Convince FreeBSD to include a different syslog distribution in the base system, then we'll talk. We use what they use. :-)

You can use the syslog-ng package if you want so you are not limited to what's in the base system.

It's too late for such a change in 2.4, maybe 2.5, not sure what will be in that role for 3.0 but it's still early there.

We've already been talking about dropping clog in favor of sensible log rotation and retention since space constraints are not what they used to be in the past, even with RAM disks since most systems have more RAM available. Once we remove the clog-style log requirement then it frees up a lot of options like using syslog-ng in base.

And what mode are you using with your anyconnect TLS, DTLS, ipsec/IKEv2 ??

By default 500 is static, so you want to add 4500 UDP as also static outbound nat?  Are you trying to vpn in or out to an anyconnect?

"I also want to be able to connect via Cisco AnyConnect. "

After you mention that your using ipsec and openvpn, that you also want to be able to connect to pfsense vpn with anyconnect?

I wasn't measuring bandwidth but user experience latency.

Stupid fast!

@hongkonger:

i cant even go into bios..

This is the main problem the above people are suggesting it is not related to pfsense  :)

@bilbo:

Is it possible to securely access the cameras via the vpn server, blocking outbound over the normal wan gateway or is that still to much of a risk?

Thats how i did it. 12 Hikvision IP cams connected to a Hikvision POE NVR. The NVE is connected direct to its own interface on my pfSense appliance with all outbound blocked (as well as access to/from any of the other interfaces). I VPN in to the network to view the live feeds when needed…

FYI the industry is starting to wake up.

http://z-wavealliance.org/mandatory-security-implementation-z-wave-certified-iot-devices-takes-effect-today/

@uenal10:

The Hyperlink for the Package in the installation Guide for the Puppet Agent is Down. I need a Puppet Agent on my pfSense for my Project. Can anyone Upload a new Package?

If your looking for remote monitoring and administration of pfsense, you might try this:
https://forum.pfsense.org/index.php?topic=120972.0

Ah the wording on the amazon page was a bit hazy..  But from the spec site it does show both
https://www.zyxel.com/products_services/8-10-16-24-48-port-GbE-Smart-Managed-Switch-GS1900-Series/
IEEE 802.3af PoE (GS1900-8HP/10HP/24HP/48HP)
IEEE 802.3at PoE plus (GS1900-8HP/10HP/24HP/48HP)

But on the amazon site it just says
High-power PoE+ support IEEE 802.3at (70W Budget)

Looks like a pretty good choice.. Have fun with it!!!

@seanmcb:

Is/was AMT enabled by default on any of the hardware sold at the pfsense/netgate store?

https://www.reddit.com/r/PFSENSE/comments/68opmm/are_any_of_the_pfsense_appliances_vulnerable_to/

It's progress!

Wake me when they remove the FTP client though.  :D

I did read that they were used as source in the original attack.  Why would your AP or any other unifi device directly exposed to the internet…

Here is a unifi forum thread that exactly about what you stated
https://community.ubnt.com/t5/UniFi-Routing-Switching/BrickerBot/td-p/1890896

My new Nextcloud, my next Newcloud… it's all the same  ;D

If you like ownCloud, you will love Nextcloud.  They even let you change the theme easily.  The default blue cloud thingy was ugly.

This is a General Discussion forum. You're more likely to get help if you post in one of the many Support forums that you scrolled past to get here.  Perhaps try Installation and Upgrades or General Questions.

All of the above prices are for business class dedicated connections with dedicated bandwidth. There is no SLA, but they do make a good best effort. In addition, I can purchase many /29s for $10/month on any of those packages.

Their connections are also over GPON, but they promise to not oversubscribe the ports. They actively claim that their edge and core network can handle all customers at 100% of their provisioned rates.

OMG…
Found the cause...

I had LZ4 enabled on both ends. Disabled and things fly like normal...
OK, OK...
Reenabled, rebooted everything, problem again.
Disabled and rebooted again and things are back to normal.

WTF?

Hmm, yeah it pretty much doesn't work like that. Unless maybe the upstream provider is artificially limiting you to 4Mbps per IP address in that subnet but allowing you to use multiple IPs.  Like they expect you to be using multiple clients in that subnet for example.

You still can't combine those IPs to one one link of multiples of 4Mbps but if you have a number of things making connections thought pfSense you could NAT them to a range of IPs on the WAN to get 4Mbps per connection.

Steve

I love this but I do have a questions.

This works great on our local network, but we have VPN's setup to other pfsense routers when i try to back them up I get this.

pfSense Backup Tool v2.4.1 by Koen Zomers

Connecting using protocol version 2.3
Authenticating
Requesting backup file
Retrieving backup file
No valid backup contents returned

This is what I ran and the IP is going over ipsec VPN

I:\pfsense\pfSenseBackup\pfSenseBackup2.4.1.exe -u admin -p removed -s 192.168.50.1 -v 2.3 -o I:\pfsense\backups\kron\

I can access the IP via SSH and http over our VPN but the backup fails with "No valid backup contents returned" never seen this but never tried to backup over the PVN before.

EDIT I also tried v2.4.2 and we are on pfsense 2.3.3-RELEASE-p1

EDIT Number2: Never mind I found it in the readme go figure.

2.4.2 - released February 22, 2017 - download - 10 kb

There was a minor modification to the backup page in pfSense 2.3.3. Added support for 2.3.3 and made it the default version. So if you're on 2.3.3 you don't need to provide the -v flag. If you're still on 2.3 you need to provide the -v 2.3 still.

My test device was actually affected and died 2 days ago. Had to reboot it via Serial Console.
This one was close, the others were at 210-211 days:

We now officially qualify for "another 213 days 12 hours". I like that.