Re: [pfSense Support] VPN LAN TO LAN
Bula Tim, any help on how could i connect to the client PC's on my pfsense LAN interface as current i set my LAN interface to DHCP pool address. Joseph. On Sat, Apr 3, 2010 at 6:28 PM, Tortise tort...@paradise.net.nz wrote: - Original Message - From: Tim Dickson To: supp...@pfsense.comsent: Saturday, April 03, 2010 5:36 PM Subject: RE: [pfSense Support] VPN LAN TO LAN Errr.. After all that - forgot to change the TO: . sorry list! Well I for one appreciate your comments and advice cause this is where probably many of us advance our learning so thank you! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VPN LAN TO LAN
any help on how could i connect to the client PC's on my pfsense LAN interface as current i set my LAN interface to DHCP pool address. Take a look here: http://doc.pfsense.org/index.php/OpenVPN_Bridging I'm assuming that's what you are asking... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Tim, if you are saying PPTP not being the most secure means of VPN which VPN i sthe most secure to use ??? As currently I'm having PPTP just to login remotely to other sites and check for maintenence or other associates problems. Any advise on having a secure VPN tunneling. Cheers, Joseph. On Fri, Apr 2, 2010 at 10:54 AM, Tim Dickson tdick...@aubergeresorts.comwrote: well strange because i can access my box with the following http://IPhttp://ip/address:443 how is it possible as you you've said it should be https://IP https://ip/ address:443 If you setup HTTP as port 443 I this would work - kind of goes against web standards - but it's your box :) - you probably just didn't tick HTTPS as the protocol So i can use any port nubers as you've said , this will gurantee my PPTP tunneling secure ??? Yes - System | General Setup As for PPTP - totally different thing, and you'll need to open those ports as well. PPTP not being the most secure means of VPN - but probably sufficient for your needs. As for purchasing the pfsense book is it poosible to send money through wired transfer like western union money transfer then the book is send to my postal address ??? Standard Amazon billing applies - not sure if they do wire transfers... This may help? http://www.amazon.com/gp/help/customer/display.html/ref=help_search_1-1?ie=UTF8nodeId=15399401qid=1270158715sr=1-1 Can you purchase a prepaid visa gift card at a local market? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VPN LAN TO LAN
➢ if you are saying PPTP not being the most secure means of VPN which VPN i sthe most secure to use ??? I’ll take this off list – as it’s been covered before – I’ll email you directly, Joseph. -tim
RE: [pfSense Support] VPN LAN TO LAN
Traditionally PPTP has been prone to more flaws than other technologies... and most industry managers frown on it. With Vista and Win7 - Microsoft filled in a lot of holes and upped the encryption size - so should be sufficient, especially for personal use. It doesn't use a dual authentication, like openVPN can (key + password), so is more susceptible to hacks via brute force. But you can negate all that by adding source rules to your ports. (if you know the IPs you will be dialing in from - add them to the SOURCE of the rule - and it will ONLY allow those IPs to connect to your PPTP server) I have to say - it is by far the most convenient especially for your use. I'd say go for it - just wanted to make sure you were fully informed. Let me know if you have any more questions. -Tim From: Joseph Rotan [mailto:joseph.ro...@gmail.com] Sent: Friday, April 02, 2010 8:59 PM To: support@pfsense.com Subject: Re: [pfSense Support] VPN LAN TO LAN Tim, if you are saying PPTP not being the most secure means of VPN which VPN i sthe most secure to use ??? As currently I'm having PPTP just to login remotely to other sites and check for maintenence or other associates problems. Any advise on having a secure VPN tunneling. Cheers, Joseph. On Fri, Apr 2, 2010 at 10:54 AM, Tim Dickson tdick...@aubergeresorts.commailto:tdick...@aubergeresorts.com wrote: well strange because i can access my box with the following http://IPhttp://ip/ address:443 how is it possible as you you've said it should be https://IPhttps://ip/ address:443 If you setup HTTP as port 443 I this would work - kind of goes against web standards - but it's your box :) - you probably just didn't tick HTTPS as the protocol So i can use any port nubers as you've said , this will gurantee my PPTP tunneling secure ??? Yes - System | General Setup As for PPTP - totally different thing, and you'll need to open those ports as well. PPTP not being the most secure means of VPN - but probably sufficient for your needs. As for purchasing the pfsense book is it poosible to send money through wired transfer like western union money transfer then the book is send to my postal address ??? Standard Amazon billing applies - not sure if they do wire transfers... This may help? http://www.amazon.com/gp/help/customer/display.html/ref=help_search_1-1?ie=UTF8nodeId=15399401qid=1270158715sr=1-1 Can you purchase a prepaid visa gift card at a local market? - To unsubscribe, e-mail: support-unsubscr...@pfsense.commailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.commailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.orghttps://portal.pfsense.org/
RE: [pfSense Support] VPN LAN TO LAN
Errr After all that - forgot to change the TO: ... sorry list!
Re: [pfSense Support] VPN LAN TO LAN
- Original Message - From: Tim Dickson To: support@pfsense.com Sent: Saturday, April 03, 2010 5:36 PM Subject: RE: [pfSense Support] VPN LAN TO LAN Errr.. After all that - forgot to change the TO: . sorry list! Well I for one appreciate your comments and advice cause this is where probably many of us advance our learning so thank you! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VPN LAN TO LAN
If you left the HTTPS port in the config to 443 it would be https://IP If you made it another port (say ), you'll want to open that port in your firewall and put https://IP: It sounds like the pfsense book would be a good companion for you! http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/0979034280/ref=sr_1_1?ie=UTF8s=booksqid=1270137863sr=8-1 Well worth the 30 bucks, and you'll come away understanding your network infinitely better. From: Joseph Rotan [mailto:joseph.ro...@gmail.com] Sent: Wednesday, March 31, 2010 7:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] VPN LAN TO LAN OK, i've Enable HTTPS(443) on the WAN interface of my pfsense box; then how could I access my box remotely through internet is it https://ip address:443 Correct me if i'm wrong as looks like i could not access my box using https(443) what went wrong that i could not access by pfsense box. Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.com wrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Tim, well strange because i can access my box with the following http://IPhttp://ip/address:443 how is it possible as you you've said it should be https://IP https://ip/ address:443 So i can use any port nubers as you've said , this will gurantee my PPTP tunneling secure ??? Thanks for the avise i will try on our test lab then see how it goes before implementing out on our live network. As for purchasing the pfsense book is it poosible to send money through wired transfer like western union money transfer then the book is send to my postal address ??? Here in Fiji only limited people have visa cards as for me I don't have a visa card, sure I can buy the book but do not have the resource to purchase the book online. Any possible help if i send the money through wire transfer ??? Joseph. On Fri, Apr 2, 2010 at 5:05 AM, Tim Dickson tdick...@aubergeresorts.comwrote: If you left the HTTPS port in the config to 443 it would be https://IPhttps://ip/ If you made it another port (say ), you'll want to open that port in your firewall and put https://IP: https://ip:/ It sounds like the pfsense book would be a good companion for you! http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/0979034280/ref=sr_1_1?ie=UTF8s=booksqid=1270137863sr=8-1 Well worth the 30 bucks, and you'll come away understanding your network infinitely better. From: Joseph Rotan [mailto:joseph.ro...@gmail.com] Sent: Wednesday, March 31, 2010 7:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] VPN LAN TO LAN OK, i've Enable HTTPS(443) on the WAN interface of my pfsense box; then how could I access my box remotely through internet is it https://ipaddress:443 Correct me if i'm wrong as looks like i could not access my box using https(443) what went wrong that i could not access by pfsense box. Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.com wrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VPN LAN TO LAN
well strange because i can access my box with the following http://IP address:443 how is it possible as you you've said it should be https://IP address:443 If you setup HTTP as port 443 I this would work - kind of goes against web standards - but it's your box :) - you probably just didn't tick HTTPS as the protocol So i can use any port nubers as you've said , this will gurantee my PPTP tunneling secure ??? Yes - System | General Setup As for PPTP - totally different thing, and you'll need to open those ports as well. PPTP not being the most secure means of VPN - but probably sufficient for your needs. As for purchasing the pfsense book is it poosible to send money through wired transfer like western union money transfer then the book is send to my postal address ??? Standard Amazon billing applies - not sure if they do wire transfers... This may help? http://www.amazon.com/gp/help/customer/display.html/ref=help_search_1-1?ie=UTF8nodeId=15399401qid=1270158715sr=1-1 Can you purchase a prepaid visa gift card at a local market? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
OK, i've Enable HTTPS(443) on the WAN interface of my pfsense box; then how could I access my box remotely through internet is it https://ip address:443 Correct me if i'm wrong as looks like i could not access my box using https(443) what went wrong that i could not access by pfsense box. Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.comwrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi, many thanks to pfsense support as I have able to configure 3 of my pfsense sites to VPN and accessing them remotely, may be I'll wait to problems come up then see how it goes from there. I have some issue here and whether anyone has come across it..regarding Mozilla internet browser, why is it so slow to access internet through the pfsense box even my pop up logoff window takes so much time to disconnect my internet session when logging off. Any help from you guys. Regards, Joseph. On Sat, Mar 27, 2010 at 5:18 AM, Tim Dickson tdick...@aubergeresorts.comwrote: -- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi Udo, i want : LAN --- PFSENSE INTERNET YOU i'm currently configuring PPTP on my pfsense box as currently i'm using http to login to the INTERNET then to my PFSENSE any hint on how to apply https over the INTERNET to my PFSENSE box ??? and how could i access my LAN (clients PC) Cheers, Joseph. On Fri, Mar 26, 2010 at 9:45 AM, Udo Müller deb...@cs-ol.de wrote: Hi Joseph, Am 25.03.10 20:53, schrieb Joseph Rotan: thanks very much for the hint as i've managed to create a VPN tunnel to my pfsense box on an ADSL network, after reading a documentation on openvpn website. Great! So you now have a secure tunnel to your pfsense box. However i have a few worries in securing my VPN tunnel; Why do you want to secure your secure tunnel? what i have done i that i made a secure and port https login to my pfsense LAN Do you want to secure a connection to your LAN behind the pfsense box (= VPN) or do you want to secure the http access to your pfsense box from within the lan? but seems that the web browser came up with an error notifiying an invalid certificate. So i just ignore the notification and went ahead to connect to my pfsense box. Can anyone advise on how to secure my VPN tunneling. What do you want: 1) YOU --- LAN --- PFSENSE OR 2) LAN --- PFSENSE INTERNET YOU If 1: Use https with certs If 2: Use your OpenVPN connection. Hope you understand what you mean. Regards Udo - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VPN LAN TO LAN
-- any hint on how to apply https over the INTERNET to my PFSENSE box ??? Enable HTTPS (443) on the WAN interface in your ruleset. -- and how could i access my LAN (clients PC) You were correct with VPN being the best way. You could put port forwards in as well, and you could also enable SSH and use tunneling. Totally depends on your needs - I'd check out OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi, thanks very much for the hint as i've managed to create a VPN tunnel to my pfsense box on an ADSL network, after reading a documentation on openvpn website. However i have a few worries in securing my VPN tunnel; what i have done i that i made a secure and port https login to my pfsense LAN but seems that the web browser came up with an error notifiying an invalid certificate. So i just ignore the notification and went ahead to connect to my pfsense box. Can anyone advise on how to secure my VPN tunneling. Joseph. On Fri, Mar 19, 2010 at 11:11 PM, Paul Mansfield it-admin-pfse...@taptu.com wrote: On 18/03/10 16:21, Joseph Rotan wrote: Hi, i'm curently jammed in setting up VPN on my pfsense box been reading all the discussion it seems most have achieved a VPN configuration. I not specialise on IT pros but interested to learn. Is there anyone could please help me out in setting up VPN on my pfsense. consider buying the book, and also reading documentation on openvpn website - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi Joseph, Am 25.03.10 20:53, schrieb Joseph Rotan: thanks very much for the hint as i've managed to create a VPN tunnel to my pfsense box on an ADSL network, after reading a documentation on openvpn website. Great! So you now have a secure tunnel to your pfsense box. However i have a few worries in securing my VPN tunnel; Why do you want to secure your secure tunnel? what i have done i that i made a secure and port https login to my pfsense LAN Do you want to secure a connection to your LAN behind the pfsense box (= VPN) or do you want to secure the http access to your pfsense box from within the lan? but seems that the web browser came up with an error notifiying an invalid certificate. So i just ignore the notification and went ahead to connect to my pfsense box. Can anyone advise on how to secure my VPN tunneling. What do you want: 1) YOU --- LAN --- PFSENSE OR 2) LAN --- PFSENSE INTERNET YOU If 1: Use https with certs If 2: Use your OpenVPN connection. Hope you understand what you mean. Regards Udo - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
On 18/03/10 16:21, Joseph Rotan wrote: Hi, i'm curently jammed in setting up VPN on my pfsense box been reading all the discussion it seems most have achieved a VPN configuration. I not specialise on IT pros but interested to learn. Is there anyone could please help me out in setting up VPN on my pfsense. consider buying the book, and also reading documentation on openvpn website - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Hi, i'm curently jammed in setting up VPN on my pfsense box been reading all the discussion it seems most have achieved a VPN configuration. I not specialise on IT pros but interested to learn. Is there anyone could please help me out in setting up VPN on my pfsense. Thanks, Joseph. On Sat, Mar 6, 2010 at 7:02 AM, Vick Khera vi...@khera.org wrote: On Wed, Mar 3, 2010 at 9:28 AM, Rafael Cristian Machado de Avila rcristia...@gmail.com wrote: Also not sure what kind of access will be made between the networks. Example Active Directory, File Server, administrative applications This is one of the main uses we make of pfSense. I have two offices, a data center, and two home offices all linked together via IPsec VPN and pfSense at each point. The offices and data center use fixed endpoints (fixed IP) and the home offices use client mode. In client mode you can only make the connections outbound so if the IPsec circuit is not up, you cannot force it up from the main office, for example. Only a client at the home office can cause it to start up. This is easily worked around using appropriate keepalive settings. You can control what traffic flows to where via the firewall rules under the firewall's IPsec tab. We just leave it open. Over the vpn hops, we run mostly internal HTTP servers, SIP, ssh, and IMAP for mail access to the main office. If you have enough bandwidth to support what your purpose is, pfSense will not be the bottleneck. It is rock solid reliable and has been for years. You will be happy with it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
On Wed, Mar 3, 2010 at 9:28 AM, Rafael Cristian Machado de Avila rcristia...@gmail.com wrote: Also not sure what kind of access will be made between the networks. Example Active Directory, File Server, administrative applications This is one of the main uses we make of pfSense. I have two offices, a data center, and two home offices all linked together via IPsec VPN and pfSense at each point. The offices and data center use fixed endpoints (fixed IP) and the home offices use client mode. In client mode you can only make the connections outbound so if the IPsec circuit is not up, you cannot force it up from the main office, for example. Only a client at the home office can cause it to start up. This is easily worked around using appropriate keepalive settings. You can control what traffic flows to where via the firewall rules under the firewall's IPsec tab. We just leave it open. Over the vpn hops, we run mostly internal HTTP servers, SIP, ssh, and IMAP for mail access to the main office. If you have enough bandwidth to support what your purpose is, pfSense will not be the bottleneck. It is rock solid reliable and has been for years. You will be happy with it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org