Re: [pfSense Support] IPSEC VPN Multiple Subnets
On 05/27/2010 10:10 AM, Abdulrehman wrote: What authentication mode are you using...is it Pre-Shared Key...?Well if it is..then dont re-use the same key...Use different key for every tunnel. It will work with the same key, no need for different keys. I have ipsec with three tunnels for three different subnets using the same key. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] About RB44GV 4-Port Gigabit Ethernet Adapter
Koray AGAYA wrote: I want use RB44GV 4-Port Gigabit Ethernet Adapter. is it works on Pfsense 1.2.2 ? Can you try this card ? It's important for me ! STFW. http://www.rasyid.net/2008/08/17/detect-rb44gv-on-freebsd-7/ Btw, what use has a 4 port gigabit ethernet on the PCI bus? Simple calculation shows that you are never able to use it at 4xGb speed. I'm having slower version of that card (RB44) working with pfsense 1.2.2. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Triple CARP setup
How should I configure pfsync if I want to use three machines? ## Synchronize to IP Enter the IP address of the firewall you are synchronizing with. ## Should I list there all IP-s I want to sync to? Separated by commas or spaces? -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] A note about top vs bottom posting -- please read and make sure you bottom post on our lists. Thank you.
This is a good example, why bottom-posting sucks... Why do i need to scroll past all previous teks i read just few seconds ago, following that thread? If i need to read it, then i could scroll down, but rarely there is need for that. -- Veiko iggd...@gmail.com wrote: On Wed, Jul 29, 2009 at 1:33 PM, Curtis LaMasters curtislamast...@gmail.com mailto:curtislamast...@gmail.com wrote: And I think the point is being missed. WHY WAS MY MESSAGE VIEWED AS TOP POSTED. Ok, I committed my internet crime of YELLING in caps for the day. In Gmail, is there a proper way to not top post? Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Jul 29, 2009 at 12:28 PM, David Burgessapt@gmail.com mailto:apt@gmail.com wrote: On Wed, Jul 29, 2009 at 11:25 AM, Curtis LaMasterscurtislamast...@gmail.com mailto:curtislamast...@gmail.com wrote: Thanks Scott. I know what top posting is...I just don't know why you think I did. I hit reply, type my message and go forth. Didn't think it needed to be any harder than that. It can be a lot harder than that. It's effectively illustrated in the links that Scott provided. A little effort in replying can save a lot of wasted effort in trying to bring oneself up to speed or refresh one's memory on a long thread. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org flick the scroll wheel to get to the bottom of the post basically. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN with Fail Over
Chris Buechler wrote: Works fine, I've setup a number of boxes like that. You have something setup wrong. Like what? What is your exact setup like? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN with Fail Over
Robert Mortimer wrote: If you have two PF machines (One for each ADSL) you can use CARP to get the failover you require. No, with two identical machines, using CARP for hardware failover, the dual WAN failover does not work with pfsense. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN with Fail Over
Alexsander Loula wrote: Hi Folks, I have 2 WAN's (WAN1 - production and WAN2 - backup) and I need to set them as fail over (when WAN1 goes down WAN2 takes the traffic and when WAN1 goes up again it will takes the traffic). Both are DHCP. Do you have dual router setup or are those WAN's connected to the same machine? If you have dual router setup, then WAN failover won't work for you. I have tested it extensively with no luck of any combination. Single machile dual WAN failover works. veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Packets get lost inside router
Hi, I have dual router configuration, 1 lan, 3 wan, 2 isp-s. port 25 is forwarded to email server in lan network. Default route is wan1. When i try to telnet from lan to wan2 port 25, i get no connection, but i can ping wan2 from lan. Telnet to wan1 and wan2 from outside works perfectly. What might be the problem? Where do the packets get lost? --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Does anybody have working dual wan failover with pfsense?
Veiko Kukk wrote: Bill Marquette wrote: Or your missing something, I think is the correct statement. I my previous e-mail today i got it working without carp, when I added 3 carp interfaces (I have two identical servers because I need hardware failover too.): LAN - carp0 WAN - carp1 OPT1 - carp2 During failover testing I found out that: If LAN, WAN or OPT1 was unplugged from only one server, everything worked fine. Now, when unplugging the WAN cable from second server too, (imitating hardware failover with WAN failover), then WAN link is marked down almost immediately on second router, but no wan failover occurs. Web interface and log file are showing that WAN links on both routers are down and OPT1 links are up. carp1 is in INIT state on both machines, carp0 and carp2 are masters on slave router (the one whose WAN cable was removed later). No traffic from LAN is forwarded through OPT1 :( What might be wrong? Any ideas, anybody? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Does anybody have working dual wan failover with pfsense?
Bill Marquette wrote: Setup a load balancer entry with an active node and a failover node. As I previously said, I dont want load balancing, I only need failover. If wan fails then opt1 is used until wan returns. As simple as that. How to configure pfsense to accomplish that? Currently I'm having one failover pool (Type: Gateway; Behavior: Failover): wan|wan gateway opt1|opt1 gateway Use that entry as your gateway in your rules. I have one firewall rule for LAN to accept all traffic from one host in LAN and gateway is that pool. It's really not rocket science. I'm still unable to get packages list in pfsense web interface, thought I'm able to ping outside world from that one LAN host. When I ping google.ee from command line, I get: # ping google.ee PING google.ee (64.233.161.104): 56 data bytes ping: sendto: No buffer space available ping: sendto: No buffer space available ... If the WAN connection is up, I'm able to get packages list and ping from command line. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] adding carp in firewall cluster
Paul Mansfield wrote: I note that when I add a new carp interface on the master, when it gets replicated to slave, the carp status page on the slave has a blank field in the carp interface column of the table. is this a known bug? does it matter, or should I reboot slave? I was reconfiguring my routers today and encountered that bug myself too. Stop carp/Start carp on slave helped to get correct status information on slave. What causes that bug, I have no idea... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Does anybody have working dual wan failover with pfsense?
Bill Marquette wrote: Or your missing something, I think is the correct statement. I my previous e-mail today i got it working without carp, when I added 3 carp interfaces (I have two identical servers because I need hardware failover too.): LAN - carp0 WAN - carp1 OPT1 - carp2 During failover testing I found out that: If LAN, WAN or OPT1 was unplugged from only one server, everything worked fine. Now, when unplugging the WAN cable from second server too, (imitating hardware failover with WAN failover), then WAN link is marked down almost immediately on second router, but no wan failover occurs. Web interface and log file are showing that WAN links on both routers are down and OPT1 links are up. carp1 is in INIT state on both machines, carp0 and carp2 are masters on slave router (the one whose WAN cable was removed later). No traffic from LAN is forwarded through OPT1 :( What might be wrong? --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Does anybody have working dual wan failover with pfsense?
Hi! I have tried everything i can imagine with no luck - upgraded to 1.2.1 (1.2.0 didnt work), made clean install and new configuration manually, reading every dual wan document from wiki and forums, configured only one router wih no carp interfaces... Dual wan failover is just not working. Please, dont advertise non-working features... I guess I have to drop the idea of wan failover with pfsense. --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Does anybody have working dual wan failover with pfsense?
Erwan David wrote: It works great for me, in 1.2.1 Do you have also load sharing or only failover? How are your failover pools configured? --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] adding carp in firewall cluster
Paul Mansfield wrote: I just wanted to be certain that a reboot wasn't needed, it doesn't *seem* to matter. My guess is that it's a display bug, not a functional bug? Check the output of ifconfig to see the real state of carp interfaces. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Does anybody have working dual wan failover with pfsense?
Erwan David wrote: On Mon, Jan 12, 2009 at 11:30:44AM CET, Veiko Kukk veiko.k...@krediidipank.ee said: Do you have also load sharing or only failover? How are your failover pools configured? --- Veiko I have both. 2 links, Wan and opt1 interfaces. I got it working the same way (with load balancer), but I'm not interested in load balancing/sharing), I only need failover. Simple dual wan faileover is not working or I'm missing something about configuration. Even with load balancer, pfsense itself could not connnect if WAN interface internet connection is down, tested it with package manager and ping from command line. From LAN it's possible to connect when wan failover is configured with load balancer. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN failover not working
Veiko Kukk wrote: Hi! I have dual pfsense 1.2.1, LAN interface, WAN and OPT1, last two are different ISP's. I have configured 3 carp interfaces and gateway failover for load balancer. I only need failover, not load balancing. Tried with one and two failover pools with no success. When WAN isp is disconnected, no switching to OPT1 isop occurs, thought i can see in logs that OPT1 is considered working: slbd[23449]: ICMP poll succeeded for xxx.xxx.115.18, marking service UP and the same is indicated by web interface Online as well. Still no traffic goes out through OPT1!? I hope somebody can help me with this, as I understand there must be people who have similar and working setup and pfsense should have that ability. Please, somebody confirm this bug or help me solve possible misconfiguration, I really need to have wan failover. --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
Chris Buechler wrote: Yeah, 1.2.2 is coming sometime this week to fix that and 3 other things that have been fixed since 1.2.1. Ok, I have one additional bug (at least I'm considering that as bug). When creating port forwarding and also adding automatically apporpriate firewall rules and then deleting that port forward rule, the firewall rules are not deleted. I see that as possible security problem. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Dual WAN failover not working
Hi! I have dual pfsense 1.2.1, LAN interface, WAN and OPT1, last two are different ISP's. I have configured 3 carp interfaces and gateway failover for load balancer. I only need failover, not load balancing. Tried with one and two failover pools with no success. When WAN isp is disconnected, no switching to OPT1 isop occurs, thought i can see in logs that OPT1 is considered working: slbd[23449]: ICMP poll succeeded for xxx.xxx.115.18, marking service UP and the same is indicated by web interface Online as well. Still no traffic goes out through OPT1!? I hope somebody can help me with this, as I understand there must be people who have similar and working setup and pfsense should have that ability. --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense 1.2.1 wizard bug
I reinstalled my two machines and on both times the initial setup wizard asked for wan IP-s, but did not save the address. Later, when checking WAN interface configuration, the IP address field was empty, but gateway was filled correctly. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] kernel: carp0: incorrect hash
Angelo Turetta wrote: You either: - have don't have the same IP/mask for the Virtual IP in all nodes - have reused the same vhid for more than one virtual IP - You Virtual IP/Mask don't match the subnet of the real if. Thank you, the last one was correct, somehow I had managed to use /32 for carp in the /24 network. I have multiwan setup - 2 pfsense machines and 2 ISP-s. I hoped I could use carp interface for wan link failover, but seems that only real network interfaces can configured for that purpose. I see it as a problem, breaking my carp. Am I right? How could I use carp interfaces for wan link failover? --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense and dynamic routing
Hi, I need to use BGP and/or OSPF with pfSense. How can I use those protocols? In web interface, I see only RIP. -- Veiko Kukk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and dynamic routing
Erwan David wrote: OpenBGPD is in the packages. Thank you, but is it stable enought (ALPHA)? Are there any plans to make Quagga package for pfSense? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 dude
Mikel Jimenez wrote: Hello Is secure to put pfsense 1.2.1 in production enviroment? Is the bge driver bug (blocking iLo shared NIC) solved? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
