Re: [pfSense Support] rsync install on pfsense
On 01/19/2011 05:45 PM, Jim Cheetham wrote: On 20/01/11 09:49, Andy Graybeal wrote: I'm wondering if I can install rsync onto my pfsense. Yes, you can ... but I don't think you should. I would like to rsync some files from a protected network up to the firewall, and send them over to my backup system which will eventually archive that data to tape. Why not send them directly from the protected network to the backup system? Why stage the files on your firewall? Is this possible? and is it safe? or is this a terrible idea? Possible; yes. Safe; depends on your definition of safe. I wouldn't store any sensitive data on a network device; especially the one closest to the untrusted Internet. Terrible idea; well, perhaps not if you have very restricted hardware available ... but I would prefer to just allow direct communication to the backup machine. -jim Jim, Thank you for your kind comments. I'll be following what you said. I need to rethink my strategy. -Andy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
hi all, i wrote about this issue in late december, and now having downloaded the latest snapshot, it still persists: i have an issue with 2 pfsense machines each running 2.0 beta 5: all of the x509 stuff is fine, and i have a two-way tunnel between two distant subnets [client=172.16.32.0/24 - server=172.16.8.0/24]. this problem that i'm facing is the client side -- it insists on using the ip address from the address pool rather than the than the subnet ip. when a server side machine pings a client side machine it uses its address of 172.16.8.1 as expected. when a client side machine (172.16.32.1) pings a server side machine, it uses the 10.8.0.2 address. if i use a 1.23 client (ceteris paribus), all works as expected. i've just no clue -- i've tried everything. anyone have some hints? thanks m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SquidGuard blocking all blogspot sites
On 19 January 2011 08:44, Shali K.R. sh...@vidyaacademy.ac.in wrote: How can i rebuild the squidGuard DB??? Familiarise your self with squidGuard and how it works, it has many more options than those offered by the pfSense GUI, http://www.squidguard.org/index.html Off the top of my head, to rebuild the db I think its; squidGuard -C all To rebuild all categories, which may take some times depending on the speed of your box and the size of your BD. -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Unable to reach web gui over vpn
After changing the web password I can not log into the pfsense over vpn tunnel. Can log in from network though. Odd, any ideas Pfsense 1.2.3 Thanks, Paul
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
did you specified remote client subnet in the client CCD ? (with iroute?) On 11-01-20 01:05 PM, mayak-cq wrote: hi all, i wrote about this issue in late december, and now having downloaded the latest snapshot, it still persists: i have an issue with 2 pfsense machines each running 2.0 beta 5: all of the x509 stuff is fine, and i have a two-way tunnel between two distant subnets [client=172.16.32.0/24- server=172.16.8.0/24]. this problem that i'm facing is the client side -- it insists on using the ip address from the address pool rather than the than the subnet ip. when a server side machine pings a client side machine it uses its address of 172.16.8.1 as expected. when a client side machine (172.16.32.1) pings a server side machine, it uses the 10.8.0.2 address. if i use a 1.23 client (ceteris paribus), all works as expected. i've just no clue -- i've tried everything. anyone have some hints? thanks m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- *Francois-Alexandre St-Onge Aubut* *IDS* micronet Téléphonie IP pour les affaires. Téléphone : (418) 725-4425 #205 Sans frais : 1 888 581 VoIP (8647) Télécopieur : (418) 725-2568 Courriel : fst-o...@idsmicronet.com Visitez notre site Web : www.idsmicronet.com http://www.idsmicronet.com Suivez-nous sur Twitter http://www.twitter.com/idsmicronet !
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler cbuech...@gmail.com wrote: On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, i wrote about this issue in late december, and now having downloaded the latest snapshot, it still persists: i have an issue with 2 pfsense machines each running 2.0 beta 5: all of the x509 stuff is fine, and i have a two-way tunnel between two distant subnets [client=172.16.32.0/24 - server=172.16.8.0/24]. this problem that i'm facing is the client side -- it insists on using the ip address from the address pool rather than the than the subnet ip. when a server side machine pings a client side machine it uses its address of 172.16.8.1 as expected. when a client side machine (172.16.32.1) pings a server side machine, it uses the 10.8.0.2 address. if i use a 1.23 client (ceteris paribus), all works as expected. i've just no clue -- i've tried everything. anyone have some hints? http://redmine.pfsense.org/issues/1216 you can work around with manual outbound NAT. Actually that may not be exactly right - I have my tun interfaces assigned where I'm seeing that. Is your tun interface assigned under Interfacesassign? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, i wrote about this issue in late december, and now having downloaded the latest snapshot, it still persists: i have an issue with 2 pfsense machines each running 2.0 beta 5: all of the x509 stuff is fine, and i have a two-way tunnel between two distant subnets [client=172.16.32.0/24 - server=172.16.8.0/24]. this problem that i'm facing is the client side -- it insists on using the ip address from the address pool rather than the than the subnet ip. when a server side machine pings a client side machine it uses its address of 172.16.8.1 as expected. when a client side machine (172.16.32.1) pings a server side machine, it uses the 10.8.0.2 address. if i use a 1.23 client (ceteris paribus), all works as expected. i've just no clue -- i've tried everything. anyone have some hints? http://redmine.pfsense.org/issues/1216 you can work around with manual outbound NAT. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler cbuech...@gmail.com wrote: On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, snip Actually that may not be exactly right - I have my tun interfaces assigned where I'm seeing that. Is your tun interface assigned under Interfacesassign? Good Day My Lord, Yes -- openvpn has an interface declared on the server side :-) Cheers M
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq ma...@australsat.com wrote: On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler cbuech...@gmail.com wrote: On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, snip Actually that may not be exactly right - I have my tun interfaces assigned where I'm seeing that. Is your tun interface assigned under Interfacesassign? Good Day My Lord, Yes -- openvpn has an interface declared on the server side :-) What about the client side? Server side doesn't matter. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, 2011-01-20 at 15:13 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq ma...@australsat.com wrote: On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler cbuech...@gmail.com wrote: On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, snip Actually that may not be exactly right - I have my tun interfaces assigned where I'm seeing that. Is your tun interface assigned under Interfacesassign? Good Day My Lord, Yes -- openvpn has an interface declared on the server side :-) What about the client side? Server side doesn't matter. Thanks Again My Lord! So -- the client machine is a vanilla clone of a 1.23 install -- only custom arguments on client are: ns-cert-type server; verb 4 Which (in theory) shouldn't cause the server to NAT the pool address ... Cheers M - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, Jan 20, 2011 at 3:42 PM, mayak-cq ma...@australsat.com wrote: On Thu, 2011-01-20 at 15:13 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq ma...@australsat.com wrote: On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler cbuech...@gmail.com wrote: On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, snip Actually that may not be exactly right - I have my tun interfaces assigned where I'm seeing that. Is your tun interface assigned under Interfacesassign? Good Day My Lord, Yes -- openvpn has an interface declared on the server side :-) What about the client side? Server side doesn't matter. Thanks Again My Lord! So -- the client machine is a vanilla clone of a 1.23 install -- only custom arguments on client are: ns-cert-type server; verb 4 Which (in theory) shouldn't cause the server to NAT the pool address ... You're not answering my question, is the tun interface assigned under Interfacesassign on the client? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, 2011-01-20 at 15:45 -0500, Chris Buechler wrote: snip You're not answering my question, is the tun interface assigned under Interfacesassign on the client? ooops -- sorry -- yes it is. thanks m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, 2011-01-20 at 15:45 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 3:42 PM, mayak-cq ma...@australsat.com wrote: On Thu, 2011-01-20 at 15:13 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 3:07 PM, mayak-cq ma...@australsat.com wrote: On Thu, 2011-01-20 at 14:55 -0500, Chris Buechler wrote: On Thu, Jan 20, 2011 at 2:51 PM, Chris Buechler cbuech...@gmail.com wrote: On Thu, Jan 20, 2011 at 1:05 PM, mayak-cq ma...@australsat.com wrote: hi all, snip Actually that may not be exactly right - I have my tun interfaces assigned where I'm seeing that. Is your tun interface assigned under Interfacesassign? Good Day My Lord, Yes -- openvpn has an interface declared on the server side :-) What about the client side? Server side doesn't matter. Thanks Again My Lord! So -- the client machine is a vanilla clone of a 1.23 install -- only custom arguments on client are: ns-cert-type server; verb 4 Which (in theory) shouldn't cause the server to NAT the pool address ... You're not answering my question, is the tun interface assigned under Interfacesassign on the client? My Lord, You're a genius! Nuking the the interface declaration solves it!! Intermediate solution yes, but a solution nonetheless! Thanks M - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, Jan 20, 2011 at 3:54 PM, mayak-cq ma...@australsat.com wrote: ooops -- sorry -- yes it is. Thank you, I corrected the ticket to the exact scenario. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
On Thu, Jan 20, 2011 at 4:09 PM, mayak-cq ma...@australsat.com wrote: My Lord, You're a genius! Nuking the the interface declaration solves it!! Intermediate solution yes, but a solution nonetheless! Amen! Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] openvpn: client side uses address pool ip rather than subnet ip
Thank you, I corrected the ticket to the exact scenario. Scott, From pfSense's pov, what happens in this exact scenario when you assign the tun device to an interface? I followed this thread closely as I have a similar issue plaguing me that I am unable to resolve as of yet... Thanks, jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1:1 NAT Entry issue - Bug or mistake?
pfSense 2.0-BETA5 (i386) built on Wed Jan 19 12:45:14 EST 2011 When I try to use an alias in the Internal IP field (suppose the alias was ) I receive the following error upon saving (or trying to save): The following input errors were detected: is not a valid internal IP address I know in 2.0 you could not use aliases in the 1:1 fields, but in this version the boxes are RED, implying that aliases are allowed. I don't know if this is a bug or just a mistake (in formatting the fields RED) but in any event it looks like something needs to be fixed or changed. I did not try using an Alias in the External Subnet IP field, although it is RED also. Anyone else see this? Dimitri Rodis http://www.integritasystems.com
Re: [pfSense Support] 1:1 NAT Entry issue - Bug or mistake?
On Thu, Jan 20, 2011 at 9:28 PM, Dimitri Rodis dimit...@integritasystems.com wrote: pfSense 2.0-BETA5 (i386) built on Wed Jan 19 12:45:14 EST 2011 When I try to use an alias in the Internal IP field (suppose the alias was ) I receive the following error upon saving (or trying to save): The following input errors were detected: is not a valid internal IP address I know in 2.0 you could not use aliases in the 1:1 fields, but in this version the boxes are RED, implying that aliases are allowed. I don’t know if this is a bug or just a mistake (in formatting the fields RED) but in any event it looks like something needs to be fixed or changed. I did not try using an Alias in the External Subnet IP field, although it is RED also. That's correct, the fields shouldn't be red though, I just fixed that. Aliases aren't supported in binat in pf. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] 1:1 NAT Entry issue - Bug or mistake?
On Thu, Jan 20, 2011 at 9:28 PM, Dimitri Rodis dimit...@integritasystems.com wrote: pfSense 2.0-BETA5 (i386) built on Wed Jan 19 12:45:14 EST 2011 When I try to use an alias in the Internal IP field (suppose the alias was ) I receive the following error upon saving (or trying to save): The following input errors were detected: is not a valid internal IP address I know in 2.0 you could not use aliases in the 1:1 fields, but in this version the boxes are RED, implying that aliases are allowed. I don't know if this is a bug or just a mistake (in formatting the fields RED) but in any event it looks like something needs to be fixed or changed. I did not try using an Alias in the External Subnet IP field, although it is RED also. That's correct, the fields shouldn't be red though, I just fixed that. Aliases aren't supported in binat in pf. Even if binat doesn't support them, they could theoretically be resolved via code prior to updating the rulesin 2.1 :) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org