Pfsense

SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number or similar

After experiencing a pfsense log overflow with SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number, SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol and similar errors for a while I finally figured a way to reduce them to the more reasonable level by simply checking Disable webConfigurator redirect rule in the advanced settings. There are still some errors in the log though, however, way less than before. Remarks – Captive Portal is disabled, webConfigurator is accessible from Internet, pfsense version is 2.2.5-RELEASE (amd64) – there is a setting to completely disable lighthttpd logging (as it was before version 2) under settings of the system log

Basic Site to Site OpenVPN between PfSense 2.2.1 and Vyos 1.1.4

After banging my head for a while I finally ended with the following working configuration of Basic Site to Site OpenVPN between PfSense 2.2.1 and Vyos 1.1.4 Pfsense Side On the PfSense router create an OpenVPN Server with the following settings Server mode – Peer to Peer Shared Key Protocol – UDP Device mode – tun Interface – WAN Local Port – 33458 (could be whatever you want) Description – testvpn Shared Key – Tick Automatically generate, needs to be copied to vyos /config/auth Encryption algorithm – BF-CBC-128 bit (could be different, needs to match both ends) Auth Digest Alghorithm – SHA1 (default for openvpn, could be different, needs to match both ends) Hardware crypto… Read More »Basic Site to Site OpenVPN between PfSense 2.2.1 and Vyos 1.1.4

Set a Cron Freebsd

If you ever wondered how to setup a cron on bsd(pfsense) The follwoing will run every 5 minutes */5 * * * * user command Every Minute – * * * * * Every 5 Minutes – 0,5,10,15,20,25,30,35,40,45,50,66 * * * * Every 5 Minustes (Simple) – */5 * * * * Every Hour – * */1 * * * and so on. More info here Field Meaning (input) 1 Minutes (0-59) 2 Hours (2-24) 3 Day of the Month (1-31) 4 Month (1-12) January thru December 5 Day of the week (0-6) Sun thru Sat 6 User to execute the command 7 Command to execute

PingMonitor is down

Heartbleed Bug gave us a lot of hassle these days, creating patches all around, including my favorite pfsense. First released patch 2.1.1 was quickly replaced by 2.1.2, unfortunately leaving me with mad apinger (aka Ping Monitor). Even disabled it was spitting log entries every 5 minutes, significantly degrading pfsense performance. The only solution found by me was to reinstall dns package (I’ve reinstalled all packages, however the dns fixed the issue). After that disabled apinger remains off, no more fake log entries and my box performance was reclaimed back! Check the screenshot if interested what packages I have installed, hardware, etc.