Re: [pfSense Support] Diffrent Gateway Adress ( External )
Thank you for your information I added 1:1 NAT section like bellow I tested same result external gateway not changed. Gateway adresses is 2.2.2.2 What is my mistake ? MAIL 2.2.2.4/32 10.0.1.12/32 mail.mems.metu.edu.tr On Tue, Jun 14, 2011 at 4:02 AM, Vick Khera vi...@khera.org wrote: On Mon, Jun 13, 2011 at 4:03 PM, Koray AGAYA insanad...@gmail.com wrote: I tested external gateway IP on 10.0.1.12, I learned deafult external gateway IP , go to www.whatismyip.com and result ip is 2.2.2.2 I dont want this (2.2.2.2 ) I want to go out 2.2.2.4 but I could not. because both interfaces ( WAN and MAIL ) default gateway is same How to make mail server external gateway ip is 2.2.2.4 Please help me ? If it is on the same network, just make it a virtual IP rather than its own interface. I'm guessing you want to 1:1 NAT that address to the internal mail server. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
[pfSense Support] Diffrent Gateway Adress ( External )
Hi Everybody I have a three interfaces LAN, WAN and MAIL. WAN and MAIL both interfaces external default gateway is 2.2.2.1 i mean same *FW LAN* internal IP : 10.0.1.1 ( lan default gateway ) *FW WAN* external IP : 2.2.2.2 - default gateway 2.2.2.1 *FW MAIL* external IP : 2.2.2.4 - default gateway 2.2.2.1 ( *Mail Server internal ip is 10.0.1.12* ) -- Firewall MAIL interface Rules is below Proto ( ** *) Source (* ** ) Port ( * ) Destination (* 10.0.1.12* ) Port (* * *) Gateway *** ( Important = gateways are same 2.2.2.1 , I didint select diffrent gateways ) I tested external gateway IP on 10.0.1.12, I learned deafult external gateway IP , go to www.whatismyip.com and result ip is 2.2.2.2 I dont want this (2.2.2.2 ) I want to go out 2.2.2.4 but I could not. because both interfaces ( WAN and MAIL ) default gateway is same How to make mail server external gateway ip is 2.2.2.4 Please help me ? Extra information this section mail (10.0.1.12 ) # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.1.00.0.0.0 255.255.255.0 U 0 00 eth1 0.0.0.0 10.0.1.10.0.0.0UG0 00 eth1
[pfSense Support] Squid log format ( Add MAC Adresses )
Hi, Thank you for solutaion I have a question another one :)) Can I add mac adresses PC's this log ( squis logs ) is it possible ? Thank you for everything On Tue, Dec 21, 2010 at 7:44 PM, Luis G. Coralle luiscora...@gmail.comwrote: 2010/12/21 Koray AGAYA insanad...@gmail.com Hi Where can I change log time format ? Which file ? I didint found. Can you help me please ! this log time 1292930146.341 format is UNIX Anybody want to change UNIX log format change as below OLD LINE %ts.%03tu %6tr %a %Ss/%03Hs % NEW LINE %tl %6tr %a %Ss/%03Hs % *1292930146.341*429 10.0.20.83 TCP_MISS/200 457 GET http://www.google-analytics.com/__utm.gif? - DEFAULT_PARENT/havp image/gif *1292930147.007*971 10.0.20.71 TCP_MISS/200 20880 GET http://fb-tc-3.farmville.com/feed.php? - DEFAULT_PARENT/havp text/html *1292930147.430*209 10.0.20.90 TCP_MISS/200 9624 GET http://www.ligtv.com.tr/_Swfs/VideoLigPlayerV7.aspx? - DEFAULT_PARENT/havp text/html 1292930147.715165 10.0.20.90 TCP_MISS/200 384 GET http://ad.reklamport.com/rpbt.png? - DEFAULT_PARENT/havp - 1292930147.860202 10.0.20.90 TCP_MISS/200 1496 GET http://run.admost.com/adx/get.ashx? - DEFAULT_PARENT/havp text/html 1292930148.420414 10.0.20.90 TCP_MISS/200 457 GET http://www.google-analytics.com/__utm.gif? - DEFAULT_PARENT/havp image/gif 1292930148.430 0 10.0.20.90 TCP_NEGATIVE_HIT/404 1151 GET http://www.ligtv.com.tr/75p_honey.png - NONE/- text/html 1292930148.439 48 10.0.20.90 TCP_MISS/200 764 GET http://ad.reklamport.com/rpgetad.ashx? - DEFAULT_PARENT/havp text/html 1292930149.023 99 10.0.20.90 TCP_MISS/200 1072 GET http://www.ligtv.com.tr/_FlashContents/get_xml_videoplayer.aspx? - DEFAULT_PARENT/havp text/xml 1292930149.120 23 10.0.20.90 TCP_MISS/302 723 GET http://www.ligtv.com.tr/Services/? - DEFAULT_PARENT/havp text/html 1292930151.181100 10.0.20.90 TCP_MISS/405 1891 POST http://www.ligtv.com.tr/_Swfs/ - DEFAULT_PARENT/havp text/html 1292930151.818 2628 10.0.20.90 TCP_MISS/200 3025633 GET http://media.ligtv.com.tr/tauri/tsl/20102011/17/mns1ibb0lig.flv? - DEFAULT_PARENT/havp video/x-flv Thank you Hi Koray, you can put on Proxy server: General settings, in the field Custom options emulate_httpd_log on (You can put your own custom options here, separated by semi-colons (;). They'll be added to the configuration. They need to be squid.conf native options, otherwise squid will NOT work. ) The output is like: 192.168.1.10 - - [21/Dec/2010:14:43:26 -0300] GET http://www.google.com.ar/ig/cp/get? HTTP/1.1 304 245 TCP_MISS:DIRECT -- Luis G. Coralle Departamento de Informática Facultad de Ciencias Médicas Universidad Nacional del Comahue Av. Luis Toschi y Los Arrayanes Cipolletti - Río Negro Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140 http://medicina.uncoma.edu.ar/ -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın ! Greased Lightbox http://shiftingpixel.com/lightbox/ →←+-↻ Loading image Click anywhere to cancel Image unavailable
[pfSense Support] Squid change log time format
Hi Where can I change log time format ? Which file ? I didint found. Can you help me please ! this log time 1292930146.341 format is UNIX Anybody want to change UNIX log format change as below OLD LINE %ts.%03tu %6tr %a %Ss/%03Hs % NEW LINE %tl %6tr %a %Ss/%03Hs % *1292930146.341*429 10.0.20.83 TCP_MISS/200 457 GET http://www.google-analytics.com/__utm.gif? - DEFAULT_PARENT/havp image/gif *1292930147.007*971 10.0.20.71 TCP_MISS/200 20880 GET http://fb-tc-3.farmville.com/feed.php? - DEFAULT_PARENT/havp text/html *1292930147.430*209 10.0.20.90 TCP_MISS/200 9624 GET http://www.ligtv.com.tr/_Swfs/VideoLigPlayerV7.aspx? - DEFAULT_PARENT/havp text/html 1292930147.715165 10.0.20.90 TCP_MISS/200 384 GET http://ad.reklamport.com/rpbt.png? - DEFAULT_PARENT/havp - 1292930147.860202 10.0.20.90 TCP_MISS/200 1496 GET http://run.admost.com/adx/get.ashx? - DEFAULT_PARENT/havp text/html 1292930148.420414 10.0.20.90 TCP_MISS/200 457 GET http://www.google-analytics.com/__utm.gif? - DEFAULT_PARENT/havp image/gif 1292930148.430 0 10.0.20.90 TCP_NEGATIVE_HIT/404 1151 GET http://www.ligtv.com.tr/75p_honey.png - NONE/- text/html 1292930148.439 48 10.0.20.90 TCP_MISS/200 764 GET http://ad.reklamport.com/rpgetad.ashx? - DEFAULT_PARENT/havp text/html 1292930149.023 99 10.0.20.90 TCP_MISS/200 1072 GET http://www.ligtv.com.tr/_FlashContents/get_xml_videoplayer.aspx? - DEFAULT_PARENT/havp text/xml 1292930149.120 23 10.0.20.90 TCP_MISS/302 723 GET http://www.ligtv.com.tr/Services/? - DEFAULT_PARENT/havp text/html 1292930151.181100 10.0.20.90 TCP_MISS/405 1891 POST http://www.ligtv.com.tr/_Swfs/ - DEFAULT_PARENT/havp text/html 1292930151.818 2628 10.0.20.90 TCP_MISS/200 3025633 GET http://media.ligtv.com.tr/tauri/tsl/20102011/17/mns1ibb0lig.flv? - DEFAULT_PARENT/havp video/x-flv Thank you
Re: [pfSense Support] About promiscuous mode
Yes I installed rate package ! On Fri, Jan 22, 2010 at 4:09 PM, Fuchs, Martin martin.fu...@trendchiller.com wrote: -Ursprüngliche Nachricht- Von: Koray AGAYA [mailto:insanad...@gmail.com] Gesendet: Freitag, 22. Januar 2010 14:38 An: support@pfsense.com Betreff: [pfSense Support] About promiscuous mode Hi, I use 1.2.3-RELEASE Pfsense, System log have a error, I dont understand What is problem ? Jan 22 15:29:01 kernel: vge0: promiscuous mode disabled Jan 22 15:29:01 kernel: vge0: promiscuous mode enabled Jan 22 15:28:58 kernel: vge0: promiscuous mode disabled Jan 22 15:28:57 kernel: vge0: promiscuous mode enabled Jan 22 15:28:54 kernel: vge0: promiscuous mode disabled Jan 22 15:28:54 kernel: vge0: promiscuous mode enabled Jan 22 15:28:51 kernel: vge0: promiscuous mode disabled Jan 22 15:28:51 kernel: vge0: promiscuous mode enabled Jan 22 15:28:48 kernel: vge0: promiscuous mode disabled Jan 22 15:28:48 kernel: vge0: promiscuous mode enabled Jan 22 15:28:45 kernel: vge1: promiscuous mode disabled Jan 22 15:28:45 kernel: vge1: promiscuous mode enabled Jan 22 15:28:42 kernel: vge1: promiscuous mode disabled Jan 22 15:28:41 kernel: vge1: promiscuous mode enabled Jan 22 15:28:38 kernel: vge1: promiscuous mode disabled Jan 22 15:28:38 kernel: vge1: promiscuous mode enabled Jan 22 15:28:35 kernel: vge1: promiscuous mode disabled Jan 22 15:28:35 kernel: vge1: promiscuous mode enabled Jan 22 15:28:33 kernel: vge0: promiscuous mode disabled Jan 22 15:28:33 kernel: vge0: promiscuous mode enabled --- Do you have the rate package installed ? Then it's this... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
[pfSense Support] About promiscuous mode
Hi, I use 1.2.3-RELEASE Pfsense, System log have a error, I dont understand What is problem ? Jan 22 15:29:01 kernel: vge0: promiscuous mode disabled Jan 22 15:29:01 kernel: vge0: promiscuous mode enabled Jan 22 15:28:58 kernel: vge0: promiscuous mode disabled Jan 22 15:28:57 kernel: vge0: promiscuous mode enabled Jan 22 15:28:54 kernel: vge0: promiscuous mode disabled Jan 22 15:28:54 kernel: vge0: promiscuous mode enabled Jan 22 15:28:51 kernel: vge0: promiscuous mode disabled Jan 22 15:28:51 kernel: vge0: promiscuous mode enabled Jan 22 15:28:48 kernel: vge0: promiscuous mode disabled Jan 22 15:28:48 kernel: vge0: promiscuous mode enabled Jan 22 15:28:45 kernel: vge1: promiscuous mode disabled Jan 22 15:28:45 kernel: vge1: promiscuous mode enabled Jan 22 15:28:42 kernel: vge1: promiscuous mode disabled Jan 22 15:28:41 kernel: vge1: promiscuous mode enabled Jan 22 15:28:38 kernel: vge1: promiscuous mode disabled Jan 22 15:28:38 kernel: vge1: promiscuous mode enabled Jan 22 15:28:35 kernel: vge1: promiscuous mode disabled Jan 22 15:28:35 kernel: vge1: promiscuous mode enabled Jan 22 15:28:33 kernel: vge0: promiscuous mode disabled Jan 22 15:28:33 kernel: vge0: promiscuous mode enabled - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] ntop is dumped
Hi, I use pfsense *1.2.3-RELEASE* and I installed ntop v.3.3.8. but Ntop working 5 minutes and then stop logs is below kernel: pid 49342 (ntop), uid 0: exited on signal 11 (core dumped) How can I resolve my problem ? Thank you for your help Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: rrdPath /var/db/ntop/rrd [normal] Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: rrdPath /var/db/ntop/rrd [dynamic/volatile] Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: rrdPath /var/db/ntop/rrd [dynamic/volatile] Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: umask 0066 Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: umask 0066 Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: DirPerms 0700 Dec 31 08:51:19 ntop[49342]: RRD_DEBUG: DirPerms 0700 Dec 31 08:51:19 ntop[49342]: THREADMGMT: RRD: Started thread (t683679744) for data collection Dec 31 08:51:19 ntop[49342]: THREADMGMT: RRD: Started thread (t683679744) for data collection Dec 31 08:51:19 ntop[49342]: INIT: Created pid file (/var/run/ntop.pid) Dec 31 08:51:19 ntop[49342]: INIT: Created pid file (/var/run/ntop.pid) Dec 31 08:51:19 ntop[49342]: Now running as requested user 'root' (0:0) Dec 31 08:51:19 ntop[49342]: Now running as requested user 'root' (0:0) Dec 31 08:51:19 ntop[49342]: Note: Reporting device initally set to 0 [rl0] Dec 31 08:51:19 ntop[49342]: Note: Reporting device initally set to 0 [rl0] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683675904]: ntop RUNSTATE: RUN(4) Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683675904]: ntop RUNSTATE: RUN(4) Dec 31 08:51:19 ntop[49342]: THREADMGMT[t68368]: NPS(1): Started thread for network packet sniffing [rl0] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t68368]: NPS(1): Started thread for network packet sniffing [rl0] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683676160]: SFP: Fingerprint scan thread running [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683676160]: SFP: Fingerprint scan thread running [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683679744]: RRD: Data collection thread starting [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683679744]: RRD: Data collection thread starting [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683677440]: WEB: Server connection thread starting [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683677440]: WEB: Server connection thread starting [p49342] Dec 31 08:51:19 ntop[49342]: Note: SIGPIPE handler set (ignore) Dec 31 08:51:19 ntop[49342]: Note: SIGPIPE handler set (ignore) Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683677440]: WEB: Server connection thread running [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683677440]: WEB: Server connection thread running [p49342] Dec 31 08:51:19 ntop[49342]: WEB: ntop's web server is now processing requests Dec 31 08:51:19 ntop[49342]: WEB: ntop's web server is now processing requests Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683677184]: DNSAR(3): Address resolution thread running Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683677184]: DNSAR(3): Address resolution thread running Dec 31 08:51:19 ntop[49342]: THREADMGMT[t68368]: NPS(rl0): pcapDispatch thread starting [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t68368]: NPS(rl0): pcapDispatch thread starting [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t68368]: NPS(rl0): pcapDispatch thread running [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t68368]: NPS(rl0): pcapDispatch thread running [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683676416]: SIH: Idle host scan thread running [p49342] Dec 31 08:51:19 ntop[49342]: THREADMGMT[t683676416]: SIH: Idle host scan thread running [p49342] Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683680256]: RRD: Started thread for throughput data collection Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683680256]: RRD: Started thread for throughput data collection Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683679744]: RRD: Data collection thread running [p49342] Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683679744]: RRD: Data collection thread running [p49342] Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683680256]: RRD: Throughput data collection: Thread starting [p49342] Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683680256]: RRD: Throughput data collection: Thread starting [p49342] Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683680256]: RRD: Throughput data collection: Thread running [p49342] Dec 31 08:51:29 ntop[49342]: THREADMGMT[t683680256]: RRD: Throughput data collection: Thread running [p49342] Dec 31 09:00:24 dhcpd: uid lease XXX for client XX is duplicate on XX Dec 31 09:00:27 kernel: pid 49342 (ntop), uid 0: exited on signal 11 (core dumped)
Re: [pfSense Support] Wan interface Error
This error Category is ERRORS IN not Collisions or Errors Outpuıt What Does it mean ERRORS IN I checked Switch Does not have a problem How to resolve this problem Which log can I look ? Not enough for me I dont know Why occur this error Please help me This error continuous increase. Now plus 104 and then about two hours On Wed, Dec 23, 2009 at 9:30 AM, Seth Mos seth@xs4all.nl wrote: Op 23-12-2009 8:19, Koray AGAYA schreef: I use dashboard Have a error WAN Interfaces Statistics. I analysed system log but I dont view anything What is the problem Where can I learn What is Problem Where can I look ? This refers to physical interface errors. Collisions on a duplex mismatch, crc errors, buffer over runs. You'll have to debug switch ports etc. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın ! attachment: Error_two.png- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] About DHCPDISCOVER logs on Syslogs
Hi, I created IP and MAC list on DHCP server service and I checked *Deny unknown clients I have errors* systemlogs below I dont know 08:00:27:76:84:08 and 00:12:79:5d:df:ec How can I learn what does it mean this log and Who is this Macs dhcpd: DHCPDISCOVER from 08:00:27:76:84:08 via vge1: network 10.0.1/24: no free leases dhcpd: DHCPDISCOVER from 00:12:79:5d:df:ec via vge1: network 10.0.1/24: no free leases dhcpd: DHCPDISCOVER from 08:00:27:76:84:08 via vge1: network 10.0.1/24: no free leases dhcpd: DHCPDISCOVER from 00:12:79:5d:df:ec via vge1: network 10.0.1/24: no free leases dhcpd: DHCPDISCOVER from 08:00:27:76:84:08 via vge1: network 10.0.1/24: no free leases dhcpd: DHCPDISCOVER from 00:12:79:5d:df:ec via vge1: network 10.0.1/24: no free leases NOT I use *1.2.3-RC3 * built on Mon Oct 5 22:57:46 UTC 2009 FreeBSD 7.2-RELEASE-p4 i386
[pfSense Support] Wan interface Error
Hi I use dashboard Have a error WAN Interfaces Statistics. I analysed system log but I dont view anything What is the problem Where can I learn What is Problem Where can I look ? Thank you for everything attachment: Error.png- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Same Gateway Adresses
Hi Everybody I have two WAN interface OPT1 and OPT2 and both gateway ip is same. I didnt write a NAT rule because same gateway adresses into combo box How can I resolve this problem ? Please Help me ? Thank you for your help
[pfSense Support] FTPES - FTP - NAT
Hi, I use FTPES -FTP over TLS/SSL and I want use NAT but I didnt found (FTPES -FTP over TLS/SSL ) ports ? Can You help me please ? Which ports can I use for NAT Thank for your help Information pfsense Version *1.2.3-RC3 *
[pfSense Support] Second Gateway Problem
Can you help me please ? http://forum.pfsense.org/index.php/topic,21063.0.html Thank you
[pfSense Support] Multiple Gateway
Hi, I have a Real IPs OPT1 ( X.X.X.100 ), OPT2 ( X.X.X.101 ) , OPT2 ( X.X.X.102 ) , OPT2 ( X.X.X.103 ) on interfaces and Lan interfeces is 10.0.1.1 How can I change default gateway on 10.0.1.5, Normal default gateway is WAN IP but I want make 10.0.1.15 Ip's default gateway OPT1 Can you help me please ?
[pfSense Support] About RB44GV 4-Port Gigabit Ethernet Adapter
Hi, I want use RB44GV 4-Port Gigabit Ethernet Adapter. is it works on Pfsense 1.2.2 ? Can you try this card ? It's important for me ! Thank you for your help
[pfSense Support] Site to Site VPN Error
I Use Pfsense 1.2.2 and Error is below Can you help me please ! Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] 10.0.0.0/24[0] proto=any dir=in Oct 28 09:55:28 racoon: [Self]: INFO: X.X.166.34[500] used as isakmp port (fd=15) Oct 28 09:55:28 racoon: [Self]: INFO: 10.0.0.1[500] used as isakmp port (fd=14) Oct 28 09:55:28 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 09:55:28 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] 10.0.1.0/24[0] proto=any dir=out Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.1/32[0] 10.0.0.0/24[0] proto=any dir=out Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] 10.0.0.1/32[0] proto=any dir=in Oct 28 09:55:28 racoon: INFO: unsupported PF_KEY message REGISTER MY SETTINGS Site one Local IP network : 10.0.0.0 / 24 public ipadres :X.X.X.34 Site two Local IP network 10.0.1.0 / 24 public ipadres: X.X.X.43 SITE ONE CONFIG IPSEC Interface WAN Localsubnet:type Network address 10.0.0.0 / 24 Remote subnet: 10.0.1.0 / 24 Remote Gateway: X.X.X.43 Decription: ipsec tunnel 1 Negotiation mode: aggressive My identifier:My IP address Encryption algorithm: Blowfish Hash algorithm:MD5 DH key group:2 lifetime:86400 Authentication method: Pre-shared key Pre-Shared Key:WqertykLhJKLMDLkOYHBUHhfdRTYbnMDGEW Certificate: NONE KEY: NONE peer certificate NONE Phase 2 proposal (SA/Key Exchange) protocol: ESP Encryption algorithms: select Blowfish Hash algorithms: select MD5 PFS key group: 2 Lifetime: 86400 Automatically ping host: ipadres of server in 192.168.1.0 network SITE TWO CONFIG IPSEC Site one ipsec config Interface WAN Localsubnet:type Network address 10.0.1.0 / 24 Remote subnet: 10.0.0.0 / 24 Remote Gateway: X.X.X.34 Decription: ipsec tunnel 1 Negotiation mode: aggressive My identifier:My IP address Encryption algorithm: Blowfish Hash algorithm:MD5 DH key group:2 lifetime:86400 Authentication method: Pre-shared key Pre-Shared Key:WqertykLhJKLMDLkOYHBUHhfdRTYbnMDGEW Certificate: NONE KEY: NONE peer certificate NONE Phase 2 proposal (SA/Key Exchange) protocol: ESP Encryption algorithms: select Blowfish Hash algorithms: select MD5 PFS key group: 2 Lifetime: 86400 Automatically ping host: ipadres of server in X.X.X.1 ( WAN GATEWAY ) network
Re: [pfSense Support] Site to Site VPN Error
More information = Both pfsense machine conenect to normal connection( Not crossover ) same switch an switch is have distribute real IP I make to site site VPN. Is it true ? On Wed, Oct 28, 2009 at 10:34 AM, Chris Buechler c...@pfsense.org wrote: On Wed, Oct 28, 2009 at 4:11 AM, Koray AGAYA insanad...@gmail.com wrote: I Use Pfsense 1.2.2 and Error is below Can you help me please ! Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] http://10.0.1.0/24%5B0%5D 10.0.0.0/24[0]http://10.0.0.0/24%5B0%5Dproto=any dir=in Oct 28 09:55:28 racoon: [Self]: INFO: X.X.166.34[500] used as isakmp port (fd=15) Oct 28 09:55:28 racoon: [Self]: INFO: 10.0.0.1[500] used as isakmp port (fd=14) Oct 28 09:55:28 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 09:55:28 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] http://10.0.0.0/24%5B0%5D 10.0.1.0/24[0]http://10.0.1.0/24%5B0%5Dproto=any dir=out Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.1/32[0] http://10.0.0.1/32%5B0%5D 10.0.0.0/24[0]http://10.0.0.0/24%5B0%5Dproto=any dir=out Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] http://10.0.0.0/24%5B0%5D 10.0.0.1/32[0]http://10.0.0.1/32%5B0%5Dproto=any dir=in Oct 28 09:55:28 racoon: INFO: unsupported PF_KEY message REGISTER Those aren't really errors, those messages are all normal when a tunnel is brought up. Pasting more of your logs will show problems, if any. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
Re: [pfSense Support] Site to Site VPN Error
Both pfsense change to cable ( I use to both site crosover cable ) But same error Oct 28 11:32:09 racoon: [Self]: INFO: X.X.X.x.43[500] used as isakmp port (fd=15) Oct 28 11:32:09 racoon: [Self]: INFO: 10.0.1.1[500] used as isakmp port (fd=14) Oct 28 11:32:09 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 11:32:09 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 11:32:09 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] 10.0.1.0/24[0] proto=any dir=in Oct 28 11:32:09 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] 10.0.0.0/24[0] proto=any dir=out Oct 28 11:32:09 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.1/32[0] 10.0.1.0/24[0] proto=any dir=out Oct 28 11:32:09 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] 10.0.1.1/32[0] proto=any dir=in Oct 28 11:32:09 racoon: INFO: unsupported PF_KEY message REGISTER Oct 28 11:32:09 racoon: [Self]: INFO: X.X.X.x.43[500] used as isakmp port (fd=15) Oct 28 11:32:09 racoon: [Self]: INFO: 10.0.1.1[500] used as isakmp port (fd=14) Oct 28 11:32:09 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 11:32:09 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 11:32:09 racoon: INFO: Resize address pool from 0 to 255 Oct 28 11:32:09 racoon: INFO: Reading configuration from /var/etc/racoon.conf Oct 28 11:32:09 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/) Oct 28 11:32:09 racoon: INFO: @(#)ipsec-tools 0.7.1 ( http://ipsec-tools.sourceforge.net) Oct 28 11:28:11 racoon: [Self]: INFO: X.X.X.x.43[500] used as isakmp port (fd=15) Oct 28 11:28:11 racoon: [Self]: INFO: 10.0.1.1[500] used as isakmp port (fd=14) Oct 28 11:28:11 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 11:28:11 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 11:28:11 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] 10.0.1.0/24[0] proto=any dir=in Oct 28 11:28:11 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] 10.0.0.0/24[0] proto=any dir=out Oct 28 11:28:11 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.1/32[0] 10.0.1.0/24[0] proto=any dir=out Oct 28 11:28:11 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] 10.0.1.1/32[0] proto=any dir=in Oct 28 11:28:11 racoon: INFO: unsupported PF_KEY message REGISTER Oct 28 11:28:11 racoon: [Self]: INFO: X.X.X.x.43[500] used as isakmp port (fd=15) Oct 28 11:28:11 racoon: [Self]: INFO: 10.0.1.1[500] used as isakmp port (fd=14) Oct 28 11:28:11 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 11:28:11 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 11:28:11 racoon: INFO: Resize address pool from 0 to 255 Oct 28 11:28:11 racoon: INFO: Reading configuration from /var/etc/racoon.conf Oct 28 11:28:11 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/) Oct 28 11:28:11 racoon: INFO: @(#)ipsec-tools 0.7.1 ( http://ipsec-tools.sourceforge.net) 2009/10/28 Koray AGAYA insanad...@gmail.com More information = Both pfsense machine conenect to normal connection( Not crossover ) same switch an switch is have distribute real IP I make to site site VPN. Is it true ? On Wed, Oct 28, 2009 at 10:34 AM, Chris Buechler c...@pfsense.org wrote: On Wed, Oct 28, 2009 at 4:11 AM, Koray AGAYA insanad...@gmail.com wrote: I Use Pfsense 1.2.2 and Error is below Can you help me please ! Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.1.0/24[0] http://10.0.1.0/24%5B0%5D 10.0.0.0/24[0]http://10.0.0.0/24%5B0%5Dproto=any dir=in Oct 28 09:55:28 racoon: [Self]: INFO: X.X.166.34[500] used as isakmp port (fd=15) Oct 28 09:55:28 racoon: [Self]: INFO: 10.0.0.1[500] used as isakmp port (fd=14) Oct 28 09:55:28 racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=13) Oct 28 09:55:28 racoon: WARNING: /var/etc/racoon.conf:3: 0660 admin port support not compiled in Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] http://10.0.0.0/24%5B0%5D 10.0.1.0/24[0]http://10.0.1.0/24%5B0%5Dproto=any dir=out Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.1/32[0] http://10.0.0.1/32%5B0%5D 10.0.0.0/24[0]http://10.0.0.0/24%5B0%5Dproto=any dir=out Oct 28 09:55:28 racoon: ERROR: such policy already exists. anyway replace it: 10.0.0.0/24[0] http://10.0.0.0/24%5B0%5D 10.0.0.1/32[0]http://10.0.0.1/32%5B0%5Dproto=any dir=in Oct 28 09:55:28 racoon: INFO
[pfSense Support] Site to Site VPN
Hi ! Have a two location and both sites use pfsense 1.2.2 I want to site to site vpn A location and B location I use http://doc.pfsense.org/index.php/VPN_Capability_IPSec this site I need a firewall rule and vpn settings -screenshot pfsense Can you help me plese I
Re: [pfSense Support] Site to Site VPN
Thank you Johan Hendriks and Abdulrehmana lot of thanks for your help thank you again On Tue, Oct 27, 2009 at 12:44 PM, Johan Hendriks j.hendr...@schavemaker.com wrote: Abdulrehman schreef: I also followed the same how to and had no issues..attached it the image of firewall rule for IPSEC...I have allowed all ip traffic...you can customize itits very simple.. On Tue, Oct 27, 2009 at 1:16 PM, Koray AGAYA insanad...@gmail.com insanad...@gmail.com wrote: Hi ! Have a two location and both sites use pfsense 1.2.2 I want to site to site vpn A location and B location I use http://doc.pfsense.org/index.php/VPN_Capability_IPSec this site I need a firewall rule and vpn settings -screenshot pfsense Can you help me plese I -- -- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Why do you have 2 rules that do exactly the same, the only difference is the comment. The first rule say Allow all protocols, from all source, from all ports, to all destination, to all ports, througt the default gateway. The second rule does the same thing. @ topic starter i do not know you config, but i try to explain fill in your own network data Site one Local IP network : 192.168.0.0 / 24 public ipadres : 80.80.80.80 Site two Local IP network 192.168.1.0 / 24 public ipadres: 90.90.90.90 SITE ONE CONFIG IPSEC Interface WAN Localsubnet:type Network address 192.168.0.0 / 24 Remote subnet: 192.168.1.0 / 24 Remote Gateway: 90.90.90.90 Decription: ipsec tunnel 1 Negotiation mode: aggressive My identifier:My IP address Encryption algorithm: Blowfish Hash algorithm:MD5 DH key group:2 lifetime:86400 Authentication method: Pre-shared key Pre-Shared Key:your-key-in-text Certificate: NONE KEY: NONE peer certificate NONE Phase 2 proposal (SA/Key Exchange) protocol: ESP Encryption algorithms: select Blowfish Hash algorithms: select MD5 PFS key group: 2 Lifetime: 86400 Automatically ping host: ipadres of server in 192.168.1.0 network SITE TWO CONFIG IPSEC Site one ipsec config Interface WAN Localsubnet:type Network address 192.168.1.0 / 24 Remote subnet: 192.168.0.0 / 24 Remote Gateway: 80.80.80.80 Decription: ipsec tunnel 1 Negotiation mode: aggressive My identifier:My IP address Encryption algorithm: Blowfish Hash algorithm:MD5 DH key group:2 lifetime:86400 Authentication method: Pre-shared key Pre-Shared Key:your-key-in-text Certificate: NONE KEY: NONE peer certificate NONE Phase 2 proposal (SA/Key Exchange) protocol: ESP Encryption algorithms: select Blowfish Hash algorithms: select MD5 PFS key group: 2 Lifetime: 86400 Automatically ping host: ipadres of server in 192.168.0.0 network And on both sides use a rule on the ipsec interface that allows all form all etc. You must use different subnets on each side of the tunnel. Hope this helps regards, -- ___ *Johan Hendriks* *Schavemaker Transport* Tel: +31 (0)251 229098 Fax: +31 (0)251 212016 email: j.hendr...@schavemaker.com web: http://www.schavemaker.com ___ *Confidentiality Notice: The information in this document may be confidential. It is intended only for the use of the named recipient. If you are not the intended recipient, please notify me immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. * ___ -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
[pfSense Support] user and group base content filter
Hi, How do it ? squid and squidguard on pfsense Example ; 2 users have my company.Users name ; peter and karel. I use Pfsense local authentication. I need peter user dont connect to all website only connect to * www.pfsense.com* and *www.yahoo.com http://www.cehturkiye.com/* user name karel connect to all web site. Or Create 2 groups A and B A group have a *x, y* users B group have a *z* user I need A Group users dont connect to all website only connect to * www.pfsense.com* and *www.yahoo.com http://www.cehturkiye.com/* Group B connect to all web site Can you help me , please How can I do -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
[pfSense Support] Doesnt work make install Command
Hi All; I installed all freebsd ports collection under */usr/ports/*.** But I didnt use make install command How Can I do work it ? Please help me For example, To install the Nano text editor $ cd /usr/ports/editors/nano $ make install Error : bash: make: command not found information My pfsense is 6.2-RELEASE-p11 FreeBSD
[pfSense Support] dansguardian + pfsense
Hi All, I searched internet but I didnt find about pfs+dansguardian Is anybody install dansguardian manual on pfsense please help me ? Or prefer another any content filter package ? Thank you
Re: [pfSense Support] dansguardian + pfsense
I want to use dansguardian I know very well dansguardian Please help On Tue, Sep 23, 2008 at 5:56 PM, Gary Buckmaster [EMAIL PROTECTED] wrote: Koray AGAYA wrote: Hi All, I searched internet but I didnt find about pfs+dansguardian Is anybody install dansguardian manual on pfsense please help me ? Or prefer another any content filter package ? Thank you There is already a squid and squidGuard package available for pfSense. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
