would stopping them to resolve work? you could use dns resolver wildcards to make entire TLD's resolve to localhost … advanced section in "services-->resolver' server: local-zone: "xxx" redirect local-data: "xxx 3600 IN A 127.0.0.1" result on client pc: heper@i7 ~ $ nslookup  hornytube.xxx    <---BEFORE Server:        10.0.0.1 Address:        10.0.0.1#53 Non-authoritative answer: Name:  hornytube.xxx Address: 87.250.153.105 heper@i7 ~ $ nslookup  hornytube.xxx    <---- AFTER Server:        10.0.0.1 Address:        10.0.0.1#53 Name:  hornytube.xxx Address: 127.0.0.1 heper@i7 ~ $ nslookup  pfsenseresolver.xxx Server:        10.0.0.1 Address:        10.0.0.1#53 Name:  pfsenseresolver.xxx Address: 127.0.0.1

@watts3000: I am curious why do you want to replace SSTP? Are you having some technical problems. Or do you want to replace it just because it's Microsoft we run SSTP and L2TP and have zero problems. The machine that supports the SSTP links right now is a virtual machine, and I want to get that traffic/dependency off the network for those VMs.  So, it's either set people up to connect to the pfsense system, or put in real hardware for people to reach. A software solution doesn't add (significant) heat to my datacenter - which is why I was hoping for an easy install/deployment.

http://i.imgur.com/7jAfrAo.jpg Gotta love squid.

Sure.  Just make LAN rules that pass only what's necessary for exchange and the default rule set will block everything else.

@MiXeDeMoTiOnS: I installed Snort and it basically killed my internet connection it brought down my speed to a complete crawl or basically timed out some of the pages.  I was wondering is Snort suppose to slow your connect I'm pretty new so some advice on this subject would be greatly appreciated. Snort will not impact your speed unless you are enabling every possible rule and have a 8088 8 MHz processor from the 1980s …  :D Blocking is another issue (feature).  No IDS is "install and forget".  Every IDS installation requires environment-specific tuning.  Refer to the Packages sub-forum here and search for all the Snort configuration threads.  There is an excellent Master Suppress List thread that reviews fixes for the most common false positives from Snort. Another recommendation is to first run Snort in non-blocking mode for a few days or a week or two.  That way you can see what it would have blocked, and then have time to evaluate/research each alert to see if it is indeed a false positive in your environment.  Many of the HTTP_INSPECT alerts are generally false positives. Bill

Hi Thanks for the reply. I tried your suggestion and it is still not displaying a reason code. When I look in sgerror.php the $err_msg  parameter looks undefined. include "globals.inc"; include "config.inc"; $page_info = <<<eod<br># ---------------------------------------------------------------------------------------------------------------------- # SquidGuard error page generator # (C)2006-2007 Serg Dvoriancev # ---------------------------------------------------------------------------------------------------------------------- # This programm processed redirection to specified URL or generated error page for standart HTTP error code. # Redirection supported http and https protocols. # ---------------------------------------------------------------------------------------------------------------------- # Format: #        sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] # Incoming SquidGuard variables: #        a=client_address #        n=client_name #        i=client_user #        s=client_group #        t=target_group #        u=client_url # Example: #        sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. #        sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. #        sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. # ---------------------------------------------------------------------------------------------------------------------- # Tags: #        myurl and output messages can include Tags #                [a] - client address #                [n] - client name #                [i] - client user #                [s] - client group #                [t] - target group #                [u] - client url # Example: #        sgerror.php?url=401 Unauthorized access to URL [u] for client [n] #      sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] # ---------------------------------------------------------------------------------------------------------------------- # Special Tags: #      blank    - get blank page #        blank_img - get one-pixel transparent image (for replace banners and etc.) # Example: #        sgerror.php?url=blank #        sgerror.php?url=blank_img # ---------------------------------------------------------------------------------------------------------------------- EOD; define('ACTION_URL', 'url'); define('ACTION_RES', 'res'); define('ACTION_MSG', 'msg'); define('TAG_BLANK',    'blank'); define('TAG_BLANK_IMG', 'blank_img'); # ---------------------------------------------------------------------------------------------------------------------- # ?url=EMPTY_IMG #      Use this options for replace baners/ads to transparent picture. Thisbetter for viewing. # ---------------------------------------------------------------------------------------------------------------------- # NULL GIF file # HEX: 47 49 46 38 39 61 - - - # SYM: G  I  F  8  9  a  01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B # ---------------------------------------------------------------------------------------------------------------------- define(GIF_BODY, "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); $url  = ''; $msg  = ''; $cl  = Array(); // squidGuard variables: %a %n %i %s %t %u $err_code = array(); $err_code[301] = "301 Moved Permanently"; $err_code[302] = "302 Found"; $err_code[303] = "303 See Other"; $err_code[305] = "305 Use Proxy"; $err_code[400] = "400 Bad Request"; $err_code[401] = "401 Unauthorized"; $err_code[402] = "402 Payment Required"; $err_code[403] = "403 Forbidden"; $err_code[404] = "404 Not Found"; $err_code[405] = "405 Method Not Allowed"; $err_code[406] = "406 Not Acceptable"; $err_code[407] = "407 Proxy Authentication Required"; $err_code[408] = "408 Request Time-out"; $err_code[409] = "409 Conflict"; $err_code[410] = "410 Gone"; $err_code[411] = "411 Length Required"; $err_code[412] = "412 Precondition Failed"; $err_code[413] = "413 Request Entity Too Large"; $err_code[414] = "414 Request-URI Too Large"; $err_code[415] = "415 Unsupported Media Type"; $err_code[416] = "416 Requested range not satisfiable"; $err_code[417] = "417 Expectation Failed"; $err_code[500] = "500 Internal Server Error"; $err_code[501] = "501 Not Implemented"; $err_code[502] = "502 Bad Gateway"; $err_code[503] = "503 Service Unavailable"; $err_code[504] = "504 Gateway Time-out"; $err_code[505] = "505 HTTP Version not supported"; # ---------------------------------------------------------------------------------------------------------------------- # check arg's # ---------------------------------------------------------------------------------------------------------------------- if (count($_POST)) {     $url  = trim($_POST['url']);     $msg  = $_POST['msg'];     $cl['a'] = $_POST['a'];     $cl['n'] = $_POST['n'];     $cl['i'] = $_POST['i'];     $cl['s'] = $_POST['s'];     $cl['t'] = $_POST['t'];     $cl['u'] = $_POST['u']; } elseif (count($_GET)) {     $url  = trim($_GET['url']);     $msg  = $_GET['msg'];     $cl['a'] = $_GET['a'];     $cl['n'] = $_GET['n'];     $cl['i'] = $_GET['i'];     $cl['s'] = $_GET['s'];     $cl['t'] = $_GET['t'];     $cl['u'] = $_GET['u']; } else {       # Show 'About page'         echo get_page(get_about());         exit(); } # ---------------------------------------------------------------------------------------------------------------------- # url's # ---------------------------------------------------------------------------------------------------------------------- if ($url) {     $err_id = 0;     // check error code     foreach ($err_code as $key => $val) {             if (strpos(strtolower($url), strval($key)) === 0) {               $err_id = $key;               break;             }     }     # blank page     if ($url === TAG_BLANK) {             echo get_page('');     }     # blank image     elseif ($url === TAG_BLANK_IMG) {           $msg = trim($msg);           if(strpos($msg, "maxlen_") !== false) {               $maxlen = intval(trim(str_replace("maxlen_", "", $url)));               filter_by_image_size($cl['u'], $maxlen);               exit();           }           else {               # --------------------------------------------------------------               # return blank image               # --------------------------------------------------------------               header("Content-Type: image/gif;"); //  charset=windows-1251");               echo GIF_BODY;           }     }     # error code     elseif ($err_id !== 0) {             $er_msg = strstr($_GET['url'], ' ');             echo get_error_page($err_id, $er_msg);     }     # redirect url     elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) {             # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             # redirect to specified url             # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             header("HTTP/1.0");             header("Location: $url", '', 302);     }     // error arguments     else {         echo get_page("sgerror: error arguments $url");     } } else {         echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); #        echo get_error_page(500); } # ~~~~~~~~~~ # Exit # ~~~~~~~~~~ exit(); # ---------------------------------------------------------------------------------------------------------------------- # functions # ---------------------------------------------------------------------------------------------------------------------- function get_page($body) {         $str = Array();         $str[] = '';         $str[] = "\n$body\n";         $str[] = '';         return implode("\n", $str); } # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # IE displayed self-page, if them size > 1024 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function get_error_page($er_code_id, $err_msg='') {         global $err_code;         global $cl;         global $g;         global $config;         $str = Array();         header("HTTP/1.1 " . $err_code[$er_code_id]);         $str[] = '';         $str[] = ''; if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']) { $str[] = " <center> # {$config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']}: {$err_code[$er_code_id]} </center> "; } else { $str[] = " # Request denied by {$g['product_name']} proxy: {$err_code[$er_code_id]} "; }         if ($err_msg) $str[] = " ### **Reason:** $err_msg";         $str[] = ' * * * ';         if ($cl['a'])        $str[] = " **Client address:** {$cl['a']} ";         if ($cl['n'])        $str[] = " **Client name:** {$cl['n']} ";         if ($cl['i'])        $str[] = " **Client user:** {$cl['i']} ";         if ($cl['s'])        $str[] = " **Client group:** {$cl['s']} ";         if ($cl['t'])        $str[] = " **Target group:** {$cl['t']} ";         if ($cl['u'])        $str[] = " **URL:** {$cl['u']} ";         $str[] = ' * * * ';         $str[] = "";         $str[] = "";         return implode("\n", $str); } function get_about() {         global $err_code;         global $page_info;         $str = Array();         // about info         $s = str_replace("\n", " ", $page_info);         $str[] = $s;         $str[] = " ";         $str[] = '';         $str[] = ' **HTTP error codes (ERROR_CODE):';         foreach($err_code as $val) {                 $str []= "** | $val";       }         $str[] = ' | **';         return implode("\n", $str); } function filter_by_image_size($url, $val_size) {           # load url header           $ch = curl_init();           curl_setopt($ch, CURLOPT_URL, $url);           curl_setopt($ch, CURLOPT_HEADER, 1);           curl_setopt($ch, CURLOPT_NOBODY, 1);           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);           $hd = curl_exec($ch);           curl_close($ch);         $size = 0;         $SKEY = "content-length:";         $s_tmp = strtolower($hd);         $s_tmp = str_replace("\n", " ", $s_tmp); # replace all "\n"         if (strpos($s_tmp, $SKEY) !== false) {             $s_tmp = trim(substr($s_tmp, strpos($s_tmp, $SKEY) + strlen($SKEY)));             $s_tmp = trim(substr($s_tmp, 0, strpos($s_tmp, " ")));             if (is_numeric($s_tmp))                   $size = intval($s_tmp);             else $size = 0;         }         # === check url type and content size ===         # redirect to specified url         if (($size !== 0) && ($size < $val_size)) {               header("HTTP/1.0");               header("Location: $url", '', 302);         }         # return blank image         else {               header("Content-Type: image/gif;");               echo GIF_BODY; $str[] = ' MJ ';         } } ?>    [/u][/u][/s][/i]**</eod<br>

OK. Via VPN > OpenVPN > Client, is this right ? Thanks ;) EDIT : Auto-reply : here for those who want. Thanks Nicolas

Your WAN interface can send data out to the Internet or receive data in from the Internet.  IP_WAN is your WAN interface.  In your example, your WAN is receiving data from the Internet at the rate of 6 Mbps.

I forgot about that thread. Yes all info looks correct. It would need flashing to DirectIP for pfsense. That still don't guarantee it will be supported by the freebsd u3g0 driver. Worth a try as DIP will work in most OS.

Thank you very much: after saving twice in a row the rc.d scripts appeared! :) I just started to collect flows again thanks to the softflowd package. Sincerely gratefully.

Yeah, no problem. To answer your question: No, I did not. The Mac Mini was the client's machine.

I think you may be right Stephen. I will try out the localhost tomorrow. Yes it makes more sense not to have it on the LAN. I have no excuse other than it being the weekend and limited unpaid time working on a test machine. I will get there in the end. ;) When I get to a happy conclusion I will amend my previous posts.

@fearnothing: @Nullity: I have LAN and WAN set to deny everything but the traffic I specify. It sounds tedious, but it was much easier than expected. The security and privacy (misconfigured apps are less likely to leak info) improvements are worth the trouble, imo. You also get to see just how spammy some of the stuff on your network really is, if you have logging turned on. My printer seems to think the network is icecream which is badly in need of its UPnP chocolate sprinkles. lol. Yeah, some iOS devices were leaking some reasonably private information in plain-text. I have a love-hate relationship with UPnP, but I think most of us do. That reminds me… I really need to setup a remote syslog service to send all my logs to.

Known issue reported many times, move one, nothing happening here any time soon… If you need monitoring, set it up elsewhere.

Ah that makes sense.  Was running 2.1.5 on this unit until recently and never noticed the messages before. That explains it, thanks guys

I have a Dell i7-920 that if you leave it powered down for more than a  few tens of seconds and you boot it back up, it will get memory errors. Maybe 5-10 minutes before Windows blue screens. Memtest will show problems all over the board. Power it down, wait 5 seconds, power it back up, 3 days of memtest, no errors, months of up-time in Windows, no issues. Stable. This is the strangest problem that I have ran into over my years. Typically something giving these kinds of problems is in its death throes, but instead it has been working well for 6+ years. I finally recently replaced it. The motherboard and CPU are now wrapped in aluminum foil in storage.

Ok, thanks. Tuned a little bit differently kern.ipc.nmbclusters="131072" kern.ipc.nmbjumbo9="20000"

What are your l2tp IP settings like? as far as server ip and remote address range