Yea, the Netflix destination rule isn't working for me. To double-confirm I disabled my other custom LAN rules and rebooted the router, but it still doesn't work. Unless someone else can comment and confirm the rule works for them, I am going to guess that the domains no longer work from the time they shot to edited to uploaded the video.
Until I can get the Netflix destination rule working I've completely removed a few choice computers from the VPN gateway entirely and use those for Netflix. If anyone is curious about a workaround.
Make an alias for the TCP ports and another for the UDP ports. Then go to the LAN firewall and make an allow rule for TCP with the machine you play CS:GO on as the source IP (or use any if it doesn't matter), leave source port as any. Set destination address to any and for destination port select other and type the name of the TCP alias you created. Then go to advanced and select your WAN gateway. Do the same for the UDP alias but obviously choose UDP as the protocol. Make sure these rules are above the default allow any to any rule or any other allow rule which would catch the traffic. Reset the state table to be sure and check if it works.
I see, kind of makes sense as it prevents it from falling back to the WAN gateway if the VPN goes down. But I think there are better ways of doing that.
Great video love to see pfsense content, people ask for openwrt but pfsense is one of the only groups that stays on top of security issues. I recall a while back there was a Defcon video that showed a security hole where you could act as if you were inside the network through a callback during a load. Pfsense was one of the only ones to patch the flaw.
By the way, I know this being a Linux video but I saw the debloat script in it a was wondering if Level1Techs could do a debloat windows video. I've noticed nerfing Cortana with group policies, disabling superfetch, turning off a ton of unnecessary services can really take back some needed performance. I notice it the most with i/o latency, windows 10 can be brutal with keyboard and mouse lag in game and disabling much junk as possible has yielded good results for me. Figured I should ask with the whole "Gaming mode" being in the creators update.
I applied the "cleaned up list" posted in this thread to block Windows 10 Telemetry, to an alias and added a block rule to my installation of pfsense and everything seemed to work fine....that is until my 5 year old couldn't get on YouTube through my XBOX One. Tried everything to troubleshoot it, cause it seemed to work everywhere else on my network, just not the xbox. In a Last ditch effort to get it to work, I disabled the firewall rule that i setup to block telemetery....and sucess.
Anyone have any idea which entry in that list is the issue? I looked, and there are no obvious references to youtube or xbox in the list. Needless to say, this firewall rule will stay disabled until I can narrow it down.
I noticed someone posted the IP's for Windows Telemetry on Pfsense.org. Pfsense probably caches the IP's the first time there is a lookup but in theory you might be able to save a few nanoseconds.
Hey, since I haven't found any tutorial on the Internet for that I just want to give some tip for dynamic aliases of Autonomous Systems (AS).
This was evaluated with Steam and Steam Game Servers like CS:GO. I am optimistic this method is also capable of solving Netflix situations mentioned in this thread above.
With the package pfBlockerNG one can define Aliases of AS. These System numbers can be found in ntopng logs (package) or for example on the Hurricane Electric page http://bgp.he.net.
All you need to do is create a native Alias by providing the ASN to pfBlockerNG, Format Whois. pfBlockerNG will then resolve to IPs, automatically download, and update this Alias. For Netflix you may need to +Add more than one ASN to the set.
The MS Telemetry list in the beginning of the thread affects Skype connectivity. I removed some obvious ones, but can't figure out which other ones are blocking Skype. Anyone ran into this?
What about pfsense requiring AES-NI processor support in version 2.5 and newer? Some not that old lower power hardware probably won't have that support. Kinda seems the pfsense team is forcing people to consider their appliances they sell.
I actually thought wendell already mentioned this in some video, and I thought they wanted to do this series on opnsense, was a little suprised when the first came online with pfsense...
AES in hardware is simply the correct choice. There is no market for software AES in any business scenario and arguably not in retail either. Openwrt provides plenty of support for consumer low end routers.
Apparently Netgate has responded to the same criticism that you mentioned. In a nutshell, they decided to go for an AES-NI requirement because pure software-based AES implementations are apparently more vulnerable to side-channel attacks.
Hi and thanks for pfSense Part 3 controlling routes.
I want to isolate my Apple TVs and Roku from my PIA OpenVPN and allow them to pass through the ISP WAN giving me the full 200 Mbps. I set up static addresses of the devices and I want to control the routes using the MAC addresses method. All of these devices are on my igb0 Wireless Interface. Where do I create the Firewall rule and is this action a Pass or Block?