pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - CiscoX

Pages: [1] 2
1
General Discussion / Re: I can smell 2.4!
« on: October 02, 2017, 03:52:39 pm »
Apparently not a good time to release with the shitton of dnsmasq security issues.

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

That's good news. Keep up the good work guys  :)

2
General Discussion / Re: I can smell 2.4!
« on: October 02, 2017, 03:13:24 pm »
Bad news I think? :)


4
2.3.3 Development Snapshots / Re: pfSense version numbers
« on: March 08, 2017, 03:08:24 pm »
Hi,

I got this one today :)

5
Still seeing 2.3.4 here

try, under Update Settings, change Branch to: Stable (default)

6
Hi,

The new version is 2.3.2_1 ?

I have v.2.3.3 DEV installed and if I check for updates i got his:


Is it anyway I can upgrade from 2.3.3 dev to 2.3.3 RC without doing a clean install?

Fixed, new packages are in place. Thanks!

Thank you very much :)

7
Hi,

The new version is 2.3.2_1 ?

I have v.2.3.3 DEV installed and if I check for updates i got his:


Is it anyway I can upgrade from 2.3.3 dev to 2.3.3 RC without doing a clean install?

8
DHCP and DNS / Re: No DNS Resolution
« on: November 20, 2016, 03:17:13 pm »
hmm, I got this. My resolver doesn't look like yours. Any idea why?

Code: [Select]
[2.3.2-RELEASE][root@pfsense.local]/root: dig www.pfsense.org +trace

; <<>> DiG 9.10.4-P2 <<>> www.pfsense.org +trace
;; global options: +cmd
;; Received 12 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

[2.3.2-RELEASE][root@pfsense.local]/root:



Huh?  There is NO forwarder when your in resolve mode..

Not sure why your having a hard time getting this..  Do you not know the difference between a forwarder and a resolver??

Out of the box unbound is in resolver mode, ie it talks to roots and walks down the tree to the authoritative server for whatever domain your looking up.  There is no forwarding of anything..

Your looking for www.pfsense.org

unbound, knowing the roots servers ask them.. Hey what is the NS for .org, it then asks one of them - hey what is the NS for pfsense.org - thanks, hey NS for pfsense.org what is the A record for www.pfsense.org

Nothing is forwarded anywhere.. If your isp hands you dns or doesn't hand you dns has zero to do with anything..


This is resolving - I snipped out some of it to make it shorter..
Code: [Select]
> dig www.pfsense.org +trace

; <<>> DiG 9.11.0-P1 <<>> www.pfsense.org +trace
;; global options: +cmd
.                       506544  IN      NS      c.root-servers.net.
.                       506544  IN      NS      e.root-servers.net.
.                       506544  IN      NS      j.root-servers.net.
.                       506544  IN      NS      l.root-servers.net.
.                       506544  IN      NS      g.root-servers.net.
.                       506544  IN      NS      m.root-servers.net.

;; Received 525 bytes from 192.168.9.253#53(192.168.9.253) in 2 ms

org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      d0.org.afilias-nst.org.
org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      c0.org.afilias-nst.info.

;; Received 817 bytes from 199.7.91.13#53(d.root-servers.net) in 11 ms

pfsense.org.            86400   IN      NS      ns1.netgate.com.
pfsense.org.            86400   IN      NS      ns2.netgate.com.

;; Received 584 bytes from 199.249.112.1#53(a2.org.afilias-nst.info) in 13 ms

www.pfsense.org.        300     IN      A       208.123.73.69
pfsense.org.            300     IN      NS      ns2.netgate.com.
pfsense.org.            300     IN      NS      ns1.netgate.com.

;; Received 139 bytes from 162.208.119.38#53(ns2.netgate.com) in 34 ms

This is forwarding..

Code: [Select]
> dig @8.8.8.8 www.pfsense.org

; <<>> DiG 9.11.0-P1 <<>> @8.8.8.8 www.pfsense.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27204
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.pfsense.org.               IN      A

;; ANSWER SECTION:
www.pfsense.org.        54      IN      A       208.123.73.69

;; Query time: 22 msec
;; SERVER: 8.8.8.8#53(8.8.8.
;; WHEN: Fri Nov 18 07:12:28 Central Standard Time 2016
;; MSG SIZE  rcvd: 60

Now if 8.8.8.8 did not have that cached it would have to resolve what I asked for, or it too might forward it to somewhere.  But somewhere in the chain there is a resolver..  When you forward you just push the resolving to someone else to do.  Pfsense out of the box just resolves for you so you don't have to trust someone else answers to what your looking for.

9
Hardware / Re: AES-NI performance
« on: November 20, 2016, 02:51:57 pm »
Here is my test. pfsense spec is in the signature :)


[2.3.2-RELEASE][root@pfsense.local]/root: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 1697468 aes-256-cbc's in 0.23s
Doing aes-256-cbc for 3s on 64 size blocks: 1735785 aes-256-cbc's in 0.27s
Doing aes-256-cbc for 3s on 256 size blocks: 1514519 aes-256-cbc's in 0.28s
Doing aes-256-cbc for 3s on 1024 size blocks: 1025506 aes-256-cbc's in 0.22s
Doing aes-256-cbc for 3s on 8192 size blocks: 253309 aes-256-cbc's in 0.05s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     115880.48k   418222.08k  1378548.85k  4800540.09k 37944819.71k

10
DHCP and DNS / Re: Response time shown in "Diagnostics...DNS Lookup" - 2.3.2
« on: September 24, 2016, 02:02:18 pm »
I do get the same results.
Did a DNS Lookup on www.cnn.com    (<---- never used to be here and my pfSense has been running for only 1 day now and my browser cache is clean.

11
Firewalling / Re: Traffic between LAN and OPT
« on: September 19, 2016, 03:40:13 pm »
hi,

Try to make another rule that allow DNS port under OPT2 over your new block rule

[IPv4  TCP/UDP   OPT2 net   *   *   53(DNS)   *   None]

12
Firewalling / Re: Traffic between LAN and OPT
« on: September 19, 2016, 02:44:44 pm »
Hi,

Try to make this rule under your OPT2

Just change my WLAN net to your OPT2 and my LAN_1 net to your LAN net

13
General Questions / Re: help with PFsense hardware setup.
« on: September 05, 2016, 02:31:41 am »
Hi,
You may take a look at this: https://forum.pfsense.org/index.php?topic=115673.0

14
Hardware / Re: pfSense hardware for home router - OpenVPN performance
« on: August 25, 2016, 02:13:55 pm »
Hi,

Here is my results:

Intel i5-6400 4x2.7GHz            -TDP 65W -CPU Mark 6530 -Single Thread 1827
3200/9,89 =   323 Mbps OpenVPN performance (estimate)

15
pfBlockerNG / Re: pfBlockerNG v2.1 w/TLD
« on: August 01, 2016, 03:33:49 am »
After updating to 2.1.1_2 i can't "clear DNSBL Packets" from the pfBlockerNG widge
The DNSBL_EasyList won't delete the packets

I am away for a few weeks but will check that out. Seems like some regression somewhere. Thanks for reporting.

Hi, No problem. Have a nice Holiday :)

Pages: [1] 2