Search results
-
G
pfSense (or other dedicated router) questions
I'll have to take a look. 100 GB isn't enough for snort logs? wow.. I have a 500GB spinner I could use in there, but the speed of an SSD (as long as it's not abused with writes) would be hard to give up. I reboot in just seconds... Worked around the pfsense DUID bug by following the... -
G
pfSense (or other dedicated router) questions
I've read on some (other) forums about that happening with comcast customers with /60 PD's. The comcast side just forgets the routing for the prefix... However, I thought I also read that comcast fixed that issue back in May or so... (I hope they did!) -
G
pfSense (or other dedicated router) questions
I don't understand your statement. The DUID gets recreated on each reboot, and the comcast DHCPv6 server identifies my router only by the DUID... so it thinks I keep changing routers each time a reboot. -
G
pfSense (or other dedicated router) questions
I think I figured out the problem with the ipv6 PD changing every reboot (and submitted a bug for it): https://redmine.pfsense.org/issues/6667 -
G
pfSense (or other dedicated router) questions
@sfx2000 I'm too lazy to quote and clean up the quotes right now... That's a nice little wlan kit! While I agree AC1900's would be nice, I think it'd drive the price too high. Perhaps something with at least 2 stream 'ac' would be good. That would work at the highest speed 90% of today's... -
G
pfSense (or other dedicated router) questions
I've been trying out a bunch of different free x68 based router/firewall software distros/packages (that include some type of web management UI.) In particular, I've been looking at their IPv6 support. My minimum ipv6 expectation is that the router IPv6 DHCP client requests (AT LEAST) a /64... -
G
pfSense (or other dedicated router) questions
There is one MAJOR issue with the R7000 (and the reason I tried to replace it with the asus 3200 to begin with): The current drivers used in all WRT based firmware versions BREAK WPA2-Enterprise (EAP/PEAP) radius authentication against my windows server. If I use any non-netgear firmware with... -
G
pfSense (or other dedicated router) questions
I'm doing it in tomato (based on one of the WRT variants... and oddly AsusWRT is based on tomato) on a netgear R7000. It's cumbersome as hell, but still doable. First I create "virtual" wireless adapters for the alternate SSID's. Then I have to create new bridge interfaces, and assign... -
G
pfSense (or other dedicated router) questions
Of course. If I wasn't open to alternatives, I'd have already reformatted the pfSense box and put something else on instead of engaging in this thread... As for being the first person with the problem, I happen to know I'm not as I see many other people asking similar questions. The problem... -
G
pfSense (or other dedicated router) questions
I don't understand this statement/terminology. There are actually 3 SSID's: One is the normal EAP/PEAP based SSID that would associate with vlanNormal. Then there's one that is PSK based and would associate with vlanGuest. I also have a third SSID that's used by IoT devices that are... -
G
pfSense (or other dedicated router) questions
Every concept has a smallest working component. For example, in the physical world, most consider a molecule to be the smallest working component (because individual atoms are usually unstable.) In a "layer 3" router/firewall, what is the smallest working addressable component? I'm... -
G
pfSense (or other dedicated router) questions
https://drive.google.com/open?id=1kVDYNT-89ClvtnZVR4yDIKA55a_TlPSJHiAtBGgpXf4 -
G
pfSense (or other dedicated router) questions
I tinkered with ipfire (which would run perfectly on the same machine I assembled for pfsense), but it seems to have some issues. An initial install on a VM fails checking for updates... there are posts all over their forums about it. Of course, I'm not limited to pre-built solutions... -
G
pfSense (or other dedicated router) questions
I thought I posted a link to a network diagram a day or 3 ago... it showed the ADS server, 2 NAS devices, network printers, an AP, my managed switch (L2 netgear GS724Tv4), etc. There's also a crapload of appliances (IoT, TiVo's, etc) and a "non-managed smart" switch. (16 port thing that... -
G
pfSense (or other dedicated router) questions
I actually have a full blown ADS, and one of my wifi SSID's validates EAP/PEAP using mschapv2. That IS an approach for wifi (as well as MAC filtering on a timer at the AP.) It doesn't help for wired (and I don't have RADIUS / 802.1x implemented on my wired network.) @sfx2000, ratholes are... -
G
pfSense (or other dedicated router) questions
Yes on IPv6. Not him specifically, but considering I harass my employer on an almost daily basis that they still haven't implemented IPv6, and that I have to "pipe it in" via a VPN to my home network, I couldn't live with myself if I disabled. it. It could, but I can't assume a wireless... -
G
pfSense (or other dedicated router) questions
That works for IPv4. It doesn't work for IPv6. With IPv6, many OS's ignore DHCPv6, and others accept the configuration and IP, but use a different IP for outgoing traffic (for "security" reasons.) How can I use my managed switch to accomplish this? -
G
pfSense (or other dedicated router) questions
Usually, when someone approaches a problem with these types of responses, the underlying intent is to detract from the actual issue because of a shortcoming, and try to redirect it to something else. For example, I could say that the "real problem" is that my 11 year old son plays on his... -
G
pfSense (or other dedicated router) questions
Are you suggesting that I'm asking the wrong question? What do you suggest the question should be? I'm not trying to block applications (L7.) I'm trying to completely cut off a device from the WAN. That, technically, is a L3 (routing) issue. (I'm trying to prevent routing) that is solvable... -
G
pfSense (or other dedicated router) questions
It's a wifi only device (no GPRS/LTE/CDMA/etc) and can only connect to my private network. With L2, this is doable via MAC address controls. With pfSense, as far as I've been able to determine, I can't do it properly. I can assign an IPv4 address reservation (and FORCE it's use via static...