The pfsense Club - Page 55 - Overclock.net - An Overclocking Community

Forum Jump: 

The pfsense Club

Reply
 
Thread Tools
post #541 of 561 (permalink) Old 12-10-2018, 04:54 PM
New to Overclock.net
 
Join Date: Jan 2014
Posts: 868
Rep: 18 (Unique: 16)
Finally back in the pfSense club now that I got gig, was running Sonicwalls to keep up with work for the last couple years but they can't pull that. Got a recycled Optiplex 3040...
Attached Thumbnails
Click image for larger version

Name:	pfsense-spec.PNG
Views:	21
Size:	48.0 KB
ID:	237534  


Levelog is offline  
Sponsored Links
Advertisement
 
post #542 of 561 (permalink) Old 12-11-2018, 12:10 AM
What should be here ?
 
huzzug's Avatar
 
Join Date: Jun 2012
Posts: 5,216
Rep: 356 (Unique: 255)
Quote: Originally Posted by EniGma1987 View Post
Then the server should be set up on your parents system, and you would be the client.
I could have tried that, but:
1. Both of us are on the mobile networks.
2. Logistically speaking, I'd have to set up the server on my parents system the same way or have someone who knows this help set them up.

#2 their debt is insane, even for a "diverse field" company. They cannot even afford to service the debt maintenance let alone make an actual dent in the debt itself. - Internet Stranger
huzzug is offline  
post #543 of 561 (permalink) Old 12-17-2018, 03:40 PM
New to Overclock.net
 
Prophet4NO1's Avatar
 
Join Date: Feb 2014
Posts: 3,075
Rep: 162 (Unique: 119)
Anyone have a good way to test and log WAN speeds over time? Something like the Ubiquiti gateways have? I thought about just making a simple script to run speedtest-cli and record the results, but I was hoping for an easier to read chart/graph rather than a wall of text.

Any thoughts?
Prophet4NO1 is offline  
Sponsored Links
Advertisement
 
post #544 of 561 (permalink) Old 01-25-2019, 09:57 AM
What should be here ?
 
huzzug's Avatar
 
Join Date: Jun 2012
Posts: 5,216
Rep: 356 (Unique: 255)
A little update to my previous post: I still don't have access to the webconfig, I can ping google from shell and looking at my network adapters, the loopback adapter is not being identified. The device description still shows "Unidentified". I've tried to reset, reinstall PfSense, re-install my network adapter but nothing has helped.

Anyway I cna troubleshoot why this happens and to get the loopback adapter recognized by windows.

#2 their debt is insane, even for a "diverse field" company. They cannot even afford to service the debt maintenance let alone make an actual dent in the debt itself. - Internet Stranger
huzzug is offline  
post #545 of 561 (permalink) Old 02-10-2019, 08:12 AM
Linux Lobbyist
 
parityboy's Avatar
 
Join Date: Jan 2009
Location: 192.168.13.37
Posts: 3,706
Rep: 272 (Unique: 213)
@thread

I upgraded to VirtualBox 6.0.4 from 5.2.26 and a large number of networking issues seem to have been fixed. My pfSense instance seems to behave a lot more stably and reliably. I've narrowed it down to an issue with the host-only networking implementation, since traffic passing through a powerline adapter bridged into the very same instance behaves perfectly well. It would appear that the host-only networking has received some bug fixes, at least on the BSD side of things; Linux-based routers have never given me any trouble.

Just out of interest, has anyone here combined VirtualBox with OpenVSwitch?

Ryzen
(16 items)
CPU
Ryzen 7 1700
Motherboard
Gigabyte GA-AB350M Gaming 3
GPU
Palit GT-430
RAM
Corsair Vengeance LPX CMK16GX4M2B3000C15
RAM
Corsair Vengeance LPX CMK16GX4M2B3000C15R
Hard Drive
Samsung 970 Pro
Hard Drive
Samsung 850 EVO
Hard Drive
Storage Array
Hard Drive
Western Digital RE3
Power Supply
Seasonic PRIME 1000 Ultra
Cooling
AMD Wraith Spire
Case
Fractal Design Arc Mini R2
Operating System
Linux Mint 18.x
Monitor
Dell UltraSharp U2414H
Keyboard
Dell SK-8185
Mouse
Logitech Trackman Wheel
▲ hide details ▲
parityboy is offline  
post #546 of 561 (permalink) Old 04-09-2019, 05:08 AM
I dunno what I'm doing.
 
Blze001's Avatar
 
Join Date: Mar 2013
Posts: 1,452
Rep: 63 (Unique: 45)
Well, we started using NordVPN and it turns out our trusty old ASUS router can't quite handle VPN tasks on gigabit internet for 5 people, imagine that. So I'm building a PFSense box with my old i5-4670k that's currently in a dusty box doing nothing.

Specs will be:
- i5-4670k
- ASRock H81 PRO BTC. My old LGA1150 mobo died, and this was only $45. Plus it has 5 of PCI X1 slots, perfect for a supercharged router.
- 8GB
- Whatever the cheapest SSD is at MicroCenter.
- Two 10Gtek Intel 82576 cards.

I plan on setting up two VLANs: one will go through the VPN for most of our general traffic, the other VLAN will not use VPN for things like streaming and big downloads. ASUS router will become a basic WAP on the VPN VLAN. Since we want speed, I'm going to dedicate this box entirely to PFSense, rather than try to run VMs with PFSense and FreeNAS or something else.

Since this will be my first foray into the world of PFSense, anyone have any common pitfalls I can expect to run into?

It is what it is.
Waterworld
(21 items)
CPU
i7-8700k
Motherboard
ASRock Fatal1ty Z370 Gaming-ITX/ac
GPU
GTX-1080ti Founder's Edition
RAM
Kingston HyperX
Hard Drive
Samsung M.2 950 PRO
Hard Drive
SanDisk Ultra II
Power Supply
Corsair RM650x
Cooling
Optimus V1 LGA-1151 Waterblock
Cooling
Nemesis GTS240
Cooling
Nemesis 120GTS
Cooling
EK D5 Revo
Cooling
Singularity Protium Pump Top/Case
Cooling
EKWB 10x0 Waterblock
Cooling
SavantPCs 240mm Reservoir
Cooling
Noctua NF-A12x25
Case
Fractal Nano S
Operating System
Windows 10 Pro
Monitor
Alienware AW3418DW
Keyboard
GMMK TKL
Mouse
Logitech G602
Audio
Creative X7
▲ hide details ▲
Blze001 is offline  
post #547 of 561 (permalink) Old 04-13-2019, 10:47 PM
New to Overclock.net
 
Prophet4NO1's Avatar
 
Join Date: Feb 2014
Posts: 3,075
Rep: 162 (Unique: 119)
Congrats on taking the leap. Generally, you need to make sure you are using Intel NIC's. Some others work, but Intel ones are always a safe bet.

If you are doing VLAN setups you will need a switch that can handle VLAN. Meaning a managed switch. The other option is to just put in a multiport network card and making each port a different network. No need for VLAN then. You will then be able to setup firewall rules to block traffic from crossing from one VLAN/LAN to the other.
Prophet4NO1 is offline  
post #548 of 561 (permalink) Old 04-15-2019, 04:24 AM
I dunno what I'm doing.
 
Blze001's Avatar
 
Join Date: Mar 2013
Posts: 1,452
Rep: 63 (Unique: 45)
Quote: Originally Posted by Prophet4NO1 View Post
Congrats on taking the leap. Generally, you need to make sure you are using Intel NIC's. Some others work, but Intel ones are always a safe bet.

If you are doing VLAN setups you will need a switch that can handle VLAN. Meaning a managed switch. The other option is to just put in a multiport network card and making each port a different network. No need for VLAN then. You will then be able to setup firewall rules to block traffic from crossing from one VLAN/LAN to the other.
Yeah, I was on the verge of getting the Intel I210s when I came across these 10Gtek ones where pretty much every review said "Works great with PFSense!" so I took it as a sign.

Unfortunately, the on-board network chipset is a Realtek one and I've heard those are very hit and miss. Leaving that one out, I'll have 4 ports and I'm thinking of having 1 for modem, 1 for the wireless access point (this is the port I'd want the VPN on), and 2 for hardline connections (PS4 and gaming rig, no VPN).

It is what it is.
Waterworld
(21 items)
CPU
i7-8700k
Motherboard
ASRock Fatal1ty Z370 Gaming-ITX/ac
GPU
GTX-1080ti Founder's Edition
RAM
Kingston HyperX
Hard Drive
Samsung M.2 950 PRO
Hard Drive
SanDisk Ultra II
Power Supply
Corsair RM650x
Cooling
Optimus V1 LGA-1151 Waterblock
Cooling
Nemesis GTS240
Cooling
Nemesis 120GTS
Cooling
EK D5 Revo
Cooling
Singularity Protium Pump Top/Case
Cooling
EKWB 10x0 Waterblock
Cooling
SavantPCs 240mm Reservoir
Cooling
Noctua NF-A12x25
Case
Fractal Nano S
Operating System
Windows 10 Pro
Monitor
Alienware AW3418DW
Keyboard
GMMK TKL
Mouse
Logitech G602
Audio
Creative X7
▲ hide details ▲
Blze001 is offline  
post #549 of 561 (permalink) Old 04-17-2019, 07:29 PM
New to Overclock.net
 
Prophet4NO1's Avatar
 
Join Date: Feb 2014
Posts: 3,075
Rep: 162 (Unique: 119)
Quote: Originally Posted by Blze001 View Post
Yeah, I was on the verge of getting the Intel I210s when I came across these 10Gtek ones where pretty much every review said "Works great with PFSense!" so I took it as a sign.

Unfortunately, the on-board network chipset is a Realtek one and I've heard those are very hit and miss. Leaving that one out, I'll have 4 ports and I'm thinking of having 1 for modem, 1 for the wireless access point (this is the port I'd want the VPN on), and 2 for hardline connections (PS4 and gaming rig, no VPN).
You can setup firewall rules to send spacific devises/clients into the VPN. It's pretty simple. You can go even more fine grain if you want. Some ports, for example, use the VPN, others do not.
Prophet4NO1 is offline  
post #550 of 561 (permalink) Old 05-23-2019, 07:01 PM
New to Overclock.net
 
Prophet4NO1's Avatar
 
Join Date: Feb 2014
Posts: 3,075
Rep: 162 (Unique: 119)
2.4.4-p3 out!

Quote:
Highlights
Security / Errata

pfSense software release version 2.4.4-p3 addresses several critical security issues:

A privilege escalation issue where an authenticated user could have used a technique similar to directory traversal to gain access to pages for which they otherwise would not have privileges
A privilege escalation issue where an authenticated user granted access to the Dashboard or widgets could have gained access to pages for which they otherwise would not have privileges

A privilege escalation issue where an authenticated user granted access to edit OpenVPN servers, clients, or client-specific overrides could have executed shell scripts via OpenVPN advanced options to gain higher privileges

A new set of privileges has been created to delegate access to edit the advanced options fields on these pages. Existing users who are not administrators, but only have access to the stated pages, can no longer edit advanced option fields until the new privileges have been granted.
Potential cross-site scripting (XSS) vectors in 10 GUI pages

The sshguard daemon which protects the GUI and ssh against brute force attacks was changed to use a single table to block offenders from reaching the GUI and SSH, which corrects previous unexpected inconsistencies in behavior.

Several FreeBSD security advisories:
FreeBSD-SA-19:03.wpa
FreeBSD-SA-19:04.ntp
FreeBSD-SA-19:05.pf
FreeBSD-SA-19:06.pf
FreeBSD-SA-19:07.mds
FreeBSD-EN-19:08.tzdata
DNS over TLS host verification has been added, thanks to support from a recent Unbound version that made it possible on systems without OpenSSL 1.1.x.

For complete details about these issues, see the see the Release Notes.
Upgrade Notes

Due to the significant nature of the changes in 2.4.4 and later, warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.

Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.

Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.

The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.
Prophet4NO1 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off