Re: [pfSense Support] VPN question
If I understand your scenario, you're wanting to send all Internet bound traffic from your office LAN connection across a VPN tunnel and egress your network at the colocation facility? This can be accomplished quite easily with OpenVPN (maybe with IPSEC, but I've personally done it with OpenVPN) by using the OpenVPN tunnel as your default route. It should be noted that this may impact performance in a noticeable way, depending on how much data traffic you send across the tunnel. Chris Flugstad wrote: So i have a scenario I'd like to run by you all I have a location with a dsl connection. pfsense router there. I want to vpn that connection back to my COLO so I can use my public IP's on the pfsense router at the location with the dsl connection. Would i setup pfsense in my colo with public ip's on my LAN, then setup vpn(openvpn perhaps) on both boxes, and then dhcp out the public ip's from the colo'd pfsense box on the remote box? does this make sense? -topher - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN question
i have gig e on one end. the bottleneck im sure will be the office end. however, i get faster download speeds from my colo to the office than i do from other internet sites. maybe this will improve my speeds? do you have a config for this, so i can test it out. i have a vmware pfsense box i just installed and gonna setup a client side now. much appreciated. topher On 5/20/2010 6:11 PM, Gary Buckmaster wrote: If I understand your scenario, you're wanting to send all Internet bound traffic from your office LAN connection across a VPN tunnel and egress your network at the colocation facility? This can be accomplished quite easily with OpenVPN (maybe with IPSEC, but I've personally done it with OpenVPN) by using the OpenVPN tunnel as your default route. It should be noted that this may impact performance in a noticeable way, depending on how much data traffic you send across the tunnel. Chris Flugstad wrote: So i have a scenario I'd like to run by you all I have a location with a dsl connection. pfsense router there. I want to vpn that connection back to my COLO so I can use my public IP's on the pfsense router at the location with the dsl connection. Would i setup pfsense in my colo with public ip's on my LAN, then setup vpn(openvpn perhaps) on both boxes, and then dhcp out the public ip's from the colo'd pfsense box on the remote box? does this make sense? -topher - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN question
Your restriction is going to be the DSL line speed. I'm afraid I don't have a generic config for this off the top of my head, but it should be a very standard point-to-point OpenVPN tunnel other than the difference in the remote network being your default route (0.0.0.0/0.0.0.0). It's been a bit since I've done this setup, but I remember it being pretty straightforward. Chris Flugstad wrote: i have gig e on one end. the bottleneck im sure will be the office end. however, i get faster download speeds from my colo to the office than i do from other internet sites. maybe this will improve my speeds? do you have a config for this, so i can test it out. i have a vmware pfsense box i just installed and gonna setup a client side now. much appreciated. topher On 5/20/2010 6:11 PM, Gary Buckmaster wrote: If I understand your scenario, you're wanting to send all Internet bound traffic from your office LAN connection across a VPN tunnel and egress your network at the colocation facility? This can be accomplished quite easily with OpenVPN (maybe with IPSEC, but I've personally done it with OpenVPN) by using the OpenVPN tunnel as your default route. It should be noted that this may impact performance in a noticeable way, depending on how much data traffic you send across the tunnel. Chris Flugstad wrote: So i have a scenario I'd like to run by you all I have a location with a dsl connection. pfsense router there. I want to vpn that connection back to my COLO so I can use my public IP's on the pfsense router at the location with the dsl connection. Would i setup pfsense in my colo with public ip's on my LAN, then setup vpn(openvpn perhaps) on both boxes, and then dhcp out the public ip's from the colo'd pfsense box on the remote box? does this make sense? -topher - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN question
Ill give it a run and post any problems i come up with. I am not looking for any speed increases really just want to use my ip's not the ip's of the isp -chris On 5/20/2010 6:22 PM, Gary Buckmaster wrote: Your restriction is going to be the DSL line speed. I'm afraid I don't have a generic config for this off the top of my head, but it should be a very standard point-to-point OpenVPN tunnel other than the difference in the remote network being your default route (0.0.0.0/0.0.0.0). It's been a bit since I've done this setup, but I remember it being pretty straightforward. Chris Flugstad wrote: i have gig e on one end. the bottleneck im sure will be the office end. however, i get faster download speeds from my colo to the office than i do from other internet sites. maybe this will improve my speeds? do you have a config for this, so i can test it out. i have a vmware pfsense box i just installed and gonna setup a client side now. much appreciated. topher On 5/20/2010 6:11 PM, Gary Buckmaster wrote: If I understand your scenario, you're wanting to send all Internet bound traffic from your office LAN connection across a VPN tunnel and egress your network at the colocation facility? This can be accomplished quite easily with OpenVPN (maybe with IPSEC, but I've personally done it with OpenVPN) by using the OpenVPN tunnel as your default route. It should be noted that this may impact performance in a noticeable way, depending on how much data traffic you send across the tunnel. Chris Flugstad wrote: So i have a scenario I'd like to run by you all I have a location with a dsl connection. pfsense router there. I want to vpn that connection back to my COLO so I can use my public IP's on the pfsense router at the location with the dsl connection. Would i setup pfsense in my colo with public ip's on my LAN, then setup vpn(openvpn perhaps) on both boxes, and then dhcp out the public ip's from the colo'd pfsense box on the remote box? does this make sense? -topher - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN question
Have a look to the web of pfSense, in Tutorials, there is a wonderful tutorial that maybe can help you: OpenVPN road warrier and site to site http://www.pfsense.com/mirror.php?section=tutorials/openvpn/pfsense-ovpn.pdf Hope it can help. Pablo Montoro. Tim Dickson wrote: I'll throw in my 2 cents... I've used PPTP and OpenVPN. I like the ease of use of OpenVPN to the end user (via the openvpn GUI) The manuals on pfSense.com walk you through it step by step... so setup is easy for you as well. Just click and go! is all the user has to do, and if their connection drops for whatever reason, it will automatically reconnect for them. I also like the way it adds the interface rather that tunneling all traffic. This saves our precious bandwidth on site and lets all the downloading at home go out their own gateway. PPTP is nice for the devices that can't support openvpn (such as pocketpc's), so I use both protocols -Tim -Original Message- From: Steven Hodgen [mailto:[EMAIL PROTECTED] Sent: Monday, June 25, 2007 4:45 PM To: support@pfsense.com Subject: [pfSense Support] VPN question Ok, so I hope you will all forgive my inexcusable use of this list for questions that aren't 100% specific to pfSense. Nevertheless, I want to use pfSense to let me create a road-warrior for our internal Windows domain. So, at some level there are questions specific to pfSense. Actually, what this message is really about is my ignorance, and lack of ability to ferret out cogent answers on Google and searching this list. Information: * We have a server running Windows 2003 Standard Edition. * Another machine running pfSense 1.2 Beta-1 * A Comcast Business WAN with a static IP. * An internal LAN subnet 192.168.1.0/24 * Another subnet on a different different ethernet port 192.168.2.0/24 used for isolating our internal wireless traffic (we're a school and kids all use wireless and are not on domain). * So, we're using three of four available ethernet ports on the firewall machine. * I have roaming profiles configured and lots of Group Policy rules. Questions: 1. What is the best way to configure pfSense so that a road-warrior can access our LAN domain as if he/she was here (except for speed, of course). 2. Related to 1: what is the best (balance easy with secure) of the four choices: IPsec, OpenVPN, PPPoE, PPTP, way to achieve this. Pros/Cons. Ok, so now I'm going to thank you in advance for putting up with my questions. Truthfully, I know just about enough about networking and TCP/IP, etc. to be dangerous. But I learn quickly, and really appreciate your help. I hope I gave you all enough information. If there's a specific log or config file that would help you, please let me know. --Steven - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] begin:vcard fn;quoted-printable:Pablo Montoro Esca=C3=B1o n;quoted-printable:Montoro Esca=C3=B1o;Pablo org:Amitelo Wireless, S.L., (Amitelo AG Group) adr;quoted-printable;quoted-printable;quoted-printable;quoted-printable:Pol=C3=ADgono Industrial Alameda.;;c/ Marea Baja, n=C2=BA 33.;M=C3=A1laga;M=C3=A1laga;29006;SPAIN email;internet:[EMAIL PROTECTED] title:Telecomunication Engineer tel;work:0034 951 013 026 tel;fax:0034 952 038 390 tel;home:0034 952 038 962 tel;cell:0034 671 621 263 note;quoted-printable:Pablo Montoro Esca=C3=B1o=0D=0A= Telecomunication Engineer=0D=0A= Amitelo Wireless, S.L.=0D=0A= (Amitelo AG Group)=0D=0A= =0D=0A= Phone : 0034 951 013 026=0D=0A= Mobile: 0034 671 621 263=0D=0A= Office: 0034 952 038 962=0D=0A= FAX : 0034 952 038 390=0D=0A= MSN : [EMAIL PROTECTED] Skype : pabloamitelo=0D=0A= Gizmo : pabloamitelo=0D=0A= =0D=0A= Amitelo Wireless, S.L.=0D=0A= c/ Marea Baja, n=C2=BA 33.=0D=0A= Pol=C3=ADgono Industrial Alameda.=0D=0A= 29006 M=C3=A1laga (SPAIN) url:http://www.wireless.amitelo.com version:2.1 end:vcard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] VPN question
I'll throw in my 2 cents... I've used PPTP and OpenVPN. I like the ease of use of OpenVPN to the end user (via the openvpn GUI) The manuals on pfSense.com walk you through it step by step... so setup is easy for you as well. Just click and go! is all the user has to do, and if their connection drops for whatever reason, it will automatically reconnect for them. I also like the way it adds the interface rather that tunneling all traffic. This saves our precious bandwidth on site and lets all the downloading at home go out their own gateway. PPTP is nice for the devices that can't support openvpn (such as pocketpc's), so I use both protocols -Tim -Original Message- From: Steven Hodgen [mailto:[EMAIL PROTECTED] Sent: Monday, June 25, 2007 4:45 PM To: support@pfsense.com Subject: [pfSense Support] VPN question Ok, so I hope you will all forgive my inexcusable use of this list for questions that aren't 100% specific to pfSense. Nevertheless, I want to use pfSense to let me create a road-warrior for our internal Windows domain. So, at some level there are questions specific to pfSense. Actually, what this message is really about is my ignorance, and lack of ability to ferret out cogent answers on Google and searching this list. Information: * We have a server running Windows 2003 Standard Edition. * Another machine running pfSense 1.2 Beta-1 * A Comcast Business WAN with a static IP. * An internal LAN subnet 192.168.1.0/24 * Another subnet on a different different ethernet port 192.168.2.0/24 used for isolating our internal wireless traffic (we're a school and kids all use wireless and are not on domain). * So, we're using three of four available ethernet ports on the firewall machine. * I have roaming profiles configured and lots of Group Policy rules. Questions: 1. What is the best way to configure pfSense so that a road-warrior can access our LAN domain as if he/she was here (except for speed, of course). 2. Related to 1: what is the best (balance easy with secure) of the four choices: IPsec, OpenVPN, PPPoE, PPTP, way to achieve this. Pros/Cons. Ok, so now I'm going to thank you in advance for putting up with my questions. Truthfully, I know just about enough about networking and TCP/IP, etc. to be dangerous. But I learn quickly, and really appreciate your help. I hope I gave you all enough information. If there's a specific log or config file that would help you, please let me know. --Steven - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]