2. Project News
● Two new hardware platforms in stock at
store.pfsense.org
○ APU (VK-T40E2) - ALIX successor, AMD T40E
CPU, 2 GB RAM, 8 GB SanDisk SDHC card, 3
gigabit Realtek NICs
○ C2758 - Rangeley Atom 8 core, 8 GB RAM, 80 GB
SATA-3 SSD, 4 gigabit Intel NICs, 1U rack mount
● Support included with these new platforms
3. Heartbleed vulnerability
● OpenSSL security vulnerability leading to
disclosure of memory contents
● Affects pfSense versions 2.1 and 2.1.1
○ For components in base system - some 2.0.x
packages potentially impacted
○ Doesn’t mean you need not upgrade 2.0x and 1.x
systems
4. Heartbleed vulnerability
● Primary components affected
○ Web interface
○ OpenVPN
■ shared key not impacted
■ SSL/TLS impacted if not using TLS
authentication, or if untrusted users have TLS
key
5. Heartbleed vulnerability
● Other impacted components
○ Some packages dependent on OpenSSL
● Recommended remediation
○ Upgrade to 2.1.2
■ WARNING: Upgrade AutoConfigBackup package
first
○ Consider re-issuing keys
6. Heartbleed vulnerability
● Non-pfSense related things
○ Check all HTTPS servers
■ https://filippo.io/Heartbleed/
○ Revoke and re-issue trusted SSL certificates after
patching
○ Check with vendors of other products on applicability
7. Multi-WAN Goals and Strategies
● Redundancy
● Bandwidth aggregation
● Segregation of priority services
10. Demo setup
● Configuration of second WAN
● Configuration of monitor IPs
● Failover demo
● Load balancing demo
● Other gateway groups usage
○ IPsec
○ OpenVPN
○ Dynamic DNS
11. Demo - NAT and Multi-WAN
● Port forward example
● 1:1 NAT example
● Outbound NAT example
12. Demo - Advanced Options
● Gateway advanced options
● System>Advanced options
○ Allow default gateway switching
○ State Killing on Gateway Failure
○ Skip rules when gateway is down
13. Troubleshooting
● Verify rule configuration
● Failover not working
○ Check Status>Gateways
○ Verify monitor IPs
● Load balancing not working
○ Validate testing methodology
○ Have appropriate expectations