pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - virgiliomi

Pages: 1 2 3 [4] 5 6 7 8 ... 38
46
IPv6 / Re: Migrating to IPv6
« on: June 03, 2017, 06:19:44 am »
Quote
Indeed my ISP gave me a /48 for home use.

<sniff!> Mine only gave me a /56 </sniff!>     ;)
Quit complaining... mine only lets me get a /60. Not that I'm using 16 /64's... I'm not even using 8... but I am using more than one.

47
General Questions / Re: pfSense Box not using all of my SSD space
« on: June 03, 2017, 06:00:33 am »
Yes, because you're re-partitioning the storage, reinstalling is the only way to do it.

48
General Questions / Re: Cable Modem Ethernet Cable Bonding
« on: May 28, 2017, 05:31:12 am »
I believe that, like the Arris SB8200, the link aggregation functionality will need to be enabled by the ISP. In Arris' case, I don't even think the functionality exists in their firmware yet. But like johnpoz mentioned, there's no real need for it yet since most cable ISPs using DOCSIS 3.1 are only offering 1 Gbps down (about 940-960 Mbps down after overhead).

If from a redundancy standpoint, that's something else that would need to be enabled by the ISP... two different MAC Addresses connected to the modem (most ISPs only limit the modem to allowing one connected device, by MAC address). Of course, that would also allow two different IP addresses (or IP address blocks in the case of IPv6).

So either way here, you're at the mercy of your ISP and when they decide to roll out such features, if they ever do.

49
Packages / Re: Squid HTTPS Certificate using ACME
« on: May 26, 2017, 12:47:08 pm »
If will buying a genuiun certificate will allow me to have transprent proxy with SSL Man In the Middle Filtering?
Will this stop all the client to get certificate error?
SSL MITM requires a Root CA certificate, which no reputable and trusted certificate issuer will provide. The reason is because a trusted Root CA is able to create certificates for ANY domain in existence and present them as valid. This is why you need to create your own Root CA, then install your Root CA certificate on all devices that will be going through the SSL MITM proxy.

A regular SSL host certificate - whether from LetsEncrypt or any paid certificate issuer - will not allow you to do SSL MITM.

50
I'm not sure what vnstat uses to determine the data transferred, but the vnstat process that collects that data is set to run every 5 minutes with a cron job, IIRC.

51
Residential is usually limited to /60... Business should be limited to /56. ... [edit] Though I do see a number of posts saying that only /60 seems to be available to business customers now.

Unless you're a residential customer with their 2Gb Gigabit Pro Metro-E fiber service... then you get a /48.

Of course, if you request a /64 first before changing the prefix size setting then you need to delete the DUID file because Comcast will keep giving you a /64 until the lease expires or your router provides a new DUID.

52
Like NogBadTheBad mentioned, the Status_Traffic_Totals package will do it... however, it will only track from this point forward. There's no way to obtain any past data.  I believe it keeps track of daily, monthly, and yearly data usage. Also of note, the data updates every 5 minutes, so if you complete a quick download and wonder why the number didn't change, that's why.

53
Hardware / Re: hardware for Gigabit Fiber and Openvpn?
« on: May 10, 2017, 10:30:41 am »
Could be a UEFI setting in the BIOS... I don't think the 2.3.x branch supports UEFI like 2.4 does.

If you change the boot mode to Legacy, you'll probably  be able to install 2.3.4.

54
IPv6 / Re: DHCPv6 server (ULA & global)
« on: May 08, 2017, 09:21:47 pm »
Any reason you don't just use the link-local addresses for your unique local address? That's already a unique address being assigned to every device, and the prefix won't route.

I've created some host overrides in Unbound that point a hostname to a link-local address and they work great.

55
General Questions / Re: apinger could not resolve address?
« on: May 08, 2017, 09:11:56 pm »
I'll try upgrading, makes me nervous though.
It should, especially if you're a heavy user of packages on your current old version. The 2.3.x version tree made SIGNIFICANT changes to packages, including removing many that were out-of-date, not working properly anymore, or had been removed from FreeBSD ports.

Make sure you read the upgrade notes before doing the upgrade!!!

56
Some ISPs don't even need to do anything. Cable internet providers using DOCSIS just set a parameter in their modem configuration file and the modem handles the rate limiting. Customer upgrades to a faster tier of service? Their modem gets a new configuration file specifying the faster speeds.

57
You've explained how to do it, not what it does...

The domain override tells unbound to send all queries for the requested domain to the specified host listed in the override. So you would override ad.mydomain.com and point it to the IP address of your AD server. Then when someone goes to resolve mycomputer.ad.mydomain.com, unbound on pfSense will go to the AD server to resolve that, rather than trying to do it through its normal rDNS process.

58
2.4 Development Snapshots / Re: ZFS on SG-2440
« on: April 25, 2017, 04:47:01 pm »
Watching it, it almost seemed like it was a race condition when the USB device was detected... it sat and waited (the Root mount waiting for: usbus0 line showed a couple of times), then as soon as the first line for the USB device appeared it continued before the USB device was fully ready for it to continue... so it makes a little sense that a delay would allow it to work. I wonder if it needs to be 10 seconds though, or if even half of that would be fine.

59
2.4 Development Snapshots / Re: ZFS on SG-2440
« on: April 25, 2017, 04:25:01 pm »
Ok... so I took some time to try this again, mainly to get the output you were asking for.

During the setup, zroot was set up as a stripe with one drive, selecting just da1 (the eMMC storage device; the USB drive being booted from mounts as da0 during setup). All other ZFS options were left at their defaults.

It looks like the USB device output is mixed with the ZFS boot failure output, so I offer a potential corrected version below the raw version, to hopefully clear things up a little.

And lastly, for grins this time, I even tried booting with the USB drive still in, selecting to boot from the eMMC via the boot menu (this left the USB drive as da0 and the eMMC as da1)... but still ended up with the output below. And alas, to get myself back online, I reloaded with UFS again... so it might be a while before I re-try this again if a possible fix is determined.

Code: [Select]
Root mount waiting for: usbus0
ugen0.3: <Generic> at usbus0
umass0: <Generic Ultra Fast Media, class 0/0, rev 2.00/1.98, addr 3> on usbus0
Solaris: NOTICE: Cannot find the pool label for 'zroot'
Mounting from zfs:zroot/ROOT/default failed with error 5.

Loader variables:
  vfs.root.mountfrom=zfs:zroot/ROOT/default

Manual root filesystem specification:
  <fstype>:<device> [options]
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
      Mount <device> using filesystem <fstype>
da0:       and with the specified (optional) option list.
<Generic Ultra HS-COMBO 1.98> Removable Direct Access SCSI device

da0: Serial Number 000000225001
    eg. ufs:/dev/da0s1a
da0: 40.000MB/s transfers        zfs:tank

        cd9660:/dev/cd0 ro
da0: 29184MB (59768832 512 byte sectors)
          (which is equivalent to: da0: quirks=0x2<NO_6_BYTE>
mount -t cd9660 -o ro /dev/cd0 /)

  ?               List valid disk boot devices
  .               Yield 1 second (for background tasks)
  <empty line>    Abort manual input

mountroot> ?

List of GEOM managed disk devices:
  gpt/zfs0 gpt/swap0 gpt/gptboot0 da0p3 da0p2 da0p1 da0

mountroot>

Code: [Select]
Root mount waiting for: usbus0
ugen0.3: <Generic> at usbus0
umass0: <Generic Ultra Fast Media, class 0/0, rev 2.00/1.98, addr 3> on usbus0
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
da0: <Generic Ultra HS-COMBO 1.98> Removable Direct Access SCSI device
da0: Serial Number 000000225001
da0: 40.000MB/s transfers
da0: 29184MB (59768832 512 byte sectors)
da0: quirks=0x2<NO_6_BYTE>

Solaris: NOTICE: Cannot find the pool label for 'zroot'
Mounting from zfs:zroot/ROOT/default failed with error 5.

Loader variables:
  vfs.root.mountfrom=zfs:zroot/ROOT/default

Manual root filesystem specification:
  <fstype>:<device> [options]
      Mount <device> using filesystem <fstype>
       and with the specified (optional) option list.

    eg. ufs:/dev/da0s1a
        zfs:tank
        cd9660:/dev/cd0 ro
          (which is equivalent to: mount -t cd9660 -o ro /dev/cd0 /)

  ?               List valid disk boot devices
  .               Yield 1 second (for background tasks)
  <empty line>    Abort manual input

mountroot> ?

List of GEOM managed disk devices:
  gpt/zfs0 gpt/swap0 gpt/gptboot0 da0p3 da0p2 da0p1 da0

mountroot>

60
webGUI / Re: Sys Info Widget Getting Out of Hand
« on: April 24, 2017, 10:01:11 pm »
Yep, I played around with this, and it's cool... except I don't think I saw a way to rename the widget, or at least add some custom text to the title. For example, I might want all of the graph items to be labeled as "System resources" (if I could rename it), or "System Information - Resources" (if I could add some custom text to the end)...

Pages: 1 2 3 [4] 5 6 7 8 ... 38