On Fri, Oct 10, 2008 at 3:34 PM, JJB <[EMAIL PROTECTED]> wrote: > Hello, > > We just migrated our vpn users to our pf sense firewall. We have dual > firewalls (CARP) and dual wan links - a 3mbit bonded t1 link and a 10mb dsl > link. (not load balanced - a LAN router is determining what is going to > which link) > > 1. How do we disable a vpn client? Clicking "block" seems to have no effect > whatsoever, and the text on that page suggests you use a Certificate > Revocation List. Where is the CRL on pfsense? All the cert generation > software is on another server, we generated the certs & key then pasted into > pfsense, so there is no easy-rsa etc on the pfsense firewall (seemed safer > to do this on a separate server.
It is a safer approach. You'll have to generate the CRL on the CA/easy-rsa and put it into pfSense. > Interstingly, pfsense does not require us > to create clients on the client specific configuration page in order for a > client to connect. > That's how PKI works. CSC is just for specific overrides if needed. > 2 . We want our VPN users to use the 3mb link. After we configured this, VPN > with proto udp stopped working - since the DSL is now the "WAN" link it > appears that what happens is the firewall responds to an incoming udp packet > on the T1 line by sending a response over the WAN (dsl) link. So we had all > our users switch their configs to use the proto tcp. That worked, but is > there a way to do what we are doing here with udp? > Use 1.2.1. that's related to a 1.2 bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]