Re: [pfSense Support] VPN LAN TO LAN
Hi, i'm curently jammed in setting up VPN on my pfsense box been reading all the discussion it seems most have achieved a VPN configuration. I not specialise on IT pros but interested to learn. Is there anyone could please help me out in setting up VPN on my pfsense. Thanks, Joseph. On Sat, Mar 6, 2010 at 7:02 AM, Vick Khera vi...@khera.org wrote: On Wed, Mar 3, 2010 at 9:28 AM, Rafael Cristian Machado de Avila rcristia...@gmail.com wrote: Also not sure what kind of access will be made between the networks. Example Active Directory, File Server, administrative applications This is one of the main uses we make of pfSense. I have two offices, a data center, and two home offices all linked together via IPsec VPN and pfSense at each point. The offices and data center use fixed endpoints (fixed IP) and the home offices use client mode. In client mode you can only make the connections outbound so if the IPsec circuit is not up, you cannot force it up from the main office, for example. Only a client at the home office can cause it to start up. This is easily worked around using appropriate keepalive settings. You can control what traffic flows to where via the firewall rules under the firewall's IPsec tab. We just leave it open. Over the vpn hops, we run mostly internal HTTP servers, SIP, ssh, and IMAP for mail access to the main office. If you have enough bandwidth to support what your purpose is, pfSense will not be the bottleneck. It is rock solid reliable and has been for years. You will be happy with it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] help -- policy routing problem
hi all, i've got a serious policy routing problem that i cannot seem to overcome. the pfsense box has three interfaces: two are wan ports and one is lan -- both wan ports share the same physical media and use the same gateway. they each have a different ip address. i need to route outbound mail traffic out of one specific interface and voip out the other (among other requirements). since the gateway's are the same, and because i cannot specify the interface but only the next router, pfsense seems to choose the first/lowest interface to send mail. is there a way around this? thanks m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] help -- policy routing problem
On Thu, Mar 18, 2010 at 3:04 PM, mayak-cq ma...@australsat.com wrote: hi all, i've got a serious policy routing problem that i cannot seem to overcome. the pfsense box has three interfaces: two are wan ports and one is lan -- both wan ports share the same physical media and use the same gateway. they each have a different ip address. i need to route outbound mail traffic out of one specific interface and voip out the other (among other requirements). since the gateway's are the same, and because i cannot specify the interface but only the next router, pfsense seems to choose the first/lowest interface to send mail. is there a way around this? thanks m I have not tested this but an advanced outbound NAT setup where you specify either the source or destination port and NAT address could work. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] help -- policy routing problem
This will not work. Both gateways are the same, which is how routing is being done. Setting up another NAT device in front of one of the WAN interfaces is a kludgy workaround. Otherwise, I'm afraid you're out of luck. Curtis LaMasters wrote: On Thu, Mar 18, 2010 at 3:04 PM, mayak-cq ma...@australsat.com wrote: hi all, i've got a serious policy routing problem that i cannot seem to overcome. the pfsense box has three interfaces: two are wan ports and one is lan -- both wan ports share the same physical media and use the same gateway. they each have a different ip address. i need to route outbound mail traffic out of one specific interface and voip out the other (among other requirements). since the gateway's are the same, and because i cannot specify the interface but only the next router, pfsense seems to choose the first/lowest interface to send mail. is there a way around this? thanks m I have not tested this but an advanced outbound NAT setup where you specify either the source or destination port and NAT address could work. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] help -- policy routing problem
On Thu, Mar 18, 2010 at 4:04 PM, mayak-cq ma...@australsat.com wrote: hi all, i've got a serious policy routing problem that i cannot seem to overcome. the pfsense box has three interfaces: two are wan ports and one is lan -- both wan ports share the same physical media and use the same gateway. they each have a different ip address. i need to route outbound mail traffic out of one specific interface and voip out the other (among other requirements). since the gateway's are the same, and because i cannot specify the interface but only the next router, pfsense seems to choose the first/lowest interface to send mail. Short of an intermediate NAT device as Gary said, you have no other options with the same gateway unless you can put both IPs on one interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] help -- policy routing problem
hi all, thanks for the incredibly quick responses ... i'll ask the provider to put a second ip address on his router to get around the problem. i can't be the only one! pfsense is fantastic! cheers m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] help -- policy routing problem
On 3/18/2010 4:11 PM, Chris Buechler wrote: On Thu, Mar 18, 2010 at 4:04 PM, mayak-cq ma...@australsat.com wrote: hi all, i've got a serious policy routing problem that i cannot seem to overcome. the pfsense box has three interfaces: two are wan ports and one is lan -- both wan ports share the same physical media and use the same gateway. they each have a different ip address. i need to route outbound mail traffic out of one specific interface and voip out the other (among other requirements). since the gateway's are the same, and because i cannot specify the interface but only the next router, pfsense seems to choose the first/lowest interface to send mail. Short of an intermediate NAT device as Gary said, you have no other options with the same gateway unless you can put both IPs on one interface. I think Ermal or Scott pointed out a commit a few weeks ago that ECMP was committed upstream, so it's possible that in the future, we won't be stuck with this limitation. (Which will be a very happy day indeed for many users.) Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] help -- policy routing problem
Just a stupid qestion, but can you setup a virtual IP for either your mail server, your voip device or both? Ryan Rodrigue P.O. Box 4336 Systems Technician Houma, LA 70361 A A R Electronics, Inc Phone (985) 876-4096 510 West Tunnel Blvd Phone (800) 649-7346 Houma LA 70360 Fax (985) 853-1034 radiote...@aaremail.com www.aarelectronics.com -Original Message- From: mayak-cq [mailto:ma...@australsat.com] Sent: Thursday, March 18, 2010 3:36 PM To: support@pfsense.com Subject: Re: [pfSense Support] help -- policy routing problem hi all, thanks for the incredibly quick responses ... i'll ask the provider to put a second ip address on his router to get around the problem. i can't be the only one! pfsense is fantastic! cheers m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org __ Information from ESET NOD32 Antivirus, version of virus signature database 4956 (20100318) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 4956 (20100318) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
