Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Phonebuff

Pages: [1] 2 3 4
1
Official pfSense Hardware / Re: Hardware Decission --
« on: May 02, 2018, 02:00:35 pm »
@jahonix

     Follow the link and you will see the Pelican case the customer wanted.. 

     An yes I did Ask --

@ivor

     I will be watching here and in the store..

2
Official pfSense Hardware / Re: Hardware Decission --
« on: May 01, 2018, 12:32:19 pm »

Just wanted to close this out --

No option for the 3100 was found and the 7100 priced the solution out of the prospects ball park. 

--------


3
Official pfSense Hardware / Hardware Decission --
« on: April 19, 2018, 10:35:54 am »

Looking at Options was surprised that the NetGate SG-4860-1U was EOS already.  That last one I purchased was in July and I think it was a great little unit. 

So now I have an issue I need a 1RU mountable unit, but I really only need the function in the SG-3100 verses the XG-7100.   

At almost $700 dollars difference I was wondering if anyone in the community can answer two questions to help with my decision --

Short of a shelf has anyone found a way to mount the SG-3100 in a rack ?

Given the need for a 4G link (dongle) is there any advantage to one box over the other --

TIA ---

PS:   This is the rack and why mountable is better than a shelf --
        http://www.pelican.com/us/en/product/rack-mount-cases/9u/super-v/super-v-series-9u/


4
General Questions / ipSec getting no love --
« on: February 09, 2018, 09:55:13 am »

I noticed that my post and many others are sitting with no replies / help in the ipSec forum. 

Is the team working on some issue , or is just that ipSec is not getting an love these days ?

TIA --


5
IPsec / Re: SG-3100 IPSec ---
« on: February 07, 2018, 01:18:17 pm »
One more part --

Code: [Select]
Feb 7 14:07:00 charon 13[NET] <con1000|3> sending packet: from 172.16.200.20[500] to xxx.xxxx.xxx.x[500] (180 bytes)
Feb 7 14:07:00 charon 13[NET] <con1000|3> received packet: from xxx.xxx.xxx.x[500] to 172.16.200.20[500] (160 bytes)
Feb 7 14:07:00 charon 13[ENC] <con1000|3> parsed ID_PROT response 0 [ SA V V V V ]
Feb 7 14:07:00 charon 13[IKE] <con1000|3> received XAuth vendor ID
Feb 7 14:07:00 charon 13[IKE] <con1000|3> received DPD vendor ID
Feb 7 14:07:00 charon 13[IKE] <con1000|3> received FRAGMENTATION vendor ID
Feb 7 14:07:00 charon 13[IKE] <con1000|3> received NAT-T (RFC 3947) vendor ID
Feb 7 14:07:00 charon 13[ENC] <con1000|3> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 7 14:07:00 charon 13[NET] <con1000|3> sending packet: from 172.16.200.20[500] to xxx.xxxx.xxx.x[500] (244 bytes)
Feb 7 14:07:00 charon 13[NET] <con1000|3> received packet: from xxx.xxx.xxx.x[500] to 172.16.200.20[500] (244 bytes)
Feb 7 14:07:00 charon 13[ENC] <con1000|3> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 7 14:07:00 charon 13[IKE] <con1000|3> local host is behind NAT, sending keep alives
Feb 7 14:07:00 charon 13[ENC] <con1000|3> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 7 14:07:00 charon 13[NET] <con1000|3> sending packet: from 172.16.200.20[4500] to xxx.xxx.xxx.x[4500] (108 bytes)
Feb 7 14:07:01 charon 13[NET] <con1000|3> received packet: from xxx.xxx.xxx.x[4500] to 172.16.200.20[4500] (92 bytes)
Feb 7 14:07:01 charon 13[ENC] <con1000|3> parsed INFORMATIONAL_V1 request 907020096 [ HASH N(AUTH_FAILED) ]
Feb 7 14:07:01 charon 13[IKE] <con1000|3> received AUTHENTICATION_FAILED error notify
Feb 7 14:09:19 charon 00[DMN] signal of type SIGINT received. Shutting down

6
IPsec / Re: SG-3100 IPSec ---
« on: February 07, 2018, 01:12:39 pm »

So I forgot to mention --

   No matter how long I let the Enable Apply Spin, the Status IP Sec indicates "No IPSEC Status available" 

   The Log has a number of entries --   Ending with --

    Feb 7 14:09:19   charon      00[DMN] signal of type SIGINT received. Shutting down

7
IPsec / SG-3100 IPSec ---
« on: February 07, 2018, 12:56:09 pm »

I am attempting to start a IPSec tunnel from a SG-3100 that was upgraded to a 2.4.2_1..

Comcast -- DMZ Port --  3100 WAN --- 3100 LAN --

So first issue is the Web page never updates / refreshes when I try and enable the Link (P2 & P1) But if I try and Disable them it refreshes immed..

I should note that this worked previously from a Comcast link with Multiple IPs and in Bridge mode, but I don't have the luxury here..

-- My Identifier is - Dynamic DNS   With the FQN and that can be pinged and is validated.

--  Peer Identifier - Is Peer IP Address (Is this correct ??)

Must be missing something, but not really sure what at this point -

Any help guidance appreciated --


8
Official pfSense Hardware / Re: New SG-3100
« on: October 13, 2017, 08:41:46 am »

 :)   Sounds great.   Thank you very much for the information. 

     I am replacing an older Soekris and small Switch. 

     So there is no rush from my side. 

     

9
Official pfSense Hardware / Re: New SG-3100
« on: October 13, 2017, 06:26:55 am »

Good Morning,

  Received an email that my order has been delayed due to the need for additional testing of a driver fix.  I have no issue with this and as long as it ships in 2017 I am fine. 

  But for those in the know I am curious, since the note said driver issue, is this something in a FreeBSD module or a custom driver you all did for this device.  If it's a base FreeBSD driver, is there a link to the issue you are addressing available ?

  TIA....


10
Official pfSense Hardware / New SG-3100
« on: September 14, 2017, 01:02:32 pm »

So I am looking to replace an old Soekris box that is just not handling the new 2.3.4.p1 code. 

https://store.netgate.com/SG-3100.aspx

But I am confused by the wording of the guide a little -  https://www.netgate.com/docs/sg-3100/io-ports.html

Today I have a WAN, LAN (172.16.20.0/24), and two other LAN Networks (DMZ) *172.20.100.0/24 & 172.20.200.0/24) configurations so four total ethernet ports --

Can I do this with the SG-3100 or are the four Switched Ethernet ports ports just a bridged lan.

WAN -- Comcast
OPT1 -- DMZ-1 172/20.100.0/24
Switch (Lan 1 -4 )  -- 172.16.20.1/24
??????   DMZ-2 172.20.200.0/24 

I see I might be able to dump a small netgear switch, but how do I get the second DMZ ?

I also have two VPNs to other sites, but this box looks more than capable of handling this --

TIA on the insight for this new hardware. 

My alternative is the SG-2440 but this 3100 is much better priced and may fit the bill.


11
Installation and Upgrades / Replaced Soekris with Netgate 4860- 1U ??
« on: July 30, 2017, 10:46:00 am »

Short story Soekris box took a hit (surge) via one of the internal connections OPT1 in a storm.   

Ordered a replacement Netgate, dumped the configuration and restored it to the new box..

Updated the Interface assignments as appropriate -  Though we were done.  But I missed a step in that the Comcast link (opt2) did not get a upstream gateway address and I did not notice it till much latter in the day..  This setting apparently critical really should be above the fold..  :-) 

The question I have is more regarding why traffic did not work as the WAN gateway was fine, and the two are combined into a Gateway for the customer with OPT2 as Tier 1 and Wan as Tier 2 (The WAN is a T1 from Cbeyond/Birch an used mostly for SIP traffic).  The problem was most evident in that DNS resolution was failing and  I could not ping any of the external DNS servers from devices using the gateway instead of specific routing rules. 

Rather than Failing I would have thought the Tier 1 gateway target traffic would have timed out, and failed over to Tier 2. NOTE this is not load sharing.  Also, the status screen showed both as UP when in fact the OPT2 interface was down as there was no upstream gateway defined. 

Anyway, all is well just trying to learn for next time --

TIA ---


12

So over the weekend I needed to upgrade a rather older (but stable) install of 2.0.n on a Soekris Net4801.

Used the Auto Upgrade, which downloaded, then "installed" then Rebooted -- an NOTHING --

Connected to the Serial Console and realized I had not system. 

Did a reboot and watched it upgrade / install the unit this time..

Took a second reboot to get it to the "installed" state.  But I have had all sort of issues from stability to the "502 Bad Gateway" NGIX screen..

After I took the IPSec off the Status screen as suggested here it's better, although it seems to be in a Checking for update loop.  Spining Star --

Also, at least once had to restart service PHP-FPM (16) to get the console back.

Don't think I have had this many concerns / problems in many many years of using pfSense....  So I am looking for some basic guidance on settings / steps to get stable. An recommended steps to get my two IPSec tunnels up, and get NGIX to be at least somewhat responsive.  It seems to hang when I try and update the tunnel configs..

--TIA --  an no I really do not want to by a new box at this time..


13
Routing and Multi WAN / Re: MultiHome VR3
« on: August 05, 2016, 08:57:52 am »

Ah,

   But that's my headache --  I have these in a Group for generic Internet traffic (aka Default Route), and there are three Three Gateways Tiered 1, 2 & 3.  VR0 has 3, and VR1 has 1,2  and  VR 2 has LAN and VR3 has DMZ.

   So If I add a specific route for say yahoo.com through the AT&T gateway (1) and it fails, then it can not fall back to the Comcast (2) Gateway -

   Think the answer is going to be an expansion card and a new interface. 

    Thank you. 

   --- 


14
Routing and Multi WAN / Re: MultiHome VR3
« on: August 04, 2016, 06:53:01 pm »

So,  I understand what you are saying --

   The Comcast link  primary on the VR3 interface is using it's address to ping it's gateway --

   However, the AT&T link, Secondary as an Alias is using the Comcast address of VR3 to ping the AT&T gateway so the icmp can not come back -

   How do we tell apinger to use the Alias, which by the way is what I had to do in the diagnostic for the ping to work -

     

   


15
Routing and Multi WAN / Re: MultiHome VR3
« on: August 04, 2016, 01:10:42 pm »

Outbound NAT is set to Automatic - - 


Pages: [1] 2 3 4