Re: [pfSense Support] Re: Can captive portal authenticate based on windows login
i believe the barracuda does this only when the outlook plugin has been downloaded - i could be wrong however but at least that is our experience thusfar. - actually there is one other time - when they are part of a windows network and ldap is involved already... On Apr 22, 2009, at 12:52 AM, Curtis LaMasters wrote: 's Web Filter does this. I know you have to install a DC client on the domain controllers that key's off of event log logins/offs and reports to the filter. Probably not what you need but it's an option. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Can captive portal authenticate based on windows login
Barracuda bases logins 100% on IP address when used as a transparent proxy. User opens browser and looks at google.com, the barracuda gets IP information from the Audit of login/logout on the domain controller and associates a users. The barracuda checks the user against a group and then allows or denies them access to the destination. 100% IP address, no plugin required. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Apr 22, 2009 at 1:00 AM, Glenn Kelley gl...@typo3usa.com wrote: i believe the barracuda does this only when the outlook plugin has been downloaded - i could be wrong however but at least that is our experience thusfar. - actually there is one other time - when they are part of a windows network and ldap is involved already... On Apr 22, 2009, at 12:52 AM, Curtis LaMasters wrote: 's Web Filter does this. I know you have to install a DC client on the domain controllers that key's off of event log logins/offs and reports to the filter. Probably not what you need but it's an option. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Re: Can captive portal authenticate based on windows login
-Original Message- From: Curtis LaMasters [mailto:curtislamast...@gmail.com] Sent: Wednesday, April 22, 2009 2:18 AM To: support@pfsense.com Subject: Re: [pfSense Support] Re: Can captive portal authenticate based on windows login Barracuda bases logins 100% on IP address when used as a transparent proxy. User opens browser and looks at google.com, the barracuda gets IP information from the Audit of login/logout on the domain controller and associates a users. The barracuda checks the user against a group and then allows or denies them access to the destination. 100% IP address, no plugin required. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com I use websense for this now and it work great as far as automatically logging via windows username. It does the same thing i think. The problem is that if a person is not logged into windows with a specific username, it blocks all requests. ( I can configure it to et them through , but that really defeats the purpose. ) I want a way to let a guest authenticate with a password that I can give them and have normal users automatically authenticate. I will have to play with ISA this weekend. I will probably set up a VM at my house this weekend. I can always use that and put pfsense ahead of it. Unfortunatly all I have is ISA 2004, but if it works well, I don't mind buying 2006. On Wed, Apr 22, 2009 at 1:00 AM, Glenn Kelley gl...@typo3usa.com wrote: i believe the barracuda does this only when the outlook plugin has been downloaded - i could be wrong however but at least that is our experience thusfar. - actually there is one other time - when they are part of a windows network and ldap is involved already... On Apr 22, 2009, at 12:52 AM, Curtis LaMasters wrote: 's Web Filter does this. I know you have to install a DC client on the domain controllers that key's off of event log logins/offs and reports to the filter. Probably not what you need but it's an option. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ NOD32 3834 (20090206) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense based on -STABLE or -CURRENT
Hi, i need a pfSense based on 7-STABLE (better) or -CURRENT, to have working usb support for apple usb2ethernet device. Is it possible to do? Or can i make a patchetd and personalized kernel on pfSense? tnx in advance, -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense based on -STABLE or -CURRENT
On Wed, Apr 22, 2009 at 9:42 AM, Cristiano Deana cristiano.de...@gmail.com wrote: Hi, i need a pfSense based on 7-STABLE (better) or -CURRENT, to have working usb support for apple usb2ethernet device. Is it possible to do? Or can i make a patchetd and personalized kernel on pfSense? I will email you off list a link to a FreeBSD 8 version. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] sipproxd with pfSense on EMBEDDED.
Has anyone here successfully run sipproxd on embedded pfSense? Reading through the sipproxd how-to docs I don't see any mention of embedded, which usually means (and correct me if I'm wrong) the full version. We don't run the full version in many our locations because of the higher expected reliability and low power consumption of embedded, but unfortunately (as most are aware) this also means dealing with known issues with pfSense and NAT traversal (specifically RTP streams successfully traversing NAT when using SIP for VoIP). We run 1:1 nat on a fixed IP, where possible, but of course this is not always possible. Does anyone have any experience with sipproxd on embedded? If sipproxd will NOT work on embedded, I would very much like to cast my informed vote for a sip proxy rolled into the embedded release of pfSense 1.3. I think it would make pfSense a stronger (even obvious) choice as a perimeter firewall in many 'long tail' niches as SIP marches steadily forward as a preferred protoclol in the VoIP world. -Karl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sipproxd with pfSense on EMBEDDED.
embedded does not use packages as the point of embedded was for CompactFlash installs where users will not want active read/writes since it may/will kill off the media faster. If you need to use packages, then you need to install the full version, prefereably on a Hard Drive. -- From: Karl Fife karlf...@gmail.com Sent: Wednesday, April 22, 2009 4:31 PM To: support@pfsense.com Subject: [pfSense Support] sipproxd with pfSense on EMBEDDED. Has anyone here successfully run sipproxd on embedded pfSense? Reading through the sipproxd how-to docs I don't see any mention of embedded, which usually means (and correct me if I'm wrong) the full version. We don't run the full version in many our locations because of the higher expected reliability and low power consumption of embedded, but unfortunately (as most are aware) this also means dealing with known issues with pfSense and NAT traversal (specifically RTP streams successfully traversing NAT when using SIP for VoIP). We run 1:1 nat on a fixed IP, where possible, but of course this is not always possible. Does anyone have any experience with sipproxd on embedded? If sipproxd will NOT work on embedded, I would very much like to cast my informed vote for a sip proxy rolled into the embedded release of pfSense 1.3. I think it would make pfSense a stronger (even obvious) choice as a perimeter firewall in many 'long tail' niches as SIP marches steadily forward as a preferred protoclol in the VoIP world. -Karl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sipproxd with pfSense on EMBEDDED.
Including sipproxd in the embedded platform could be a good fit because it's fundamentally NOT a resource intensive service (unlike some packages (snort) which would exhaust the limited resources on embedded even if it were an option). -K - Original Message - From: Sean Cavanaugh millenia2...@hotmail.com To: support@pfsense.com Sent: Wednesday, April 22, 2009 3:58 PM Subject: Re: [pfSense Support] sipproxd with pfSense on EMBEDDED. embedded does not use packages as the point of embedded was for CompactFlash installs where users will not want active read/writes since it may/will kill off the media faster. If you need to use packages, then you need to install the full version, prefereably on a Hard Drive. -- From: Karl Fife karlf...@gmail.com Sent: Wednesday, April 22, 2009 4:31 PM To: support@pfsense.com Subject: [pfSense Support] sipproxd with pfSense on EMBEDDED. Has anyone here successfully run sipproxd on embedded pfSense? Reading through the sipproxd how-to docs I don't see any mention of embedded, which usually means (and correct me if I'm wrong) the full version. We don't run the full version in many our locations because of the higher expected reliability and low power consumption of embedded, but unfortunately (as most are aware) this also means dealing with known issues with pfSense and NAT traversal (specifically RTP streams successfully traversing NAT when using SIP for VoIP). We run 1:1 nat on a fixed IP, where possible, but of course this is not always possible. Does anyone have any experience with sipproxd on embedded? If sipproxd will NOT work on embedded, I would very much like to cast my informed vote for a sip proxy rolled into the embedded release of pfSense 1.3. I think it would make pfSense a stronger (even obvious) choice as a perimeter firewall in many 'long tail' niches as SIP marches steadily forward as a preferred protoclol in the VoIP world. -Karl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] bridging 2 networks with pfsense+openvpn
Hi I have 2 pfsense boxes, one embedded on each side of the atlantic ocean. They connect fine, but i can't contact any of the other side, both side have the pfsense as a primary gw. network 192.168.1.0/24 Box local is 192.168.1.241 Box remote is 192.168.1.242 I can only reach the other box with a ssh login to one of the boxes and use ssh to the other box's ipaddress on the tun adapter. Do I need fw rules, or am I missing some commands? -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] bridging 2 networks with pfsense+openvpn
Just looking at this quickly... looks like you are trying to route two networks without having two networks. What I mean is you have the same subnet for both of your networks, so the pfsense boxes don't know whether to route internally or push to the other pfsense box. You need a separate subnet for each physical network so that routing can occur. I may be reading your setup wrong - but that's what it looks like to me. -Tim -Original Message- From: Brian Josefsen [mailto:josef...@sjovedyr.dk] Sent: Wednesday, April 22, 2009 3:22 PM To: support@pfsense.com Subject: [pfSense Support] bridging 2 networks with pfsense+openvpn Hi I have 2 pfsense boxes, one embedded on each side of the atlantic ocean. They connect fine, but i can't contact any of the other side, both side have the pfsense as a primary gw. network 192.168.1.0/24 Box local is 192.168.1.241 Box remote is 192.168.1.242 I can only reach the other box with a ssh login to one of the boxes and use ssh to the other box's ipaddress on the tun adapter. Do I need fw rules, or am I missing some commands? -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bridging 2 networks with pfsense+openvpn
2009/4/23 Tim Dickson tdick...@calistogaranch.com: Just looking at this quickly... looks like you are trying to route two networks without having two networks. What I mean is you have the same subnet for both of your networks, so the pfsense boxes don't know whether to route internally or push to the other pfsense box. You need a separate subnet for each physical network so that routing can occur. I may be reading your setup wrong - but that's what it looks like to me. -Tim I thought i could bridege the two networks together this way. But what you're saying, if I change one of the networks, I can route in between them and connect from lan client to another lan client? -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] bridging 2 networks with pfsense+openvpn
Yes, you'll push the two networks across. It's how I've set it up... maybe someone else has more ideas here. You may be able to do some custom routing the other way - but two subnets will work. -Original Message- From: Brian Josefsen [mailto:josef...@sjovedyr.dk] Sent: Wednesday, April 22, 2009 4:32 PM To: support@pfsense.com Subject: Re: [pfSense Support] bridging 2 networks with pfsense+openvpn 2009/4/23 Tim Dickson tdick...@calistogaranch.com: Just looking at this quickly... looks like you are trying to route two networks without having two networks. What I mean is you have the same subnet for both of your networks, so the pfsense boxes don't know whether to route internally or push to the other pfsense box. You need a separate subnet for each physical network so that routing can occur. I may be reading your setup wrong - but that's what it looks like to me. -Tim I thought i could bridege the two networks together this way. But what you're saying, if I change one of the networks, I can route in between them and connect from lan client to another lan client? -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bridging 2 networks with pfsense+openvpn
2009/4/23 Tim Dickson tdick...@calistogaranch.com: Yes, you'll push the two networks across. It's how I've set it up... maybe someone else has more ideas here. You may be able to do some custom routing the other way - but two subnets will work. Thank you. Will try that when i return to the EU. I just thought bridging was possible. Will post results -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1.2.3-RC1 released!
Info here: http://blog.pfsense.org/?p=428 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC1 released!
THANK YOU!!! Running to test on a system or two including my Firebox X500 --Tim Chris Buechler wrote: Info here: http://blog.pfsense.org/?p=428 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC1 released!
On Wed, Apr 22, 2009 at 10:36 PM, Tim Nelson tnel...@fudnet.net wrote: THANK YOU!!! Running to test on a system or two including my Firebox X500 --Tim Chris Buechler wrote: Info here: http://blog.pfsense.org/?p=428 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Thank you. :) -- It is human nature to think wisely and act in an absurd fashion. Todo el desorden del mundo proviene de las profesiones mal o mediocremente servidas
Re: [pfSense Support] bridging 2 networks with pfsense+openvpn
I do agree with Tim. You need two different subnets. On Wed, Apr 22, 2009 at 7:31 PM, Tim Dickson tdick...@calistogaranch.com wrote: Just looking at this quickly... looks like you are trying to route two networks without having two networks. What I mean is you have the same subnet for both of your networks, so the pfsense boxes don't know whether to route internally or push to the other pfsense box. You need a separate subnet for each physical network so that routing can occur. I may be reading your setup wrong - but that's what it looks like to me. -Tim -Original Message- From: Brian Josefsen [mailto:josef...@sjovedyr.dk] Sent: Wednesday, April 22, 2009 3:22 PM To: support@pfsense.com Subject: [pfSense Support] bridging 2 networks with pfsense+openvpn Hi I have 2 pfsense boxes, one embedded on each side of the atlantic ocean. They connect fine, but i can't contact any of the other side, both side have the pfsense as a primary gw. network 192.168.1.0/24 Box local is 192.168.1.241 Box remote is 192.168.1.242 I can only reach the other box with a ssh login to one of the boxes and use ssh to the other box's ipaddress on the tun adapter. Do I need fw rules, or am I missing some commands? -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bridging 2 networks with pfsense+openvpn
You don't *have* to have two subnets, you can bridge OpenVPN, but it's a bit convoluted, not documented well (yet), and generally I don't recommend it. You rarely want broadcast traffic traversing a VPN. On Wed, Apr 22, 2009 at 6:22 PM, Brian Josefsen josef...@sjovedyr.dk wrote: Hi I have 2 pfsense boxes, one embedded on each side of the atlantic ocean. They connect fine, but i can't contact any of the other side, both side have the pfsense as a primary gw. network 192.168.1.0/24 Box local is 192.168.1.241 Box remote is 192.168.1.242 I can only reach the other box with a ssh login to one of the boxes and use ssh to the other box's ipaddress on the tun adapter. Do I need fw rules, or am I missing some commands? -- Med venlig hilsen / Best regards Brian Josefsen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] 1.2.3-RC1 released!
Tim, See http://forum.pfsense.org/index.php?topic=15669 if you have issues with the Firebox. I'm collecting as much data as I can from those that are having issues. Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Tim Nelson [mailto:tnel...@fudnet.net] Sent: Wednesday, April 22, 2009 8:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] 1.2.3-RC1 released! THANK YOU!!! Running to test on a system or two including my Firebox X500 --Tim Chris Buechler wrote: Info here: http://blog.pfsense.org/?p=428 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature