RE: [pfSense Support] How to make 40 pfsense platforms refer to an external Login Page
Hi Scott, Thanks for your response. This exactly what I want. How could you help in solving my problem, what code adding and changes are needed to be done on PFSense platform in server the clients with a central login page hosted on one of my servers? Your help and support is much appreciated Regards Bassam -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 07, 2007 1:07 AM To: support@pfsense.com Subject: Re: [pfSense Support] How to make 40 pfsense platforms refer to an external Login Page On 7/29/07, Bassam A. Al-Khaffaf [EMAIL PROTECTED] wrote: Dear All, I have recently deployed a 40 PFSense platforms in one of the university campuses to enable staff and students to access Internet and other resources on the WAN side through wired and Wi-Fi. I have ported a customized login page that contains some logos and advertisements. Unfortunately, every time I need to add new information to the login page I need to update the entire deployed platform, and this is really a tedious and boring operation. I wonder if there is a possibility to make pfsense refers to an external login page hosted on a web server that eases my life of doing such operation. If there is no such thing in pfsense at the moment, is there any plan in the future to make pfsense refers to an external login page? I would redirect to a central login page that is served from one of your servers. While redirecting pass the server ip address and port that you need to post to from the central server. Then you can serve out a master page that knows where to post against when authenticating, etc. I am available via contract work if you need further assistance with this. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.11.8/940 - Release Date: 8/6/2007 4:53 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] open vpn ruleset?
Hi, thanks for reading this I've been able to establish an open vpn tunnel between a pfsense 10.2-rc1 machine at work and my linux box at home (which uses an ADSL modem/bridge and has a static IP). 10.0.0.0/24--lan--PFSENSE ~~~ LINUX--lan--192.168.0.0/24 the openvpn server settings on pfsense are to have a On pfsense I see this interface: tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 inet6 fe80::21b:21ff:fe01:245a%tun0 prefixlen 64 scopeid 0x16 inet 10.50.102.1 -- 10.50.102.2 netmask 0x Opened by PID 11694 and this route: 192.168.29 10.50.102.2UGS 06 tun0 but when I try and ping the local tunnel I get an error... # ping 10.50.102.1 PING 10.50.102.1 (10.50.102.1): 56 data bytes ping: sendto: No buffer space available - On linux box I see this: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.50.102.2 P-t-P:10.50.102.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:38 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:3192 (3.1 Kb) and I see this route in my table: 10.0.0.010.50.102.1 255.255.255.0 UG0 00 tun0 - If I run tcpdump -i tun0 at each end and ping the other, I can see the icmp packets leave but nothing coming back; I have made sure my linux box. If on my linux box I ping a node at work LAN I see the ping going into tun0, no reply, and likewise if on the pfsense box I ping the LAN address on my machine at home it too goes down the tunnel. My questions are this. 1/ how can I find out why the tunnel isn't passing traffic 2/ how do I define firewalling rules on the pfsense box to determine what the openvpn clients can access? Although I can add a rule and specify the interface as WAN,LAN,PPTP,PPOE,IPSEC or my sync and DMZ interfaces, there doesn't appear to be an option for openvpn clients; if I do create a rule for ipsec it disappears, as there's no tab for that interface. thanks very much Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] open vpn ruleset?
Paul M wrote: I've been able to establish an open vpn tunnel between a pfsense 10.2-rc1 machine at work and my linux box at home (which uses an ADSL modem/bridge and has a static IP). 10.0.0.0/24--lan--PFSENSE ~~~ LINUX--lan--192.168.0.0/24 ... If I run tcpdump -i tun0 at each end and ping the other, I can see the icmp packets leave but nothing coming back; I have made sure my linux (snipped lots of previous commentary). I rebooted pfsense because I'd been doing a lot of hacking about, and tried again.. no better luck but now when I ping on linux box I get this appearing from tcpdump on pfsense: 13:23:40.596976 IP15 bad-len 0 13:23:41.751325 IP15 [|ip] 13:23:51.400179 IP15 [|ip] At one point I did have at least ping working, but couldn't pass traffic, and then I changed it because my network settings weren't right for the environment. Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] open vpn ruleset?
Paul M wrote: I'd still like to know how to set up rules to control the vpn client access. You can't yet (it's on the improvements wish list hopefully for the 1.3 release). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] user restrictions features
Everyone, I see that BillM has been doing some work on the login page according to tickets I see in the timeline ... my question ... what is the best branch to test the user restrictions features on?? FBSD6 or 7, RELENG1 or 1_2 or HEAD??? I just want to test on the one that is getting the most work done on it. Regards,
Re: [pfSense Support] user restrictions features
RELENG_1. This won't show up in 1.2. --Bill On 8/7/07, David L. Strout [EMAIL PROTECTED] wrote: Everyone, I see that BillM has been doing some work on the login page according to tickets I see in the timeline ... my question ... what is the best branch to test the user restrictions features on?? FBSD6 or 7, RELENG1 or 1_2 or HEAD??? I just want to test on the one that is getting the most work done on it. Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] user restrictions features
Is this the FeeBSD6 or 7 head ISO that I should use? - Original Message - Subject: Re: [pfSense Support] user restrictions features From: Bill Marquette [EMAIL PROTECTED] To: support@pfsense.com Date: 07-08-2007 7:56 pm pIs it in :/p h2/FreeBSD7/head/iso//h2 h2or/h2 h2/FreeBSD6/head/iso//h2 pbr / br / blockquote style=border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(34, 67, 127); border-width: 0pt 0pt 0pt 2px; margin: 0px 0px 0px 5px; padding: 0px 0px 0px 5px;font size=2 face=verdana- Original Message -br / strongSubject:nbsp;/strongRe: [pfSense Support] \quot;user restrictions\quot; featuresbr / strongFrom: nbsp;/strongBill Marquette lt;[EMAIL PROTECTED]gt;br / strongTo:nbsp;/strongsupport@pfsense.combr / strongDate:nbsp;/strong07-08-2007 7:56 pmbr / /fontbr / br / RELENG_1. This won't show up in 1.2.br / br / --Billbr / br / On 8/7/07, David L. Strout lt;[EMAIL PROTECTED]gt; wrote:br / gt;br / gt;br / gt; Everyone,br / gt;br / gt; I see that BillM has been doing some work on the login page according tobr / gt; tickets I see in the timeline ... my question ... what is the best branch tobr / gt; test the quot;user restrictionsquot; features on??br / gt;br / gt; FBSD6 or 7, RELENG1 or 1_2 or HEAD???br / gt;br / gt; I just want to test on the one that is getting the most work done on it.br / gt;br / gt; Regards,br / br / -br / To unsubscribe, e-mail: [EMAIL PROTECTED]br / For additional commands, e-mail: [EMAIL PROTECTED]br / /blockquote/pRELENG_1. This won't show up in 1.2. --Bill On 8/7/07, David L. Strout [EMAIL PROTECTED] wrote: Everyone, I see that BillM has been doing some work on the login page according to tickets I see in the timeline ... my question ... what is the best branch to test the user restrictions features on?? FBSD6 or 7, RELENG1 or 1_2 or HEAD??? I just want to test on the one that is getting the most work done on it. Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] user restrictions features
Neither...releng1, which we haven't stopped creating snapshots of until 1.2 is released since we got tired of people pulling down the wrong snap. You'll need to build your own updates from a dev iso install for now. --Bill On 8/7/07, David L. Strout [EMAIL PROTECTED] wrote: Is this the FeeBSD6 or 7 head ISO that I should use? - Original Message - Subject: Re: [pfSense Support] user restrictions features From: Bill Marquette [EMAIL PROTECTED] To: support@pfsense.com Date: 07-08-2007 7:56 pm pIs it in :/p h2/FreeBSD7/head/iso//h2 h2or/h2 h2/FreeBSD6/head/iso//h2 pbr / br / blockquote style=border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(34, 67, 127); border-width: 0pt 0pt 0pt 2px; margin: 0px 0px 0px 5px; padding: 0px 0px 0px 5px;font size=2 face=verdana- Original Message -br / strongSubject:nbsp;/strongRe: [pfSense Support] \quot;user restrictions\quot; featuresbr / strongFrom: nbsp;/strongBill Marquette lt;[EMAIL PROTECTED]gt;br / strongTo:nbsp;/strongsupport@pfsense.combr / strongDate:nbsp;/strong07-08-2007 7:56 pmbr / /fontbr / br / RELENG_1. This won't show up in 1.2.br / br / --Billbr / br / On 8/7/07, David L. Strout lt;[EMAIL PROTECTED]gt; wrote:br / gt;br / gt;br / gt; Everyone,br / gt;br / gt; I see that BillM has been doing some work on the login page according tobr / gt; tickets I see in the timeline ... my question ... what is the best branch tobr / gt; test the quot;user restrictionsquot; features on??br / gt;br / gt; FBSD6 or 7, RELENG1 or 1_2 or HEAD???br / gt;br / gt; I just want to test on the one that is getting the most work done on it.br / gt;br / gt; Regards,br / br / -br / To unsubscribe, e-mail: [EMAIL PROTECTED]br / For additional commands, e-mail: [EMAIL PROTECTED]br / /blockquote/pRELENG_1. This won't show up in 1.2. --Bill On 8/7/07, David L. Strout [EMAIL PROTECTED] wrote: Everyone, I see that BillM has been doing some work on the login page according to tickets I see in the timeline ... my question ... what is the best branch to test the user restrictions features on?? FBSD6 or 7, RELENG1 or 1_2 or HEAD??? I just want to test on the one that is getting the most work done on it. Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
