I am running the 3-27 snapshot of pfsense.
I've been testing out adding a 2nd OPT interface that goes to remote
sites over a wireless link. A dedicated access point is doing all the
wireless stuff, so that is not a responsibility of the pfsense box.
Here's my problem though.
I can ping
I'm using the 3-27 snapshot on the pfsense box.
I've searched both the forum and the mailing list archives, and I can't
seem to find an updated listing of how to get IPSEC to work over an OPT
interface as well as over WAN at the Same time.
Here's what I want to do:
I have several remote
I know it's not much, but you've certainly proven that ntop is not
running. My only other suggestion is to look at StatusSystem
LogsSystem, particularly right after stopping and starting ntop. ntop
creates numerous entries in the system log when it starts (or attempts
to), and you may find some
It seems we are both having the same basic issue. I am assuming that you are
able to connect out via the same OPT2 interface you are trying to connect in
thru. I wish I had more answer for you than I am having this trouble too.
No one has responded to my emails. If I find the source of my
Here is the message that I am receiving.
Robert
There were error(s) loading the rules: /tmp/rules.debug:54: macro 'opt3' not
defined/tmp/rules.debug:54: syntax error pfctl: Syntax error in config file:
pf rules not loaded - The line in question reads [54]: binat on $opt3 from
10.0.0.51/32 to
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I'm using the 3-27 snapshot on the pfsense box.
I've searched both the forum and the mailing list archives, and I can't
seem to find an updated listing of how to get IPSEC to work over an OPT
interface as well as over WAN at the Same time.
We have docs concerning multi-wan. Please ensure that you have double
checked your settings.
http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing
I run multi-wan at work and it absolutely works.
Scott
On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote:
It seems we are both having the
Is the interface enabled?
On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote:
Here is the message that I am receiving.
Robert
There were error(s) loading the rules: /tmp/rules.debug:54: macro 'opt3' not
defined/tmp/rules.debug:54: syntax error pfctl: Syntax error in config file:
pf rules not
I know it works. You guys have done great with that. I have WAN, OPT1, and
OPT2 working great. I do not know why OPT3 and OPT4 do not. I have tested
and checked so much I don't know what else to look for. I have not seen this
specific doc. I don't think it existed when I set this up
Hi All,
I´m folowing the documentation
(http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing) to setup a
Multi-Wan/Load Balancing environment, however after create the pool, I´m
getting a error when I click on Apply button:
Warning: unlink(/tmp/Wan1BalanceWan2.pool): No such file or
On 3/29/07, Diego Morato [EMAIL PROTECTED] wrote:
Hi All,
I´m folowing the documentation
(http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing) to setup a
Multi-Wan/Load Balancing environment, however after create the pool, I´m
getting a error when I click on Apply button:
Warning:
On 3/28/07, Mark Kane [EMAIL PROTECTED] wrote:
The latest snapshot seems to be the same as the previous one (still
going to qlandef but doesn't seem to affect other traffic much).
1.0.1-SNAPSHOT-03-27-2007
built on Wed Mar 28 21:01:28 EDT 2007
# ps awux | grep pftpx
proxy550 0.0 0.1
Ok, thank you. I will test this and report any problems.
Diego
- Original Message -
From: Scott Ullrich [EMAIL PROTECTED]
To: support@pfsense.com
Sent: Thursday, March 29, 2007 1:25 PM
Subject: Re: [pfSense Support] Multi-Wan/Load Balancing
On 3/29/07, Diego Morato [EMAIL PROTECTED]
Thanks for the link. I've been looking for a definitive how-to for load
balancing. It appears to have more information than some of the other
documentation.
I'm not, however, actually using the OPT2 as a Wan link. I just want to
use it to act, basically, like a separate subnet on the
I've set up a test tunnel between my office and my customer site. The
VPN tunnel will work correctly when the pfsense interface is the WAN
interface. When I change the interface to the OPT interface, It doesn't
seem to work. Here are some log entries.
racoon: ERROR: phase1 negotiation
On 3/28/07, Robert Goley [EMAIL PROTECTED] wrote:
I have 1 existing DSL connection and 2 existing Cable connections. I am
adding 2 more Cable connections as part of a phase-in/phase-out scenario.
The current setup works great. It is using policy based routing on pfsense
1.0.1. I can not seem
On Thu, Mar 29, 2007, at 12:29:37 -0400, Scott Ullrich wrote:
Please open Diagnostics - Command Prompt and in the PHP command box
type in:
echo isset($config['ezshaper']['step5']['p2pcatchall']);
This didn't return anything.
And:
print_r($config['ezshaper']);
Array
(
[step2] =
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I've set up a test tunnel between my office and my customer site. The
VPN tunnel will work correctly when the pfsense interface is the WAN
interface. When I change the interface to the OPT interface, It doesn't
seem to work. Here are
P2PCatch all is not enabled then.
Here is what my host shows:
# php -f test.php
1
Array
(
[step2] = Array
(
[download] = 3000
[upload] = 250
[inside_int] = lan
[outside_int] = wan
)
[step3] = Array
(
[provider] =
On Thursday 29 March 2007 13:46, sai wrote:
Use the same settings that you got working on your laptop?
Yes, same settings.
Can you ping the gateway in question from the pfsense firewall?
I did not think that you could ping because of default traffic rules going out
on WAN and then back in from
I changed the My Identifier on the tunnel definition to IP Address and
then specified 75.44.169.169. I clicked save and apply. When I did
this, the tunnel still did not work. In addition, all mention of the
tunnel stopped in the IPSEC logs.
I have confirmed that I can ping the
I have only the default allow everything rule on the IPSEC tab. I
manually added rules to the firewall to allow UDP 500 to the OPT2
interface and to allow ESP to the OPT2 interface, and now I'm getting
different IPSEC log results (I changed the My Identifier back to
interface address).
Here
I changed the My Identifier on the tunnel definition to IP Address and
then specified 75.44.169.169. I clicked save and apply. When I did
this, the tunnel still did not work. In addition, all mention of the
tunnel stopped in the IPSEC logs.
I have confirmed that I can ping the
After I let the connection set for a couple minutes after manually
adding the UDP 500 and ESP rules, the tunnel started working. Yeah!!!
Assuming that I will need to manually add the rules to the OPT2
interface, are there any additional rules that need to be added for IPSEC?
Also, here are
No, this sounds like a bug. I sent a request for information a few
minutes ago. Did you get it? If so please check /tmp/rules.debug for
IPSEC and see if the OPT interface rules are being addded.
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
After I let the connection set for a
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I didn't get the request, but I'll be happy check to see if rules are
being added. Should I remove the manual rules that I created first
before checking?
Yes, please. Then open up /tmp/rules.debug and look for VPN
Rules.. Below that
Hi again,
I´ve just tested this funcionality and it works great! I just followed
the documentation. Bellow are some info about my system. To test I unplug
and plug the connection cables.
Version:
1.0.1-SNAPSHOT-03-15-2007
built on Fri Mar 23 05:07:13 EDT 2007
system.log:
Mar 29
Great! Glad that you got it working and that validates the
documentation's ability.
Scott
On 3/29/07, Diego Morato [EMAIL PROTECTED] wrote:
Hi again,
I´ve just tested this funcionality and it works great! I just followed
the documentation. Bellow are some info about my system. To test I
Here is the relevant text of my rules.debug file. It looks like the
interface on the connection computer support has the same interface as
the rest of the tunnels. This is the test connection that should be
using OPT3.
# let out anything from the firewall host itself and decrypted IPsec
Here is the relevant text of my rules.debug file. It looks like the
interface on the connection computer support has the same interface as
the rest of the tunnels. This is the test connection that should be
using OPT3.
# let out anything from the firewall host itself and decrypted IPsec
Oops! Sorry for the double post.
Vaughn L. Reid III wrote:
Here is the relevant text of my rules.debug file. It looks like the
interface on the connection computer support has the same interface
as the rest of the tunnels. This is the test connection that should
be using OPT3.
# let out
Okay, so that I am on the same page as you. Those $wan rules should
have read $optX ??
Scott
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
Oops! Sorry for the double post.
Vaughn L. Reid III wrote:
Here is the relevant text of my rules.debug file. It looks like the
interface
The ones ones that say Computer Support are from the test tunnel that I
created to use OPT2.
The interfaces on this machine are labeled like this:
LAN = em0
WAN = em1
ATTDSL = em4 -- This is the OPT interface that I was using for the
Computer Support VPN test
wireless = em2
Vaughn
Scott
Okay, I see this bug as well. Will get it fixed soon.
Scott
On 3/29/07, Scott Ullrich [EMAIL PROTECTED] wrote:
Okay, so that I am on the same page as you. Those $wan rules should
have read $optX ??
Scott
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
Oops! Sorry for the
Thanks for your hard work. I appreciate it and I'm sure my customers do
too.
Vaughn
Vaughn L. Reid III wrote:
The ones ones that say Computer Support are from the test tunnel that
I created to use OPT2.
The interfaces on this machine are labeled like this:
LAN = em0
WAN = em1
ATTDSL = em4
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
Thanks for your hard work. I appreciate it and I'm sure my customers do
too.
No problem, the bug should be fixed now. Please test a snapshot about
1-2 hours from now.
Scott
I am entering the failover and load balancing rules. Rules look fine. Should
there be blank rules there by default? There is one for the load balance and
one for the pools.
Robert
Warning: unlink(/tmp/.pool): No such file or directory in /etc/inc/vslb.inc on
line 58 Warning: stristr():
This was fixed earlier.
Scott
On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote:
I am entering the failover and load balancing rules. Rules look fine. Should
there be blank rules there by default? There is one for the load balance and
one for the pools.
Robert
Warning: unlink(/tmp/.pool):
Was not sure if it wa the same error. Thanks for the fix.
Robert
On Thursday 29 March 2007 18:17, Scott Ullrich wrote:
This was fixed earlier.
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
Have the IPSEC changes been committed and built yet? I'm looking at the
update files, and they all still say March 27 2007. I'm using this
repository http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/
Should I be looking somewhare else for the update with the IPSEC fix?
Thanks,
Vaughn
I have reworked the firewall according to the docs Scott provided. Most
things are working fine. OPT1 and OPT2 using the new cable modems that had
trouble earlier are working. WAN however is not working right. I am having
a similar problem to earlier. With WAN set to be the default route,
On Wed, 31 Jan 2007, Scott Ullrich wrote:
On 1/31/07, Charles Sprickman [EMAIL PROTECTED] wrote:
Hi all,
I'm running PFSense 1.0.1 with three interfaces: WAN, LAN and then OPT1
acting as a bridged interface with the WAN. Our DSL provider gives us a
/29 on the LAN port of their router and I
I did find that 1-1 mapping is breaking the outgoing connect of the machine
that is being mapped. I verified this by switching a 1-1 NAT mapping between
to machines. I was able to access before the map and could not after. on
the other machine that had the map to start with, I could not
Is there a way to kill/cut off an established TCP session without doing a reset
all state?
Thanks,
Sally
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Yes, You have to explicitly kill the state from a terminal on the pfSense
router. I have done it a few times in the past but can not remember the
command at the moment. Search google for pf kill state. I will email the
command if I find it.
Robert
On Thursday 29 March 2007 21:01, Sally
I found the command. Here are some basics on it.
pfctl
-k host
Kill all of the state entries originating from the specified
host. A second -k host option may be specified, which will kill
all the state entries from the first host to the second host.
For example, to kill all of the state entries
On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote:
I found the command. Here are some basics on it.
pfctl
[snip]
Newer snapshots can kill the states from Diagnostics - States without
the command line.
Scott
-
To
May I confirm something? For site-to-site connection, it is always
required that one pfsense operates as a server and one operates as a
client, correct? server-to-server and client-to-client do nto work?
Regards, Kelvin
If this is working it would be a great step a head :)
-Oorspronkelijk bericht-
Van: Vaughn L. Reid III [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 30 maart 2007 1:08
Aan: support@pfsense.com
Onderwerp: Re: [pfSense Support] IPSEC over an OPT interface Problems
Have the IPSEC changes
Please don't switch the topics of your mails concerning the same issue
constantly. It's hard to follow/track a vonversation this way. Thank
you.
Holger
-Original Message-
From: Robert Goley [mailto:[EMAIL PROTECTED]
Sent: Friday, March 30, 2007 2:42 AM
To: support@pfsense.com
50 matches
Mail list logo