[pfSense Support] R: [pfSense Support] Need help
OK, thanks. You send me the answer to my question, about VLAN and tunnelling. I got it!. I finally had what I wanted. Thank you. Bye Marco Vinella -Messaggio originale- Da: Marco Vinella [mailto:[EMAIL PROTECTED] Inviato: venerdì 18 maggio 2007 9.04 A: support@pfsense.com Oggetto: [pfSense Support] Need help I need to have some information about configuring pfSense's proxy. We have a LAN Active Directory (W Server 2003) managed. We have to filtering internet (WAN), from LAN, access with pfSense's proxy. We want to authorize only Users which are in a specific Active Directory's group. We want to know HOW TO CONFIGURE LDAP AUTHENTICATION using pfSense's web interface. The page is Auth settings in the Proxy section. Can anyone give us AN EXAMPLE of working Active Directory LDAP authentication ? What I have to write EXACTLY in each field ? What about LDAP search filter ? Thank you very much, Best regards. Marco Vinella - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FIXED? LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
Dear List I may have fixed this. I replaced the pfSense NIC which was in hindsight intermittently faulty, that finally failed completely. It has been stable since, with no logged messages other than the standard dnsmasq[489]: reading /var/dhcpd/var/db/dhcpd.leases Clearly more time is required, however it is looking good so far, given a number of error messages were noted on a daily basis prior and now none at all... Intermittent faults are the worst.!!! Thanks for the assistance provided. Kind regards David
Re: [pfSense Support] IPSEC Mobile Client
Tim Nelson wrote: Unfortunately, I am not having the same success as you with this! I've configured my pfSense box and my Shrewsoft VPN client exactly as you have presented, changing only the required items(IPs..) and still no luck. Although, now I have different entries in my logs! They are: May 22 02:31:17 last message repeated 2 times May 22 02:30:57 racoon: ERROR: Invalid exchange type 6 from xx.xxx.xxx.45[13620]. May 22 02:30:57 racoon: INFO: ISAKMP-SA established xx.xxx.xxx.41[500]-xx.xxx.xxx.45[13620] spi:414a323fc562af9b:a0f2118df4c4c50a May 22 02:30:57 racoon: INFO: received Vendor ID: DPD May 22 02:30:57 racoon: INFO: received broken Microsoft ID: FRAGMENTATION May 22 02:30:57 racoon: INFO: received Vendor ID: CISCO-UNITY May 22 02:30:57 racoon: INFO: begin Aggressive mode. May 22 02:30:57 racoon: INFO: respond new phase 1 negotiation: xx.xxx.xxx.41[500]=xx.xxx.xxx.45[13620] Did you import the file I attached into the VPN Access Manager as a starting point for your site configuration or did you create one from scratch? It would appear that the Client is trying to use mode config ( exchange type 6 ) to auto-configure one or more parameters. The file I had attached disabled all the mode config functionality to prevent this from happening. Here is a message that I posted on the Shrew Soft mailing list that describes what options need to be disabled to prevent mode config from being used. It basically says to disable the login banner and any setting that says automatic ;) http://lists.shrew.net/pipermail/vpn-help/2006-October/000610.html The Shrew Soft Client tracks ipsec tools development so it works best with later versions. As the client is flexible, it tends to be a bit of a chore to get it working with a fully manual configuration. The idea is to have all possible settings centrally administered by the VPN Gateway. If you are curious about how things would normally work, you can check out the Client Documentation section titled Using the VPN Client. http://www.shrew.net/vpn/help-2.0.0/vpnhelp.htm The pfsense web interface doesn't support all the whiz bang features that are made possible by the mode config and extended / hybrid authentication protocol extensions. After I get 2.0 out the door, I may have time to look at the pfSense code and see what I can do to help out in this regard. If you still have problems, let me know. -Matthew - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]