AW: [pfSense Support] IPSEC
So then go on and use OpenVPN site-to-site... it works woth 2 dynamic IPs... Dynamic IPs for IPSec will be in 1.3... Regards, Martin Von: Anil Garg [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 28. Februar 2008 04:51 An: support@pfsense.com Betreff: [pfSense Support] IPSEC Hey guys - I am a happy camper with pfsense and recently upgraded to 1.2 and have no issues to report so far. I am trying to hook up two pfsense boxes with IPSEC site to site It looks like that it needs a public ip address to create a tunnel. I could try and get public IP address at one place but it looks like it still will not work because I need public IP address on both sides. Have looked at all documents and spent many hours without avail... Will some of you learned people suggest a way out.. I can only get a Public IP address at one location and I am happy to do pay for that. But the second location being a AT&T DSL in San Jose, CA - this is not an option,. Much appreciate your help and guidance. Best Regards Anil Garg
Re: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs)
the fact that the setup works,but only if you start a packet capture (using the last option in the pfsense menu?) is something strange. possibly something wrong in config (maybe routing or gateway?). a lot of small and hard to catch bugs have been fixed in 1.2RELEASE and so i would go for a reinstall from scratch. sai On 2/28/08, Michael Richardson <[EMAIL PROTECTED]> wrote: > > > > > I've got a dual-wan setup and I want to cause traffic between an internal > machine, and external machine to occur over WAN2 (I could use source or > destination as criteria). Both public IPs would share a gateway so I've put > a NAT device on WAN2 and connected the modem to it so now both WAN ports are > on different subnets. (more) > > > > With the appropriate LAN rule in place, traffic doesn't flow UNLESS I start > a packet capture on WAN2 (I found this while trying to troubleshoot). Why > would this be? Anyone got the time and know-how to help me troubleshoot > this? > > > > Here's my setup. Hope the art comes through decently. The reason for the > SpeedStream device is because otherwise both WAN interfaces would have the > same gateway IP and I read that is unacceptable for a dual-wan config. > > > > > > | WAN 67.x.x.12 | Cable Modem1 > > | > | > > | "pfSense 1.2"| > > | LAN 192.168.1.0 | > > > | > | | "SpeedStream 2601" for NAT | > > | WAN2 192.168.0.2 |-- | 192.168.0.1 > |-- Cable Modem 2 > > > > > > > I want to be sure that traffic FROM 192.168.1.22 or traffic TO 78.x.x.10 > goes through WAN2 (I can use source, destination, or both). > > > > Outbound NAT is set to Automatic and has only the default LAN rule in place. > I have added a LAN rule, but instead of trying to communicate what it is and > confirm it's right, I think it would be faster if someone could tell me what > it should be (at least one of the options), and I'll just use that. > > > > ANYthing else I haven't mentioned, I likely don't know about and need > pointed out. > > > > > > Thanks in advance, and I'm loving 1.2. The upgrade was flawless. > > > > Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] After upgrade (1.2RC3 --> 1.2) No IPsec connection any more
Hello, After upgrading to release 1.2 of PFsense we are not able to set up any IPsec connection anymore. No errors in the logs of Pfsense. But wenn i put the upgrade (PFsense 1.2 RC3) over the not working 1.2 version, it all works again.? So why doesn't the IPsec tunnels work in the 1.2 version... Greatings
[pfSense Support] IPSEC
Hey guys - I am a happy camper with pfsense and recently upgraded to 1.2 and have no issues to report so far. I am trying to hook up two pfsense boxes with IPSEC site to site It looks like that it needs a public ip address to create a tunnel. I could try and get public IP address at one place but it looks like it still will not work because I need public IP address on both sides. Have looked at all documents and spent many hours without avail... Will some of you learned people suggest a way out.. I can only get a Public IP address at one location and I am happy to do pay for that. But the second location being a AT&T DSL in San Jose, CA - this is not an option,. Much appreciate your help and guidance. Best Regards Anil Garg
[pfSense Support] Doubt about link state changed in System Logs
Hello, I've noticed those lines in syslogs after an ATA adapter rebooted while it was connected to an optional interface: php: : Not a valid interface action "" php: : Processing - php: : Not a valid interface action "" php: : Processing start - php: : Hotplug event detected for vr2 but ignoring since interface is not set for DHCP php: : Processing vr2 - start check_reload_status: rc.linkup starting kernel: vr2: link state changed to UP kernel: vr2: link state changed to DOWN Is it ok 'Not a valid interface action ""' or is it a bug? Regards ___ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs)
I have a dual wan (not through choice only legacy) , the issue is that an openvpn connection needs to connect via the secondary wan connection (192.168.9.1 ==> 192.168.9.2) which is not the default route for the network see below (default route is 192.168.0.1 from pfsense). Basically we need to connect through a node on the 182.168.111.0/24 network to access machines on this sub net. HOW??? We can do this via mofiying the conf file directly but want to move to an app interface environment and use pfSense entirely. Hints would be greatly appreciated. thanks paul the netwrok sample image Michael Richardson wrote: I've got a dual-wan setup and I want to cause traffic between an internal machine, and external machine to occur over WAN2 (I could use source or destination as criteria). Both public IPs would share a gateway so I've put a NAT device on WAN2 and connected the modem to it so now both WAN ports are on different subnets. (more) With the appropriate LAN rule in place, traffic doesn't flow UNLESS I start a packet capture on WAN2 (I found this while trying to troubleshoot). Why would this be? Anyone got the time and know-how to help me troubleshoot this? Here’s my setup. Hope the art comes through decently. The reason for the SpeedStream device is because otherwise both WAN interfaces would have the same gateway IP and I read that is unacceptable for a dual-wan config. | WAN 67.x.x.12 | Cable Modem1 | | | “pfSense 1.2” | | LAN 192.168.1.0 | | | | “SpeedStream 2601” for NAT | | WAN2 192.168.0.2 |-- | 192.168.0.1 |-- Cable Modem 2 I want to be sure that traffic FROM 192.168.1.22 or traffic TO 78.x.x.10 goes through WAN2 (I can use source, destination, or both). Outbound NAT is set to Automatic and has only the default LAN rule in place. I have added a LAN rule, but instead of trying to communicate what it is and confirm it’s right, I think it would be faster if someone could tell me what it should be (at least one of the options), and I’ll just use that. ANYthing else I haven’t mentioned, I likely don’t know about and need pointed out. Thanks in advance, and I’m loving 1.2. The upgrade was flawless. Mike -- --- GD Consulting srl Via della Giustizia, 10/B 20125 Milano (MI) - Italy Web: http://www.gdconsulting.it - Email: [EMAIL PROTECTED] Tel: +39-02.6710.1331 - Fax: +39.02.6707.8798 Ai sensi del D.L. n. 196/2003 e successive modifiche/integrazioni le informazioni contenute in questo messaggio di posta elettronica sono riservate e per uso esclusivo del destinatario. Qualsiasi pubblicazione, utilizzo o diffusione anche parziale dello stesso non può essere effettuata senza autorizzazione e potrebbe costituire un illecito penale. Qualora non siate tra i legittimi destinatari di questa e-mail Vi preghiamo cortesemente di cancellarla dal sistema dopo aver notificato al mittente, rispondendo alla comunicazione, l'errore da questi commesso. --- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs)
I've got a dual-wan setup and I want to cause traffic between an internal machine, and external machine to occur over WAN2 (I could use source or destination as criteria). Both public IPs would share a gateway so I've put a NAT device on WAN2 and connected the modem to it so now both WAN ports are on different subnets. (more) With the appropriate LAN rule in place, traffic doesn't flow UNLESS I start a packet capture on WAN2 (I found this while trying to troubleshoot). Why would this be? Anyone got the time and know-how to help me troubleshoot this? Here's my setup. Hope the art comes through decently. The reason for the SpeedStream device is because otherwise both WAN interfaces would have the same gateway IP and I read that is unacceptable for a dual-wan config. | WAN 67.x.x.12 | Cable Modem1 | | | "pfSense 1.2"| | LAN 192.168.1.0 | | | | "SpeedStream 2601" for NAT | | WAN2 192.168.0.2 |-- | 192.168.0.1 |-- Cable Modem 2 I want to be sure that traffic FROM 192.168.1.22 or traffic TO 78.x.x.10 goes through WAN2 (I can use source, destination, or both). Outbound NAT is set to Automatic and has only the default LAN rule in place. I have added a LAN rule, but instead of trying to communicate what it is and confirm it's right, I think it would be faster if someone could tell me what it should be (at least one of the options), and I'll just use that. ANYthing else I haven't mentioned, I likely don't know about and need pointed out. Thanks in advance, and I'm loving 1.2. The upgrade was flawless. Mike
[pfSense Support] IPSEC tunnel up but no traffic being passed...
Hello! I have an IPSEC tunnel configured between a mobile client running TheGreenBow and a fresh installation of pfSense 1.2-RELEASE. The tunnel comes up as expected yet I am unable to ping any devices on the remote subnet. There is not a firewall tab for rules on IPsec tunnels. Where should I start looking to troubleshoot? Thank you! Tim Nelson Systems/Network Support Rockbochs Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Downloading/Uploading IP identification
Ermal Luçi wrote: Log to pfsense though ssh. pkg_add -r rate than: rate -i {interface_to_monitor} -R (or similar) it should have even an option to do ranking to show your most hungry host. Anyone found the switch to see that? I tried -A, but then it asks for a -c class, and when I use it, it shows nothing. Should I use the LAN interface or the vlan interface or it doesn't matter? Ugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Outbound NAT Problem, 1.2-RELEASE
Got an issue with Outbound NAT. I have 2 interfaces, LAN and WAN. WAN has an IP assigned to its interface, as well as an additional 4 virtual IPs for a total of 5 IP addresses which are used in various inbound NAT rules. I have turned on manual outbound NAT, as I need my outgoing SMTP traffic to always come from a particular IP. My outbound NAT page looks like this (obviously with real IP addresses as opposed to .x.x.): Interface, Source, Source Port, Destination, Destination Port, NAT Address, NAT Port, Static Port WAN192.x.x.11/32 * * 25209.x.x.62 * NO WAN192.x.x.6/32 * * 25209.x.x.62 * NO WAN192.x.x.5/32 * * 25209.x.x.62 * NO WAN192.x.x.0/24 * * * * * NO The top 3 items are mail servers, and I want those to always use a particular IP address when communicating with the outside world (which seems to work just fine). The problem comes with rule #4-- none of my internal machines are able to communicate with the outside world (and #4 is the "auto generated rule"). I told the rule to use the "interface address" of the WAN for the NAT Address, but there doesn't seem to be any difference between "interface address" and "any" in the rule selection (which looks wrong to me), as the resulting rule looks exactly the same (bug?). When I specifically choose one of the virtual IPs, rule #4 THEN looks like this: WAN192.x.x.0/24 * * * 209.x.x.61 * NO ... and then my internal machines are able to communicate to the outside world. The interface address is 209.x.x.55-- so when I choose "interface address," shouldn't the rule be: WAN192.x.x.0/24 * * * 209.x.x.55 * NO Or maybe WAN192.x.x.0/24 * * * (WAN) * NO ?? Or am I doing something wrong? Congrats on a great release, by the way. :) Dimitri Rodis Integrita Systems LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Downloading/Uploading IP identification
bandwidthd or darkstats packages might help. they show download/upload by IP address. sai On 2/26/08, Bosco <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > I am using pfSense solution for a while (about 6 months) - version > 1.2 with 1 LAN + 3 WANs - and sometimes the Download or Upload traffic goes > very high. > > How do I know who (the LAN IP address) is downloading or uploading - > any package or command ? > > thanks > > JBosco > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]