Re: [pfSense-discussion] Traffic Shaper wizard thoughts
On 3/21/06, Josh Stompro [EMAIL PROTECTED] wrote: I think this would be a great idea, I am also in this boat where I would like to shape on more than one interface. I realize it can be done manually, but it would be nice if the wizard took care of it. Is there any more documentation on pfsense's traffic shaping that what is listed in the monowall handbook? http://doc.m0n0.ch/handbook/trafficshaper.html I would like to limit the opt interface to 384kbits up/down and guarantee that a certain machine or machine's on the lan side get higher priority than anything else, for any traffic they send. Along with the Ack rules so that downloads don't kill latency. Since you can only shape traffic what is sent on an interface, the Wan queue has to deal with limiting traffic coming from opt1, which I don't understand how to do yet. The code to do this got backed out 9 months ago. It'll be put back in later after I get positive feedback on the current code. I'm tired of tracking down shaper bugs and trying to get the simple stuff we have working right (it should now, but I want to work on other stuff for a while - I'm kinda burnt out on it). --Bill
[pfSense-discussion] VPN questions
Hello all, my client wants himself and his franchisees to be able to securely access a fileserver (actually it's his workgroup-soon to be domain-server) behind the pfSense box and upload important data files to it. These clients are using laptops with wireless connections(3G access, not wi-fi, but possibly wi-fi too), or desktops at home behind little home firewall/routers with broadband internet. All are running windows XP Pro. pfSense offers me three kinds of VPN, as you all know: PPTP (about which I've read numerous articles citing security flaws in its authentications using MS-CHAP), IPSec is for site-to-site (and impossibly to set up under windows, because all methods I've reasearched require a static IP on the windows computer, and 3G doesn't offer static IPs), and finally OpenVPN which is experimental and messes up the OPTx interfaces (of which this pfSense box has 4). I would like to give Stunnel a try, but the package doesn't install on pfSense (despite saying that it's stable). So as you can see, I've got a bit of a problem. If there is an easier way to set up IPSec on a mobile windows client, I'd love to hear it. If there's a way to secure PPTP (other than upgrading the PPTP server in pfSense which, I have been told, will not be done) I'm all ears. If OpenVPN is more stable than the warning on its config pages makes it sound, let me know. I'm out of ideas. Thank you all A Rossi
Re: [pfSense-discussion] Traffic Shaper wizard thoughts
Understood. Next month I'll have some free time and will try to sit down and chew through it myself to understand better. Appreciate all your work as-is! RB On 3/26/06, Bill Marquette [EMAIL PROTECTED] wrote: On 3/21/06, Josh Stompro [EMAIL PROTECTED] wrote: I think this would be a great idea, I am also in this boat where I would like to shape on more than one interface. I realize it can be done manually, but it would be nice if the wizard took care of it. Is there any more documentation on pfsense's traffic shaping that what is listed in the monowall handbook? http://doc.m0n0.ch/handbook/trafficshaper.html I would like to limit the opt interface to 384kbits up/down and guarantee that a certain machine or machine's on the lan side get higher priority than anything else, for any traffic they send. Along with the Ack rules so that downloads don't kill latency. Since you can only shape traffic what is sent on an interface, the Wan queue has to deal with limiting traffic coming from opt1, which I don't understand how to do yet. The code to do this got backed out 9 months ago. It'll be put back in later after I get positive feedback on the current code. I'm tired of tracking down shaper bugs and trying to get the simple stuff we have working right (it should now, but I want to work on other stuff for a while - I'm kinda burnt out on it). --Bill
