Re: [Efw-user] Internal port forwarding...
Figured that was my only option. Time to dust off the ip tables book. Thanks Mike! On Tue, Dec 16, 2008 at 11:38 AM, Mike Knisely mknis...@mtbt.com wrote: Internal to Internal… eh? Here's how I interpret you example then: You want all connections from the Green network that hit your firewall with any destination target at port TCP/4545 to be redirected to an internal machine. Is that correct? If so, you'll have to mess w/ IP tables at the command line. This type of solution is not in the GUI. Mike K. -- *From:* toby [mailto:toby...@gmail.com] *Sent:* Monday, December 15, 2008 11:15 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] Internal port forwarding... Hello Mike, I am using 2.1.2 and I am referring to internal to internal port forwarding not external (red) to internal (green). If I do as you suggested that is for red to green and will open up a port to the outside world into my LAN. Sorry for being unclear in my original post. toby On Mon, Dec 15, 2008 at 9:12 PM, Mike Knisely mknis...@mtbt.com wrote: Depends on your version... I'll assume you're running 2.2RC3: 1: Log into the Web Interface 2: Go to Firewall 3: You'll be on the Port Forwarding /NAT by default 4: Add a new port forwarding rule 5: Know weather you're got a TCP or UDP port being forwarded, and choose the proper protocol. 6: Choose the appropriate incoming IP... if you want all outside IP addresses leave the default. 7: List your port number as the Port on incoming 8: Put in your inside IP of the machine you want the port forwarded to 9: Put the port you want it forwarded too as the destination... probably the same as the incoming port 10: FILL IN THE REMARK so you can figure out why you forwarded that port! 11: Click Add 12: Click Apply You're done! Michael J. Knisely From: toby [mailto:toby...@gmail.com] Sent: Mon 12/15/2008 20:22 To: efw-user@lists.sourceforge.net Subject: [Efw-user] Internal port forwarding... Hi all, How do I setup EFW to redirect all traffic to say port 4545 to a specific host (192.168.2.120)? I do not see where to set this up in web GUI. TIA!!! toby -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Internal port forwarding...
Hi all, How do I setup EFW to redirect all traffic to say port 4545 to a specific host (192.168.2.120)? I do not see where to set this up in web GUI. TIA!!! toby -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Internal port forwarding...
Hello Mike, I am using 2.1.2 and I am referring to internal to internal port forwarding not external (red) to internal (green). If I do as you suggested that is for red to green and will open up a port to the outside world into my LAN. Sorry for being unclear in my original post. toby On Mon, Dec 15, 2008 at 9:12 PM, Mike Knisely mknis...@mtbt.com wrote: Depends on your version... I'll assume you're running 2.2RC3: 1: Log into the Web Interface 2: Go to Firewall 3: You'll be on the Port Forwarding /NAT by default 4: Add a new port forwarding rule 5: Know weather you're got a TCP or UDP port being forwarded, and choose the proper protocol. 6: Choose the appropriate incoming IP... if you want all outside IP addresses leave the default. 7: List your port number as the Port on incoming 8: Put in your inside IP of the machine you want the port forwarded to 9: Put the port you want it forwarded too as the destination... probably the same as the incoming port 10: FILL IN THE REMARK so you can figure out why you forwarded that port! 11: Click Add 12: Click Apply You're done! Michael J. Knisely From: toby [mailto:toby...@gmail.com] Sent: Mon 12/15/2008 20:22 To: efw-user@lists.sourceforge.net Subject: [Efw-user] Internal port forwarding... Hi all, How do I setup EFW to redirect all traffic to say port 4545 to a specific host (192.168.2.120)? I do not see where to set this up in web GUI. TIA!!! toby -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Endian Community Edition with 6 NETWORK INTERFACES
Francis, I think you are going to have to download and install the community edition of Endian and see if it works. If not consult Endian about their commercial version as I know it supports more than four since their Macro/Macro X2 appliances come with 7 NICs. Regards, Toby. On Fri, Oct 10, 2008 at 12:46 AM, Francis Lee B. Mondia [EMAIL PROTECTED]wrote: I'm currently using IPCop with 6 network interfaces. I want to use Endian Community Firewall wit the same configuration (6 Interfaces). Does Endian have the same or an equivalent module to allow more than 4 network interfaces? My idea is to have 5 LANs being handled by the EFW box. I think it does support this since the Macro X2 product has 7 Ethernet ports but I haven't seen anything on the net describing such a setup. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] OOT, other software
Looks pretty slick. On Fri, Oct 10, 2008 at 3:36 PM, yuan yudistira [EMAIL PROTECTED] wrote: I know this is out of topic I juts want to inform all of you, after no luck installing endian, I try other open source software (untangle), and it works as expected within 30 minutes or less installation process. Thank you all for your support Love always and God Bless you! YUAN - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] content filter and URL black list not working -
AJ, I can get the content filter working if i deny www access on port 80 in the outgoing firewall. This forces users to go through the proxy. You might want to try this on 2.2.x. Regards, Eric. On Mon, Sep 15, 2008 at 10:26 AM, AJ Weber [EMAIL PROTECTED] wrote: I have seen other, similar bugs reported in the bugtracker, but mine - specifically - is listed as Open Assigned. I can't comment whether it is a known bug by Endian, but it seems to be a known bug by the community. http://bugs.endian.it/view.php?id=1319 AFAIK, no one yet has come forward to say they've successfully gotten it working with 2.2.x. (That's not to say people HAVE gotten it working, but no one has reported it working in the forum.) -AJ - Original Message - *From:* Mark Brotcke [EMAIL PROTECTED] *To:* AJ Weber [EMAIL PROTECTED] ; efw-user@lists.sourceforge.net *Sent:* Monday, September 15, 2008 10:54 AM *Subject:* Re: [Efw-user] content filter and URL black list not working - So this is a known bug? That the content filter does not work? -Mark *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *AJ Weber *Sent:* Monday, September 15, 2008 8:59 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] content filter and URL black list not working Yes, I confirmed that dansguardian and squid are running and listening on the right ports. I also reviewed the conf files in the /etc/dansguardian directory. They look fine, and when I change the properties, they're reflected there. Like I said, the blacklist is also enforced by dansguardian, and that works every time. -AJ - Original Message - *From:* compdoc [EMAIL PROTECTED] *To:* efw-user@lists.sourceforge.net *Sent:* Monday, September 15, 2008 9:44 AM *Subject:* Re: [Efw-user] content filter and URL black list not working Are the gui settings making it into the DansGuardian config files, and in the right format? Any errors in the logs? From the website: DansGuardian is a filtering pass-through that sits between the client browser and the Squid proxy. It listens on port 8080 and connects to squid on port 3128. So you must have no other daemon running already using port 8080. I haven't tried the newer releases on efw, so I don't know what version of DansGuardian its using... This site has some excellent steps for setting it up, so might help in trouble-shooting: http://gentoo-wiki.com/Dansguardian -- - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ -- ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.2RC2 Contentfilter not working?
Hello AJ, I am experiencing the same issue however with EFW 2.1.2. I have yet to figure out what is going on. I will update your thread if I find anything and keep an eye on yours if you find a solution. Regards, Eric. On Sun, Sep 7, 2008 at 2:02 PM, AJ Weber [EMAIL PROTECTED] wrote: I'm testing the RC2 release, and I tried enabling the content filter with a very low threshold (tried 50 then 20). Edited the default policy and have one rule: Content filter only -- enabled what seems like 24x7. Enabled the proxy on 8080 with No Authentication. Updated my browser to use the proxy on 8080. I can search and display pages with some seriously naughty stuff. I also noticed that the rule enabled graph that shows-up in previous versions below the rule-list, doesn't show at all. It's blank space and the legend is at the bottom. When I try surfing thru the proxy, I DO see squid and dansguardian procs pop to the top (using top), but they don't seem to be filtering anything. Am I missing something here? Thanks, AJ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
Yes, DNS Proxy is not enabled. I tried looking it up in EFW docs and it is not listed. I will try google to see what is going on with squid and dansguardian. However, I must admit I'm a bit pessimistic since both packages are rolled into EFW and not stand alone. Sometimes people don't want to help in situations like these. On Wed, Aug 27, 2008 at 4:54 PM, compdoc [EMAIL PROTECTED] wrote: The efw transparent dns proxy is not used on green as well? Probably doesn't matter. I was googling DansGuardian and it seems tied to squid. Might be time to troubleshoot the both of them. Google is your friend... *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, August 27, 2008 3:33 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working... I have the DNS set that way so the clients can see the domain (Windows server 2008). If I do not make the domain primary DNS on DHCP server then clients can't connect. Allowed subnets has: 10.7.7.0/255.255.255.0 Subnet on public (red) is 255.255.255.240. On Wed, Aug 27, 2008 at 4:29 PM, compdoc [EMAIL PROTECTED] wrote: That all looks good. The only difference I see is that I use the efw as the primary dns server. You might try changing it as a test. Make sure that on the page Advanced Web Proxy Network based access control Allowed subnets, that your correct subnet mask is entered there. And that no one is allowed to bypass the transparent proxy. What's the subnet range, etc. used on the red/public nic? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, August 27, 2008 3:07 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working... compdoc, I made my settings look like your suggestions and I still have the same issue. I can go to www.gambling.com without being blocked. Here are the IP settings from one of the machines: C:\ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : workstation2 Primary Dns Suffix . . . . . . . : corp.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : corp.local corp.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : corp.local Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-10-18-09-CF-35 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.7.7.221 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.7.7.1 DHCP Server . . . . . . . . . . . : 10.7.7.1 DNS Servers . . . . . . . . . . . : 10.7.7.21 68.105.28.11 Lease Obtained. . . . . . . . . . : Wednesday, August 27, 2008 3:51:41 PM Lease Expires . . . . . . . . . . : Wednesday, August 27, 2008 4:51:41 PM On Wed, Aug 27, 2008 at 2:14 PM, compdoc [EMAIL PROTECTED] wrote: - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
Yes, I have a regular PC I can test with. I'm going to backup the configuration from current network appliance and import to regular PC with EFW installed. On Thu, Aug 28, 2008 at 9:02 AM, compdoc [EMAIL PROTECTED] wrote: Hmm – it might not be that the hardware is bad, but maybe it has a compatibility problem. I didn't realize you weren't using a standard PC. No older PC sitting around that you could test with? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, August 28, 2008 7:58 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working... Just to show you what I'm working with :) http://axiomtek.com/products/ViewProduct.asp?view=565 It is a nice piece of equipment with Intel Gigagit NICs, 2GB DDR Ram, Intel proc... However, hardware could be bad. I will SSH into the box and take a look around. Thanks for everything. On Thu, Aug 28, 2008 at 8:46 AM, compdoc [EMAIL PROTECTED] wrote: - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
Checking out running services I have 94 of the following all with different PIDs nobody 19694 0.0 1.3 31884 28136 ? SAug27 0:00 /usr/sbin/dansguardian nobody 19695 0.0 1.3 31884 28148 ? SAug27 0:00 /usr/sbin/dansguardian Could this be the problem :) On Thu, Aug 28, 2008 at 9:08 AM, toby [EMAIL PROTECTED] wrote: Yes, I have a regular PC I can test with. I'm going to backup the configuration from current network appliance and import to regular PC with EFW installed. On Thu, Aug 28, 2008 at 9:02 AM, compdoc [EMAIL PROTECTED] wrote: Hmm – it might not be that the hardware is bad, but maybe it has a compatibility problem. I didn't realize you weren't using a standard PC. No older PC sitting around that you could test with? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, August 28, 2008 7:58 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working... Just to show you what I'm working with :) http://axiomtek.com/products/ViewProduct.asp?view=565 It is a nice piece of equipment with Intel Gigagit NICs, 2GB DDR Ram, Intel proc... However, hardware could be bad. I will SSH into the box and take a look around. Thanks for everything. On Thu, Aug 28, 2008 at 8:46 AM, compdoc [EMAIL PROTECTED] wrote: - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
squid.out log shows: 2008/08/28 09:54:52| WARNING cache_mem is larger than total disk cache space! however, I have cache mem set to 512 and HD Cache size set to 2048 and I get the message above. I've saved and restarted. I also have PIDs for squid, clamav but no dansguardian. I also noticed the following in cache.log for squid 2008/08/28 09:56:34| TCP connection to 127.0.0.1/ failed 2008/08/28 09:56:36| TCP connection to 127.0.0.1/ failed 2008/08/28 09:56:38| TCP connection to 127.0.0.1/ failed 2008/08/28 09:56:46| TCP connection to 127.0.0.1/ failed 2008/08/28 09:56:46| Detected DEAD Parent: 127.0.0.1 On Thu, Aug 28, 2008 at 9:26 AM, Mike Tremaine [EMAIL PROTECTED] wrote: toby wrote: Checking out running services I have 94 of the following all with different PIDs nobody 19694 0.0 1.3 31884 28136 ? SAug27 0:00 /usr/sbin/dansguardian nobody 19695 0.0 1.3 31884 28148 ? SAug27 0:00 /usr/sbin/dansguardian Could this be the problem :) No that is normal. Both Dansguardian and Havp will have lots of child processes running. Now I'll admit I have not been following your problem so I'm not sure exactly what is wrong but if you suspect having trouble with the content filter double check the stack which is Squid - Dansguardian - Havp each has it's own set of logs under /var/log each must be running. Also verify that Clamd is functioning correctly [is running can execute freshclam etc] -Mike - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
The 512MB was my doing. Out of box it was set to 20MB. I bumped it up since I have 2GB RAM in the box but I took your recommendation and dropped it down to 256MB. I restarted dansguardian but /var/log/dansguardian/ log file doesn't exist. The only thing that is there is access.log. On Thu, Aug 28, 2008 at 10:22 AM, Mike Tremaine [EMAIL PROTECTED] wrote: toby wrote: squid.out log shows: 2008/08/28 09:54:52| WARNING cache_mem is larger than total disk cache space! however, I have cache mem set to 512 and HD Cache size set to 2048 and I get the message above. I've saved and restarted. 512MB of cache_mem is a little high. Was that the default in 2.1.2? You can safely knock that back to 256MB. I also have PIDs for squid, clamav but no dansguardian. I also noticed the following in cache.log for squid 2008/08/28 09:56:34| TCP connection to 127.0.0.1/ http://127.0.0.1/ failed 2008/08/28 09:56:36| TCP connection to 127.0.0.1/ http://127.0.0.1/ failed 2008/08/28 09:56:38| TCP connection to 127.0.0.1/ http://127.0.0.1/ failed 2008/08/28 09:56:46| TCP connection to 127.0.0.1/ http://127.0.0.1/ failed 2008/08/28 09:56:46| Detected DEAD Parent: 127.0.0.1 http://127.0.0.1 Dansguardian runs on port so it is obviously not working. Try /etc/init.d/dansguradian restart and see why it fails. Check /var/log/dansguardian logs. -Mike - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Proxy Ldap
Marcelo, I would like to implement LDAP with Server 2008 AD. How did you do this for 2003? I tried using Windows integration but when I choose Advanced under Proxy it says it cannot connect to AD. I think this might be due to AD changes in server 2008 though. Thanks, Eric. On Wed, Aug 27, 2008 at 8:13 PM, Marcelo Santos [EMAIL PROTECTED] wrote: Hello everybody, I'm fixed the problem with user, but now, NO user was able to surf, even the users that are in the groups that have permission to browse the internet. When I try to open a URL address, the realm prompt appears on IE, and no matter how password I put, the realm prompt appears and appears again. The temporary solution that I found is turn off ldap auth for a while... Any tips? Marcelo. On Wed, Aug 27, 2008 at 21:55, Marcelo Santos [EMAIL PROTECTED] wrote: Hello People! I've made sucessfully a conection to my Windows 2003 AD. I can see the groups that I've put on same OU of ldap auth user. But, I choose a specific AD user, that isn't on ANY of both groups, and, the user is able to surf on internet without problems. If I configure the Internet Exploter to doesn't use proxy, OK, the user was not able to surf. The configuration that I trying to achieve is allow one group to surf without any restrictions, and, another one (the mortals) surf to internet with content filtering, block some urls, and so on. I'm using the Endian Firewall Community release 2.2.rc2. By the way, the best Firewall distro that I've seen till now. Any help would be very much appreciated. Regards, Marcelo Santos Digital Domain +5511 4220-3518 Phone +5511 9768-3330 Mobile marcelo(at)digitaldomain.com.br www.digitaldomain.com.br *Solutions for a Digital World* - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
All, I have EFW 2.1.2 up and running however it is not filtering web content. I have proxy enabled and set to transparent and have checked gambling, porn, nudity, etc in content filter section. I also checked content filter and antivirus on Proxy page. However, I can go to gambling sites as well as others without being blocked. What is going on? Thanks in advance, Eric. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
Yes. On Wed, Aug 27, 2008 at 1:49 PM, compdoc [EMAIL PROTECTED] wrote: Are the workstations using DHCP from the efw? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, August 27, 2008 11:12 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working... All, I have EFW 2.1.2 up and running however it is not filtering web content. I have proxy enabled and set to transparent and have checked gambling, porn, nudity, etc in content filter section. I also checked content filter and antivirus on Proxy page. However, I can go to gambling sites as well as others without being blocked. What is going on? Thanks in advance, Eric. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
compdoc, I made my settings look like your suggestions and I still have the same issue. I can go to www.gambling.com without being blocked. Here are the IP settings from one of the machines: C:\ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : workstation2 Primary Dns Suffix . . . . . . . : corp.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : corp.local corp.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : corp.local Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-10-18-09-CF-35 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.7.7.221 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.7.7.1 DHCP Server . . . . . . . . . . . : 10.7.7.1 DNS Servers . . . . . . . . . . . : 10.7.7.21 68.105.28.11 Lease Obtained. . . . . . . . . . : Wednesday, August 27, 2008 3:51:41 PM Lease Expires . . . . . . . . . . : Wednesday, August 27, 2008 4:51:41 PM On Wed, Aug 27, 2008 at 2:14 PM, compdoc [EMAIL PROTECTED] wrote: I use these settings on 2.1.2: Advanced Web Proxy Tab Enabled on Green: checked Transparent on Green: checked Contentfilter enabled: checked Antivirus enabled: checked (not needed for content, but a good idea) *** Content filter (Dansguardian) Tab Max. score for phrases (50-300): 300 PICS: checked Block pages which contain phrases of the following categories (check all that apply) Block pages known to have content of the following categories (check all that apply) ** And you'll need to add sites you visit to the whitelist. I had to update the AV keep it from stopping/crashing occasionally. Theres instructions on the web... Could you show the settings of ipconfig (or ifconfig) from a typical workstation? - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working...
I have the DNS set that way so the clients can see the domain (Windows server 2008). If I do not make the domain primary DNS on DHCP server then clients can't connect. Allowed subnets has: 10.7.7.0/255.255.255.0 Subnet on public (red) is 255.255.255.240. On Wed, Aug 27, 2008 at 4:29 PM, compdoc [EMAIL PROTECTED] wrote: That all looks good. The only difference I see is that I use the efw as the primary dns server. You might try changing it as a test. Make sure that on the page Advanced Web Proxy Network based access control Allowed subnets, that your correct subnet mask is entered there. And that no one is allowed to bypass the transparent proxy. What's the subnet range, etc. used on the red/public nic? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, August 27, 2008 3:07 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] EFW 2.1.2 community version Proxy/Content filter not working... compdoc, I made my settings look like your suggestions and I still have the same issue. I can go to www.gambling.com without being blocked. Here are the IP settings from one of the machines: C:\ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : workstation2 Primary Dns Suffix . . . . . . . : corp.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : corp.local corp.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : corp.local Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-10-18-09-CF-35 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.7.7.221 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.7.7.1 DHCP Server . . . . . . . . . . . : 10.7.7.1 DNS Servers . . . . . . . . . . . : 10.7.7.21 68.105.28.11 Lease Obtained. . . . . . . . . . : Wednesday, August 27, 2008 3:51:41 PM Lease Expires . . . . . . . . . . : Wednesday, August 27, 2008 4:51:41 PM On Wed, Aug 27, 2008 at 2:14 PM, compdoc [EMAIL PROTECTED] wrote: - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] EFW 2.2 Commercial vs. Community feature comparison inquiry...
Thanks for the replies all. Guess all we can do now is wait and see what Endian will do regarding SVN. On Tue, Aug 5, 2008 at 2:58 AM, Gregory Machin [EMAIL PROTECTED] wrote: Ed Palma wrote: I think the idea is that the next big project is moving Endian to a public SVN as soon as community 2.2 is finally complete. That's what I heard. I think they were thinking about starting in November but I'd not be surprised if the devs were a touch late. Anyone have more details? Endian is pretty handy, but it's progress is slow and inconvenient because development is essentially closed source. I think they know if they continue this way they'll eventually be forked into a better genuinely open distribution. Might as well maintain control of the project. I'm praying for SVN. I've been considering the fork-ing option for a long time now. Would be a pity to have to do it .. -- Gregory Machin CT-Net www.ct-net.org [EMAIL PROTECTED] phone : +27 12 379 3497 fax : +27 12 379 4113 Cell : +27 72 524 8096 humans do not use the address below its for trapping spam. spamtrap [EMAIL PROTECTED] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Zero sized reply when viewing any webpage...
All, When users connect to the internet they receive, Zero sized reply from proxy/content management server. How do I resolve this issue? I disabled the proxy for the time being as a workaround. Thanks, Toby. - Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Zero sized reply when viewing any webpage...
Thanks, I'll try their recommendations. On Thu, Jul 3, 2008 at 9:17 AM, [EMAIL PROTECTED] wrote: http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-f4a45377a57a797587e0c67314da8c603f1581cc All, When users connect to the internet they receive, Zero sized reply from proxy/content management server. How do I resolve this issue? I disabled the proxy for the time being as a workaround. Thanks, Toby. - Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] VLAN support in 2.1
All, I need to separate my network for a small subset of computers. The current LAN is on a 192.168.2.0 network and I want the other group of computers (without internet/access to 192.168.2.0 network) to be on 192.168.3.0. How would I configure this with EFW 2.1? Thanks, toby. - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] EFW 2.1.2 install in Windows server 2003 environment...
Hi all, I have a Windows 2003 environment (soon to be 2008) where I have one 2003 server and 5 workstations. The server is currently a domain controller, file server, and application server. My current router is the DHCP server and will be replaced with the EFW. I plan on using EFW as a VPN appliance, DHCP server, IDS, and proxy to connect remote users to the domain controller. What do i need to know before I implement this? Any caveats? Current LAN Network: 10.7.7.0/255.255.255.0 WAN Network: 79.x.x.x TIA, toby - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Enable proxy..which authentication method? **details inside**
Hi all, My goal here is to use EFW as proxy to filter and monitor internet usage. I have no LDAP, AD, or anything setup now for user management. We simply use single samba server as file server. With that said, my only option is to use the local user management within EFW which is fine until I deploy LDAP. However, what is the best way to force users to use EFW as proxy so i can filter, log, and monitor usage? All users are using Windows XP with one using Vista. Thanks, Toby. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Soekris engineering boards and EFW...
Nice article. I am trying to build something similar to what EFW is selling. I initially thought their EFW mini was a soekris but it doesn't look like it. This led me down the rabbit hole. I'm still waiting on quote from EFW for their hardware appliances. Toby. On Dec 7, 2007 9:47 AM, compdoc [EMAIL PROTECTED] wrote: I like a little more horsepower than 266MHz: http://www.popsci.com/popsci/how20/157a2ea4fc033110vgnvcm104eecbccdrcrd.html Normally tho, I use lower cost ATX equipment that's only a generation or two behind. Socket 370 is ok, but socket A or Socket 478 is better. Even Socket 754... *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, December 06, 2007 2:09 PM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] Soekris engineering boards and EFW... Hi all, Anyone have any luck with any of their boards acting as EFW appliance? Thanks, Toby. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.17/1177 - Release Date: 12/7/2007 1:11 PM - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Upon more testing I figured out that the route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 line adds the route to my local network. Problem still remains though, I am unable to browse the web or connect to 10.10.7.1 (Green IP) when connected. I can access web gui from RED on another machine and i see my connection under OpenVPN as established. Something is just screwy with routing looks like. Suggestions? Toby. On Dec 5, 2007 7:57 PM, toby [EMAIL PROTECTED] wrote: NICs are connected correctly. I figured out why i was unable to connect to EFW via public IP. I fat-fingered the gateway :). So now I can connect using OpenVPN. I also enabled DHCP and put it on a 10.10.7.0 network for testing purposes. So now I get a 10.10.7.x address when connecting via VPN. However, I am unable to browse the internet after connecting. My LAN is 192.168.1.0 and after connecting the VPN NIC is 10.10.7.200. So that shouldn't be the problem. I have included text from console after connection has been established. ** begin ** Wed Dec 05 19:48:56 2007 [127.0.0.1] Peer Connection Initiated with 210.x.x.x:1194 Wed Dec 05 19:48:57 2007 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Wed Dec 05 19:48:57 2007 PUSH: Received control message: 'PUSH_REPLY,route-gatew ay 10.10.7.1,route-gateway 10.10.7.1,ping 10,ping-restart 120,redirect-gateway,i fconfig 10.10.7.220 255.255.255.0' Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: timers and/or timeouts modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: --ifconfig/up options modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: route options modified Wed Dec 05 19:48:57 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\ Global\{8F306703-4644-4D92-8D71-50FC27042B8F}.tap Wed Dec 05 19:48:57 2007 TAP-Win32 Driver Version 8.4 Wed Dec 05 19:48:57 2007 TAP-Win32 MTU=1500 Wed Dec 05 19:48:57 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 0.10.7.220/255.255.255.0 on interface {8F306703-4644-4D92-8D71-50FC27042B8F} [DHCP-serv: 10.10.7.0, lease-time: 31536000] Wed Dec 05 19:48:57 2007 Successful ARP Flush on interface [4] {8F306703-4644-4D92-8D71-50FC27042B8F} Wed Dec 05 19:48:57 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:57 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:58 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:58 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:59 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:00 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:00 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:02 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:02 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:03 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Wed Dec 05 19:49:03 2007 route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1 Wed Dec 05 19:49:03 2007 Route deletion via IPAPI succeeded Wed Dec 05 19:49:03 2007 route ADD 0.0.0.0 MASK 0.0.0.0 10.10.7.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 Initialization Sequence Completed ** end ** this line: route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 concerns me because the mask for 210.x.x.x should be 255.255.255.248 and I do not know where it is getting 192.168.1.1. Good news is we are getting closer :) Thanks, Toby On Dec 5, 2007 5:51 PM, compdoc [EMAIL PROTECTED] wrote: Are you sure you've got the red and green nics connected correctly? *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, December 05, 2007 4:12 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
[Efw-user] Endian hardware appliances -- Mercury, Mercury Pro, etc.?
Hi all, Poking around endian.it and noticed their hardware appliances. Anyone know which computer vendor they use for these? Also, has anyone purchased and/or played with any of them? They look really sweet and if the price is right I might purchase one to replace the Intel Pentium 2 box I am trying to bring online now. TIA, Toby. - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Soekris engineering boards and EFW...
Hi all, Anyone have any luck with any of their boards acting as EFW appliance? Thanks, Toby. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I have tried and i cannot connect. I am going to verify I have added port 22 for external access as comp-doc suggested. I thought I had made this change but we shall see. Toby. On Dec 4, 2007 11:08 AM, Kenton and Saundi Brown [EMAIL PROTECTED] wrote: I do now if using an external dhcp will have an affect. I am using the efw dhcp. Are you able to test it from outside the local lan via a public connection using the red interface IP? On 12/3/07, toby [EMAIL PROTECTED] wrote: I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpnto my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Update: I added port 22 for external access and I cannot access public IP via SSH from outside of network. However, if I ssh into a server on LAN ( 192.168.1.0) going through Linksys router WAN (210.x.x.x) I can then SSH 210.x.x.x into efw box. The efw box has its own public IP as does the Linksys box all within the same range that was given to me by ISP. My setup now is as follows: EFW RED: 210.x.x.x EFW GREEN: 10.10.7.1 EFW DHCP: 10.10.7.100 to 10.10.7.120 EFW OpenVPN: 10.10.7.150 to 10.10.7.165 I still can't connect via VPN. I can provide any needed info to further troubleshooting. Toby. On Dec 5, 2007 9:13 AM, toby [EMAIL PROTECTED] wrote: I have tried and i cannot connect. I am going to verify I have added port 22 for external access as comp-doc suggested. I thought I had made this change but we shall see. Toby. On Dec 4, 2007 11:08 AM, Kenton and Saundi Brown [EMAIL PROTECTED] wrote: I do now if using an external dhcp will have an affect. I am using the efw dhcp. Are you able to test it from outside the local lan via a public connection using the red interface IP? On 12/3/07, toby [EMAIL PROTECTED] wrote: I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpnto my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) On Dec 5, 2007 5:11 PM, compdoc [EMAIL PROTECTED] wrote: If you cant connect to openvpn or ssh, your ports are being blocked. Could be several reasons: Public ip setup is wrong (such as the wrong subnet mask, etc), or someone else is using the ip address you're trying to use. The dsl modem isn't in bridged mode and is using nat instead. A cable is bad, or the cabling is not correct. The ISP blocks those ports. *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, December 05, 2007 3:36 PM *To:* Kenton and Saundi Brown *Cc:* Efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Update: I added port 22 for external access and I cannot access public IP via SSH from outside of network. However, if I ssh into a server on LAN ( 192.168.1.0) going through Linksys router WAN ( 210.x.x.x) I can then SSH 210.x.x.x into efw box. The efw box has its own public IP as does the Linksys box all within the same range that was given to me by ISP. My setup now is as follows: EFW RED: 210.x.x.x EFW GREEN: 10.10.7.1 EFW DHCP: 10.10.7.100 to 10.10.7.120 EFW OpenVPN: 10.10.7.150 to 10.10.7.165 I still can't connect via VPN. I can provide any needed info to further troubleshooting. Toby. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
NICs are connected correctly. I figured out why i was unable to connect to EFW via public IP. I fat-fingered the gateway :). So now I can connect using OpenVPN. I also enabled DHCP and put it on a 10.10.7.0 network for testing purposes. So now I get a 10.10.7.x address when connecting via VPN. However, I am unable to browse the internet after connecting. My LAN is 192.168.1.0and after connecting the VPN NIC is 10.10.7.200. So that shouldn't be the problem. I have included text from console after connection has been established. ** begin ** Wed Dec 05 19:48:56 2007 [127.0.0.1] Peer Connection Initiated with 210.x.x.x:1194 Wed Dec 05 19:48:57 2007 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Wed Dec 05 19:48:57 2007 PUSH: Received control message: 'PUSH_REPLY,route-gatew ay 10.10.7.1,route-gateway 10.10.7.1,ping 10,ping-restart 120,redirect-gateway,i fconfig 10.10.7.220 255.255.255.0' Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: timers and/or timeouts modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: --ifconfig/up options modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: route options modified Wed Dec 05 19:48:57 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\ file://./ Global\{8F306703-4644-4D92-8D71-50FC27042B8F}.tap Wed Dec 05 19:48:57 2007 TAP-Win32 Driver Version 8.4 Wed Dec 05 19:48:57 2007 TAP-Win32 MTU=1500 Wed Dec 05 19:48:57 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 0.10.7.220/255.255.255.0 on interface {8F306703-4644-4D92-8D71-50FC27042B8F} [DHCP-serv: 10.10.7.0, lease-time: 31536000] Wed Dec 05 19:48:57 2007 Successful ARP Flush on interface [4] {8F306703-4644-4D92-8D71-50FC27042B8F} Wed Dec 05 19:48:57 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:57 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:58 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:58 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:59 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:00 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:00 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:02 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:02 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:03 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Wed Dec 05 19:49:03 2007 route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1 Wed Dec 05 19:49:03 2007 Route deletion via IPAPI succeeded Wed Dec 05 19:49:03 2007 route ADD 0.0.0.0 MASK 0.0.0.0 10.10.7.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 Initialization Sequence Completed ** end ** this line: route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 concerns me because the mask for 210.x.x.x should be 255.255.255.248 and I do not know where it is getting 192.168.1.1. Good news is we are getting closer :) Thanks, Toby On Dec 5, 2007 5:51 PM, compdoc [EMAIL PROTECTED] wrote: Are you sure you've got the red and green nics connected correctly? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, December 05, 2007 4:12 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpn to my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
This is very odd. I simply click the Download CA link in web interface and it saves as .pem. Changing the file to .crt and modifying client.ovpn file to reflect the change makes no difference. The only way I can ssh into the EFW box is to ssh into another machine on LAN and then SSH into the GREEN NIC. It would be nice if I could SSH into the RED NIC and just disable root from SSH. Toby. On Dec 4, 2007 12:14 AM, compdoc [EMAIL PROTECTED] wrote: Certainly worth enabling for testing. I once had trouble connecting. I found that the user account I had created had stopped working. I had to delete the account and recreate it. This seemed to occur after I had created and then edited the account, or maybe made some major change to the system. I don't really know why it stopped working, but after recreating it, it worked. You seem to not be receiving the key (cert), or you're not sending it. The client is outside the lan? Can you connect by ssh? Also, maybe rename the cert to .cer, or find out why yours are ending in .pem Map looks fine. *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Monday, December 03, 2007 9:54 PM *To:* [EMAIL PROTECTED] *Cc:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. 007 12:20 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.13/1167 - Release Date: 12/3/2007 12:20 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I am not allowing EFW to be DHCP server as I have another box doing that (Linksys) once I iron out VPN issue I will make EFW DHCP server. You do bring up a good point about OVPN IPs being same as GREEN. GREEN is 192.168.1.0 and OVPN is 10.8.0.0 I will make this change and see if that works. I do have cert in same folder and client config. Thing is I can connect to current OVPN server fine. Clueless as to why I can't from EFW using cert from EFW and user created in EFW. Again, remember EFW is on its own separate public IP and is not going through linksys router that is on its own separate public IP. I also have everything else setup like you mentioned in previous post. Any other ideas? Toby. On Nov 30, 2007 12:12 PM, compdoc [EMAIL PROTECTED] wrote: Well, you do need to place the cert from the efw into the config folder on your windows pc, and have an account set up for the user with the proper password. If the GUI client works on another server, then Im guessing you know these things. I use all lower case letters for usernames, since nix tends to go that way, but I don't know if efw cares about uppercase or not. And do not port forward the openvpn port (1194 udp) anywhere in the port forwarding section, or add it to the External Access section of the Firewall tab. That's not necessary. Also, make sure the OpenVPN Server is enabled, and I set the Block DHCP responses coming from tunnel, but that shouldn't stop you either way. Do you have an ip address pool set in the server? Should be in the same range as the lan on green... I don't see any errors in your sample logons below, unless Im missing something. What do you think is the problem? Is it possible your broadband router or ISP is blocking 1194? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Friday, November 30, 2007 8:19 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Any ideas why I can't connect to Endian's OpenVPN server? Toby. On Nov 29, 2007 1:11 PM, toby [EMAIL PROTECTED] wrote: I have no blank lines in my client.ovpn file. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.11/1161 - Release Date: 11/30/2007 12:12 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Any ideas why I can't connect to Endian's OpenVPN server? Toby. On Nov 29, 2007 1:11 PM, toby [EMAIL PROTECTED] wrote: I have no blank lines in my client.ovpn file. On Nov 29, 2007 12:53 PM, compdoc [EMAIL PROTECTED] wrote: In the email I sent, there were no blank lines between the commands in the client.ovpn. But there are in your reply. Is that my mail client adding those extra blank lines? They shouldn't be there... *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 10:02 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Seriously, when I download cert from EFW web interface it saves as .pem automatically I did not have to rename it or anything. On Nov 29, 2007 10:57 AM, compdoc [EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 9:33 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business
[Efw-user] New efw 2.1.2 installation unable to OpenVPN
Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I just renamed it .pem :) On Nov 29, 2007 10:57 AM, compdoc [EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 9:33 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I have no blank lines in my client.ovpn file. On Nov 29, 2007 12:53 PM, compdoc [EMAIL PROTECTED] wrote: In the email I sent, there were no blank lines between the commands in the client.ovpn. But there are in your reply. Is that my mail client adding those extra blank lines? They shouldn't be there... *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 10:02 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Seriously, when I download cert from EFW web interface it saves as .pem automatically I did not have to rename it or anything. On Nov 29, 2007 10:57 AM, compdoc [EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 9:33 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists
[Efw-user] Unable to VPN into GREEN network
Hi all, Just finished efw community installation and so far I have setup external access to all administration of efw. I have also configured/enabled OpenVPN however, I am unable to obtain an IP address once I connect. What information do I need to post to get help? Thanks, Toby. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user