Re: [pfSense Support] openvpn certs creation
Hi Scott, i did what you told. Now i have a bash running (not as default) in the firewall (accessible thru menu option 8) The installation included the following packages: bash.tbz libiconv-1.9.2_1.tbz gettext-0.14.5.tbz I continue with the process describing all steps as much as posible :) Thanks a lot! jonathan Scott Ullrich wrote: For the sake of getting this working now (and if you need bash), try the following: From a shell: pkg_add -r bash rehash bash Scott On 10/11/05, *jonathan gonzalez* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi group, i tried to achieve this today but i couldn't get good news. I downloaded the last package from openvpn site, got the easy-rsa scripts, put it on the pfsense box in /etc/openvpn (everything as recomended) but i was unable to get it work yet. First i had some trouble due to the inexistence of the built-in 'export' command, so variables must be populated either manually on the CLI (with the 'set' command), or calling a script with the 'source' command. Then all the scripts are designed to be run on a normal bash so a lot of modifications should be necessary i think. I'm doing checks/tasks by my own. If i get something stable in reasonable amount of time keep for sure i will write the list to inform. Regards to all ;) jonathan Scott Ullrich wrote: Please refer to the m0n0wall documentation conerning OpenVPN. This may be helpful: http://m0n0.ch/wall/list/showmsg.php?id=103/47 Scott On 10/9/05, jonathan gonzalez [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: hi, i've activated developer menu options to get access to openvpn. i'd need to create the certs, dh-params and keys. I would like to know if i can do this thru the interface (i suppouse that not), and else i'd like to know if sb can provide me a script or code to do it on console, or in any other place but with the distro tools (sorry but i'm starting knowing the system and i don't know all the ins and outs yet). thanks in advance, regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
I realized that the tun interface was not present and also in the Rules menu appeared a new tab named OPT1. In my case i only have 2 NICS so i don't have and optional third interface. I'm not sure if the vpn hung - because there was not rules that explicitly allows such traffic - because the tun driver was not present - maybe the silliest: there's not openvpn config file in the firewall :) I'm checking the openvpn configuration options on their website and comparing the environment with pfsense. The openvpn client logs don't say much information reason because i don't post it. Anyway if you want to see the exit i will do. Any thoughts will be welcomed ;) Regards, jonathan Scott Ullrich wrote: device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
I will sync the latest OpenVPN from Peter (m0n0wall commiter) today. Should have a version for you to play with in a bit. Scott On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: I realized that the tun interface was not present and also in the Rules menu appeared a new tab named OPT1. In my case i only have 2 NICS so i don't have and optional third interface. I'm not sure if the vpn hung - because there was not rules that explicitly allows such traffic - because the tun driver was not present - maybe the silliest: there's not openvpn config file in the firewall :) I'm checking the openvpn configuration options on their website and comparing the environment with pfsense. The openvpn client logs don't say much information reason because i don't post it. Anyway if you want to see the exit i will do. Any thoughts will be welcomed ;) Regards, jonathan Scott Ullrich wrote: device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] openvpn certs creation
oook ;) perfect... i'll try the new packages. Thanks a lot! jonathan Scott Ullrich wrote: I will sync the latest OpenVPN from Peter (m0n0wall commiter) today. Should have a version for you to play with in a bit. Scott On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: I realized that the tun interface was not present and also in the Rules menu appeared a new tab named OPT1. In my case i only have 2 NICS so i don't have and optional third interface. I'm not sure if the vpn hung - because there was not rules that explicitly allows such traffic - because the tun driver was not present - maybe the silliest: there's not openvpn config file in the firewall :) I'm checking the openvpn configuration options on their website and comparing the environment with pfsense. The openvpn client logs don't say much information reason because i don't post it. Anyway if you want to see the exit i will do. Any thoughts will be welcomed ;) Regards, jonathan Scott Ullrich wrote: device tun # Packet tunnel. We have tun in the kernel. What exactly is the problem? On 10/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi, i created a openvpn client (client3) using pkcs12 scripts so i can get of the box a p12 file closed by password to send a client to access the vpn. I put this p12 file in my pc and tried to establish a connection to the pfsense box. The first part of the negotiation went fine, because the openvpn client i'm using requested me the p12 passkey to open the p12 file. Then the connection hangs with the firewall. I didn't look at the openvpn server configuration yet but i think something is wrong with the interface TUN becaue i can see it on the ifconfig -a listing. If somebody have an idea, please tell ;) Regards, jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Embedded cf image customisation
Hello, I'd like to customise the embbeded image I'm using on a NET4501. I need a FreeBSD port available as /usr/ports/net/ssltunnel-client. I've dug the list archives regarding this kind of question but haven't found a definitive answer, so, is there a special way to add a package or is it possible to use the freebsd package tools just like on a stock FreeBSD system ? When updating firmware, are supplemental packages removed or not ? Regards Éric Masson -- J'ai un fichier WIN386.SWP de 90 Megas qui vient d'apparaître sur mon lecteur E (partition) et je ne peux pas le faire partir. -+- P in : http://www.le-gnu.net Swappe un peu à ce qu'on te dit -+- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Embedded cf image customisation
Scott Ullrich [EMAIL PROTECTED] writes: Hello Scott, From the shell issue: pkg_add -r http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/net/ssltunnel-client-1.15.tbz Ok, I'm in well known place then :) We have SSL Tunnel already as a package for the non-embedded images (hard drive install). I'll check soon, as I have to upgrade a box running a severely outdated FreeBSD release. When updating firmware, are supplemental packages removed or not ? If you use the mini-upgrade it should be preserved in this case. Ok. Thanks for your quick answer Regards Éric -- Toute non, seul une petite bande de macintoshiens résistent encore et toujours à l'envahisseur ouindoze. Leur force, ils la tirent de leur potion magique : MacOS, préparée par leur druide Steve Jobs. -+- SC in Guide du Macounet Pervers : Ils sont fous ces Beurkistes! -+- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] UDP consistent translation
It seems my problems playing GunZ are related to the fact that pfSense doesn't seem to do UDP consistent translation... is there any way around this, a hidden option somewhere? I tested with the tool from this site: http://midcom-p2p.sourceforge.net/ If I enable 1:1, GunZ works, and UDP consistent translation is listed as YES in this program. If I disable 1:1, GunZ does not work, and UDP consistent translation is listed as NO. Some cheaper routers and a few Netgear models do not do this, and the game GunZ also refuses to work on those... which is why I'm quite sure this is the problem. Especially after reading that link. I don't think I should have to enable 1:1 to get this to work, as other routers can do this without forcing me to do DMZ or whatever they're closest thing to 1:1 is. I would shutup and just enable 1:1 for this, but I use this game on two computers (1 runs the game on 7700, the other on 7750. 7700 is the default but I changed the port in the other one, and it shouldn't matter as long as you forward the right port to the right pc). I can't do 1:1 on two computers with only one public IP address. Now that I know what the exact issue seems to be, I'm hoping someone can shed more light on this for me! Thanks, Kevin W. --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0541-1, 10/12/2005 Tested on: 10/12/2005 5:00:04 PM avast! - copyright (c) 1988-2005 ALWIL Software. http://www.avast.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] UDP consistent translation
On 10/12/05, Kevin Wolf [EMAIL PROTECTED] wrote: It seems my problems playing GunZ are related to the fact that pfSense doesn't seem to do UDP consistent translation... is there any way around this, a hidden option somewhere? I tested with the tool from this site: http://midcom-p2p.sourceforge.net/ If I enable 1:1, GunZ works, and UDP consistent translation is listed as YES in this program. If I disable 1:1, GunZ does not work, and UDP consistent translation is listed as NO. Some cheaper routers and a few Netgear models do not do this, and the game GunZ also refuses to work on those... which is why I'm quite sure this is the problem. Especially after reading that link. I don't think I should have to enable 1:1 to get this to work, as other routers can do this without forcing me to do DMZ or whatever they're closest thing to 1:1 is. I would shutup and just enable 1:1 for this, but I use this game on two computers (1 runs the game on 7700, the other on 7750. 7700 is the default but I changed the port in the other one, and it shouldn't matter as long as you forward the right port to the right pc). I can't do 1:1 on two computers with only one public IP address. Used advanced outbound NAT, it'll allow you to force the source port to whatever arbitrary port you like. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] UDP consistent translation
I'm sorry, your solution actually worked. I forgot to move the new rule above the default, so it had priority! D'oh!!! Thank you for the help, it was much appreciated :) Sincerely, Kevin W. Bill Marquette wrote: On 10/12/05, Kevin Wolf [EMAIL PROTECTED] wrote: It seems my problems playing GunZ are related to the fact that pfSense doesn't seem to do UDP consistent translation... is there any way around this, a hidden option somewhere? I tested with the tool from this site: http://midcom-p2p.sourceforge.net/ If I enable 1:1, GunZ works, and UDP consistent translation is listed as YES in this program. If I disable 1:1, GunZ does not work, and UDP consistent translation is listed as NO. Some cheaper routers and a few Netgear models do not do this, and the game GunZ also refuses to work on those... which is why I'm quite sure this is the problem. Especially after reading that link. I don't think I should have to enable 1:1 to get this to work, as other routers can do this without forcing me to do DMZ or whatever they're closest thing to 1:1 is. I would shutup and just enable 1:1 for this, but I use this game on two computers (1 runs the game on 7700, the other on 7750. 7700 is the default but I changed the port in the other one, and it shouldn't matter as long as you forward the right port to the right pc). I can't do 1:1 on two computers with only one public IP address. Used advanced outbound NAT, it'll allow you to force the source port to whatever arbitrary port you like. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- avast! Antivirus: Inbound message clean. Virus Database (VPS): 0541-1, 10/12/2005 Tested on: 10/12/2005 7:45:07 PM avast! - copyright (c) 1988-2005 ALWIL Software. http://www.avast.com --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0541-1, 10/12/2005 Tested on: 10/12/2005 7:59:23 PM avast! - copyright (c) 1988-2005 ALWIL Software. http://www.avast.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
