Re: [pfSense Support] Happy Birthday Chris

2011-08-18 Thread Carlos Vicente 
Portugal is here to congratulate you too! Enjoy your life!

On Thu, Aug 18, 2011 at 6:18 AM, Glenn Kelley  wrote:

> Happy Birthday Chris
>
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] Fwd: Squid uninstall/install problem

2011-08-08 Thread Carlos Vicente 
Chris,

thank you for your response. I solved the problem based on this post:
http://forum.pfsense.org/index.php?topic=6484.0

Thanks again and keep up with the excelente job!

Carlos

On Mon, Aug 8, 2011 at 1:21 AM, Chris Buechler  wrote:

> On Sun, Aug 7, 2011 at 11:20 AM, Carlos Vicente 
> wrote:
> > Hi again,
> >
> > this problem is on a production pfSense. Is there a way of removing any
> > reference of squid on GUI? I think it's uninstalled from system. I need
> to
> > reinstall the package.
>
> Backup the config, manually remove anything related to it, and restore
> is one way. Could be something easier but not sure what you're seeing
> there.
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 

***
*http://www.sebastiaoguerra.com* <http://www.sebastiaoguerra.com>
*http://www.atelierdamoto.com* <http://www.atelierdamoto.com>
*http://www.blocoa3.com* <http://www.blocoa3.com/>
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

[pfSense Support] Fwd: Squid uninstall/install problem

2011-08-07 Thread Carlos Vicente 
Hi again,

this problem is on a production pfSense. Is there a way of removing any
reference of squid on GUI? I think it's uninstalled from system. I need to
reinstall the package.

Any help would be appreciated.
Regards,
Carlos

-- Forwarded message --
From: Carlos 
Date: Fri, Aug 5, 2011 at 1:56 AM
Subject: Squid uninstall/install problem
To: support@pfsense.com


Hi all,

** **

I have a pfSense 1.2.3 box running squid, when I tried to upgrade (reinstall
the package) from version 2.7.9_4 to the latest 2.7.9_4.1, it didn’t
complete the process, was removed from the services GUI but it’s still in
the Installed Packages. I reboot the box, tried to remove the package,
reinstall it but can’t get it done.

** **

Any ideas/workaround?

Thanks in advance.

** **

Carlos



-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] Certificate

2011-06-21 Thread Carlos Vicente 
You can create 2048 bits certificates (OpenVPN), all you need is to change
that specific line on the vars file before creating the certificates

On Tue, Jun 21, 2011 at 4:54 PM, Atkins, Dwane P wrote:

>  Is PfSense Version 1.2.3 capable of handling 2048 bit certificate?  Or
> does it need to be 1024 bit?
>
>
> Dwane
>



-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] 2 squidguards, no filtering

2011-06-15 Thread Carlos Vicente 
Luke, I had a similar problem. This was my workaround: if you have "Groups
ACL" configured, the blocked sites on "Common ACL" don't work. So you must
configure all the restrictions on each group created on "Groups ACL".

Hope it helps

On Wed, Jun 15, 2011 at 4:39 PM, Luke Jaeger  wrote:

> hi Jim / Chris,
>
> I noticed that sites weren't being blocked so I restarted squid &
> squidguard from the GUI.
> They wouldn't restart so I rebooted the whole box.
> Now I see 2 instances of squidguard running, but it's still possible to
> connect to banned sites.
>
> Anything else I should try?
>
>
>
> Luke Jaeger | Technology Coordinator
> Pioneer Valley Performing Arts Charter Public School
> www.pvpa.org
>
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>



-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] IPSEC problem on pfSense 1.2.3

2011-06-01 Thread Carlos Vicente 
That's what I thought. Will the version 2.0 support NAT-T and IPSEC VPN
supported by iPhone and iPad?

Thank you very much for your help.

On Wed, Jun 1, 2011 at 5:18 PM, Vick Khera  wrote:

> On Wed, Jun 1, 2011 at 11:47 AM, Carlos Vicente wrote:
>
>> My pfSense box is behind a ISP modem router, which forwards ports UDP 500
>> and UDP 4500 (just in case) to the WAN interface of my box (which is on the
>> LAN interface of the router). I use DynDns (on the ISP router) to access my
>> pfSense from internet. On the client side i use the virtual adapter and gave
>> it an IP 192.168.13.1 (doesn't overlap the LAN on the pfSense side).
>>
>
> 1.2.3 does not support NAT-T, which you would seem to need for this case.
>  OpenVPN is the way to go.
>



-- 

***
*http://www.sebastiaoguerra.com* <http://www.sebastiaoguerra.com>
*http://www.atelierdamoto.com* <http://www.atelierdamoto.com>
*http://www.blocoa3.com* <http://www.blocoa3.com/>
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] IPSEC problem on pfSense 1.2.3

2011-06-01 Thread Carlos Vicente 
Thanks Vick for your response,

I should have posted more information, so here it goes:
- IPSEC Client: Shrew VPN Client 2.1.7 for Windows;
- The tunnel goes up but i can´t ping the pfSense box (i have a rule for
that on ipsec tab firewall);
- pfSense doesn't log anything from and to IPSEC VPN;
- I'm using single hosts now, but i've tried with networks (on IPSEC
firewall rules in pfSense) and a IP from that network on the client side
config.

My pfSense box is behind a ISP modem router, which forwards ports UDP 500
and UDP 4500 (just in case) to the WAN interface of my box (which is on the
LAN interface of the router). I use DynDns (on the ISP router) to access my
pfSense from internet. On the client side i use the virtual adapter and gave
it an IP 192.168.13.1 (doesn't overlap the LAN on the pfSense side).

ISP Modem router WAN (DHCP)
pfSense WAN IP 192.168.1.65 (connected on the LAN interface of the ISP
router)
pfSense LAN 192.168.5.0/24
IPSEC VPN client IP 192.168.13.1

Here are some logs from the VPN connection:
NOTE: I replaced the public IP with xxx.xxx.xxx.x

 racoon: *[Self]*: INFO: 192.168.5.1[500] used as isakmp port (fd=17)  racoon:
*[Self]*: INFO: 192.168.1.65[500] used as isakmp port (fd=16)  racoon: *
[Self]*: INFO: 127.0.0.1[500] used as isakmp port (fd=15)  racoon: *[Self]*:
INFO: 192.168.0.1[500] used as isakmp port (fd=14)  racoon: *[Self]*: INFO:
192.168.5.1[500] used as isakmp port (fd=17)  racoon: *[Self]*: INFO:
192.168.1.65[500] used as isakmp port (fd=16)  racoon: *[Self]*: INFO:
127.0.0.1[500] used as isakmp port (fd=15)  racoon: *[Self]*: INFO:
192.168.0.1[500] used as isakmp port (fd=14)  racoon: ERROR: such policy
does not already exist: "0.0.0.0/0[0] 192.168.13.1/32[0] proto=any
dir=out"  racoon:
ERROR: such policy does not already exist: "192.168.13.1/32[0]
0.0.0.0/0[0]proto=any dir=in"  racoon:
INFO: IPsec-SA established: ESP 192.168.1.65[0]->xxx.xxx.xxx.x[0]
spi=1491121(0x16c0b1)  racoon: INFO: IPsec-SA established: ESP
xxx.xxx.xxx.x[0]->192.168.1.65[0] spi=115113049(0x6dc7c59)  racoon: INFO: no
policy found, try to generate the policy : 192.168.13.1/32[0]
0.0.0.0/0[0]proto=any dir=in  racoon:
INFO: respond new phase 2 negotiation:
192.168.1.65[0]<=>xxx.xxx.xxx.x[0]  racoon:
INFO: ISAKMP-SA established 192.168.1.65[500]-xxx.xxx.xxx.x[10177]
spi:af896a91dc59d1dc:a6d17e37deb7e875  racoon: INFO: received Vendor ID:
CISCO-UNITY  racoon: INFO: received Vendor ID: DPD  racoon: INFO: received
broken Microsoft ID: FRAGMENTATION  racoon: INFO: received Vendor ID: RFC
3947  racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03  racoon:
INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02  racoon: INFO:
received Vendor ID: draft-ietf-ipsec-nat-t-ike-01  racoon: INFO: received
Vendor ID: draft-ietf-ipsec-nat-t-ike-00  racoon: INFO: begin Aggressive
mode.  racoon: INFO: respond new phase 1 negotiation:
192.168.1.65[500]<=>xxx.xxx.xxx.x[10177]
I hope this is all understandable...

Thanks again,

Carlos


On Wed, Jun 1, 2011 at 3:54 PM, Vick Khera  wrote:

> On Wed, Jun 1, 2011 at 6:42 AM, Carlos Vicente 
> wrote:
> > I have pfSense 1.2.3 with OpenVPN working. I want IPSEC for mobile
> clients
> > on the same box, so I configured it and I can bring the tunnel up, but I
> > can´t ping, or access the lan address of the box.
> > The firewall rules on ipsec tab are correct, but i can´t see any traffic
> on
> > the firewall log from ipsec interface.
> >
>
> On 1.2.3 mobile clients work really well.  What is your mobile client
> software? Does it show the tunnel up as well?  Does pfSense log
> anything when you ping it via the vpn?
>
> If your mobile clients are not LANs but just single hosts, then I'd
> really suggest sticking with OpenVPN.  It is much more robust at
> dealing with any sort of intermediate network hops.
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 

***
*http://www.sebastiaoguerra.com* <http://www.sebastiaoguerra.com>
*http://www.atelierdamoto.com* <http://www.atelierdamoto.com>
*http://www.blocoa3.com* <http://www.blocoa3.com/>
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

[pfSense Support] IPSEC problem on pfSense 1.2.3

2011-06-01 Thread Carlos Vicente 
Hi all,

I have pfSense 1.2.3 with OpenVPN working. I want IPSEC for mobile clients
on the same box, so I configured it and I can bring the tunnel up, but I
can´t ping, or access the lan address of the box.
The firewall rules on ipsec tab are correct, but i can´t see any traffic on
the firewall log from ipsec interface.

Thanks is advance,

Carlos

-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] Remote Admin of pfSense via ssh

2011-05-19 Thread Carlos Vicente 
Mehma,

I'm not sure of what is your issue here, but one thing is for sure: if you
want to admin a box remotely, it would be higly advisable to do that through
a VPN. Leaving the SSH port open on the WAN interface is not a good security
policy, even if you change the port 22 to another one.

Hope this helps.

On Thu, May 19, 2011 at 11:41 AM, Mehma Sarja  wrote:

> Never had the need nor opportunity to admin a box remotely - so this
> question may be as trivial as ssh in and maintain pf.conf and
> config.xml. Any experiences?
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] squid+squidguard problem

2011-03-31 Thread Carlos Vicente 
Hi,

I'm having exactly the same problem. I tried the same workaround of Country
Block, by removing the .log file of squidguard package in /tmp, then fresh
install the package, booted the box, but the problem persists.

Carlos

On Thu, Mar 31, 2011 at 3:02 AM, Volkan VURAL  wrote:

> Hi,
>
> Squid+squidguard randomly stop filtering and pass all traffic. (pfsense
> 1.2.3, squid 2.7.9_4, squidGuard 1.4_3 pkg v.1.9) ...
> But another my pfsense system (pfsense 1.2.3, squid 2.7.9_4, squidGuard
> 1.3_1 pkg v.1.9) working good.
>
> When i add new squidguard packet than  squid and squidguard not working..
> If i remove squidguard, squid is good working.
>
> I tried reinstalled squid + squidguard ...
>
> And system logs are here :
>
> Mar 31 04:46:55 Squid_Alarm[4828]: Squid has exited. Reconfiguring filter.  
> Mar
> 31 04:46:55 Squid_Alarm[4830]: Attempting restart...  Mar 31 04:46:55 
> squid[4837]:
> Squid Parent: child process 4840 started  Mar 31 04:46:55 squid[4840]: The
> url_rewriter helpers are crashing too rapidly, need help!  Mar 31 04:46:55 
> kernel:
> pid 4840 (squid), uid 62: exited on signal 6  Mar 31 04:46:55 squid[4837]:
> Squid Parent: child process 4840 exited due to signal 6  Mar 31 04:46:58 
> Squid_Alarm[4867]:
> Reconfiguring filter...  Mar 31 04:46:58 squid[4837]: Squid Parent: child
> process 4929 started  Mar 31 04:46:58 Squid_Alarm[4942]: Squid has
> resumed. Reconfiguring filter.  Mar 31 04:46:58 squid[4929]: The
> url_rewriter helpers are crashing too rapidly, need help!
> Volkan
>
>


-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] can't block https://facebook.com via firefox

2011-03-23 Thread Carlos Vicente 
Hi,

have you considered to use squidguard with the URL Blocklist shallalist.de?
I have one deployment with squid (not in transparent mode, using port TCP
3128), squidguard and HAVP and I can block about all social network traffic.

Carlos

On Tue, Mar 22, 2011 at 4:53 PM, Luke Jaeger  wrote:

> Hello,
>
> I have squid configured as transparent proxy on my network.
>
> Students have figured out that if they use Firefox and set its internal
> network settings to "no proxy", they can get to banned sites such as
> facebook via https.
>
> Firefox is the only browser I know of that lets you override system proxy
> settings, which we keep locked down.
>
> Is there any way to fix this?
>
> thanks -
>
>
> Luke Jaeger | Technology Coordinator
> Pioneer Valley Performing Arts Charter Public School
> www.pvpa.org
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

[pfSense Support] User with limited privileges

2011-02-25 Thread Carlos Vicente 
Hi all,

I have a full functional pfSense 1.2.3, as a perimeter firewall, with the
following services running: OPEN VPN Server, Squid, SquidGuard and
LightSquid.
My question is: is there a way of creating a user, without elevated
privileges, to give access only to the reports of LightSquid. I don't want
any client to have access the others features of pfSense.

Thanks in advance.

Carlos


-- 

***
*http://www.sebastiaoguerra.com* 
*http://www.atelierdamoto.com* 
*http://www.blocoa3.com* 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer

Re: [pfSense Support] Problems with Country Block 0.2.0

2011-02-14 Thread Carlos Vicente 
Thanks a lot Mehma, it solved the problem on version 0.2.0 too.

Regards,

Carlos

On Mon, Feb 14, 2011 at 6:33 PM, Mehma Sarja  wrote:

> On 2/14/11 10:27 AM, Carlos Vicente wrote:
>
> [snip]
>
>
>> I removed the package, reinstalled it, boot the box, etc. but the problem
>> mantains.
>>
> Carlos,
>
> I posted my adventures with Country block a few days ago. Encountered the
> same problem as you, although I am not on 2.0. Here is what solved my
> problem:
>
> a.  delete the package
> b.  delete /tmp/pkg_mgr_Country Block.log file
> c.  reinstall the package and follow the
> country-selection-and-enable-the-block process
>
> Mehma
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

[pfSense Support] Problems with Country Block 0.2.0

2011-02-14 Thread Carlos Vicente 
Hi,

I installed Country Block 0.1.9 on 4 production pfsense (1.2.3 release) box
and it was running without any (major) problem. When I upgraded it to
version 0.2.0, I can´t get it work. I choose de countries to block (7),
commit the changes, then select "Enable Country Block" and save. The result
is the service is running but it says that I'm blocking zero networks.

I removed the package, reinstalled it, boot the box, etc. but the problem
mantains.

Any help would be apreciated.

Thanks in advance.

Carlos

Re: [pfSense Support] Open VPN setup

2010-02-26 Thread Carlos Vicente 
Try this link
http://openvpn.net/index.php/open-source/documentation/howto.html#examples,
reference "Routing all client traffic (including web-traffic) through the
VPN"


On Fri, Feb 26, 2010 at 10:38 AM, Abdulrehman  wrote:

> I need to setup an OpenVPN scenario with pfsense. I want to connect to a
> remote network and also want to use the gateway of that remote network.
> Means if i am connected to VPN then all my internet traffic will go out
> through gateway of that network. Is it possibleplease help
>
> Regards
> Abdulrehman
>



-- 
--
Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e
destinados,
exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este
e-mail por
erro, por favor, contacte-nos. Obrigado.
This e-mail and any files transmitted with it are confidential and intended
solely for the use of
the individual or entity to whom they are addressed. If you have received
this e-mail in error
please notify us.



Antes de imprimir este e-mail pense se necessita mesmo de o fazer