> On Dec 10, 2014, at 1:16 PM, Chris Bagnall wrote:
>
>> On 10/12/14 3:30 pm, Giles Coochey wrote:
>> http://tools.ietf.org/html/rfc6598
>> Ultimately, it's a crap shoot, and the solution is to use IPV6 and 6:4
>> NAT for legacy.
>
> If only someone could have forseen that IPv4 would run out s
AT&T/SBC used 2wire brand DSL routers and there was a version of FW in
them that used 172.16/12 for the LAN. I used to see that model
frequently just before they started pushing Uverse instead.
Lyle Giese
LCR Computer Services, Inc.
On 12/10/14 06:34, Chris Bagnall wrote:
On 10/12/14 6:36 am
Chris,
Maybe Karl needs to read RFC 1918. It can be enlightening to find out
he does not 'own' 10.0.0.0/8
Yes, VPN's require unique subnets on both sides of the VPN server, but
that is the price you pay for using a VPN with RFC 1918 addresses.
Lyle Giese
LCR Computer Services, Inc.
On 12/
On 12/10/2014 11:38 PM, Kostas Backas wrote:
Thank you
my goal is to access internal resources to my office network, so i do not
configure tunnelblick that way.
Mine too. I just need to have internet access while connected. I do not need to
pass all traffic through the tunnel, I just tested
Thank you
> my goal is to access internal resources to my office network, so i do not
> configure tunnelblick that way.
Mine too. I just need to have internet access while connected. I do not need to
pass all traffic through the tunnel, I just tested if it works.
What other firewall rules are
Agreed - usually means there’s no route on the VPN server to handle outside
traffic to the world.
> On Dec 10, 2014, at 1:26 PM, Vick Khera wrote:
>
> did you configure tunnelblick to send *all* traffic to the vpn? if so, you
> have to add allow rules to the openvpn interface to permit that t
did you configure tunnelblick to send *all* traffic to the vpn? if so, you
have to add allow rules to the openvpn interface to permit that traffic,
and probably set up a NAT on there as well.
it is easiest to not send all traffic there unless that is your goal to
mask your origin. my goal is to ac
On 10/12/14 3:30 pm, Giles Coochey wrote:
http://tools.ietf.org/html/rfc6598
Unfortunately, there are people who stick their networks (erroneously)
on 100.64/10 as well - including at least one government department in
the UK - who shall remain nameless for the avoidance of ridicule :-)
I s
Hello,
We are using openvpn with tunnelblick and viscosity clients in OS X.
Our main issue is that when the users are connected to the vpn, the cannot
access the Internet.
I have tried to forward traffic through vpn, add DNS servers etc, but nothing
worked.
How can I determine what keeps it f
On 10/12/2014 06:36, Chris L wrote:
On Dec 9, 2014, at 8:53 PM, Karl Fife wrote:
In the wild, I'm seeing a an increasing number of crappy consumer/ISP
routers with subnets that conflict with ours (10../8). Comcast appears
to be a common offender, curiously allocating the largest private subne
I agree with you Chris. That's an excellent choice for someone building
out a new network assuming you don't peer with other networks/systems in
that space. Ultimately, it's a crap shoot, and the solution is to use
IPV6 and 6:4 NAT for legacy. Still, if there were a way to easily
invoke clie
Chris L, can you clarify your point?
Every RFC1918 subnet carries with it a risk of subnet conflict. Some
subnets carry more risk than others. In our case, 192/168/n would
result in higher probability of conflict because most small networks use
that space. I might 'fault' Comcast because they
On Tue, Dec 9, 2014 at 5:19 PM, Chris L wrote:
> If you’re using my DNS zone to generate a block list for my IPs I can
> make those names return anything I want and get through anyway.
>
I use hostnames in rules to permit my home office (which has a dynamic IP)
to administer the office firewall
On 10/12/14 6:36 am, Chris L wrote:
That’s actually your fault for using 10/8, not Comcast's.
Even if they were to use something like 10.58.223.0/24 they’d still conflict
with your 10/8.
There are so many different brands and models of consumer router on the
market these days in the 10/8 and
Get the details on the blog.
https://blog.pfsense.org/?p=1506
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
15 matches
Mail list logo
