peer info: IV_PLAT=ios
Oct 14 07:11:52   openvpn   81721   109.166.133.171 peer info: IV_NCP=2
Oct 14 07:11:52   openvpn   81721   109.166.133.171 peer info: IV_TCPNL=1
Oct 14 07:11:52   openvpn   81721   109.166.133.171 peer info: IV_PROTO=2

Could anybody give me a hint on what should I do ?

Thanks a lot,
Andy

8
Hello everybody,

I would need some help achieving my goal.
I'm currently trying to migrate from a Microsoft TMG2010 Setup to using PFSense with HA-PROXY as reverse proxy.
So far, I managed to make it work when accessing an Apache server on the backend, but I get "HTTP 503" when trying to access some SharePoint backends.

I followed this tutorial:  https://blog.briantruscott.com/how-to-serve-multiple-domains-from-a-single-public-ip-using-haproxy-on-pfsense/

So, here are some details:

OLD Setup:
Internet --> PFSense with NAT --> TMG2010 --> SharePoint Server

NEW Setup:
Internet --> PFSENSE with HAPROXY --> SharePoint Server.

Here is the HAPROXY configuration

# Automaticaly generated, dont edit manually.
# Generated on: 2017-07-16 11:40
global
   maxconn         10
   stats socket /tmp/haproxy.socket level admin
   gid         80
   nbproc         1
   chroot         /tmp/haproxy_chroot
   daemon
   server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
   bind 127.0.0.1:2200 name localstats
   mode http
   stats enable
   stats refresh 10
   stats admin if TRUE
   stats uri /haproxy/haproxy_stats.php?haproxystats=1
   timeout client 5000
   timeout connect 5000
   timeout server 5000

frontend SharedFrontEnd-merged
   bind         WANIP:80 name WANIP:80   
   mode         http
   log         global
   option         http-keep-alive
   option         forwardfor
   acl https ssl_fc
   http-request set-header      X-Forwarded-Proto http if !https
   http-request set-header      X-Forwarded-Proto https if https
   timeout client      30000
   acl         SPS2016Blog   hdr(host) -i blogspsext.domain.net
   use_backend LookingGlass_http_ipv4  if  LG
   use_backend SPS2016_http_ipv4  if  SPS2016
   use_backend SPS2013Blog_http_ipv4  if  SPS2016Blog

backend SPS2013Blog_http_ipv4
   mode         http
   log         global
   timeout connect      30000
   timeout server      30000
   retries         3
   source ipv4@ usesrc clientip
   option         httpchk OPTIONS /
   server         SPSBLOG 172.17.77.253:80 check inter 1000

Thanks a lot for any help provided.

9
In PFSense 2.3 after the upgrade, I get this warning on the login screen:

Warning: date(): Invalid date.timezone value 'J
.J▒', we selected the timezone 'UTC' for now. in /etc/inc/globals.inc on line 91

To solve it, I edited the line 91

 "product_copyright_years" => "2004 - ".date("Y"),

Is that OK or do I risk breaking something ?

Thanks.

10
Cache/Proxy / After upgrading to 2.3 Squid Service won't start
« on: April 13, 2016, 01:00:16 pm »
After upgrading to PFSense 2.3 SQUID service doesn't start anymore.
Here are the logs:

Date-Time   Message
01.01.1970 02:00:00   
01.01.1970 02:00:00   
01.01.1970 02:00:00   
01.01.1970 02:00:00   
01.01.1970 02:00:00   
13.04.2016 21:01:21   Service Name: squid
13.04.2016 21:01:21   Starting Squid Cache version 3.5.16 for amd64-portbld-freebsd10.3...
01.01.1970 02:00:00   
01.01.1970 02:00:00   
01.01.1970 02:00:00

I've tried reinstalling the package, but the problem persists.

Thanks for any clue on how to solve this.


11
OpenVPN / OpenVPN with smartcard login
« on: September 14, 2013, 01:24:43 pm »
Hello,
I'm trying to configure PFSense's OpenVPN in order to be able to login using smartcards.

Setup
Hardware + Software
PFSense 2.1 DEV (built on Fri Nov 25 14:30:42 EST 2011)
OpenVPN 2.2 + OpenSC -0.12.2-win64 (on Windows 8.1 PRO)
Smartcard reader: http://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=ACR38
PKI Smartcard: http://www.ftsafe.com/product/smartcard/pkicard

Software Configuration
OpenVPN on PFSense was setup using the following walkthrough: http://www.youtube.com/watch?v=VdAHVSTl1ys
Then I exported the client configuration from "client export" and I got the following files:

pbnet-udp-34447-pbnetvpn-tls.key
pbnet-udp-34447-pbnetvpn.ovpn
pbnet-udp-34447-pbnetvpn.p12

I've initialized the smartcard using PKCS15 format like below:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-init -E
Using reader with a card: ACS CCID USB Reader 0

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-init -C --profile pkcs15+onepin --pin 1234 --puk 123456 --label "Andrei"
Using reader with a card: ACS CCID USB Reader 0

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-init -S C:\cert\client.p12 -f PKCS12 -a 01
Using reader with a card: ACS CCID USB Reader 0
Importing 2 certificates:
  0: /C=RO/ST=Bucharest/L=Bucharest/O=PBNET/emailAddress=noc@xxxx/CN=pbnetvpn
  1: /C=RO/ST=Bucharest/L=Bucharest/O=PBNET/emailAddress=noc@xxxx/CN=OpenVPNCA
User PIN [User PIN] required.
Please enter User PIN [User PIN]:
C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe --list-certificates

Using reader with a card: ACS CCID USB Reader 0
X.509 Certificate [/C=RO/ST=Bucharest/L=Bucharest/O=PBNET/emailAddress=noc@xxxxx/CN=pbnetvpn]
        Object Flags   : [0x2], modifiable
        Authority      : no
        Path           : 3f0050153100
        ID             : 465e190a5f54b0a45afe3290e7e2dffc780e5d2f
        GUID           : {465e190a-5f54-b0a4-5afe-3290e7e2dffc}
        Encoded serial : 02 01 01

X.509 Certificate [/C=RO/ST=Bucharest/L=Bucharest/O=PBNET/emailAddress=noc@xxxxx/CN=OpenVPNCA]
        Object Flags   : [0x2], modifiable
        Authority      : yes
        Path           : 3f0050153101
        ID             : 08b45a94208eb14d679d85c24ae027750663a420
        GUID           : {08b45a94-208e-b14d-679d-85c24ae02775}
        Encoded serial : 02 01 00


C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool --list-keys
Using reader with a card: ACS CCID USB Reader 0
Private RSA Key [Private Key]
        Object Flags   : [0x3], private, modifiable
        Usage          : [0x10E], decrypt, sign, signRecover, derive
        Access Flags   : [0x0]
        ModLength      : 2048
        Key ref        : 1 (0x1)
        Native         : yes
        Path           : 3f005015
        Auth ID        : 01
        ID             : 465e190a5f54b0a45afe3290e7e2dffc780e5d2f
        GUID           : {465e190a-5f54-b0a4-5afe-3290e7e2dffc}

Now comes the problem:

When connecting to the OpenVPN server using username/password everything works fine by using the following OpenVPN config file:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote myserverip 34447 udp
tls-remote pbnetvpn
auth-user-pass
pkcs12 pbnet-udp-34447-pbnetvpn.p12
tls-auth pbnet-udp-34447-pbnetvpn-tls.key 1
comp-lzo

I've tried to build an OpenVPN config file (See below) in order to connect using a SmartCard:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
tls-client
client
remote myserverip 34447 udp
ca ca.crt
tls-remote pbnetvpn
pkcs11-providers c:\\windows\\system32\\opensc-pkcs11.dll
pkcs11-id 'EnterSafe/PKCS\x2315/0370293916270713/Andrei\x20\x28User\x20PIN\x29/465E190A5F54B0A45AFE3290E7E2DFFC780E5D2F'
#pkcs12 pbnet-udp-34447-pbnetvpn.p12
tls-auth pbnet-udp-34447-pbnetvpn-tls.key 1
comp-lzo

and I get the following results:

C:\Program Files\OpenVPN\bin>openvpn.exe --config pbnet-SC-34447-pbnetvpn.ovpn
Thu Sep 12 21:13:32 2013 DEPRECATED OPTION: --tls-remote, please update your configuration
Thu Sep 12 21:13:32 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO]
[PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Thu Sep 12 21:13:32 2013 PKCS#11: Adding PKCS#11 provider 'c:\windows\system32\opensc-pkcs11.dll'
Thu Sep 12 21:13:34 2013 Control Channel Authentication: using 'pbnet-udp-34447-pbnetvpn-tls.key' as a OpenVPN static key file
Thu Sep 12 21:13:34 2013 UDPv4 link local (bound): [undef]
Thu Sep 12 21:13:34 2013 UDPv4 link remote: [AF_INET]x.x.x.x:34447
Enter Andrei (User PIN) token Password:
Thu Sep 12 21:14:34 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Sep 12 21:14:34 2013 TLS Error: TLS handshake failed
Thu Sep 12 21:14:34 2013 SIGUSR1[soft,tls-error] received, process restarting
Thu Sep 12 21:14:36 2013 UDPv4 link local (bound): [undef]
Thu Sep 12 21:14:36 2013 UDPv4 link remote: [AF_INET]x.x.x.x:34447

Any help or suggestion would be greatly appreciated.



12
Hello,

I actually have:
PFSense 2.1-DEVELOPMENT (i386)
built on Fri Nov 25 14:30:42 EST 2011
FreeBSD 8.1-RELEASE-p6

and I was trying the new 2.1 RC0 build:

2.1-RC0 (i386)
built on Sat Jun 8 06:42:11 EDT 2013
FreeBSD 8.3-RELEASE-p8


When configuring WAN/LAN for the settings required by my ISP (which offers IPv4 and IPv6 via PPPoE and DHCPv6-PD ((RFC 3769) I found the following changed from DEV to RC0 and was wondering how can I configure PFSense to achieve the same results I now have on 2.1DEV.

Settings on 2.1 DEV:



Settings on 2.1 RC0:



Observe the missing DHCPv6 Unique Identifier (DUID) from the WAN settings on the RC0 build.

On the LAN side, it gets even more different:

Settings on 2.1 DEV:



Settings on 2.1 RC0:



Please note the missing DHCPv6 Prefix Delegation ID <ID> This ID sets the delegated DHCP-PD prefix number which will be used to setup the interface.

Is there any other way to configure this ?

I've managed to make the connection work also with a cisco 881, but would still want to use PFSense.

If it helps, here is the config on the cisco:

ipv6 unicast-routing
ipv6 cef
!
vpdn enable
!
vpdn-group pppoe
# WAN Interface
interface FastEthernet4
no ip address
ipv6 nd ra suppress
duplex auto
speed auto
pppoe-client dial-pool-number 1 service-name "ipv6test"
no cdp enable
!
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ipv6 address dhcp
ipv6 dhcp client pd DH-PREFIX # here we set the prefix
ppp pap sent-username <USER> password 7 <PASS> # my PPPoE user/pass
no cdp enable
# interfata LAN
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
ipv6 address DH-PREFIX 0:0:0:1::/64 eui-64 # ISP Offers /64

Any help would be greatly appreciated.

Thanks.

13
Hardware / PFSense 2.1 DEV (x86) and Allied Telesys FX Cards
« on: July 23, 2012, 03:14:46 am »
Hello Everybody,

Does anybody know if PFSense 2.1DEV (x86) supports Allied Telesis' fiber-optics network cards?
I'm talking about: AT-2700FX (http://www.alliedtelesis.com/p-1826.html) or AT-2701FX (http://www.alliedtelesis.com/p-1829.html).

Any help would be greatly appreciated.

Best Regards,
Andrei

Pages: [1]