RE: [pfSense Support] PPTP VPN
Hi Chris! Thanks for the reply! I've got a few IP-addresses left. How can I separate the PPTP connections from the normal traffic? I suppose I have to use the gateway and some rule, but do you have more details? Again, thanks! Kind regards, Giljam -Oorspronkelijk bericht- Van: Chris Buechler [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 18 december 2007 1:47 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] PPTP VPN Giljam Koch wrote: > > Hello Richard, > > Thanks for your reply. No. It's still default. I did however conclude > the following: > > When I disable my own PPTP VPN server, the outbound VPN's work again. > Can anyone confirm this? Does this have something to do with this > infamous "GRE connection tracking" issue that FreeBSD/ pfSense has? > Yes. From the new website that'll be live soon: PPTP and GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PPTP VPN
Hmmm... Okay. Thanks for the tip! Regards, Giljam _ Van: Tim Nelson [mailto:[EMAIL PROTECTED] Verzonden: maandag 17 december 2007 16:41 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] PPTP VPN It is a known issue with pfSense and FreeBSD. We've had major problems with this as well. For installations where both outbound and locally terminated PPTP sessions are needed, we have been using monowall which works fine. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 - Original Message - From: "Giljam Koch" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Monday, December 17, 2007 8:32:37 AM (GMT-0600) America/Chicago Subject: RE: [pfSense Support] PPTP VPN Hello Richard, Thanks for your reply. No. It's still default. I did however conclude the following: When I disable my own PPTP VPN server, the outbound VPN's work again. Can anyone confirm this? Does this have something to do with this infamous "GRE connection tracking" issue that FreeBSD/ pfSense has? Regards, Giljam _ Van: Richard Sperry [mailto:[EMAIL PROTECTED] Verzonden: maandag 17 december 2007 14:40 Aan: support@pfsense.com Onderwerp: RE: [pfSense Support] PPTP VPN Did you change the "use default gateway." Richard Sperry Director of Operations WrinkleBrain, Inc. [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 206.729.4799 x13 MCP - Small Business Specialist WOT - Thawte Notary InfraGard - US Homeland Security CONFIDENTIALITY NOTICE: The information in this electronic mail transmission is legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the transmission is strictly prohibited. If you have received this transmission in error, please delete the message and immediately notify us by telephone at 206.729.4799 or by responding to this email. If this email is signed or encrypted you may not forward to another party with out written permission in a signed email. Recycle Notice: This email was sent using recycled electrons. sing From: Giljam Koch [mailto:[EMAIL PROTECTED] Sent: Monday, December 17, 2007 4:57 AM To: support@pfsense.com Subject: [pfSense Support] PPTP VPN Worthy Ladies & Gentemen, I have a very strange problem with some outbound PPTP connections. Some seem to work. Some don't. If I start another PPTP VPN connection first, route the one that did not work through this VPN, it does work though. It looks as though the pfSense firewall blocks something, but I can't seem to figure out what it is. It must be something stupidly simple. Does anyone have any idea?! Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl <http://www.amyyon-more.nl>
RE: [pfSense Support] PPTP VPN
Hello Richard, Thanks for your reply. No. It's still default. I did however conclude the following: When I disable my own PPTP VPN server, the outbound VPN's work again. Can anyone confirm this? Does this have something to do with this infamous "GRE connection tracking" issue that FreeBSD/ pfSense has? Regards, Giljam _ Van: Richard Sperry [mailto:[EMAIL PROTECTED] Verzonden: maandag 17 december 2007 14:40 Aan: support@pfsense.com Onderwerp: RE: [pfSense Support] PPTP VPN Did you change the "use default gateway." Richard Sperry Director of Operations WrinkleBrain, Inc. [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 206.729.4799 x13 MCP - Small Business Specialist WOT - Thawte Notary InfraGard - US Homeland Security CONFIDENTIALITY NOTICE: The information in this electronic mail transmission is legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the transmission is strictly prohibited. If you have received this transmission in error, please delete the message and immediately notify us by telephone at 206.729.4799 or by responding to this email. If this email is signed or encrypted you may not forward to another party with out written permission in a signed email. Recycle Notice: This email was sent using recycled electrons. From: Giljam Koch [mailto:[EMAIL PROTECTED] Sent: Monday, December 17, 2007 4:57 AM To: support@pfsense.com Subject: [pfSense Support] PPTP VPN Worthy Ladies & Gentemen, I have a very strange problem with some outbound PPTP connections. Some seem to work. Some don't. If I start another PPTP VPN connection first, route the one that did not work through this VPN, it does work though. It looks as though the pfSense firewall blocks something, but I can't seem to figure out what it is. It must be something stupidly simple. Does anyone have any idea?! Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl <http://www.amyyon-more.nl> <><>
[pfSense Support] PPTP VPN
Worthy Ladies & Gentemen, I have a very strange problem with some outbound PPTP connections. Some seem to work. Some don't. If I start another PPTP VPN connection first, route the one that did not work through this VPN, it does work though. It looks as though the pfSense firewall blocks something, but I can't seem to figure out what it is. It must be something stupidly simple. Does anyone have any idea?! Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl <http://www.amyyon-more.nl> <>
RE: [pfSense Support] SQUID issue with latest pfSense
Hello Curtis, The moment I turn on the Transparent Proxy option, the performance drops drasticaly. Kind regards, Giljam -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Verzonden: woensdag 12 december 2007 15:53 Aan: support@pfsense.com Onderwerp: [pfSense Support] SQUID issue with latest pfSense Do you have caching enabled? If so, try disabling it and see how fast it is. Additionally, on the traffic management tab, ensure that only the "Throttle only specific extensions" is checked and all other options have either a 0 or are not checked. Curtis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SQUID issue with latest pfSense
Hello Curtis, Thanks for the reply! If you mean disabling it by setting the cache size to 0, then yes, I've also tried it with the cache disabled (is there any other way to disable it?). Only the option "Throttle only specific extensions" is turned on and all other options are unchecked and/ or set to 0. Kind regards, Giljam -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Verzonden: woensdag 12 december 2007 15:53 Aan: support@pfsense.com Onderwerp: [pfSense Support] SQUID issue with latest pfSense Do you have caching enabled? If so, try disabling it and see how fast it is. Additionally, on the traffic management tab, ensure that only the "Throttle only specific extensions" is checked and all other options have either a 0 or are not checked. Curtis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] SQUID issue with latest pfSense
Dear Madam/ Sir, First off I'd like to say that I really like pfSense! It is a very stable and easy to use system with loads of great options! There is one problem I'm facing though: When I install the Squid package and activate the transparent proxy option my 10Mbit fiber internet connection is brought down to about 60kbit/sec (with speedtest). I've reïnstalled the firewall and started from scratch, but still I have the same problem. When I disable the proxy the connection is back to approx. 103000kbit/sec. The machine I'm using is: P4, 3.4 Ghz processor 512MB Memory 40 GB HDD Nic's: 3 x 3Com 100Mbit The CPU, Memory and Disk utilization is close to 0 almost all the time. What am I doing wrong? Do you have any tips? Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl <http://www.amyyon-more.nl> <>
[pfSense Support] SQUID issue with latest pfSense
Dear Madam/ Sir, First off I'd like to say that I really like pfSense! It is a very stable and easy to use system with loads of great options! There is one problem I'm facing though: When I install the Squid package and activate the transparent proxy option my 10Mbit fiber internet connection is brought down to about 60kbit/sec (with speedtest). I've reïnstalled the firewall and started from scratch, but still I have the same problem. When I disable the proxy the connection is back to approx. 103000kbit/sec. The machine I'm using is: P4, 3.4 Ghz processor 512MB Memory 40 GB HDD Nic's: 3 x 3Com 100Mbit The CPU, Memory and Disk utilization is close to 0 almost all the time. What am I doing wrong? Do you have any tips? Met vriendelijke groet, Giljam Koch Systeembeheerder Amyyon Rozenburglaan 3 9727 DL GRONINGEN 050 311 5686 www.amyyon.nl <http://www.amyyon-more.nl> <>