Re: [pfSense Support] VPN LAN TO LAN
Hi Udo, i want : LAN --- PFSENSE INTERNET YOU i'm currently configuring PPTP on my pfsense box as currently i'm using http to login to the INTERNET then to my PFSENSE any hint on how to apply https over the INTERNET to my PFSENSE box ??? and how could i access my LAN (clients PC) Cheers, Joseph. On Fri, Mar 26, 2010 at 9:45 AM, Udo Müller deb...@cs-ol.de wrote: Hi Joseph, Am 25.03.10 20:53, schrieb Joseph Rotan: thanks very much for the hint as i've managed to create a VPN tunnel to my pfsense box on an ADSL network, after reading a documentation on openvpn website. Great! So you now have a secure tunnel to your pfsense box. However i have a few worries in securing my VPN tunnel; Why do you want to secure your secure tunnel? what i have done i that i made a secure and port https login to my pfsense LAN Do you want to secure a connection to your LAN behind the pfsense box (= VPN) or do you want to secure the http access to your pfsense box from within the lan? but seems that the web browser came up with an error notifiying an invalid certificate. So i just ignore the notification and went ahead to connect to my pfsense box. Can anyone advise on how to secure my VPN tunneling. What do you want: 1) YOU --- LAN --- PFSENSE OR 2) LAN --- PFSENSE INTERNET YOU If 1: Use https with certs If 2: Use your OpenVPN connection. Hope you understand what you mean. Regards Udo - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Firewall drops all packets after upgrade from 1.2 to 1.2.3
Hi, since many years I run multiple pfSense Firewalls very successfully. Since 1.2.3-RELEASE was released I started to upgrade all my pfSenses to this release. It works very well an nearly all machines. But on one system I have problems: After the upgrade from 1.2-RELEASE to 1.2.3-RELEASE all TCP-Packets on the WAN-Interface are dropped by the default rule: block drop out log quick all label Default deny rule This is very strange because I have allowed TCP SSH and HTTP/S access on this Interface. The same problem I have also if I upgrade to other 1.2.x releases. If I downgrade back to 1.2-RELEASE everything works fine again. Has somebody an idea how to find out what the problem is? Regards Bastian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Firewall drops all packets after upgrade from 1.2 to 1.2.3
On Fri, Mar 26, 2010 at 4:56 AM, Bastian Schern m...@reventix.de wrote: Hi, since many years I run multiple pfSense Firewalls very successfully. Since 1.2.3-RELEASE was released I started to upgrade all my pfSenses to this release. It works very well an nearly all machines. But on one system I have problems: After the upgrade from 1.2-RELEASE to 1.2.3-RELEASE all TCP-Packets on the WAN-Interface are dropped by the default rule: block drop out log quick all label Default deny rule This is very strange because I have allowed TCP SSH and HTTP/S access on this Interface. The same problem I have also if I upgrade to other 1.2.x releases. If I downgrade back to 1.2-RELEASE everything works fine again. Has somebody an idea how to find out what the problem is? Probably asymmetric routing. The flags default in newer PF versions in FreeBSD 7.x (pfSense 1.2.1, 1.2.2, 1.2.3) is much more strict than it was in FreeBSD 6.2 (pfSense 1.2). So if the firewall isn't seeing the entire connection (such as only traffic in one direction), it's going to kill that state as it can't properly track the connection state, it looks like spoofed traffic. The fix is to first figure out where the problem is, what's causing the asymmetric routing. Then the solution will depend on the cause. There are many possible causes depending on what's in your network. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Crystalfontz CFA-635 USB LCD
Hi, I'm trying to install a Crystalfontz CFA-635 USB LCD, but apparently, I'm doing something wrong. I'm using pfSense 1.2.3, and lcdproc package v.0.5.2. When plugging the lcd to the USB port 5 (internal port), lcd is well recognized: Kernel: ucom0: Crystalfontz Crystalfontz CFA635-USB LCD, class 0/0, rev 2.00/6.00, addr 2 on uhub2 But then nothing appears on the LCD, only the default CrystalFontz demo message. I have been testing different driver/port configurations, in particular what seems best: the CrystalFontz Packet driver, and the USB COM Port 1 (dev/cuaU0) port. An idea about what I'm doing wrong? Best regards! - Attik System web : http://www.attiksystem.ch Philippe Lang phone: +41 26 422 13 75 rte de la Fonderie 2 gsm : +41 79 351 49 94 1700 Fribourg pgp : http://keyserver.pgp.com PGP.sig Description: PGP signature
RE: [pfSense Support] VPN LAN TO LAN
-- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org