Re: [pfSense Support] Multiple client connections
Understood !!! I appologize ... my original email wasn't very clear. I need to connect to many different openvpn (pfSense) boxes (not necessarily at the same time, but there may be a need for that too). So when I have multiple ca.crt files from all of the different servers what is the best practice for this type of setup? I have played with setting up different server and client certs in different sub-directories and it seems to work ok but just wanted to know if that is the reccommended way to go about clients that need multiple different server connections. - Original Message - Subject: Re: [pfSense Support] Multiple client connections From: Kyle Mott To: support@pfsense.com Date: 18-07-2007 4:34 pm When you specify the CA Cert, you specify it on a per-client basis (in myconfig.ovpn): ## SSL Options, must be modified with correct key/crt tls-client ca myca.crt cert mycert.crt key mykey.key -Kyle David L. Strout wrote: I have the OpenVPN client setup and running on a Windows client and I am looking to connect to multiple pfSense servers running OpenVPN the problem as I see it is I can have multiple client certificates but I hesitate to copy and overwrite the ca.crt in the openvpn config directory. I have looked at the OpenVPN site to see if I could see something about this but see nothing. Any thoughts ??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Squid package ?
Is there a way to rotate logs within the squid package or in the underlying FBSD OS? I have a specific need to capture all internet web traffic for auditing purposes and I can't seem to find anything on this. Any thoughts?
AW: [pfSense Support] Squid package ?
Use the squid logviewer lightsquid available as a packageā¦ Von: David L. Strout [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 19. Juli 2007 16:53 An: pfSense Support Betreff: [pfSense Support] Squid package ? Is there a way to rotate logs within the squid package or in the underlying FBSD OS? I have a specific need to capture all internet web traffic for auditing purposes and I can't seem to find anything on this. Any thoughts?
[pfSense Support] Squid Installation Hanging?
I have installed squid on a few different machines. On every machine It gets to the message This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process. I have left this on overnight (10 plus hours) and still have this screen. I reboot the router and Squid shows to eb installed and appears to work fine. Is this just a bug? I even tries it today on a fresh install using 1.2 Beta 2. Thanks, Ryan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Squid Installation Hanging?
Most likely a bug. View the source of the page once it appears to have stopped and look at the bottom for a php error. Scott On 7/19/07, Ryan Rodrigue [EMAIL PROTECTED] wrote: I have installed squid on a few different machines. On every machine It gets to the message This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process. I have left this on overnight (10 plus hours) and still have this screen. I reboot the router and Squid shows to eb installed and appears to work fine. Is this just a bug? I even tries it today on a fresh install using 1.2 Beta 2. Thanks, Ryan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Squid package ?
Nice .. THANKS -- -- David L. Strout -- ENGINEERING SYSTEMS PLUS, LLC -- [EMAIL PROTECTED] -- -Original Message- From: Fuchs, Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, July 19, 2007 12:23 PM To: support@pfsense.com Subject: AW: [pfSense Support] Squid package ? Use the squid logviewer lightsquid available as a package. Von: David L. Strout [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 19. Juli 2007 16:53 An: pfSense Support Betreff: [pfSense Support] Squid package ? Is there a way to rotate logs within the squid package or in the underlying FBSD OS? I have a specific need to capture all internet web traffic for auditing purposes and I can't seem to find anything on this. Any thoughts? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Gateway in rules
Hi ! How can I chose a different gateway than default in the rules ? We have multiple external IPs at work (on one interface per proxy-arp) and pfsense just shows the default gateway... Would be a cool feature for policy based routing... Any ideas ? Regards, Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CARP, pfSense latest snapshot
Ok, traced my steps *exactly* except I used VMware Server 1.0.3 and I get the exact same error. I also tried it on another physical machine running VMware server with the exact same results... So, it's not a Virtual Server issue or a hardware issue. Where do we go from here? Dimitri Rodis Integrita Systems LLC -Original Message- From: Dimitri Rodis [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 17, 2007 3:31 PM To: support@pfsense.com Subject: RE: [pfSense Support] CARP, pfSense latest snapshot Ok, I can do VMware on that host machine also. I will give it a shot. For what it's worth, however, I have a number of fresh installations (meaning, I didn't attempt to upload a m0n0 config, but was set up from scratch) at other sites running just fine on VS 2005 R2. I'll post back later once I get it up in VMware server. Dimitri Rodis Integrita Systems LLC -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 17, 2007 2:34 PM To: support@pfsense.com Subject: Re: [pfSense Support] CARP, pfSense latest snapshot Dimitri Rodis wrote: FWIW, this is running in a MS Virtual Server 2005 R2 SP1 virtual machine, so it shouldn't have anything to do with the hardware, as there are 10 other virtual machines running without issue. MS VS is the hardware in this case, and can be extremely flaky with FreeBSD. It sounds like that might be what you're seeing. I'm pretty certain you won't be able to replicate that using the exact same config on real hardware or VMware. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Gateway in rules
You can fake it by setting up a load balancing pool and enter only one gateway and use the gateway ip as a monitor ip. Scott On 7/19/07, Fuchs, Martin [EMAIL PROTECTED] wrote: Hi ! How can I chose a different gateway than default in the rules ? We have multiple external IPs at work (on one interface per proxy-arp) and pfsense just shows the default gateway... Would be a cool feature for policy based routing... Any ideas ? Regards, Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic
Hi Can someone start me off or point me in the right direction to program: 1) LAN and WAN traffic dumps to a Centos HDD on the LAN, in an attempt to catch the traffic that may be causing pf Sense to intermittently hang and require rebooting. 2) Somehow setup a cron job to ping the ISP every minute - and reboot pfSense if the pings fail for 20 mins. Much obliged for any assistance or pointers / URL's etc. Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Another Multiple WAN question
Hi Again, I've asked questions about this previously and have gotten much help, Thank You. Now I have some questions that will help me clarify in my own mind the best approach to my specific network. I will state some facts to begin with. 1 I have 3 separate DSL lines all from the same provider, each is given a static ip based on login name/password 2 I am content with the load balance function with no other needs to direct or traffic shape certain traffic to a specific wan. my modems can be setup several different ways, I would prefer to go the bridged ethernet, and have pfsense do the PPPoE authentication on all interfaces but seems not doable on the pfsense opt interfaces so I can set up my DSL modem/router to DMZ the ip that is handed off to pfsense WAN, OPT1 and OPT2 When the modem is setup that way, and its DHCP enabled, and pfsense gets its ip via DHCP client, the modem hands it the outside static ip NOT an ip in the subnet of the DHCP server in the DSL modem/router. If i look at the status of the interfaces in pfsense I will see Statusup DHCP up MAC IPmy static ip Subnet mask255.0.0.0 Gateway68.152.xxx.xxx DNS etc... One of the problems is that ALL 3 of my gateways are the same. I've double checked this by using each wan dsl modem and my laptop. So how does pfsense distiguish each wan if they all use same gateway on the other side at the ISP? Or is this simply not a good way to do this. I know that I can just assign public ips 192.168.0.1, 192.168.1.1 and 192.168.2.1 to my dsl modems and use them as the gateways for the load balanceing setup but isn't this an unneeded router hop and just adds to the latency time? Then it seems to get messy if I need to access the web config for the dsl modems from the LAN side and my DSL modems have no web authentication so they are vulnerable from inside my LAN so more rules would be needed. Well, maybe I am just being too picky? But the one main reason for now is that I want my pfsense ips to be my outside static ips so that I dont have to monkey around with both pfsense AND the dsl modem/router just to pinhole the firewall. I'm not having to much luck getting through both the dsl modem/router and pfsense. Any ideas, thoughts? Thanks for listening to my rambling and any wisdom you might impart my way. Cheers, Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic
On Fri 20 Jul 2007 11:41:05 NZST +1200, Tortise wrote: 2) Somehow setup a cron job to ping the ISP every minute - and reboot pfSense if the pings fail for 20 mins. I'll do one of those as soon as I get a spare minute. I'll send you a copy. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]