Can't be done. There is no way to obtain a list of IP addresses for a wildcard domain. You would have to resolve every possible hostname which would be infeasible if not impossible.
One of the other packages, such as pfblockerng might have a pre-compiled list you can use. Not sure.
Yes, but it would send everything to the NAS. I use that hostname with other ports to do other things….... :-\
(edit) If NAT Reflection doesn't work, might have to get another hostname just for the calendars.
@viragomann:
Have you also added the vpn tunnel networks to the site-to-site settings as suggested?
This was the key. Users are able to access all branch offices now through the Remote Access VPN.
Thank you for the help!
with mssfix 1400, 20MB/sec was stable. A few errors but no loss of connection.
22MB/sec gave a couple of errors but did not disconnect me
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10253565 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
24MB/sec started to spam errors and I lowered speed before it broke.
I guess it must just be latancy related when at high speeds over UDP, but my connection to the server and ping are solid outside of the tunnel from what I can tell.
Solved by… cheated really
Anyway, switched to TCP and reached 36MB/sec which isn't to far from my max without VPN.
The other issue with the routing table and the pppoe connection that shouldnt of been caused by openvpn failing shouldnt happen now as openvpn is stable.
Hi,
Start to collect easy facts :
Stop using a VM, use a dedicated device.
Swap LAN and WAN.
What kind of brands, your NIC's ?
When you put in place another router/firewall, the problem disappears ?
ESXI 4.1?
Why? Dude freebsd 10.x not support until esxi 6.0u2 at min..
Also where is your lan side of psfsense.. You running vlan top of the vnic you installed in pfsense? Why add another vnic on your pfsense vm and connect to proper vswitch or portgroup on vswitch to connect it to your lan network?
There are zero legal problems with what you're doing now, the objections from the seasoned users here are only practical in nature. It is counterproductive to produce yet another set of documentation that is going to be riddled with errors and inconsistencies and will lag behind the existing better quality official documentation.
No probably not. The overhead from running virtual should not be that large if the hypervisor is setup correctly. And on your hardware you shouldn't be getting even close to any limit at 180Mbps. Assuming you meant bps.
Steve
As impossible as it should be, I've seen 2 NICs with the same MAC.
While supposedly unique, some manufactures have been known to recycle MAC addresses. There's also the possibility of locally assigned MACs and many consumer routers can clone a MAC. However, as long as they're not on the same local network, duplicate MACs are not a problem.
Though, for the home user, the time spent installing, configuring, tuning, and maintaining snort would probably be better spent educating the family on what not to do. That will benefit them for life on every network they encounter.
OpenVPN?
It will always allow the ping traffic out. More likely is that whatever is at the other end stopped responding to ping or you moved to a different gateway that doesn't respond. Or maybe it triggered something that blocked pings!
If you set the gateway monitor to an alternative IP accessible over the VPN that should give you back link stats.
Steve
@stratus:
I made the following adjustment yesterday:
Routing -> Edit Gateway
Probe Interval: 3
Down: 60
I dont know if it is just a fluke or not, but I did not register any outages last night. I will continue to monitor and update this post as I discover things
This worked for me. Made an account just to thank you for it. Had been troubleshooting it for 2 days.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
