RE: [pfSense Support] PPTP VPN
Did you change the use default gateway. Richard Sperry Director of Operations WrinkleBrain, Inc. [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 206.729.4799 x13 MCP - Small Business Specialist WOT - Thawte Notary InfraGard - US Homeland Security CONFIDENTIALITY NOTICE: The information in this electronic mail transmission is legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the transmission is strictly prohibited. If you have received this transmission in error, please delete the message and immediately notify us by telephone at 206.729.4799 or by responding to this email. If this email is signed or encrypted you may not forward to another party with out written permission in a signed email. Recycle Notice: This email was sent using recycled electrons. [cid:image002.png@01C8406F.45259EA0] From: Giljam Koch [mailto:[EMAIL PROTECTED] Sent: Monday, December 17, 2007 4:57 AM To: support@pfsense.com Subject: [pfSense Support] PPTP VPN Worthy Ladies Gentemen, I have a very strange problem with some outbound PPTP connections. Some seem to work. Some don't. If I start another PPTP VPN connection first, route the one that did not work through this VPN, it does work though. It looks as though the pfSense firewall blocks something, but I can't seem to figure out what it is. It must be something stupidly simple. Does anyone have any idea?! Met vriendelijke groet, Giljam Koch Systeembeheerder [cid:image003.jpg@01C8406F.45259EA0] Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nlhttp://www.amyyon-more.nl inline: image002.pnginline: image003.jpg
Re: [pfSense Support] PPTP VPN
Richard Sperry wrote: Did you change the “use default gateway.” arrggghhh! HTML and advertising! stop the pain! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PPTP VPN
Hello Richard, Thanks for your reply. No. It's still default. I did however conclude the following: When I disable my own PPTP VPN server, the outbound VPN's work again. Can anyone confirm this? Does this have something to do with this infamous GRE connection tracking issue that FreeBSD/ pfSense has? Regards, Giljam _ Van: Richard Sperry [mailto:[EMAIL PROTECTED] Verzonden: maandag 17 december 2007 14:40 Aan: support@pfsense.com Onderwerp: RE: [pfSense Support] PPTP VPN Did you change the use default gateway. Richard Sperry Director of Operations WrinkleBrain, Inc. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 206.729.4799 x13 MCP - Small Business Specialist WOT - Thawte Notary InfraGard - US Homeland Security CONFIDENTIALITY NOTICE: The information in this electronic mail transmission is legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the transmission is strictly prohibited. If you have received this transmission in error, please delete the message and immediately notify us by telephone at 206.729.4799 or by responding to this email. If this email is signed or encrypted you may not forward to another party with out written permission in a signed email. Recycle Notice: This email was sent using recycled electrons. From: Giljam Koch [mailto:[EMAIL PROTECTED] Sent: Monday, December 17, 2007 4:57 AM To: support@pfsense.com Subject: [pfSense Support] PPTP VPN Worthy Ladies Gentemen, I have a very strange problem with some outbound PPTP connections. Some seem to work. Some don't. If I start another PPTP VPN connection first, route the one that did not work through this VPN, it does work though. It looks as though the pfSense firewall blocks something, but I can't seem to figure out what it is. It must be something stupidly simple. Does anyone have any idea?! Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl http://www.amyyon-more.nl image001.jpgimage003.jpg
RE: [pfSense Support] PPTP VPN
Hmmm... Okay. Thanks for the tip! Regards, Giljam _ Van: Tim Nelson [mailto:[EMAIL PROTECTED] Verzonden: maandag 17 december 2007 16:41 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] PPTP VPN It is a known issue with pfSense and FreeBSD. We've had major problems with this as well. For installations where both outbound and locally terminated PPTP sessions are needed, we have been using monowall which works fine. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 - Original Message - From: Giljam Koch [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, December 17, 2007 8:32:37 AM (GMT-0600) America/Chicago Subject: RE: [pfSense Support] PPTP VPN Hello Richard, Thanks for your reply. No. It's still default. I did however conclude the following: When I disable my own PPTP VPN server, the outbound VPN's work again. Can anyone confirm this? Does this have something to do with this infamous GRE connection tracking issue that FreeBSD/ pfSense has? Regards, Giljam _ Van: Richard Sperry [mailto:[EMAIL PROTECTED] Verzonden: maandag 17 december 2007 14:40 Aan: support@pfsense.com Onderwerp: RE: [pfSense Support] PPTP VPN Did you change the use default gateway. Richard Sperry Director of Operations WrinkleBrain, Inc. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 206.729.4799 x13 MCP - Small Business Specialist WOT - Thawte Notary InfraGard - US Homeland Security CONFIDENTIALITY NOTICE: The information in this electronic mail transmission is legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the transmission is strictly prohibited. If you have received this transmission in error, please delete the message and immediately notify us by telephone at 206.729.4799 or by responding to this email. If this email is signed or encrypted you may not forward to another party with out written permission in a signed email. Recycle Notice: This email was sent using recycled electrons. sing From: Giljam Koch [mailto:[EMAIL PROTECTED] Sent: Monday, December 17, 2007 4:57 AM To: support@pfsense.com Subject: [pfSense Support] PPTP VPN Worthy Ladies Gentemen, I have a very strange problem with some outbound PPTP connections. Some seem to work. Some don't. If I start another PPTP VPN connection first, route the one that did not work through this VPN, it does work though. It looks as though the pfSense firewall blocks something, but I can't seem to figure out what it is. It must be something stupidly simple. Does anyone have any idea?! Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl http://www.amyyon-more.nl
Re: [pfSense Support] Facing Problems with IPSec
On Dec 16, 2007, at 9:14 AM, Tim Korves wrote: I'm facing problems while routing traffic trough an IPSec tunnel. This is my configuration: Branch 1 pfSense IPSec server (HQ) Branch 2 | | Branch 3 You need to set up tunnels from branches 1, 2, and 3 to each other to make a mesh. Routing and IPsec are not friends to each other :-( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP VPN
Giljam Koch wrote: Hello Richard, Thanks for your reply. No. It’s still default. I did however conclude the following: When I disable my own PPTP VPN server, the outbound VPN’s work again. Can anyone confirm this? Does this have something to do with this infamous “GRE connection tracking” issue that FreeBSD/ pfSense has? Yes. From the new website that'll be live soon: PPTP and GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense support for usb to serial converter
Chris Kuhn wrote: small update: on my other (recently setup) BSD system, which is: FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 I see in /usr/src/sys/dev/usb that uftdi.c and usbdevs contain a definition for this device. I'm not sure exactly what kernel change would be necessary to add this. What does it show up as in dmesg on a stock FreeBSD system? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense support for usb to serial converter
.. Original Message ... On Mon, 17 Dec 2007 19:49:15 -0500 Chris Buechler [EMAIL PROTECTED] wrote: Chris Kuhn wrote: small update: on my other (recently setup) BSD system, which is: FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 I see in /usr/src/sys/dev/usb that uftdi.c and usbdevs contain a definition for this device. I'm not sure exactly what kernel change would be necessary to add this. What does it show up as in dmesg on a stock FreeBSD system? Sounds like just loading the uftdi module would be enough if ucom is already there - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Facing Problems with IPSec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Wade, hey all, Subnets are: HQ: 212.14.xx.64/26 Branch 1: 10.3.3.0/28 Branch 2: 10.3.3.16/28 Branch 3: 10.3.3.32/28 E.g. at Branch 1 I've added a static route for 10.3.3.0/28 via 212.14.xx.65 . At the HQ's pfSense, all traffic from and to IPSec is permitted by only one rule. As others said, I should mesh all branches together, wouldn't be possible so easy. Only the HQ has a static IP on it's WAN interface, all the Branches don't have a static IP on WAN. Regards, Tim Wade Blackwell schrieb: Hey Tim Good evening, Can you add in some hypothetical subnetting with prefixes that match the real thing? I know there is wierdness with how IPsec was shoved into the PF stack but if the source/dest IPsec proxies are correct the hub IPsec box should re-encrypt and send seeing the destination networks as directly connected through the ENC0 interface (PF team jump in if I am mis-speaking). Wade B On Dec 16, 2007 6:14 AM, Tim Korves [EMAIL PROTECTED] wrote: Hi there, I'm facing problems while routing traffic trough an IPSec tunnel. This is my configuration: Branch 1 pfSense IPSec server (HQ) Branch 2 | | Branch 3 All branches are running pfsense. All branches are able to talk to the HQ. But the communication between the branches is not possible. I created static routes on each branch pfsense which point to the other branches' subnet via the HQ. But instead of using the tunnel to route the packets, the branch routers trying to use their PPPoE connection which fails on their ISPs first router (what a wonder ;-))... Anyone has an idea how to realize this? Firewall rules permit every traffic via the IPSec tunnels. Nothing's blocked. Regards, Tim - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHZ3SYB5sXJ5cmuvMRAlDMAJ49vNsXzlopkzULnhg8S2BWvxExjgCg3NL5 4GCo121jl8NL6l21e54wsxo= =7xkZ -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Facing Problems with IPSec
You could put another pfsense on private IP space at HQ that knows how to forward the packets back out. So the routing decision would be made after it's traversed the tunnel. Should be simple enough. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
