Re: [pfSense] Encrypt Microwave Link?

2012-06-27 Thread William David Armstrong 
Hi all

I not a very expert on this area but My 0,02 cents 


For the radio setup ubiquiti have another set of frequencies 900mhz 3,6ghz  
6ghz. It's work to avoid a interference of common 2,4ghz and 5ghz and difficult 
a interception but not impossible.  Take a look if is found on your country.

You my try I radius setup for authentication 801.11x. + certificate 

http://www.smallnetbuilder.com/wireless/wireless-howto/30210-how-to-setting-up-freeradius-for-wpa-a-wpa2-enterprise-part-1



 

Em 26/06/2012, às 21:16, Jim Pingle li...@pingle.org escreveu:

 On 6/26/2012 5:09 PM, Jim Thompson wrote:
 2. If I had a 2nd pfSense box in the sub-office, does pfSense have a way
 to encrypt/secure the data travelling over the microwave link.   I'm
 thinking something like a VPN - but not sure how to go about this when
 I'm essentially trying to secure a patch lead.
 
 It's essentially a network-to-network VPN - something like OpenVPN
 would be ideal here. 
 
 OpenVPN: not ideal, but workable.   Requires making an IP interface out
 of each end (as does IPSEC).  If Paul wants to bridge the connection,
 neither will help.  If he wants to route between the two pfSense boxes,
 either will work, through IPSec will offer greater throughput, and
 Openvpn is typically easier to setup. 
 
 You can bridge with either OpenVPN (in tap mode) or IPsec in transport
 mode + GIF tunnel. Neither of those work out of the box on 2.0.x though,
 both work fine on 2.1.
 
 You still have to be careful to avoid a mess of conflicting IPs, and of
 course overloading the bridge with broadcast/multicast, but it can be done.
 
 Jim
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Is OpenVPN dial in broken in 2.1

2012-06-27 Thread Gavin Will 
I have an alix 2d3 running 2.1 snapshot at home.

I have used the 2d3 with 2.0 and dial in works fine for Open VPN following 
these instructions  http://blog.stefcho.eu/?p=492

I export the installer, run as administrator and I connect fine, get an IP in 
the range I would expect and specify when setting up the vpn but I cannot route 
any traffic.

Firewall rules are as expected and work in 2.0. States have been reset also 
just in case.

When I disconnect I find that accessing the remote box via https it doesn't 
respond for a minute or 2 then comes back

Any ideas? I was wanting to try IPv6 hence 2.1 and would still like to dial in

Cheers
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Is OpenVPN dial in broken in 2.1

2012-06-27 Thread Jim Pingle 
On 6/27/2012 10:02 AM, Gavin Will wrote:
 I have an alix 2d3 running 2.1 snapshot at home.
 
 I have used the 2d3 with 2.0 and “dial in” works fine for Open VPN
 following these instructions  http://blog.stefcho.eu/?p=492
 
 I export the installer, run as administrator and I connect fine, get an
 IP in the range I would expect and specify when setting up the vpn but I
 cannot route any traffic.
 
 Firewall rules are as expected and work in 2.0. States have been reset
 also just in case.
 
 When I disconnect I find that accessing the remote box via https it
 doesn’t respond for a minute or 2 then comes back
 
 Any ideas? I was wanting to try IPv6 hence 2.1 and would still like to
 “dial in”

I just set one up for a customer two days ago on 2.1 and it dials in
fine, using the wizard and client export, no issues at all.

Sounds like there may be a route or subnet conflict somewhere in what
you're doing. Seeing the client and server OpenVPN logs might help.

Jim
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] 2.1 timeline?

2012-06-27 Thread Joe Landman 
Hi folks ...  any guidance on the 2.1 timeline?  Is it considered stable 
for end user use yet?  I'd prefer to deploy things actually marked as 
stable (we have 2.0.1 in use at customer sites, and are playing with it 
internally).  I'd like to get 2.1 up for better driver support (and ease 
of building drivers).  Thanks!


Joe

--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics Inc.
email: land...@scalableinformatics.com
web  : http://scalableinformatics.com
   http://scalableinformatics.com/sicluster
phone: +1 734 786 8423 x121
fax  : +1 866 888 3112
cell : +1 734 612 4615


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 2.1 timeline?

2012-06-27 Thread Jim Pingle 
[Please don't threadjack. Start a fresh message rather than replying to
an existing message, or threading mailreaders will bury your message
under an unrelated topic]

On 6/27/2012 1:25 PM, Joe Landman wrote: Hi folks ...  any guidance on
the 2.1 timeline?  Is it considered stable
 for end user use yet?  I'd prefer to deploy things actually marked as
 stable (we have 2.0.1 in use at customer sites, and are playing with it
 internally).  I'd like to get 2.1 up for better driver support (and ease
 of building drivers).  Thanks!

Hopefully sometime in the next couple months. We still have a few
blocking issues to tackle before we'll even push a BETA1.

Many of us are running it in production in areas that need IPv6 or have
hardware that requires the newer drivers. Basically if it works for you,
it should keep working, but if it doesn't work, you should know right
away. Not easy to back down from it though.

Problem areas in current snapshots are VLANs, NanoBSD read-only remount
slowness, and there are still some packages that need work to be usable
on 2.1.

Jim
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Forwarding Protocol 41 for 1:1 IP Addresses

2012-06-27 Thread Yehuda Katz 
I would like add a HE IPv6 tunnel to two of my servers without adding a
tunnel for the whole network.
I was looking at adding an option for each 1:1 to forward protocol 41 just
for that public IP. (maybe a checkbox on the 1:1 create/edit page)
Is there any reason this would not work?

If I understand the code correctly, a rule would look something like:
rdr on {$natif} proto ipv6 from any to {$dstaddr} - {$target}

- Y
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Forwarding Protocol 41 for 1:1 IP Addresses

2012-06-27 Thread Seth Mos 
Good question,

Op 27 jun 2012, om 20:53 heeft Yehuda Katz het volgende geschreven:

 I would like add a HE IPv6 tunnel to two of my servers without adding a 
 tunnel for the whole network.
 I was looking at adding an option for each 1:1 to forward protocol 41 just 
 for that public IP. (maybe a checkbox on the 1:1 create/edit page)
 Is there any reason this would not work?

Theoretically not impossible. A port forward might be a better match though, 
rdr is a forward, binat is a 1:1, don't think binat allows for protocol 
selection.

 If I understand the code correctly, a rule would look something like:
 rdr on {$natif} proto ipv6 from any to {$dstaddr} - {$target}

binat on {$natif} proto 41 from {$endpoint} to {$dstaddr}

Perhaps, patched accepted.

Cheers,
Seth
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list