Re: [pfSense Support] Multiple VPN compatible with Micro$oft
Ryan Rodrigue wrote: Chris, Thanks for the reply. Will PPTP work with MS Active Directory? I was kinda thinking it would using radius. Yes, with IAS. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange problem
On Tue, Mar 18, 2008 at 8:08 PM, Curtis Maurand <[EMAIL PROTECTED]> wrote: > > No iptables. wasn't even installed until 2 minutes ago. No http proxy > statements very generic gentoo installation on the laptop. I have not tried > wget, but I did try telnet to a host on port 80 and the connection hung. I > had to do a ^] to get out of it. I have not tried wget, lynx or curl, > though they are all installed. > > I'll try a tcpdump from the pfsense machine the next time I'm in there and > see what I find. Try disabling SACK on the linux host or even socket autosizing. > > thanks, > > Curtis > > > - Original Message - > From: "RB" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: Tuesday, March 18, 2008 2:15:34 PM (GMT-0500) America/New_York > Subject: Re: [pfSense Support] Strange problem > > > On 3/18/08, Curtis Maurand <[EMAIL PROTECTED]> wrote: > > Like I said, it works fine on the same hardware if I run Windows, but not > if > > I run Linux. I've used IE and firefox on Windows, IE, firefox, epiphany > and > > konqueror on Linux. I wish I had a MAC to test with. :-( > > I have one, and it works fine on my various networks. > > OS and hardware likely aren't the issue here. Have you done something > like 'export http_proxy="http://foobar:8080";' in your profile on the > Linux box, or set up a port redirect with iptables, or any one of the > other thousands of ways to muck with your http traffic on a Linux > client? Have you tried using wget, curl, or lynx? > > Try the tcpdump from your pfSense system; it'll be the most immediate > and apparent. If you see appropriate traffic (which at the moment I > honestly doubt you will), then there's something really strange with > your pfSense setup. Otherwise, you know it's something on the client. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multiple VPN compatible with Micro$oft
i've had good luck with the greenbow ipsec vpn client on windows xp and vista. I've had good luck with the pptp client on windows xp, but not vista. Vista can ping things, but it can't connect to anything like an exchange server. I'm suspecting that one of those "security enhancements" on vista is the culprit. but I don't have a copy to test with. Curtis Maurand Head Honcho Xyonet Webhosting Services 6 Evergreen Lane Biddeford, ME 04005 http://www.xyonet.com mailto:[EMAIL PROTECTED] 207.252.7748 - Original Message - From: "Ryan Rodrigue" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Tuesday, March 18, 2008 2:25:39 PM (GMT-0500) America/New_York Subject: RE: [pfSense Support] Multiple VPN compatible with Micro$oft Chris, Thanks for the reply. Will PPTP work with MS Active Directory? I was kinda thinking it would using radius. I may be incorrect in this though. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 6:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft Radio Tech wrote: > Hello all. I am looking for some information. I need to implement a > wireless connection using VPN access. I am kinda green on VPN and really > dont know the way to go. The kicker is, it need to be able to support up > to 300 user and have the ability to intergrate with Microsoft Active > Directory. Will anything on PFsense do this. I really like this router and > feel it is possible, but I don't know what the best way to go it. I can try > it on a test box. I would give more information, but I don't know what > other questions are important. Thanks for your help, Ryan > What Curtis pointed you to should work, but you might prefer PPTP because the client is built into Windows, and it's a heck of a lot easier to configure. It's much less firewall friendly and less secure, so it's suitability depends on your environment and its requirements. No problem supporting that many users with PPTP or OpenVPN as long as you have adequate CPU power for however much traffic you need to push. Unless it's a significant amount ( > 15 Mb), basically anything will suffice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ NOD32 2956 (20080318) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange problem
No iptables. wasn't even installed until 2 minutes ago. No http proxy statements very generic gentoo installation on the laptop. I have not tried wget, but I did try telnet to a host on port 80 and the connection hung. I had to do a ^] to get out of it. I have not tried wget, lynx or curl, though they are all installed. I'll try a tcpdump from the pfsense machine the next time I'm in there and see what I find. thanks, Curtis - Original Message - From: "RB" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Tuesday, March 18, 2008 2:15:34 PM (GMT-0500) America/New_York Subject: Re: [pfSense Support] Strange problem On 3/18/08, Curtis Maurand <[EMAIL PROTECTED]> wrote: > Like I said, it works fine on the same hardware if I run Windows, but not if > I run Linux. I've used IE and firefox on Windows, IE, firefox, epiphany and > konqueror on Linux. I wish I had a MAC to test with. :-( I have one, and it works fine on my various networks. OS and hardware likely aren't the issue here. Have you done something like 'export http_proxy="http://foobar:8080";' in your profile on the Linux box, or set up a port redirect with iptables, or any one of the other thousands of ways to muck with your http traffic on a Linux client? Have you tried using wget, curl, or lynx? Try the tcpdump from your pfSense system; it'll be the most immediate and apparent. If you see appropriate traffic (which at the moment I honestly doubt you will), then there's something really strange with your pfSense setup. Otherwise, you know it's something on the client. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange problem
On 3/18/08, Curtis Maurand <[EMAIL PROTECTED]> wrote: > Like I said, it works fine on the same hardware if I run Windows, but not if > I run Linux. I've used IE and firefox on Windows, IE, firefox, epiphany and > konqueror on Linux. I wish I had a MAC to test with. :-( I have one, and it works fine on my various networks. OS and hardware likely aren't the issue here. Have you done something like 'export http_proxy="http://foobar:8080";' in your profile on the Linux box, or set up a port redirect with iptables, or any one of the other thousands of ways to muck with your http traffic on a Linux client? Have you tried using wget, curl, or lynx? Try the tcpdump from your pfSense system; it'll be the most immediate and apparent. If you see appropriate traffic (which at the moment I honestly doubt you will), then there's something really strange with your pfSense setup. Otherwise, you know it's something on the client. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Multiple VPN compatible with Micro$oft
Chris, Thanks for the reply. Will PPTP work with MS Active Directory? I was kinda thinking it would using radius. I may be incorrect in this though. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 6:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft Radio Tech wrote: > Hello all. I am looking for some information. I need to implement a > wireless connection using VPN access. I am kinda green on VPN and really > dont know the way to go. The kicker is, it need to be able to support up > to 300 user and have the ability to intergrate with Microsoft Active > Directory. Will anything on PFsense do this. I really like this router and > feel it is possible, but I don't know what the best way to go it. I can try > it on a test box. I would give more information, but I don't know what > other questions are important. Thanks for your help, Ryan > What Curtis pointed you to should work, but you might prefer PPTP because the client is built into Windows, and it's a heck of a lot easier to configure. It's much less firewall friendly and less secure, so it's suitability depends on your environment and its requirements. No problem supporting that many users with PPTP or OpenVPN as long as you have adequate CPU power for however much traffic you need to push. Unless it's a significant amount ( > 15 Mb), basically anything will suffice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ NOD32 2956 (20080318) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange problem
Like I said, it works fine on the same hardware if I run Windows, but not if I run Linux. I've used IE and firefox on Windows, IE, firefox, epiphany and konqueror on Linux. I wish I had a MAC to test with. :-( Curtis - Original Message - From: "RB" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Tuesday, March 18, 2008 1:13:56 PM (GMT-0500) America/New_York Subject: Re: [pfSense Support] Strange problem > problem. If I boot to Linux, I can't establish any connections on port > 80/443 going out. It will make smtp connections as well as POP3/IMAP > connections to the same machines. I can ping things. I'm getting > successful name lookups and until the upgrade to 1.2-RELEASE this unit No such problems here, but it sounds to me like you may have some persistent proxy configuration set to redirect 80/443. What http clients have you tried, and have you done a tcpdump from your router to make sure traffic is hitting it? # tcpdump -s0 -vni em0 host linux_client_ip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange problem
> problem. If I boot to Linux, I can't establish any connections on port > 80/443 going out. It will make smtp connections as well as POP3/IMAP > connections to the same machines. I can ping things. I'm getting > successful name lookups and until the upgrade to 1.2-RELEASE this unit No such problems here, but it sounds to me like you may have some persistent proxy configuration set to redirect 80/443. What http clients have you tried, and have you done a tcpdump from your router to make sure traffic is hitting it? # tcpdump -s0 -vni em0 host linux_client_ip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Strange problem
Hello, this is my first post to the list in a very, very long time. Thank you for producing a particularly fine product. I'm having a rather strange problem. I'm running version 1.2-beta-2. That said, I'm performing an upgrade as I type this, but I don't think that its going to help. I'm running a dual boot laptop behind the pfsense firewall trying to make http connections to the outside world. If I boot to Windows XP Pro, no problem. If I boot to Linux, I can't establish any connections on port 80/443 going out. It will make smtp connections as well as POP3/IMAP connections to the same machines. I can ping things. I'm getting successful name lookups and until the upgrade to 1.2-RELEASE this unit hadn't been restarted in 400 days. Yes, its that stable. This isn't the only annoying problem I'm having, but its a concern. As my customer uses only Windows machines in the house it hasn't been a problem. I do have a couple of wierd rules set up to give priority to VPN and VOIP traffic. Vista and PPTP is another topic. :-) any help is apppreciated. Thanks, Curtis -- Curtis Maurand Head Honcho Xyonet Webhosting Services 6 Evergreen Lane Biddeford, ME 04005 http://www.xyonet.com mailto:[EMAIL PROTECTED] 207.252.7748
RE: [pfSense Support] Microdrive or CF card
Yup. your screwed. -Original Message- From: Paul M [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2008 9:43 AM To: support@pfsense.com Subject: Re: [pfSense Support] Microdrive or CF card Eugen Leitl wrote: >> Noise: I think the microdrive is next to silent. > > IIRC reliability is a problem. I've never heard the microdrive in my zaurus c3100, and I can't remember the last time I heard of one fail! damn, I've just doomed myself, haven't I? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Microdrive or CF card
lol, that is very possible - yes. a 4GB model would be sufficiant for logging, using ntop & imspector ?? I guess proxy is out of the question, since the access is not that fast like a real HD Paul M schreef: Eugen Leitl wrote: Noise: I think the microdrive is next to silent. IIRC reliability is a problem. I've never heard the microdrive in my zaurus c3100, and I can't remember the last time I heard of one fail! damn, I've just doomed myself, haven't I? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Microdrive or CF card
Eugen Leitl wrote: >> Noise: I think the microdrive is next to silent. > > IIRC reliability is a problem. I've never heard the microdrive in my zaurus c3100, and I can't remember the last time I heard of one fail! damn, I've just doomed myself, haven't I? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
