Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - dotdash

Pages: [1] 2 3 4 5 ... 130
IPsec / Re: Only 1 IPSec VPN Tunnel Can be UP at a Time
« on: Yesterday at 04:37:23 pm »
I do not understand what you are doing with the identifiers on the pfsense p1.
Normally, In that situation, I'd use DN and put in the dyndns hostname. Not sure what you are doing with the

Routing and Multi WAN / Re: Curious if this is possible
« on: Yesterday at 09:48:51 am »
Yes, this is possible.

IPsec / Re: Only 1 IPSec VPN Tunnel Can be UP at a Time
« on: February 19, 2018, 01:27:27 pm »
Say i have a working tunnel, i disconnect it, re-connect it and it no longer works sometimes...
Why are you doing that? It's probably causing the SA to become invalid on one side and not the other.
Try clearing both sides before you re-connect. Creating a new connection likely just gets the two sides to agree on a new SA.

IPsec / Re: Only 1 IPSec VPN Tunnel Can be UP at a Time
« on: February 16, 2018, 10:14:36 am »
It routes the traffic by matching the phase2, so if you have two that match, it doesn't know which one to use. If you have two remote sites with the same subnet, you need to binat, or change the subnet for one site.

OpenVPN / Re: Client Export Utility & Multiple OpenVPN Servers
« on: February 15, 2018, 03:24:25 pm »
The first selection on the export page should be a dropdown for 'remote access server' where you can select the instance. The only difference I can think of is that I've never used separate CA's.

CARP/VIPs / Re: Can I use different hard drives on Primary / Slaves?
« on: February 15, 2018, 03:18:18 pm »
No, the drives don't have to match. But you really ought to get on a somewhat recent version...

Hardware / Re: pfSense on Dell R710
« on: February 14, 2018, 05:11:09 pm »
Most of the Dell raid controllers will not present the disks unless they are in an array, making them fairly useless for zfs.
You shouldn't have any trouble just creating a mirror with the bios utility and installing on that.
As for AES-NI, I'd guess the processors in a 710 would be modern enough to have it. If not, it's not a showstopper.

IPsec / Re: Only 1 IPSec VPN Tunnel Can be UP at a Time
« on: February 14, 2018, 01:40:15 pm »
No. Makes no sense unless the phase2's are the same.

Generally, you set the lan outbound rule to use a failover group, but the firewall itself does not. This is usually not a problem, but there is a setting under advanced, misc. to allow gateway switching.

Mine booted a fairly vanilla config with gsxlb enabled or disabled. If you have the time, save the config, reset to defaults, and see if it boots with the Hifn and a default config. Then you could slowly re-do the config.

They are getting old, but still fine for slower Internet connections.
I grabbed a spare, installed a 1411, loaded 2.3.5 on a cf card, and booted it up.
The Alix is pokey to boot with 2.3.5, but still runs decently. Mine had no problem with the Hifn card, with gsxlb enabled or disabled.
Are you seeing something on the console?

CARP/VIPs / Re: CARP with 1 WAN IP
« on: February 02, 2018, 09:45:20 am »
(I've enabled the promiscious mode in my vswitch)
Any way you can test with a physical setup to rule out the hypervisor config? Honestly sounds like something is up with the vswitch if you can't ping each box from the vmnetwork...

CARP/VIPs / Re: CARP with 1 WAN IP
« on: February 01, 2018, 12:17:23 pm »

My Gateway remains offline on my master, I have restarted, as you advised me, the dpinger service but the logs return a no route to host.
Try, from Diagnostics / Ping, selecting the Public CARP VIP as the source address, and pinging the gateway.
Just to verify, subnet mask on the CARP VIP is correct and gateway is reachable from that subnet?

CARP/VIPs / Re: CARP with 1 WAN IP
« on: February 01, 2018, 09:20:44 am »
Sounds about right, but I would use more specific NAT rules. Mine are something like-
WAN 'This Firewall' * * * (Public carp VIP) * (no static)
WAN (lan subnet) * * * (Public carp VIP) * (no static)

Official pfSense Hardware / Re: Use my SG-2440 config on an SG-1000 ?
« on: January 29, 2018, 04:56:30 pm »
RE the config- make sure the third interface isn't assigned when you save the config. You will need to re-assign the vlans to the new parent interface before you re-assign after the restore. Other than that, it should be a big deal.

Pages: [1] 2 3 4 5 ... 130