Re: [pfSense] openvpn per user/cert client package creation
Be sure you are creating a cert with each user account or assigning one to them. -- Kevin Tollison On September 14, 2017 at 10:47:08 PM, Randy Bush (ra...@psg.com) wrote: > as far as i can determine, the openvpn-client-export package only > exports the admin account (or is it the logged in account?) and > packages the corresponding cert. > > i want to generate (mostly viscosity) openvpn per-user cert packages. > clue bat, please. > > randy > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Site to Site VPN behind nat
Buy the Gold membership. The pfSense book has a ton of VPN setup docs. Kevin On Sun, May 1, 2016 at 8:18 PM Dane Reuggerwrote: > I'm looking for some docs or a walk through on creating a site to site VPN > that will work with the client the client behind NAT. Ideally we could plug > in behind another router and have it dial in and create the tunnel? > > I've seen this done with Aruba but not sure it's possible with PfSense but > if it is I would love a guide to get it going. > > Thanks, > -Dane > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] FTP trouble.
I ran into this issue with a couple of sites using ftp on an as400. Even opened a ticket with pfSense support. Was never able to resolve it. Sites are unfortunately still running 2.1.5. Anything in the 2.2 series and ftp fails immediately. as400 vendor is working on a sftp or ftps update and has been for 9 months. I gave up on trying to pass that traffic on pfSense 2.2 Support kept sending me back to this document. https://doc.pfsense.org/index.php/FTP_without_a_Proxy On Thu, Feb 11, 2016, 2:25 PM J. Echterwrote: > Hi, > > i have a tool which uodates its data by ftp. Nothing sepcial... > > But, i cant use it as i get errors like 'no data', error 227 'entering > passive mode' and so on. > > As far as i know should passive mode be working without any afford. > > Where can i have a look what is going wrong? > > I read about FTP helper and FTP CLient Proxy, but imho FTP Helper isn't > in 2.2 anymore and was more for ftp servers behind pfsense. > > > Please, any hints are welcome :) > > Thanks. > > Juergen > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] OpenVPN Support Forum • Critical denial of service vulnerability in OpenVPN servers : Announcements
https://forums.openvpn.net/topic17625.html ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Making an install CD
Or cdburnerXP. That is my favorite free one for Windows. On Oct 29, 2014 12:58 AM, Ryan Coleman ryan.cole...@cwis.biz wrote: Does windows 7 actually burn disc images? Have you tried active ISO instead to burn the image? I believe it's free. -- Ryan Coleman Publisher, d3photography.com ryan.cole...@cwis.biz m. 651.373.5015 o. 612.568.2749 On Oct 28, 2014, at 20:07, Mark Hisel mark_hi...@yahoo.com wrote: I can't seem to make an install CD. I downloaded the ISO, unzipped it from the gz file using 7-ZIP, and burnt the disk image using win7. The CD has a bunch of directories but only one file; the copyright. What did I do wrong? I'm trying to install onto an HP DL380 but the CD is a non-system disk. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 802.11ac Mini PCI Express adapter for pfSense
On Jul 20, 2014 5:53 PM, Nickolai Leschov nlesc...@gmail.com wrote: I would like to use a PC Engines APU series board with pfSense as a wireless router. In their store, I can see 802.11n cards, at most, but can I use 802.11ac already? Does anyone have positive experience with a 802.11ac and can recommend a particular model? Best regards, Nickolai ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list I have used internal card in the past and they typically work well. We have found that an external AP gives a lot more flexibility to an install. For AC support the Engenius ECB1750 is a good choice when it becomes available. I have used the ESR1750 AC router and get some pretty amazing throughout. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Pix Replacement?
On May 24, 2014 6:41 PM, David Hicks dhi...@509j.net wrote: Group... I realize that I'm posting to a pfSense list, but figure it is still worth posing the question. We are a school district with approximately 2000 internal devices. We are looking at replacing our aging Cisco pix firewalls and are trying to decide between going with a Juniper SRX240 or moving to pfSense. Our expectation is to use for simple firewall and NAT with an openVPN setup for a small number of remote connections. We've been using pfSense in a very simple configuration at one of our smaller school districts for a year with no issues whatsoever. I'm wondering if it is time to make the leap to pfSense for our larger operation and if there are any major cautions people might have that would suggest it is a safer bet to go with a standard name like Juniper. I apologize if this is too broad a question, but figured I'd see if anyone has any feedback to provide. Thank you very much, David ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list I'd recommend talking to Chris directly. I'm sure he can generate a support plan that is much more cost effective than anything Juniper has to offer. We have had a support contact for about a year now. Only used it twice. Both issue ended up not being pfSense, but the support team was on the issue almost immediately. Not a direct answer, but a direction I would investigate first for a site(s) of that size. Kevin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Book (Buechler / Pingle)
Even easier. I have a support subscription. I just uploaded the epub to my Google Drive. On Apr 13, 2014 12:22 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 13/4/14 4:25 pm, Adam Thompson wrote: As to the liberated comment, let us know when you've figured out how to make a completely open eReader that doesn't sell for $1000. Nexus 7 + fbreader (freely available)? Opens all the usual suspects (pub, mobi, pdf, etc.) If you don't mind one of the 1st gen Nexus 7s, you can probably pick one up for sub-£100. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Strange Block on LAN interface
Somewhat, but the issue turned out to be a little deeper. I ended up going the Commercial support route for this one. Those guys are excellent and very responsive. On Fri, Sep 13, 2013 at 8:22 AM, Matthias May matth...@may.nu wrote: On 12/09/13 01:23, Kevin Tollison wrote: I am getting an odd behavior on 2.1RC2 . Hopefully I have just missed something. My site is setup as follows PfSense - Site 1 192.168.1.0/24 - Adtran router 192.168.1.3 - PPPT1 ---Site2 Adtran Router 192.168.3.3 I have added a static route in for the Adtran and everything works great with one exception. We have some intermec scanners at site2 connecting to a Win2008 server at site 1 When I initiate a connection from the handheld to the server i get a failed connection with this in the firewall logs [image: block] https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:15:56 LAN 192.168.1.98 192.168.3.77:1139 TCP:SA [image: block]https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:15:59 LAN 192.168.1.98 192.168.3.77:1139 TCP:SA [image: block]https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:16:05 LAN 192.168.1.98 192.168.3.77:1139 TCP:SA [image: block]https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:16:17 LAN 192.168.1.98 192.168.3.77:1139 TCP:R I can connect fine to the server RDP from a PC. I have internet connectivity as well from a PC The default in rule is triggering it. I have added regular rules to allow and floating rules. I have also checked the box to bypass firewall rules on the same interface. As a side note. We have another site using a pfsense over a VPN tunnel that works great. Unfortunately I'm stuck with this private Point to point here. This was working through a DSL modem/router with static routes prior. Thanks Kevin ___ List mailing listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list Most probably this: https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- -- Kevin Tollison ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Strange Block on LAN interface
I am getting an odd behavior on 2.1RC2 . Hopefully I have just missed something. My site is setup as follows PfSense - Site 1 192.168.1.0/24 - Adtran router 192.168.1.3 - PPPT1 ---Site2 Adtran Router 192.168.3.3 I have added a static route in for the Adtran and everything works great with one exception. We have some intermec scanners at site2 connecting to a Win2008 server at site 1 When I initiate a connection from the handheld to the server i get a failed connection with this in the firewall logs [image: block] https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:15:56 LAN 192.168.1.98 192.168.3.77:1139 TCP:SA [image: block]https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:15:59 LAN 192.168.1.98 192.168.3.77:1139 TCP:SA [image: block]https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:16:05 LAN 192.168.1.98 192.168.3.77:1139 TCP:SA [image: block]https://192.168.1.254/diag_logs_filter_dynamic.php# Sep 11 19:16:17 LAN 192.168.1.98 192.168.3.77:1139 TCP:R** I can connect fine to the server RDP from a PC. I have internet connectivity as well from a PC The default in rule is triggering it. I have added regular rules to allow and floating rules. I have also checked the box to bypass firewall rules on the same interface. As a side note. We have another site using a pfsense over a VPN tunnel that works great. Unfortunately I'm stuck with this private Point to point here. This was working through a DSL modem/router with static routes prior. Thanks Kevin ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] 2.1 and Netflix
Decided a few weeks ago to upgrade my 2.03 box to 2.1RC at home. I have updated to the latest snapshot at least once a week as well. Strange issue came up with Netflix. I could launch and play from any PC, but not from my tablet, Chromecast, or Samsung DVD SmartHub. Found this thread http://forum.pfsense.org/index.php?topic=65559.0 None of those worked. My config is basically default. Single Allow All rule on LAN, tried with UPnP on and off, No luck. Had pretty much convinced myself nothing in the router could cause it. I remembered I had an old ASA5505 in the closet. Did a quick config and connected it up. Everything is working again. What could have possibly changed in 2.1 to cause this? 2.03 worked flawlessly Let me know if you need any specific details. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 and Netflix
It is very strange. It only occurs with the Netflix App. The Android and Windows 8 app have the same behavior. Error 13007. The chromecast and DVD were error ui-108 or 109 iirc. The DVD is hardwired and the AP is external (Engenius ENH200EXT) One thing I failed to mention was that Netflix works fine on the XBox360. Not sure how it connects, but it is tied to a Live account. Now the chromecast work fine streaming YouTube or a Chrome tab. The tablet works fine for everything else as well. If i start a movie on a pc then cast it, I get the same error. On Aug 28, 2013 10:14 PM, Jeremy Porter jpor...@electricsheepfencing.com wrote: I can't see this is a netflix issue specifically. Perhaps is some type of DNS or IPv6 difference? The forum post talks about an issue with chromecast setup. But its hard to see how that would impact netflix streaming to other devices. I'm running 2.1 (and have been) with no problems with netflix to PCs, Tablets, or a Boxee box. Now there of course is the possibility of a problem with chromecast, but without more details its hard to say. Upgrading to 2.1 doesn't seem like it could make a difference, unless the wireless AP is running in the pfSense box. On 8/28/2013 8:10 PM, Kevin Tollison wrote: Decided a few weeks ago to upgrade my 2.03 box to 2.1RC at home. I have updated to the latest snapshot at least once a week as well. Strange issue came up with Netflix. I could launch and play from any PC, but not from my tablet, Chromecast, or Samsung DVD SmartHub. Found this thread http://forum.pfsense.org/index.php?topic=65559.0 None of those worked. My config is basically default. Single Allow All rule on LAN, tried with UPnP on and off, No luck. Had pretty much convinced myself nothing in the router could cause it. I remembered I had an old ASA5505 in the closet. Did a quick config and connected it up. Everything is working again. What could have possibly changed in 2.1 to cause this? 2.03 worked flawlessly Let me know if you need any specific details. ___ List mailing listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 and Netflix
On Aug 29, 2013 12:03 AM, Jim Pingle li...@pingle.org wrote: On 8/28/2013 10:23 PM, Kevin Tollison wrote: It is very strange. It only occurs with the Netflix App. The Android and Windows 8 app have the same behavior. Error 13007. The chromecast and DVD were error ui-108 or 109 iirc. The DVD is hardwired and the AP is external (Engenius ENH200EXT) One thing I failed to mention was that Netflix works fine on the XBox360. Not sure how it connects, but it is tied to a Live account. Now the chromecast work fine streaming YouTube or a Chrome tab. The tablet works fine for everything else as well. If i start a movie on a pc then cast it, I get the same error. It could be a broken IPv6 on your home network. If your tablet believes it has an IPv6 connection, Netflix may be trying to use that rather than IPv4. However, if you don't _actually_ have IPv6 connectivity, it wouldn't work. I'm on 2.1 at home and Netflix works for me on the PC (Windows 7 and Windows 8), Android tablet and phones, TiVo, two Blu-Ray players, Wii U, and 3DS. I don't have a Chromecast on hand (yet) or I'd try it out there. Check your firewall's LAN config and make sure IPv6 is disabled there and on WAN, too, if you aren't using it. Also if you have any packages loaded such as squid or snort, they could be interfering. Jim IPv6 is disabled on all interfaces. I did do an upgrade from 2.03. Maybe something didn't upgrade cleanly. May try to write a clean card and see what that does. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Site to Site VPN issue in PFsense
I recall a bug being fixed in 2.02 that had to do whit openVPN authentication. Is it possible to upgrade all the boxes to 2.03. On Aug 19, 2013 11:38 AM, Vick Khera vi...@khera.org wrote: On Wed, Aug 14, 2013 at 7:07 AM, pratap koppal pratap.kop...@gmail.comwrote: My head office and along with two branch office deployed with pfsense. Head Office and one of Branch office deployed with PFsense 2.0.1, and other branch office PFsense 2.0.3. My branch offices are linked with HO through site-to-site open vpn. HO has two Internet lines for failover, when one wan fails, i have to shift my site-to-site vpn to another wan gateway. In this process branch with version 2.0.1 works perfectly, but one with 2.0.3 site-to-site tunnel damages. I have to recreate the tunnel, then it works. Please help. What VPN are you using? IPSec or OpenVPN? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OpenVPN over satellite broadband
We are working with a vendor using TVWS. Could be a solution for you. Speeds top out at about 16/8 Mbps. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Vlan Trunk
On May 3, 2012 1:34 PM, Abdullah Nihan abd@gmail.com wrote: Guys Please help me on this! I have posted my issue on Forum can you please take look and comment. I really thank you for your valuable time spend on helping Thank you! :) FORUM POST LINK: http://forum.pfsense.org/index.php/topic,49043.msg259653.html#msg259653 Dude, Begging will not get you far. People only respond for free when they have time. If the issue is this serious throw Chris and Scott a bone they will have you going in no time https://portal.pfsense.org/index.php/subscribe-for-access Or buy the book. It has helped me out of a few jams. http://www.amazon.com/gp/product/0979034280?ie=UTF8tag=pfsense-20linkCode=as2camp=1789creative=9325creativeASIN=0979034280 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Snapshots are back
On Fri, Mar 23, 2012 at 6:47 AM, Eugen Leitl eu...@leitl.org wrote: On Thu, Mar 22, 2012 at 09:48:54PM -0400, Jim Pingle wrote: FYI- 2.1 snapshots are going again. http://snapshots.pfsense.org/ Great. How stable are they? Useful for limited production? If you want to track via auto update... pfSense i386 2.1 DEVELOPMENT snapshots http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSense_HEAD/.updaters pfSense amd64 2.1 DEVELOPMENT snapshots http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_HEAD/.updaters ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Awesome. I think I will start testing, at least at my home lab. Will provide some feedback as I find things. -- Kevin ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NAT reflection and SIP registration
On Dec 6, 2011 6:52 PM, Kelly Hays kelly.h...@jkhfamily.org wrote: On Wed, Nov 23, 2011 at 8:16 PM, David Burgess apt@gmail.com wrote: I have the SIP client in my Android 2.3 phone set up to register to my local Askozia (Asterisk) PBX. The problem I'm having is that if I use the FQDN of the PBX server, the SIP client only registers when I'm off the network. In order to have the SIP client register successfully when on the local network, I have to drop the domain part and just use the hostname. Obviously this creates problems when I'm not on the local network. It used to work to just use the FQDN and the SIP client would register whether I was local or not. I'm not sure why it quit working, whether it was the upgrade from pfsense 2.0-RC to 2.0-RELEASE, or if it was the upgrade of the phone from Cyanogenmod 7.0 to 7.1. The PBX server has a RFC1918 address and pfsense is doing NAT for it to the internet. I'm using pfsense's DNS Forwarder on the internal network along with the first two DHCP options. If I ping the PBX server's hostname from the Android terminal I get a response from the internal address. Likewise, if I ping the PBX's FQDN I get a response, again from the internal address. If I do an nslookup on the FQDN from Android, I get the WAN address as a response, even if I create a host override entry in pfsense's DNS Forwarder. I wonder if the phone is doing the FQDN DNS lookup via the cell network even when connected to wifi? Any ideas on the problem or a workaround? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list I am using the Media5 softphone (free) on my Android 2.3 phone. It has a nice SIP Trace log function built in and the logs can be exported. This may give you some insight. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list