[pfSense Support] RRD graphs keep going NaN
After upgrading to 1.2 embedded, the RRD graphs keep getting into a state where they show nothing, and all the values listed below the graphs are nan. I have tried the hack to reset the graphs (delete the RRD files manually, and run the PHP function to start it again), but that only makes it work for a little while. Any known things that can cause this, and any workarounds? Regards, -Jeppe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Anyone get Wii working with pfSense?
Vivek Khera wrote: On Apr 28, 2008, at 9:16 PM, Tom wrote: I can connect to Worldwide and Regional events with Mario Kart, but I can't connect to Friends. Nintendo says they are different types of connections so connecting to Worldwide and Regional events doesn't necessarily mean connecting to Friends should work since Friends are a direct connect between systems. I've tried creating a NAT and forwarding all UDP traffic to the Wii, but that didn't make a difference. When I connect, I get a Nintendo Error: 86420 Works for Mii :-) Sometimes it takes several days to weeks to complete the pairing with some friends, but it does eventually recognize the friend's box. I believe this is a Nintendo issue, not a networking issue on my end. I do have uPNP enabled on the router since I trust everyone inside (basically one winderz box, plus a handful of macs and one kubuntu aside from the wii.) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:11,481695c86751241718764! Wii and Pfsense didn't work for me out the box, I was getting same error code. My WAN has 5 ips My Wii is on LAN, with NAT to a bunch of home machines To get it to work, I used a Virtual IP (CARP type) and a spare WAN IP, NAT 1:1 mapping directly to the IP of the Wii, and made a really crude rule WAN - UDP - 1-65535 Wii IP : VIP -maybe I should review this... It was far more important to make the Wii work at the time! I did first try a bunch of UDP port forwarding but that didn't work. uPNP is off on my pfsense Mii / Friend sharing has taken between 2 and 30 mins for the few people I have currently shared with. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPPoE gets disconnected on WAN port
Short update about my issues: On Wed, 2008-04-16 at 17:45 -0400, Chris Buechler wrote: Since the situation has not improved, I'm re-posting this :-( If you have any idea what I could/should try, it would be very nice... At the moment I have about 3-4 disconnects per day, and according to the ISP everything is fine (line, etc.) Open up /etc/inc/interfaces.inc in Diagnostics - Edit, and go down to under: set bundle disable multilink set bundle authname {$pppoecfg['username']} set bundle password {$pppoecfg['password']} which is line 1242, and add the following line beneath that: set bundle no noretry Then save the file and reboot. Let us know if that makes any difference. Thanks for your feedback (and also to David). I couldn't try the commands yet because the device was remote and people were working, but I will keep them around in case the problems are coming back. Because since about one week, I replaced and made a full reset on the Zyxel VDSL modem/bridge, and no more issues the last 5 days and nights. So it seems it wasn't a pfsense issue after all... :) But at least I know how to debug this kind of problems the next time, merci! regards from Switzerland, Olivier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] PPTP Ipsec
Good morning PFsense fans, Greetings from the starting to get sunny Northwest. I am not sure if what I am trying can be done or not. In concept I know it's possible but I am not seeing the desired results where the rubber meets the road. Basic setup is this; Network A 1.1.1.1/24 | | | I-netPF---PPTP clients 3.3.3.3/28 | | | IPsec tunnel to 2.2.2.0/24 Goal: To have PPTP clients connect in and connect to the PF and then have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am assuming) is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I did, attempting to make this work, was to setup the advanced outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. If anyone has tried this or has some insight I would be stoked. Thanks all. -- Wade B integrity is often more painful and always more profitable than perception management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: PPTP Ipsec
is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up Sounds like I outsourced my emails to support, more coffee -W On Tue, 2008-04-29 at 06:41 -0700, Wade Blackwell wrote: is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up -- Wade B integrity is often more painful and always more profitable than perception management - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CP Issue
Well I don't have squid running on the interface in question. Squid is running on LAN and I want CP on LAN2.. does that make a difference? Quick Drawing WAN DSL DSL2 || | PFSENSE | | SquidCP | | LAN LAN2 | | DefaultLoad Balancing? -Tim -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, April 28, 2008 6:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] CP Issue On Mon, Apr 28, 2008 at 12:48 PM, Tim Dickson [EMAIL PROTECTED] wrote: I did state Squid was in there ;) ... I have squid setup with defaults (non transparent) on LAN ONLY I have lightsquid installed for reporting So, anything else to try? I'm willing to help the cause if you have any ideas... Squid can only use the primary WAN at this time (services on localhost strictly obey the system routing table), so it won't load balance regardless. Though route-to rules should bypass Squid and let you load balance, they also bypass CP. Aside from manually hacking the pf and ipfw rules to figure out what's really going on with ipfw and pf route-to rules, I don't have any suggestions at this point. It is something I'm going to look into eventually. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD graphs keep going NaN
When the issue shows up can you run /var/db/rrd/updaterrd.sh manually and tell the output? Ermal On Tue, Apr 29, 2008 at 9:34 AM, Jeppe Øland [EMAIL PROTECTED] wrote: After upgrading to 1.2 embedded, the RRD graphs keep getting into a state where they show nothing, and all the values listed below the graphs are nan. I have tried the hack to reset the graphs (delete the RRD files manually, and run the PHP function to start it again), but that only makes it work for a little while. Any known things that can cause this, and any workarounds? Regards, -Jeppe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD graphs keep going NaN
If I just run it in the Diagnostics/Command field, it doesn't show anything. How many are supposed to be running at any one time?!? $ ps -efx | grep update 34828 ?? SN 0:00.16 /bin/sh /var/db/rrd/updaterrd.sh 35228 ?? SN 0:00.00 /bin/sh /var/db/rrd/updaterrd.sh 35240 ?? SN 0:00.01 /bin/sh /var/db/rrd/updaterrd.sh Regards, -Jeppe On Tue, Apr 29, 2008 at 9:23 AM, Ermal Luçi [EMAIL PROTECTED] wrote: When the issue shows up can you run /var/db/rrd/updaterrd.sh manually and tell the output? Ermal On Tue, Apr 29, 2008 at 9:34 AM, Jeppe Øland [EMAIL PROTECTED] wrote: After upgrading to 1.2 embedded, the RRD graphs keep getting into a state where they show nothing, and all the values listed below the graphs are nan. I have tried the hack to reset the graphs (delete the RRD files manually, and run the PHP function to start it again), but that only makes it work for a little while. Any known things that can cause this, and any workarounds? Regards, -Jeppe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD graphs keep going NaN
On Tue, Apr 29, 2008 at 7:13 PM, Jeppe Øland [EMAIL PROTECTED] wrote: If I just run it in the Diagnostics/Command field, it doesn't show anything. How many are supposed to be running at any one time?!? Actually you have to run that from ssh since it runs in background! Sorry i forgot to mention that ! Ermal $ ps -efx | grep update 34828 ?? SN 0:00.16 /bin/sh /var/db/rrd/updaterrd.sh 35228 ?? SN 0:00.00 /bin/sh /var/db/rrd/updaterrd.sh 35240 ?? SN 0:00.01 /bin/sh /var/db/rrd/updaterrd.sh Regards, -Jeppe On Tue, Apr 29, 2008 at 9:23 AM, Ermal Luçi [EMAIL PROTECTED] wrote: When the issue shows up can you run /var/db/rrd/updaterrd.sh manually and tell the output? Ermal On Tue, Apr 29, 2008 at 9:34 AM, Jeppe Øland [EMAIL PROTECTED] wrote: After upgrading to 1.2 embedded, the RRD graphs keep getting into a state where they show nothing, and all the values listed below the graphs are nan. I have tried the hack to reset the graphs (delete the RRD files manually, and run the PHP function to start it again), but that only makes it work for a little while. Any known things that can cause this, and any workarounds? Regards, -Jeppe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Anyone get Wii working with pfSense?
Does anyone have any ideas that don't include having multiple WAN IPs? :) I only have one WAN IP and I'm having the same problem as the original message poster. I can connect fine to World and Regional games but can't connect to or host Friend games. Date: Tue, 29 Apr 2008 08:48:55 +0100 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] Anyone get Wii working with pfSense? Vivek Khera wrote: On Apr 28, 2008, at 9:16 PM, Tom wrote: I can connect to Worldwide and Regional events with Mario Kart, but I can't connect to Friends. Nintendo says they are different types of connections so connecting to Worldwide and Regional events doesn't necessarily mean connecting to Friends should work since Friends are a direct connect between systems. I've tried creating a NAT and forwarding all UDP traffic to the Wii, but that didn't make a difference. When I connect, I get a Nintendo Error: 86420 Works for Mii :-) Sometimes it takes several days to weeks to complete the pairing with some friends, but it does eventually recognize the friend's box. I believe this is a Nintendo issue, not a networking issue on my end. I do have uPNP enabled on the router since I trust everyone inside (basically one winderz box, plus a handful of macs and one kubuntu aside from the wii.) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]!DSPAM:11,481695c86751241718764! Wii and Pfsense didn't work for me out the box, I was getting same error code. My WAN has 5 ips My Wii is on LAN, with NAT to a bunch of home machines To get it to work, I used a Virtual IP (CARP type) and a spare WAN IP, NAT 1:1 mapping directly to the IP of the Wii, and made a really crude rule WAN - UDP - 1-65535 Wii IP : VIP -maybe I should review this... It was far more important to make the Wii work at the time! I did first try a bunch of UDP port forwarding but that didn't work. uPNP is off on my pfsense Mii / Friend sharing has taken between 2 and 30 mins for the few people I have currently shared with. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ In a rush? Get real-time answers with Windows Live Messenger. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008
Re: [pfSense Support] Anyone get Wii working with pfSense?
I think the answer lies in the use of uPNP and Manual Outbound NAT http://forum.pfsense.org/index.php/topic,6042.0.html Firewall / NAT / Outbound (Tab) Here's what my Firewall: NAT: Outbound tab looks like --- *Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))* WAN 10.0.0.71/32 *****YESWii WAN 10.0.0.0/24 *****NOrest of LAN --- 10.0.0.71 would be the IP of your Wii Nintendo has a test that shows whether or not games should work: http://www.nintendo.com/consumer/systems/wii/en_na/NetworkTest.jsp With only uPNP set, the test didn't work. Once I made the change for Manual Outbound NAT, the test worked. For the test, instead of my Wii's IP, I entered a Windows computer. Hopefully when I get home and test on the Wii it will work. --tom Adam Van Ornum wrote: Does anyone have any ideas that don't include having multiple WAN IPs? :) I only have one WAN IP and I'm having the same problem as the original message poster. I can connect fine to World and Regional games but can't connect to or host Friend games. Date: Tue, 29 Apr 2008 08:48:55 +0100 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] Anyone get Wii working with pfSense? Vivek Khera wrote: On Apr 28, 2008, at 9:16 PM, Tom wrote: I can connect to Worldwide and Regional events with Mario Kart, but I can't connect to Friends. Nintendo says they are different types of connections so connecting to Worldwide and Regional events doesn't necessarily mean connecting to Friends should work since Friends are a direct connect between systems. I've tried creating a NAT and forwarding all UDP traffic to the Wii, but that didn't make a difference. When I connect, I get a Nintendo Error: 86420 Works for Mii :-) Sometimes it takes several days to weeks to complete the pairing with some friends, but it does eventually recognize the friend's box. I believe this is a Nintendo issue, not a networking issue on my end. I do have uPNP enabled on the router since I trust everyone inside (basically one winderz box, plus a handful of macs and one kubuntu aside from the wii.) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:11,481695c86751241718764! Wii and Pfsense didn't work for me out the box, I was getting same error code. My WAN has 5 ips My Wii is on LAN, with NAT to a bunch of home machines To get it to work, I used a Virtual IP (CARP type) and a spare WAN IP, NAT 1:1 mapping directly to the IP of the Wii, and made a really crude rule WAN - UDP - 1-65535 Wii IP : VIP -maybe I should review this... It was far more important to make the Wii work at the time! I did first try a bunch of UDP port forwarding but that didn't work. uPNP is off on my pfsense Mii / Friend sharing has taken between 2 and 30 mins for the few people I have currently shared with. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] In a rush? Get real-time answers with Windows Live Messenger. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Anyone get Wii working with pfSense?
On Apr 29, 2008, at 2:46 PM, Adam Van Ornum wrote: Does anyone have any ideas that don't include having multiple WAN IPs? :) I only have one WAN IP and I'm having the same problem as the original message poster. I can connect fine to World and Regional games but can't connect to or host Friend games. Like I said, Works for Mii :-) I haven't tried any online games yet (just got my first), but friend connections work, and i get update notification messages and the upgrades download just fine. I have uPNP enabled, and nothing else specific configured for the Wii on the pfSense router. I have a single LAN and a single WAN port hooked up to my cable modem in a mostly default configuration.
Re: [pfSense Support] RRD graphs keep going NaN
Ok I cleared the logs and right now I'm running it from the console ... since it sits in a loop, it never returns, and I expect it will print errors to the console if any appear. However, since it's sitting in a loop updating the RRD graphs like this, isn't it safe to assume that there should never be more than ONE copy of updaterrd.sh running at any one time? Regards, -Jeppe On Tue, Apr 29, 2008 at 10:33 AM, Ermal Luçi [EMAIL PROTECTED] wrote: On Tue, Apr 29, 2008 at 7:13 PM, Jeppe Øland [EMAIL PROTECTED] wrote: If I just run it in the Diagnostics/Command field, it doesn't show anything. How many are supposed to be running at any one time?!? Actually you have to run that from ssh since it runs in background! Sorry i forgot to mention that ! Ermal $ ps -efx | grep update 34828 ?? SN 0:00.16 /bin/sh /var/db/rrd/updaterrd.sh 35228 ?? SN 0:00.00 /bin/sh /var/db/rrd/updaterrd.sh 35240 ?? SN 0:00.01 /bin/sh /var/db/rrd/updaterrd.sh Regards, -Jeppe On Tue, Apr 29, 2008 at 9:23 AM, Ermal Luçi [EMAIL PROTECTED] wrote: When the issue shows up can you run /var/db/rrd/updaterrd.sh manually and tell the output? Ermal On Tue, Apr 29, 2008 at 9:34 AM, Jeppe Øland [EMAIL PROTECTED] wrote: After upgrading to 1.2 embedded, the RRD graphs keep getting into a state where they show nothing, and all the values listed below the graphs are nan. I have tried the hack to reset the graphs (delete the RRD files manually, and run the PHP function to start it again), but that only makes it work for a little while. Any known things that can cause this, and any workarounds? Regards, -Jeppe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Anyone get Wii working with pfSense?
This thread probably should be called Anyone get Mario Kart friend games working...most of the Wii online functionality I've tried has worked its just the friend matches in Mario Kart that don't. :) I'll try Tom's instructions to see if the static ports work... From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Tue, 29 Apr 2008 15:11:43 -0400Subject: Re: [pfSense Support] Anyone get Wii working with pfSense? On Apr 29, 2008, at 2:46 PM, Adam Van Ornum wrote: Does anyone have any ideas that don't include having multiple WAN IPs? :) I only have one WAN IP and I'm having the same problem as the original message poster. I can connect fine to World and Regional games but can't connect to or host Friend games. Like I said, Works for Mii :-) I haven't tried any online games yet (just got my first), but friend connections work, and i get update notification messages and the upgrades download just fine. I have uPNP enabled, and nothing else specific configured for the Wii on the pfSense router. I have a single LAN and a single WAN port hooked up to my cable modem in a mostly default configuration. _ Spell a grand slam in this game where word skill meets World Series. Get in the game. http://club.live.com/word_slugger.aspx?icid=word_slugger_wlhm_admod_april08
RE: [pfSense Support] Anyone get Wii working with pfSense?
Thanks Tom, that worked! I had to do the same thing a while ago for a PS2 game but I didn't think about trying that with Mario Kart. Date: Tue, 29 Apr 2008 15:04:58 -0400 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] Anyone get Wii working with pfSense? I think the answer lies in the use of uPNP and Manual Outbound NAT http://forum.pfsense.org/index.php/topic,6042.0.html Firewall / NAT / Outbound (Tab) Here's what my Firewall: NAT: Outbound tab looks like --- *Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))* WAN 10.0.0.71/32 * * * * * YES Wii WAN 10.0.0.0/24 * * * * * NO rest of LAN --- 10.0.0.71 would be the IP of your Wii Nintendo has a test that shows whether or not games should work: http://www.nintendo.com/consumer/systems/wii/en_na/NetworkTest.jsp With only uPNP set, the test didn't work. Once I made the change for Manual Outbound NAT, the test worked. For the test, instead of my Wii's IP, I entered a Windows computer. Hopefully when I get home and test on the Wii it will work. --tom Adam Van Ornum wrote: Does anyone have any ideas that don't include having multiple WAN IPs? :) I only have one WAN IP and I'm having the same problem as the original message poster. I can connect fine to World and Regional games but can't connect to or host Friend games. Date: Tue, 29 Apr 2008 08:48:55 +0100 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] Anyone get Wii working with pfSense? Vivek Khera wrote: On Apr 28, 2008, at 9:16 PM, Tom wrote: I can connect to Worldwide and Regional events with Mario Kart, but Ican't connect to Friends. Nintendo says they are different types of connections so connecting to Worldwide and Regional events doesn't necessarily mean connecting to Friends should work since Friends are a direct connect between systems. I've tried creating a NAT and forwarding all UDP traffic to the Wii,but that didn't make a difference. When I connect, I get a Nintendo Error: 86420 Works for Mii :-) Sometimes it takes several days to weeks to complete the pairing withsome friends, but it does eventually recognize the friend's box. Ibelieve this is a Nintendo issue, not a networking issue on my end. I do have uPNP enabled on the router since I trust everyone inside(basically one winderz box, plus a handful of macs and one kubuntuaside from the wii.) - To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:11,481695c86751241718764! Wii and Pfsense didn't work for me out the box, I was getting same error code. My WAN has 5 ips My Wii is on LAN, with NAT to a bunch of home machines To get it to work, I used a Virtual IP (CARP type) and a spare WAN IP, NAT 1:1 mapping directly to the IP of the Wii, and made a really crude rule WAN - UDP - 1-65535 Wii IP : VIP -maybe I should review this... It was far more important to make the Wii work at the time! I did first try a bunch of UDP port forwarding but that didn't work. uPNP is off on my pfsense Mii / Friend sharing has taken between 2 and 30 mins for the few people I have currently shared with. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] In a rush? Get real-time answers with Windows Live Messenger. http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Express yourself wherever you are. Mobilize! http://www.gowindowslive.com/Mobile/Landing/Messenger/Default.aspx?Locale=en-US?ocid=TAG_APRIL
Re: [pfSense Support] Re: PPTP Ipsec
Please don't do that. If someone has a response, they'll respond when they're able. Keep in mind that this is a free resource, and that help is on a voluntary basis. If this doesn't fit within the threshold you have for a solution, then please consider other options. Spamming the mailing list isn't the way. Wade Blackwell wrote: AnyoneBuelerBueler? -W On Tue, 2008-04-29 at 06:41 -0700, Wade Blackwell wrote: Good morning PFsense fans, Greetings from the starting to get sunny Northwest. I am not sure if what I am trying can be done or not. In concept I know it's possible but I am not seeing the desired results where the rubber meets the road. Basic setup is this; Network A 1.1.1.1/24 | | | I-netPF---PPTP clients 3.3.3.3/28 | | | IPsec tunnel to 2.2.2.0/24 Goal: To have PPTP clients connect in and connect to the PF and then have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am assuming) is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I did, attempting to make this work, was to setup the advanced outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. If anyone has tried this or has some insight I would be stoked. Thanks all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] BSD Magazine Electronic and Printed versions Subscription
On Tue, Apr 29, 2008 at 5:36 PM, Siju George [EMAIL PROTECTED] wrote: Hi, There is a new magazine dedicated to BSD. http://www.bsdmag.org/ You can subscribe for electronic as well as printed versions from here. http://buyitpress.com/en/index.php?p=2kat=26 Also, pfSense 1.2 is included in the first release. You won't want to miss this issue! :) Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Re: PPTP Ipsec
My bad, Thanks Gary. -W Wade Blackwell Integrity is often more painful and always more profitable than perception management -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 2:24 PM To: support@pfsense.com Subject: Re: [pfSense Support] Re: PPTP Ipsec Please don't do that. If someone has a response, they'll respond when they're able. Keep in mind that this is a free resource, and that help is on a voluntary basis. If this doesn't fit within the threshold you have for a solution, then please consider other options. Spamming the mailing list isn't the way. Wade Blackwell wrote: AnyoneBuelerBueler? -W On Tue, 2008-04-29 at 06:41 -0700, Wade Blackwell wrote: Good morning PFsense fans, Greetings from the starting to get sunny Northwest. I am not sure if what I am trying can be done or not. In concept I know it's possible but I am not seeing the desired results where the rubber meets the road. Basic setup is this; Network A 1.1.1.1/24 | | | I-netPF---PPTP clients 3.3.3.3/28 | | | IPsec tunnel to 2.2.2.0/24 Goal: To have PPTP clients connect in and connect to the PF and then have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am assuming) is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I did, attempting to make this work, was to setup the advanced outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. If anyone has tried this or has some insight I would be stoked. Thanks all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] PPTP Ipsec
On 4/29/08, Wade Blackwell [EMAIL PROTECTED] wrote: Good morning PFsense fans, Greetings from the starting to get sunny Northwest. I am not sure if what I am trying can be done or not. In concept I know it's possible but I am not seeing the desired results where the rubber meets the road. Basic setup is this; Network A 1.1.1.1/24 | | | I-netPF---PPTP clients 3.3.3.3/28 | | | IPsec tunnel to 2.2.2.0/24 Goal: To have PPTP clients connect in and connect to the PF and then have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am assuming) is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I did, attempting to make this work, was to setup the advanced outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. If anyone has tried this or has some insight I would be stoked. Thanks all. -- Wade B Make sure a static route exists on 2.2.2.0/24 to point back to 1.1.1.0./24 if I am reading this correctly. I have not tried this, so YMMV. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CP Issue
On Tue, Apr 29, 2008 at 7:04 PM, Tim Dickson [EMAIL PROTECTED] wrote: Well I don't have squid running on the interface in question. Squid is running on LAN and I want CP on LAN2.. does that make a difference? No, Squid really isn't relevant here, it's the route-to rules and their interaction (or lack thereof) with ipfw. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPPoE gets disconnected on WAN port
On Tue, Apr 29, 2008 at 8:44 AM, Olivier Mueller [EMAIL PROTECTED] wrote: Short update about my issues: Thanks for your feedback (and also to David). I couldn't try the commands yet because the device was remote and people were working, but I will keep them around in case the problems are coming back. This still might be something that is required. It seems we're missing the mpd config option for auto reconnect on PPPoE. But if it's working fine again now it must be OK, a flaky modem could have just as easily caused the scenario you were seeing. Let us know if the problem recurs. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CP Issue
Thanks Chris and Team -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 4:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] CP Issue On Tue, Apr 29, 2008 at 7:04 PM, Tim Dickson [EMAIL PROTECTED] wrote: Well I don't have squid running on the interface in question. Squid is running on LAN and I want CP on LAN2.. does that make a difference? No, Squid really isn't relevant here, it's the route-to rules and their interaction (or lack thereof) with ipfw. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PPTP Ipsec
Thanks Scott, Yes it does. The device on the other end is a Cisco ASA, when the tunnel comes up it inserts the network as a connected route and puts an entry in the FIB for the 2.2.2.0/24. The rest of the environment (on the other side of the tunnel) learns that route from OSPF. Looks like I am going to run some debugs. If anyone has any thoughts on this I am all ears. Thanks. Wade B Wade Blackwell Integrity is often more painful and always more profitable than perception management -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 3:04 PM To: support@pfsense.com Subject: Re: [pfSense Support] PPTP Ipsec On 4/29/08, Wade Blackwell [EMAIL PROTECTED] wrote: Good morning PFsense fans, Greetings from the starting to get sunny Northwest. I am not sure if what I am trying can be done or not. In concept I know it's possible but I am not seeing the desired results where the rubber meets the road. Basic setup is this; Network A 1.1.1.1/24 | | | I-netPF---PPTP clients 3.3.3.3/28 | | | IPsec tunnel to 2.2.2.0/24 Goal: To have PPTP clients connect in and connect to the PF and then have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am assuming) is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I did, attempting to make this work, was to setup the advanced outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. If anyone has tried this or has some insight I would be stoked. Thanks all. -- Wade B Make sure a static route exists on 2.2.2.0/24 to point back to 1.1.1.0./24 if I am reading this correctly. I have not tried this, so YMMV. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] PPTP Ipsec
Scott Ullrich wrote: On 4/29/08, Wade Blackwell [EMAIL PROTECTED] wrote: Good morning PFsense fans, Greetings from the starting to get sunny Northwest. I am not sure if what I am trying can be done or not. In concept I know it's possible but I am not seeing the desired results where the rubber meets the road. Basic setup is this; Network A 1.1.1.1/24 | | | I-netPF---PPTP clients 3.3.3.3/28 | | | IPsec tunnel to 2.2.2.0/24 Goal: To have PPTP clients connect in and connect to the PF and then have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am assuming) is that for the tunnel to come up the PPTP clients to bring the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I did, attempting to make this work, was to setup the advanced outbound NAT allowing all PPTP clients destined for 2.2.2.0/24 to be natted with the interface IP of network A. I am running 1.2-RC2 if that has any bearing. If anyone has tried this or has some insight I would be stoked. Thanks all. -- Wade B Make sure a static route exists on 2.2.2.0/24 to point back to 1.1.1.0./24 if I am reading this correctly. I have not tried this, so YMMV. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Hi I've got a similar setup, a pfsense with ipsec tunnel to a different site. What I did was to setup the pptp clients to use the same ip adresses in the same adress space as the range lan of the pfsense. and setup the ipsec to use the lan subnet.. Only thing is to to have the clients use the pptp server as the gateway, and it works like a charm. My machine is actual virtual, with only one network card(wan), and left the lan as default adapter, just changed the subnet, and setup the pptp server...does the trick though. /F - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Failover problem
I created Ticket #1706 regarding the load-balancing issue. Does anyone have an estimate of how long time before bugs are fixed? Could I do a workarround meanwhile? BTW a nice-to-have feature: NAT rules that apply to multiple interfaces OR en easy way to copy all NAT rules from one IF to another (creating the nessecary firewall rules) Have a nice day! Martin Bill Marquette skrev: On Fri, Apr 25, 2008 at 12:36 AM, Martin Kruse Jensen [EMAIL PROTECTED] wrote: I still need to set the default lan - any rule to use the loadbalancetowan gateway right? correct In http://pastebin.com/f36121457 i didn't but in http://pastebin.com/f10483182 i did change it yep, looks like we aren't installing the reply-to logic on WAN for some reason (probably cause nobody had a setup where machines on wan2 tried to connect to services on wan). Can you file a bug on cvstrac.pfsense.com for this, please? Thanks --Bill Martin Bill Marquette skrev: On Thu, Apr 24, 2008 at 4:22 AM, Martin Kruse Jensen [EMAIL PROTECTED] wrote: The /tmp/rules.debug can be found at http://pastebin.com/m39a0c097 Before getting /tmp/rules.debug i did the following: - Created failover gateway in Services - Load-balancer (loadbalancetowan) - Set the default lan - any rules gateway to loadbalancetowan - Set the firewall rules (created by nat) to use the gateway loadbalancetowan on both WAN's Yeah, don't do that. You need a NAT (rdr/port forward in this case) and filter rule per WAN, but don't change the gateway else you end up with non-sensical rules like: pass in quick on $wan route-to { ( vr0 10.33.56.1 ) } proto tcp from any to main port = 80 keep state label USER_RULE: NAT and pass in quick on $StofaOPT1 route-to { ( vr0 10.33.56.1 ) } proto tcp from any to { 192.168.1.3 } port = 80 keep state label USER_RULE: NAT Stofatest which points the next hop INBOUND for this traffic to vr0 (which is your WAN in this case). ie. the traffic goes back outbound...bad. I still see no reply-to's in the ruleset, so I'm suspecting that we have an issue when dealing with rules on the default gateway, but fix those rules to use the default gateway and give us the output of rules.debug again if you are still having issues. Thanks --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Failover problem
On Wed, Apr 30, 2008 at 1:30 AM, Martin Kruse Jensen [EMAIL PROTECTED] wrote: I created Ticket #1706 regarding the load-balancing issue. Does anyone have an estimate of how long time before bugs are fixed? Could I do a workarround meanwhile? Not sure on a work around, but no bugs will get touched until after BSDCan (unless somebody other than Scott or myself takes them on). I plan to attempt to knock them all out that week (2 weeks from now), once we get our tutorial out of the way. Commercial work and prep for our pfSense tutorial at BSDCan has our plates overflowing until then. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Failover problem
Okay - have a nice time at BSDCan! Martin Chris Buechler skrev: On Wed, Apr 30, 2008 at 1:30 AM, Martin Kruse Jensen [EMAIL PROTECTED] wrote: I created Ticket #1706 regarding the load-balancing issue. Does anyone have an estimate of how long time before bugs are fixed? Could I do a workarround meanwhile? Not sure on a work around, but no bugs will get touched until after BSDCan (unless somebody other than Scott or myself takes them on). I plan to attempt to knock them all out that week (2 weeks from now), once we get our tutorial out of the way. Commercial work and prep for our pfSense tutorial at BSDCan has our plates overflowing until then. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]