Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - lovan6

Pages: [1] 2 3
1
I check FreeBSD website about the bug and it seems there was some modification done several days ago. 



https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222908

2
I just want a followup on Pfsense developers if there is an update fix on Apollo Lake issue? I am still on current and wanted to upgrade to 2.4.

3
OpenVPN / Re: Extremely Low Download Speed (0.5mbps?!) ExpressVPN
« on: December 29, 2017, 07:09:08 pm »
I am also using Expessvpn and I am 14K miles away from the nearest west coast server. It helps if your CPU supports Intel AES New Instructions.

On my Cryptographic settings, I use  Hardware Crytpo=BSD Cryptodev engine.

My VPN speed and latency depends on the time of the day. I do not expect to be consistent due to my distance. On my 50/50 symmetrical fiber connection, I get 40 Mbps downlink / 20 Mbps uplink and latency of 151.


I use ExpressVPN for geolocation blocking on my streaming devices such as  Roku and Apple tv, Banking and shopping online on certain devices. I leave the rest connected to my local ISP.


Expressvpn customer support does know anything about Pfsense and they would just provide you a link on how to install Pfsense on Expressvpn.

5
Wireless / Re: How do I integrate Unifi Ac lite to Pfsense
« on: December 05, 2017, 05:25:50 pm »
.So in order for this to work, Do I Just adopt the Unifi ac lite and plug this on my switch on the same subnet (192.168.1.0/24)?

Should work, might be better posting on the Ubiquity forum.


Ubiquiti has their own ecosystem and they want you to use their own. You guys are more experience integrating Unifi to pfsense.

6
Wireless / Re: How do I integrate Unifi Ac lite to Pfsense
« on: December 05, 2017, 05:10:47 pm »
Thank you johnpoz  and NogBadTheBad you guys are truly a godsend.




Quote
Not clear on what your asking here?  You want 2 different networks for your 2.4 and 5.. Or you just want this imac to use only 2.4 and not 5?  You could create a SSID that is only 2.4 just for the imac to use, etc.  You can have up to 8 SSIDs as long as you don't use wireless uplinks - if you do then your limited to 4.



Just for clarification on why I prefer to use the 5ghz band on iMac is because Apple Bluetooth 4.0 and wifi 2.4/5ghz are integrated into 1 card on Broadcom BCM94360CD. If I connect to connect to a 2.4 band, Bluetooth trackpad and mouse gets disconnected and the cursor has a mind of its own. This has been experienced by other Apple users blaming Apple Bluetooth devices getting disconnected. Apple advises its customer to use the 5ghz band on wifi so it will not conflict with their Bluetooth. this is  the reason why I ask the forum how to segregate the 2.4/5 GHz band on unifi ap.

7
Wireless / Re: How do I integrate Unifi Ac lite to Pfsense
« on: December 04, 2017, 11:31:41 pm »
I am currently using NETGEAR GS305 5-Port Gigabit switch. I am not quite sure if this is sufficient enough.


https://www.amazon.com/gp/product/B00QR6XFHQ/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1


But I have no problem getting the Dlink Switch from Amazon.

I bought 2 individual Unifi Ac lite and it comes with port injector 2 days ago. Using a phone app is easy but how do I segregate the 2.4 and 5 ghz on unifi Ac Lite? I am using an Imac with 3 bluetooth devices connected (Keyboard, Trackpad, Mouse) if I use the 2.4 band, I have problem with bluetooth devices. On 5ghz I have no problem.



So in order for this to work, Do I Just adopt the Unifi ac lite and plug this on my switch on the same subnet (192.168.1.0/24)?

8
Wireless / How do I integrate Unifi Ac lite to Pfsense
« on: December 04, 2017, 05:29:48 pm »
I just build my new Pfsense box 2.3.5 and would like to use 2 Unifi Ac Lite. I use pfsense for 10 wifi clients (Mac, IOS devices, Thinkpad laptop)  and 3 wired Roku connected to OpenVPN on selective routing.
 

Current setup:

Bridge Fiber modem (50 Dwn/50 Up) > Pfsense (Intel i340 T4 nic, 192.168.1.0/24) > 5 port unmanaged gigabit switch > 2 Asus router as Wap.

I just want a simple setup and use Unifi Ac lite. My objectives are just to transition my off the shelf router I used before to Pfsense using one subnet.



How do I integrate Unifi Ac lite to Pfsense?

Do I need to buy a managed switch and Ubiquiti Unifi Cloud Key?

Any suggestions?


Parts list:


2 Unifi Ac lite with injector

Ubiquiti Unifi Cloud Key
 $80.00

Ubiquiti Networks PoE 48V 0.5A

$18.75

Ubiquiti US-8 Unifi Switch
 $99.09






 


9
Hardware / Re: PF Sense 2.4 with Asrock J3455-ITX
« on: November 29, 2017, 05:37:17 pm »
I am in the same dilemma on Asrock J3455B ITX. Currently, I am on 2.3.5 and there is an upgrade to 2.4.1.


Can I just go to Edit/Boot/loader.conf.local and paste hint.hpet.0.clock="0" on GUI and do the upgrade to 2.4.1? Or do I have to do a clean install?

10
Yes - It is very odd that netflix would work but not amazon.  Its probably a simple fix.  We can see after you post your final configuration. 

This could be a DNS issue.  You might want to find out if your VPN provider has their own dedicated reliable DNS IP and use that. 

The problem I have with 8.8.8.8 and 8.8.4.4 is those can connect you to many different servers depending on your location.

In my laptop off the VPN from Manila when I ping 8.8.8.8, its 30ms

When in my vpn I use my remote pfsense LAN IP as my DNS server IP.  When I ping that IP, it shows about 250ms.  Far away as it should be.

When I ping 8.8.8.8 in the vpn, again over 250ms.  So, it is being tunneled properly.

We might want to do that test with you to be sure that the DNS servers you are connecting to are physically in the USA and not close by.

Could be something else though.  Not sure.  Its strange.





I talk to my local ISP and bought their decommissioned DNS server ($$$$) on a condition that I have a dedicated US DNS connection.

11
I finally able to solve my pfsense ordeal. It took me 15 hours to figure everything out. Geolocation blocking is finally fixed. Netflix and Hulu are working but at the moment I can not get access to Amazon website on OpenVPN.

I would like to thank Finger79 and kenjianshi for their resolute support.


I will post some instructions later the day but until I resolve Amazon DNS problem.

12
I followed your suggestions on the NAT outbound.
Dude, you're tweaking mah OCD.  :P  I'd edit your Descriptions for sanity purposes as in my screenshot.  Just two edits.  "LAN to ExpressVPN" and "localhost to ExpressVPN"


My apologies to you. I am thinking of taking some Xanax with these pfsense ordeal.

Anyway I am attaching some desktop screenshots.






13
I was able to connect back to expressvpn but it resulted to a slow connections. some sites are not available. Is there a way to coorect this?
Let's compare apples to apples.

1.  Is your OpenVPN configuration on pfSense identical to your OpenVPN configuration on your Asus router?
2.  On your Asus router, are you able to visit Amazon and other sites, or are you getting the same error message?  If so, why?
3.  On your Asus router (which I assume has much slower CPU than your pfSense box), is VPN throughput slow?
4.  On your Asus router, are you also connected to ExpressVPN - Los Angeles?
5.  Are you in Europe?  Asia?  Somewhere else?  You may want to try out different VPN servers and see if speed improves.
6.  Where did you get the config settings in "Custom options"?  Also, is everything else correct such as the SHA512 HMAC?




I tinker on Interface/ExpressVPN. Under general Information, IPv4 Configuration Type = DHCP. this was the instruciotns by expressvpn. If I change from DHCP to NONE, I get faster browsing but I get disconnected from VPN.
FYI:  I have my VPN interfaces all set to "None."









1.  Yes they are exactly the same as my Asus router.

2.  I don't have any problem on any website on Asus on Expressvpn. In fact 1 have 3 simultaneous connections in the US.

3.  Yes the throughput is slow 3 to 5 mpbs Up/down. That is the reason I want to migrate to Pfsense.

4.  On the Asus I have 2 connections to Los Angeles and 1 connection to New Jersey

5.  I am from SE Asia. I have tried to connect to different US servers they are almost all the same when it comes to speed. Not all  Expresss vpn servers are good for geolocation blocking. so far the 3 I mention works well on my Asus.

6  I followed expressvpn link provided.


https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/



This is the custom options provided on their website.



fast-io;persist-key;persist-tun;remote-random;pull;tls-client;verify-x509-name Server name-prefix;ns-cert-type server;key-direction 1;route-method exe;route-delay 2;tun-mtu 1500;fragment 1300;mssfix 1450;verb 3;sndbuf 524288;rcvbuf 524288



Its SHA512 bit. I am not sure if its HMAC.




14
I followed your suggestions on the NAT outbound. I also deleted the Firewall/Rules/EXPRESSVPN and instead put back the Firewall/Rules/Lan.


I also change System/General /Setup as suggested. I was able to connect back to expressvpn but it resulted to a slow connections. some sites are not available. Is there a way to coorect this?


Also I am not in the process of setting up the Roku yet. I just want to make sure I won't have any problem with browsing. If connection is slow on browsing I think I can not be able to stream my Rokus.


I tinker on Interface/ExpressVPN. Under general Information, IPv4 Configuration Type = DHCP. this was the instruciotns by expressvpn. If I change from DHCP to NONE, I get faster browsing but I get disconnected from VPN.

I have not use any traffic shaper for the moment fyi.



I am providing some screenshots for your perusal.

15
I was really scratching my head. Next is to check my firewall settings (see attachment). On Firewall rules expressvpn i noticed it was empty.

It should be empty.  The way pfSense firewall rules work is they apply to traffic coming into that interface.  So you probably do not want anyone coming *into* your home and pfSense router from the outside world through the ExpressVPN interface.

I would delete all firewall rules on the ExpressVPN interface and only use LAN rules.


Expressvpn firewall rules was originaly on Lan rules "Local_Subnets = Lan Traffic expressvpn" but I can not access websites. The only thing that work for me is to move it to Firewall/ Rules/ExpressVPN which resulted to no connection to VPN.

Pages: [1] 2 3