[pfSense Support] Multi WAN - Failover doubts.
Hi everyone, Good morning/evening. I'm setting a PFSENSE box in a remote office with 2 WAN links (2MB each one) I just set the failover configuration, and made some tests. Unfortunately I don't know what is the time to wait for the gateway change. I've disconnected WAN1 and waited for 2 minutes and nothing happened. How long it takes to change the gateway? (in seconds I guess) Is there a way to change that time? Another doubt is about the external IP to monitor the link (talking about the failover config). Is it necessary to set 2 different IPs, right? I was using just one so I read something about that, telling to use 2 different addresses. example: WAN1 monitoring 200.204.x.x and WAN2 monitoring 201.70.x.x Thanks!!! Cordially, Fabrício. |||Fabrício Ferreira|||
RES: [pfSense Support] Multi WAN - Failover doubts.
Thanks Everyone! Actually I made it work, but not using the same monitoring address on both interfaces. I chose an external DNS server for the WAN1 (200.221.11.100), and another one (the secondary) DNS server for the WAN2 (200.221.11.101), so it worked out! (of course I could use anything I wanted, Since they were different) Just for a test, try to monitor the same address on both link so disconnect the main one and wait for the gateway change. It doesn´t work. But if you use two different addresses it works really fine! By the way, it took 10 seconds at all to change the Gateway. really fast! Once again, Thanks a Lot! You guys are really good! PFSENSE is an AWESOME Multi-Purpose firewall. Congratulations! Cordially, Fabrício. De: Benjamin LAUGIER [mailto:benjamin.laug...@gmail.com] Enviada em: terça-feira, 10 de agosto de 2010 14:19 Para: support@pfsense.com Assunto: Re: [pfSense Support] Multi WAN - Failover doubts. My bad :-) But glad to hear that. In fact, it sounds that the version I was using a couple of weeks ago (beta 2 - build 20100601) had a limitation in the GUI : you couldn't declare a monitored IP on another network than the one declared on the local interface to monitor. Benjamin.
RES: [pfSense Support] Enable LDAP
Hello Victor. Can I help you? I'm from Brazil... Posso te ajudar? Escreva diretamente para meu E-mail gu...@bol.com.br Até... Fabrício. -Mensagem original- De: Victor Padro [mailto:vpa...@gmail.com] Enviada em: terça-feira, 4 de agosto de 2009 22:27 Para: support@pfsense.com Assunto: Re: [pfSense Support] Enable LDAP On Tue, Aug 4, 2009 at 6:26 PM, Marcelo Silvamarcgui...@yahoo.com.br wrote: Hi, I am PFSense version 1.2.3-RC1, I wonder if you are like the rules of the firewall are for LDAP, my LDAP server is Windows 2003 Server. Excuse my English, I am writing from Brazil. Thanks for the help. Marcelo Silva - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org I can't understand what are you trying to explain, are you trying to authenticate users using LDAP in a MS enviroment? why don't you post your question here(portuguese forum): http://forum.pfsense.org/index.php?PHPSESSID=f61a96472ba74794d9f12dcb61e5dbe0board=12.0 Adeus. -- Linux User #452368 Ubuntu User #28025 Doing a thing well is often a waste of time. //HP Mini 2GB 60GB - Ubuntu Netbook Remix JJ //Core 2 Duo 2.40Ghz 8GB 500GB - Win Vista / 7 /Ubuntu JJ //Core 2 Duo 2.40Ghz 8GB 320GB - MacOS X //Athlon 64 2.7Ghz 8GB 400GB - CentOS 5.3 //Core 2 Duo 1.86Ghz 8GB 1TB - Proxmox 1.3 //Celeron 1.8Ghz 2GB 160GB - pfSense //NSLU2 266Mhz 32MB 1TB - Debian Lenny - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] SQUID Module + LDAP AUTH
Hello People, Is that LDAP AUTH working at PFSense SQUID MODULE? I tried a lot of times to configure that without sucess... I'm using a Win2003Standard Active Directory to authenticate. Here is my config sample: Authentication mode:LDAP LDAP version 3 Authentication server 10.0.0.10 Authentication server port BLANK LDAP server user DN cn=administrator,cn=users,dc=controller,dc=org LDAP password (the admin passwd) LDAP base domaindc=controller,dc=org LDAP search filter sAMAccountName=%s (my domain test name is: controller.org) None of my Active Directory users are working... it's like to use a wrong password. After 3 tries, error message. Any Idea? Thanks a lot.. Cordially, Fabrício. ||| Fabrício Ferreira ||| Especialista em segurança digital e Infraestrutura de redes. MCP * Microsoft Certified Professional. MCNPS * Microsoft Certified Network Product Specialist. Cel: (011) 9937-6605 E-mail: gu...@uol.com.br
RES: [pfSense Support] ping PPTP cleint from lan.
Joe, I read about your problem, and i guess it's a ROUTE/ RULE issue. (maybe some firewall rule issue) Use the packet monitor (Sniffer) and your PFSENSE LOG to find out what's hapenning. Be sure that the packets are reaching the Firewall Interface and where they are stopping. Remember to make the rules at your Firewall and enable the LOG. I guess you have a DESKTOP at the PPTP side, and the PFSENSE Firewall at another. No rules are needed at the Desktop side, but you need to garantee that you are permitting packets from the LAN are passing thru the VPN between the two parts... If you have 2 Firewalls, be sure to review your rules and routing. Enable LOG at both sides. It´s not a PFSENSE problem i guess... It's just a configuration issue... Good Luck! Regards. Fabrício Guzzy. Fabrício Ferreira Espec. T.I. e Segurança Digital. MCP* - Microsoft Certified Professional ConnectCom - São Paulo - Brasil Tel: (011) 5095-1234 Cel: (011) 9937-6605 E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] O conteúdo deste documento está restrito ao interesse das partes e não devera ser divulgado,transcrito ou modificado sem a autorização do seu emitente. The content of this document is restricted to the interest of the parts and can not be divulged,transcript or modified without the authorization of the sender -Mensagem original- De: Joe Vanderstelt [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 31 de maio de 2007 09:31 Para: support@pfsense.com Assunto: [pfSense Support] ping PPTP cleint from lan. Hello, I have a problem with pptp Here is my setup: LAN: 10.0.0.1/8 PPTP-server: 192.168.55.1 PPTP-network:192.168.55.32 The problem is I have full access from VPN - LAN but the other way LAN - VPN client I get nothing. I have tried setting my PPTP-server address to 10.0.0.30 and PPTP-network to 10.0.0.32 (inside my LAN ip range) which did not work. Basically: After I connect a client via pptp I cannot ping the client from a computer inside the lan, but I have full access to the lan from the client. Thanks
RES: [pfSense Support] ping PPTP cleint from lan.
Joe, Well, in your case, if you have FIXED IPs at both sides, YES. Make the STATIC ROUTES and Don't forget the Firewall Rules. Maybe it could be a good idea to read some articles about BSD ROUTING... Just to be sure you're doing right, ok?! Try http://www.openbsd.org/index.html and search for Routing. It´s gonna be great! i'm sure! Good Luck. Fabrício. -Mensagem original- De: Joe Vanderstelt [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 31 de maio de 2007 16:02 Para: support@pfsense.com Assunto: RE: [pfSense Support] ping PPTP cleint from lan. Hello, I think it is route issue also but I do not understand how to set this up correctly. Also when I connect a client from the pfsence box, I can ping the VPN gateway (192.168.55.1) but not the client. Do I need to add a static route in pfsence? Thanks. From: Fabricio Ferreira [mailto:[EMAIL PROTECTED] Sent: Thursday, May 31, 2007 1:11 PM To: support@pfsense.com Subject: RES: [pfSense Support] ping PPTP cleint from lan. Importance: High Joe, I read about your problem, and i guess it's a ROUTE/ RULE issue. (maybe some firewall rule issue) Use the packet monitor (Sniffer) and your PFSENSE LOG to find out what's hapenning. Be sure that the packets are reaching the Firewall Interface and where they are stopping. Remember to make the rules at your Firewall and enable the LOG. I guess you have a DESKTOP at the PPTP side, and the PFSENSE Firewall at another. No rules are needed at the Desktop side, but you need to garantee that you are permitting packets from the LAN are passing thru the VPN between the two parts... If you have 2 Firewalls, be sure to review your rules and routing. Enable LOG at both sides. It´s not a PFSENSE problem i guess... It's just a configuration issue... Good Luck! Regards. Fabrício Guzzy. Fabrício Ferreira Espec. T.I. e Segurança Digital. MCP* - Microsoft Certified Professional ConnectCom - São Paulo - Brasil Tel: (011) 5095-1234 Cel: (011) 9937-6605 E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] O conteúdo deste documento está restrito ao interesse das partes e não devera ser divulgado,transcrito ou modificado sem a autorização do seu emitente. The content of this document is restricted to the interest of the parts and can not be divulged,transcript or modified without the authorization of the sender -Mensagem original- De: Joe Vanderstelt [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 31 de maio de 2007 09:31 Para: support@pfsense.com Assunto: [pfSense Support] ping PPTP cleint from lan. Hello, I have a problem with pptp Here is my setup: LAN: 10.0.0.1/8 PPTP-server: 192.168.55.1 PPTP-network:192.168.55.32 The problem is I have full access from VPN - LAN but the other way LAN - VPN client I get nothing. I have tried setting my PPTP-server address to 10.0.0.30 and PPTP-network to 10.0.0.32 (inside my LAN ip range) which did not work. Basically: After I connect a client via pptp I cannot ping the client from a computer inside the lan, but I have full access to the lan from the client. Thanks
RES: [pfSense Support] RE: Using pfsense together with Microsoft IAS
Hi Markus and Christian, I had the same problems weeks ago...(including the same error messages) I just configured the PFSENSE CAPTIVE PORTAL and SQUID to authenticate at IAS (windows 2003), After a painfull check-up, i found that.. It was the IAS POLICY that was wrong.. Both, captive portal and SQUID, send authentication information to IAS in PAP format with no encryption at all :( So i just changed some features at IAS POLICY and it worked! Things to check at Microsoft IAS: 1. At IAS- RADIUS CLIENT: be sure that you have the PFSENSE IP address here! 2. at IAS, after creating the PFSENSE address, enter in the properties of it and check if the CLIENT VENDOR is set to use RADIUS STANDARD. I'm supposing that your shared-key is OK, as you said... 3. at IAS, REMOTE ACCESS POLICY, check at the AUTHENTICATION TAB if Unencrypted authentication is lit. 4. at IAS, at the ENCRYPTION TAB, check if the NO ENCRYPTION is Lit. Well, i hope it can help you guys... Sincerely, Hugs. Fabrício Guzzy. Fabrício Ferreira Espec. T.I. e Segurança Digital. MCP* - Microsoft Certified Professional ConnectCom - São Paulo - Brasil Tel: (011) 5095-1234 Cel: (011) 9937-6605 E-mail: [EMAIL PROTECTED] O conteúdo deste documento está restrito ao interesse das partes e não devera ser divulgado,transcrito ou modificado sem a autorização do seu emitente. The content of this document is restricted to the interest of the parts and can not be divulged,transcript or modified without the authorization of the sender -Mensagem original- De: Christian Veith [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 25 de abril de 2007 15:40 Para: support@pfsense.com Assunto: Re: [pfSense Support] RE: Using pfsense together with Microsoft IAS Hi Markus, it´s long time ago i wrote that tutorial, but maybe i could help you. Could you verify some things ? 1. Are there any checked values except PAP in the New remote Access Profile Policy Wizard / Edit Profile Dialog Box ? 2. Is the User allowed to do Ras Dial-in (in the User Preferences) ? 3. Could you post some of the Eventlog Entries from the Windows Server and the Syslogs from pfsense ? 4. Are you using the Active Directory in Native 2003 Mode or in Mixed Mode with pre 2000 Domain Controllers ? 5. Do you have registered the IAS in Active Directory ? Kind regards Christian Veith Strickler, Markus schrieb: Hello, We just configured pfsense as a RADIUS client for a Microsoft IAS (Windows 2003), in order to provide some hotspot-like WLAN environment. On the matching IAS access profile, we specified PAP as authentication type, and confirmed several times that the shared secret is right. Authentication requests are passed on to IAS alright - but IAS event id 2, reason code 16 (unknown username / password) are logged all the time, even if the user/password combinations are 100% correct. The usernames are recognized - no matter whether entered as username, domain\username or username@domain , and the policy is matched, but the credentials are judged incorrect by IAS. What am I missing here? Do I have to flag the Message Authenticator, for RADIUS? I followed the tutorial on http://pfsense.loquefaltaba.com/tutorials/cp_config/radius_win2k3.htm precisely, but can't find any hints on authentication/encryption... Thank you for your help, Best regards, Markus Strickler -- -- _Legal Notice:_ The information in this electronic transmission may contain confidential or legally privileged information and is intended solely for the individual(s) named above. If you are not an intended recipient or an authorized agent, you are hereby notified that reading, distributing, or otherwise disseminating, copying or taking any action based on the contents of this transmission is strictly prohibited. Any unauthorized interception of this transmission is illegal under law. If you have received this transmission in error, please notify the sender by telephone [at the number indicated above/on +41 44 928 0101] as soon as possible and then destroy all copies of this transmission. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] BEGIN:VCARD VERSION:2.1 N:Ferreira;Fabricio FN:Fabricio Ferreira ORG:Connectcom;Networking TITLE:T.I. leadership TEL;WORK;VOICE:(11) 5095-1234 TEL;HOME;VOICE:5095-1234 TEL;CELL;VOICE:(11) 9937-6605 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;Connectcom;R. S=EDlvia, 110 - 1=BA e 13=BA andar=0D=0ABela Vista;S=E3o Paul= o;SP;01331-010;Brazil LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Connectcom=0D=0AR. S=EDlvia, 110 - 1=BA e 13=BA andar=0D=0ABela Vista=0D=0AS= =E3o Paulo, SP 01331-010=0D=0ABrazil EMAIL;PREF;INTERNET:[EMAIL PROTECTED]