Re: [pfSense Support] virtualbox ova fails to import
On Wed 13 Jul 2011 01:28:11 NZST +1200, e...@tm-k.com wrote: http://cvs.pfsense.org/~sullrich/pfSenseDevBuilder/pfSense.ova fails to import into virtualbox. Just tried, works well on VirtualBox for Mac. Thanks. There are suggestions of potential problems depending on VB capabilities. What version of virtualbox is this appliance for? Open source or the binary one? Which number? I downloaded the file 3 times and got 3 different ones. Could someone please post MD5 sums for all those ova files? Thanks. Then I downloaded the RC3 release ISO for the sole purpose of it having an MD5 sum published, and that didn't match. So some network segment is seriously screwy here. Volker $ md5 pfSense.ova MD5 (pfSense.ova) = ff549e509339e8e8316770bc4a47958f - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] virtualbox ova fails to import
The dev builder image mentioned on http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso http://cvs.pfsense.org/~sullrich/pfSenseDevBuilder/pfSense.ova fails to import into virtualbox. Error is: Failed to import appliance /local/pfSense/pfSense.ova. Could not create the clone medium '/local/VirtualBoxVMs/pfSense/pfSense-disk1.vmdk' (VERR_GENERAL_FAILURE). Result Code: VBOX_E_FILE_ERROR (0x80BB0004) Component: Appliance Interface: IAppliance {7b148032-4124-4f46-b56a-b48ac1273f5a} [snip] Just tried, works well on VirtualBox for Mac. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense, OpenVPN and multicast
All, We have a subnet with a public IP address fronted by a pfsense (1.2.3R) box with routing and OpenVPN enabled and configured. We're testing this with a product that uses multicast - the server is in the network protected by the pfsense box, and there will be one or more clients connecting to it from the field.. While most network functionality is present, the multicast traffic is not being seen on the client. Does pfsense/OpenVPN support multicast in this kind of arrangement? We've added in the IGMPProxy package, which so far doesn't seem to be doing anything for us, though we may not have configured that correctly. Thanks, Kurt I do not think igmpproxy will be in any use here. Try routing multicast IPs/subnet over the tunnel explicitly. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Outgoing NAT failure
Sorry for double posting, as I just posted this question at: http://forum.pfsense.org/index.php/topic,35019.0.html but this is critical and urgent for me. Hope somebody can help me. I have two pfSense (2.0RC1 built on Sat Feb 26 18:07:23 EST 2011 ) boxes in failover mode. The WAN IP address has been set as a Carp IP address and everything works fine when you browse the internet. Until you try to do a download. When downloading a file, after a while, it stalls. On the LAN side, with a tcpdump I can see that the server on the internet just stopped sending packets. On the WAN side, with the capture I see that suddenly pfSense stops passing data back to the LAN client and starts sending packets like the following one to the internet server: 8:13:54.058314 IP 1.1.1.1 pub4.kernel.org: ICMP host 1.1.1.1 unreachable, length 60 (1.1.1.1 is my WAN IP addres, which I edited for privacy reasons). This example is when downloading a kernel source tarball from kernel.org. Everything points that, after a while (something running periodically?) the state of the connection is lost and pfSense for some reason can't recognize the CARP ip as a valid ip address. Any help will be appreciated. What does ifconfig show at this time? Can you tcpdump 224.0.0.0/4 net on WAN to see who is declaring itself as CARP-master and whether it is going well (no slave's packets)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Outgoing NAT failure
El 28/03/11 19:24, e...@tm-k.com escribió: Sorry for double posting, as I just posted this question at: http://forum.pfsense.org/index.php/topic,35019.0.html but this is critical and urgent for me. Hope somebody can help me. I have two pfSense (2.0RC1 built on Sat Feb 26 18:07:23 EST 2011 ) boxes in failover mode. The WAN IP address has been set as a Carp IP address and everything works fine when you browse the internet. Until you try to do a download. When downloading a file, after a while, it stalls. On the LAN side, with a tcpdump I can see that the server on the internet just stopped sending packets. On the WAN side, with the capture I see that suddenly pfSense stops passing data back to the LAN client and starts sending packets like the following one to the internet server: 8:13:54.058314 IP 1.1.1.1 pub4.kernel.org: ICMP host 1.1.1.1 unreachable, length 60 (1.1.1.1 is my WAN IP addres, which I edited for privacy reasons). This example is when downloading a kernel source tarball from kernel.org. Everything points that, after a while (something running periodically?) the state of the connection is lost and pfSense for some reason can't recognize the CARP ip as a valid ip address. Any help will be appreciated. What does ifconfig show at this time? Can you tcpdump 224.0.0.0/4 net on WAN to see who is declaring itself as CARP-master and whether it is going well (no slave's packets)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Just found that doing outbound NAT using the interface IP address instead of the carp IP it works fine, the only drawback is that I have to waste one public IP address per box plus a carp one for services... You have to 'waste' one public IP address per box is 'how it works', but you should be using CARP IP in your outbound NAT to make everything really redundant (to use CARP). With the tcpdump you mentioned I'm getting just packets like this one: 22:44:56.122437 IP 1.1.1.2 VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 11, prio 0, authtype none, intvl 1s, length 36 where 1.1.1.2 is the real IP address for the WAN interface on the primary box. It is normal. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Traceroute repeating itself
On Wed, Mar 9, 2011 at 6:53 PM, James Bensley jwbens...@gmail.com wrote: So WAN1 is on one pfSense box and WAN2 is on another? Also, you connect each box to an ISP and to the LAN? -- James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? No... ISP gives me 1 connection. The VRRP IP is 114.113.87.43. This VRRP IP is the gateway to my pfsense boxes. The pfsense boxes get 2 wan ip, 114.113.87.44 114.113.87.45. ShiB. while ( ! ( succeed = try() ) ); Where is 114.113.93.41 you are tracing to? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Traceroute repeating itself
On Wed, Mar 9, 2011 at 8:33 PM, e...@tm-k.com wrote: On Wed, Mar 9, 2011 at 6:53 PM, James Bensley jwbens...@gmail.com wrote: So WAN1 is on one pfSense box and WAN2 is on another? Also, you connect each box to an ISP and to the LAN? -- James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? No... ISP gives me 1 connection. The VRRP IP is 114.113.87.43. This VRRP IP is the gateway to my pfsense boxes. The pfsense boxes get 2 wan ip, 114.113.87.44 114.113.87.45. ShiB. while ( ! ( succeed = try() ) ); Where is 114.113.93.41 you are tracing to? 114.113.93.41 is a ip from the Routed segment/Server Segment alotted to me by my ISP. ShiB. while ( ! ( succeed = try() ) ); I do not get it -) Is it on your pfSense boxes? behind them? or on provider's side? Please do not top-post. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP IP Not Registering MAC Address or Switch Disregarding CARP MAC Address -- Maybe???
[snip] Address Learning enabled on the Switch (default setting): [snip] Can you briefly explain what 'address learning' is according to D-Link? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to build a Developer ISO
On 1/30/2011 11:29 PM, Mark Jones wrote: Well, I'm pretty close to admitting defeat. I've followed the guidance given @ http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso I've used FreeBSD 8, 7.2 and 7.1, and in all cases am unable to build a developer ISO. I've built portmaster and attempted to use it to build the development ISO. Couple years ago I've managed to build 7.1 or 7.2 (do not remember) following this guide though hit several problems as you did. But my purpose was to have a pfSense box with ability to compile things. I've never created any .iso's. What is your purpose? Jim's comments have perfect sense. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Trouble with VIP?
I may be wrong, but shouldn't the VIP be a /32 not a /25? It's true for ProxyARP VIPs, CARP VIP's mask should match the mask configured on the interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ShrewSoft
On Tue, Jan 4, 2011 at 12:59 AM, Chris Buechler cbuech...@gmail.com wrote: On Tue, Jan 4, 2011 at 12:56 AM, DuWayne Odom d.w.o...@gmail.com wrote: I am attempting to use Shrewsoft VPN Client to connect to a Cisco VPN Concentrator at work. I had no issue connecting while using m0n0wall, but now that I have switched to pfSense I have been unable to get it to work correctly. The client appears to connect and displays the Client Login Banner. After approx 20-30 seconds the connection drops. I have attempted to use all kinds of suggestions from the forums and other sources with no luck. Below is what I used to get it to at least connect for the short time it does. Delete the rule for UDP 4500 in your outbound NAT. With that gone you should be fine. I just removed that line again and still the same issue. :-( You have ESP and UDP port 500 allowed on LAN, right? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ShrewSoft
On Tue, Jan 4, 2011 at 1:08 AM, e...@tm-k.com wrote: On Tue, Jan 4, 2011 at 12:59 AM, Chris Buechler cbuech...@gmail.com wrote: On Tue, Jan 4, 2011 at 12:56 AM, DuWayne Odom d.w.o...@gmail.com wrote: I am attempting to use Shrewsoft VPN Client to connect to a Cisco VPN Concentrator at work. I had no issue connecting while using m0n0wall, but now that I have switched to pfSense I have been unable to get it to work correctly. The client appears to connect and displays the Client Login Banner. After approx 20-30 seconds the connection drops. I have attempted to use all kinds of suggestions from the forums and other sources with no luck. Below is what I used to get it to at least connect for the short time it does. Delete the rule for UDP 4500 in your outbound NAT. With that gone you should be fine. I just removed that line again and still the same issue. :-( You have ESP and UDP port 500 allowed on LAN, right? Yes I allow all as seen below... Do tcpdump on WAN and see what is going on (at least you'll see whether you have right NAT) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ShrewSoft
I dont know if this helps... I just captured this data. It looks like NAT is ok but I do not think phase2 ends up ok. Are you alone who tries to use this ipsec tunnel from behind pfSense? Are both devices configured to use NAT-T (it seems they do but anyway)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org