[pfSense Support] bandwidth management user based
hi dear is there any chance to manage bandwidth on user bases or group based thanking you chetan
[pfSense Support] Serious issue with PPTP VPN
Ok, I'm not sure where to begin troubleshooting on this one. I'm running 1.2.3-RC (I'll be upgrading to RELEASE this weekend during a maintenance window). I have discovered that a blank user/pass in the Windows PPTP client is accepted by the PPTP VPN server on pfSense. Any thoughts. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense embedded : how to pronlong states sessions
I have a SIP solution behind pfSense now (this morning it was sitting behind a monowall setup on a pentium3 computer). PfSense being installed on an Alix 2D13 now, opened up ports 5060 tcp/udp and the SIP device (an SPA-2102) registers every 180 seconds. But the ip-state is being deleted every 60 seconds... and this is every 180 seconds so. Ok, I can lessen the amount of time between registers, but what bothers me that this worked without a configuration-change (besides NAT ofcourse) on a monowall setup. Can I prolong the time of a certain state (for instance, only SIP traffic ?)... I already tried it within RULES, in the Advanced - there is a state-timeout... but setting this to 240 doesn't seem to help... I did this on both LAN outgoing, as on WAN incoming 5060. I'll install the sipproxd package, if this would solve things, but this sounds to me that it would only solve issues when using multiple SIP devices behind NAT... Any thoughts ? Kind regards, Michel Servaes - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Serious issue with PPTP VPN
On Fri, Jan 15, 2010 at 1:02 PM, Curtis LaMasters wrote: > Ok, I'm not sure where to begin troubleshooting on this one. I'm > running 1.2.3-RC (I'll be upgrading to RELEASE this weekend during a > maintenance window). I have discovered that a blank user/pass in the > Windows PPTP client is accepted by the PPTP VPN server on pfSense. > Any thoughts. Not on any of mine. Maybe if you're authenticating to a RADIUS server that tells pfSense a blank user/pass is OK (which would be the fault of your RADIUS server). How do you have it setup? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Serious issue with PPTP VPN
I also just tested on my pfSense firewalls and they do not accept the blank username and password. Joe > From: Chris Buechler > Reply-To: > Date: Fri, 15 Jan 2010 14:16:33 -0500 > To: > Subject: Re: [pfSense Support] Serious issue with PPTP VPN > > On Fri, Jan 15, 2010 at 1:02 PM, Curtis LaMasters > wrote: >> Ok, I'm not sure where to begin troubleshooting on this one. I'm >> running 1.2.3-RC (I'll be upgrading to RELEASE this weekend during a >> maintenance window). I have discovered that a blank user/pass in the >> Windows PPTP client is accepted by the PPTP VPN server on pfSense. >> Any thoughts. > > Not on any of mine. Maybe if you're authenticating to a RADIUS server > that tells pfSense a blank user/pass is OK (which would be the fault > of your RADIUS server). How do you have it setup? > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense embedded : how to pronlong states sessions
On Fri, Jan 15, 2010 at 1:55 PM, Michel Servaes wrote: > I have a SIP solution behind pfSense now (this morning it was sitting > behind a monowall setup on a pentium3 computer). > PfSense being installed on an Alix 2D13 now, opened up ports 5060 > tcp/udp and the SIP device (an SPA-2102) registers every 180 seconds. > > But the ip-state is being deleted every 60 seconds... and this is > every 180 seconds so. > See #2 here: http://doc.pfsense.org/index.php/VoIP_Configuration - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Serious issue with PPTP VPN
Chris Buechler wrote: On Fri, Jan 15, 2010 at 1:02 PM, Curtis LaMasters wrote: Ok, I'm not sure where to begin troubleshooting on this one. I'm running 1.2.3-RC (I'll be upgrading to RELEASE this weekend during a maintenance window). I have discovered that a blank user/pass in the Windows PPTP client is accepted by the PPTP VPN server on pfSense. Any thoughts. Not on any of mine. Maybe if you're authenticating to a RADIUS server that tells pfSense a blank user/pass is OK (which would be the fault of your RADIUS server). How do you have it setup? There is an option in the Windows client to use the logon credentials (Automatically use my Windows logon name and password(and domain if any).) If you happened to have that selected... Lyle Giese LCR Computer Services, Inc.
Re: [pfSense Support] pfSense embedded : how to pronlong states sessions
I have a SIP solution behind pfSense now (this morning it was sitting behind a monowall setup on a pentium3 computer). PfSense being installed on an Alix 2D13 now, opened up ports 5060 tcp/udp and the SIP device (an SPA-2102) registers every 180 seconds. But the ip-state is being deleted every 60 seconds... and this is every 180 seconds so. See #2 here: http://doc.pfsense.org/index.php/VoIP_Configuration - You are the gr8est - but that is info you already knew ;-) I was searching the book how to prolong this by the means of searching through states - but step2, setting the firewall to conservative works brilliantly ! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Serious issue with PPTP VPN
> There is an option in the Windows client to use the logon credentials > (Automatically use my Windows logon name and password(and domain if any).) > > If you happened to have that selected... > > Lyle Giese > LCR Computer Services, Inc. Yes, RADIUS back end to Server 2008 NAP. I'll have to dig into the config again to verify the allow any user/pass or blank. I won't accept incorrect information so that is somewhat comforting. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] virtual ip
Hi I have two questions regarding virtual ip. 1. Question. Imagine a setup where I have /30 as wan ip and routed a /29 public ip net to that address. I have several lan-interfaces that I want to separate, so that every lan net will be natted through its own public ip. If I have understood correctly, then I don't need to set up an interface with the public ip net, as long as I'm using "other" VIPs. Is that right? 2. Question. Imagine a setup where I have /30 as wan ip and routed a /29 public ip net to that address. I want to hand some of the public ips directly to servers, and I want to use some as virtual ips. If I have understood correctly, then I would set up an interface with the public ip net. But what vips will I use? Kind regards Anders - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] virtual ip
> -Original Message- > From: a_subscribti...@fiberby.dk [mailto:a_subscribti...@fiberby.dk] > Sent: Friday, January 15, 2010 2:06 PM > To: support@pfsense.com > Subject: [pfSense Support] virtual ip > > Hi > > I have two questions regarding virtual ip. > > 1. Question. > Imagine a setup where I have /30 as wan ip and routed a /29 public ip > net to > that address. > I have several lan-interfaces that I want to separate, so that every > lan net > will be natted through its own public ip. > If I have understood correctly, then I don't need to set up an > interface > with the public ip net, as long as I'm using "other" VIPs. > Is that right? > > 2. Question. > Imagine a setup where I have /30 as wan ip and routed a /29 public ip > net to > that address. > I want to hand some of the public ips directly to servers, and I want > to use > some as virtual ips. > If I have understood correctly, then I would set up an interface with > the > public ip net. But what vips will I use? > > Kind regards Anders Please don't double post... you asked this question on Wed 1/13/2010 3:59 AM. Best Regards, Nathan Eisenberg - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
SV: [pfSense Support] virtual ip
-Oprindelig meddelelse- Fra: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] Sendt: 15. januar 2010 23:17 Til: support@pfsense.com Emne: RE: [pfSense Support] virtual ip > -Original Message- > From: a_subscribti...@fiberby.dk [mailto:a_subscribti...@fiberby.dk] > Sent: Friday, January 15, 2010 2:06 PM > To: support@pfsense.com > Subject: [pfSense Support] virtual ip > > Hi > > I have two questions regarding virtual ip. > > 1. Question. > Imagine a setup where I have /30 as wan ip and routed a /29 public ip > net to > that address. > I have several lan-interfaces that I want to separate, so that every > lan net > will be natted through its own public ip. > If I have understood correctly, then I don't need to set up an > interface > with the public ip net, as long as I'm using "other" VIPs. > Is that right? > > 2. Question. > Imagine a setup where I have /30 as wan ip and routed a /29 public ip > net to > that address. > I want to hand some of the public ips directly to servers, and I want > to use > some as virtual ips. > If I have understood correctly, then I would set up an interface with > the > public ip net. But what vips will I use? > > Kind regards Anders Please don't double post... you asked this question on Wed 1/13/2010 3:59 AM. Best Regards, Nathan Eisenberg Ok, But if you are able, I'll really appreciate your or someone else help. Kind regards, Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] virtual ip
On 1/15/10 2:36 PM, a_subscribti...@fiberby.dk wrote: >> 1. Question. >> Imagine a setup where I have /30 as wan ip and routed a /29 public ip >> net to >> that address. This part is unclear. If your WAN interface uses a /30 prefix (255.255.255.252), then you are on a /30 subnet, not a /29 subnet. >> I have several lan-interfaces that I want to separate, so that every >> lan net >> will be natted through its own public ip. This can be true for only very small instances of "several": - with a /29 there are six valid hosts possible, one of which is your ISP's router - with a /30 there are two valid hosts possible, one of which is your ISP's router In the former case, yes, you can map each of five IP addresses on your WAN interface to some other address(es) on your protected interfaces. In the latter case, you have only one routable address. You still can map multiple services onto this address but you'd need different port numbers for each (to make up an example, you could map ports , 1 and 2 to three different sshd servers on your protected network). dn >> If I have understood correctly, then I don't need to set up an >> interface >> with the public ip net, as long as I'm using "other" VIPs. >> Is that right? >> >> 2. Question. >> Imagine a setup where I have /30 as wan ip and routed a /29 public ip >> net to >> that address. >> I want to hand some of the public ips directly to servers, and I want >> to use >> some as virtual ips. >> If I have understood correctly, then I would set up an interface with >> the >> public ip net. But what vips will I use? >> >> Kind regards Anders > > > Please don't double post... you asked this question on Wed 1/13/2010 3:59 > AM. > > Best Regards, > Nathan Eisenberg > > Ok, But if you are able, I'll really appreciate your or someone else help. > > Kind regards, > Anders Dahl > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
SV: SV: [pfSense Support] virtual ip
Thanks David I'll try to clear things up. Recall that my issue here is what kind of virtual ip I must choose. In this setup, the only thing I'm interested in, is that my clients have access to the internet and nothing else. I have 60 vlans all with a private /24 ip-net. My WAN is xxx.xxx.xxx.xxx/30 and then I have a /26 public ip net routed to that WAN address. I can then make 60 virtual ip-adresses and in "outbound nat" choose to have each vlan leaving the firewall through its own public ip-address. But what virtual ip should I choose? I read the "virtual ip" section in Chris book, but still I'm insecure, probably because I sometimes have problems with the terminology. But if I have understood correctly, then I don't need to set up the (assign it to a interface) /26 public ip net on the pfsense, as long as I'm using "other" Virtual ips. I'm not sure that it got clearer. If you still don't understand, then please let me know. Kind regards Anders -Oprindelig meddelelse- Fra: David Newman [mailto:dnew...@networktest.com] Sendt: 16. januar 2010 00:07 Til: support@pfsense.com Emne: Re: SV: [pfSense Support] virtual ip On 1/15/10 2:36 PM, a_subscribti...@fiberby.dk wrote: >> 1. Question. >> Imagine a setup where I have /30 as wan ip and routed a /29 public ip >> net to >> that address. This part is unclear. If your WAN interface uses a /30 prefix (255.255.255.252), then you are on a /30 subnet, not a /29 subnet. >> I have several lan-interfaces that I want to separate, so that every >> lan net >> will be natted through its own public ip. This can be true for only very small instances of "several": - with a /29 there are six valid hosts possible, one of which is your ISP's router - with a /30 there are two valid hosts possible, one of which is your ISP's router In the former case, yes, you can map each of five IP addresses on your WAN interface to some other address(es) on your protected interfaces. In the latter case, you have only one routable address. You still can map multiple services onto this address but you'd need different port numbers for each (to make up an example, you could map ports , 1 and 2 to three different sshd servers on your protected network). dn >> If I have understood correctly, then I don't need to set up an >> interface >> with the public ip net, as long as I'm using "other" VIPs. >> Is that right? >> >> 2. Question. >> Imagine a setup where I have /30 as wan ip and routed a /29 public ip >> net to >> that address. >> I want to hand some of the public ips directly to servers, and I want >> to use >> some as virtual ips. >> If I have understood correctly, then I would set up an interface with >> the >> public ip net. But what vips will I use? >> >> Kind regards Anders > > > Please don't double post... you asked this question on Wed 1/13/2010 3:59 > AM. > > Best Regards, > Nathan Eisenberg > > Ok, But if you are able, I'll really appreciate your or someone else help. > > Kind regards, > Anders Dahl > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: SV: [pfSense Support] virtual ip
a_subscribti...@fiberby.dk wrote: But what virtual ip should I choose? Both 'other' and 'proxy-arp' should be ok but I've never used 'other' and I think 'proxy-arp' should definitely work in your case. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
