The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - FarmerB3rd

Pages: [1] 2 3 4
1
General Questions / Instability when multiple VLANs and rule editing.
« on: January 02, 2018, 07:36:42 pm »
Hi folks,

I have what I think is an odd stability problem.

I have the following:
WAN
LAN 10.10.50.0/24
OPT6 (trunk)
VLAN300 (parent is OPT6) 10.10.30.0/24

I have UBNT wifi kit with two SSIDs - Main and IoT
IoT is VLAN300

DHCP is working on both LAN and VLAN300.
I set up a rule on VLAN300 to route between main and it. I can ping from 10.10.30.50 (My phone on IoT) to 10.10.50.1 (LAN gateway) As expected, all is well.

So far, so good.

Now, if I play around with the rules on vlan300 such as disabling and re-enabling, things get weird. DHCP stops working and from time to time, internet vanishes for the main LAN.
This is pretty repeatable.

In the logs I can see my phone asking for IP address and the DHCP server offering one but my phone never seems to accept it.

The cure for all this? Reboot pfSense. Without fail, everytime, it will come right until I mess about with the rules again.

Am I missing something really daft? Any logs I can furnish to help diagnose this?

I am using the latest build.


thanks and Happy new year.


Bob



2
Packages / upsmon parent process died - shutdown impossible
« on: December 26, 2016, 11:10:04 am »
Hi folks -

Merry Christmas!


I've recently added a UPS to my firewall and started getting these errors emailed to me -

Code: [Select]

upsmon parent process died - shutdown impossible


The firewall talks ok to the UPS and when the power goes down it gets shutdowns ok but I'm not sure it'll work after this?

Any tips?

C

3
OpenVPN / Re: Is PC/Firewall fast enough for AES-128 VPN?
« on: October 07, 2016, 05:43:34 pm »
Thanks for the tip. Very interesting results on the speed test. With my setup, using AES-128-CBC (as per PIA) I get a theoretical throughput of 87Mb/s.

What I find interesting though is a while back, when I first got PIA, I could get 250Mb/s throughput. I assumed this was due to compression and obviously fake as I only had a 200Mb/s connection.

I'm still baffled as to how this has changed...


I'll have to rethink my firewall then if I want to move up ;)


 

4
OpenVPN / Is PC/Firewall fast enough for AES-128 VPN?
« on: October 04, 2016, 01:43:38 pm »
Folks,

I have a J1900 quad-core Celeron PC running as a pfSense FW. (Details)
From it I maintain a VPN connection to Private Internet Access using OpenVPN. This CPU does not have the AES extension.


When I first set it up about a year ago I was getting 200Mb/s throughput (connection saturation  on the VPN. Today I get around 50-60 average, down to 20 on a bad day.

I'm working with PIA to try work out why but so far we're not getting to the bottom of it. They're amendment they have the bandwidth and appreciate that I can do a speed-test which reads 200 down and 12 up.

I'm wondering though, what do others get on VPN throughput? Anything better than this? When does AES start becoming a problem?

The load average on the PC is 0.17, 0.14, 0.09 and does not vary much with or without tests.

pfSense version is latest and greatest.

TIA
F

5
Firewalling / Re: Cannot add new rule - Please enter the format requested
« on: October 01, 2016, 03:18:56 am »
 :( I should have searched first. Sorry <walks away in shame>


Thanks for the tip - patch worked.

When I next upgrade will the patch be removed automagically?

6
Firewalling / Cannot add new rule - Please enter the format requested
« on: October 01, 2016, 12:30:37 am »
Hi folks,

I'm using the following:
2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p5


I have many VPN client connections setup to Private Internet Access and they work perfectly.
I recently install OpenVPN on a server I own in Germany. I now have a connection to that too. Connection works fine.

I am trying to setup a new rule to route traffic from a single IP on my network to the server.
I have many of the same rule forcing traffic out over various VPN gateways. They work fine.

When I copy an existing rule or or outbound NAT rule I get the following error: Please match the format requested. (See attached)

This is happening if I copy an existing rule and then simply try clicking save. i.e. nothing has changed but it no longer likes it.

I've tried with a single IP and an alias but neither work.

What am I missing? Why would it not allow a new rule.

Thanks
F



7
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 21, 2015, 01:56:57 pm »
Well, this is odd. Second SSD is now complaining the same as the first.
Both SSDs used to sit in my NAS (ZFS) as cache drives so either they both got porked while in there or this motherboard is killing them or psSense is killing them.
Both SSDs are 4 years old (found the invoice, was hoping on warranty).

Guess a new on is needed and will see from there.

pfSense is still running so no rebooting until spare drive arrives...

8
General Questions / Re: pfSense for Home use? Necessary for my needs?
« on: March 21, 2015, 01:53:00 pm »
It's on-board. No option. It's a  Celeron™ J1900 (2.0 GHz) quad-core processor. I have not been able to get it to really slow down. it is more than enough for my home use. 160/12Mb/s does not do much. With iPerf I get 450MB/s throughput on it IIRC. That might me more to do with the "crappy" NICs though. Ample for my needs....

9
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 18, 2015, 02:01:25 am »
Right, well, didn't this go badly!

I woke up this morning at 3am (sick 18 month old). Walked downstairs and notices text scrolling past at a rapid rate on the pfSense monitor. "vfs error <something-or-other>"

Well, I guess this is it then. Internet is still working. Try log into pfSense and nudda. Error writing to /tmp/session bla bla.
I can however ssh into it. Supidly, I did not get the config file because I religiously backup after I make any changes. Of course I did...

Right, reboot - cannot. Pull power - does not reboot. FreeBSD hangs just after bring the NICs up. Oh well, we're toast.

Grab spare SSD out the drawer (as you do)
Swap it with the now-dead one.
Download the latest installer (USB live image)
Burn it
Boot from USB
ta-da. We're back.  ;D

Now to restore the last backup I have... hmm, looks a bit old.  :-\
Not to worry, it will have the bulk of the config. It's out by about a month.

Restore - what a nightmare  :'( The restore was just not happy with the NICs. Each reboot it would ask me again which is the WAN/LAN etc. Eventually it stops asking.

None of the VPNs are working correctly, the gateways are a mess, the firewall rules and NAT rules are a shambles. I start patching them together again but cannot get them working. Dreading a redo of them all I go get a coffee. What has changed... why would the restore not work? I've done it a few times without trouble...


Damn you kejianshi / cmb, damn you to hell  :P
Take out the USB NIC they said. It's all the USB NIC's fault they said.
I had forgotten about it.
Realising that the missing NIC is the issue with the restore I put it back in, restored again and ta-daaa. Perfect restore :D Happy bunny.


So, disk was on it's way out. I would still like to try and get the latest config off it because my backup is one set of changes short. (Bad me)
The restore works perfectly if the hardware is identical. If not, it's a bit of a headache.

Having said all that - to rebuild a busted firewall in an hour and be back up and running is remarkable. Full credit to the devs and community of pfSense for making such an awesome bit of kit.



Cheers,
FB

10
General Questions / Re: pfSense for Home use? Necessary for my needs?
« on: March 18, 2015, 01:46:36 am »
pfSense for home use is brilliant. See the thread here: https://forum.pfsense.org/index.php?topic=73518.0;topicseen
Small box, uses 10W when running and laughs at my broadband (160/12).

It manages 5 VPN clients and a number of inbound VPN connections with ease. Using OpenVPN connected to PIA in Netherlands I get 200+Mb/s download according to speedtest (due to compression - pointless number). During the tests though the CPU barely moves....

Learning curve? Not much. If you familiar with networking then it's simple.


11
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 17, 2015, 05:40:02 am »
TBH, I was surprised how good the Alphas were. Only issue was this one I have now. I needed Alpha because the hardware I bought was not supported by the previous release of BSD.

12
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 17, 2015, 04:15:26 am »
ok, it may well be that. The "writing in the middle" continues.

Mar 17 08:10:06 pfSense php-fpm[2384]: /index.php: Successful login for user 'admin' from: 10.10.50.X
Mar 17 08:10:06 pfSense php-fpm[2384]: /index.php: Successful login for user 'admin' from: 10.10.50.X
Mar 17 09:06:43 pfSense sshd[14419]: error: PAM: authentication error for root from 10.10.50.X
Mar 17 09:06:43 pfSense sshd[14419]: error: PAM: authentication error for root from 10.10.50.X
Mar 17 09:06:49 pfSense sshd[14419]: Accepted keyboard-interactive/pam for root from 10.10.50.X port XXXX ssh2
ad_status: Syncing firewall
Feb  1 12:10:30 pfSense kernel: ovpns2: link state changed to DOWN
Feb  1 12:10:30 pfSense check_reload_status: Reloading filter
Feb  1 12:10:30 pfSense kernel: ovpns2: changing name to 'tun2'
Feb  1 12:10:31 pfSense check_reload_status: Syncing firewall

I see most of my log files are exactly 500KB so it stops at that point and writes from the top again.

Thanks for that - removes my biggest worry.


It's not crashing and I don't expect it to crash for a long time. This is the second or third time it has crashed since early June - most of which was running Alpha nightlies.

Also, the crash, as far as I can see, is not a panic (as I know it). The system is still up and working but just really badly.


thanks
FB

13
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 17, 2015, 03:22:50 am »
The board hovers around 44C so don't think heat is a problem. While it is fanless it is in a very perforated case: http://linitx.com/images/products/M350_Universal_Mini-ITX_Enclosure_main_large.jpg

Yes, the SSD is an old repurposed one but was healthy (SMART) when I took it out of the previous machine. I'll check SMART again and see what it says.

I had another look at the log file - it's not missing sections. It has whole block of information out of order - as if it wrote in the middle of the file, then the end and then back in the middle. I can only assume the partition table is dodge... Will focus on that.

14
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 15, 2015, 09:48:40 am »
Ok, happy to wait for the next crash (well, not much choice there ;) ) but what can be done now to look for why it crashed previously? Any other logs I don't know about?

15
General Questions / Re: pfSense crashes ever few weeks - log is blank
« on: March 15, 2015, 07:30:49 am »
ok ok, it's out now :)

Pages: [1] 2 3 4