[pfSense Support] OpenVPN Interface Priority on Client

2011-08-20 Thread Liwei
Hello list, Creating a bridged OVPN server on pfSense 2.0 as per http://forum.pfsense.org/index.php/topic,36156.0.html , I've successfully allowed OVPN clients to remotely connect to the local network. I opted to use "mode server" since I prefer the pfSense DHCP server to handle all clients hom

[pfSense Support] OpenVPN and Traffic Shaping

2011-08-06 Thread Karl Fife
I have a number of remote 1.2.3 installations, that have OpenVPN Site-To-Site tunnels back to our main office. We often route VoIP streams through these tunnels primarily to reduce the risk of PBX fraud by restricting privileged telephony resources to our 10/8 subnet. Am I correct in assum

[pfSense Support] openVPN frustration

2011-08-03 Thread Alberto Villegas Erce
Hi pfSense lovers, I am quite new in the pfSense world but this past two weeks I have been working hard with it. We have plan to change our actual firewall and we are doing some test with pfSense in a machine working in our internal network. I have managed to configure almost everything I need

Re: [pfSense Support] OpenVPN

2011-06-22 Thread Younes EL AMRAOUI
Thanks 2011/6/22 Erik Silva Sobral > No problems :) > > I'll keep doing my tests and share with you... > > Thanks for now! > > > On Wed, Jun 22, 2011 at 2:01 PM, Younes EL AMRAOUI wrote: > >> I'm sorry I can't help you right now because I will set up OpenVPN on the >> gateway of the company next

Re: [pfSense Support] OpenVPN

2011-06-22 Thread Erik Silva Sobral
No problems :) I'll keep doing my tests and share with you... Thanks for now! On Wed, Jun 22, 2011 at 2:01 PM, Younes EL AMRAOUI wrote: > I'm sorry I can't help you right now because I will set up OpenVPN on the > gateway of the company next week, for now I'm setting up Squid, Kerberos, > Samb

Re: [pfSense Support] OpenVPN

2011-06-22 Thread Younes EL AMRAOUI
I'm sorry I can't help you right now because I will set up OpenVPN on the gateway of the company next week, for now I'm setting up Squid, Kerberos, Samba and SquidGaurd on the gateway, after that I'll begin with OpenVPN. If you find the issue email me with the solution if not and if I find the solu

Re: [pfSense Support] OpenVPN

2011-06-22 Thread Erik Silva Sobral
Younes, I have tried to generate both certifcates, but nothing! If I use the server certificate on the client machine it works good but I need more than one certificate to my users. How do I set the vars in pfsense?? I have tried this in Ubuntu but manually #source vars On Tue, Jun 21, 2011 at

Re: [pfSense Support] OpenVPN

2011-06-22 Thread A Mohan Rao
also same configuration but not working On Tue, Jun 21, 2011 at 11:04 PM, Younes EL AMRAOUI wrote: > Hi, > > Can you send for me your HowTo for configuring OpenVPN please, I will do > the same in my company, and if it doesn't work I will give you a feedback. > > Thanks, > Younes EL AMRAOUI, > > >

Re: [pfSense Support] OpenVPN

2011-06-22 Thread Ufficiotecnico Acknow Srl
this work reply #10 http://forum.pfsense.org/index.php/topic,34714.0.html Il 21/06/2011 19:59, Erik Silva Sobral ha scritto: I have followed this HowTo http://blog.stefcho.eu/?p=492 but I have problems to create the users certicate. On Tue, Jun 21, 2011 at 2:34 PM, Younes EL AMRAOUI

Re: [pfSense Support] OpenVPN

2011-06-21 Thread Younes EL AMRAOUI
Did you try this : You can create 2048 bits certificates (OpenVPN), all you need is to change that specific line on the vars file before creating the certificates On Tue, Jun 21, 2011 at 4:54 PM, Atkins, Dwane P wrote: > Is PfSense Version 1.2.3 capable of handling 2048 bit certificate? Or > d

Re: [pfSense Support] OpenVPN

2011-06-21 Thread Erik Silva Sobral
I have followed this HowTo http://blog.stefcho.eu/?p=492 but I have problems to create the users certicate. On Tue, Jun 21, 2011 at 2:34 PM, Younes EL AMRAOUI wrote: > Hi, > > Can you send for me your HowTo for configuring OpenVPN please, I will do > the same in my company, and if it doesn't wor

Re: [pfSense Support] OpenVPN

2011-06-21 Thread Younes EL AMRAOUI
Hi, Can you send for me your HowTo for configuring OpenVPN please, I will do the same in my company, and if it doesn't work I will give you a feedback. Thanks, Younes EL AMRAOUI, 2011/6/21 Erik Silva Sobral > Hi, > > I need to configure a OpenVPN and I have followed a howto but it's not > wor

[pfSense Support] OpenVPN

2011-06-21 Thread Erik Silva Sobral
Hi, I need to configure a OpenVPN and I have followed a howto but it's not working. Does anyone have a howto to send please? cheers, Erik

[pfSense Support] OpenVPN as WAN

2011-06-21 Thread Dominic
Hi, I am using pfSense 1.2.3 between two sites, A & B. Site A has a static IP and site B has a dynamic. I have a OpenVPN connection between the two sites and would like site A (static) to act as site B's WAN so that all WAN traffic from site B reflects site A's static IP for all traffic. Is this

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

2011-05-19 Thread A Mohan Rao
can provide video open vpn pfsense Thanks Mohan On Thu, May 19, 2011 at 2:06 PM, J. Echter wrote: > Am 19.05.2011 10:36, schrieb A Mohan Rao: > > right now i m using Endian firewall vpn server its working fine but its > firewall and content filtering was not satisfactory working that's w

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

2011-05-19 Thread J. Echter
Am 19.05.2011 10:36, schrieb A Mohan Rao: right now i m using Endian firewall vpn server its working fine but its firewall and content filtering was not satisfactory working that's why i move to pfsense and i highly impress with pfsense 2.0 and 1.2.3, but its open vpn how works i m not able to

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

2011-05-19 Thread A Mohan Rao
right now i m using Endian firewall vpn server its working fine but its firewall and content filtering was not satisfactory working that's why i move to pfsense and i highly impress with pfsense 2.0 and 1.2.3, but its open vpn how works i m not able to find out any body can provide step step config

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

2011-05-19 Thread Dominic
Hi Hans, Apologies, yes I do mean on the client side. I will modify my configuration with this. The fail over is not a huge concern at this stage but is definitely good to know. Thank you very much! On Thu, May 19, 2011 at 10:09 AM, Hans Maes wrote: > On 05/19/2011 09:57 AM, Dominic wrote: >>

Re: [pfSense Support] OpenVPN - Server IP / Redundancy

2011-05-19 Thread Hans Maes
On 05/19/2011 09:57 AM, Dominic wrote: Hi, I'd like to query if there is a way to have multiple server addresses in an OpenVPN setup? I assume you mean an OpenVPN client connection ? I would like to add redundancy in the event of my provider going down, I can then connect to one of the other

[pfSense Support] OpenVPN - Server IP / Redundancy

2011-05-19 Thread Dominic
Hi, I'd like to query if there is a way to have multiple server addresses in an OpenVPN setup? I would like to add redundancy in the event of my provider going down, I can then connect to one of the other provider's IP's (I have 3 WAN interfaces on the OpenVPN server machine). Is this possible o

Re: [pfSense Support] OpenVPN: creating client certificates (imported keys from an ipcop installation)

2011-05-12 Thread Jan
Hi, On 05/11/2011 11:42 PM J. Echter wrote: > i imported my keys from an former ipcop installation. i'd like to create > new client keys but i don't know to handle this situation. > > any one could help me out maybe? > > all i got is the pasted keys in my server configuration and some > converted

[pfSense Support] OpenVPN: creating client certificates (imported keys from an ipcop installation)

2011-05-11 Thread J. Echter
Hi, i imported my keys from an former ipcop installation. i'd like to create new client keys but i don't know to handle this situation. any one could help me out maybe? all i got is the pasted keys in my server configuration and some converted ones for my ubuntu openvpn. i use pfsense 1.2.3 gr

[pfSense Support] OpenVPN default cipher

2011-03-09 Thread Joseph L. Casale
Hey guys, Given the default in the client software when left unspecified is BF-CBC, shouldn't the dropdown start with that as well? When I migrated my first install over, this bit me at first as well. If the opinion is shared, I'll file it in Redmine. jlc ---

RE: [pfSense Support] OpenVPN issues -solved

2011-03-09 Thread Joseph L. Casale
>Adding "cipher AES-128-CBC" to the client file fixed the problem, I'm able to >ping > >Thanks all for the help I was just replying saying it looked fine, didn’t your log suggest this to start?

RE: [pfSense Support] OpenVPN issues -solved

2011-03-09 Thread k_o_l
Adding "cipher AES-128-CBC" to the client file fixed the problem, I'm able to ping Thanks all for the help - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com C

RE: [pfSense Support] OpenVPN issues

2011-03-09 Thread k_o_l
dev ovpns2 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_server2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local x.x.x.x t

RE: [pfSense Support] OpenVPN issues

2011-03-09 Thread Joseph L. Casale
>Here is my config > >Server /snip That’s a mess of xml, log in with ssh and post the /var/etc/openvpn/server2.conf or whichever # is applicable. >-client--- >Client /snip That looks right.

RE: [pfSense Support] OpenVPN issues

2011-03-09 Thread k_o_l
Here is my config Server - 2 server_tls Local Database UDP wan 1194 - - xx 1024 AES-128-CBC none 10.168.2.0/24 10.168.255.0/24 10 yes yes yes yes 0 -client

RE: [pfSense Support] OpenVPN issues

2011-03-09 Thread Joseph L. Casale
>Even with "Force all client generated traffic through the tunnel" checked >I'm unable to ping any of the clients or the local net You'd get a definitive answer immediately if you sanitized and posted or paste binned your client *and* server conf files.

RE: [pfSense Support] OpenVPN issues

2011-03-09 Thread k_o_l
From: k_o_l [mailto:k_...@hotmail.com] Sent: Tuesday, March 08, 2011 6:14 PM To: support@pfsense.com Subject: RE: [pfSense Support] OpenVPN issues From: Jim Pingle [mailto:li...@pingle.org] Sent: Tuesday, March 08, 2011 5:53 PM To: support@pfsense.com Subject: Re: [pfSense Support] OpenVPN

RE: [pfSense Support] OpenVPN issues

2011-03-08 Thread k_o_l
From: Jim Pingle [mailto:li...@pingle.org] Sent: Tuesday, March 08, 2011 5:53 PM To: support@pfsense.com Subject: Re: [pfSense Support] OpenVPN issues On 3/8/2011 5:38 PM, k_o_l wrote: > Just under address pool I had 10.168.2.0/24, I'm fine with not getting /24 > with the new setup,

Re: [pfSense Support] OpenVPN issues

2011-03-08 Thread Jim Pingle
On 3/8/2011 5:38 PM, k_o_l wrote: > Just under address pool I had 10.168.2.0/24, I'm fine with not getting /24 > with the new setup, as long as I can communicate client-to-client and of > course resolve the issue with the quad zero gateway That's fine, it will take /30's out of that /24 - that's

RE: [pfSense Support] OpenVPN issues

2011-03-08 Thread k_o_l
From: Jim Pingle [mailto:li...@pingle.org] Sent: Tuesday, March 08, 2011 5:26 PM To: support@pfsense.com Subject: Re: [pfSense Support] OpenVPN issues On 3/8/2011 5:21 PM, k_o_l wrote: >> From: Jim Pingle [mailto:li...@pingle.org] >> On 3/8/2011 3:02 PM, k_o_l wrote: >>>

Re: [pfSense Support] OpenVPN issues

2011-03-08 Thread Jim Pingle
On 3/8/2011 5:21 PM, k_o_l wrote: >> From: Jim Pingle [mailto:li...@pingle.org] >> On 3/8/2011 3:02 PM, k_o_l wrote: >>> I had working OpenVPN with pfsense 1.2.3, however with 2.0-RC1 the >>> server is handing the wrong mask and no gateway to the clients, I have >>> tried the wizard and changing d

RE: [pfSense Support] OpenVPN issues

2011-03-08 Thread k_o_l
From: Jim Pingle [mailto:li...@pingle.org] Sent: Tuesday, March 08, 2011 3:16 PM To: support@pfsense.com Subject: Re: [pfSense Support] OpenVPN issues On 3/8/2011 3:02 PM, k_o_l wrote: > I had working OpenVPN with pfsense 1.2.3, however with 2.0-RC1 the > server is handing the wrong mask

RE: [pfSense Support] OpenVPN issues

2011-03-08 Thread k_o_l
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, March 08, 2011 4:16 PM To: support@pfsense.com Subject: RE: [pfSense Support] OpenVPN issues On 3/8/2011 3:02 PM, k_o_l wrote: > I had working OpenVPN with pfsense 1.2.3, however with 2.0-RC1 the > server is handi

RE: [pfSense Support] OpenVPN issues

2011-03-08 Thread Joseph L. Casale
On 3/8/2011 3:02 PM, k_o_l wrote: > I had working OpenVPN with pfsense 1.2.3, however with 2.0-RC1 the > server is handing the wrong mask and no gateway to the clients, I have > tried the wizard and changing different subnets, no matter what the > server is handing out /30 instead of /32. Firewalls

Re: [pfSense Support] OpenVPN issues

2011-03-08 Thread Jim Pingle
On 3/8/2011 3:02 PM, k_o_l wrote: > I had working OpenVPN with pfsense 1.2.3, however with 2.0-RC1 the > server is handing the wrong mask and no gateway to the clients, I have > tried the wizard and changing different subnets, no matter what the > server is handing out /30 instead of /32. Firewalls

[pfSense Support] OpenVPN issues

2011-03-08 Thread k_o_l
I had working OpenVPN with pfsense 1.2.3, however with 2.0-RC1 the server is handing the wrong mask and no gateway to the clients, I have tried the wizard and changing different subnets, no matter what the server is handing out /30 instead of /32. Firewalls rules are in place to allow clients throu

RE: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Joseph L. Casale
>Thank you, I corrected the ticket to the exact scenario. Scott, >From pfSense's pov, what happens in this exact scenario when you assign the tun device to an interface? I followed this thread closely as I have a similar issue plaguing me that I am unable to resolve as of yet... Thanks, jlc ---

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Scott Ullrich
On Thu, Jan 20, 2011 at 4:09 PM, mayak-cq wrote: > My Lord, > > You're a genius! > > Nuking the the interface declaration solves it!! > > Intermediate solution yes, but a solution nonetheless! Amen! Scott - To unsubscribe, e-ma

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Chris Buechler
On Thu, Jan 20, 2011 at 3:54 PM, mayak-cq wrote: > > ooops -- sorry -- yes it is. > Thank you, I corrected the ticket to the exact scenario. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-ma

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread mayak-cq
On Thu, 2011-01-20 at 15:45 -0500, Chris Buechler wrote: > On Thu, Jan 20, 2011 at 3:42 PM, mayak-cq wrote: > > On Thu, 2011-01-20 at 15:13 -0500, Chris Buechler wrote: > >> On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq wrote: > >> > On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: > >> > > >

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread mayak-cq
On Thu, 2011-01-20 at 15:45 -0500, Chris Buechler wrote: > > You're not answering my question, is the tun interface assigned under > Interfaces>assign on the client? ooops -- sorry -- yes it is. thanks m - To unsubscribe, e-

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Chris Buechler
On Thu, Jan 20, 2011 at 3:42 PM, mayak-cq wrote: > On Thu, 2011-01-20 at 15:13 -0500, Chris Buechler wrote: >> On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq wrote: >> > On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: >> > >> > On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler >> > wrote: >>

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread mayak-cq
On Thu, 2011-01-20 at 15:13 -0500, Chris Buechler wrote: > On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq wrote: > > On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: > > > > On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler wrote: > >> On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq wrote: > >>> hi a

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Chris Buechler
On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq wrote: > On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: > > On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler wrote: >> On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq wrote: >>> hi all, > > > > Actually that may not be exactly right - I have my tun i

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread mayak-cq
On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: > On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler wrote: > > On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq wrote: > >> hi all, > Actually that may not be exactly right - I have my tun interfaces > assigned where I'm seeing that. Is your tun

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Chris Buechler
On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq wrote: > hi all, > > i wrote about this issue in late december, and now having downloaded the > latest snapshot, it still persists: > > i have an issue with 2 pfsense machines each running 2.0 beta 5: > > all of the x509 stuff is fine, and i have a two-way

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Chris Buechler
On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler wrote: > On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq wrote: >> hi all, >> >> i wrote about this issue in late december, and now having downloaded the >> latest snapshot, it still persists: >> >> i have an issue with 2 pfsense machines each running 2.0

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread mayak-cq
On Thu, 2011-01-20 at 13:19 -0500, Francois-Alexandre St-Onge Aubut wrote: > did you specified remote client subnet in the client CCD ? (with > iroute?) > Bonjour Francois, Yes -- it works perfectly with a 1.23 client ... Thanks M

Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread Francois-Alexandre St-Onge Aubut
did you specified remote client subnet in the client CCD ? (with iroute?) On 11-01-20 01:05 PM, mayak-cq wrote: hi all, i wrote about this issue in late december, and now having downloaded the latest snapshot, it still persists: i have an issue with 2 pfsense machines each running 2.0 beta 5:

[pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2011-01-20 Thread mayak-cq
hi all, i wrote about this issue in late december, and now having downloaded the latest snapshot, it still persists: i have an issue with 2 pfsense machines each running 2.0 beta 5: all of the x509 stuff is fine, and i have a two-way tunnel between two distant subnets [client=172.16.32.0/24 <->

[pfSense Support] openvpn: client side uses address pool ip rather than subnet ip

2010-12-26 Thread mayak-cq
merry Christmas everyone, i have an issue with 2 pfsense machines each running 2.0 beta 5: all of the x509 stuff is fine, and i have a two-way tunnel between two distant subnets [client=172.16.32.0/24 <-> server=172.16.8.0/24]. this problem that i'm facing is the client side -- it insists on usi

[pfSense Support] Openvpn client to client filtering

2010-12-16 Thread Joseph L. Casale
How do I setup rules from within the gui to accomplish what traffic may enter and exit the same tun interface if client-to-client is disabled and openvpn would then allow for such rules to manipulate what clients may access between clients? Thanks, jlc

[pfSense Support] Openvpn routing config help

2010-12-09 Thread Joseph L. Casale
I was using a client mode config to connect to an OpenVPN server which worked well, clients on the Lan interface routed correctly across the vpn and could access the remote server and its clients. I now needed to change this and use a server config on my pfsense side and let the remote side be the

Re: [pfSense Support] OpenVPN

2010-11-17 Thread Paul Mansfield
On 17/11/10 04:01, Chris Buechler wrote: > On Tue, Nov 16, 2010 at 1:13 PM, Paul Mansfield > wrote: >> On 16/11/10 14:48, James Bensley wrote: >>> After completing it I installed Tunnelblick on my MacBook Pro running >> >> it works, but dns is not set, > > Not that I've seen, having set up Tunnel

Re: [pfSense Support] OpenVPN

2010-11-16 Thread Chris Buechler
On Tue, Nov 16, 2010 at 1:13 PM, Paul Mansfield wrote: > On 16/11/10 14:48, James Bensley wrote: >> After completing it I installed Tunnelblick on my MacBook Pro running > > it works, but dns is not set, Not that I've seen, having set up Tunnelblick on a number of Macs before. May be a difference

Re: [pfSense Support] OpenVPN

2010-11-16 Thread Paul Mansfield
On 16/11/10 14:48, James Bensley wrote: > After completing it I installed Tunnelblick on my MacBook Pro running it works, but dns is not set, you have to use tap device and then dhcp on the Mac does its trick... otherwise you have to create a special network profile called "openvpn" or something w

[pfSense Support] OpenVPN

2010-11-16 Thread James Bensley
Hi List, I would like to set up OpenVPN on my pfSense 2.0 box to allow our users to connect in on; in particular I would like to auth against our AD domain. I ran through the wizard process of setting up OpenVPN for the first time. After completing it I installed Tunnelblick on my MacBook Pro run

[pfSense Support] OpenVPN changing auto-added rules on pfSense 1.2.3

2010-11-02 Thread Michel Servaes
Hi all, After a few hours fiddling with both TomatoVPN & OpenVPN into pfSense, I got it all working now... this is my first working OpenVPN connection by the way, so I am quite happy here :) The tunnel is working fine, rebooting the TomatoVPN (on a wrt54) just connects back to my pfSense che

[pfSense Support] OpenVPN pfsense -- Linksys wrt54 (TomatoVPN)

2010-10-29 Thread Michel Servaes
Does anyone have a working example with this combination... Are there things to look for ? I have tried to follow the book - but somehow the VPN doesn't come up... I can ping the first 10.8.0.1 (but I guess this is the OpenVPN server of pfSense itself ?) I have created the shared key, and paste

Re: [pfSense Support] OpenVPN multi-wan in 2.0 - local port re-use?

2010-10-25 Thread Jim Pingle
On 10/25/2010 7:54 AM, Jim Pingle wrote: > On 10/25/2010 4:15 AM, Ermal Luçi wrote: >> On Mon, Oct 25, 2010 at 6:31 AM, Chris Buechler wrote: >>> On Mon, Oct 25, 2010 at 12:00 AM, Adam Thompson wrote: Using 2.0 from a few days ago… In the OpenVPN setup, I can (must) choose which in

Re: [pfSense Support] OpenVPN multi-wan in 2.0 - local port re-use?

2010-10-25 Thread Jim Pingle
On 10/25/2010 4:15 AM, Ermal Luçi wrote: > On Mon, Oct 25, 2010 at 6:31 AM, Chris Buechler wrote: >> On Mon, Oct 25, 2010 at 12:00 AM, Adam Thompson wrote: >>> Using 2.0 from a few days ago… >>> >>> In the OpenVPN setup, I can (must) choose which interface each OpenVPN >>> server is listening on.

Re: [pfSense Support] OpenVPN multi-wan in 2.0 - local port re-use?

2010-10-25 Thread Ermal Luçi
On Mon, Oct 25, 2010 at 6:31 AM, Chris Buechler wrote: > On Mon, Oct 25, 2010 at 12:00 AM, Adam Thompson wrote: >> Using 2.0 from a few days ago… >> >> In the OpenVPN setup, I can (must) choose which interface each OpenVPN >> server is listening on.  I must also choose a local port number to bind

Re: [pfSense Support] OpenVPN multi-wan in 2.0 - local port re-use?

2010-10-24 Thread Chris Buechler
On Mon, Oct 25, 2010 at 12:00 AM, Adam Thompson wrote: > Using 2.0 from a few days ago… > > In the OpenVPN setup, I can (must) choose which interface each OpenVPN > server is listening on.  I must also choose a local port number to bind to. > > > > If I’m binding a specific port to a specific inte

[pfSense Support] OpenVPN multi-wan in 2.0 - local port re-use?

2010-10-24 Thread Adam Thompson
Using 2.0 from a few days ago… In the OpenVPN setup, I can (must) choose which interface each OpenVPN server is listening on. I must also choose a local port number to bind to. If I’m binding a specific port to a specific interface, why can’t I reuse the same port# on another interface? (I

AW: [pfSense Support] OpenVPN and CARP

2010-06-29 Thread Fuchs, Martin
On 23 June 2010 13:01, Fuchs, Martin wrote: > Hi ! > > I already looked up the forums, but i have a problem i cannot solve on > my own... > > I have two pfSenses with CARP. > > Internal LAN-CARP is 10.11.1.1 and external WAN-CARP let's say is > 12.12.12.12 (gw1.bk), where pfSense_1 WAN is 12.12.1

Re: Re: Re: [pfSense Support] OpenVPN and CARP

2010-06-28 Thread ctorrandell
La cuenta correo a la que ha escrito, se encuentra inactiva, en caso de necesitar contactar con el Departamento de Informática, ruego se pongan en contacto con nosotros por teléfono. Gracias y disculpe las molestias. - To uns

Re: Re: [pfSense Support] OpenVPN and CARP

2010-06-28 Thread ctorrandell
La cuenta correo a la que ha escrito, se encuentra inactiva, en caso de necesitar contactar con el Departamento de Informática, ruego se pongan en contacto con nosotros por teléfono. Gracias y disculpe las molestias. - To uns

Re: [pfSense Support] OpenVPN and CARP

2010-06-28 Thread Simon Dick
On 23 June 2010 13:01, Fuchs, Martin wrote: > Hi ! > > > > I already looked up the forums, but i have a problem i cannot solve on my > own… > > > > I have two pfSenses with CARP. > > > > Internal LAN-CARP is 10.11.1.1 and external WAN-CARP let’s say is > 12.12.12.12 (gw1.bk), where pfSense_1 WAN i

[pfSense Support] OpenVPN and CARP

2010-06-23 Thread Fuchs, Martin
Hi ! I already looked up the forums, but i have a problem i cannot solve on my own... I have two pfSenses with CARP. Internal LAN-CARP is 10.11.1.1 and external WAN-CARP let's say is 12.12.12.12 (gw1.bk), where pfSense_1 WAN is 12.12.12.13 (gw2.bk) and pfSense_2 WAN is 12.12.12.14 (gw3.bk). W

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread info
On 04/19/2010 03:54 PM Nick Upson wrote: > yes, the ta key works fine against an openvpn server on fedora over wlan > > which part of the configs do you need? would be great to have a look on both; the client and the server config. -

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread Nick Upson
yes, the ta key works fine against an openvpn server on fedora over wlan which part of the configs do you need? On 19 April 2010 14:46, i...@unseregedanken.de wrote: > Nick Upson wrote: >> I can try that out but the permanent solution needs to use the >> existing tls key, as it's also used, with

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread i...@unseregedanken.de
Nick Upson wrote: > I can try that out but the permanent solution needs to use the > existing tls key, as it's also used, without problems, elsewhere and > we don't want the headache of more key files than necessary So you're already using the respective key with other openvpn instances? can you p

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread Nick Upson
I can try that out but the permanent solution needs to use the existing tls key, as it's also used, without problems, elsewhere and we don't want the headache of more key files than necessary On 19 April 2010 14:36, i...@unseregedanken.de wrote: > can you try to regenerate the tls key file on you

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread i...@unseregedanken.de
can you try to regenerate the tls key file on your pfsense box and then copy it to your clients? afaik your current key has not been generated on your pfsense box, right? maybe thats why it says that there is not enough key material to proceed .. pfbox # openvpn --genkey --secret /var/etc/openvpn_

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread Nick Upson
On 19 April 2010 13:20, i...@unseregedanken.de wrote: > you will have to add the side identication integer to the string of the > tls-auth directive. > > for the server sided configuration use .. > >        "tls-auth /var/etc/openvpn_server0.tls 0" >                                               ^

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread i...@unseregedanken.de
you will have to add the side identication integer to the string of the tls-auth directive. for the server sided configuration use .. "tls-auth /var/etc/openvpn_server0.tls 0" ^ and for the client .. "tls-auth /var/etc/openvpn_serve

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread Nick Upson
right, I took a working openvpn tunnel, added "tls-auth /var/etc/openvpn_server0.tls" to the server (pfsense) and enabled tls-auth in the client. then made the client reconnect, the file is the same one copied to both machines. I just get "TLS error: TLS key negociation failed to occur within 60 s

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread i...@unseregedanken.de
okay, just let us know when your focus changes. Nick Upson wrote: > so far it's not working with tls,I've been concentrating on other > areas but expect to return to this shortly > > On 17 April 2010 19:27, i...@unseregedanken.de wrote: >> Nick, >> >> can you please give some feedback? >> >> jan

Re: [pfSense Support] openvpn TLS

2010-04-19 Thread Nick Upson
so far it's not working with tls,I've been concentrating on other areas but expect to return to this shortly On 17 April 2010 19:27, i...@unseregedanken.de wrote: > Nick, > > can you please give some feedback? > > jan > > i...@unseregedanken.de wrote: >> Hi Nick, >> >> Nick Upson wrote: >>> thank

Re: [pfSense Support] openvpn TLS

2010-04-17 Thread i...@unseregedanken.de
Nick, can you please give some feedback? jan i...@unseregedanken.de wrote: > Hi Nick, > > Nick Upson wrote: >> thanks, I now get >> >> openvpn[24699]: Options error: Unrecognized option or missing >> parameter(s) in /var/etc/openvpn_server0.conf:22: tls_auth (2.0.6) >> when trying to start the

[pfSense Support] openvpn cipher=none

2010-02-18 Thread mayak-cq
hi all, apparently openvpn supports cipher=none for fast tunnels -- is it possible to add this to pfsense's drop down list? thanks m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: s

RE: [pfSense Support] OpenVPN Client

2010-01-21 Thread Joseph L. Casale
>That's why you need remote network filled in on both sides. Can I simply write acl's on the lan interface to the remote segment or is creating an additional interface required/better? Thanks, jlc - To unsubscribe, e-mail: suppo

Re: [pfSense Support] OpenVPN Client

2010-01-20 Thread Chris Buechler
On Wed, Jan 20, 2010 at 11:46 PM, Joseph L. Casale wrote: >>Shared key can't push routes. Put them in on both sides. > > Well, my remote openvpn config has route statements that allow > the pfsense appliance access to its segment, but I don't know how > to allow the pfsense lan clients access to t

RE: [pfSense Support] OpenVPN Client

2010-01-20 Thread Joseph L. Casale
>Shared key can't push routes. Put them in on both sides. Well, my remote openvpn config has route statements that allow the pfsense appliance access to its segment, but I don't know how to allow the pfsense lan clients access to the remote segment. Can you shed some insight Chris? Thanks! jlc -

RE: [pfSense Support] OpenVPN Client

2010-01-20 Thread Joseph L. Casale
>Shared key can't push routes. Put them in on both sides. Actually, I was using tls, I noticed that field was grayed out in that scenario only but as I am remote and don't want to tank my only connection into the non pfsense side by editing its openvpn config, I was going to hold off changing to S

Re: [pfSense Support] OpenVPN Client

2010-01-20 Thread Chris Buechler
On Wed, Jan 20, 2010 at 10:31 PM, Joseph L. Casale wrote: > Trying to setup a site-to-site and the remote network field is grayed out > which I presume is what obviously prevents automatic route generation so > that only pfsense has access though the tunnel atm... > > Anyone know why this is? > S

[pfSense Support] OpenVPN Client

2010-01-20 Thread Joseph L. Casale
Trying to setup a site-to-site and the remote network field is grayed out which I presume is what obviously prevents automatic route generation so that only pfsense has access though the tunnel atm... Anyone know why this is? Thanks! jlc --

Re: [pfSense Support] openvpn extra options loses EOL

2010-01-08 Thread Seth Mos
Op 8-1-2010 18:21, Paul Mansfield schreef: On 08/01/10 16:21, Tim Nelson wrote: - "Paul Mansfield" wrote: if you put multiple lines of configuration in an openvpn server config, all the end of lines are lost and the whole lot is run together on one line when you look at the generated /var/

Re: [pfSense Support] openvpn extra options loses EOL

2010-01-08 Thread Paul Mansfield
On 08/01/10 16:21, Tim Nelson wrote: > - "Paul Mansfield" wrote: >> if you put multiple lines of configuration in an openvpn server >> config, >> all the end of lines are lost and the whole lot is run together on >> one >> line when you look at the generated /var/run/openvpn_serverXX.conf >> f

Re: [pfSense Support] openvpn extra options loses EOL

2010-01-08 Thread Tim Nelson
- "Paul Mansfield" wrote: > if you put multiple lines of configuration in an openvpn server > config, > all the end of lines are lost and the whole lot is run together on > one > line when you look at the generated /var/run/openvpn_serverXX.conf > file > > am running the full pfsense1.2.3-rel

[pfSense Support] openvpn extra options loses EOL

2010-01-08 Thread Paul Mansfield
if you put multiple lines of configuration in an openvpn server config, all the end of lines are lost and the whole lot is run together on one line when you look at the generated /var/run/openvpn_serverXX.conf file am running the full pfsense1.2.3-release, upgraded from previous versions is this

[pfSense Support] OpenVPN LDAP Auth

2009-11-12 Thread Joseph L. Casale
I am just about to migrate off an embedded setup so I can utilize the openvpn-auth-ldap plugin against active directory. Does anyone know of it is at all possible to bind against ldap with the username/pass of the authenticating user to alleviate the need of a service account? If not, has anyone

Re: [pfSense Support] OpenVPN and ICA

2009-09-03 Thread Paul Mansfield
Borowicz, Paul wrote: > The solution seems to be to change the MTU on the terminal to 1400, this > allows for the MTU overhead of 40 for citrix and 60 for the VPN (as far > as I understand). so long as you're not blocking icmp and killing MTU path discovery you shouldn't need to set MTU anywhere.

[pfSense Support] OpenVPN and ICA

2009-08-25 Thread Borowicz, Paul
I have some Igel thin clients that are at remote sites. I use a pfsense router at these sites and there is a vpn from that router to my main pfsense router. I recently switched from Ipsec to OpenVPN for these sites so I could access multiple subnets. Once I did this ,I started to get frequent

Re: [pfSense Support] openvpn question

2009-08-20 Thread Chris Buechler
On Fri, Aug 21, 2009 at 2:23 AM, stephane ancelot wrote: > Hi, > I would like being able sending an email , when somebdoy connects or > disconnects to the openvpn in my  pfsense router > is there a way doing this with the router ? > openvpn provides the capability thanks to a script, but pfsense ?

[pfSense Support] openvpn question

2009-08-20 Thread stephane ancelot
Hi, I would like being able sending an email , when somebdoy connects or disconnects to the openvpn in my pfsense router is there a way doing this with the router ? openvpn provides the capability thanks to a script, but pfsense ? Best Regards S.Ancelot -

[pfSense Support] OpenVPN, Vlans and filtering

2009-08-05 Thread Joseph L. Casale
First off, Thanks everyone who helped me get my setup running so far, the erroneous subnet and the embedded image on the HP server. So now that the server is running minimally configured, I have a built-in bge0 interface and a quad port Intel nic. I have the WAN setup on bge0 (no VLANs) and hope t

  1   2   3   4   5   >