Re: [pfSense Support] OpenVPN - Server IP / Redundancy

On 05/19/2011 09:57 AM, Dominic wrote: Hi, I'd like to query if there is a way to have multiple server addresses in an OpenVPN setup? I assume you mean an OpenVPN client connection ? I would like to add redundancy in the event of my provider going down, I can then connect to one of the other

[pfSense Support] install pfsense from usb stick

Hello, I've searched google and the forum but couldn't find a working answer, so I thought I'd ask here. Is it possible to install the full version of pfsense from USB stick in stead of from a cdrom ? I'm asking because I'm installing a fair share of pfsense boxes regularly, and I never have

RE: [pfSense Support] Using_OpenVPN_With_FreeRADIUS

  -Original message- To:support@pfsense.com; From:Shibashish Sent:Fri 07-01-2011 09:40 Subject:[pfSense Support] Using_OpenVPN_With_FreeRADIUS My openvpn works with keys. I want authentication for the same and using this doc for reference... http://doc.pfsense.org/index.php/Using_OpenVP

[pfSense Support] outbound PPTP + running PPTP server

Hi, Thanks to a link in the other PPTP thread currently running on this list, I found this page in the docs : http://doc.pfsense.org/index.php/Connect_to_a_remote_PPTP_server_when_you_have_the_pfSense_PPTP_server_enabled As stated there it is not possible to NAT PPTP and GRE traffic via the no

Re: [pfSense Support] NFS PF IPSec reloaded again ;)

On 10/18/2010 12:03 PM, Jigar SOLANKI wrote: Hi list, I have some trouble getting my NFS server working over an IPSec tunnel. I have a bunch of pf rules on the ipsec interface. When I allow all traffic to pass between my client and NFS server on ipsec interface, NFS works just fine. But when I

Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard

On 10/18/2010 03:47 AM, Mehma Sarja wrote: On 10/17/10 2:40 AM, Seth Mos wrote: Op 16-10-2010 19:38, Glenn Kelley schreef: does anyone now a US based vendor for these items? their website lists a US phone number, perhaps that is a good starting point? http://www.lannerinc.co

Re: [pfSense Support] Slow Captive Portal pages

On 10/15/2010 07:31 PM, Atkins, Dwane P wrote: We are experiencing some extremely slow captive portal pages. Are there any tweaks we might make that will speed this up? If we take the same test machine and put it on another network, all web pages come up quickly. This is just the initial r

Re: [pfSense Support] Dual WAN + Firewall Redundancy + UPS Redundancy (?) at entrance

On 10/08/2010 07:15 PM, Gerald A wrote: On Fri, Oct 8, 2010 at 4:55 PM, Andy Graybeal mailto:andy.grayb...@casanueva.com>> wrote: I'll have 2 firewalls, and 2 UPS's one for each firewall. Each firewall will have: 1. a hot swap raid array (only two HD's set to RAID 1, mirroring).

Re: [pfSense Support] pfSense dns forwarder

On 09/20/2010 11:06 AM, Danny wrote: Hi, I´m trying to do the following: I´ve got a pfsense box, which have to forward subzone sub.waterfoo.int , to a DNS server and waterfoo.int to another different DNS My question is pfsense will always forward t

Re: [pfSense Support] Routing Issue

On 09/05/2010 11:23 PM, Ron Lemon wrote: I have 2 facilities that used to be connected via an IPSec VPN Facility 1 had 2 networks 10.0.0.0/24 and 10.0.1.0/24. They are both on the same physical wire, they each have their own NIC in pfSense box. Users were either one or the other with a coup

[pfSense Support] Fwd: captive portal

*bump* anyone ? please ? Original Message Subject:captive portal Date: Wed, 25 Aug 2010 13:19:36 +0200 From: Hans Maes To: support@pfsense.com Hi, I'm running a few (6 at the moment) pfsense 1.2.3-RELEASE boxes on a rather large scale wireless networ

Re: [pfSense Support] Two site2site VPN networks with two home user VPN pools in one pfsense box

On 08/27/2010 04:16 PM, Llaminku wrote: Hi, I have the following situation that I wonder if it can be solved with one pfsense box (1.2.3 of 2.0). - I need to setup a pfsense box with two VPN tunnels to two (client) networks (site to site). These two networks have an overlapping address space. C

[pfSense Support] captive portal

Hi, I'm running a few (6 at the moment) pfsense 1.2.3-RELEASE boxes on a rather large scale wireless network, as border routers and firewalls between the internet uplinks and the rest of the network. (network background info: +600 subnets, +150 router nodes, 6 internet uplinks, about 1000 uni

Re: [pfSense Support] BGP & ARP problems

On 06/17/2010 10:02 PM, Adam Thompson wrote: So I've got OpenBGPd up and running fine on my pfSense 1.2.3-REL router (the GUI makes setting things up so ridiculously simple it's amazing! Thanks, guys!) but am now running into a secondary problem of some sort: arplookup 192.139.69.161 failed: h

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

Danny wrote: PAT Rules are ok. Access rules ok, but sometimes I see dropped the traffic by default rule, when a couple of rules below there are a explicit rule to permit the traffic WAN and LAN Firewall rules are processed in a top-down order, first rule that matches is used, others below a

Re: [pfSense Support] Wierd CARP problem

Joshua Schmidlkofer wrote: Ok new problem: re:1 watchdog timeout. I think we have properly disabled ACPI. Anyone have any other advice? Change hardware. Those cheap NICs in the Watchguards have all kinds of problems. Chris, Thanks, I appreciate your input. I think we'll ta

Re: [pfSense Support] captive portal, bypass for certain sites

Remko Lodder wrote: On my 2.0 machines that means that you can bypass certain IP's for the captive portal; and even use MAC-bypass to bypass machines based on their MAC. Related to that, could anybody tell me whether in 2.0 you still need to do a web request before the MAC-bypass rule gets a

Re: [pfSense Support] OT: VLAN

Michel Servaes wrote: There's also a terminology problem here with the definition of the word trunk I think. The trunking you are referring to is actually 'bonding' which is combining several (more than 2) ethernet ports into one big virtual ethernet port, for the purpose of failover or greater b

Re: [pfSense Support] OT: VLAN

Michel Servaes wrote: One management port (when things start to go wrong, I could just hook up a laptop or something) One uplink port (to be seen as a trunk, with the default VLAN1 for the settopbox - and VLAN1001 for normal LAN) One port for the cable modem (on one end, the other end would be ho

Re: [pfSense Support] FreeRADIUS users

Joseph L. Casale wrote: In 1.2.3, install the "OpenVPN Status" package and follow the instructions. Any additional config needed on this aside fm the mgmt port? I have had that port enabled since day one for other uses as described in this packages notes yet it still shows error upon access

Re: [pfSense Support] FreeRADIUS users

Rich Johnson wrote: Is there any way to see users that are connected to the SSL VPN? In 2.0, this is built-in. In 1.2.3, install the "OpenVPN Status" package and follow the instructions. Works great, even shows you the traffic usage over the VPN from every user and such. Regards, Hans --

Re: [pfSense Support] hardware upgrade -> keep all history data

Seth Mos wrote: Op 17-2-2010 12:56, Hans Maes schreef: Hello, I remember reading about this somewhere but can't seem to find it anymore through google or the forum. There have been quite a number of posts on the forum with regards to this. And I've seen a few on the list as well.

[pfSense Support] hardware upgrade -> keep all history data

Hello, I remember reading about this somewhere but can't seem to find it anymore through google or the forum. I'm currently upgrading a pfsense firewall from an old P3 800Mhz machine to a 'newer' P4 2.4Ghz machine, since the old P3 didn't like it when I turned traffic shaping on (+- 100 client

Re: [pfSense Support] sip device disconnects every 2 days.

Michel, I had the same problem This is caused by a wrong entry in the state table. The workaround is posted in http://forum.pfsense.org/index.php/topic,18053.0.html H. Michel Servaes wrote: Hi, I stepped over to pfsense (using monowall before for years), because I liked the extras :) But m

[pfSense Support] DNS: domain override for PTR records

Hello, I'm using a redundant pfsense CARP cluster for providing firewall/DHCP/DNS to several servers and clients. To have more control over local DNS records, I have setup a powerdns daemon on a linux server behind the pfsense cluster and entered a domain override for a test domain in the DNS

Re: [pfSense Support] PPTP + FreeRADIUS

Fabio, I remember having the same problem when I configured my captive portal + pptp + freeradius + mysql backend. I'm no expert at this, but I may be able to give you a start in the right direction. The thing is captive portal radius check uses another authentication type than the pptp radi

Re: [pfSense Support] Parameter to modify PPTP inactivity timeout

Don't forget to add firewall rules to allow PPTP traffic. Via Firewall - Rules - PPTP tab Easiest rule for testing is an allow all rule which allows any protocol, any source, any destination. If that works, finetune the rules as you see fit. H. Fabio Rampazzo Mathias wrote: Joseph, 1. Choo

Re: [pfSense Support] boot failure on alix with pfSense 1.2.3-RC3 (or more recent snapshots)

Michael Schmitt wrote: Try this http://doc.pfsense.org/index.php/NanoBSD_on_WRAP Thanks for the suggestion, although I didn't try it in the end. A working fix was posted on the forum yesterday ( http://forum.pfsense.org/index.php/topic,20405.msg107813.html#msg107813 ) -> You need to s

[pfSense Support] boot failure on alix with pfSense 1.2.3-RC3 (or more recent snapshots)

Hello, Is anybody running pfSense on an alix1c, alix1d or alix3c3 ? (the types with 1 NIC and VGA/USB) I've been using pfSense on these types of alix boards for a while now, in setups with VLANs on the onboard NIC or a wireless card in the mpci slot as a second NIC. I found out the nanobsd