Re: [pfSense Support] PPPOE Connection / Packages are getting lost
Why is your trace to snort bouncing back and forth? 14 63.240.198.67 (63.240.198.67) 177.605 ms 63.240.197.134 (63.240.197.134) 179.209 ms 63.240.198.67 (63.240.198.67) 176.753 ms 15 * 63.240.198.67 (63.240.198.67) 179.625 ms * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * *
Re: [pfSense Support] Static routes over IPSec
I had to do the exact same thing. I have a pfsense box at home and a test pfsense box at work. (great work btw folks, love pfsense) I have 6 different subnets and had to build a tunnel for each one. I wish there was a way to build one tunnel and then just add static routes to the various subnets. (i don't have static ip's at home so every once in a while i need to change the ip on the tunnels) I worked with Checkpoint FW-1 a few years ago (on Solaris) and had to add the routes to various subnets at the Solaris command line and then add the routes via the gui. Actually had a script that would add the routes in the event of a reboot of the firewall. I wonder if pfsense could work this way? On 3/28/06, Holger Bauer [EMAIL PROTECTED] wrote: I'm not sure if pfSense can route over IPSEC (haven't tested that) but in case it can't do that here is another way that will work (I have m0n0s running with that kind of setup):You have to create 2 parallel tunnels. The problem is that both tunnels are terminated between the same public IPs. To get the traffic of both tunnels seperated you must use a different identifier for each tunnel. Create preshared keys at both ends for both tunnels and use the unique identifiers for both tunnels. Otherwise the traffic will get mixed up. Tunneldefinitions:local subnet 192.168.1.x - remote subnet 192.168.19.x, identifier to.lan.local secret secret1local subnet 192.168.1.x - remote subnet 10.0.0.x, identifier to.dmz.local secret secret2I even use this kind of setup to route from location1 to location3 via location2 with no direct link between location1 and location3. You can combine this with static routes at the pfSense where the traffic leaves the tunnel if needed btw to reach subnets via another gateway. Holger -Original Message- From: Jason J Ellingson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 29, 2006 12:09 AM To: support@pfsense.com Subject: [pfSense Support] Static routes over IPSec I guess I'm encountering a mental block on how to do this... Can anyone help? I have two pfSense boxes in different locations (and obviously on the Internet). I have a LAN to LAN IPSec between them. 192.168.1.x - 192.168.19.x The far pfSense box also has a DMZ/OPT1 network: 10.0.0.x Is there a way to have traffic from my 192.168.1.x network go over the IPSec tunnel to talk to the 10.0.0.x network? Perhaps I need to look at establishing a second IPSec tunnel? 192.168.1.x - 10.0.0.x I have tried setting up a static route on the local box (192.168.1.x) that points 10.0.0.x traffic to gateway of 192.168.1.1 (remote LAN gateway), but that didn't seem to work. Thanks all! - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]Virus checked by G DATA AntiVirusKit -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-- got root?
[pfSense Support] 0.90a beeps
HAHA, I just upgraded to 0.90a and noticed the new beeps. I saw the thread eralier about it, but didn't really follow it. Good jorb!-- got root?
Re: [pfSense Support] dhcpclient Invalid lease option - ignoring offer
Is it possible to edit the dhclient.conf and comment out the Domain Name request? I can't even read the file: # ls -al dhclient.conf lrwxr-xr-x 1 root wheel 22 Sep 28 06:42 dhclient.conf - /var/etc/dhclient.conf # more /var/etc/dhclient.conf /var/etc/dhclient.conf: No such file or directory # ls -l /var/etc/dhclient.conf ls: /var/etc/dhclient.conf: No such file or directory # cd /var/etc # ls -l total 18 -rw--- 1 root wheel 1495 Sep 28 07:26 cert.pem -rw-r--r-- 1 root wheel 15 Sep 28 06:42 defaultdomain.conf -rw-r--r-- 1 root wheel 89 Sep 28 07:26 hosts drwxr-xr-x 2 root wheel 512 Sep 28 06:42 mpd-vpn -rw--- 1 root wheel 30 Sep 28 19:59 psk.txt -rw-r--r-- 1 root wheel 568 Sep 28 19:59 racoon.conf -rw-r--r-- 1 root wheel 70 Sep 28 07:26 resolv.conf -rw--- 1 root wheel 0 Sep 28 19:59 sasyncd.conf -rw-r--r-- 1 root wheel 0 Sep 28 07:26 slbd.conf -rw-r--r-- 1 root wheel 306 Sep 28 19:59 spd.conf -rw-r--r-- 1 root wheel 490 Sep 28 07:26 syslog.conf # On 9/29/05, Jeff Quinonez [EMAIL PROTECTED] wrote: OK, more info... Did a fresh install of 85.6 and I get the same DHCP error. Basically it barfs on a DHCP offer option 15: Option 15: Domain Name = domain_not_set.invalid (from Ethereal sniff) And in the pfsense system log: dhclient[3538]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) dhclient[3538]: Invalid lease option - ignoring offer dhclient[3538]: Invalid lease option - ignoring offer dhclient[3538]: packet_to_lease failed. dhclient[3538]: No DHCPOFFERS received. And if I try to add domain_not_set.invalid to the domain name in pfsense I get: The following input errors were detected: * The domain may only contain the characters a-z, 0-9, '-' and '.'. This is SBC/Yahoo DSL and XP handles the DHCP offer fine. Earlier versions of pfsense also handled it fine. Did the BSD crew rewrite dhcpclient? I did see some grumblings around the Internets. On 9/27/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 9/27/05, Jeff Quinonez [EMAIL PROTECTED] wrote: Anyway, I downgraded to 70.4 and all is well. Manual upgrade to 85.4 and I have the same issue of not getting a DHCP address and the same errors. Also, after the 85.4 update if I go to Manual Update I get Unable to Receive Version Info. I'll look into this DHCP error a little later, as I have seen this in some BSD forums. I have an extra box so I'll try to recreate the issue. Keep up the good work. :-)Thanks, that would be a _HUGE_ help!Scott-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] -- got root? -- got root?
Re: [pfSense Support] dhcpclient Invalid lease option - ignoring offer
OK, more info... Did a fresh install of 85.6 and I get the same DHCP error. Basically it barfs on a DHCP offer option 15: Option 15: Domain Name = domain_not_set.invalid (from Ethereal sniff) And in the pfsense system log: dhclient[3538]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) dhclient[3538]: Invalid lease option - ignoring offer dhclient[3538]: Invalid lease option - ignoring offer dhclient[3538]: packet_to_lease failed. dhclient[3538]: No DHCPOFFERS received. And if I try to add domain_not_set.invalid to the domain name in pfsense I get: The following input errors were detected: * The domain may only contain the characters a-z, 0-9, '-' and '.'. This is SBC/Yahoo DSL and XP handles the DHCP offer fine. Earlier versions of pfsense also handled it fine. Did the BSD crew rewrite dhcpclient? I did see some grumblings around the Internets. On 9/27/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 9/27/05, Jeff Quinonez [EMAIL PROTECTED] wrote: Anyway, I downgraded to 70.4 and all is well. Manual upgrade to 85.4 and I have the same issue of not getting a DHCP address and the same errors. Also, after the 85.4 update if I go to Manual Update I get Unable to Receive Version Info. I'll look into this DHCP error a little later, as I have seen this in some BSD forums. I have an extra box so I'll try to recreate the issue. Keep up the good work. :-)Thanks, that would be a _HUGE_ help!Scott-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-- got root?
Re: [pfSense Support] dhcpclient Invalid lease option - ignoring offer
Anyway, I downgraded to 70.4 and all is well. Manual upgrade to 85.4 and I have the same issue of not getting a DHCP address and the same errors. Also, after the 85.4 update if I go to Manual Update I get Unable to Receive Version Info. I'll look into this DHCP error a little later, as I have seen this in some BSD forums. I have an extra box so I'll try to recreate the issue. Keep up the good work. :-)On 9/25/05, Jeff Quinonez [EMAIL PROTECTED] wrote:Sorry, should have included that: # ls -la /var/etc/dhclient.conf lrwxr-xr-x 1 root wheel 18 Sep 25 08:10 /var/etc/dhclient.conf - /etc/dhclient.conf # file /etc/dhclient.conf /etc/dhclient.conf: broken symbolic link to `/var/etc/dhclient.conf' # ls -la /etc/dhclient.conf lrwxr-xr-x 1 root wheel 22 Sep 25 15:26 /etc/dhclient.conf - /var/etc/dhclient.conf On 9/25/05, Scott Ullrich [EMAIL PROTECTED] wrote: please do:ls -la /var/etc/dhclient.confls -la /etc/dhclient.confScottOn 9/25/05, Jeff Quinonez [EMAIL PROTECTED] wrote: Also: # more dhclient.confdhclient.conf: Too many levels of symbolic links# On 9/25/05, Jeff Quinonez [EMAIL PROTECTED] wrote: Here is what I am seeing in the logs, thanks: Sep 25 06:41:42 dhclient[7846]: DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13 Sep 25 06:41:42 dhclient[7846]: DHCPOFFER from 192.168.0.1 Sep 25 06:41:42 dhclient[7846]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) Sep 25 06:41:42 dhclient[7846]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) Sep 25 06:41:42 dhclient[7846]: Invalid lease option - ignoring offer Sep 25 06:41:42 dhclient[7846]: Invalid lease option - ignoring offer Sep 25 06:41:42 dhclient[7846]: packet_to_lease failed. On 9/24/05, Scott Ullrich [EMAIL PROTECTED] wrote: Can you please send any logs from dhcp.This really isn't enough information to go on. Thanks. Scott On 9/24/05, Jeff Quinonez [EMAIL PROTECTED] wrote:After upgrading to 85 I cannot get an IP address on my WAN interface usingDSL. --got root? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- got root? -- got root? -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] -- got root? -- got root?
Re: [pfSense Support] dhcpclient Invalid lease option - ignoring offer
Here is what I am seeing in the logs, thanks: Sep 25 06:41:42 dhclient[7846]: DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13 Sep 25 06:41:42 dhclient[7846]: DHCPOFFER from 192.168.0.1 Sep 25 06:41:42 dhclient[7846]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) Sep 25 06:41:42 dhclient[7846]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) Sep 25 06:41:42 dhclient[7846]: Invalid lease option - ignoring offer Sep 25 06:41:42 dhclient[7846]: Invalid lease option - ignoring offer Sep 25 06:41:42 dhclient[7846]: packet_to_lease failed.On 9/24/05, Scott Ullrich [EMAIL PROTECTED] wrote: Can you please send any logs from dhcp.This really isn't enoughinformation to go on. Thanks.ScottOn 9/24/05, Jeff Quinonez [EMAIL PROTECTED] wrote: After upgrading to 85 I cannot get an IP address on my WAN interface using DSL. -- got root?-To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]-- got root?
Re: [pfSense Support] dhcpclient Invalid lease option - ignoring offer
Sorry, should have included that: # ls -la /var/etc/dhclient.conf lrwxr-xr-x 1 root wheel 18 Sep 25 08:10 /var/etc/dhclient.conf - /etc/dhclient.conf # file /etc/dhclient.conf /etc/dhclient.conf: broken symbolic link to `/var/etc/dhclient.conf' # ls -la /etc/dhclient.conf lrwxr-xr-x 1 root wheel 22 Sep 25 15:26 /etc/dhclient.conf - /var/etc/dhclient.conf On 9/25/05, Scott Ullrich [EMAIL PROTECTED] wrote: please do:ls -la /var/etc/dhclient.confls -la /etc/dhclient.confScottOn 9/25/05, Jeff Quinonez [EMAIL PROTECTED] wrote: Also: # more dhclient.confdhclient.conf: Too many levels of symbolic links# On 9/25/05, Jeff Quinonez [EMAIL PROTECTED] wrote: Here is what I am seeing in the logs, thanks: Sep 25 06:41:42 dhclient[7846]: DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13 Sep 25 06:41:42 dhclient[7846]: DHCPOFFER from 192.168.0.1 Sep 25 06:41:42 dhclient[7846]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) Sep 25 06:41:42 dhclient[7846]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid) Sep 25 06:41:42 dhclient[7846]: Invalid lease option - ignoring offer Sep 25 06:41:42 dhclient[7846]: Invalid lease option - ignoring offer Sep 25 06:41:42 dhclient[7846]: packet_to_lease failed. On 9/24/05, Scott Ullrich [EMAIL PROTECTED] wrote: Can you please send any logs from dhcp.This really isn't enough information to go on. Thanks. Scott On 9/24/05, Jeff Quinonez [EMAIL PROTECTED] wrote:After upgrading to 85 I cannot get an IP address on my WAN interface usingDSL. --got root? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- got root? -- got root? -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-- got root?
