Re: [pfSense Support] Multi-WAN PPTP?
Christopher Iarocci wrote: I'd love to use OpenVPN, but the end users have to set it up themselves, and what I've done is to have one config file with all the common stuff at the top and a section at the bottom with individual people's config (just two lines for their key/cert) commented out, saying uncomment. I then hand them the key or cert physically on a USB key when they're in the office. only had one muppet struggle, but that was partly my fault as they used an out of date config file. that said most of our users are moderately to very technical. we also have an ADSL service separate from our main leased line which we can use for VPN testing, so people having issues can bring their laptops along and we can prove it works. it's also used for out-of-band monitoring of systems, so it's not wasted! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Wed, Jan 14, 2009 at 03:00:21PM -0500, Chris Buechler wrote: You can build an installer file that has no prompts for the user to click and auto installs the config - double click the installer, wait a bit, and you're done. pfSense 2.0 has the capability to create such I'm really looking forward to that feature. I need it yesterday ;) an install file for Windows clients. I wouldn't recommend running that in production yet, though it does work perfectly last I tried it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
I'm embarrassed to write this, and I'm having trouble finding someone to lend me a gun, but you were right. The PPTP server was enabled on my side causing the problem. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Monday, January 12, 2009 9:56 AM To: support@pfsense.com Cc: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? Is the PPTP server enabled on the 'other' pfSense firewall where the clients are connecting *FROM*? That may be your problem... see here: http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=43 ' Specifically this text: Limitations * Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Tried putting an unused LAN IP in the server field, no difference whatsoever. It gives me the same exact errors on the client side and in the PFSense logs. Anything else I can try? Just as an FYI, the clients I am testing with are XP Pro and Vista Ultimate. Both are behind another PFSense firewall. I only try a single machine at any one time. I can't get my head wrapped around the fact that it used to work like a charm with the same exact config. I even went back into previously saved configs and compared them and there is no difference. It worked with this config as recently as 12/29/07 (last PPTP log entry). Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
Christopher - Thank you for the early morning laugh. If you were closer to New York like us - I am willing to bet the gun would be easier to find due to this cruddy market ;-) I have found most every problem I have had has been user error... PEBKAC is the motto of the day I guess problem exists between keyboard and chair Glenn On Jan 14, 2009, at 9:02 AM, Christopher Iarocci wrote: I'm embarrassed to write this, and I'm having trouble finding someone to lend me a gun, but you were right. The PPTP server was enabled on my side causing the problem. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Monday, January 12, 2009 9:56 AM To: support@pfsense.com Cc: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? Is the PPTP server enabled on the 'other' pfSense firewall where the clients are connecting *FROM*? That may be your problem... see here: http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=43 ' Specifically this text: Limitations * Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Tried putting an unused LAN IP in the server field, no difference whatsoever. It gives me the same exact errors on the client side and in the PFSense logs. Anything else I can try? Just as an FYI, the clients I am testing with are XP Pro and Vista Ultimate. Both are behind another PFSense firewall. I only try a single machine at any one time. I can't get my head wrapped around the fact that it used to work like a charm with the same exact config. I even went back into previously saved configs and compared them and there is no difference. It worked with this config as recently as 12/29/07 (last PPTP log entry). Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
No need for self-induced bodily harm... we've all been there. :-) The PPTP problem is one of those 'gotchas' when working with pfSense that we used to run into all the time. BUT, frankly we don't use PPTP anymore for many reasons and it hasn't been an issue for us. If you simply need to give road warriors access to your network, *PLEASE* check out OpenVPN as it is incredibly robust and infinitely more secure. It is a tad more difficult to setup but that's what the forum, list, and paid pfSense support are for! :-) Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: I'm embarrassed to write this, and I'm having trouble finding someone to lend me a gun, but you were right. The PPTP server was enabled on my side causing the problem. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Monday, January 12, 2009 9:56 AM To: support@pfsense.com Cc: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? Is the PPTP server enabled on the 'other' pfSense firewall where the clients are connecting *FROM*? That may be your problem... see here: http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=43 ' Specifically this text: Limitations * Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Tried putting an unused LAN IP in the server field, no difference whatsoever. It gives me the same exact errors on the client side and in the PFSense logs. Anything else I can try? Just as an FYI, the clients I am testing with are XP Pro and Vista Ultimate. Both are behind another PFSense firewall. I only try a single machine at any one time. I can't get my head wrapped around the fact that it used to work like a charm with the same exact config. I even went back into previously saved configs and compared them and there is no difference. It worked with this config as recently as 12/29/07 (last PPTP log entry). Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
Tim Nelson wrote: If you simply need to give road warriors access to your network, *PLEASE* check out OpenVPN yes, what he said. we've got windows (XP, vista), linux and Mac users all on openVPN and it mainly just works. don't make life hard for yourself :-) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
I'd love to use OpenVPN, but the end users have to set it up themselves, and honestly, it's not easy enough for an end user to do. Editing a text file with technical information is beyond most end users capability. If there was a point and click GUI made for it, that would be different. Getting them just to run an install on their laptops to install OpenVPN is a chore (and that's the easy part). Configuring it, well, I gave up completely after talking to too many end users who just sat on the other end of the phone silent because they didn't know what a text file was, or how to find Notepad...etc. I do agree that OpenVPN is better than PPTP, except when it comes to setting it up. In that part if falls way behind PPTP. Maybe someone can prove me wrong and show me a simple tutorial that a typical computer illiterate end user can follow and be successful. BTW, when you're not stupid like me, and you don't enable your local PPTP server on your local PFSense box, PPTP just works too. This was the first time I ever had a problem with it, and the fact that the other administrator enabled it on the same day as the upgrade I did made me think it was upgrade related when in fact it was not. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Paul Mansfield [mailto:it-admin-pfse...@taptu.com] Sent: Wednesday, January 14, 2009 1:42 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? Tim Nelson wrote: If you simply need to give road warriors access to your network, *PLEASE* check out OpenVPN yes, what he said. we've got windows (XP, vista), linux and Mac users all on openVPN and it mainly just works. don't make life hard for yourself :-) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Wed, Jan 14, 2009 at 2:50 PM, Christopher Iarocci ciaro...@tfop.net wrote: I'd love to use OpenVPN, but the end users have to set it up themselves, and honestly, it's not easy enough for an end user to do. You can build an installer file that has no prompts for the user to click and auto installs the config - double click the installer, wait a bit, and you're done. pfSense 2.0 has the capability to create such an install file for Windows clients. I wouldn't recommend running that in production yet, though it does work perfectly last I tried it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Now THAT is easy. That being said, I can't wait for 2.0 to come out. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Wednesday, January 14, 2009 3:00 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Wed, Jan 14, 2009 at 2:50 PM, Christopher Iarocci ciaro...@tfop.net wrote: I'd love to use OpenVPN, but the end users have to set it up themselves, and honestly, it's not easy enough for an end user to do. You can build an installer file that has no prompts for the user to click and auto installs the config - double click the installer, wait a bit, and you're done. pfSense 2.0 has the capability to create such an install file for Windows clients. I wouldn't recommend running that in production yet, though it does work perfectly last I tried it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
Is the PPTP server enabled on the 'other' pfSense firewall where the clients are connecting *FROM*? That may be your problem... see here: http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=43 ' Specifically this text: Limitations * Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Tried putting an unused LAN IP in the server field, no difference whatsoever. It gives me the same exact errors on the client side and in the PFSense logs. Anything else I can try? Just as an FYI, the clients I am testing with are XP Pro and Vista Ultimate. Both are behind another PFSense firewall. I only try a single machine at any one time. I can't get my head wrapped around the fact that it used to work like a charm with the same exact config. I even went back into previously saved configs and compared them and there is no difference. It worked with this config as recently as 12/29/07 (last PPTP log entry). Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Tim, If that is it, I'm going to shoot myself. I'll check again tonight when I am home. I've never used the PPTP server at home so my first instinct would be no, it is not enabled, but who knows. Maybe I checked the box at one time, or maybe someone else did (there is another admin in my web of IPSec VPNs that can modify my firewall). Thank you for pointing that out though. I wouldn't have checked it. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Monday, January 12, 2009 9:56 AM To: support@pfsense.com Cc: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? Is the PPTP server enabled on the 'other' pfSense firewall where the clients are connecting *FROM*? That may be your problem... see here: http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=43 ' Specifically this text: Limitations * Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Tried putting an unused LAN IP in the server field, no difference whatsoever. It gives me the same exact errors on the client side and in the PFSense logs. Anything else I can try? Just as an FYI, the clients I am testing with are XP Pro and Vista Ultimate. Both are behind another PFSense firewall. I only try a single machine at any one time. I can't get my head wrapped around the fact that it used to work like a charm with the same exact config. I even went back into previously saved configs and compared them and there is no difference. It worked with this config as recently as 12/29/07 (last PPTP log entry). Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Friday, January 09, 2009 1:34 AM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Wed, Jan 7, 2009 at 7:29 PM, Christopher Iarocci ciaro...@tfop.net wrote: I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that field. There's at least one problem, that has to be an IP on your LAN, assuming you're putting the PPTP clients on your LAN subnet. I don't know how that ever could have worked. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? [Christopher Iarocci] Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. Sorry for the double post. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Friday, January 09, 2009 1:34 AM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Wed, Jan 7, 2009 at 7:29 PM, Christopher Iarocci ciaro...@tfop.net wrote: I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that field. There's at least one problem, that has to be an IP on your LAN, assuming you're putting the PPTP clients on your LAN subnet. I don't know how that ever could have worked. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Chris, Thank you. I will try the new config tonight and report back. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On the increasingly rare occasions I set up PPTP, I put the server on .15 and clients starting at .16 for the LAN subnet. If your client 'subnet' does not begin on a CIDR boundary, pfSense will complain. Hence, the .16 choice. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Chris, Thank you. I will try the new config tonight and report back. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
That being said, does ANYONE have a clue why my PPTP server is suddenly broken after the 1.2.1 upgrade? BTW, doing more testing, I tried eliminating the Radius server and used local authentication. The same exact errors appear, so it does not seem to be a problem with the radius setup. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Wednesday, January 07, 2009 8:59 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Wed, Jan 7, 2009 at 8:55 PM, Morgan Reed morgan.s.r...@gmail.com wrote: On Thu, Jan 8, 2009 at 11:29 AM, Christopher Iarocci ciaro...@tfop.net wrote: I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs Apparently there are three major bugs being fixed in 1.2.2, this may be one of them. They aren't major, aside from the setup wizard issue they're rare edge cases or minor things. PPTP isn't one. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Thu, Jan 8, 2009 at 3:10 PM, Christopher Iarocci ciaro...@tfop.net wrote: That being said, does ANYONE have a clue why my PPTP server is suddenly broken after the 1.2.1 upgrade? BTW, doing more testing, I tried eliminating the Radius server and used local authentication. The same exact errors appear, so it does not seem to be a problem with the radius setup. Not sure, I did look at the PPTP server last night and didn't have any trouble at all. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Wed, Jan 7, 2009 at 7:29 PM, Christopher Iarocci ciaro...@tfop.net wrote: I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that field. There's at least one problem, that has to be an IP on your LAN, assuming you're putting the PPTP clients on your LAN subnet. I don't know how that ever could have worked. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
in that field. Here is a snippit of that.. Jan 7 19:26:28 mpd: [pt15] using interface ng16 Jan 7 19:26:28 mpd: [pt15] ppp node is mpd57834-pt15 Jan 7 19:26:28 mpd: [pt14] using interface ng15 Jan 7 19:26:28 mpd: [pt14] ppp node is mpd57834-pt14 Jan 7 19:26:28 mpd: [pt13] using interface ng14 Jan 7 19:26:28 mpd: [pt13] ppp node is mpd57834-pt13 Jan 7 19:26:28 mpd: [pt12] using interface ng13 Jan 7 19:26:28 mpd: [pt12] ppp node is mpd57834-pt12 Jan 7 19:26:28 mpd: [pt11] using interface ng12 Jan 7 19:26:28 mpd: [pt11] ppp node is mpd57834-pt11 Jan 7 19:26:28 mpd: [pt10] using interface ng11 Jan 7 19:26:28 mpd: [pt10] ppp node is mpd57834-pt10 Jan 7 19:26:28 mpd: [pt9] using interface ng10 Jan 7 19:26:28 mpd: [pt9] ppp node is mpd57834-pt9 Jan 7 19:26:28 mpd: [pt8] using interface ng9 Jan 7 19:26:28 mpd: [pt8] ppp node is mpd57834-pt8 Jan 7 19:26:28 mpd: [pt7] using interface ng8 Jan 7 19:26:28 mpd: [pt7] ppp node is mpd57834-pt7 Jan 7 19:26:28 mpd: [pt6] using interface ng7 Jan 7 19:26:28 mpd: [pt6] ppp node is mpd57834-pt6 Jan 7 19:26:28 mpd: [pt5] using interface ng6 Jan 7 19:26:28 mpd: [pt5] ppp node is mpd57834-pt5 Jan 7 19:26:28 mpd: [pt4] using interface ng5 Jan 7 19:26:28 mpd: [pt4] ppp node is mpd57834-pt4 Jan 7 19:26:28 mpd: [pt3] using interface ng4 Jan 7 19:26:28 mpd: [pt3] ppp node is mpd57834-pt3 Jan 7 19:26:28 mpd: [pt2] using interface ng3 Jan 7 19:26:28 mpd: [pt2] ppp node is mpd57834-pt2 Jan 7 19:26:28 mpd: [pt1] using interface ng2 Jan 7 19:26:28 mpd: [pt1] ppp node is mpd57834-pt1 Jan 7 19:26:28 mpd: [pt0] using interface ng1 Jan 7 19:26:28 mpd: mpd: local IP address for PPTP is 0.0.0.0 Jan 7 19:26:28 mpd: [pt0] ppp node is mpd57834-pt0 Jan 7 19:26:28 mpd: mpd: pid 57834, version 3.18 (r...@freebsd7-releng_1_2.pfsense.org 20:18 9-Nov-2008) Any help would be appreciated as I'm at a loss as to why it worked perfectly under 1.2 but not under 1.2.1 with the same config. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Morgan Reed [mailto:morgan.s.r...@gmail.com] Sent: Monday, January 05, 2009 7:27 AM To: support@pfsense.com Subject: [pfSense Support] Multi-WAN PPTP? Hi all, We've a multi-WAN setup on our pfSense (no redundancy or load balancing, one is dedicated to office internet traffic, the other is dedicated to inbound server traffic), just wondering if it's possible to setup pfSense so we can accept PPTP in on either WAN link (that way if the main link is down we can come in the backup and vice versa). pfSense is our PPTP server, and it authenticates against our Windows 2000 AD via RADIUS/IAS if that makes any difference. I've added a firewall rule to allow 1723 in on WAN2 but there appears to be something else required as my connection attempts timeout at authentication (I've been able to connect PPTP to the WAN2 interface from inside the office with no trouble so I assume that means that the PPTP daemon listens on all interfaces) I recall PPTP also uses IP Proto 47 (GRE), do I need to add a rule to allow that traffic on WAN2? Any suggestions? Thanks, Morgan - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Thu, Jan 8, 2009 at 11:29 AM, Christopher Iarocci ciaro...@tfop.net wrote: I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs Apparently there are three major bugs being fixed in 1.2.2, this may be one of them. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Wed, Jan 7, 2009 at 8:55 PM, Morgan Reed morgan.s.r...@gmail.com wrote: On Thu, Jan 8, 2009 at 11:29 AM, Christopher Iarocci ciaro...@tfop.net wrote: I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs Apparently there are three major bugs being fixed in 1.2.2, this may be one of them. They aren't major, aside from the setup wizard issue they're rare edge cases or minor things. PPTP isn't one. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Thu, Jan 8, 2009 at 12:59 PM, Chris Buechler cbuech...@gmail.com wrote: They aren't major, aside from the setup wizard issue they're rare edge cases or minor things. PPTP isn't one. *shrug* commenting based on what I've seen about the place, admittedly I haven't actually read the changelog... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Multi-WAN PPTP?
Hi all, We've a multi-WAN setup on our pfSense (no redundancy or load balancing, one is dedicated to office internet traffic, the other is dedicated to inbound server traffic), just wondering if it's possible to setup pfSense so we can accept PPTP in on either WAN link (that way if the main link is down we can come in the backup and vice versa). pfSense is our PPTP server, and it authenticates against our Windows 2000 AD via RADIUS/IAS if that makes any difference. I've added a firewall rule to allow 1723 in on WAN2 but there appears to be something else required as my connection attempts timeout at authentication (I've been able to connect PPTP to the WAN2 interface from inside the office with no trouble so I assume that means that the PPTP daemon listens on all interfaces) I recall PPTP also uses IP Proto 47 (GRE), do I need to add a rule to allow that traffic on WAN2? Any suggestions? Thanks, Morgan - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org