[pfSense Support] Pfsense Nortel IPSEC lifetime issue
Hi, I have had some problems with an IPSEC between pfsense 1.2.3 and a Nortel device (in different country). The IPSEC will stay up for 24 hours + and then we are not able to send traffic thru the ipsec anymore. Have to disable / enable it. We think this is lifetime issues but i'm a bit confused of how Nortel handles this. In pfsense we have phase 1 and phase 2 lifetimes but on the Nortel the only thing we have is a field called 'rekey timeout'. On pfsense we have been using 28800 seconds on Phase 1 and 86400 seconds on Phase 2, and on nortel side 28800 rekey timeout which now is not working any good. Tthe Nortel device user suggested that we changed to disable Phase 1 lifetime and use 28800 seconds on Phase 2. They claim that rekey timeout is the same as Phase 2 lifetime and they have no phase 1 lifetime so we shouldn't use one either. If you want to 'disable' phase 1 lifetime is it correct to leave it blank? Does anyone know if this is the right way to do it with the Nortel device? If not what should we use on phase 1 and phase 2 lifetime when nortel use 28800 seconds rekey timeout? Thanks in advance! Stale.
[pfSense Support] NAT behind IPSEC
Hello, We have a customer who routes their internet through their IT-service provider. We need a secure ipsec connection from our internal network to the customers internal network. The other IT-service provider do not allow any new RFC1918 into their transport network. So they say we have to NAT our internal network or server to an official IP adress in our firewall/VPN. Is this possible to do behind an IPSEC with pfsense? If not, we are very happy for any suggestions to solve this. The solution has to be an IPSEC because the nodes we are trying to reach on the customers network is embedded terminals without possibilites for openvpn etc. Thanks in advance. Regards, Stale Johnsen
[pfSense Support] SNMP oid's for bandwidth
Hi, I'm trying to monitor in / out bandwidth in bits on wan interface but are having some problems finding the right SNMP oid. I found this one: http://cvstrac.pfsense.com/tktview?tn=257 but the OID i'm trying doesn't return anything. Does anyone have any better suggestions for bandwidth monitoring on pfsense from an nagios server? Regards Stale Johnsen
Re: [pfSense Support] SNMP oid's for bandwidth
Hi, This plugin looks perfect for what i'm looking for. Can you point me to it and paste which OID's you are using? Thank you in advance. Stale Johnsen - Original Message - Fra: iggd...@gmail.com Til: support@pfsense.com Sendt: 29. september 2009 16:10:51 Emne: Re: [pfSense Support] SNMP oid's for bandwidth to measure bandwidth used I use a script that checks the difference between bytes passed from poll A to poll B. I can point you to the plugin I use if you'd like. gives results like: vr0:UP (131.0KBps/8.0KBps) and I get alarms in my email when I pass too much traffic like you'd expect: * Nagios * Notification Type: PROBLEM Service: Interface Status - vr0 Host: pipboy Address: 192.168.2.1 State: WARNING Date/Time: Tue Sept 29 08:02:33 EDT 2009 Additional Info: vr0:UP (WARN 1490.2KBps/56.2KBps) The OID it uses is just off the IF-MIB if I remember right. and most devices regardless of OS tend to respond to polls on the .1.3.6.1.2.1 trees, especially .1.3.6.1.2.1.2.2 and .1.3.6.1.2.1.25 , the first of which is the one you're looking for for interface information. 2009/9/29 Ståle Johnsen stale.john...@smartit.no Hi, I'm trying to monitor in / out bandwidth in bits on wan interface but are having some problems finding the right SNMP oid. I found this one: http://cvstrac.pfsense.com/tktview?tn=257 but the OID i'm trying doesn't return anything. Does anyone have any better suggestions for bandwidth monitoring on pfsense from an nagios server? Regards Stale Johnsen