[pfSense-discussion] umts stick
Hello all :) can I use umts with pfsense? Can someone recommend an UMTS- stick? tia stefan - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense-discussion] centralized management with distributed pfsense installations
Hello all :) I need the possibility to have a centralized management with pfsense installations. It should be GUI- solution. What is the best way to do it? Can someone help? tia stefan - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense-discussion] pfsense image with preconfigured config
Hello all, for an international project I want to use pfsense. I need for that purpose a way to fill up machines with a preconfigured image. How can I do that? What is the best way? can someone help? tia stefan - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense-discussion] NAT on tun0 used with OpenVPN
The problem is that when I go to the assign option for interfaces the tap0 interface does NOT appear. I'm trying to do this AFTER creating the OpenVPN tunnel. If I go to the command prompt option and type ifconfig, I do see that there is a tun0 device. But I does not show up in any other place... Regards, Stefan De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 8:43Para: discussion@pfsense.comAsunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN I understand exactly what you are saying. The device does not exist until the VPN has actually been created. When I went through the same process 2 days ago I did exactly this. 1. Configured/Established the OpenVPN connection 2. Went to the assign option for interfaces 3. Created an OPENVPN interface from tap0 4. Created an advanced outbound NAT mapping. Hope this helps. On 12 Nov 2006, at 23:53, Stefan Tunsch wrote: The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with usingthe Live-CD version? --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006
RE: [pfSense-discussion] NAT on tun0 used with OpenVPN
I have seen several posts in the forum stating that tun or tap interfaces should not be assigned to an interface of pfSense. That any/any firewall rules are automatically created when openvpn client establishes connection. And that no traffic will flow if static routes wheren't defined on BOTH sides of the tunnel. This supposes a problem for me. I have a centralized server infraestructure where an openvpn server is running. This server serves connections for different offices. If I have to set up static routes on the server to each of these offices, the first problem I have is that several of them are using the same network settings. In this scenario, I have to either make sure each office uses a different network or this will not work. It sounds strange not to be able to establish outbound natting on the tunnel. Not being able to establish firewall rules to control who gets access to the tunnel also sounds weird. Regards, Stefan -Mensaje original- De: Scott Ullrich [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 17:54 Para: discussion@pfsense.com Asunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN Tun0 is no longer used. Everything is handled automatically. See the forum where this has been hashed out quite a bit since 1.0. On 11/13/06, Stefan Tunsch [EMAIL PROTECTED] wrote: The problem is that when I go to the assign option for interfaces the tap0 interface does NOT appear. I'm trying to do this AFTER creating the OpenVPN tunnel. If I go to the command prompt option and type ifconfig, I do see that there is a tun0 device. But I does not show up in any other place... Regards, Stefan De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 8:43 Para: discussion@pfsense.com Asunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN I understand exactly what you are saying. The device does not exist until the VPN has actually been created. When I went through the same process 2 days ago I did exactly this. 1. Configured/Established the OpenVPN connection 2. Went to the assign option for interfaces 3. Created an OPENVPN interface from tap0 4. Created an advanced outbound NAT mapping. Hope this helps. On 12 Nov 2006, at 23:53, Stefan Tunsch wrote: The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with using the Live-CD version? -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006
RE: [pfSense-discussion] NAT on tun0 used with OpenVPN
The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with usingthe Live-CD version? De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: domingo, 12 de noviembre de 2006 22:33Para: discussion@pfsense.comAsunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN It will be available to add as an interface after you establish the vpn. Once you have done that it will work like any other nat config. On 12 Nov 2006, at 21:29, Stefan Tunsch wrote: Hi! I need to set up outbound natting on tun0. tun0 is the virtual interface created and used by an OpenVPN client on my pfSense machine. This interface (tun0)isn't available for creating rules, NAT, etc on the web interface of pfSense. How can I set up outbound NATTING for this interface? Regards, Stefan --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.409 / Virus Database: 268.14.3/530 - Release Date: 11/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/530 - Release Date: 11/11/2006
RE: [pfSense-discussion] Dynamic DNS
Thanks. Got that clear. I wasn't trying to push for any new funtionality. Just wanted to make sure I was understanding how things work regarding dyndns. In my case, reporting only through WAN interface is enough, since I only have one dynamic IP address. I think that the used routers provide a functionality to make them act like a modem. I will try to set them up like that and see if in that scenario my WAN IP address is the same as the public ADSL ip address. Regards and keep up with the good work, Stefan -Mensaje original- De: Holger Bauer [mailto:[EMAIL PROTECTED] Enviado el: lunes, 16 de octubre de 2006 21:19 Para: discussion@pfsense.com Asunto: RE: [pfSense-discussion] Dynamic DNS It only supports reporting it's interface IP (which is in your setup already a natted IP behind another device). Either connect the pfSense directly to WAN or use dyndns at the host in front of you that is connected to the real wan or use a dyndns update client on LAN that frequently checks for the changed IP and send it's request out the appropriate wan by utilizing policybased routing. Holger -Original Message- From: Rainer Duffner [mailto:[EMAIL PROTECTED] Sent: Monday, October 16, 2006 5:41 PM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] Dynamic DNS Stefan Tunsch wrote: I'm talking about the integrated dyndns client. Luckily I installed the ADSL with the dynamic ip address on the WAN interface... How can I report an IP other than the WAN IP? I think he said next version. Or did I misread that? Bear with them - they're probably going to have to take a vacation, now that the release is actually out ;-) cheers, Rainer -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/477 - Release Date: 16/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/477 - Release Date: 16/10/2006
RE: [pfSense-discussion] Dynamic DNS
I'm not sure I get your point. You always need to provide your IP address to the Dynamic DNS provider. If you don't, it will cease to be dynamic. The ways to do that vary. You can for example simply do a http request to some special page of your Dynamic DNS provider passing along your credentials and the page will automatically know your IP address, compare it with the stored one and eventually update it if there has been any change. DynDNS does indeed provide with a mechanism to manually introduce an IP, but the problem here is the ability of pfSense to update this entry if the public IP address changes. Regarding the routing, I'm not sure what you mean. Holger has clearly stated that indeed the dynamic DNS service of pfSense only checks and updates the public IP address on the WAN interface and that in the future pfSense will get the functionality to choose the interface you want to update with this service. (Multiple dyndns clients updating different interfaces would be nice...) On the other hand, policy based routing of some traffic through one or the other interface can be controlled by adding a simple rule to the firewall. Regards, Stefan -Mensaje original- De: Bill Marquette [mailto:[EMAIL PROTECTED] Enviado el: lunes, 16 de octubre de 2006 21:27 Para: discussion@pfsense.com Asunto: Re: [pfSense-discussion] Dynamic DNS Some dyndns providers require us to supply an IP, some don't. I think DynDNS isn't one of those, but it does allow us to enter an IP, which we do - the only one we know. FWIW, traffic sourced from pfSense will always (for now) go out your primary WAN interface (the one with the default route), regardless of what policy routing says. --Bill On 10/16/06, Stefan Tunsch [EMAIL PROTECTED] wrote: I'm talking about the integrated dyndns client. Luckily I installed the ADSL with the dynamic ip address on the WAN interface... How can I report an IP other than the WAN IP? I understand that in many situations my configuration is the one most people will use, where there is a router between pfSense and the Internet. In this scenario, reporting the WAN interface IP makes absolutely no sense. I should be reporting the router's public IP. Of course, a solution might be to install the client software provided by DynDNS on some other machine and route this traffic via an appropriate firewall rule through my WAN interface. But doing it with pfSense would be much cleaner. Regards, Stefan -Mensaje original- De: Holger Bauer [mailto:[EMAIL PROTECTED] Enviado el: lunes, 16 de octubre de 2006 16:58 Para: discussion@pfsense.com Asunto: RE: [pfSense-discussion] Dynamic DNS The dyndns client only works at WAN interface and is always reporting the WAN interface IP. We have code in the next version do dyndns per interface. Are you talking about the integrated dyndns client or a client that is running inside your LAN on a workstation or server? Holger -Original Message- From: Stefan Tunsch [mailto:[EMAIL PROTECTED] Sent: Monday, October 16, 2006 4:26 PM To: discussion@pfsense.com Subject: [pfSense-discussion] Dynamic DNS Hi there! I recently set up my first pfSense firewall into production. I am using the load balancing feature. One of the two ADSL connections I'm using has a dynamic IP address. The loadbalancing itself is working fine, but I'm having trouble with the Dynamic DNS client set up. I have created an account with DynDNS and set up pfSense accordingly. The problem is that pfSense reports the IP address of the WAN interface instead of providing the public IP of my router. The second issue is that I don't want to balance this url from one interface to the other. I want to use just one of the WAN interfaces I've set up. Curiously, pfSense always checks the same interface, which is the one where I have dhcp set up between WAN and the router. Any comments on this would be appreciated. regards. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/476 - Release Date: 14/10/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/476 - Release Date: 14/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/476 - Release Date: 14/10/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/477 - Release Date: 16/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/477 - Release Date: 16/10/2006
[pfSense-discussion] Question regarding OpenVPN+pfSense+Load Balancing
Hi there! In my installation I use load balancing, as you know if you've read some other mail from me. One of the reasons for choosing pfSense has been that OpenVPN is included in the package. The problem here is that I would like that pfSense balances also the VPN traffic. Is pfSense capable of doing that? If not, is there any other method of doing something similar? What happens when I install the OpenVPN client onto a PC behind pfSense? Will this traffic be loadbalanced? Might IPSec be an option if I want to load balance this kind of traffic? Can I set up several OpenVPN clients on pfSense, makeeach of them use a different WAN interface and create a another load balancing pool that uses the virtual interfaces created by OpenVPN? Regards, Stefan -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.4/477 - Release Date: 16/10/2006
