pfSense Support Subscription

Recent Posts

Pages: 1 [2] 3 4 5 6 ... 10
11
Packages / Glances
« Last post by daroxm on Today at 12:24:37 pm »
I'm monitoring my servers at home over glances, is there a glances package available for Pfsense or would it be possible to make one?
12
Hello All,
I have been able to apply the Windows Upgrade bypass without problems in the SquidGuard.conf file, so that all my Win devices can update bypassing Squid (running with https transparent proxy and squidGuard).

I have problems with my Apple deivces which cannot access itunes, apple store nor upgrade.
The only solution found on the net is to list Apple ip addresses in the squid webgui.

Apple, however, is using Akamai network, as Microsoft, and trying to bypass squid via IP addresses is pratically impossible (Akamai network is huge). If you input some Akamai address you find via nslookup in squid bypass, the patch is working for a while before you will be redirected to some other server.

I am sure there exist a way to let Apple devices bypass squid and squidGuard via squid.conf and squidGuard.conf files, but I have not been able to reach the result. The only success for me has been to stop squid from restarting up to when I did not restore the old squid.conf file...

Is there anybody who can tell us how, what and where we should add/modify in the squid.conf and SquidGuard.conf files, as per the Wind Update bypass, to be get the result ( ie bypassing squid when addressing apple web sites)?

Thanks in advance to the nice and kind guy who will give us the instructions.
I am sure that your answer will become one of the most viewed posts on this board....

Ciao,

GL
13
DNS Name=abc

that is not a fqdn.. do not make certs with just a host name... you should ALWAYS no matter what use fqdn..  This is not 1989 and we are not using netbeui..

DNS Name=192.168.1.1

This is not a DNS name -- that would be a IP SAN...
14
Hello,

I've never used PFsense in production just labs but anyway.

I have a small soho network that consists of a few laptops/smart devices/printers as well as a netgear wireless router in access point mode for my lan. As well as another portion of my network that runs a server for my business.

At the moment I have my edge router x configured as such

LAN-192.168.0.0/24
DMZ-192.168.200.0/24
WAN-X.X.X.X/X

I didn't think it was a good idea to post my exact wan subnet unless it's necessary?

As far as the firewalling on the edge router goes. I set it up so my lan subnet can talk to the wan but the wan can't start a connection with the lan subnet.

The DMZ subnet has port forwards from the wan to the server for http, https, imaps, and smtp.

I usually access the server on the dmz subnet from my lan subnet at home. Because of this I don't have firewalling for traffic between the lan and dmz subnets I know I need to have some but I'm not sure what I should forward between them eg only the service ports I'm using on the server http, https etc or something else?

My main reasoning for the switch is I wanted more control and visibility into my network. The reliability of the edge router x is great I updated it's firmware on 10/31/2017 and it's been up ever since and I nearly forgot about it.

The edge router x has a traffic analysis tab but it only shows the source ip address of the client and rarely ever shows the layer 4 protocol tcp/udp or the port number. I just checked while writing this and for one of my android phones it shows the phones ip address then youtube followed by the amount of data transferred but that's all.

The last thing is how do I deploy PFsense while avoiding as much downtime as I can.

Thanks for all your time and help.
15
General Questions / Re: Avahi breaks apple HomeKit and Philips Hue
« Last post by NogBadTheBad on Today at 12:14:44 pm »
I had the same issues and gave up with Avahi.

My Hue controller and AppleTV (Homekit Hub) are on my IOT vlan and my iPhone & iPad are on my USER vlan, it works.

I've attached my rules.
16
Hi I don't want to publish the exact names, but I have something like the following:
Hostname: abc
Domain: def.com
Certificate name: abc
Subject Alternative Name in certificate:
 - DNS Name=abc
 - DNS Name=abc.def.com
 - DNS Name=192.168.1.1
When I use Chrome 63 (64-bit) with URL https://192.168.1.1, then I get the error.
I don't think the  names are relevant, because I'm using an IP. The domain name "def.com" exists, but "abc" is arbitrary and not in the DNS.
For this error to appear, the domain name of the URL must not match one of the S.A.N. of the certificate, but it is matching as you can see.
Did you use a CA as well? Maybe something with the CA is wrong. I used key length 4096, digest sha512, country code CH, dummy entries for the rest and Common Name "internal-ca".
17
Interesting results... I wonder if asymmetric link bandwidth is having a greater influence?


This was my "typical" basic altq test with no limiter/fq_codel: https://i.imgur.com/d1vQLFc.png (only the one shaper on the WAN interface)

I also tried the configuration outlined here: http://www.speedtest.net/insights/blog/maximized-speed-non-gigabit-internet-connection/


Also...go bolts?
18
Official pfSense Hardware / Re: SG-3100 - which cellular module
« Last post by stephenw10 on Today at 11:55:33 am »
Got a SIM eventually.

Connected up no problems to Three in the UK using the EM7305. Seeing ~32/9Mbps here in London.
http://beta.speedtest.net/result/6887753572

That's using a ppp connection on the AT port so I imagine it's using HSPA+. No easy way to know since as we've seen there no way to interrogate the modem once it's dialed up. Unless I'm missing something.

Steve
19
Firewalling / Re: Weird Problem
« Last post by Derelict on Today at 11:50:10 am »
Quote
can you please elaborate on this, as my guts are telling me the issue is coming from that

If that was the problem it would only affect the specific addresses you have /32 routes for, not "everything outside your country" as you assert.

Post the output from Diagnostics > Command Prompt. Execute this: netstat -rn
20
DHCP and DNS / Re: filterdns stops working
« Last post by johnpoz on Today at 11:47:54 am »
If your aliases is set to networks and you put in 64.233.160.0/19 it would not be resolving that..   There is nothing to update in such an alias.. Sure a name host alias like heise.de would have to resolve.  But if your alias is just a list of networks there is nothing that has to be resolved.  So if it stops working something else is wrong.
Pages: 1 [2] 3 4 5 6 ... 10