[pfSense Support] XMLRPC Work?
Is there a way to get the XMLRPC to work properly or is that not fixed yet. I would like mine to function, even if the server is down, is there a way for me to host my own version of XMLRPC locally on my apache server? ~Dwabraxus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] No Internet Traffic after 1 Day
Is your dyndns client on your pfsense box??? --- jonathan gonzalez [EMAIL PROTECTED] a écrit : hi, i'm using PPPoE and dyndns client and i think it doesn't affect me :( Rgds, jonathan Damien Dupertuis wrote: Hello, Are you using pppoe and dyndns client??? If so, this is why your pfsense hangs. Disable the dyndns client, reboot and ewerything should work... This is a long-story bug I hope the devellopers will solve... regards.. Damien --- Carsten Clementschitsch [EMAIL PROTECTED] a écrit : Hi, I tested the last 3 versions, every time the same problem, After using a fresh install it works for about a day, then no traffic to the internet is possible, although the internet connection is up. Only a complete reset can fix the problem for a another day. the attached file is the state in which the router doesn't work any more. thanx Carsten - pfSense.skynet - pfSense: status var theme = pfsense webConfigurator pfSense.skynet System Advanced Firmware General Setup Packages Static routes Interfaces (assign) WAN LAN Firewall Aliases NAT Rules Traffic Shaper Virtual IPs Services Captive portal DNS forwarder DHCP relay DHCP server Dynamic DNS Load Balancer SNMP Wake on LAN VPN IPsec PPTP PPPoE
Re: [pfSense Support] No Internet Traffic after 1 Day
yes, i setup the built-in client. My version is 0.86.4 jonathan Damien Dupertuis wrote: Is your dyndns client on your pfsense box??? --- jonathan gonzalez [EMAIL PROTECTED] a écrit : hi, i'm using PPPoE and dyndns client and i think it doesn't affect me :( Rgds, jonathan Damien Dupertuis wrote: Hello, Are you using pppoe and dyndns client??? If so, this is why your pfsense hangs. Disable the dyndns client, reboot and ewerything should work... This is a long-story bug I hope the devellopers will solve... regards.. Damien --- Carsten Clementschitsch [EMAIL PROTECTED] a écrit : Hi, I tested the last 3 versions, every time the same problem, After using a fresh install it works for about a day, then no traffic to the internet is possible, although the internet connection is up. Only a complete reset can fix the problem for a another day. the attached file is the state in which the router doesn't work any more. thanx Carsten - pfSense.skynet - pfSense: status var theme = pfsense webConfigurator pfSense.skynet System Advanced Firmware General Setup Packages Static routes Interfaces (assign) WAN LAN Firewall Aliases NAT Rules Traffic Shaper Virtual IPs Services Captive portal DNS forwarder DHCP relay DHCP server Dynamic DNS Load Balancer SNMP Wake on LAN VPN IPsec PPTP PPPoE
Re: [pfSense Support] No Internet Traffic after 1 Day
:-( It don't worked for me :-( I've been running it without the dyndns client for 8 days without a glitch... Maybe I should re-enable dyndns and see what happends... regards... --- jonathan gonzalez [EMAIL PROTECTED] a écrit : yes, i setup the built-in client. My version is 0.86.4 jonathan Damien Dupertuis wrote: Is your dyndns client on your pfsense box??? --- jonathan gonzalez [EMAIL PROTECTED] a écrit : hi, i'm using PPPoE and dyndns client and i think it doesn't affect me :( Rgds, jonathan Damien Dupertuis wrote: Hello, Are you using pppoe and dyndns client??? If so, this is why your pfsense hangs. Disable the dyndns client, reboot and ewerything should work... This is a long-story bug I hope the devellopers will solve... regards.. Damien --- Carsten Clementschitsch [EMAIL PROTECTED] a écrit : Hi, I tested the last 3 versions, every time the same problem, After using a fresh install it works for about a day, then no traffic to the internet is possible, although the internet connection is up. Only a complete reset can fix the problem for a another day. the attached file is the state in which the router doesn't work any more. thanx Carsten - pfSense.skynet - pfSense: status var theme = pfsense webConfigurator pfSense.skynet System Advanced Firmware General Setup Packages Static routes Interfaces (assign) WAN LAN Firewall Aliases NAT Rules Traffic Shaper Virtual IPs Services Captive portal DNS forwarder DHCP relay DHCP server Dynamic DNS Load Balancer SNMP Wake on LAN VPN IPsec
Re: [pfSense Support] Solution: Re: [pfSense Support] VPN NAT Traversal (CISCO VPN Client)
On 10/16/05, stephan schneider [EMAIL PROTECTED] wrote: Got the solution.In the vpn client connection configuration you have to chooseIPSec over TCP and of course Enable Transparent Tunnel.No custom rules, no IPSec passthru (that's a different approach), no custom nat rules (only the default: nat all lan) are needed. Mmmh, sounds very strange.. IPsec NAT-T usually is achieved as IPsec over UDP.. (http://wiki.openswan.org/index.php/Firewalls) ...and from what I know, Cisco VPN is using exaclty this. What kind of implementation is currently used? Please, could someone check if pfSense is really encapsulating over 4500/UDP, or smthg different? TIA Tom
[pfSense Support] issues with ipsec. any ideas
Oct 18 09:43:20 racoon: DEBUG: === Oct 18 09:43:20 racoon: DEBUG: 188 bytes message received from 195.218.115.140[500] to 192.168.1.100[500] Oct 18 09:43:20 racoon: DEBUG: cd4fbccf a18d7f66 0d455d4b 554b207a 08102001 c9ab08ba 00bc 62bae5e7 d26b2921 361ebf5c 3c378227 d9540a69 a871a069 bf46b4df fb12edea a704e392 019e81d2 4bef6bff c887dca7 0aa2ae24 2ca434bd d0167d37 444c41a5 0416b68d 98b6c6bc 24786e88 becece60 2304d400 fd87b941 70def95b c38b 90df2d59 b3e46690 f958c4fc 72a02208 94d7cf90 82ccb1ec 3543f6b8 e6b3f044 a8713004 3c070392 ab371cb0 841d6da1 57d2d4a0 0c9cc66b c50c14d2 21dcd6fd Oct 18 09:43:20 racoon: DEBUG: anonymous configuration selected for 195.218.115.140[500]. Oct 18 09:43:20 racoon: DEBUG: new cookie: 905295ce9696a874 Oct 18 09:43:20 racoon: DEBUG: 40 bytes from 192.168.1.100[500] to 195.218.115.140[500] Oct 18 09:43:20 racoon: DEBUG: sockname 192.168.1.100[500] Oct 18 09:43:20 racoon: DEBUG: send packet from 192.168.1.100[500] Oct 18 09:43:20 racoon: DEBUG: send packet to 195.218.115.140[500] Oct 18 09:43:20 racoon: DEBUG: 1 times of 40 bytes message will be sent to 195.218.115.140[500] Oct 18 09:43:20 racoon: DEBUG: cd4fbccf a18d7f66 905295ce 9696a874 0b100500 e08d28fc 0028 000c 0001 0104 Oct 18 09:43:20 racoon: DEBUG: sendto Information notify. Oct 18 09:43:20 racoon: ERROR: can't start the quick mode, there is no ISAKMP-SA, cd4fbccfa18d7f66:0d455d4b554b207a:c9ab Oct 18 09:43:51 racoon: DEBUG: === Oct 18 09:43:51 racoon: DEBUG: 188 bytes message received from 195.218.115.140[500] to 192.168.1.100[500] Oct 18 09:43:51 racoon: DEBUG: cd4fbccf a18d7f66 0d455d4b 554b207a 08102001 834ac600 00bc 5f3518d8 7d3eda6d 619b8dcf 8057735d cded5fd4 7a71bd1d 7b0719a3 8a1b753b 60723607 29b651f1 7c98ae31 18614407 0666d742 42bf0035 bbb2f8a8 c4f82ac9 43f175e8 ac44ed75 97da7258 acc3bcd5 1eea3f2d bf30a7da 6cee8a3c 9a42e215 2ab8e94f 5da3269e c3092119 93fd9e51 a7bb9326 cf080e6f a27fbd0a 207d18f9 1bae070d a50f32fb 525e4f46 2acf0896 d45c0946 eaeea10d 583da02d 2a13287a Oct 18 09:43:51 racoon: DEBUG: anonymous configuration selected for 195.218.115.140[500]. Oct 18 09:43:51
AW: [pfSense Support] Any way to do a scheduled ping to a host?
We have dyndns-ipsec support, however I have not set it up by now. Only heard Scott implemented it. Other option (if you want to do it with the ping) would be to add a cron-job to send a single ping once in a minute. However, as you can't ping through the tunnel from the pfsense directly you would have to add a static route for the remote subnet with the lan ip of the local pfsense that does the ping as gateway as only incoming traffic from another interface can be routed through the tunnel or bring a tunnel up. I would try to figure out how dyndns-ipsec has to be configured. If I have some time I'll try it myself these days. Would be great stuff for a tutorial ;-) Holger -Ursprüngliche Nachricht- Von: Jason Landry [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 18. Oktober 2005 13:35 An: pfsense Betreff: [pfSense Support] Any way to do a scheduled ping to a host? I'm using IPSec to connect from home to the office. At my home address, I'm using DynDNS so I have the ip available. But when I'm at work, the IPSec connection goes down as activity stops. Judging by the documentation, there's no way to set up an outgoing IPSec connection *to* a dynamic address. I was thinking if pfsense could send a simple ping to a particular address, this could keep the connection open, and allow me to access my home network through the IPSec tunnel from work at all times. Any ideas? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Any way to do a scheduled ping to a host?
If I understand correctly that means that dyndns-ipsec would have to be installed at the office...that gives me incentive to switch from m0n0wall at the office to pfsense :). Right now, pfsense is only at home. On 10/18/05, Holger Bauer [EMAIL PROTECTED] wrote: We have dyndns-ipsec support, however I have not set it up by now. Only heard Scott implemented it. Other option (if you want to do it with the ping) would be to add a cron-job to send a single ping once in a minute. However, as you can't ping through the tunnel from the pfsense directly you would have to add a static route for the remote subnet with the lan ip of the local pfsense that does the ping as gateway as only incoming traffic from another interface can be routed through the tunnel or bring a tunnel up. I would try to figure out how dyndns-ipsec has to be configured. If I have some time I'll try it myself these days. Would be great stuff for a tutorial ;-) Holger -Ursprüngliche Nachricht- Von: Jason Landry [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 18. Oktober 2005 13:35 An: pfsense Betreff: [pfSense Support] Any way to do a scheduled ping to a host? I'm using IPSec to connect from home to the office. At my home address, I'm using DynDNS so I have the ip available. But when I'm at work, the IPSec connection goes down as activity stops. Judging by the documentation, there's no way to set up an outgoing IPSec connection *to* a dynamic address. I was thinking if pfsense could send a simple ping to a particular address, this could keep the connection open, and allow me to access my home network through the IPSec tunnel from work at all times. Any ideas? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] No Internet Traffic after 1 Day
On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: :-( It don't worked for me :-( I've been running it without the dyndns client for 8 days without a glitch... Maybe I should re-enable dyndns and see what happends... regards... I'm on 86.4 on the only box I have that does pppoe, I can try setting up dyndns tonight and see if things break. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] XMLRPC Work?
On 10/18/05, Chris May [EMAIL PROTECTED] wrote: Is there a way to get the XMLRPC to work properly or is that not fixed yet. I would like mine to function, even if the server is down, is there a way for me to host my own version of XMLRPC locally on my apache server? If what you perceive to be broken is firmware updates, then it's working properly, we haven't updated the version for autoupdates in a while. What XMLRPC function are you talking about? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Solution: Re: [pfSense Support] VPN NAT Traversal (CISCO VPN Client)
On 10/18/05, Bill Marquette [EMAIL PROTECTED] wrote: On 10/18/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:Mmmh, sounds very strange..IPsec NAT-T usually is achieved as IPsec over UDP.. (http://wiki.openswan.org/index.php/Firewalls)...and from what I know, Cisco VPN is using exaclty this.What kind of implementation is currently used? Please, could someone check if pfSense is really encapsulating over 4500/UDP, or smthg different?pfSense isn't encapsulating anything, that's the job of the client.In this case it sounds like the client needed some extra config to do NAT-T correctly. Maybe I explained myself not very well: ipsec natively do not permit to bypass NAT gateway. So few solutions have been adopted, uone of them is NAT-T (that is, ipsec over UDP). I do not mean that it is pfsense that must do this: generally it is the OS ipsec implementation that takes it into account (during the very fist exchanges between the thwo parties, and so on). I only would like to know if racoon (I think racoon is the one that manage ipsec VPNs) uses NAT-T or another mechanism for bypassing NAT limitation... Sorry Tom
Re: [pfSense Support] Solution: Re: [pfSense Support] VPN NAT Traversal (CISCO VPN Client)
Tommaso Di Donato wrote: Maybe I explained myself not very well: ipsec natively do not permit to bypass NAT gateway. So few solutions have been adopted, uone of them is NAT-T (that is, ipsec over UDP). I do not mean that it is pfsense that must do this: generally it is the OS ipsec implementation that takes it into account (during the very fist exchanges between the thwo parties, and so on). I only would like to know if racoon (I think racoon is the one that manage ipsec VPNs) uses NAT-T or another mechanism for bypassing NAT limitation... In the case of VPN's that are terminated on pfsense boxes, it is racoon, and very recently a kernel patch was added to test NAT-T support with ipsec-tools. I'm not sure if it's even made it into a public release yet. It'll be there soon if not, but needs testing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] XMLRPC Work?
Bill Marquette wrote: On 10/18/05, Chris May [EMAIL PROTECTED] wrote: Is there a way to get the XMLRPC to work properly or is that not fixed yet. I would like mine to function, even if the server is down, is there a way for me to host my own version of XMLRPC locally on my apache server? If what you perceive to be broken is firmware updates, then it's working properly, we haven't updated the version for autoupdates in a while. What XMLRPC function are you talking about? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I wanted to get the updates feature working either for the global cvs or just off a local machine via a web server running xmlrpc. I would like this becasue I ahve a few boxes running pfsense and want to keep them all up to date - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Solution: Re: [pfSense Support] VPN NAT Traversal (CISCO VPN Client)
On 10/18/05, Chris Buechler [EMAIL PROTECTED] wrote: In the case of VPN's that are terminated on pfsense boxes, it is racoon,and very recently a kernel patch was added to test NAT-T support withipsec-tools.I'm not sure if it's even made it into a public release yet.It'll be there soon if not, but needs testing. Thank you very much. If you like, I will try to do some tests (not now, but in the near future), and will share my results. Tom
Re: [pfSense Support] XMLRPC Work?
Scott Ullrich wrote: Manually update them via the firmware. The XMLRPC portion only shows you when we update the version and we haven't focused our attention on keeping this current. It's one of the final items to complete before we release. And when I say complete, it really means hooking in the builder scripts closer to this system to automatically generate binary diff updates and bump the version that you query via XMLRPC. Scott On 10/18/05, Chris May [EMAIL PROTECTED] wrote: Bill Marquette wrote: On 10/18/05, Chris May [EMAIL PROTECTED] wrote: Is there a way to get the XMLRPC to work properly or is that not fixed yet. I would like mine to function, even if the server is down, is there a way for me to host my own version of XMLRPC locally on my apache server? If what you perceive to be broken is firmware updates, then it's working properly, we haven't updated the version for autoupdates in a while. What XMLRPC function are you talking about? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I wanted to get the updates feature working either for the global cvs or just off a local machine via a web server running xmlrpc. I would like this becasue I ahve a few boxes running pfsense and want to keep them all up to date - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] OK... THX - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] No Internet Traffic after 1 Day
What is exactly the problem? Does the system hungs or what happens? jonathan On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Great... but remember, you'll have to wait one day so see the bug... I wish you could find it... becaus it bothers me ... Regards... Damien --- Bill Marquette [EMAIL PROTECTED] a écrit : On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: :-( It don't worked for me :-( I've been running it without the dyndns client for 8 days without a glitch... Maybe I should re-enable dyndns and see what happends... regards... I'm on 86.4 on the only box I have that does pppoe, I can try setting up dyndns tonight and see if things break. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 0.87 ??
That was the name before I gzipped it. It's correct and I will fix it. On 10/18/05, David Strout [EMAIL PROTECTED] wrote: I noticed that when you upzip the current 0.87 ISO image that it unzips to an image called FreeBSIE.iso ... is that correct or is that a new naming convention? I am use to seeing the ISOs named pfSense-LiveCD-ver.iso Please forgive my ignorance. -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Help needed with pfSense 0.86.4 failover
Hello, I'll lecture a training scheduled for next week, where I plan to talk about pfSense, besides m0n0wall. I'd like to show them the failover feature, but it didn't work as expected, following the website's tutorial. I also did searches at the mailing list history and I haven't found any messages about problemas or hints with this feature, with leads me to think that my configuration is missing something. About the configuration made: 1) Started with two factory reset pfSense 0.86.4 Generic PC firewalls. 2) Followed the animated tutorial for failover 3) Noticed that that tutorial misses the sync interfaces configuration, that should be done prior the failover steps, so I did factory reset the firewalls and started over. 4) Noticed that the backup firewall carp interfaces screen isn't the exactly the same that the tutorial shows: it's missing the icons and is blank where it should be showing 5) Confirmed: - That the WAN and LAN Virtual IPs were pinged from the LAN client - The client was able to navigate using the LAN Virtual IP as a gateway - That packets arrived external sites with the WAN Virtual IP - When I shutdown the Master firewall, both Virtual IPs also disappeared. There's an PDF to illustrate what happened, and a jpg with the lab scenario available at: http://alexsm.sites.uol.com.br/pfsense-carp-pfsync-lab.pdf http://alexsm.sites.uol.com.br/treinamento_bsd_fws.jpg I've just noticed that the pfSense-LiveCD-0.87.iso is available. I haven't tested it, but if my configuration isn't correct, I guess it doesn't matter the pfsense version, right? :-) Thank you in advance. Best regards, Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Help needed with pfSense 0.86.4 failover
I'll quickly summarize the steps you need to take: 1. Setup the primary firewall with a unique IP for wan and lan that you will not be using in the CARP failover group. Each firewall must have it's own unique ip for both WAN and LAN. 2. Setup the secondary firewall with a unique IP for wan and lan that you will not be using in the CARP failover group. Each firewall must have it's own unique ip for both WAN and LAN. 3. On the primary firewall, setup your virtual ip's that you wish to share on the CARP cluster 4. Visit CARP Settings on the primary firewall and enable all options except load balancing. In the Synchronize to IP box insert the _UNIQUE_ LAN IP of the seondary firewall. This will basically force all the common settings to the backup automatically! 5 Visit CARP Settings on the secondary firewall and enable preemption _ONLY_. 6 Setup advanced outbound NAT on the primary firewall and make sure that your directing all outbound traffic through one of your virtual ip's so that when a failover occurs, there is no states using either of the unique ip's That's about it If you follow the above, it should work, granted I didn't overlook anything minor. Scott On 10/18/05, Alex Moura [EMAIL PROTECTED] wrote: Hello, I'll lecture a training scheduled for next week, where I plan to talk about pfSense, besides m0n0wall. I'd like to show them the failover feature, but it didn't work as expected, following the website's tutorial. I also did searches at the mailing list history and I haven't found any messages about problemas or hints with this feature, with leads me to think that my configuration is missing something. About the configuration made: 1) Started with two factory reset pfSense 0.86.4 Generic PC firewalls. 2) Followed the animated tutorial for failover 3) Noticed that that tutorial misses the sync interfaces configuration, that should be done prior the failover steps, so I did factory reset the firewalls and started over. 4) Noticed that the backup firewall carp interfaces screen isn't the exactly the same that the tutorial shows: it's missing the icons and is blank where it should be showing 5) Confirmed: - That the WAN and LAN Virtual IPs were pinged from the LAN client - The client was able to navigate using the LAN Virtual IP as a gateway - That packets arrived external sites with the WAN Virtual IP - When I shutdown the Master firewall, both Virtual IPs also disappeared. There's an PDF to illustrate what happened, and a jpg with the lab scenario available at: http://alexsm.sites.uol.com.br/pfsense-carp-pfsync-lab.pdf http://alexsm.sites.uol.com.br/treinamento_bsd_fws.jpg I've just noticed that the pfSense-LiveCD-0.87.iso is available. I haven't tested it, but if my configuration isn't correct, I guess it doesn't matter the pfsense version, right? :-) Thank you in advance. Best regards, Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Help needed with pfSense 0.86.4 failover
And one minor thing I overlooked, on option 4 enter the Remote System Password item as well. On 10/18/05, Scott Ullrich [EMAIL PROTECTED] wrote: I'll quickly summarize the steps you need to take: 1. Setup the primary firewall with a unique IP for wan and lan that you will not be using in the CARP failover group. Each firewall must have it's own unique ip for both WAN and LAN. 2. Setup the secondary firewall with a unique IP for wan and lan that you will not be using in the CARP failover group. Each firewall must have it's own unique ip for both WAN and LAN. 3. On the primary firewall, setup your virtual ip's that you wish to share on the CARP cluster 4. Visit CARP Settings on the primary firewall and enable all options except load balancing. In the Synchronize to IP box insert the _UNIQUE_ LAN IP of the seondary firewall. This will basically force all the common settings to the backup automatically! 5 Visit CARP Settings on the secondary firewall and enable preemption _ONLY_. 6 Setup advanced outbound NAT on the primary firewall and make sure that your directing all outbound traffic through one of your virtual ip's so that when a failover occurs, there is no states using either of the unique ip's That's about it If you follow the above, it should work, granted I didn't overlook anything minor. Scott On 10/18/05, Alex Moura [EMAIL PROTECTED] wrote: Hello, I'll lecture a training scheduled for next week, where I plan to talk about pfSense, besides m0n0wall. I'd like to show them the failover feature, but it didn't work as expected, following the website's tutorial. I also did searches at the mailing list history and I haven't found any messages about problemas or hints with this feature, with leads me to think that my configuration is missing something. About the configuration made: 1) Started with two factory reset pfSense 0.86.4 Generic PC firewalls. 2) Followed the animated tutorial for failover 3) Noticed that that tutorial misses the sync interfaces configuration, that should be done prior the failover steps, so I did factory reset the firewalls and started over. 4) Noticed that the backup firewall carp interfaces screen isn't the exactly the same that the tutorial shows: it's missing the icons and is blank where it should be showing 5) Confirmed: - That the WAN and LAN Virtual IPs were pinged from the LAN client - The client was able to navigate using the LAN Virtual IP as a gateway - That packets arrived external sites with the WAN Virtual IP - When I shutdown the Master firewall, both Virtual IPs also disappeared. There's an PDF to illustrate what happened, and a jpg with the lab scenario available at: http://alexsm.sites.uol.com.br/pfsense-carp-pfsync-lab.pdf http://alexsm.sites.uol.com.br/treinamento_bsd_fws.jpg I've just noticed that the pfSense-LiveCD-0.87.iso is available. I haven't tested it, but if my configuration isn't correct, I guess it doesn't matter the pfsense version, right? :-) Thank you in advance. Best regards, Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Help needed with pfSense 0.86.4 failover
Alex Moura wrote: 4) Noticed that the backup firewall carp interfaces screen isn't the exactly the same that the tutorial shows: it's missing the icons and is blank where it should be showing Sorry, I meant to say that the first and the last columns of the table of the carp Virtual IPs table screen are blank. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] PFsense as PN server
Excuse me for stupid questions, 1./i am not sure if or not is pfsense capable act as VPN ipsec server?If yes, how many connections /clients/can pfsense serve? 2./i know that pfsense is capable act as PPTP server, but how many PPTP connections can pfsense serve? Thanx. Bob. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.12.1/136 - Release Date: 15.10.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio
Re: [pfSense Support] FreeRadius state
Our GUI is now out of sync with the newer version. We need someone to fix this. On 10/18/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi group, i would like to know more about the state of the FreeRadius package that actually appears as broken in the package list: freeradius SecurityBROKEN 1.0.4 Thanks in advance, Rgds, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] No Internet Traffic after 1 Day
After exactly one day, the wan-side stops working... You turn the dyndns client off, restart pfsense and... it works again... If you want to know more, look at the archives... regards... Damien --- Jonathan Gonzalez [EMAIL PROTECTED] a écrit : What is exactly the problem? Does the system hungs or what happens? jonathan On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Great... but remember, you'll have to wait one day so see the bug... I wish you could find it... becaus it bothers me ... Regards... Damien --- Bill Marquette [EMAIL PROTECTED] a écrit : On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: :-( It don't worked for me :-( I've been running it without the dyndns client for 8 days without a glitch... Maybe I should re-enable dyndns and see what happends... regards... I'm on 86.4 on the only box I have that does pppoe, I can try setting up dyndns tonight and see if things break. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] No Internet Traffic after 1 Day
That problem with 86.4 and dyndns client is already reported I think, and maybe it's already solved. Have you tried the same on 87.2 ? Gabriel -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Martes, 18 de Octubre de 2005 07:10 p.m. To: support@pfsense.com Subject: Re: [pfSense Support] No Internet Traffic after 1 Day After exactly one day, the wan-side stops working... You turn the dyndns client off, restart pfsense and... it works again... If you want to know more, look at the archives... regards... Damien --- Jonathan Gonzalez [EMAIL PROTECTED] a écrit : What is exactly the problem? Does the system hungs or what happens? jonathan On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Great... but remember, you'll have to wait one day so see the bug... I wish you could find it... becaus it bothers me ... Regards... Damien --- Bill Marquette [EMAIL PROTECTED] a écrit : On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: :-( It don't worked for me :-( I've been running it without the dyndns client for 8 days without a glitch... Maybe I should re-enable dyndns and see what happends... regards... I'm on 86.4 on the only box I have that does pppoe, I can try setting up dyndns tonight and see if things break. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Este correo electrónico puede contener información estrictamente confidencial y es de uso exclusivo del destinatario, quedando prohibida a cualquier otra persona su revelación, copia, distribución, o el ejercicio de cualquier acción relativa a su contenido. Si ha recibido este correo electrónico por error, por favor conteste al remitente, y posteriormente proceda a borrarlo de su sistema. Gracias por su colaboración. This email is intended for the addressee only. Internet communications are not secure and therefore Alt126 Security Management Solutions . does not accept legal responsibility for the contents of this message. Any views or opinions represented are solely those of the author and do not necessarily represent those of Alt126 Security Management Solutions. If this email is not intended for you, lease notify the author by replying to this email. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] No Internet Traffic after 1 Day
Isn't necessary, today it left to work. I experienced myself. What i don't know is why it didn't happen to me before now ¿? Rgds, jonathan Damien Dupertuis wrote: After exactly one day, the wan-side stops working... You turn the dyndns client off, restart pfsense and... it works again... If you want to know more, look at the archives... regards... Damien --- Jonathan Gonzalez [EMAIL PROTECTED] a écrit : What is exactly the problem? Does the system hungs or what happens? jonathan On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Great... but remember, you'll have to wait one day so see the bug... I wish you could find it... becaus it bothers me ... Regards... Damien --- Bill Marquette [EMAIL PROTECTED] a écrit : On 10/18/05, Damien Dupertuis [EMAIL PROTECTED] wrote: :-( It don't worked for me :-( I've been running it without the dyndns client for 8 days without a glitch... Maybe I should re-enable dyndns and see what happends... regards... I'm on 86.4 on the only box I have that does pppoe, I can try setting up dyndns tonight and see if things break. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]