[pfSense Support] Using Limiters for Bandwidth Guarantees
Hi, I have a pfsense 2.0 machine with 3 NIC ports a WAN interface, LAN inteface and OPT1 interface and would like to configure it so the bandwidth coming from my WAN interface is shared equally on the LAN and OPT1 interface like for example 2M coming in to my WAN I would like to split it up into 1M to my LAN and the other 1M to my OPT1 interface. At the moment doing a speed test from the LAN interface i'm getting *1.84M*download speed and *1.96M* upload speed as from the OPT1 interface i'm getting *1.82M* download speed and *1.39M* upload speed. Appreciate any assistance to achieve the above bandwidth limit guaranteed. Thanks Joseph.
[pfSense Support] fail update package on pfsense 1.2.3
Hi, i've been trying to run this command pkg_add -r samba3 on my pfsense 1.2.3 but keep on getting the following error: Error:FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/samba3.tbz: File unavailable (e.g., file not found, no access) Error:FTP Unable to fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/samba3.tbz: by URL Strange because it when well on my first attempt on a different machine now after i tried on another machine it gives the above error message. Has anyone experience this or how can i have a fix to the problem. Regards Joseph.
[pfSense Support] restart command
Hi, i've been searching in the internet for a linux command that can send a restart command to a windows PC, i'm not quite sure if this could be achieved but i'm having a pfsense 1.2.3 box that is connected to 10 PC's in a LAN and i'm just trying to build up a sequence here on how could each PC on the LAN restart itself after ending their internet session. Something similar to TCP/IP ports when the internet sesion is ended from pfsense each TCP/IP port activate a command to tell the PC to restart. I have been trying some batch file or DOS command process but could not complete the requirements. Has anyone ever tried this application before. Appreciate any advise on how I could test it out. Thanks Joseph.
[pfSense Support] Joseph Rotan wants to chat
--- Joseph Rotan wants to stay in better touch using some of Google's coolest new products. If you already have Gmail or Google Talk, visit: http://mail.google.com/mail/b-2bfd6701ac-4cf7588891-jhlPdebslXhLdOb6csJmlzhF0b0 You'll need to click this link to be able to chat with Joseph Rotan. To get Gmail - a free email account from Google with over 2,800 megabytes of storage - and chat with Joseph Rotan, visit: http://mail.google.com/mail/a-2bfd6701ac-4cf7588891-jhlPdebslXhLdOb6csJmlzhF0b0 Gmail offers: - Instant messaging right inside Gmail - Powerful spam protection - Built-in search for finding your messages and a helpful way of organizing emails into conversations - No pop-up ads or untargeted banners - just text ads and related information that are relevant to the content of your messages All this, and its yours for free. But wait, there's more! By opening a Gmail account, you also get access to Google Talk, Google's instant messaging service: http://www.google.com/talk/ Google Talk offers: - Web-based chat that you can use anywhere, without a download - A contact list that's synchronized with your Gmail account - Free, high quality PC-to-PC voice calls when you download the Google Talk client We're working hard to add new features and make improvements, so we might also ask for your comments and suggestions periodically. We appreciate your help in making our products even better! Thanks, The Google Team To learn more about Gmail and Google Talk, visit: http://mail.google.com/mail/help/about.html http://www.google.com/talk/about.html (If clicking the URLs in this message does not work, copy and paste them into the address bar of your browser). - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Blocking sites and Allowing sites on pfsense 1.2.3
Hi Jim, could you please advise where I can download squid tool from and will it work with my pfsense setup. Joseph. On Tue, Nov 23, 2010 at 12:38 PM, Jim Cheetham j...@inode.co.nz wrote: On 23/11/10 11:36, Joseph Rotan wrote: For example on the attached Network setup if I only want the Terminal PC and the client PC's that are connected to the access point only to access www.google.com and not to access other websites how could i do this from the firewall rules on IP address level. You can't reliably allow/block access to a website identified by name, using IP address-related tools. You cannot meaningfully answer the question what is the IP address of www.google.com? You need to have an HTTP proxy in there, such as squid. Squid has tools for doing things like this. -jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Lockdown software for PrePaid Internet LAN
Hi Stephen, could this be implemented on Windows apllication, can you please advise on how can we implement this. I would like to try it out one of my Internet cafe site as similar to your internet kiosk. Looking forward to your most supportive response. Cheers Joseph On Sat, Oct 30, 2010 at 5:03 AM, stephen at stephenjc step...@stephenjc.com wrote: Thinking of the old Novell days, you can write your own interface and replace the shell=explorer.exe in the registry. I would be thinking of a simple locking interface and application list and you can reset anything you want while you reset the connection. I have done similar things for internet kiosks by replaced shell= to the kiosk browser. Thanks, Stephen C -All of my email addresses go to the same place -Save Paper, think before you print On Thu, Oct 28, 2010 at 9:08 PM, Joseph Rotan joseph.ro...@gmail.comwrote: Hi, I've been searching for a right lockdown software that could function properly with my pfsense LAN setup since testing with various lockdown software all of my results are unsuccesful. As from the attached PrePaid Internet LAN setup on visio and word document the PC's on the LAN access internet through a portal access on pfsense when they double click on the Internet browser and a login page comes that they need to enter a voucher number to access internet, could there be a software that will locked the PC's on the LAN that will only display on the screen to enter a voucher number it will gain access to the PC so a customer can then access the PC and double click on internet it will direct them to the internet. This software is similar to a lockdown PC software but should be controlled from the pfsense box and if a customer clicks on logout session from the internet the PC should automatically restart itself to clear all browsing history and caches. Awaiting any advise on how could i start implementing the setup. Thanks Joseph. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense 1.2.3 Captive portal File Manager
Hi, has anyone tried loading a .png file format to pfsense 1.2.3 captive portal File Manager since only .jpg file format is only allowed. I'm having a .png file in which i would like to use since it displays on my login .html page perfectly, can anyone advise how could we allow other picture formats apart from .jpg file formats to be allowed in the File Manager in captive portal. Thanks Joseph.
[pfSense Support] Wireless Access Point
Hi, i have a setup on pfsense 1.2.3 and have configured a VPN PPTP remote access and have sucessfully accessing the box remotely and can RDP to the connected PC's on the LAN. Also on the remote LAN we have a wireless access point installed that also broadcast Prepaid Internet access, is there a possibilty to access the Access point through the pfsense box remotely. Thanks, Joseph.
[pfSense Support] Creating a PPTP connection through PUTTY
Hi, i'm trying to create a PPTP connection to one of my pfsense site through PUTTY, is it possible to do this. Appreciate any advise. Thanks, Joseph.
Re: [pfSense Support] How to view logs on pfsense 1.2.3 using putty
Bula Aarno, thanks for the tip, but i'm a bit confused on the logs displayed below: Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from 220.189.230.151 port 48088 ssh2 Jun 7 23:13:31 pfSense sshd[7810]: Failed password for root from 220.189.230.151 port 48910 ssh2 Jun 7 23:13:34 pfSense sshd[7813]: Failed password for root from 220.189.230.151 port 49352 ssh2 Jun 7 23:13:36 pfSense sshd[7827]: Failed password for root from 220.189.230.151 port 50339 ssh2 Jun 7 23:13:42 pfSense sshd[7831]: Failed password for root from 220.189.230.151 port 50994 ssh2 # Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from 220.189.230.151 port 48088 ssh2 I can't understand what the above logs are, can you please advise how can i view the captive portal logins or what will be the command on the shell to view it. Appreciate your assistance. Regards, Joseph. On Mon, Jun 7, 2010 at 7:00 PM, Aarno Aukia aarnoau...@gmail.com wrote: Hi Joseph, On Mon, Jun 7, 2010 at 06:05, Joseph Rotan joseph.ro...@gmail.com wrote: I have already active ssh on one of my pfsense 1.2.3 site box and sometimes i'm having dropoff connections through PPTP, therefore i have manage to access the box using PUTTY with a more steady connection. But how can i view the logs history using PUTTY, has anyone tried using it. Dial 8 for shell and then clog /var/log/system.log. -Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to view logs on pfsense 1.2.3 using putty
Hi, here's another logs from another site: Jun 8 08:39:01 pfsense sshd[32290]: Invalid user emma from 125.208.2.125 Jun 8 08:39:01 pfsense sshd[32290]: Failed password for invalid user emma from 125.208.2.125 port 56664 ssh2 Jun 8 08:39:05 pfsense sshd[32293]: Invalid user emma from 125.208.2.125 Jun 8 08:39:05 pfsense sshd[32293]: Failed password for invalid user emma from 125.208.2.125 port 57649 ssh2 Jun 8 08:39:08 pfsense sshd[32295]: Invalid user emma from 125.208.2.125 Jun 8 08:39:08 pfsense sshd[32295]: Failed password for invalid user emma from 125.208.2.125 port 58690 ssh2 Jun 8 08:39:12 pfsense sshd[32298]: Invalid user olivia from 125.208.2.125 Jun 8 08:39:12 pfsense sshd[32298]: Failed password for invalid user olivia fro m 125.208.2.125 port 59678 ssh2 Jun 8 08:39:15 pfsense sshd[32370]: Invalid user olivia from 125.208.2.125 Jun 8 08:39:15 pfsense sshd[32370]: Failed password for invalid user olivia fro m 125.208.2.125 port 60673 ssh2 Jun 8 08:39:19 pfsense sshd[32382]: Invalid user olivia from 125.208.2.125 Jun 8 08:39:19 pfsense sshd[32382]: Failed password for invalid user olivia fro m 125.208.2.125 port 61798 ssh2 Jun 8 08:39:23 pfsense sshd[32384]: Invalid user madison from 125.208.2.125 Jun 8 08:39:23 pfsense sshd[32384]: Failed password for invalid user madison fr om 125.208.2.125 port 62755 ssh2 Jun 8 08:39:26 pfsense sshd[32387]: Invalid user madison from 125.208.2.125 Jun 8 08:39:26 pfsense sshd[32387]: Failed password for invalid user madison fr om 125.208.2.125 port 63789 ssh2 Jun 8 08:39:31 pfsense sshd[32390]: Invalid user madison from 125.208.2.125 Jun 8 08:39:31 pfsense sshd[32390]: Failed password for invalid user madison fr om 125.208.2.125 port 64785 ssh2 How can i block all this invalid users from attempting to access my pfsense through SSH. Thanks, Joseph. On Mon, Jun 7, 2010 at 11:53 PM, Yehuda Katz yeh...@ymkatz.net wrote: On Mon, Jun 7, 2010 at 7:27 AM, Joseph Rotan joseph.ro...@gmail.comwrote: Bula Aarno, thanks for the tip, but i'm a bit confused on the logs displayed below: Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from 220.189.230.151 port 48088 ssh2 Jun 7 23:13:31 pfSense sshd[7810]: Failed password for root from 220.189.230.151 port 48910 ssh2 Jun 7 23:13:34 pfSense sshd[7813]: Failed password for root from 220.189.230.151 port 49352 ssh2 Jun 7 23:13:36 pfSense sshd[7827]: Failed password for root from 220.189.230.151 port 50339 ssh2 Jun 7 23:13:42 pfSense sshd[7831]: Failed password for root from 220.189.230.151 port 50994 ssh2 # Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from 220.189.230.151 port 48088 ssh2 I can't understand what the above logs are, can you please advise how can i view the captive portal logins or what will be the command on the shell to view it. I don't know anything about logs for the captive portal, but those lines from the log indicate that someone tried to log in to your pfSense using SSH (Putty or similar program) and got the password wrong. If that person was not you (and you can find your IP address by going to http://checkip.dyndns.org), then you may want to block that IP address from accessing SSH. I always recommend when I set up pfSense that the port for SSH be changed to prevent automated password guessing; I use port 2292. That setting is under System-Advanced (don't forget to adjust your firewall rule). - YK
[pfSense Support] How to view logs on pfsense 1.2.3 using putty
Hi, I have already active ssh on one of my pfsense 1.2.3 site box and sometimes i'm having dropoff connections through PPTP, therefore i have manage to access the box using PUTTY with a more steady connection. But how can i view the logs history using PUTTY, has anyone tried using it. Appreciate any advise. Thanks, Joseph.
[pfSense Support] Web Browsing Access Problems
Hi, i'm currently using pfsense 1.2.3 and just recently i'm having problems accessing other websites as for now i can only access google website, i thought the problem has to do with my PC but when i access internet without going through pfsense i can access one than one internet sites. Is there anyone ever come across the problem or any hint to solve this issue. Thanks, Joseph.
[pfSense Support] How to apply rule on pfsense 1.2.3 to block pornography sites
Hi, I'm setting up a firewall for a high school but the school management requested that students should not able to access pornography sites, currently i have enabled any any rule on the WAN and LAN interface of my box. Is there anyone can help me out in on how to apply a rule that will block students from accessing pornography sites. Appreciate any help. Thanks, Joseph.
Re: [pfSense Support] pfsense 1.2.3 Firewall NAT
Hi Catalin, i'm currently not familiar with with openvpn as i'm using PPTP, i'll try this but i really want to use PPTP. Thanks for the help will get back to you if there are issues. Regards, Joseph. On Mon, May 17, 2010 at 9:01 PM, Catalin A. rnes...@gmail.com wrote: Hi Josep, A. For VPN config make this: 1. Configure a Port Forward from IP 245.7.10.160 port 1194 (openvpn default port) to IP 172.16.4.2 port 1194. This config is NOT for Pfsense, it is for a equipment whith IP 245.7.10.160 (this is only accesible from internet). 2. Configure a vpn server an the Custom Option put: code push route 192.168.X.0 255.255.255.0 /code. Where 192.168.X.0 is your subnet LAN address behind Pfense. B. Pfsense not need the custom configuration for NAT-ing (it's done by default config). Best Regards, Catalin. On Mon, May 17, 2010 at 4:28 AM, Joseph Rotan joseph.ro...@gmail.comwrote: Hi, I have a pfsense that is connected via satellite link (VTSAT) on a remote site, but i'm having problems trying to configure VPN on it since there is a different static IP address assign to my WAN interface that corresponse to the public IP address: My IP address details as follows: WAN IP 172.16.4.2 Subnet mask 255.255.255.252 Default gateway 172.16.4.1 The public IP address that corresponse to my pfsense WAN IP is 245.7.10.160 Is there anyone who can guide me in setting up a NAT on my pfsense 1.2.3 Appreciate any help. Thanks, Joseph.
[pfSense Support] pfsense 1.2.3 Firewall NAT
Hi, I have a pfsense that is connected via satellite link (VTSAT) on a remote site, but i'm having problems trying to configure VPN on it since there is a different static IP address assign to my WAN interface that corresponse to the public IP address: My IP address details as follows: WAN IP 172.16.4.2 Subnet mask 255.255.255.252 Default gateway 172.16.4.1 The public IP address that corresponse to my pfsense WAN IP is 245.7.10.160 Is there anyone who can guide me in setting up a NAT on my pfsense 1.2.3 Appreciate any help. Thanks, Joseph.
Re: [pfSense Support] Noob missing something
Hi, can someone guide me where to download pfsense 2.0 from i'm access www.pfsense.org but unable to locate version 2.0 from the download option. Appreciate urgent help on this as i really what to test and compare it with pfsense 1.2.3. Thanks, Joseph. On Sun, Apr 25, 2010 at 9:11 AM, David Miller dmil.pfsen...@metheus.orgwrote: Using 2.0beta from 4-18 WAN network is 10.0.1.0/24, pfsense interface is 10.0.1.50 LAN network is 172.30.0.0/24, pfsense interface is 172.30.0.1 I have one client on the LAN side at 172.30.0.17. I'm testing a trivial setup with a pfsense firewall between the client and my internal lan. I setup a 1:1 NAT between 10.0.1.17 and 172.30.0.17. I setup a firewall rule to allow traffic of type any from * to 10.0.1.17 on the WAN interface. Also, to be sure, added one to 172.30.0.17. Save, applied changes. I expected this to allow access for any ports from the 10.0.1.0 network to the server sitting at .17. I also expected that server to be able to use the pfsense box as its default gateway and to have access to boxes on the 10.0.1.0 network. I get no access in either direction. Outbound connections fail, as do internal connections. If I'm on 172.30.0.17 and I ping 10.0.1.194, tcpdump shows the incoming echo request, followed by an arp request by 10.0.1.194 for 10.0.1.17. I'm sure I'm missing something st00pid, but I've been trying to get this working for a couple of days and don't see what I'm doing wrong. Hints, pointers, FM to RT very welcome indeed. Thanks, --- David - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Bula Tim, any help on how could i connect to the client PC's on my pfsense LAN interface as current i set my LAN interface to DHCP pool address. Joseph. On Sat, Apr 3, 2010 at 6:28 PM, Tortise tort...@paradise.net.nz wrote: - Original Message - From: Tim Dickson To: supp...@pfsense.comsent: Saturday, April 03, 2010 5:36 PM Subject: RE: [pfSense Support] VPN LAN TO LAN Errr.. After all that - forgot to change the TO: . sorry list! Well I for one appreciate your comments and advice cause this is where probably many of us advance our learning so thank you! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Tim, if you are saying PPTP not being the most secure means of VPN which VPN i sthe most secure to use ??? As currently I'm having PPTP just to login remotely to other sites and check for maintenence or other associates problems. Any advise on having a secure VPN tunneling. Cheers, Joseph. On Fri, Apr 2, 2010 at 10:54 AM, Tim Dickson tdick...@aubergeresorts.comwrote: well strange because i can access my box with the following http://IPhttp://ip/address:443 how is it possible as you you've said it should be https://IP https://ip/ address:443 If you setup HTTP as port 443 I this would work - kind of goes against web standards - but it's your box :) - you probably just didn't tick HTTPS as the protocol So i can use any port nubers as you've said , this will gurantee my PPTP tunneling secure ??? Yes - System | General Setup As for PPTP - totally different thing, and you'll need to open those ports as well. PPTP not being the most secure means of VPN - but probably sufficient for your needs. As for purchasing the pfsense book is it poosible to send money through wired transfer like western union money transfer then the book is send to my postal address ??? Standard Amazon billing applies - not sure if they do wire transfers... This may help? http://www.amazon.com/gp/help/customer/display.html/ref=help_search_1-1?ie=UTF8nodeId=15399401qid=1270158715sr=1-1 Can you purchase a prepaid visa gift card at a local market? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Tim, well strange because i can access my box with the following http://IPhttp://ip/address:443 how is it possible as you you've said it should be https://IP https://ip/ address:443 So i can use any port nubers as you've said , this will gurantee my PPTP tunneling secure ??? Thanks for the avise i will try on our test lab then see how it goes before implementing out on our live network. As for purchasing the pfsense book is it poosible to send money through wired transfer like western union money transfer then the book is send to my postal address ??? Here in Fiji only limited people have visa cards as for me I don't have a visa card, sure I can buy the book but do not have the resource to purchase the book online. Any possible help if i send the money through wire transfer ??? Joseph. On Fri, Apr 2, 2010 at 5:05 AM, Tim Dickson tdick...@aubergeresorts.comwrote: If you left the HTTPS port in the config to 443 it would be https://IPhttps://ip/ If you made it another port (say ), you'll want to open that port in your firewall and put https://IP: https://ip:/ It sounds like the pfsense book would be a good companion for you! http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/0979034280/ref=sr_1_1?ie=UTF8s=booksqid=1270137863sr=8-1 Well worth the 30 bucks, and you'll come away understanding your network infinitely better. From: Joseph Rotan [mailto:joseph.ro...@gmail.com] Sent: Wednesday, March 31, 2010 7:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] VPN LAN TO LAN OK, i've Enable HTTPS(443) on the WAN interface of my pfsense box; then how could I access my box remotely through internet is it https://ipaddress:443 Correct me if i'm wrong as looks like i could not access my box using https(443) what went wrong that i could not access by pfsense box. Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.com wrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
OK, i've Enable HTTPS(443) on the WAN interface of my pfsense box; then how could I access my box remotely through internet is it https://ip address:443 Correct me if i'm wrong as looks like i could not access my box using https(443) what went wrong that i could not access by pfsense box. Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.comwrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi, many thanks to pfsense support as I have able to configure 3 of my pfsense sites to VPN and accessing them remotely, may be I'll wait to problems come up then see how it goes from there. I have some issue here and whether anyone has come across it..regarding Mozilla internet browser, why is it so slow to access internet through the pfsense box even my pop up logoff window takes so much time to disconnect my internet session when logging off. Any help from you guys. Regards, Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.comwrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi Udo, i want : LAN --- PFSENSE INTERNET YOU i'm currently configuring PPTP on my pfsense box as currently i'm using http to login to the INTERNET then to my PFSENSE any hint on how to apply https over the INTERNET to my PFSENSE box ??? and how could i access my LAN (clients PC) Cheers, Joseph. On Fri, Mar 26, 2010 at 9:45 AM, Udo Müller deb...@cs-ol.de wrote: Hi Joseph, Am 25.03.10 20:53, schrieb Joseph Rotan: thanks very much for the hint as i've managed to create a VPN tunnel to my pfsense box on an ADSL network, after reading a documentation on openvpn website. Great! So you now have a secure tunnel to your pfsense box. However i have a few worries in securing my VPN tunnel; Why do you want to secure your secure tunnel? what i have done i that i made a secure and port https login to my pfsense LAN Do you want to secure a connection to your LAN behind the pfsense box (= VPN) or do you want to secure the http access to your pfsense box from within the lan? but seems that the web browser came up with an error notifiying an invalid certificate. So i just ignore the notification and went ahead to connect to my pfsense box. Can anyone advise on how to secure my VPN tunneling. What do you want: 1) YOU --- LAN --- PFSENSE OR 2) LAN --- PFSENSE INTERNET YOU If 1: Use https with certs If 2: Use your OpenVPN connection. Hope you understand what you mean. Regards Udo - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi, thanks very much for the hint as i've managed to create a VPN tunnel to my pfsense box on an ADSL network, after reading a documentation on openvpn website. However i have a few worries in securing my VPN tunnel; what i have done i that i made a secure and port https login to my pfsense LAN but seems that the web browser came up with an error notifiying an invalid certificate. So i just ignore the notification and went ahead to connect to my pfsense box. Can anyone advise on how to secure my VPN tunneling. Joseph. On Fri, Mar 19, 2010 at 11:11 PM, Paul Mansfield it-admin-pfse...@taptu.com wrote: On 18/03/10 16:21, Joseph Rotan wrote: Hi, i'm curently jammed in setting up VPN on my pfsense box been reading all the discussion it seems most have achieved a VPN configuration. I not specialise on IT pros but interested to learn. Is there anyone could please help me out in setting up VPN on my pfsense. consider buying the book, and also reading documentation on openvpn website - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi, i'm curently jammed in setting up VPN on my pfsense box been reading all the discussion it seems most have achieved a VPN configuration. I not specialise on IT pros but interested to learn. Is there anyone could please help me out in setting up VPN on my pfsense. Thanks, Joseph. On Sat, Mar 6, 2010 at 7:02 AM, Vick Khera vi...@khera.org wrote: On Wed, Mar 3, 2010 at 9:28 AM, Rafael Cristian Machado de Avila rcristia...@gmail.com wrote: Also not sure what kind of access will be made between the networks. Example Active Directory, File Server, administrative applications This is one of the main uses we make of pfSense. I have two offices, a data center, and two home offices all linked together via IPsec VPN and pfSense at each point. The offices and data center use fixed endpoints (fixed IP) and the home offices use client mode. In client mode you can only make the connections outbound so if the IPsec circuit is not up, you cannot force it up from the main office, for example. Only a client at the home office can cause it to start up. This is easily worked around using appropriate keepalive settings. You can control what traffic flows to where via the firewall rules under the firewall's IPsec tab. We just leave it open. Over the vpn hops, we run mostly internal HTTP servers, SIP, ssh, and IMAP for mail access to the main office. If you have enough bandwidth to support what your purpose is, pfSense will not be the bottleneck. It is rock solid reliable and has been for years. You will be happy with it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Parameter to modify PPTP inactivity timeout
Hi, i have setup my VPN configuration according to the steps below and have ip address range on 10.0.10.X : Here my gateway is 10.0.20.1 and has a Virtual IP (CARP) 10.0.20.35 wich is the IP I fill the Server address in PPTP. On Remote Address I've filled 10.0.20.208 since the mask is 28. Then i configure VPN setup on my laptop that is connected to the internet and put 10.0.20.1 as a IP adress destination but when i try to connect i get an Error 651. Please advise on how to achieve a correct VPN setup from my laptop or from the pfsense configuration. Thanks, Joseph. On Wed, Jan 20, 2010 at 12:35 AM, Fabio Rampazzo Mathias fmath...@gmail.com wrote: Joseph, 1. Choose VPN - PPTP 2. Mark the option Enable PPTP server 3. Choose a server address (a different IP of your server, be sure it is configured as a Virtual IP) and Remote address range. Here my gateway is 192.168.7.1 and has a Virtual IP (CARP) 192.168.7.35 wich is the IP I fill the Server address in PPTP. On Remote Address I've filled 192.168.7.208 since the mask is 28. 4. Save the configuration 5. Choose the Users tab 6. Add users you want (you don't need to specify an IP address for users). Think it's done. Cya On Tue, Jan 19, 2010 at 12:59 AM, Joseph Rotan joseph.ro...@gmail.comwrote: Hi, after installing pfsense i'm having difficulties configuring VPN PPTP on it is there anyone can help me out it configuring from basic. Joseph. On Fri, Jan 8, 2010 at 11:41 PM, bsd b...@todoo.biz wrote: Hello, Can someone let me know if there is a way to reset the default timeout for PPTP timeout on pfSense. It looks like the default timeout is set to something like 5min and I'd like to a much longer period. Which file / config parameter should I modify ? Thanks. Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Parameter to modify PPTP inactivity timeout
Hi, after installing pfsense i'm having difficulties configuring VPN PPTP on it is there anyone can help me out it configuring from basic. Joseph. On Fri, Jan 8, 2010 at 11:41 PM, bsd b...@todoo.biz wrote: Hello, Can someone let me know if there is a way to reset the default timeout for PPTP timeout on pfSense. It looks like the default timeout is set to something like 5min and I'd like to a much longer period. Which file / config parameter should I modify ? Thanks. Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org