Hi to all!
I was looking for something to replace my linux VPN server (currently used
fot L2TP/ipsec vpns with windows clients), and I've seen that there is
something about l2tp vpn in CVS. Am I wrong? Could I ask the status of this
feature?
Thank you in advance! Best regards
Tommy
but there is no plan on porting it to the 1.x branch currently).
Holger
From: Tommaso Di Donato [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 27, 2007 9:06 AM
To: support@pfsense.com
Subject: [pfSense Support] L2tpd on pfsense?
Hi
Sorry if I ask again.. but I would like to help in developing and testing
the NAT-T support (for a future version of pfsense). How can I enable it? I
have a development installation, so I can recompile a modified iso image..
But I do not know if the problem is in ipsec-tools or in pfsense kernel.
On 11/6/06, Bill Marquette [EMAIL PROTECTED] wrote:
On 11/5/06, Rob Terhaar [EMAIL PROTECTED] wrote: I store my swapfile on a ram drive!I certainly hope that's a joke, cause it's the daftest thing I've ever
heard otherwise!!! :)--BillMmmh, sorry for the stupid question... but why it is so nasty? I
:
No, unfortunately NAT-T did not make it into 1.0.ScottOn 10/23/06, Tommaso Di Donato [EMAIL PROTECTED] wrote: Hi all! Sorry, i've benn out for a while, so I misse the important news and I'm
trying to get in touch now. Just a question: with the new release, the NAT-T is working or not? Should it be enabled manualy
On 10/16/06, Bill Marquette [EMAIL PROTECTED] wrote:
On 10/15/06, PlanAlpha [EMAIL PROTECTED] wrote: 1. I have pfsense installed on a cf card. I have installed the squid package. Does the diskcaching from squid write to my cf card? (worried
about it killing my cf card)Full install to CF card, not
On 10/24/06, PlanAlpha [EMAIL PROTECTED] wrote:
Just my .02: I did some experiments with squid, and I solved this problem creating a ramdisk, and let squid use it for caching. I think it should be even faster, other than saving your cf..
I'm trying to create a custom image, if someone need I can
Hi all!I've just installed RC2, and I've seen there is the demon l2tpd.. is it working? I know there is not a menu section, but is it possible to use it?Thank you!Tom
This is not a strage behaviour for D-Link: in the past, I had the same problem with a wireless pcmcia card... It was said that was supported, but after a few they decided to change the chipset. When I complained about it, they said (more or less) that they can do whatever they want.
So.. thnk what
Try this:http://vpn.ebootis.de/It is intended for linux interop, but I think it could help too!TomOn 4/14/06,
Henk van Kester [EMAIL PROTECTED] wrote:
The website is off-line :( does anyone has a local-copy of the webpage??-Oorspronkelijk bericht-Van: lartc [mailto:[EMAIL
that was related with ipsec-tools-0.6.5?
De:
Tommaso Di Donato [mailto:[EMAIL PROTECTED]]
Enviada em: quinta-feira, 2 de
março de 2006 12:58
Para: support@pfsense.com
Assunto: Re: [pfSense Support] Problem
with ipsec tunnel
Yes it is..
and those rules are already present!
Thank
you again...
Thanks
John
From: Tommaso Di
Donato [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 02, 2006
2:38 AM
To: support@pfsense.com
Subject: [pfSense Support] Problem
with ipsec tunnel
Hi guys!
Yesterday I tried to setup a vpn tunnel between me and a friend. The we had
main
it automatically. Am i wrong? Or you are speaking about the routers?
Sorry for the confusionNo.. you're welcome! Thank you again!
Tom
From: Tommaso Di
Donato [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 02, 2006
3:25 AM
To: support@pfsense.com
Subject: Re: [pfSense Support]
Problem with ipsec tunnel
the rules would be something
like:
permit esp any any
permit any any eq isakmp
John
From: Tommaso Di
Donato [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 02, 2006
9:22 AM
To: support@pfsense.com
Subject: Re: [pfSense Support]
Problem with ipsec tunnel
On 3/2/06, John
I'm sorry...I can see there is also thi version, that seems newer:http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-20-06/
(but there is only the update). Is there something wrong with this version?Thank you!TomOn 3/2/06, Scott Ullrich
[EMAIL PROTECTED] wrote:
here you can also try to ping across the link making the packetsize
larger and larger with (-l size) and with the do not fragment set
(-f).
Thanks
John
From: Tommaso
Di Donato [mailto:[EMAIL PROTECTED]] Sent:
Thursday, March 02, 2006 2:41
AMTo: support@pfsense.com
Subject: Re: [pfSense
Hi guys!Yesterday I tried to setup a vpn tunnel between me and a friend. The we had mainly 2 problems: first, we both have dynamic IP (but this could be solved for example looking at the ip given by the provider, and setting upt the tunnel with that ip.. . Second, we both are behind a DLS router,
On 3/2/06, Bennett [EMAIL PROTECTED] wrote:
DOESN'T
WORK:
1) Remote
desktop gets a response from the remote computer and opens a blank window, but
never makes it to the login screen and eventually disconnects citing a possible
network failure(note that if there was no initial response, Remote
Hi!
I found that some operations maybe very slow if the box cannot resolve
the names correctly (i.e., if the wan interface is not connected, or if
the dns server aren't specified.. and so on).
I hope it helps.
TomOn 2/26/06, Eric dai [EMAIL PROTECTED] wrote:
Dear sir :I setup a Pfsense box with
Hi guys!
Just a small thing: my pfSense stopped beeping when it stars and at te
shupdown.. Now I'm using latest snapshot, but I'm experiencing this
since few versions (at least before beta1).
I found the problem (at least.. I found a solution.. tell me if this it
correct in theory, but it
Hi!
I'm trying to build a new custom ISO using pfsense developer ed.; this
is not the first time I do this, but few days ago I did a
cd /home/pfsense/tools/builder_scripts ./cvsup_current
and after that, I cannot make an iso anymore.. This is the error:
cut
Building world for i386
talked about in the
last couple of days here.
On 2/6/06, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Hi!
I'm trying to build a new custom ISO using pfsense developer ed.; this
is not the first time I do this, but few days ago I did a
cd /home/pfsense/tools/builder_scripts ./cvsup_current
Hi all. Just a question: is it possible to protect the console menu asking a password, like what it happens when you log in via ssh?Thank you in advance.Tom
Hi!
I manually updated /home/pfsense/pfSense/config.default/config.xml and
my changes are still there, even after every build... I think cvs do
not overewrite this file
Try it if it works also for you...
TomOn 1/13/06, alan walters [EMAIL PROTECTED] wrote:
Just wondering how I can stop the cvs
Hi Guys!
I'm working with the developers edition, and it is fantastic. I have to
fix two problems, and then (if you like) I would like to write down
some notes about it, like a documentation
Now the questions:
1) I rebuilt the iso yesterday, and I found BETA2. Is it right? if so
Scott, thank you very much for your answers...
1) I rebuilt the iso yesterday, and I found BETA2. Is it right? if so
marvellous!SHH! Don't tell anyone. It's not even close to being ready.
Ok, I'll be like a tomb
2) I tryed to use the plugin customroot for customizing /etc/passwd
Hi Guys!I know this is not a priority in this moment.. but I would like to report a problem with the new dev.ed. (the one dated 12/14/2005). I just downloaded it, started, updated the firmware with pfSense-Full-Update-1.0-BETA1.tgz
, then I did a ./cvsup_current. Everything good. But when I
Hi!I would like to ask some infos about the developers Edition: it it planned a new release of thet image after the 1st Jan (that is, after the v1.0 will be released)? If not, can I use the last one, and than update that one? I would like to create a personalized version, but using the most
Hi guys!Today I've seen this piece of hw:http://linitx.com/product_info.php?currency=EURcPath=14_49products_id=340
It is based on a LEX CV860A mobo.. I would like to know if anybody out there has experiences of pfsense running on this kind ow hw: I've seen the CPU is the well-known VIA C3, so I'm
Hi Scott!First, thank you very very much for this edition, it is very useful!!I am trying to include my own personal hack in a iso image (i.e. Clam antivirus, some new binaries, a custom.inc file with my own functions, etc).
When I build the image, everything is ok, but the only things that I get
Hi guys...Just a bit of curiosity; are we still in alpha, or with the last versions we can consider pfSense in a beta stage? I know that the timeline is not to be intended so strictly, but following that, we shoul be very near to RC...
Thank you againTom
Hi guys!
Sorry, I read the last thread about captive portal, and from what I
understood it is in plan to abandon ipfw. Does this means that in the
future (e.g v1.0) it is planned to remove the ipfw kernel module? I am
using ipfw for integrating pfsense with p3scan, so I would like to ask
you if it
Thank you! You are always so ready..
On 11/9/05, Scott Ullrich [EMAIL PROTECTED] wrote:
This is fixed in CVS.
On 11/9/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:
I know it is a retired version, but I experienced a problem with the
LAN IP: after the first reboot after upgrading
Hi guys!
After the release of V. 0.92 (and then pulled), I didn't see any other
release... Maybe we are at the final stages, before v1.0!?
Great work, guys, and thank you again!!
Tom
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
Hi to all!
I'm sorry, I'm still drunk or v0.92 live cd does not appear in the
mirrors anymore?
I downloaded it few days ago and now I can't see it..
Is a bad release, or is there a problem with the mirrors?
Tom
-
To
: Tommaso Di Donato [mailto:[EMAIL PROTECTED]
Enviado el: Lunes, 31 de Octubre de 2005 02:56 a.m.
Para: support@pfsense.com
Asunto: Re: [pfSense Support] wegGUI modification
I would enjoy this solution very much! But I think that should be
trickier because you need 2 web server running..
In my
I would enjoy this solution very much! But I think that should be
trickier because you need 2 web server running..
In my opinion, a faster solution could be to prepare a siple opening
page, with some statistics and graphs, and from there a link to the
real webgui
However, we are working in
-
From: Tommaso Di Donato [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 26, 2005 1:46 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Transparent Squid proxy in DMZ?
From what I can recall, it is possible to transproxy only http
traffic, hot https (because of encrypted http headers
Yes.. it is a very interesting concept, I did not even think about
this solution..
Thank you guys, I love to try different solutions!!!
Tom
On 10/26/05, Bill Marquette [EMAIL PROTECTED] wrote:
On 10/26/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Maybe I did not undestand well
confused Tomasso.
-Gary
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 26, 2005 8:48 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Transparent Squid proxy in DMZ?
On 10/26/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Maybe I
(and should) have your firewall do the work of redirecting traffic to the
squid box. Squid, in this scenario, acts as a second gateway for the
network but only for squid-relevant traffic. I hope this clarifies things.
-Gary
-Original Message-
From: Tommaso Di Donato [mailto:[EMAIL
Do not worry, I worked around installing 0.86.4 and then upgrade..
(I think you have more important things to do!)On 10/24/05, Scott Ullrich [EMAIL PROTECTED] wrote:
I've reproduced the problem. Will have it fixed soon.ScottOn 10/24/05, Tommaso Di Donato
[EMAIL PROTECTED] wrote: Hi to all.I have
I would like to tell you my personal experience: under Linux I realized
a l2tp+ipsec vpn server for winXP road-warrior client. In a first time,
I realized it with the same l2tp implementation that we can find for
FreeBSD, but i experienced a lot of problems (when clients disconnect
the ppp tunnel
On 10/16/05, stephan schneider [EMAIL PROTECTED] wrote:
Got the solution.In the vpn client connection configuration you have to chooseIPSec over TCP and of course Enable Transparent Tunnel.No custom rules, no IPSec passthru (that's a different approach),
no custom nat rules (only the default: nat
On 10/18/05, Bill Marquette [EMAIL PROTECTED] wrote:
On 10/18/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:Mmmh, sounds very strange..IPsec NAT-T usually is achieved as IPsec over UDP..
(http://wiki.openswan.org/index.php/Firewalls)...and from what I know, Cisco VPN is using exaclty this.What
On 10/18/05, Chris Buechler [EMAIL PROTECTED] wrote:
In the case of VPN's that are terminated on pfsense boxes, it is racoon,and very recently a kernel patch was added to test NAT-T support withipsec-tools.I'm not sure if it's even made it into a public release
yet.It'll be there soon if not, but
On 10/15/05, Bill Marquette [EMAIL PROTECTED] wrote:
Not sure I follow with the redirection part.But if I understandcorrectly, yes we can use both ipfw and pf in conjunction fordifferent tasks.This is how our shaper code used to work - define
the queues in PF and assign the traffic in IPFW.Our
You are very kind, in responding so fast!!
Module probably isn't loaded (it's only loaded if CP is in use Ibelieve).
Mmmh, I think it is (I loaded it by hand with kldload ipfw.ko):
# kldstat
Id Refs Address Size Name
1 4 0xc040 68cca0 kernel
2 16 0xc0a8d000 55fdc acpi.ko
3 1 0xc25e2000 c000
On 10/16/05, Bill Marquette [EMAIL PROTECTED] wrote:
Got it, now I understand the problem (makes sense, I was wondering howit did transparent proxy w/out access to the destination IP:) ).Sobasically, it does a state lookup on the socket connected to it and
figures out what the original IP was
Just a question.. I would like to ask one more thing: rule-based
forwarding disabled in dmesg (ipfw2 (+ipv6) initialized, divert
loadable, rule-based forwarding disabled, default to accept, logging
disabled)
means that pfsense kernel is compiled without this option (IP-FIREWALL_FORWARD)?
Maybe
Thank you very very much!! ( I forgot to mention I am developing on version 0.84...)
Thanx again!On 10/16/05, Scott Ullrich [EMAIL PROTECTED] wrote:
Reinstall from scratch on the latest version. Your IPFW module iswrong. It should say rule based forwarding enabled.On 10/16/05, Tommaso Di Donato
Hi!
I recently read a post about captive portal, and the related use of
ipfw. If I understood well, it is possible to use at the same time pf
and ipfw. Is it true? I mean, can I use ipfw for doing a particular
king of traffic redirection, even there is another redirection done
with pf (of course,
Is it possible to configure a page in the webgui that is accessible w/o authentication? even in a sub-dir...
TIA
Tom
On 10/4/05, Jörgen Haraldsson [EMAIL PROTECTED] wrote:
HiThe line says:rdr on ste0 proto esp from any to 192.168.1.20 port 500 - 192.168.2.100port 500I don't know if port 500 is the right port to use with esp.
But It does not matter what port i use.
Mmmhh.. I think this is an error!!! ESP is
If you refer to my solution (squid+redirector+clamav), I have to say
that yes, clamav is running on the local machine, yes it uses tcp
socket, but no, it cannot be accessed from outside 127.0.0.1 (the
daemon is listening only on lo). First, because of security reasons
(that other guys altready
/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Ok, not a problem.. The important (for me) is to know that in a normal installation it is different
Ok, not a problem.. The important (for me) is to know that in a normal installation it is differentOn 9/13/05, John Cianfarani
[EMAIL PROTECTED] wrote:
I have a version installed under vmware gsx
3.2 as well and I notice the same thing.
John
.
--Bill
On 9/10/05, Scott Ullrich
[EMAIL PROTECTED] wrote:
Say what!? It shouldn't be that big.# du -h2.8M.# pwd/rescueScottOn 9/10/05, Tommaso Di Donato
[EMAIL PROTECTED] wrote:
Sorry... I am trying to shrink a bit my pfsense installation.. in order to stay in less then 512Mb..So I took a walkabout
Sorry... I am trying to shrink a bit my pfsense installation.. in order to stay in less then 512Mb..
So I took a walkabout, and I found that /rescue dir il very big (about
350MB), full of files all ow them of the same size: 2937504 bites.
Could anyone explain me how can that be usefull, and why
Sorry if it has already been asked...
I am running 0.73.6, and in lan interface setup I see I can brigde it
with my wan interf. This is exactly what I am looking for (I want to
build a transparent proxy that scans http and pop3 traffic for virus),
but I can not understand how the bridge setup
Just a little problem:
I enabled the serial port for accessing via null-modem cable.. Nothing happens. And I stil cannot access.
In the process list I cannot see any console enabled.
I am using 0.73.6
Tom
Not at all.It's a brand new option that I commited.
Cool! I was thinking to modify the source, because I was needing it!
You can assign an IP to either of them. Note that if you do notassign an IP to the LAN subnet you need to access the WebConfigurator
from the WAN which will require rules to be
I'm not sure this is a good idea.This would allow anyone from the
WAN in.Besides, how is it gonig to know what to unlock since it used
the LAN subnet prior?
If I understood well, if I enable lan to wan bridging, and I do not
assign an IP to LAN interface, I can only access from the WAN ip. But
if
So... you all say that it is better to leave the things as they are.. Ok, I trust you.
But in the remote possibility that I become crazy and start to develope
something like the thing I imagined, I will share it with you! On 8/11/05, Chris Buechler [EMAIL PROTECTED]
wrote:On 8/11/05, Scott
64 matches
Mail list logo