[pfSense Support] Need help
I need to have some information about configuring pfSense's proxy. We have a LAN Active Directory (W Server 2003) managed. We have to filtering internet (WAN), from LAN, access with pfSense's proxy. We want to authorize only Users which are in a specific Active Directory's group. We want to know HOW TO CONFIGURE LDAP AUTHENTICATION using pfSense's web interface. The page is Auth settings in the Proxy section. Can anyone give us AN EXAMPLE of working Active Directory LDAP authentication ? What I have to write EXACTLY in each field ? What about LDAP search filter ? Thank you very much, Best regards. Marco Vinella - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Need help
Marco Vinella wrote: I need to have some information about configuring pfSense's proxy. We have a LAN Active Directory (W Server 2003) managed. We have to filtering internet (WAN), from LAN, access with pfSense's proxy. We want to authorize only Users which are in a specific Active Directory's group. We want to know HOW TO CONFIGURE LDAP AUTHENTICATION using pfSense's web interface. The page is Auth settings in the Proxy section. Can anyone give us AN EXAMPLE of working Active Directory LDAP authentication ? What I have to write EXACTLY in each field ? What about LDAP search filter ? Thank you very much, Best regards. Marco Vinella - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I assume you mean that you want to use the squid package with active directory to authenticate users. This functionality has not been implemented in the squid package and, as far as I know, is not functional. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7aetopic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are encrypted, but I am planning on using specific ports for certain tunnels to pass only VoIP traffic through and shaping those OpenVPN ports. Thanks in advance. Mike Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] VLAN Setup of pfSense ?'s
Proof of concept - can this be done??? The customers scenario: They have a pfS box with four interfaces (fxp0-3) fxp0=WAN (static) fxp1=LAN (192.168.1.0/24) fxp2=DMZ (10.1.1.0/24) fxp3=WLAN (192.168.2.0/24) Everything works well and very reliably, but I have two new networks (VLAN'd w/ Cisco switches) that need access to the internet and DMZ based servers through the pfS platform. I can not add another NIC (or dual NIC) to the pfS box as I am out of PCI slots and there is no other option, hardware wise, for this platform. VLAN setup on customer network: VLAN100=management net VLAN101=LAN NET (192.168.1.0/24) VLAN201=KIOSK NET (192.168.100.0/24) VLAN301=LAB NET (192.168.200.0/24) As of today these VLANs/networks (201 301) are segmented/isolated and have their own DHCP servers and have dead ended default gateways IPs of said DHCP server .. another words they go nowhere when requesting addresses other than the attached IP space. I do not have the option of changing the address space of these networks as they are managed by different business units and they are adamant that they will not re-ip their networks. The LAN NET VLAN101 is the only one that has exposure to the internet and they use pfS for DHCP, DNS FWD default gateway. So here is my thinking ... I am thinking that I can present the pfS box with a Cisco trunk that will carry VLANs 101, 201 301 and feed it to the fxp1 interface of the pfS box. I can prune and do all that I need to limit the exposure of all VLANs to the pfS box no problem. But the real question is how to provide default gateway addresses and DHCP service to these three dissimilarly IP'd networks when there is really only one physical NIC. I can see in the interface section were to create the tagging and assign NICs to a tagged VLAN, but I am unclear as to assigning the IP of the dissimilar networks to one NIC, is this the virtual IP address section? Assuming it is and I assign VIPs to the fxp1 interface like this (physical=192.168.1.1, VIP1=192.168.100.1, VIP2=192.168.200.1) then how could I provide DHCP and DNS service to all three networks from pfS? The managers want to remove the DHCP servers from each of the two additional networks and rely on pfS for DHCP and resolution to the net and DMZ. [ thereby putting all the management of these nets on me ... oh whoopee :-( ] I may be reaching here and maybe this can not be done with pfS. Suggestions VERY welcomed !!! -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
In the latest snap 14-5 it's present... Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 18:30 An: support@pfsense.com Betreff: Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 15:46 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7aetopic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are encrypted, but I am planning on using specific ports for certain tunnels to pass only VoIP traffic through and shaping those OpenVPN ports. Thanks in advance. Mike Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] VLAN Setup of pfSense ?'s
Once you create the vlan's, you'll go in and add another opt interface that will correspond to the vlan you added to the physical interface. I don't have a box in front of me to walk through the menu's, but the bottom line is that what you want to do is doable in pfSense and is all configured under the Interfaces menu. Once you have the interfaces configured, you can configure the dhcp server for that interface as you would for a physical interface. --Bill On 5/18/07, David Strout [EMAIL PROTECTED] wrote: Proof of concept - can this be done??? The customers scenario: They have a pfS box with four interfaces (fxp0-3) fxp0=WAN (static) fxp1=LAN (192.168.1.0/24) fxp2=DMZ (10.1.1.0/24) fxp3=WLAN (192.168.2.0/24) Everything works well and very reliably, but I have two new networks (VLAN'd w/ Cisco switches) that need access to the internet and DMZ based servers through the pfS platform. I can not add another NIC (or dual NIC) to the pfS box as I am out of PCI slots and there is no other option, hardware wise, for this platform. VLAN setup on customer network: VLAN100=management net VLAN101=LAN NET (192.168.1.0/24) VLAN201=KIOSK NET (192.168.100.0/24) VLAN301=LAB NET (192.168.200.0/24) As of today these VLANs/networks (201 301) are segmented/isolated and have their own DHCP servers and have dead ended default gateways IPs of said DHCP server .. another words they go nowhere when requesting addresses other than the attached IP space. I do not have the option of changing the address space of these networks as they are managed by different business units and they are adamant that they will not re-ip their networks. The LAN NET VLAN101 is the only one that has exposure to the internet and they use pfS for DHCP, DNS FWD default gateway. So here is my thinking ... I am thinking that I can present the pfS box with a Cisco trunk that will carry VLANs 101, 201 301 and feed it to the fxp1 interface of the pfS box. I can prune and do all that I need to limit the exposure of all VLANs to the pfS box no problem. But the real question is how to provide default gateway addresses and DHCP service to these three dissimilarly IP'd networks when there is really only one physical NIC. I can see in the interface section were to create the tagging and assign NICs to a tagged VLAN, but I am unclear as to assigning the IP of the dissimilar networks to one NIC, is this the virtual IP address section? Assuming it is and I assign VIPs to the fxp1 interface like this (physical=192.168.1.1, VIP1=192.168.100.1, VIP2=192.168.200.1) then how could I provide DHCP and DNS service to all three networks from pfS? The managers want to remove the DHCP servers from each of the two additional networks and rely on pfS for DHCP and resolution to the net and DMZ. [ thereby putting all the management of these nets on me ... oh whoopee :-( ] I may be reaching here and maybe this can not be done with pfS. Suggestions VERY welcomed !!! -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
The option resides in the OpenVPN server configuration screen. Scott On 5/18/07, Mike Lee [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've upgraded my embedded client to 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't see the option to shape the entire tunnel under the OpenVPN-Client screen. Am I looking in the wrong area. I also tried to create a new tunnel and no shaping option either. Also re-ran the shaping wizard and no OpenVPN option. Thanks again for your help, it's much appreciated. Mike ** Fuchs, Martin wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif; color:black;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} pre {mso-style-priority:99; mso-style-link:HTML Vorformatiert Zchn; margin:0cm; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New; color:black;} span.HTMLVorformatiertZchn {mso-style-name:HTML Vorformatiert Zchn; mso-style-priority:99; mso-style-link:HTML Vorformatiert; font-family:Consolas; color:black;} span.E-MailFormatvorlage19 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt;} div.Section1 {page:Section1;} -- In the latest snap 14-5 it's present… *Von:* Mike Lee [mailto:[EMAIL PROTECTED] *Gesendet:* Freitag, 18. Mai 2007 18:30 *An:* support@pfsense.com *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 15:46 An: support@pfsense.com mailto:support@pfsense.com Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com mailto:support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7aetopic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've upgraded my embedded client to 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't see the option to shape the entire tunnel under the OpenVPN-Client screen. Am I looking in the wrong area. I also tried to create a new tunnel and no shaping option either. Also re-ran the shaping wizard and no OpenVPN option. Thanks again for your help, it's much appreciated. Mike ** Fuchs, Martin wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif; color:black;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} pre {mso-style-priority:99; mso-style-link:HTML Vorformatiert Zchn; margin:0cm; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New; color:black;} span.HTMLVorformatiertZchn {mso-style-name:HTML Vorformatiert Zchn; mso-style-priority:99; mso-style-link:HTML Vorformatiert; font-family:Consolas; color:black;} span.E-MailFormatvorlage19 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt;} div.Section1 {page:Section1;} -- In the latest snap 14-5 it’s present… *Von:* Mike Lee [mailto:[EMAIL PROTECTED] *Gesendet:* Freitag, 18. Mai 2007 18:30 *An:* support@pfsense.com *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 15:46 An: support@pfsense.com mailto:support@pfsense.com Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com mailto:support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7aetopic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are encrypted, but I am planning on using specific ports for certain tunnels to pass only VoIP traffic through and shaping those OpenVPN ports. Thanks in advance. Mike Lee
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Oh. I though you meant the client side. I'll upgrade our main pfSense box (server-side) and try again. Thanks and have a great weekend. Mike Scott Ullrich wrote: The option resides in the OpenVPN server configuration screen. Scott On 5/18/07, Mike Lee [EMAIL PROTECTED] wrote: I've upgraded my embedded client to 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't see the option to shape the entire tunnel under the OpenVPN-Client screen. Am I looking in the wrong area. I also tried to create a new tunnel and no shaping option either. Also re-ran the shaping wizard and no OpenVPN option. Thanks again for your help, it's much appreciated. Mike ** Fuchs, Martin wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif; color:black;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} pre {mso-style-priority:99; mso-style-link:HTML Vorformatiert Zchn; margin:0cm; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New; color:black;} span.HTMLVorformatiertZchn {mso-style-name:HTML Vorformatiert Zchn; mso-style-priority:99; mso-style-link:HTML Vorformatiert; font-family:Consolas; color:black;} span.E-MailFormatvorlage19 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt;} div.Section1 {page:Section1;} -- In the latest snap 14-5 it's present *Von:* Mike Lee [mailto:[EMAIL PROTECTED] *Gesendet:* Freitag, 18. Mai 2007 18:30 *An:* support@pfsense.com *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 15:46 An: support@pfsense.com mailto:support@pfsense.com Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: The general problem is not solved until now - encrypted tunnels cannot be shaped... There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... What you are planning is some sort of traffic shaping on port based rules. It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... Regards, Martin -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. Mai 2007 16:40 An: support@pfsense.com mailto:support@pfsense.com Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7aetopic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you
[pfSense Support] Captive Portal ?
Now that I plowed through the VLAN issue. I have been presented with another config question. Is there any way to have captive portal active on multiple interfaces? I dug through the mail lists and the forum, but it seems that the answer is a resounding no. So naturally the next question is ... is there any plan to modify the captive portal to address multiple interfaces? I am sure it would be a coding nightmare, but in retrospect, have been presented with the question and seeing the value in their request, it sure would be a nice feature for a future release. -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Captive Portal ?
On 5/18/07, David Strout [EMAIL PROTECTED] wrote: Now that I plowed through the VLAN issue. I have been presented with another config question. Is there any way to have captive portal active on multiple interfaces? I dug through the mail lists and the forum, but it seems that the answer is a resounding no. So naturally the next question is ... is there any plan to modify the captive portal to address multiple interfaces? I am sure it would be a coding nightmare, but in retrospect, have been presented with the question and seeing the value in their request, it sure would be a nice feature for a future release. No it will not work on multiple interfaces and there are no plans to work on this. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Sorry guys, but when I looked at the OpenVPN server options on one of our OpenVPN boxes running the 5/14 snapshot, I don't see any options for shaping the tunnel. Below are the options I have: Disable this tunnel Protocol Dynamic IP Local port Address pool Use static IPs Local network Remote network Client-to-client VPN Cryptography Authentication method Shared key etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Shaping only works from client side at the moment... I'm looking how to shape from server side but at the monemt it's not possible... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 22:48 An: support@pfsense.com Betreff: Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Sorry guys, but when I looked at the OpenVPN server options on one of our OpenVPN boxes running the 5/14 snapshot, I don't see any options for shaping the tunnel. Below are the options I have: Disable this tunnel Protocol Dynamic IP Local port Address pool Use static IPs Local network Remote network Client-to-client VPN Cryptography Authentication method Shared key etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Ok. I'll just hold tight for now. Do you know if this functionality will make it into the final 1.2 release or will it be in future point (1.3, etc.) releases? Thanks. Mike Fuchs, Martin wrote: Shaping only works from client side at the moment... I'm looking how to shape from server side but at the monemt it's not possible... -Ursprüngliche Nachricht- Von: Mike Lee [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 18. Mai 2007 22:48 An: support@pfsense.com Betreff: Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) Sorry guys, but when I looked at the OpenVPN server options on one of our OpenVPN boxes running the 5/14 snapshot, I don't see any options for shaping the tunnel. Below are the options I have: Disable this tunnel Protocol Dynamic IP Local port Address pool Use static IPs Local network Remote network Client-to-client VPN Cryptography Authentication method Shared key etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mike Lee IT Manager - Biosource America Biosource America, Inc. The contents of this e-mail correspondence are considered confidential and privileged and otherwise protected from disclosure by BIOSOURCE AMERICA, INC., a wholly owned subsidiary of Nova Biosource Fuels, Inc. This correspondence and its contents are for distribution to and for use by the named parties only. If you have received this correspondence in error, please contact us without delay. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.1 (Darwin) mQGiBEZN5H8RBADDzHaIUMPXer3aBqLUGF8h+sRdSTvUAIueqzd9Lbxwn0S09sYf J6X4gnmxjoZDyN+aCAQQxK1biAd95nPn0vbyIoEIaPo0UYgG9KjsKK4DHNv0C/Os ttYVzJX3rsezB87GTFHznYzJxIXFJZoKyXcW2SQp9wUhpaEw7ddA3DJyDwCghoXq IS4wyPK0M9qAXNKGjmWt7bkD/RJAqY7GdMFTTmu1MZ+hbmfHT0pdsS3KoBGTlngP mvbL2cIS0KeB7haYLGcjddrg2E0FiC1I9NBuwVrfvA8mItemHshYo+YkQHblAUhc JQC7dGTQU+YimJyp3HnGRKvONfb6uvSfQDcYARINqcS75+ufJgmdH2ZZXogjDS7N WnKFBAC7/+VM1FkVZRS4TIk2JiIEz1h9zBlRADJzzTTf+WeJvWCrXeEQ5TaPEH7X Xvc8g30uP9xSK/1fQ8G1eb+jvXBHnZOfyjXqHFK/dPzp1z+XHTkGq6ByvcWg5jnf BPL2zOF3c003mVPqUinnLdUbGc5K7SDScN5/+6CQWNFg4NNLZLQ5TWljaGFlbCBM ZWUgKEJpb3NvdXJjZSBBbWVyaWNhKSA8bWxlZUBiaW9zb3VyY2VmdWVscy5jb20+ iGQEExECACQFAkZN5H8CGwMFCQHhM4AGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQ QSbcfXk9NL9z1ACeN6SIM02US339IcsCIOAHZHuJ0/QAn1mgTuKU6yfbtdEvg0by cd+nb4E+uQINBEZN5NAQCADg7GcN/KjGb7pa6qQvOFz4YGDj0vigYGh5s6PKeUoM TW65h5zOcWmJYsYNv7Rg90RFOdRS/sqaOrmBD1bGuC3jN+JXM71vnHK+P/nNlT2y DoP3xJgGDqbqr74cjNSxaaVQnr7k2Ns2hHpG/b5oYB0Dn6UTkOvPIfRYFnENq1X0 /YmAEVSCUF5pjmcykXbuZ8AfX4zoBVH/js6ufY14yqhIiGzxYralrS69ATTL65VH wOWmU54bMX9iOWBySBnj46lEjn4KLsrouL04m6cKKO2w1aeR8vu12UxxLcAdMQ3b vE83p6CW1bC0h/ifyziThNznm3Pk3dBQlVxSVanVjnb3AAMFB/4oV7FIjunmDsvP Fczv/4femQsSMYEt6VdsU16R6u4ZpTNmupSVdJy+Gr+AzDzvvdkk/FFenywaU/WG aWamv456oRKe26jJQxAbKXIdlL3pGsSu+E8eirgZB//rNfUvc5zBAVjE3kfDSr6X MlzBlMiQIRWtakxGB2I/R9YrHQ0AwPzMM4ENE915tc6hRHJhQu/bcHjhhszxmB+I T+rHnsbOj6h0K8m1CW8FNhwTHBmHAJERoD8zwNOHMgXXQ0Ll8eXtrM9FlcGKzglq f+sWoKTBS+esKp/wAXHJgZVlkxL855ln+YdRhUvLZnuNTYf6Xme4Lf3G60pBxUbh h6CSIarAiE8EGBECAA8FAkZN5NACGwwFCQHhM4AACgkQQSbcfXk9NL8nVwCdGYBD K2HaCtPrv5B1JZHNiAQl4H4AnR5QcJV7O3+NoMsC3nzjJ2NB6QGy =hkcV -END PGP PUBLIC KEY BLOCK- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] 1.0.1 Load Balancing
Im having a hard time getting this setup. I have the MultiWan/Load Balancing doc from PfSenseDocs, but it is slightly different. When I try to put in the info, i get The following input errors were detected: 192.168.10.99 is currently being referenced by an interface ip address on wan. 192.168.2.99 is currently being referenced by an interface ip address on opt1. 10.99 and 2.99 are my wan1 and wan2. Does anyone have an uptodate HOWTO on this? Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 1.0.1 Load Balancing
Update to a recent snapshot or 1.2-BETA-1. Scott PS: yes its stable. On 5/18/07, Chris Flugstad [EMAIL PROTECTED] wrote: Im having a hard time getting this setup. I have the MultiWan/Load Balancing doc from PfSenseDocs, but it is slightly different. When I try to put in the info, i get The following input errors were detected: 192.168.10.99 is currently being referenced by an interface ip address on wan. 192.168.2.99 is currently being referenced by an interface ip address on opt1. 10.99 and 2.99 are my wan1 and wan2. Does anyone have an uptodate HOWTO on this? Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 1.0.1 Load Balancing
Much Easier, thanks Scott. Also, I did a test on 2 routers (ex 192's) and now I am going to take it onsite and use to Public IP's, but they have the same GW, as they are my dsl lines. I am the ISP. Will there be any complications since they both have the same gateway? Chris Scott Ullrich wrote: Update to a recent snapshot or 1.2-BETA-1. Scott PS: yes its stable. On 5/18/07, Chris Flugstad [EMAIL PROTECTED] wrote: Im having a hard time getting this setup. I have the MultiWan/Load Balancing doc from PfSenseDocs, but it is slightly different. When I try to put in the info, i get The following input errors were detected: 192.168.10.99 is currently being referenced by an interface ip address on wan. 192.168.2.99 is currently being referenced by an interface ip address on opt1. 10.99 and 2.99 are my wan1 and wan2. Does anyone have an uptodate HOWTO on this? Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]