[pfSense Support] openvpn question
Hi, I would like being able sending an email , when somebdoy connects or disconnects to the openvpn in my pfsense router is there a way doing this with the router ? openvpn provides the capability thanks to a script, but pfsense ? Best Regards S.Ancelot - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
AW: [pfSense Support] XMLRPC debugging
-Ursprüngliche Nachricht- Von: Ian Levesque [mailto:i...@crystal.harvard.edu] Gesendet: Freitag, 21. August 2009 00:25 An: support@pfsense.com Betreff: Re: [pfSense Support] XMLRPC debugging On Aug 18, 2009, at 10:30 AM, Ian Levesque wrote: I just noticed that my two pfSense boxen aren't syncing anymore. In the logs, I see: An error code was received while attempting XMLRPC sync with username admin https://192.168.8.1:443 - Code 2: Invalid return payload: enable debugging to examine incoming payload Can you remember your last change? I had this problem when a rule comment contains special characters. Check all your rules and aliases to contain only a-z,A-Z,0-9,+,-,.,(,) (some more as valid for XML (UTF8) without escaping). Regards Matthias - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn question
On Fri, Aug 21, 2009 at 2:23 AM, stephane ancelotsance...@numalliance.com wrote: Hi, I would like being able sending an email , when somebdoy connects or disconnects to the openvpn in my pfsense router is there a way doing this with the router ? openvpn provides the capability thanks to a script, but pfsense ? Best way is to syslog off to another server and do some sort of log analysis from there. I use OSSEC for that. Wouldn't be hard to create a rule in OSSEC to email on OpenVPN login log. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] XMLRPC debugging
On Fri, Aug 21, 2009 at 2:39 AM, Matthias Niggemeierm...@thias.de wrote: Can you remember your last change? I had this problem when a rule comment contains special characters. Check all your rules and aliases to contain only a-z,A-Z,0-9,+,-,.,(,) (some more as valid for XML (UTF8) without escaping). I suspect that was probably a few versions back? I believe we strip any characters that will cause trouble and have for a while. Taking out any special characters wouldn't be a bad idea to try, though. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IGMP packet out of WAN
On Fri, Aug 21, 2009 at 5:40 AM, Evgeny Yurchenkoevg.yu...@rogers.com wrote: Old story but I can't see any progress here so decided to try to make patch by myself though it's not very straightforward for FreeBSD ports... Ermal, could you please look at https://rcs.pfsense.org/projects/pfsense-tools/repos/Eugene-igmpproxy/commits/169ff1e643cfbcd9ef6958f45b4c095547548603 and approve? I explained the problem I am trying to solve in Comments to this commit. If this commit looks ok what should be the next step to make it available for install via pfSense' gui? Thanks, Eugene. Send a merge request to mainline. If you do not succeed i will merge it manually. -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] OpenBGPD
After seeing the flurry of commits to this package, I was curious, and tried it out with a half dozen VMs in a basic 'core and border' setup. I'd like to play with it a bit more and see what it's really capable of. Are there any good guides out there on using openBGPD, maybe even specific to pfSense? One thing I couldn't figure out how to do is restricting announcements. For example, my upstream carriers restrict my BGP announces so that I can't announce networks that don't belong to me, like 74.125.0.0/16, and steal Google's traffic. :-) Thank You, Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] OpenBGPD
Hi Nathan, On Fri, Aug 21, 2009 at 10:18, Nathan Eisenbergnat...@atlasnetworks.us wrote: After seeing the flurry of commits to this package, I was curious, and tried it out with a half dozen VMs in a basic 'core and border' setup. I'd like to play with it a bit more and see what it's really capable of. Are there any good guides out there on using openBGPD, maybe even specific to pfSense? One thing I couldn't figure out how to do is restricting announcements. For example, my upstream carriers restrict my BGP announces so that I can't announce networks that don't belong to me, like 74.125.0.0/16, and steal Google's traffic. :-) I'll suggest: http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd.conf (the definitions of filters is about 2/3 down) http://www.openbsd.org/papers/linuxtag06-network.pdf (real-life examples) Regards, Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] CARP and OpenVPN
Are there any plans to get openvpn working well with CARP? I currently have a 2 pfSense CARP setup with VPN access via openvpn for support use, but due to the firewall failover, I have to have 2 openvpn conf files to use depending which firewall is active at the time. If it's already working, please give me some pointers how to use it! :) Much appreciated, TIA - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP and OpenVPN
2009/8/21 Chris Buechler c...@pfsense.org: On Fri, Aug 21, 2009 at 5:13 AM, Simon Dicksim...@irrelevant.org wrote: Are there any plans to get openvpn working well with CARP? I currently have a 2 pfSense CARP setup with VPN access via openvpn for support use, but due to the firewall failover, I have to have 2 openvpn conf files to use depending which firewall is active at the time. If it's already working, please give me some pointers how to use it! :) Works now, put local x.x.x.x in custom options, where x.x.x.x is a CARP IP. You will have to manually configure the secondary to match the primary since the config doesn't sync on 1.2.x. Aah, thanks, good to know, I'm sure I did try that (I already have the config matching between them so that's no big problem, will give that a try soon. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] OpenBGPD
-Original Message- From: Evgeny Yurchenko [mailto:evg.yu...@rogers.com] Sent: Friday, August 21, 2009 5:46 AM To: support@pfsense.com Subject: Re: [pfSense Support] OpenBGPD If you understand BGP without any relation to whatever platform it is used on then its configuration is pretty straightforward. I found pretty nice document explaining OpenBGPD implementation http://www.openbsd.org/papers/linuxtag06-network.pdf plus numerious howtos. You can play with restrictions by using deny from/allow from in RawConfig tab, for now this feature is not supported via gui. Eugene. - I have a moderate understanding of how BGP works, but have much to learn. I would love to see the ability to restrict announcements to specific networks added to the GUI. I'd bet that more polish on this package could let PFSense enter the 'core router' arena. Ah, were I a programmer... Best Regards, Nathan Eisenberg - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] XMLRPC debugging
On Aug 21, 2009, at 5:02 PM, Scott Ullrich wrote: On Fri, Aug 21, 2009 at 3:45 PM, Ian Levesquei...@crystal.harvard.edu wrote: php: /xmlrpc.php: Disallowing CARP sync loop. You have a CARP sync loop. You do not want to do that. Thanks, Scott - that much I figured out :) It turns out that even though I had all the checkboxes unchecked, just having an IP in the Synchronize to IP field on my secondary router would cause the perceived sync loop. Leaving the Synchronize Enabled checked and pfSync sync peer IP filled in gives me shared state tables without the xmlrpc sync issues. Thanks for everyone's help; it's especially nice to see the project's founders on here helping out. Cheers, Ian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IGMP packet out of WAN
On Fri, Aug 21, 2009 at 3:41 AM, Ermal Luçiermal.l...@gmail.com wrote: Send a merge request to mainline. If you do not succeed i will merge it manually. Item has been merged. Thanks! Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org