Re: [pfSense Support] OpenBGPd raw config edit

[Scott Ullrich]

On Tue, Jun 30, 2009 at 3:12 PM, Aarno Aukia wrote:
> As noted on the "Raw config" site itself, the GUI-configuration is
> ignored as long as there is raw config present. One can empty out the
> raw config and then start using the gui again.

Thanks, that is perfect.   I have to admit that I did not read the
"Raw config" as of yet as I have about 2 pages of TODO's left.

I will commit this patch shortly.

Thanks for the submission!

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] OpenBGPd raw config edit

[Aarno Aukia]

Hi Scott,

On Tue, Jun 30, 2009 at 18:21, Scott Ullrich wrote:
> On Tue, Jun 30, 2009 at 11:58 AM, Aarno Aukia wrote:
>> Hello,
>>
>> Attached is a patch to allow the more experienced BGP admin to edit
>> the raw bgpd.conf in the WebConfigurator.
>>
>> This is against
>> https://rcs.pfsense.org/projects/pfsense-packages/repos/mainline/trees/master/config/openbgpd/.
>
> Hi,
>
> Thanks for this!   One question:  how would you prevent the raw edited
> configuration from automatically be overwritten by the GUI?

As noted on the "Raw config" site itself, the GUI-configuration is
ignored as long as there is raw config present. One can empty out the
raw config and then start using the gui again.

-Aarno
-- 
Aarno Aukia
Atrila GmbH
Switzerland

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[apiase...@midatlanticbb.com]

Curtis Maurand wrote:

[snip]

you need only 2 tunnels for passing 2 subnets from one side to the other

  
I'm only passing one. and this dinky little config shouldn't need paid 
support to happen.






__ Information from ESET NOD32 Antivirus, version of virus 
signature database 4198 (20090629) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
If it's a dinky little config, shouldn't you be able to figure it out??? 
The only way pfsense makes money is through support contracts. I've 
looked into the support contract, and its actually a very good way of 
doing it. As the hours can be used to troubleshoot, config help, all the 
way up to custom code(depending on how long it takes).


$600 is NOTHING compared to what Cisco or any other commercial firewall 
vendor would charge.




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] OpenBGPd raw config edit

[Scott Ullrich]

On Tue, Jun 30, 2009 at 11:58 AM, Aarno Aukia wrote:
> Hello,
>
> Attached is a patch to allow the more experienced BGP admin to edit
> the raw bgpd.conf in the WebConfigurator.
>
> This is against
> https://rcs.pfsense.org/projects/pfsense-packages/repos/mainline/trees/master/config/openbgpd/.

Hi,

Thanks for this!   One question:  how would you prevent the raw edited
configuration from automatically be overwritten by the GUI?

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Eugen Leitl]

On Tue, Jun 30, 2009 at 12:17:39PM -0400, Curtis Maurand wrote:
> 
>[snip]
> 
> you need only 2 tunnels for passing 2 subnets from one side to the other
> 
>   
> 
>I'm only passing one. and this dinky little config shouldn't need paid
>support to happen.

Folks, please try to quote correctly 
http://www.netmeister.org/news/learn2quote.html
Also, please trim messages, and do not top-post.

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Scott Ullrich]

On Tue, Jun 30, 2009 at 12:15 PM, Curtis Maurand wrote:
> I'm not sure $600.00 for a one time thing is worth it.

The time leftover can be used for other situations.   But it appears
your mind is already made up.

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

[snip]


you need only 2 tunnels for passing 2 subnets from one side to the other

  
I'm only passing one. and this dinky little config shouldn't need paid 
support to happen.

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

[snip]

Even more of a reason to consider our offering.   The offering is
there to help eliminate frustration and to offer the best support
possible.

Scott
  
I'm not sure $600.00 for a one time thing is worth it. 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Scott Ullrich]

On Tue, Jun 30, 2009 at 11:58 AM, Curtis Maurand wrote:
[snip]
> I'm pretty frustrated.

Even more of a reason to consider our offering.   The offering is
there to help eliminate frustration and to offer the best support
possible.

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Michael Schuh]

2009/6/30 Curtis Maurand :
> [snip]
>
> yes, exactly this way,
> 2 identical tunnels with different local/remote subnets...
> Other settings are identical
>
>
> a really impotant thing is, that the remote nets are different from
> the liocal nets.
> otherwise it get routing problems
>
>
> Why do I need parallel tunnels when all I need is one?  I need a tunnel from
> 10.201.17.0/28 --> 66.241.41.0/24.  That's it.  Its a Cisco at the other
> end.  The 10.0.1.0/24 is the general LAN and only needs to get out to the
> internet.  That works fine and has been for over a month.  Worse, I'm not
> even talking about the VPN, yet.  I can't even communicate with the OPT1
> interface reliably.  The tunnel is not the problem.  When I go to the webgui
> and ping machines on the subnet at the other end of the tunnel sourcing it
> to the OPT1 interface, the tunnel comes up in a split second and it passes
> traffic quite well with minimal latencies.
>
> Curtis
>
>
>

you need only 2 tunnels for passing 2 subnets from one side to the other


-- 
= = =  m  i  c  h  a  e  l  -  s  c  h  u  h  .  n  e  t  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0177/9738644
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

[snip]

yes, exactly this way,
2 identical tunnels with different local/remote subnets...
Other settings are identical


a really impotant thing is, that the remote nets are different from
the liocal nets.
otherwise it get routing problems
  


Why do I need parallel tunnels when all I need is one?  I need a tunnel 
from 10.201.17.0/28 --> 66.241.41.0/24.  That's it.  Its a Cisco at the 
other end.  The 10.0.1.0/24 is the general LAN and only needs to get out 
to the internet.  That works fine and has been for over a month.  Worse, 
I'm not even talking about the VPN, yet.  I can't even communicate with 
the OPT1 interface reliably.  The tunnel is not the problem.  When I go 
to the webgui and ping machines on the subnet at the other end of the 
tunnel sourcing it to the OPT1 interface, the tunnel comes up in a split 
second and it passes traffic quite well with minimal latencies.


Curtis

[pfSense Support] OpenBGPd raw config edit

[Aarno Aukia]

Hello,

Attached is a patch to allow the more experienced BGP admin to edit
the raw bgpd.conf in the WebConfigurator.

This is against
https://rcs.pfsense.org/projects/pfsense-packages/repos/mainline/trees/master/config/openbgpd/.

Regards,
Aarno
-- 
Aarno Aukia
Atrila GmbH
Switzerland


pfsense-openbgpd-rawconfig.diff
Description: Binary data
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

Scott Ullrich wrote:

[snip]
If you are under those types of time constraints then you really
should consider our commercial support offering.

  
This shouldn't be that difficult.  I've been doing this configuration on 
an OpenRoute GT900 for over a year.  I set it up in a couple of hours.  
I set it up with Vyatta yesterday in less than a day with knowing 
nothing about Vyatta before starting.  This configuration isn't rocket 
science  (the stuff underneath is and my hat is off to you folks)  I've 
been working with pfsense for a number of years and really like the 
product.  I've been working on this configuration on pfsense for couple 
of weeks.  I'm also not the only person having this trouble.  The forums 
are full of these questions with few answers except for the RTFM ones 
and I've read whatever is there which is mostly monowall stuff.


I'm pretty frustrated.

Curtis

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Michael Schuh]

2009/6/30 Michael Schuh :
> 2009/6/30 Scott Ullrich :
>> On Tue, Jun 30, 2009 at 11:46 AM, Curtis Maurand wrote:
>>> It works OK in 1.2.X.   It works even better in 2.0.
>>
>> It really does work in 1.2.X using parallel tunnels.
>>
>> Scott
>>
>> -
>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>> For additional commands, e-mail: support-h...@pfsense.com
>>
>> Commercial support available - https://portal.pfsense.org
>>
>>
>
> yes, exactly this way,
> 2 identical tunnels with different local/remote subnets...
> Other settings are identical
a really impotant thing is, that the remote nets are different from
the liocal nets.
otherwise it get routing problems
-- 
= = =  m  i  c  h  a  e  l  -  s  c  h  u  h  .  n  e  t  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0177/9738644
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Michael Schuh]

2009/6/30 Scott Ullrich :
> On Tue, Jun 30, 2009 at 11:46 AM, Curtis Maurand wrote:
>> It works OK in 1.2.X.   It works even better in 2.0.
>
> It really does work in 1.2.X using parallel tunnels.
>
> Scott
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

yes, exactly this way,
2 identical tunnels with different local/remote subnets...
Other settings are identical


-- 
= = =  m  i  c  h  a  e  l  -  s  c  h  u  h  .  n  e  t  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0177/9738644
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Scott Ullrich]

On Tue, Jun 30, 2009 at 11:46 AM, Curtis Maurand wrote:
> It works OK in 1.2.X.   It works even better in 2.0.

It really does work in 1.2.X using parallel tunnels.

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

Scott Ullrich wrote:

On Tue, Jun 30, 2009 at 11:04 AM, Curtis Maurand wrote:
  

Interesting.  I had wished I could make that scenario work w/ipsec. Alas, no
joy.  I had to set up a vyatta to do it and it worked flawlessly out of the
box.  I didn't need a third NIC port to do it, either.  My thinking is that
BSD doesn't handle virtual interfaces very well.  *sigh*  I like pfsense
better, otherwise.



  

[ couldn't really snip the above]


It works OK in 1.2.X.   It works even better in 2.0.
  


not working in 1.2.2 and 2.0 (according to the website) is alpha and, 
therefore, not ready for production use.  This is an enterprise 
environment.  Its got to work and be stable.


--Curtis

Re: [pfSense Support] openVPN to OPT1 interface

[Scott Ullrich]

On Tue, Jun 30, 2009 at 11:39 AM, Curtis Maurand wrote:
[snip]
> Unless I can get good communication going today, vyatta gets the nod at 5:00
> pm.

If you are under those types of time constraints then you really
should consider our commercial support offering.

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

I have configured 2 IPSEC-VPN-Tunnels between 2 Boxes for such a scenario.
Works like a charm.

michael

  
I had two subnets.  I had machines on both subnets.  The opt1 interface 
could not be pinged and was generally dropping packets.  If I can't 
communicate locally with some sort of reliability, How am I supposed to 
make it work accross a VPN?


config  pfsense 1.2.2

em1 outside:  24.39.nn.nn/28
em2 inside: 10.0.1.1/24
rl0 opt1 : 10.201.17.1/28

linux
eth0 10.0.1.210
eth0:1 10.201.17.5/28

Windows machine
IP Address. . . . . . . . . . . . : 10.201.17.4
Subnet Mask . . . . . . . . . . . : 255.255.255.240
IP Address. . . . . . . . . . . . : 10.0.1.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.1.10


other end.  peer 66.241.43.nnn
tunneled net: 66.241.41.0/24

I also had a windows box with the dual ips on it and a route to the 
66.41.241.0 net via the opt1 address.


With or without the VPN enabled I cannot ping the OPT1  from the windows 
machine at all.  I have a rule that passes traffic from any source with 
the destination set to the opt1 interface and an opposite rule and still 
no joy from the windows machine.  From a linux virtual machine, I seem 
to be able to ping it, but reponses don't happen at regular intervals 
even though it shows the latency as being low.  From a real linux 
machine, I'm getting 96% packet loss.  That kind of inconsistency 
doesn't exactly give me the warm and fuzzies.  There are no VLANs set up 
nor are VLANs possible on our network.  the opt1 interface and em1 are 
plugged into switch ports that aren't on the same switch, but on the 
same LAN.  There's a problem, here and I think its related to BSD, not 
pfsense.  Vyatta is using the same VPN tools on Linux, but Linux handle 
virtual interfaces differently, I'm sure.


The Sr. VP is coming down on me to get a 2nd internet connection that 
only supporting the VPN shut down.


Unless I can get good communication going today, vyatta gets the nod at 
5:00 pm.



Curtis

Re: [pfSense Support] openVPN to OPT1 interface

[Scott Ullrich]

On Tue, Jun 30, 2009 at 11:04 AM, Curtis Maurand wrote:
>
> Interesting.  I had wished I could make that scenario work w/ipsec. Alas, no
> joy.  I had to set up a vyatta to do it and it worked flawlessly out of the
> box.  I didn't need a third NIC port to do it, either.  My thinking is that
> BSD doesn't handle virtual interfaces very well.  *sigh*  I like pfsense
> better, otherwise.

It works OK in 1.2.X.   It works even better in 2.0.

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Michael Schuh]

2009/6/30 Curtis Maurand :
>
> Interesting.  I had wished I could make that scenario work w/ipsec. Alas, no
> joy.  I had to set up a vyatta to do it and it worked flawlessly out of the
> box.  I didn't need a third NIC port to do it, either.  My thinking is that
> BSD doesn't handle virtual interfaces very well.  *sigh*  I like pfsense
> better, otherwise.
>
> Curtis
>
>
> jose thomas wrote:
>
> Thank you Scott, it solves my problem with routing.
>
> Thanks again for your time
> -Jose
>
> On Sat, Jun 27, 2009 at 10:14 PM, Scott Ullrich  wrote:
>>
>> On Sat, Jun 27, 2009 at 6:22 AM, jose thomas wrote:
>> > Hi there,
>> >
>> > In our data center, we have two pfsense 1.2.2 boxes with two subnets
>> > behind
>> > the NAT.
>> > The OPT1 interfaces are been using for the inter communication between
>> > the
>> > two lan
>> > subnets owned by the two pfsense boxes. We have a configured openVPN for
>> > the
>> > two
>> > WAN interfaces.
>> >
>> > The problem is that from outside anybody connects to one of the pfsense
>> > box
>> > thgough
>> > openVPN, they are not able to access the other subnet which is under the
>> > other
>> > pfsense box which is connected through the OPT1 interfaces between.
>> >
>> > How can I add specific rule set (or any other config change) to instruct
>> > that the other
>> > subnet address destinations coming from openVPN clients has to pass
>> > though
>> > the OPT1 interface instead of the LAN interface of pfsense? Or
>> > inotherwords,
>> > how to
>> > add one more network and gateway to the openVPN connection?
>> >
>> > I ran out of ideas how to solve this. Really appreatiate any help in
>> > this
>> > regard
>>
>> If memory serves me correctly you need to tell openvpn to push the
>> routes.   Google openvpn push routes.
>>
>> Scott
>>
>> -
>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>> For additional commands, e-mail: support-h...@pfsense.com
>>
>> Commercial support available - https://portal.pfsense.org
>>
>
>
>
> --
> Mobile: +971-50-9943477
> Office: +971-4-4370703 x 402
> Residence: +971-4-2232044
>
>
>

I have configured 2 IPSEC-VPN-Tunnels between 2 Boxes for such a scenario.
Works like a charm.

michael


-- 
= = =  m  i  c  h  a  e  l  -  s  c  h  u  h  .  n  e  t  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0177/9738644
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[Curtis Maurand]

Interesting.  I had wished I could make that scenario work w/ipsec. 
Alas, no joy.  I had to set up a vyatta to do it and it worked 
flawlessly out of the box.  I didn't need a third NIC port to do it, 
either.  My thinking is that BSD doesn't handle virtual interfaces very 
well.  *sigh*  I like pfsense better, otherwise.


Curtis


jose thomas wrote:

Thank you Scott, it solves my problem with routing.

Thanks again for your time
-Jose

On Sat, Jun 27, 2009 at 10:14 PM, Scott Ullrich > wrote:


On Sat, Jun 27, 2009 at 6:22 AM, jose thomasmailto:tk.j...@gmail.com>> wrote:
> Hi there,
>
> In our data center, we have two pfsense 1.2.2 boxes with two
subnets behind
> the NAT.
> The OPT1 interfaces are been using for the inter communication
between the
> two lan
> subnets owned by the two pfsense boxes. We have a configured
openVPN for the
> two
> WAN interfaces.
>
> The problem is that from outside anybody connects to one of the
pfsense box
> thgough
> openVPN, they are not able to access the other subnet which is
under the
> other
> pfsense box which is connected through the OPT1 interfaces between.
>
> How can I add specific rule set (or any other config change) to
instruct
> that the other
> subnet address destinations coming from openVPN clients has to
pass though
> the OPT1 interface instead of the LAN interface of pfsense? Or
inotherwords,
> how to
> add one more network and gateway to the openVPN connection?
>
> I ran out of ideas how to solve this. Really appreatiate any
help in this
> regard

If memory serves me correctly you need to tell openvpn to push the
routes.   Google openvpn push routes.

Scott

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com

For additional commands, e-mail: support-h...@pfsense.com


Commercial support available - https://portal.pfsense.org




--
Mobile: +971-50-9943477
Office: +971-4-4370703 x 402
Residence: +971-4-2232044

RE: [pfSense Support] Traffic Shapping : High priority on particular port

[Bastien DARMON]

Thanks Chris,

The architecture is as follow: 

One pfsense main router at our Head Office, and some pfsense routers at our 
remote branches.
A VPN is connecting our branches to our Head Office, and many applications are 
running through it: Among all the traffic, we'd only like to prioritize the 
traffic on port 5000 on the VPN.

I've done it already on Linux using iptables and tc class and was wondering if 
I could do the same with pfsense using the WebInterface.

Regards,

Bastien 

-Message d'origine-
De : Chris Buechler [mailto:cbuech...@gmail.com] 
Envoyé : Monday, June 29, 2009 8:16 PM
À : support@pfsense.com
Objet : Re: [pfSense Support] Traffic Shapping : High priority on particular 
port


On Mon, Jun 29, 2009 at 1:58 PM, Bastien DARMON wrote:
>
>
> Hello,
>
> Is there a way, in pfsense, to give the highest priority over the rest of
> the traffic to an application running on a particular port?
>

You can shape this just like anything else, with the caveat that it
falls into the group of all traffic between LAN and WAN. Sounds like
that's fine for this purpose. Just setup the queues as desired and add
a rule to put that traffic into the appropriate queue.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

---
Orange vous informe que cet  e-mail a ete controle par l'anti-virus mail. 
Aucun virus connu a ce jour par nos services n'a ete detecte.






-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] openVPN to OPT1 interface

[jose thomas]

Thank you Scott, it solves my problem with routing.

Thanks again for your time
-Jose

On Sat, Jun 27, 2009 at 10:14 PM, Scott Ullrich  wrote:

> On Sat, Jun 27, 2009 at 6:22 AM, jose thomas wrote:
> > Hi there,
> >
> > In our data center, we have two pfsense 1.2.2 boxes with two subnets
> behind
> > the NAT.
> > The OPT1 interfaces are been using for the inter communication between
> the
> > two lan
> > subnets owned by the two pfsense boxes. We have a configured openVPN for
> the
> > two
> > WAN interfaces.
> >
> > The problem is that from outside anybody connects to one of the pfsense
> box
> > thgough
> > openVPN, they are not able to access the other subnet which is under the
> > other
> > pfsense box which is connected through the OPT1 interfaces between.
> >
> > How can I add specific rule set (or any other config change) to instruct
> > that the other
> > subnet address destinations coming from openVPN clients has to pass
> though
> > the OPT1 interface instead of the LAN interface of pfsense? Or
> inotherwords,
> > how to
> > add one more network and gateway to the openVPN connection?
> >
> > I ran out of ideas how to solve this. Really appreatiate any help in this
> > regard
>
> If memory serves me correctly you need to tell openvpn to push the
> routes.   Google openvpn push routes.
>
> Scott
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 
Mobile: +971-50-9943477
Office: +971-4-4370703 x 402
Residence: +971-4-2232044

Re: [pfSense Support] Traffic Shapping : High priority on particular port

[Simon Nayan]

Thanks for your answer.

We are currently running many application through the VPN. There is a 
particular one running on port 5000 that I would like to prioritize.


Simon Nayan
Systems & Network Administrator
Advans Savings & Loans Limited
Phone : 021 251322
Mobile :0244480642
email :sna...@advansghana.com
skype:simonnayan

- Original Message -
From: "Chris Buechler" 
To: support@pfsense.com
Sent: Monday, June 29, 2009 6:40:01 PM GMT +00:00 Casablanca / Monrovia
Subject: Re: [pfSense Support] Traffic Shapping : High priority on particular  
port

On Mon, Jun 29, 2009 at 1:58 PM, Bastien DARMON wrote:
>
>
> Hello,
>
> Is there a way, in pfsense, to give the highest priority over the rest of
> the traffic to an application running on a particular port?
>

You can shape this just like anything else, with the caveat that it
falls into the group of all traffic between LAN and WAN. Sounds like
that's fine for this purpose. Just setup the queues as desired and add
a rule to put that traffic into the appropriate queue.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Statically-defined DHCP clients with dynamic addressing not entered into DNS

[Chris Buechler]

On Mon, Jun 29, 2009 at 3:57 PM, Ian Levesque wrote:
>
> On Jun 26, 2009, at 2:00 PM, Ian Levesque wrote:
>
>> We're running DHCP and DNS on a pair of CARPed pfSense 1.2.1 boxen. Other
>> than the fact that they don't sync DCHP entries, it's been working OK for
>> us. However, we've currently got them configured to assign static IPs to
>> specific MACs, and that's becoming difficult to manage. We'd prefer to add
>> an entry for each host's MAC and a hostname, but omit the IP address
>> assignment. While we can do this currently - said hosts do receive an IP
>> address is the dynamic pool - the hosts' hostname fails to be assigned in
>> DNS. Remember, statically-assigned IP hosts (hence, hosts added to
>> /etc/hosts) DO get added to DNS.
>
>
> I'm surprised that nobody seems to have DHCP/DNS configured with your
> clients allocated IP addresses from a dynamic pool. This seems like a pretty
> simple use case.
>

Not sure of the cause, but you can probably find the answer by looking
into dnsmasq and dhcpd. Those configs are in /var/etc/

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org