@GruensFroeschli:

Really looking forward to wildcard certificates :)
Will make it a lot easier to manage since i run quite a lot of subdomains on my webserver :)

That's about the only scenario that makes sense, lots of subdomains on a single server. Otherwise you'd also have to distribute the wildcard cert to other boxes locally every time it was renewed. Possible, sure, but a bit of a pain and not very advantageous over just letting other servers request their own certs.

I'm still waiting for them to validate bare IP addresses and also allow extra EKU flags like "IP Security IKE Intermediate". I figured they'd at least allow the EKUs before doing wildcard certs.

In the i386 version, everything works perfect. Why is this happening ?

Can I know the purpose of Vlan tag and priority?  What is it for? :)

Continuing the K9 theme…


@anajames:

Is it a free app or a paid one.

It's a package to install in your pfSense. There are no paid apps for that.

Hi johnpoz,

Thank you very much for these explanaitions. I will try this.
Thanks to Derelict as well.

Thanks! Must be setup costs for such small pieces of data. For some reason I find this info difficult to search for. I get lots of other crap.

Congratulations.

@johnpoz:

This remote site is how far away connected how?

The existing network was at the time it was built the largest private VOIP type network in the world.  Its radio audio so one way at a time generally. Latency is not as big an issue as two way audio would be.

Makes use of microwave, fiber and even some t-1's thrown in for good measure.

The new proposed equipment was said to be unable to span subnets but Ive since found a document that says otherwise. So this is a non issue. But it does raise my eyebrows about the quality of people we were sent..

:o

@Jailer:

@heper:

installing it manually can brake your system

@justaskingonly

In case you missed it the first time…........

I know but I'm still trying.

This?
https://forum.pfsense.org/index.php?topic=126200.0

Convince FreeBSD to include a different syslog distribution in the base system, then we'll talk. We use what they use. :-)

You can use the syslog-ng package if you want so you are not limited to what's in the base system.

It's too late for such a change in 2.4, maybe 2.5, not sure what will be in that role for 3.0 but it's still early there.

We've already been talking about dropping clog in favor of sensible log rotation and retention since space constraints are not what they used to be in the past, even with RAM disks since most systems have more RAM available. Once we remove the clog-style log requirement then it frees up a lot of options like using syslog-ng in base.

And what mode are you using with your anyconnect TLS, DTLS, ipsec/IKEv2 ??

By default 500 is static, so you want to add 4500 UDP as also static outbound nat?  Are you trying to vpn in or out to an anyconnect?

"I also want to be able to connect via Cisco AnyConnect. "

After you mention that your using ipsec and openvpn, that you also want to be able to connect to pfsense vpn with anyconnect?

I wasn't measuring bandwidth but user experience latency.

Stupid fast!

@hongkonger:

i cant even go into bios..

This is the main problem the above people are suggesting it is not related to pfsense  :)