Re: [pfSense Support] Public ip bgp routing
Hello, On Mon, Oct 19, 2009 at 19:45, Nathan Eisenberg nat...@atlasnetworks.us wrote: But the BGP implementation in PFSense needs further development - the web interface for it has bugs, and I'm not sure if the daemon recognizes iBGP vs eBGP (same AS# vs external), or public AS numbers vs Private. Route reflectors are also incredibly useful in the BGP world - and they're nowhere to be found in the implementation. OpenBGPd knows all of it, the pfsense gui supports them in the raw config-mode (but you need to read bgpd.conf(5)). And what good is a border gateway protocol (BGP) without an internal gateway protocol (IGP) to manage the internal routing? And no, RIP doesn't count as an IGP these days. :-) OpenOSPF is on my task-/wishlist... -Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Login with email address + curl don't work in local
This message is the same than : http://forum.pfsense.org/index.php/topic,19926.0.html Hi pfSense users! I'm new to pfSense and want to customize the captive portal. I want it to do a simple thing: users on the LAN are redirected to the captive portal which ask them for their email address. If the address is valid, they are logged-in, else a message warn them of invalid email address. I created login.php, a simple form which auto-post $PORTAL_REDIRURL$ and $PORTAL_ACTION$ (they are not replaced in another php-only page). It seems that I cannot execute php script more than ~200 bytes long in login.php: the start of them is interpreted, and after a certain point, script content is outputed as-is in the html source. It's why it splitted the code into 2 php files: form name=login_form method=post action=captiveportal-login.php input type=hidden name=portal_redirurl value=$PORTAL_REDIRURL$ input type=hidden name=portal_action value=$PORTAL_ACTION$ input type=submit /form script language=JavaScript login_form.submit(); /script I want the second file, *captiveportal-login.php* to ask for the email address, and connect as a defined user (ie: guest). I think the better way to do this is that the script itself check email address and post to $PORTAL_ACTION$. Here is the simplified code of *captiveportal-login.php*: if (!isset($_POST[email])) { showLoginForm($portal_action, $portal_redirurl); die(); } // Got a mail address $email = trim($_POST[email]); // If email if invalid, shows a failure message if (!validEmail($email)) { showLoginForm($portal_action, $portal_redirurl, 'HTMLThe mail you entered is invalid!'); die(); } // Got a valid email, post user and password to the portal login form //* echo server respond: . Post($portal_action , auth_user=guestauth_pass=passw0rdredirurl=$portal_redirurlaccept=Continue); //** /** Validate an email address. Provide email address (raw input) Returns true if the email address has the email address format and the domain exists. */ function validEmail($email) { [... check email and set result in $isValid] return $isValid; } /** * Shows the login form */ function showLoginForm($portal_action, $portal_redirurl, $message = ) { echo ' h2Login/h2 p Please enter your email address to log-in to the portal.br / b' . $message . '/b /p p form method=POST action=captiveportal-login.php Email address: input type=text name=email input type=hidden name=portal_action value=' . $portal_action . ' input type=hidden name=portal_redirurl value=' . $portal_redirurl . ' input type=submit value=Connect /form /p'; } /** * POST content to a page */ function Post($url, $post) { $ch = curl_init($url); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); $result = curl_exec ($ch); curl_close ($ch); return $result; } ? My problem come from the Post function: I tried curl, fopen, readfile, exec(curl)... It can post to and get the response from an external page, but when I try getting $PORTAL_ACTION$ (for me *http://1.2.3.4:8000*) I get an error saying that the destination is unreacheable or a timeout, or simply nothing (instead exec('ls') shows me a result). Do you think this code is the best way to do email-authentification? Do you know why curl sucks so much in local? Thanks for your help !
Re: [pfSense Support] Filter Rules for OpenVPN connections
Andreas Fuchs wrote: I upgraded to 1.2.3 RC3 today. I'm now able to crate an interface on my tun1 for the OpenVPN, after a reboot the coneection is working. But the filter rules don't work. Based on the description i set the interface to a bridging interface to my LAN, but that way the network connection works but a deny everithing rule does not work nor log something. Don't do that. Then i changed the interface to non bridging with an ip of 192.168.15.1 (which is the ip of tun1) also here network connection is fine, but filter rules don't work. Don't do that either. :-) What am i doeing worng? Save/apply at each step where needed. #1: Go to system advanced, check Disable all auto-added vpn rules #2: Manually add in rules on WAN to allow your VPN peers to connect to the appropriate ports #3: Assign OpenVPN interface as an OPT #4: Enable this opt interface, rename if you want, and put 'none' in for the IP #5: Add your firewall rules to the OPT interface tab That should do the trick. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] traffic shaper multiwan
Hi, I have traffic shaper issue (that will be for the most of us). I have one SDSL 1/1mbit, and one VDSL PPPoE connection (as thus, this is the WAN, and the SDSL being the OPT1). When using the traffic shaper wizard, and defining the SDSL (OPT1) as being 1024/1024 - it also shapes my VDSL to a 1024/1024 channel... which is not my intention ofcourse ! Is there a way to circumvent this, by modifying some parameters ? I already asked a question (some time ago) for manually adding shaping-rules, and someone implied by using the full URL that you get after the wizard... but this just tumbles me into the wizard again :) I am using the SDSL mainly for terminal-server traffic, and due to the fixed ip-adress, as an SMTP server as well... so I want to lower the needed speed of my SMTP server to a 256/256 (or something). Any clues someone... or is this also a 2.0 related matter :) (then I will have patience) Kind regards, Michel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Public ip bgp routing
Nathan, Your in seattle? HAve you setup BGP on pfsense? -chris flugstad Nathan Eisenberg wrote: -Original Message- From: Aarno Aukia [mailto:aarnoau...@gmail.com] Sent: Tuesday, October 20, 2009 12:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Public ip bgp routing Hello, OpenOSPF is on my task-/wishlist... -Aarno -- Aarno Aukia Atrila GmbH Switzerland Then you are my new favorite person. Once implemented, you will have a free beer anytime you visit Seattle, USA. :-) Best Regards, Nathan Eisenberg - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org