Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN
tort...@paradise.net.nz schreef: Hi Can multiple file names be specified for diskless boot on LAN functionality in pfSense on the same LAN? (e.g. thin clients and fat clients from same or different servers on same LAN) No, this is not possible. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
AW: [pfSense Support] do we support ipsec-nat ?
On Mon, Oct 26, 2009 at 9:31 AM, Fuchs, Martin martin.fu...@trendchiller.com wrote: Hi ! Do we support IPsec-NAT ? -Ursprüngliche Nachricht- Von: cbuech...@gmail.com [mailto:cbuech...@gmail.com] Im Auftrag von Chris Buechler Gesendet: Dienstag, 27. Oktober 2009 00:42 An: support@pfsense.com Betreff: Re: [pfSense Support] do we support ipsec-nat ? No, PF can't do it. See a recent thread on freebsd-net for details. Hmmm, thats bad... So i really have to take a cisco device for this one gateway :-( but our main firewall stays pfsense ;-) Are there any planst o ever support this ? Do you have the link oft he thread ? Thanks a lot... martin - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Site to Site VPN
Hi ! Have a two location and both sites use pfsense 1.2.2 I want to site to site vpn A location and B location I use http://doc.pfsense.org/index.php/VPN_Capability_IPSec this site I need a firewall rule and vpn settings -screenshot pfsense Can you help me plese I
Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN
- Original Message - From: Seth Mos seth@xs4all.nl To: support@pfsense.com Sent: Tuesday, October 27, 2009 8:08 PM Subject: Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN tort...@paradise.net.nz schreef: Hi Can multiple file names be specified for diskless boot on LAN functionality in pfSense on the same LAN? (e.g. thin clients and fat clients from same or different servers on same LAN) No, this is not possible. Regards, Seth Thanks Seth Mmm well one can still do it one per LAN. I wonder if using VLANs might give more scope? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Site to Site VPN
Thank you Johan Hendriks and Abdulrehmana lot of thanks for your help thank you again On Tue, Oct 27, 2009 at 12:44 PM, Johan Hendriks j.hendr...@schavemaker.com wrote: Abdulrehman schreef: I also followed the same how to and had no issues..attached it the image of firewall rule for IPSEC...I have allowed all ip traffic...you can customize itits very simple.. On Tue, Oct 27, 2009 at 1:16 PM, Koray AGAYA insanad...@gmail.com insanad...@gmail.com wrote: Hi ! Have a two location and both sites use pfsense 1.2.2 I want to site to site vpn A location and B location I use http://doc.pfsense.org/index.php/VPN_Capability_IPSec this site I need a firewall rule and vpn settings -screenshot pfsense Can you help me plese I -- -- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Why do you have 2 rules that do exactly the same, the only difference is the comment. The first rule say Allow all protocols, from all source, from all ports, to all destination, to all ports, througt the default gateway. The second rule does the same thing. @ topic starter i do not know you config, but i try to explain fill in your own network data Site one Local IP network : 192.168.0.0 / 24 public ipadres : 80.80.80.80 Site two Local IP network 192.168.1.0 / 24 public ipadres: 90.90.90.90 SITE ONE CONFIG IPSEC Interface WAN Localsubnet:type Network address 192.168.0.0 / 24 Remote subnet: 192.168.1.0 / 24 Remote Gateway: 90.90.90.90 Decription: ipsec tunnel 1 Negotiation mode: aggressive My identifier:My IP address Encryption algorithm: Blowfish Hash algorithm:MD5 DH key group:2 lifetime:86400 Authentication method: Pre-shared key Pre-Shared Key:your-key-in-text Certificate: NONE KEY: NONE peer certificate NONE Phase 2 proposal (SA/Key Exchange) protocol: ESP Encryption algorithms: select Blowfish Hash algorithms: select MD5 PFS key group: 2 Lifetime: 86400 Automatically ping host: ipadres of server in 192.168.1.0 network SITE TWO CONFIG IPSEC Site one ipsec config Interface WAN Localsubnet:type Network address 192.168.1.0 / 24 Remote subnet: 192.168.0.0 / 24 Remote Gateway: 80.80.80.80 Decription: ipsec tunnel 1 Negotiation mode: aggressive My identifier:My IP address Encryption algorithm: Blowfish Hash algorithm:MD5 DH key group:2 lifetime:86400 Authentication method: Pre-shared key Pre-Shared Key:your-key-in-text Certificate: NONE KEY: NONE peer certificate NONE Phase 2 proposal (SA/Key Exchange) protocol: ESP Encryption algorithms: select Blowfish Hash algorithms: select MD5 PFS key group: 2 Lifetime: 86400 Automatically ping host: ipadres of server in 192.168.0.0 network And on both sides use a rule on the ipsec interface that allows all form all etc. You must use different subnets on each side of the tunnel. Hope this helps regards, -- ___ *Johan Hendriks* *Schavemaker Transport* Tel: +31 (0)251 229098 Fax: +31 (0)251 212016 email: j.hendr...@schavemaker.com web: http://www.schavemaker.com ___ *Confidentiality Notice: The information in this document may be confidential. It is intended only for the use of the named recipient. If you are not the intended recipient, please notify me immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. * ___ -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN
Tortise schreef: - Original Message - From: Seth Mos seth@xs4all.nl To: support@pfsense.com Sent: Tuesday, October 27, 2009 8:08 PM Mmm well one can still do it one per LAN. I wonder if using VLANs might give more scope? Yes, when you create vlans in pfSense they become interfaces you can configure seperately. So each vlan can have it's own specific boot file name. You will need to put these machines on their respective vlan. Alternatively use something like syslinux to boot. It can hand specific files to the client depending on the mac address. Not sure if that applies to you. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] problems in Netif
Hi all, i'm using pfsense 1.2.2 on a borad with 4 Fisical Interfaces configured in this way: rl1 - WAN rl0 - LAN rl2 - is an 802.1q trunk splitted in three VLAN Now i needed to use the fourth interface in this way: I need this interface to have an IP belonging to the network ip of one of the DMZ of my Firewall ( PIX 525 ). So i set-up a layer-2 connection of the fisical interface rl3 in order to have it on the same subnet of that DMZ. I set up the new OPT-Interface with pfsense-Gui and give it an IP address of the same network; i setup FW rules on this new interface with a permit anyTOany ( as a test ). First question: when i see the routing tables on pfsense it shows me the subnet associated to rl3, but the ip address is associated to lo0 Netif. Could some one explain why ?? Second question: when i test a ping to the PIX-IP on that DMZ i can't reach it ( i'm sure L2-connectivity is OK ); some one could help ?? Thanks a lot in advance, --Andrea -- Ing. Andrea Russos Comune di Modena - Settore Sistemi Informativi CED - Ufficio SistemiReti Tel: +390592033553 e-mail: arus...@comune.modena.it - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] potential pfsense hardware
Has anybody tried pfSense with a board like this? http://www.avalue.com.tw/products/ECM-945GSE.cfm those seem good :) jsut couldn't find anywhere to sell (thus no price tag). If you have any, I am getting a price directly from Avalue USA. The board is in production, and there is no minimum quantity to order. My guess would be a price in the $3-400 range ... I will write it as soon as I hear back from them. Directly from AValue, the price is $265. This price probably does not include RAM, PSU or case. Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] potential pfsense hardware
On 27/10/09 15:42, Jeppe Øland wrote: Has anybody tried pfSense with a board like this? http://www.avalue.com.tw/products/ECM-945GSE.cfm Dual Marvell 88E8053 Gigabit Ehternet hmmm. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] do we support ipsec-nat ?
On Tue, Oct 27, 2009 at 3:56 AM, Fuchs, Martin martin.fu...@trendchiller.com wrote: Hmmm, thats bad... So i really have to take a cisco device for this one gateway :-( but our main firewall stays pfsense ;-) Are there any planst o ever support this ? If the underlying software does, yes. Do you have the link oft he thread ? http://thread.gmane.org/gmane.os.freebsd.devel.net/27201/focus=27218 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org