Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
thanks. --- On Wed, 7/30/08, Chris Buechler <[EMAIL PROTECTED]> wrote: From: Chris Buechler <[EMAIL PROTECTED]> Subject: Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue? To: support@pfsense.com Date: Wednesday, July 30, 2008, 10:03 PM On Thu, Jul 31, 2008 at 12:58 AM, Anil Garg <[EMAIL PROTECTED]> wrote: > > I would love to try the new 1.2.1 but there are so many images > Which one should be tested as most stable. > They're built once a day. Most days RELENG_1_2 doesn't change, and any changes that do occur are minor. Just pick the newest one available at the time of download. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
On Thu, Jul 31, 2008 at 12:58 AM, Anil Garg <[EMAIL PROTECTED]> wrote: > > I would love to try the new 1.2.1 but there are so many images > Which one should be tested as most stable. > They're built once a day. Most days RELENG_1_2 doesn't change, and any changes that do occur are minor. Just pick the newest one available at the time of download. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
Hi Chris I have an experimental rack for a start-up idea on 100 mbps pipe and the machines is an Dell 450 mhtz and added-in Intel 10/100 Server cards. Have Red/Orange/Green with about 12 servers. The image is 1.2 release and I have had no trouble cranking up to 78 mbps once .. Another point is that it has VPN and WAN is configured as static IP xxx.xxx.xxx.66/27 and for last 5 months it has never given up. There is no other small biz router that can compete with this solution. And I would put large environments on this considering it has snort implementation. CONGRATS for having a winner on your hands!! I would love to try the new 1.2.1 but there are so many images Which one should be tested as most stable. Best Regards Anil Garg --- On Wed, 7/30/08, Chris Buechler <[EMAIL PROTECTED]> wrote: From: Chris Buechler <[EMAIL PROTECTED]> Subject: Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue? To: support@pfsense.com Date: Wednesday, July 30, 2008, 6:29 PM On Wed, Jul 30, 2008 at 7:30 PM, Ted Crow <[EMAIL PROTECTED]> wrote: > > As an additional note, I've already tried the following to no avail: > > - tcp/udp tweaking (no change) Shouldn't be necessary anyway. Most of those settings are only relevant when the firewall is the endpoint of the connection. > - duplex mismatch testing (no problems) No errors on Status -> Interfaces? What speed and duplex is the WAN port showing as? In my experience with metro Ethernet, the endpoints are set inconsistently by providers (at least by AT&T). Some are forced speed/duplex and some are set to auto. In the former case you'll need to force your end, in the latter, leave it to auto. > what I can see. > - the DMZ speed is 40-60Mbps to the Internet and 50-60Mbps to the LAN. > How are you testing? I've pushed more than that through a 500 MHz box, something of the spec you're running with Intel NICs is capable of multi-Gbps. Since it's slow from DMZ to LAN it's likely not WAN port related. Since you're running relatively new hardware, the first thing I'd recommend is trying 1.2.1. The NICs you have in a box that new probably didn't exist at the time the em driver in FreeBSD 6.2 was written, so you may be hitting some glitch there. Ditto for any number of other components in that box. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
On Wed, Jul 30, 2008 at 8:29 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > On Wed, Jul 30, 2008 at 7:30 PM, Ted Crow <[EMAIL PROTECTED]> wrote: >> what I can see. >> - the DMZ speed is 40-60Mbps to the Internet and 50-60Mbps to the LAN. >> > > How are you testing? I've pushed more than that through a 500 MHz box, > something of the spec you're running with Intel NICs is capable of > multi-Gbps. Since it's slow from DMZ to LAN it's likely not WAN port > related. > > Since you're running relatively new hardware, the first thing I'd > recommend is trying 1.2.1. The NICs you have in a box that new > probably didn't exist at the time the em driver in FreeBSD 6.2 was > written, so you may be hitting some glitch there. Ditto for any number > of other components in that box. FWIW, I have no problems pushing gigabit traffic at wirespeed through my comparable speed boxes with pf enabled on Intel nics. I've never tested the top end out as packets per second were always more important (and I only ever needed to support 1gig anyway). But my aging 2.8ghz xeons that I bought 4 years ago could handle that speed, the new dual dual core opterons I just put in just yawn at the same traffic. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
On Wed, Jul 30, 2008 at 7:30 PM, Ted Crow <[EMAIL PROTECTED]> wrote: > > As an additional note, I've already tried the following to no avail: > > - tcp/udp tweaking (no change) Shouldn't be necessary anyway. Most of those settings are only relevant when the firewall is the endpoint of the connection. > - duplex mismatch testing (no problems) No errors on Status -> Interfaces? What speed and duplex is the WAN port showing as? In my experience with metro Ethernet, the endpoints are set inconsistently by providers (at least by AT&T). Some are forced speed/duplex and some are set to auto. In the former case you'll need to force your end, in the latter, leave it to auto. > what I can see. > - the DMZ speed is 40-60Mbps to the Internet and 50-60Mbps to the LAN. > How are you testing? I've pushed more than that through a 500 MHz box, something of the spec you're running with Intel NICs is capable of multi-Gbps. Since it's slow from DMZ to LAN it's likely not WAN port related. Since you're running relatively new hardware, the first thing I'd recommend is trying 1.2.1. The NICs you have in a box that new probably didn't exist at the time the em driver in FreeBSD 6.2 was written, so you may be hitting some glitch there. Ditto for any number of other components in that box. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
Ted, I had a similar issue with 10Mb symmetric Cox fiber connection in Las Vegas. For some reason, their equipment didn't like the BroadCom NIC in the system I had. Fortunately, there was another NIC in the system (Intel) that worked just fine. When I performed a bandwidth test using the BroadCom, I got barely over 2Mb. Using the Intel, I got 9.5Mb. What kind of NICs are in your pfSense box? Dimitri Rodis Integrita Systems LLC -Original Message- From: Ted Crow [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2008 1:03 PM To: support@pfsense.com Subject: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue? I'm running 1.2-RELEASE and we recently upgraded from 10mbps DSL to a metro fiber link and we were seeing a pretty significant performance hit across the firewall, especially outbound. In troubleshooting this, my provider has disabled all limiting on their end and the connection is basically a wide open FDX 100Mbps link. This *really* made the performance drop noticeable. Simple Diagram: -- | Fiber Switch |---| Cisco 2801 |---| Firewall |--> Multiple LANs -- | -- | DMZ Switch |--> DMZ Hosts -- A laptop directly connected to the fiber switch can pump >80Mbps to many points on the Internet. Behind my router it only hits 45-60Mbps probably because the router was never intended to be used at this speed (before the speed was bumped to 100mbps there was no significant performance drop). Behind the pfSense box, however, averages around 20-25Mbps to the Internet. LAN to DMZ Hosts are around 55-60Mbps. The box is pretty beefy - a SuperServer 5015M-MF+B, Xeon 3040 with 1GB DDR2 and six Intel 1Gbps ports. I'd be a little surprised if the hardware has anything to do with it. CPU and RAM usage have never exceeded 10%. I tried enabling polling but that made no difference. I've disabled the traffic shaper and removed most of my packages to get where I am now and I've run out of ideas. Anyone? Ted Crow Information Technology Manager Tuttle Services, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 1.3 alpha2X on VMware server 1.0.5
Thanks for the update will keep an eye out for them. -- David L. Strout Engineering Systems Plus, LLC - Original Message - SUBJECT: Re: [pfSense Support] 1.3 alpha2X on VMware server 1.0.5 FROM:[EMAIL PROTECTED] TO:[EMAIL PROTECTED] DATE: 07-30-2008 7:00 pm On Wed, Jul 30, 2008 at 6:26 PM, DLStrout wrote: > Bill, Anyone, > > Would it be possible to get notified when you all feel this issue is > resolved and ready for -re-testing?? > > I'd welcome the opportunity to dive into 1.3 A2X, but unfortunately we are > short on standalone server hardware ... so VM is my only option now. It's not specific to VMware, something is broken in 1.3 at the moment. The snapshots have been taken offline (well, covered with an index.html), check back on the snapshot server periodically to see when they're available again. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
As an additional note, I've already tried the following to no avail: - tcp/udp tweaking (no change) - duplex mismatch testing (no problems) - disabling pf to see if it's an issue with my rules (good idea Matthew, but no change) Other items of note: - FTP bandwidth from the shell on the firewall itself shows the same speed as on the LAN. - a packet sniffer has been running full time on the WAN side with no significant finds. I may add one to the LAN side as well to see what I can see. - the DMZ speed is 40-60Mbps to the Internet and 50-60Mbps to the LAN. Ted Crow Information Technology Manager Tuttle Services, Inc. -Original Message- From: Ted Crow [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2008 4:03 PM To: support@pfsense.com Subject: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue? I'm running 1.2-RELEASE and we recently upgraded from 10mbps DSL to a metro fiber link and we were seeing a pretty significant performance hit across the firewall, especially outbound. In troubleshooting this, my provider has disabled all limiting on their end and the connection is basically a wide open FDX 100Mbps link. This *really* made the performance drop noticeable. Simple Diagram: -- | Fiber Switch |---| Cisco 2801 |---| Firewall |--> Multiple LANs -- | -- | DMZ Switch |--> DMZ Hosts -- A laptop directly connected to the fiber switch can pump >80Mbps to many points on the Internet. Behind my router it only hits 45-60Mbps probably because the router was never intended to be used at this speed (before the speed was bumped to 100mbps there was no significant performance drop). Behind the pfSense box, however, averages around 20-25Mbps to the Internet. LAN to DMZ Hosts are around 55-60Mbps. The box is pretty beefy - a SuperServer 5015M-MF+B, Xeon 3040 with 1GB DDR2 and six Intel 1Gbps ports. I'd be a little surprised if the hardware has anything to do with it. CPU and RAM usage have never exceeded 10%. I tried enabling polling but that made no difference. I've disabled the traffic shaper and removed most of my packages to get where I am now and I've run out of ideas. Anyone? Ted Crow Information Technology Manager Tuttle Services, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 1.3 alpha2X on VMware server 1.0.5
On Wed, Jul 30, 2008 at 6:26 PM, DLStrout <[EMAIL PROTECTED]> wrote: > Bill, Anyone, > > Would it be possible to get notified when you all feel this issue is > resolved and ready for -re-testing?? > > I'd welcome the opportunity to dive into 1.3 A2X, but unfortunately we are > short on standalone server hardware ... so VM is my only option now. It's not specific to VMware, something is broken in 1.3 at the moment. The snapshots have been taken offline (well, covered with an index.html), check back on the snapshot server periodically to see when they're available again. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Snort Install Missing
I was just wondering if there was something drastically broke in the past "latest" release? Why the removal (just to far out of date?) I uninstalled on a test box and I can't even get it back in its "old" version/state ... is there a reason that the older version wasn't left available? Seem that older is better than nothing (unless of course drastically broken/flawed). Just wondering. -- David L. Strout Engineering Systems Plus, LLC
Re: [pfSense Support] 1.3 alpha2X on VMware server 1.0.5
Bill, Anyone, Would it be possible to get notified when you all feel this issue is resolved and ready for -re-testing?? I'd welcome the opportunity to dive into 1.3 A2X, but unfortunately we are short on standalone server hardware ... so VM is my only option now. -- David L. Strout Engineering Systems Plus, LLC
Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
On Wed, Jul 30, 2008 at 10:03 PM, Ted Crow <[EMAIL PROTECTED]> wrote: > > I'm running 1.2-RELEASE and we recently upgraded from 10mbps DSL to a > metro fiber link and we were seeing a pretty significant performance hit > across the firewall, especially outbound. In troubleshooting this, my > provider has disabled all limiting on their end and the connection is > basically a wide open FDX 100Mbps link. This *really* made the > performance drop noticeable. > > Simple Diagram: > > -- > | Fiber Switch |---| Cisco 2801 |---| Firewall |--> Multiple LANs > -- > | > -- > | DMZ Switch |--> DMZ Hosts > -- > > A laptop directly connected to the fiber switch can pump >80Mbps to many > points on the Internet. Behind my router it only hits 45-60Mbps > probably because the router was never intended to be used at this speed > (before the speed was bumped to 100mbps there was no significant > performance drop). Behind the pfSense box, however, averages around > 20-25Mbps to the Internet. LAN to DMZ Hosts are around 55-60Mbps. > > The box is pretty beefy - a SuperServer 5015M-MF+B, Xeon 3040 with 1GB > DDR2 and six Intel 1Gbps ports. I'd be a little surprised if the > hardware has anything to do with it. CPU and RAM usage have never > exceeded 10%. > > I tried enabling polling but that made no difference. I've disabled the > traffic shaper and removed most of my packages to get where I am now and > I've run out of ideas. > > Anyone? Search google for tweaking freebsd! I would start with tcp/udp buffers. Take a look with sysctl to the net.inet tree. > > Ted Crow > Information Technology Manager > Tuttle Services, Inc. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Ermal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfSense 1.2-RELEASE: Performance Issue?
I'm running 1.2-RELEASE and we recently upgraded from 10mbps DSL to a metro fiber link and we were seeing a pretty significant performance hit across the firewall, especially outbound. In troubleshooting this, my provider has disabled all limiting on their end and the connection is basically a wide open FDX 100Mbps link. This *really* made the performance drop noticeable. Simple Diagram: -- | Fiber Switch |---| Cisco 2801 |---| Firewall |--> Multiple LANs -- | -- | DMZ Switch |--> DMZ Hosts -- A laptop directly connected to the fiber switch can pump >80Mbps to many points on the Internet. Behind my router it only hits 45-60Mbps probably because the router was never intended to be used at this speed (before the speed was bumped to 100mbps there was no significant performance drop). Behind the pfSense box, however, averages around 20-25Mbps to the Internet. LAN to DMZ Hosts are around 55-60Mbps. The box is pretty beefy - a SuperServer 5015M-MF+B, Xeon 3040 with 1GB DDR2 and six Intel 1Gbps ports. I'd be a little surprised if the hardware has anything to do with it. CPU and RAM usage have never exceeded 10%. I tried enabling polling but that made no difference. I've disabled the traffic shaper and removed most of my packages to get where I am now and I've run out of ideas. Anyone? Ted Crow Information Technology Manager Tuttle Services, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
Okay... if I understand correctly, now it seems you are able to see the authentication screen. But once authenticated, you still don't get out. Try turning off MAC checking in pfSense's captive portal setup. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2008 12:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters <[EMAIL PROTECTED]> wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
Re: [pfSense Support] PF and UT not working
You've also dodged several attempts at actually telling us what services are in use on your Untangle box. Simply saying "all of them are enabled" doesn't tell those of us who are not familiar with Untangle much about your setup. Your subnet configuration would also be helpful instead of just saying "yes as per the suggestion i have changed UT box IP to another range"... what range? Is it the same as your pfSense box? How about a diagram with your configuration? Anything? Also, the problem does not appear to be pfSense related. It would be quite a bit more appropriate to get in touch with the Untangle support forums/mailing lists/etc instead of reiterating that your problem lies with a product unrelated to this list. Take your pick... tell us something useful... or bring your problem to the appropriate arena where it can be dealt with. But please stop posting useless drivel that contains no useful information whatsoever. Tim Nelson Systems/Network Support Rockbochs Inc. - Original Message - From: "ram" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Wednesday, July 30, 2008 12:36:31 PM GMT -06:00 US/Canada Central Subject: Re: [pfSense Support] PF and UT not working On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters < [EMAIL PROTECTED] > wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
Re: [pfSense Support] PF and UT not working
On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters <[EMAIL PROTECTED] > wrote: > This may have been beaten to death now but if UT is truely in a bridge > mode, you shouldn't need an IP address on it except for management. If that > is the case, I could change the IP of UT to something in the private range > and see if your issues clear up. What is your internet connection. I am > going to assume a cable or DSL modem of some sort. What may be happeing is > your cable modem sees the IP of your PF box and the MAC of your UT box and > somehow not getting the rest of the ARP information. > Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
Re: [pfSense Support] PF and UT not working
This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
AW: AW: [pfSense Support] OpenVPN Server & Client
Yepp... i mean the dynamic sourceport option... try to check it to select a dynamic sourceport so the 1194 port should not be in use then... with ifconfig i have 3 tun interfaces for 3 openvpn instances... Von: David Meireles [EMAIL PROTECTED] Gesendet: Mittwoch, 30. Juli 2008 13:05 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] OpenVPN Server & Client You mean "Dynamic sourceport" option on the client configuration? That option is not check, I can try that, but only latter, when all the road warriors go home. But Martin, if you do an ifconfig, how many tun interfaces do you have? Fuchs, Martin escreveu: > Hi, David ! > > I have client and servermode working with pfsense on one system and it > works like a charm... > My server is running on UDP/1194 and the clients (2 of hem) are > running on UDP/dynamic port... > > no problem with it at all... > > Please recheck your config and make sure the OpenVPN services are not > using the same ports. > Further check /status.php if there really is only one > tun-interface... should be one for each service... > > which version are you running ? > you should at least update to *1.2-RELEASE *built on Sun Feb 24 > 17:13:15 EST 2008 ... > > good luck, > > Martin > > *Von:* David Meireles [EMAIL PROTECTED] > *Gesendet:* Mittwoch, 30. Juli 2008 12:23 > *An:* support@pfsense.com > *Betreff:* Re: [pfSense Support] OpenVPN Server & Client > > Yes, but I want to use a pfsense box to act both as OpenVPN Server and > OpenVPN Client. For example, the box is now acting as a server, > althrough I have the client connection to site X configurated, but not > enabled... If I enable this connection, I immediately loose the Server, > because both are using the same interface (tun0). Isn't there a way to > use, maybye, tun0 for server ans tun1 for client!? > > Paul Mansfield escreveu: > > David Meireles wrote: > >> noticed I couldn't use the same box for this, because there was only > >> ONE tun device, and it would be used for whatever service (the openvpn > > > > > > you can have as many openvpn servers running as you like, just give > > each one its own port. they can each have entirely different > > configurations, some using shared key. some on x509 cert authentication. > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN Server & Client
David Meireles wrote: I thought too that each deamon would create his own tun device, but that our vpn box has a different server for each user, and there are many tun devices. so I think you have something wrong. login to the box, do a "ps auxgw | grep openv" and look in the dirs for the configs and check them by eye. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN Server & Client
I'm using diferent ports. For the server is the default UDP port, as for the client connection to site X, they have their server on 5 UDP port, so it's not from that... And yes, I'm using the latest stable version of pfSense. I thought too that each deamon would create his own tun device, but that doesn't happen :\ It's really weird, the last service I start (be it client or server) takes control of the only tun device I have, and the service that lost that control doesn-t even notice that!!! But I'll try to put the nobind option in my server and client configuration, and latter will try also the option I've mentioned in the last mail, too bad I can only do that after 6pm GMT, but hey, let's wait and see... Paul Mansfield escreveu: David Meireles wrote: Yes, but I want to use a pfsense box to act both as OpenVPN Server and OpenVPN Client. For example, the box is now acting as a server, althrough I have the client connection to site X configurated, but not enabled... If I enable this connection, I immediately loose the Server, because both are using the same interface (tun0). Isn't there a way to use, maybye, tun0 for server ans tun1 for client!? each ovpn daemon creates its own tun device. there isn't actually that much difference between a server and a client, except the latter initiates the connect, the former waits. create multiple servers and clients on different ports - be sure to set the source port differently for the client or consider using the floating port option "nobind". - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN Server & Client
David Meireles wrote: Yes, but I want to use a pfsense box to act both as OpenVPN Server and OpenVPN Client. For example, the box is now acting as a server, althrough I have the client connection to site X configurated, but not enabled... If I enable this connection, I immediately loose the Server, because both are using the same interface (tun0). Isn't there a way to use, maybye, tun0 for server ans tun1 for client!? each ovpn daemon creates its own tun device. there isn't actually that much difference between a server and a client, except the latter initiates the connect, the former waits. create multiple servers and clients on different ports - be sure to set the source port differently for the client or consider using the floating port option "nobind". - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] OpenVPN Server & Client
You mean "Dynamic sourceport" option on the client configuration? That option is not check, I can try that, but only latter, when all the road warriors go home. But Martin, if you do an ifconfig, how many tun interfaces do you have? Fuchs, Martin escreveu: Hi, David ! I have client and servermode working with pfsense on one system and it works like a charm... My server is running on UDP/1194 and the clients (2 of hem) are running on UDP/dynamic port... no problem with it at all... Please recheck your config and make sure the OpenVPN services are not using the same ports. Further check /status.php if there really is only one tun-interface... should be one for each service... which version are you running ? you should at least update to *1.2-RELEASE *built on Sun Feb 24 17:13:15 EST 2008 ... good luck, Martin *Von:* David Meireles [EMAIL PROTECTED] *Gesendet:* Mittwoch, 30. Juli 2008 12:23 *An:* support@pfsense.com *Betreff:* Re: [pfSense Support] OpenVPN Server & Client Yes, but I want to use a pfsense box to act both as OpenVPN Server and OpenVPN Client. For example, the box is now acting as a server, althrough I have the client connection to site X configurated, but not enabled... If I enable this connection, I immediately loose the Server, because both are using the same interface (tun0). Isn't there a way to use, maybye, tun0 for server ans tun1 for client!? Paul Mansfield escreveu: > David Meireles wrote: >> noticed I couldn't use the same box for this, because there was only >> ONE tun device, and it would be used for whatever service (the openvpn > > > you can have as many openvpn servers running as you like, just give > each one its own port. they can each have entirely different > configurations, some using shared key. some on x509 cert authentication. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] OpenVPN Server & Client
Hi, David ! I have client and servermode working with pfsense on one system and it works like a charm... My server is running on UDP/1194 and the clients (2 of hem) are running on UDP/dynamic port... no problem with it at all... Please recheck your config and make sure the OpenVPN services are not using the same ports. Further check /status.php if there really is only one tun-interface... should be one for each service... which version are you running ? you should at least update to 1.2-RELEASE built on Sun Feb 24 17:13:15 EST 2008 ... good luck, Martin Von: David Meireles [EMAIL PROTECTED] Gesendet: Mittwoch, 30. Juli 2008 12:23 An: support@pfsense.com Betreff: Re: [pfSense Support] OpenVPN Server & Client Yes, but I want to use a pfsense box to act both as OpenVPN Server and OpenVPN Client. For example, the box is now acting as a server, althrough I have the client connection to site X configurated, but not enabled... If I enable this connection, I immediately loose the Server, because both are using the same interface (tun0). Isn't there a way to use, maybye, tun0 for server ans tun1 for client!? Paul Mansfield escreveu: > David Meireles wrote: >> noticed I couldn't use the same box for this, because there was only >> ONE tun device, and it would be used for whatever service (the openvpn > > > you can have as many openvpn servers running as you like, just give > each one its own port. they can each have entirely different > configurations, some using shared key. some on x509 cert authentication. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN Server & Client
Yes, but I want to use a pfsense box to act both as OpenVPN Server and OpenVPN Client. For example, the box is now acting as a server, althrough I have the client connection to site X configurated, but not enabled... If I enable this connection, I immediately loose the Server, because both are using the same interface (tun0). Isn't there a way to use, maybye, tun0 for server ans tun1 for client!? Paul Mansfield escreveu: David Meireles wrote: noticed I couldn't use the same box for this, because there was only ONE tun device, and it would be used for whatever service (the openvpn you can have as many openvpn servers running as you like, just give each one its own port. they can each have entirely different configurations, some using shared key. some on x509 cert authentication. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN Server & Client
David Meireles wrote: noticed I couldn't use the same box for this, because there was only ONE tun device, and it would be used for whatever service (the openvpn you can have as many openvpn servers running as you like, just give each one its own port. they can each have entirely different configurations, some using shared key. some on x509 cert authentication. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]