https://dawning.ca/tags/pfsense/Recent content in Pfsense onHugo -- gohugo.ioenCopyright © James SnellWed, 17 Jan 2018 15:17:57 +0000https://dawning.ca/posts/using-pfsense-to-sign-private-wildcard-ssl-certificates/Wed, 17 Jan 2018 15:17:57 +0000https://dawning.ca/posts/using-pfsense-to-sign-private-wildcard-ssl-certificates/ <p><figure> <picture> <img loading="lazy" decoding="async" alt="" class="image_figure image_internal image_unprocessed" src="https://dawning.ca/uploads/2018/01/Screen-Shot-2018-01-17-at-3.09.38-PM.png" /> </picture> </figure> <a href="https://www.pfsense.org/download/">pfsense</a> is a wonderful router appliance <a href="https://en.wikipedia.org/wiki/FreeBSD">BSD</a> distro that I&rsquo;ve enjoyed for some years now.</p> <p>I use the <a href="https://doc.pfsense.org/index.php/Certificate_Management">pfsense certificate manager</a> to issue certs for my VPN client devices. For my Internet-facing life, I have legit SSL certs for everything, I&rsquo;ve a neurosis about it. But it&rsquo;s bothered me that for my LAN servers, I&rsquo;ve continued to use Self-Signed certs for interfaces. Today I fix that.</p> <p>Here are my notes on how to create and sign a wild-card SSL cert using pfsense for internal use. Note that this approach means you will make your own certificate authority which then must have its root cert installed on any machine you want to use your own certs.</p>https://dawning.ca/posts/airplay-through-pfsense-bridge/Thu, 23 Dec 2010 19:27:48 +0000https://dawning.ca/posts/airplay-through-pfsense-bridge/ <p><a href="https://dawning.ca/uploads/external/WiresharkOnAirTunes_a3fe1ae5.png"><figure> <picture> <img loading="lazy" decoding="async" alt="" class="image_figure image_internal image_unprocessed" src="https://dawning.ca/uploads/external/WiresharkOnAirTunes_a3fe1ae5.png" /> </picture> </figure> </a>Howdy all, geek-mode enabled.</p> <p>So I&rsquo;ve been fighting somewhat to get my <a href="http://en.wikipedia.org/wiki/Airtunes">AirPlay </a>enabled device (<a href="http://en.wikipedia.org/wiki/Appletv">Apple TV</a>) to function perfectly. I use <a href="http://en.wikipedia.org/wiki/Pfsense">pfsense</a> to run my router and in so doing I&rsquo;ve got a Wireless and Wired network that are <a href="http://en.wikipedia.org/wiki/Network_bridge">bridged together</a>. I found with the <a href="http://en.wikipedia.org/wiki/Appletv">AppleTV</a> that only devices on the same physical media could stream to it, though all devices could &ldquo;see&rdquo; it.</p> <p>After submitting a feature request to Apple over this, I decided I wanted it solved for me anyway and I felt close to the solution. Since I had no logs to go by, I decided to bust out <a href="http://en.wikipedia.org/wiki/Wireshark">Wireshark</a> to sniff all the involved network traffic. Suffice to say, I was rather entertained to find that when using AirPlay the payloads are flying around in <a href="http://en.wikipedia.org/wiki/Ipv6">IPv6</a>, not <a href="http://en.wikipedia.org/wiki/Ipv4">IPv4</a>. Just look at the caption in this post. All those teal packets is iTunes streaming audio to my AppleTV via AirPlay. It&rsquo;s <a href="http://en.wikipedia.org/wiki/User_Datagram_Protocol">UDP</a> over IPv6. Neato.</p>