Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - virgiliomi

Pages: 1 2 3 4 [5] 6 7 8 9 ... 39
61
I'm not sure what vnstat uses to determine the data transferred, but the vnstat process that collects that data is set to run every 5 minutes with a cron job, IIRC.

62
Residential is usually limited to /60... Business should be limited to /56. ... [edit] Though I do see a number of posts saying that only /60 seems to be available to business customers now.

Unless you're a residential customer with their 2Gb Gigabit Pro Metro-E fiber service... then you get a /48.

Of course, if you request a /64 first before changing the prefix size setting then you need to delete the DUID file because Comcast will keep giving you a /64 until the lease expires or your router provides a new DUID.

63
Like NogBadTheBad mentioned, the Status_Traffic_Totals package will do it... however, it will only track from this point forward. There's no way to obtain any past data.  I believe it keeps track of daily, monthly, and yearly data usage. Also of note, the data updates every 5 minutes, so if you complete a quick download and wonder why the number didn't change, that's why.

64
Hardware / Re: hardware for Gigabit Fiber and Openvpn?
« on: May 10, 2017, 10:30:41 am »
Could be a UEFI setting in the BIOS... I don't think the 2.3.x branch supports UEFI like 2.4 does.

If you change the boot mode to Legacy, you'll probably  be able to install 2.3.4.

65
IPv6 / Re: DHCPv6 server (ULA & global)
« on: May 08, 2017, 09:21:47 pm »
Any reason you don't just use the link-local addresses for your unique local address? That's already a unique address being assigned to every device, and the prefix won't route.

I've created some host overrides in Unbound that point a hostname to a link-local address and they work great.

66
General Questions / Re: apinger could not resolve address?
« on: May 08, 2017, 09:11:56 pm »
I'll try upgrading, makes me nervous though.
It should, especially if you're a heavy user of packages on your current old version. The 2.3.x version tree made SIGNIFICANT changes to packages, including removing many that were out-of-date, not working properly anymore, or had been removed from FreeBSD ports.

Make sure you read the upgrade notes before doing the upgrade!!!

67
Some ISPs don't even need to do anything. Cable internet providers using DOCSIS just set a parameter in their modem configuration file and the modem handles the rate limiting. Customer upgrades to a faster tier of service? Their modem gets a new configuration file specifying the faster speeds.

68
You've explained how to do it, not what it does...

The domain override tells unbound to send all queries for the requested domain to the specified host listed in the override. So you would override ad.mydomain.com and point it to the IP address of your AD server. Then when someone goes to resolve mycomputer.ad.mydomain.com, unbound on pfSense will go to the AD server to resolve that, rather than trying to do it through its normal rDNS process.

69
2.4 Development Snapshots / Re: ZFS on SG-2440
« on: April 25, 2017, 04:47:01 pm »
Watching it, it almost seemed like it was a race condition when the USB device was detected... it sat and waited (the Root mount waiting for: usbus0 line showed a couple of times), then as soon as the first line for the USB device appeared it continued before the USB device was fully ready for it to continue... so it makes a little sense that a delay would allow it to work. I wonder if it needs to be 10 seconds though, or if even half of that would be fine.

70
2.4 Development Snapshots / Re: ZFS on SG-2440
« on: April 25, 2017, 04:25:01 pm »
Ok... so I took some time to try this again, mainly to get the output you were asking for.

During the setup, zroot was set up as a stripe with one drive, selecting just da1 (the eMMC storage device; the USB drive being booted from mounts as da0 during setup). All other ZFS options were left at their defaults.

It looks like the USB device output is mixed with the ZFS boot failure output, so I offer a potential corrected version below the raw version, to hopefully clear things up a little.

And lastly, for grins this time, I even tried booting with the USB drive still in, selecting to boot from the eMMC via the boot menu (this left the USB drive as da0 and the eMMC as da1)... but still ended up with the output below. And alas, to get myself back online, I reloaded with UFS again... so it might be a while before I re-try this again if a possible fix is determined.

Code: [Select]
Root mount waiting for: usbus0
ugen0.3: <Generic> at usbus0
umass0: <Generic Ultra Fast Media, class 0/0, rev 2.00/1.98, addr 3> on usbus0
Solaris: NOTICE: Cannot find the pool label for 'zroot'
Mounting from zfs:zroot/ROOT/default failed with error 5.

Loader variables:
  vfs.root.mountfrom=zfs:zroot/ROOT/default

Manual root filesystem specification:
  <fstype>:<device> [options]
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
      Mount <device> using filesystem <fstype>
da0:       and with the specified (optional) option list.
<Generic Ultra HS-COMBO 1.98> Removable Direct Access SCSI device

da0: Serial Number 000000225001
    eg. ufs:/dev/da0s1a
da0: 40.000MB/s transfers        zfs:tank

        cd9660:/dev/cd0 ro
da0: 29184MB (59768832 512 byte sectors)
          (which is equivalent to: da0: quirks=0x2<NO_6_BYTE>
mount -t cd9660 -o ro /dev/cd0 /)

  ?               List valid disk boot devices
  .               Yield 1 second (for background tasks)
  <empty line>    Abort manual input

mountroot> ?

List of GEOM managed disk devices:
  gpt/zfs0 gpt/swap0 gpt/gptboot0 da0p3 da0p2 da0p1 da0

mountroot>

Code: [Select]
Root mount waiting for: usbus0
ugen0.3: <Generic> at usbus0
umass0: <Generic Ultra Fast Media, class 0/0, rev 2.00/1.98, addr 3> on usbus0
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
da0: <Generic Ultra HS-COMBO 1.98> Removable Direct Access SCSI device
da0: Serial Number 000000225001
da0: 40.000MB/s transfers
da0: 29184MB (59768832 512 byte sectors)
da0: quirks=0x2<NO_6_BYTE>

Solaris: NOTICE: Cannot find the pool label for 'zroot'
Mounting from zfs:zroot/ROOT/default failed with error 5.

Loader variables:
  vfs.root.mountfrom=zfs:zroot/ROOT/default

Manual root filesystem specification:
  <fstype>:<device> [options]
      Mount <device> using filesystem <fstype>
       and with the specified (optional) option list.

    eg. ufs:/dev/da0s1a
        zfs:tank
        cd9660:/dev/cd0 ro
          (which is equivalent to: mount -t cd9660 -o ro /dev/cd0 /)

  ?               List valid disk boot devices
  .               Yield 1 second (for background tasks)
  <empty line>    Abort manual input

mountroot> ?

List of GEOM managed disk devices:
  gpt/zfs0 gpt/swap0 gpt/gptboot0 da0p3 da0p2 da0p1 da0

mountroot>

71
webGUI / Re: Sys Info Widget Getting Out of Hand
« on: April 24, 2017, 10:01:11 pm »
Yep, I played around with this, and it's cool... except I don't think I saw a way to rename the widget, or at least add some custom text to the title. For example, I might want all of the graph items to be labeled as "System resources" (if I could rename it), or "System Information - Resources" (if I could add some custom text to the end)...

72
2.4 Development Snapshots / Re: OpenVPN 2.4 AES-NI speed
« on: April 08, 2017, 06:50:31 am »
OpenVPN 2.4 adds support for the AES-GCM algorithm, which takes full advantage of the AES-NI hardware acceleration without also requiring the CPU to compute the hash for authentication. Up until OpenVPN 2.4, the only way to use that algorithm with pfSense was IPSEC, I believe. That lets you use your CPU for other functions rather than supporting the VPN connection. (yeah, technically it's all built into the processor, so it's really doing everything anyway, but AES-NI with AES-GCM doesn't affect CPU cycles available for other tasks).

73
2.4 Development Snapshots / Re: ZFS on SG-2440
« on: April 07, 2017, 11:59:06 am »
I didn't keep the console output from my attempt... so at the moment, no I can't post it. I'm not wanting to go through reinstalling twice just to get it and then get back online at the moment, so maybe later when I'm feeling experimental again I'll post it, if someone else hasn't already.

There may not be an actual issue with the software here, but since 2.4 is the only version with ZFS, I figured I'd post here rather than the pfSense Hardware forum for now.

74
Packages / Re: ACME - Google Domains Support
« on: April 06, 2017, 09:26:31 pm »
Google supports Dynamic DNS via a DynDNS standard for doing so, but unfortunately there's no way to specify TXT records with that. I don't believe Google has an API that developers can utilize for allowing outside management of DNS records, aside from those A records (not even AAAA records) that are set up for Dynamic DNS.

75
2.4 Development Snapshots / ZFS on SG-2440
« on: April 06, 2017, 09:21:24 pm »
So I'm the daring type who took my SG-2440 and put 2.4 on it as soon as I got it home. But I wasn't able to install with ZFS. When I tried, the installer completed, rebooted, I removed my USB drive, and ZFS failed to mount.

My thought is that when my USB drive was connected, it was da0 and the built-in storage was da1, but when I removed my USB drive, the device identifiers changed, so the config no longer reflected the correct location. Unfortunately, I wasn't even able to get it to pick up when I tried pointing it to zfs:zroot/da0 (I think that's the format I used, based on what was presented) and the specific partitions as well, so I don't know what was going on.

Any thoughts on how best to install ZFS on a 2440? I'd rather not try things until there's a known good process in place. For the moment I'm just running with UFS instead. I'm fortunate that power where I live is extremely stable, even in the worst of severe thunderstorms and icy winter weather... though I still have a UPS connected anyway.

Pages: 1 2 3 4 [5] 6 7 8 9 ... 39