I still need to fix the OPTx firewall rule issue. I am hoping to knock it out this weekend.
Scott On 4/6/07, Vaughn L. Reid III <[EMAIL PROTECTED]> wrote:
I should also add, in case it matters that all of the remote end-points are either Linksys RV082's, Linksys RV016's, Hotbrick 800/2's, or Netgear FVS338's. All of the remote end-points are configured with static IP's and any ISP supplied routers are configured solely as bridge devices. If PPPoE is being used, I have the remote Linksys, Netgear, or Hotbrick performing the PPPoE. These remote end points operate over a combination of Cable, ADSL, and wireless Internet access from their various ISP's. I have learned that, if the ISP's supplied router/firewall is doing any sort of NAT or port forwarding, it just kills IPSEC VPN stability. This seems especially true for the Linksys and Netgear devices that I've run across. Vaughn Vaughn L. Reid III wrote: > No. The only things that I added/changed were the firewall rules. > Actually, I don't have manually entered static routes configured for > any of my IPSEC connections, and they all work. When I pull up the > routing table, I have noticed that the pfsense box appears to > automatically add the routes. > > Vaughn > > [EMAIL PROTECTED] wrote: >> Do you have static routes set up as well? >> >> >>> I just wanted to report an update of how my IPSEC over OPTx is working. >>> It's been a few days, now since I set up the manual rules on the OPTx >>> interface that I wanted to use for IPSEC. Since I set up the rules >>> listed in my previous post, my IPSEC VPN's over the OPTx interface are >>> working well and seem very stable. >>> >>> Vaughn >>> >>> Vaughn L. Reid III wrote: >>> >>>> Just to be thorough, I added two more rules to the firewall's OPT >>>> interface to make sure all the IPSEC stuff gets through. I'm fuzzy on >>>> if the last two are needed, but just to be safe, I added them. >>>> >>>> Here are all the rule that I've added: >>>> Rules in the format listed below: >>>> Format: Protocol Source Port Destination Port >>>> Gateway Schedule >>>> 1. UDP * * Interface IP Address 500 * Blank >>>> 2. ESP * * Interface IP Address * * Blank >>>> 3. AH * * Interface IP Address * * Blank >>>> 4. GRE * * Interface IP Address * * Blank >>>> >>>> Vaughn >>>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
