Hello,

like many ISP subscribers, I'm behind a DS-Lite type connection with globally routable IPv6, and no public IPv4 address (IPv4 connectivity through IPv6 softwires to CGN). All VPN providers I tried up to now sucked, because they either lack IPv6 support entirely, or implement it only partially or incorrectly. All this resuling in copious IPv6 leaks all over the place. Since I need to connect to IPv6 servers too, following the advice of the VPN providers to simply disable IPv6 isn't an option.

I'm still waiting for a decent VPN provider with up-to-date (full) IPv6 support. Even something like perfect-privacy.com isn't there yet, since they claim to be able to multiplex IPv6 and IPv4 traffic over the same IPv4 tunnel, but according to their tech support, they don't yet implement IPv6 envelopes, i.e. tunnels to IPv6 servers running openvpn bypassing those pesky CGNs.

Or maybe things have improved since I last checked? Any suggestions for decent IPv6 VPNs highly appreciated.

when you nest aliases, the CIDR is ignored on that line.

Just enter the alias name, it will figure out the rest internally.

It means the repository metadata was updated, it's what keeps track of how your update branches work under System > Update, Update Settings tab.

In this case, it means we changed the repository data such that if you select "Development Snapshots" you can move to 2.4.1 snapshots. We usually keep that pointed at the same target as stable for a while post-release, but in this case we're having a very short dev cycle for 2.4.1 so we are switching it back sooner.

huh??  Dude really at a loss to what your trying to accomplish here..

If your just going to source nat all these clients at your site A.. Why not just set the server to all allow the IPs from that site?

As to a connection coming into your server via a port forward I assume.. Why would you want to make that look like to the server it is coming from a specific IP?  Why not just allows the IPs it might come from in this server as well?

Yes, Pfsense has no problems with it. Im afraid i cant change it on the Remote Barracuda.

Thank you guys!

at the moment I have two file:
/var/etc/mpd_opt1.conf
/var/etc/mpd_opt2.conf

How can I do to modify these files?
which name the should have?

Well, it's not your firewall riles.

Check the local firewall (think windows firewall) on the LAN hosts.

Thanks, I'll experiment with this tonight.

thank sir for the quick reply…

I have comcast business. My ip range is /29 so the following x.x.x.222 is my modem/router, x.x.x.221 thru x.x.x.217 are available for routers. When configuring the WAN port I put in IP address x.x.x.x & x.x.x.222 as the gateway and all works well. Also if I do plug into the cable modem with DHCP I do get a DHCP address like yourself.

I have pfBlocker and DNSBL active.  I will try the fix, but….

I also had the issue with SMTP.  It has to do with SMTP trying to read the CD-ROM drive.  I added the pfsense CD to the ROM drive and CPU went down (I also have not had the hang issue again after adding the drive).  When I get home, I will be removing the CD-ROM all together.

Restarting opera on its own wouldn't necessarily clear the cache, still worth a ctrl+F5 or shift+reload

What about the second question.  Is there a rule I can apply to protect unpatched devices?

I am seeing the exact same errors on every boot:

pf_busy
PF was wedged/busy and has been reset. @ 2017-10-13 10:58:59

Filter Reload
There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: @ 2017-10-13 10:59:02

These are new following the upgrade to 2.4:

2.4.0-RELEASE (amd64)
built on Tue Oct 10 06:43:01 CDT 2017
FreeBSD 11.1-RELEASE-p1

Running as a Virtual Machine on Xenserver 7.2. A pair of them actually, both getting the same error.

Danny

https://forum.pfsense.org/index.php?topic=134795.0

:)

It's possible. It was disabled because it was broken and/or failed to build at one time. It may be OK now, but needs checked again. Open a request on https://redmine.pfsense.org and we can look into it.