[pfSense Support] Multiple Gateway
Hi, I have a Real IPs OPT1 ( X.X.X.100 ), OPT2 ( X.X.X.101 ) , OPT2 ( X.X.X.102 ) , OPT2 ( X.X.X.103 ) on interfaces and Lan interfeces is 10.0.1.1 How can I change default gateway on 10.0.1.5, Normal default gateway is WAN IP but I want make 10.0.1.15 Ip's default gateway OPT1 Can you help me please ?
RE: [pfSense Support] Multiple Gateway
From: Koray AGAYA [mailto:insanad...@gmail.com] Sent: 04 December 2009 09:44 To: support@pfsense.com Subject: [pfSense Support] Multiple Gateway Hi, I have a Real IPs OPT1 ( X.X.X.100 ), OPT2 ( X.X.X.101 ) , OPT2 ( X.X.X.102 ) , OPT2 ( X.X.X.103 ) on interfaces and Lan interfeces is 10.0.1.1 How can I change default gateway on 10.0.1.5, Normal default gateway is WAN IP but I want make 10.0.1.15 Ip's default gateway OPT1 Can you help me please ? I'm not 100% sure that I understand what your asking here, but I'm assuming that you want some of your clients on a particular IP range to use OPT1 as it's gateway, rather than WAN? It might be easier to create a static route for packets from certain IP addresses. As to how, I'm still new to pfsense so I don't know how it's done in pfsense, but that might be the question you want to ask.
[pfSense Support] PFsense + Load Balance + Squid
Hi, I have problem in configuration the load balance in pfsense. I am configure, but not get work the squid. My clients in Squid not balance, but In clients out squid get balance normally. Anybody know why??? []'s Rafael Cristian
Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips
2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: Dear All, Is it possible to slow down packets that come to and from a particular IP or alias on a particular port – I have a rsync sessions going on in the background, and I do not want them to ever use more than 5% of the total bandwidth – Can this be done? --- Kind Regards, Mr Gabriel Hi Gabriel, the bw-limit-switch from rsync doesn't help? if so, then you could use the traffic shaper, search the wiki for Howtos. ;-) greetings michael -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense and tables?
Since I came from a 'pf' environment, I had used tables to list piles of IPs (CIDRs) that were known spammers and the like. Mostly APIC... Is there any way to setup a table within pfSense? I would like to be able to upload (or ssh into and create) a table and then have pfSense use it for BLOCK purposes. Thanks! -- J.D. Bronson Aurora Health Care Information Technology Office: 414.978.8282 // Fax: 414.978.3988 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Intentionally slow down traffic on certain ports/ips
-Original Message- From: Michael Schuh [mailto:michael.sc...@gmail.com] Sent: 04 December 2009 11:23 To: support@pfsense.com Subject: Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips 2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: Dear All, Is it possible to slow down packets that come to and from a particular IP or alias on a particular port - I have a rsync sessions going on in the background, and I do not want them to ever use more than 5% of the total bandwidth - Can this be done? --- Kind Regards, Mr Gabriel Hi Gabriel, the bw-limit-switch from rsync doesn't help? if so, then you could use the traffic shaper, search the wiki for Howtos. ;-) greetings michael I have put the details into the traffic shaper, how would I go about testing that this works? I go to status:queues, but I'm greeted by a graph that never appears - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and tables?
On 12/4/09 6:28 AM, Ermal Luçi wrote: pfSense has a 3 tables already setup to be used for blocking. sshlockout virusprot snort2c The last one is evaluated first in all versions of pfSense. While the others evaluate first on the upcoming 2.0 version. On 2.0 aliases means table while i cannot recall if this is the same on 1.2.3. But you can be fine by just adding to the tables mentioned above. Where do I access this via the WWW interface or do I do this via SSH and command line...? thanks! -JD -- J.D. Bronson Information Technology Aurora Health Care - Milwaukee WI Office: 414.978.8282 // Fax: 414.978.3988 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips
2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: -Original Message- From: Michael Schuh [mailto:michael.sc...@gmail.com] Sent: 04 December 2009 11:23 To: support@pfsense.com Subject: Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips 2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: Dear All, Is it possible to slow down packets that come to and from a particular IP or alias on a particular port - I have a rsync sessions going on in the background, and I do not want them to ever use more than 5% of the total bandwidth - Can this be done? --- Kind Regards, Mr Gabriel Hi Gabriel, the bw-limit-switch from rsync doesn't help? if so, then you could use the traffic shaper, search the wiki for Howtos. ;-) greetings michael I have put the details into the traffic shaper, how would I go about testing that this works? I go to status:queues, but I'm greeted by a graph that never appears probably this could help you: http://devwiki.pfsense.org/TrafficShapingGuide imself has not used traffic shaping yet but if you would test it you could use pv with nc and dd or whatever you like under linux to test the max -bw like out of the box... on system A ==pfsensebox== on system B 10.0.0.2 - 10.0.0.1 172.16.0.1 - 172.16.0.2 nc -l -p 3142|pv /dev/null === dd if=/dev/zero bs=1M |pv | nc 10.0.0.2 3142 change the ip in the example (10.0.0.2) to your needs hope that helps you... only to be sure: the traffic that should getting shaped _must_ flow trough the pfsense-box and don't forget to reset the states before you test the traffic-shaping... -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Intentionally slow down traffic on certain ports/ips
-Original Message- From: Michael Schuh [mailto:michael.sc...@gmail.com] Sent: 04 December 2009 11:23 To: support@pfsense.com Subject: Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips 2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: Dear All, Is it possible to slow down packets that come to and from a particular IP or alias on a particular port - I have a rsync sessions going on in the background, and I do not want them to ever use more than 5% of the total bandwidth - Can this be done? --- Kind Regards, Mr Gabriel Hi Gabriel, the bw-limit-switch from rsync doesn't help? if so, then you could use the traffic shaper, search the wiki for Howtos. ;-) greetings michael I've created a new queue called superslowdown (so I can easily identify it!) I've given it 5% bandwidth, and a priority of 1. For scheduler options, Default queue. I'm not 100% sure what to put into the Service Curve (sc) boxes, and advice would be appreciated. As for the Parent Queue, I'm not sure what is required here. Again, any assistance would be appreciated I've added the following settings in the traffic shaper queues In interfaceWAN Out Interface LAN ProtocolTCP Source Type - Single host, --Address, (internal IP) Source Port Range (port number ranges lowest, to highest) Destination Type - Single host/aliasAddress, -- Address (alias of IPs) Destination Port Range (port number ranges lowest, to highest) Will this be a sufficient template to slow down traffic to and from particular servers on the LAN? (the queue has been configured for both directions, LAN to WAN, and WAN to LAN) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips
2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: -Original Message- From: Michael Schuh [mailto:michael.sc...@gmail.com] Sent: 04 December 2009 11:23 To: support@pfsense.com Subject: Re: [pfSense Support] Intentionally slow down traffic on certain ports/ips 2009/12/4 Gabriel - IP Guys gabr...@impactteachers.com: Dear All, Is it possible to slow down packets that come to and from a particular IP or alias on a particular port - I have a rsync sessions going on in the background, and I do not want them to ever use more than 5% of the total bandwidth - Can this be done? --- Kind Regards, Mr Gabriel Hi Gabriel, the bw-limit-switch from rsync doesn't help? if so, then you could use the traffic shaper, search the wiki for Howtos. ;-) greetings michael I've created a new queue called superslowdown (so I can easily identify it!) I've given it 5% bandwidth, and a priority of 1. For scheduler options, Default queue. I'm not 100% sure what to put into the Service Curve (sc) boxes, and advice would be appreciated. As for the Parent Queue, I'm not sure what is required here. Again, any assistance would be appreciated I've added the following settings in the traffic shaper queues In interface WAN Out Interface LAN Protocol TCP Source Type - Single host, --Address, (internal IP) Source Port Range (port number ranges lowest, to highest) Destination Type - Single host/alias Address, -- Address (alias of IPs) Destination Port Range (port number ranges lowest, to highest) Will this be a sufficient template to slow down traffic to and from particular servers on the LAN? (the queue has been configured for both directions, LAN to WAN, and WAN to LAN) Im not really sure about this in depht, but looks good. if you have used the wizard for creating the rules all should be fine. probably another person could help you more than me. or you search through the mailing-list, if you want. good luck...greetings michael -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to ensure packets go out of the IP they came I on?
snipped excess quoting - please learn to trim! On 04/12/09 11:02, Gabriel - IP Guys wrote: Basically, what I want to do is have traffic come in on my secondary ISP, and return packets return out the correct interface, instead of being blocked. Is that possible? what people initially thought you meant was multi-WAN: http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x but I think what you mean is you want to multi-home services. forum has some discussion, try here: http://forum.pfsense.org/index.php?board=21.0 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Monitor traffic through vpn
I have been asked to monitor traffic, per user through our openvpn pfsense setup, as its setup for filtering (Therefor I know what ip each user uses), I presume this can easily be done by looking at traffic between the opt int and the lan int. Are there provisions built in to pfsense to make this easy, can I send the data to a different host for example w/ a mysql backend? Thanks! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor traffic through vpn
Joseph L. Casale wrote: I have been asked to monitor traffic, per user through our openvpn pfsense setup, as its setup for filtering (Therefor I know what ip each user uses), I presume this can easily be done by looking at traffic between the opt int and the lan int. Are there provisions built in to pfsense to make this easy, can I send the data to a different host for example w/ a mysql backend? If you have your OpenVPN tun interface assigned as an OPT, you can probably use any of the existing bandwidth monitoring software packages: http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F You might be able to find a free netflow collector that can push data to MySQL, but I have only tinkered with netflow (there is a free perl script out there somewhere that grabs data). Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor traffic through vpn
On 04/12/09 16:08, Joseph L. Casale wrote: I have been asked to monitor traffic, per user through our openvpn pfsense setup, as its setup for filtering (Therefor I know what ip each user uses), I presume this can easily be done by looking at traffic between the opt int and the lan int. Are there provisions built in to pfsense to make this easy, can I send the data to a different host for example w/ a mysql backend? actually, that's something I would like to do as well. if I do ifconfig tun0 it doesn't report any traffic; neither does it do so for enc0 when using ipsec # ifconfig enc0 enc0: flags=141UP,RUNNING,PROMISC metric 0 mtu 1536 # ifconfig tun0 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1500 inet6 ::xxx:::%tun0 prefixlen 64 scopeid 0x1d inet x.x.x.x -- x.x.x.x netmask 0x Opened by PID 39108 # what you can do with openvpn is to add a custom setting status, e.g. status /etc/myopenvpn.status this file gets populated thus: OpenVPN STATISTICS Updated,Fri Dec 4 16:16:53 2009 TUN/TAP read bytes,0 TUN/TAP write bytes,0 TCP/UDP read bytes,2821442 TCP/UDP write bytes,2657319 Auth read bytes,656320 pre-compress bytes,0 post-compress bytes,0 pre-decompress bytes,0 post-decompress bytes,0 END You could probably hack up a munin plugin to read this. Hang on, someone already did homepage: http://munin.projects.linpro.no/wiki/plugin-openvpn plugin: http://rodolphe.quiedeville.org/hack/munin/openvpn/ HTH Paul - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to ensure packets go out of the IP they came I on?
Chris Buechler wrote: On Thu, Dec 3, 2009 at 7:42 PM, Gabriel - IP Guys gabr...@impactteachers.com wrote: Dear All, I have multiple ISP’s connected to my pfSense box, but only the ISP that is configured as the WAN seems to be able to route traffic. That's how it works by default. Not enough info there to tell you what you have setup that makes it not do that. Post your NAT, rules, and anything else that may be relevant. By the way last time I checked UDP OpenVpn it did not work this way. Incoming packet comes on OPTx outgoing comes out of WAN. There was no such problem with TCP. Is it known issue? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Monitor traffic through vpn
If you have your OpenVPN tun interface assigned as an OPT, you can probably use any of the existing bandwidth monitoring software packages: http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F Wow, the ntop package out of the box displayed what I needed exactly as I wanted. No need to produce anyting better. Thanks! jlc
Re: [pfSense Support] PFsense + Load Balance + Squid
On Fri, Dec 4, 2009 at 6:14 AM, Rafael Cristian rcristia...@gmail.com wrote: Hi, I have problem in configuration the load balance in pfsense. I am configure, but not get work the squid. My clients in Squid not balance, but In clients out squid get balance normally. Anybody know why??? That's how it works. Traffic initiated by the firewall doesn't get balanced. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to ensure packets go out of the IP they came I on?
On Fri, Dec 4, 2009 at 12:00 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: By the way last time I checked UDP OpenVpn it did not work this way. Incoming packet comes on OPTx outgoing comes out of WAN. There was no such problem with TCP. Is it known issue? Works fine when configured correctly, OpenVPN has to listen on the OPT address. The book details how to make that work, in the OpenVPN chapter. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to ensure packets go out of the IP they came I on?
On Fri, Dec 4, 2009 at 6:02 AM, Gabriel - IP Guys gabr...@impactteachers.com wrote: Basically, what I want to do is have traffic come in on my secondary ISP, and return packets return out the correct interface, instead of being blocked. Is that possible? Yes, and that's how it works by default. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: PFsense + Load Balance + Squid
In message d64aa1760912041123v2e92448fi3bc780947235c...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: On Fri, Dec 4, 2009 at 6:14 AM, Rafael Cristian rcristia...@gmail.com wrote: Hi, I have problem in configuration the load balance in pfsense. I am configure, but not get work the squid. My clients in Squid not balance, but In clients out squid get balance normally. Anybody know why??? That's how it works. Traffic initiated by the firewall doesn't get balanced. Is this likely to change in the future (2.0 or beyond)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: PFsense + Load Balance + Squid
On Fri, Dec 4, 2009 at 2:46 PM, Dave Warren dave-use...@djwcomputers.com wrote: In message d64aa1760912041123v2e92448fi3bc780947235c...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: On Fri, Dec 4, 2009 at 6:14 AM, Rafael Cristian rcristia...@gmail.com wrote: Hi, I have problem in configuration the load balance in pfsense. I am configure, but not get work the squid. My clients in Squid not balance, but In clients out squid get balance normally. Anybody know why??? That's how it works. Traffic initiated by the firewall doesn't get balanced. Is this likely to change in the future (2.0 or beyond)? You can use floating rules in 2.0 to balance traffic from the firewall. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RES: [pfSense Support] Re: PFsense + Load Balance + Squid
Thank you. But is version 2.0 now is available -Mensagem original- De: cbuech...@gmail.com [mailto:cbuech...@gmail.com] Em nome de Chris Buechler Enviada em: sexta-feira, 4 de dezembro de 2009 18:10 Para: support@pfsense.com Assunto: Re: [pfSense Support] Re: PFsense + Load Balance + Squid On Fri, Dec 4, 2009 at 2:46 PM, Dave Warren dave-use...@djwcomputers.com wrote: In message d64aa1760912041123v2e92448fi3bc780947235c...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: On Fri, Dec 4, 2009 at 6:14 AM, Rafael Cristian rcristia...@gmail.com wrote: Hi, I have problem in configuration the load balance in pfsense. I am configure, but not get work the squid. My clients in Squid not balance, but In clients out squid get balance normally. Anybody know why??? That's how it works. Traffic initiated by the firewall doesn't get balanced. Is this likely to change in the future (2.0 or beyond)? You can use floating rules in 2.0 to balance traffic from the firewall. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: PFsense + Load Balance + Squid
On Fri, Dec 4, 2009 at 3:58 PM, Rafael Cristian rcristia...@gmail.com wrote: Thank you. But is version 2.0 now is available Yes, but it is alpha-alpha (soon to be alpha): http://snapshots.pfsense.org/ Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: PFsense + Load Balance + Squid
On Fri, Dec 4, 2009 at 4:02 PM, Scott Ullrich sullr...@gmail.com wrote: On Fri, Dec 4, 2009 at 3:58 PM, Rafael Cristian rcristia...@gmail.com wrote: Thank you. But is version 2.0 now is available Yes, but it is alpha-alpha (soon to be alpha): In other words - unless you can fix underlying problems yourself, *don't* use it. It's pretty much guaranteed there are some multi-WAN bugs there still with the new gateways functionality. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: PFsense + Load Balance + Squid
Ok. I await the final version. thanks again. 2009/12/4 Chris Buechler cbuech...@gmail.com On Fri, Dec 4, 2009 at 4:02 PM, Scott Ullrich sullr...@gmail.com wrote: On Fri, Dec 4, 2009 at 3:58 PM, Rafael Cristian rcristia...@gmail.com wrote: Thank you. But is version 2.0 now is available Yes, but it is alpha-alpha (soon to be alpha): In other words - unless you can fix underlying problems yourself, *don't* use it. It's pretty much guaranteed there are some multi-WAN bugs there still with the new gateways functionality. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Is your embedded pfsense stable?
On Thu, Dec 3, 2009 at 1:35 AM, mehma sarja mehmasa...@gmail.com wrote: 1.2.3-RC3, nanobsd on a Netgate Alix board with 256 MB RAM and a 8GB CF card. The firmware and all have been updated. Have been playing around with this box as a firewall for the last couple of weeks. Then I did the unthinkable and ventured out of my comfort shell. Installed DNS Blacklist, Snort and Backup. Well, I can report that Backup runs without problems. Initially DNS Blacklist ran but then I installed the dreaded pig... Snort. I had to try a few times for the install to take. Then Snort ran and I got even bolder. I turned on a bunch of rules without knowing what they actually did. And that did me in. Keeping my eye on the RAM - I reached 84% and then it happened. As Snort rules get exercised, memory usage skyrockets and froze my little Alix box. So, my question really is how far can these little machines be pushed? Even Snort with a lighter config is probably doable. But yeah if you push it past its limits, which isn't hard to do when you're running Snort, you can easily kill the box. There is no swap, so when you run out of RAM, things can go haywire. Aside from running crazy things that you shouldn't be with 256 MB RAM, the ALIX hardware and embedded is rock solid. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] IPSEC disconnects when 2 clients connect
Have a PFSense firewall for one of my users. We where using Shrewsoft vpn with mobile vpn setup. They were able to have a tunnel open at his home office from both his desktop and laptop at the same time. I believe there were both running Vista. Now they are both on Win7 . Bring up the first computer and tunnel is successful. Bring up the 2nd tunnel and it disconnects the first tunnel and both wont connect for awhile. Is there a reason why that would happen all of a sudden. I tried giving them their own Client ID PSK but no solution. Wasnt sure if its because they are both on the same WAN per-say and it confuses it. Paul - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org