I'm in this with you.

Shows the Silver Award... and that's it.

When you come across a feel-good thing.


Shows the Silver Award... and that's it.


Shows the Silver Award... and that's it.

Thank you stranger. Shows the award.

  1. Ollie in both stances, nice!

  2. Initials of pick up group, AKA a group of random people.

  3. I do that on my priest, but you can also use a DH's cage, or Paralyze and peace ring of a monk.

  4. Sap works just like a DH cage. Hex, trap and sheep kinda work, only the first guy past gets in combat. Just make sure the first guy that moves past is a hunter or mage. Those two can feign death/invis, drop combat, and the mob will not get pulled after the cc expires.

  5. That's mmc in the screenshot, kind of the underpinning off Microsoft's management interfaces. Hit Ctrl+m, find hyper-v manager snap-in and load it and you should be good to go.

  6. Manuals, frontside 180s

  7. So... Upgraded to 2.6.0 and the DNS resolver just died. I have it set to forwarding mode on and use TLS to query upstream DNS. The setup worked fine in 2.5.2. Now I get firewall logs that TCP:SA packets from the upstream DNS servers are getting dropped in the WAN interface! It's as if pfSense doesn't keep state on the DNS queries or initiated. I couldn't find the pass from self lines on /tmp/rules.debug either. Does anyone have a quick workaround? I'll keep poking in the meantime...

  8. Are you using the host machine to ssh into the guests? Your setup looks about right, first thing I'd change is creating a private vswitch and move over the vms there, then get rid of the IP you've given the host.

  9. This possibly has to do with asymmetric routing on your environment. Next thing I'd try is setting up the static route for on the machine you're sshing from and see if this makes a difference. Failing that, we're gonna have to take a look on the firewall in your router vm. What distro are you using for the vms? I don't think hyper-v vswitches have anything to do with this, they are dumb layer 2 devices.

  10. They made a strategic decision to give up that piece of market share to VMware... This is saddening.

  11. Use an external vSwitch called WAN and an internal vSwitch called LAN. assign the VM network cards to the WAN and LAN vSwitches.

  12. You can run pfSense with just one network card (WAN). Plug this into your LAN, allow private IPs on it and enable management access from WAN. Then configure your OpenVPN server as needed. The last step would be to forward udp/1194 (or whatever) from your upstream router to your pfSense IP.

  13. Haven't seen a guide but it should be pretty straightforward.

  14. Okey, so in the DNS resolver settings I can add the desired host and domain names and which ip they should serve and it should work through the VPN? 🙂

  15. Yeah, on host overrides at the bottom.

  16. I’ll try that first thing tomorrow then 😁

  17. You can use regular port forwarding for that. You could for example forward port 6443 on wan to 443 on OPT1, same as any internet router. The best way to learn about pfsense is the

  18. I ran pfsense on a VM earlier before I got the HP, and I could use

  19. It's exactly that, it's HSTS acting up.

  20. I followed the instructions, but it didn't help. the hsts-file just keeps returning with all the info it had even after I delete it.

  21. Also, to disable it from pfsense side, go to system > advanced > admin access and tick Disable HTTP Strict Transport Security. It's on by default.

  22. You have a static route in place in pfsense, right?

  23. Yes, to each broadcast domain / VLAN.

  24. Okay, so pfsense knows how to reach your internal VLANs... Under firewall > rules > LAN have you allowed traffic from vlan 80 to LAN address udp 53? Is your outbound NAT set to auto? Under system > advanced > firewall/NAT have you checked Bypass firewall rules for traffic on the same interface? (shouldn't be needed in your case, cause there shouldn't be asymmetric routing in your environment, try it as a last resort). Unbound replies to all subnets by default. I'm also assuming your L3 switch freely passes traffic between VLANs and you haven't set up ACLs there. Good luck!

  25. It's weird because I see no matching icmp rules, your vpn clients normally shouldn't be able to ping anything. You could try temporarily creating a duplicate of your first rule, using the vpn subnet as source. Verify your clients can access the internet, then tighten it out further. It looks like you want to be granular with your logging; Your deny rules can be consolidated to 1-2 rules. I see mDNS and SSDP rules, I recently had to endure the Chromecasting torment :p Why do you allow everything IPv6?

  26. I'm going to test this tomorrow.

  27. Sadly, I haven't been able to solve this yet. I can only cast to speaker groups across VLANs using Chrome on Windows. Android refuses to see it unless it's connected to the IOT VLAN. It drives me insane that they're using different discovery methods and there is no documentation about the inner workings of the Cast Application Framework. I've tried broad rules with IP Options, IGMP Proxy and PIMd to extend multicasts. So far no success.

  28. Did you gpupdate /force after modifying the group policy in the guide? Have you restarted your windows 10 PC?

  29. What kind of NAT rules? What exactly are you trying to do?

  30. Just use site to site SSL/TLS and don't route the LANs via the OpenVPN. You will be able to reach all your "client" firewalls with their tunnel IPs and certificates are the best way to centrally manage and identify multiple clients. Would this be an acceptable solution? Basically do what

  31. Use your existing DCs for name resolution. Set up DHCP failover (Windows Server 2012 and later) between two of your DCs and use that instead.

  32. Yep! I checked when directly connected to the ISP Box using

  33. What kind of connection is it? Are you using pppoe? If yes, can you do pppoe passthrough?

  34. Sorry, I edited my reply. Is it using pppoe username/password to authenticate?


  36. I have followed that and that's what got me this far.

  37. So assuming routes at the main site work and iroutes get pushed for each of your sites, the only thing left to troubleshoot are firewall rules. I also assume you have a wide open allow any any rule in your pfsense openvpn tab. Pinging from site A, how far do you get? Can you ping tomatoB's LAN IP? TomatoB's tunnel IP? Some packet captures on pfsense openvpn interface would help diagnose the problem.

  38. I will try this, as the ICMP is an echo (send) and then an echo reply (reply from end point) I thought part of it would get blocked.

  39. What are your dhcp6 options like on your WAN interface? Try selecting the option to only get a prefix, not a public IP address on one. Then set your lan interface to track wan. If your lan interface gets assigned a public /64 the rest of your devices on that segment can autoconfigure, depending on the router advertisement options you select.

  40. Hey I recently enabled ipv6 on my pfsense and had the exact same problem as you.

  41. Icmp 6 is already enabled for me :(

  42. Try unticking "Only request an IPv6 prefix, do not request an IPv6 address". Also, make sure you allow ipv6 by checking "All IPv6 traffic will be blocked by the firewall unless this box is checked" under System > Advanced > Networking.

  43. As I understand it you have unchecked Block private networks on your WAN interface, correct? If so, your setup should work, despite the double NAT going on. Anything visible in the firewall logs (status > system logs > firewall) ?

Leave a Reply

Your email address will not be published. Required fields are marked *