pfSense Support Subscription

Recent Posts

Pages: [1] 2 3 4 5 ... 10
1
Deutsch / Re: Telekom Entertain ruckelt
« Last post by jahonix on Today at 01:24:57 am »
Die Variante mit dem IGMPv3 Proxy des Cisco Switches gefällt mir, tolle Idee!
2
General Questions / Re: 2.4 version release
« Last post by jahonix on Today at 01:23:02 am »
As usual: it's ready when it's announced as released.
Everything else is just speculations.
3
Packages / Re: SoftEther VPN Port from FreeBSD 10.3 Release 3 Repository
« Last post by sfhoo on Today at 01:12:09 am »
Need some help on the SoftEther. I followed your instruction to install the SoftEther, configure the SoftEther to do L2TP over IPSec. I added port forward in NAT (UDP 500, 4500). I am able to connect using native L2TP on my iphone but there is no internet access. Next thing I tried was using the iphone connect to the wifi, then connect to VPN, still no internet. Any ideas? Thanks
4
Installation and Upgrades / Re: 2.3.4_1 Update Issues...
« Last post by kb0nly on Today at 01:11:09 am »
So far everything seems to be working fine though, WAN is up, LAN is functioning perfectly.  Don't see anything else happening to cause concern, so...

Anything i need to do here?  I submitted the crash report.
5
Installation and Upgrades / 2.3.4_1 Update Issues...
« Last post by kb0nly on Today at 01:09:22 am »
I logged into my router tonight to see that update 2.3.4_1 was available, told it to update it went through did the update, rebooted, shows its on the latest version but on the Dashboard i now get this message...

pfSense has detected a crash report or programming bug. Click here for more information.

               Crash report begins.  Anonymous machine information:

i386
10.3-RELEASE-p19
FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May  3 16:26:51 CDT 2017     root@ce23-i386-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense_wrap

Crash report details:

PHP Errors:
[25-Jul-2017 01:05:02 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/widgets/widgets/system_information.widget.php on line 194
[25-Jul-2017 01:05:02 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:02 America/Chicago] PHP   1. {main}() /usr/local/www/index.php:0
[25-Jul-2017 01:05:02 America/Chicago] PHP   2. include_once() /usr/local/www/index.php:438
[25-Jul-2017 01:05:05 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/widgets/widgets/system_information.widget.php on line 194
[25-Jul-2017 01:05:05 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:05 America/Chicago] PHP   1. {main}() /usr/local/www/index.php:0
[25-Jul-2017 01:05:05 America/Chicago] PHP   2. include_once() /usr/local/www/index.php:438
[25-Jul-2017 01:05:12 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/crash_reporter.php on line 83
[25-Jul-2017 01:05:12 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:12 America/Chicago] PHP   1. {main}() /usr/local/www/crash_reporter.php:0
[25-Jul-2017 01:05:12 America/Chicago] PHP   2. upload_crash_report() /usr/local/www/crash_reporter.php:122
[25-Jul-2017 01:05:28 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/widgets/widgets/system_information.widget.php on line 194
[25-Jul-2017 01:05:28 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:28 America/Chicago] PHP   1. {main}() /usr/local/www/index.php:0
[25-Jul-2017 01:05:28 America/Chicago] PHP   2. include_once() /usr/local/www/index.php:438
[25-Jul-2017 01:05:35 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/crash_reporter.php on line 83
[25-Jul-2017 01:05:35 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:35 America/Chicago] PHP   1. {main}() /usr/local/www/crash_reporter.php:0
[25-Jul-2017 01:05:35 America/Chicago] PHP   2. upload_crash_report() /usr/local/www/crash_reporter.php:122


Filename: /var/crash/PHP_errors.log
[25-Jul-2017 01:05:02 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/widgets/widgets/system_information.widget.php on line 194
[25-Jul-2017 01:05:02 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:02 America/Chicago] PHP   1. {main}() /usr/local/www/index.php:0
[25-Jul-2017 01:05:02 America/Chicago] PHP   2. include_once() /usr/local/www/index.php:438
[25-Jul-2017 01:05:05 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/widgets/widgets/system_information.widget.php on line 194
[25-Jul-2017 01:05:05 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:05 America/Chicago] PHP   1. {main}() /usr/local/www/index.php:0
[25-Jul-2017 01:05:05 America/Chicago] PHP   2. include_once() /usr/local/www/index.php:438
[25-Jul-2017 01:05:12 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/crash_reporter.php on line 83
[25-Jul-2017 01:05:12 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:12 America/Chicago] PHP   1. {main}() /usr/local/www/crash_reporter.php:0
[25-Jul-2017 01:05:12 America/Chicago] PHP   2. upload_crash_report() /usr/local/www/crash_reporter.php:122
[25-Jul-2017 01:05:28 America/Chicago] PHP Fatal error:  Call to undefined function system_get_uniqueid() in /usr/local/www/widgets/widgets/system_information.widget.php on line 194
[25-Jul-2017 01:05:28 America/Chicago] PHP Stack trace:
[25-Jul-2017 01:05:28 America/Chicago] PHP   1. {main}() /usr/local/www/index.php:0
[25-Jul-2017 01:05:28 America/Chicago] PHP   2. include_once() /usr/local/www/index.php:438

Filename: /var/crash/PHP_errors.log.gz
���vYPHP_errors.logՑ�J�0E�~�]�b��NQ��W.)!y�y�&c�PE�w3(.Īŕ�d�ܓ�r7u��IvQ���J��,k\�X+���u�ﰾ^�JEeA!� ����#9C;2�ӑ���4D��-�69~H���� ���ZY1����;����c��Ы�x;*��=2��wP],�6����J�#�I��U��^�{���9�x���<f]��6j���yyz�%����LX���D�O�L2g��
�_�I<
Filename: /var/crash/crashreport_header.txt
Crash report begins.  Anonymous machine information:

i386
10.3-RELEASE-p19
FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May  3 16:26:51 CDT 2017     root@ce23-i386-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense_wrap

Crash report details:

Filename: /var/crash/crashreport_header.txt.gz
���vYcrashreport_header.txtu�1O�0�ݿ�$�2������4�Ab���B�۲]��{��!qӓ��=]�t>B�R���5��?O�a���y�ǐ&]\��'�j«����S��Z��<$����*0f�f��]-��؋^��k�h�Y�x�D�n84�7���Re7��ti���N�b����g�BnX�" ��_�,�9
,��ǻ����#!��_X,ڝ�"�ʃ�"
Filename: /var/crash/minfree.gz
��"iYminfree320�����9   
6
Russian / Re: PPPoE для гостевого Wi-Fi
« Last post by werter on Today at 01:04:42 am »
Доброе.
Рисуйте схему сети.

Quote
но wi-fi роутер не поддерживает vlan
Модели wi-fi роутеров в студию.
7
General Questions / Re: pfSense crashing once a week
« Last post by Greyhat on Today at 12:50:18 am »
Attached is a complete crash dump. The NAT is a combination of 1:1 NAT and Outgoing.
The NAT definitions are like this:
      <onetoone>
         <external>10.49.209.0</external>
         <descr><![CDATA[NAT to XXXX]]></descr>
         <interface>opt5</interface>
         <source>
            <address>10.144.0.0/24</address>
         </source>
         <destination>
            <any></any>
         </destination>
         <natreflection>disable</natreflection>
      </onetoone>

      <onetoone>
         <external>10.49.211.0</external>
         <descr><![CDATA[NAT to XXX]]></descr>
         <interface>opt5</interface>
         <source>
            <address>10.144.2.0/26</address>
         </source>
         <destination>
            <any></any>
         </destination>
         <natreflection>disable</natreflection>
      </onetoone>

      <onetoone>
         <external>10.49.211.64</external>
         <descr><![CDATA[NAT to XXX]]></descr>
         <interface>opt5</interface>
         <source>
            <address>10.144.2.64/26</address>
         </source>
         <destination>
            <any></any>
         </destination>
         <natreflection>disable</natreflection>
      </onetoone>

      <onetoone>
         <external>10.49.211.128</external>
         <descr><![CDATA[NAT to XXX]]></descr>
         <interface>opt5</interface>
         <source>
            <address>10.144.128.0/27</address>
         </source>
         <destination>
            <any></any>
         </destination>
         <natreflection>disable</natreflection>
      </onetoone>


      <outbound>
         <mode>advanced</mode>
         <rule>
            <source>
               <network>any</network>
            </source>
            <sourceport></sourceport>
            <descr></descr>
            <target>10.49.8.1</target>
            <targetip></targetip>
            <targetip_subnet></targetip_subnet>
            <interface>opt5</interface>
            <poolopts></poolopts>
            <destination>
               <address>10.144.0.0/24</address>
            </destination>
            <updated>
               <time>1471849596</time>
               <username>admin@192.168.0.43</username>
            </updated>
            <created>
               <time>1471849596</time>
               <username>admin@192.168.0.43</username>
            </created>
         </rule>
         <rule>
            <source>
               <network>any</network>
            </source>
            <sourceport></sourceport>
            <descr></descr>
            <target>10.49.8.1</target>
            <targetip></targetip>
            <targetip_subnet></targetip_subnet>
            <interface>opt5</interface>
            <poolopts></poolopts>
            <destination>
               <address>10.144.2.0/24</address>
            </destination>
            <updated>
               <time>1471849606</time>
               <username>admin@192.168.0.43</username>
            </updated>
            <created>
               <time>1471849606</time>
               <username>admin@192.168.0.43</username>
            </created>
         </rule>
         <rule>
            <source>
               <network>any</network>
            </source>
            <sourceport></sourceport>
            <descr></descr>
            <target>10.49.8.1</target>
            <targetip></targetip>
            <targetip_subnet></targetip_subnet>
            <interface>opt5</interface>
            <poolopts></poolopts>
            <destination>
               <address>10.144.128.0/24</address>
            </destination>
            <updated>
               <time>1471849615</time>
               <username>admin@192.168.0.43</username>
            </updated>
            <created>
               <time>1471849615</time>
               <username>admin@192.168.0.43</username>
            </created>
         </rule>
      </outbound>
8
General Questions / Re: VPN Recommendations for pfSense?
« Last post by pfBasic on Today at 12:31:55 am »
Old thread got necro'd, it was interesting reading through the opinions from a few years ago.

The most interesting thing I saw was a lot of people talking about hiding from the NSA, US Gov't, and what the best way to do this might be.

This is silly.

If you are trying to hide from the NSA or US Gov't, you cannot. I don't care what you do, you can't succeed. Nothing you do can begin to hide you from them. Best case scenario, you've got a PhD in cryptography or three, you're rich and you've dedicated tremendous resources to your privacy. Great, they have a few thousand people smarter on you on their payroll, virtually limitless resources, and they are the worlds most powerful government.... What are you thinking? These people penetrate nation states, "air-gapped" nuclear facilities, and log the activities of the public of the United States of America, and you are discussing whether a VPS or VPN is the best choice to avoid them  :o?

Then I saw someone post an alternative as routing all of your traffic through an Iranian VPN  ;D. Wow. You've solved it!


You do have one really powerful tool in your arsenal though, they don't care about you  :). Why would they?

The only organizations you have to are able to hide from are the general public, script kiddies, your ISP if you care, maybe some DMCA notices?
For those - pick any provider that gives you AES-128, SHA-2xx, RSA-2048. You are more than safe from any hacker that is going to take their time to work on you at least as far as a VPN is concerned - they'll just take an easier avenue anyways.

It is highly unlikely that you will ever come under a concentrated attack or scrutiny for what you do on the internet.

As far as your ISP or the MPAA is concerned, use an enigma. Neither one of those entities are going to decrypt your traffic. Aside from the legal shitstorm of hacking a persons encrypted data it would be a media nightmare. They simply are not going to even attempt to decrypt your data, ever.



I'm all for VPN's and whatnot, I use them to. In fact I push most of the machines on my network out through an AES-256 VPN all the time just because my old cheap hardware can do it so why not? But I have no delusions about who I am and am not hiding from.




Just use a VPN, the rest of the details really are not that important at all.
9
Packages / Suricata inline mode with VPN IF produces WAN down symptom
« Last post by Preacher22 on Today at 12:28:58 am »
Using 2.3.4-RELEASE-p1 (amd64) on bare metal
Suricata version 3.2.1_2
Quad port intel nic
Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Current: 2700 MHz, Max: 2701 MHz
4 CPUs: 1 package(s) x 4 core(s)
Hardware crypto    AES-CBC,AES-XTS,AES-GCM,AES-ICM
Memory: 64050 MiB

So I've been troubleshooting this problem casually for long while but I'd like to see it resolved at this point as the metal this appliance runs on was spec'd with inline mode in mind.

That said, when starting suricata with an interface configured with inline mode while a VPN interface exists the wan IP will change to 0.0.0.0 and multiple services will stop, no traffic passes, the web portal is extremely slow to respond (30 seconds or so). CPU usage while this is happening is nominal (low), RAM usage is nominal (low), disk usage, /tmp, /var all nominal (low).

For the log file below, suricata was configured on (but disabled by configuration on) several interfaces including a VPN interface. Only the WAN interface had suricata enabled with inline mode enabled for the problem to manifest. I'm using default or conservative suricata interface settings for troubleshooting. (detection engine settings section: 1024, low, auto, auto, 3000, default, default)

The issue does not occur in legacy mode

Jul 24 22:04:10    kernel: arpresolve: can't allocate llinfo for <WanIP> on em0
Jul 24 22:04:10    check_reload_status: Reloading filter
Jul 24 22:04:10    kernel: em0: link state changed to UP
Jul 24 22:04:10    check_reload_status: Linkup starting em0
Jul 24 22:04:09    php-fpm[43105]: /rc.linkup: DEVD Ethernet detached event for wan
Jul 24 22:04:08    check_reload_status: Linkup starting em0
Jul 24 22:04:08    kernel: em0: link state changed to DOWN
Jul 24 22:04:08    kernel: em0: permanently promiscuous mode enabled
Jul 24 22:04:08    kernel: 048.421904 [1233] netmap_mem_global_config reconfiguring
Jul 24 22:04:06    dhcpleases: kqueue error: unkown
Jul 24 22:04:06    dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
Jul 24 22:04:06    dhcpleases: /var/etc/hosts changed size from original!
Jul 24 22:04:04    syslogd: kernel boot file is /boot/kernel/kernel

I'm a troubleshooter monkey by trade so you'll need to be patient/verbose with me while assisting me with this issue, if I may ask.

Please let me know what additional information I can provide you with to assist in resolving this issue. I would be grateful!

Thanks very much for your time!!

Cheers,
10
General Questions / Re: VPN Recommendations for pfSense?
« Last post by teresajensen on Yesterday at 11:55:47 pm »
Well there are many VPN services available on net but You should research first which suits you, I personally recommend Best VPN which I m using myself its the best one.
Pages: [1] 2 3 4 5 ... 10