[pfSense-discussion] Dual Pfsense setup 1 Network
My company has adjusted their setup from what we originallyinstalled. We setup a Dual WAN with failover configuration using pfsense. It worked very nicely. However, now they are looking at placing both in a single state setup. We are looking at setting up one pfsense system with each broadband connection. What I need to know is what is the best way to go about this internally? I am looking at setting up something similar to this. PF1 = interal IP 172.16.21.1 -- PF2 = internal IP 172.16.22.1 | | 172.16.21.2RouterIP 172.16.22.2 | | internal LANIP 192.168.21.1internal VOIPIP 192.168.22.1 | | LAN VOIP LAN I don't have a router running yet, but we are basically looking for the best way to set this up. There will be VPN access from both PF1 and PF2 internally to the LAN and VOIP networks. Nothing will sit in a DMZ, so I am basically looking at point to point. I need to have something internally which I can deal with failover and route all of my traffic through an external link which is good if the other is down. I am guessing I am going to need a decent router for this setup? Any suggestions would be welcome. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2
I am not certain I explained it correctly. The pfsense built in PPTP server answers correctly on the WAN address. But it doesn't answer at all on the WAN2 address, regardless of rules in the FW for that interface. I just wondered if it was a limitation of that PPTP server/setup. I am using a load balanced/failover setup and just wanted to make sure that was not an option if I have people asking me about it. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: DarkFoon [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Tue, 17 Oct 2006 20:19:31 -0700 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Seems to me that with PPTP (and other protocols) if the source IP address of packets sent to the client differs from the IP the client sends packets to, the PPTP software discards (as it should) the packets because they could be coming from an untrusted third-party. - Original Message - From: Heath Henderson [EMAIL PROTECTED] To: discussion@pfsense.com Sent: Tuesday, October 17, 2006 7:51 PM Subject: [pfSense-discussion] PPTP VPN on OPT1/WAN2 Does anyone know if there is a limitation to the PPTP VPN connection to only connect via WAN connection and not vai OPT1 or WAN2? I have a successful server running and can connect via WAN but times out whenever I try and hit the WAN2/OPT1 connection with the same setup. I checked all of my rules and they are identical. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
[pfSense-discussion] PPTP VPN works, but setup ?
Title: PPTP VPN works, but setup ? I have worked through the PPTP VPN setup and have it working as best I can tell from here. What I was curious about. Our setup has 1LAN, 2 WAN interfaces a, DMZ interface and a VOIP interface. (5 NICS) in the Pfsense box. What we have working internally right now. LAN-WAN/WAN2 works great (Load Balancer) LAN-VOIP works great LAN-DMZ (I think works, we havent put anything in there yet.) What is the interface I want to setup the PPTP server to use? Currently I have it on our DMZ interface, but for VOIP reasons I would like to put it over to that Network if possible. Does it matter as long as it uses a valid IP in one of those networks which the pfsense box knows about? Are there special Rules to setup for access from one network to another through the PPTP connection? I mean, if I have it enabled to go from the VOIP network to the LAN network, can I assume the pptp connection will do the same? Thanks Heath
[pfSense-discussion] VPN with ipsec setup question
Title: VPN with ipsec setup question We just opened a new building and I have been tasked with setting up a Load Balanced Firewall/Router OK, Pfsense fit the ticket there. Works like a charm. Havent been able to try the LB and Failover stuff just yet, because our DSL line isnt hooked up yet. Only Cable at this point. Kudos on this package. Now for the question. I have a few remote office users who need to have access to our internal Network and our Phone System. They travel, so Mobile VPN clients on their Laptops is what I am going to have to setup. My Question. What is involved in setting up an IPSEC vpn server (I saw the steps which I am going to work on going through). But, can I get a Client on both Windows and Mac OSX (maybe use the built in) to authenticate? How is this setup? Any pointers would be great. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 --
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
Raja Did you use any special setup with this? I am currently building a 4 Nic setup. 2 Broadband Connection, 1 DMZ and 1 LAN. Any pointers, I have to setup VOIP on this at some point. New to this setup, have worked with IPCOP in the past. This looks much stronger though. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Raja Subramanian [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Fri, 18 Aug 2006 00:02:08 +0530 To: discussion@pfsense.com Subject: [pfSense-discussion] source-hash and sticky-address in pf pools Hi, I have a pfSense box with 5 wan links, 1 wan and 1 dmz and the load balancing and policy based routing in pfSense is simply fantastic. The one missing feature that I would like to see, is the ability to specify the source-hash or sticky-address option in pf pools. With this, I would be able to load balance troublesome websites and protocols (eg. pptp) instead of pushing them all through the default gateway. I noticed that Bill M's pf sticky patches to slbd got included circa Beta2. Will we be able to use this feature anytime soon? - Raja
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
Thanks, I might hit you up for that script when I get to it. I have a DSL/Cable modem setup(2 WAN) 1 DMZ and 1 LAN. I am getting ready to setup. I haven't worked with this before, and the routing tables are a bit confusing the first time through. I think I have the basics though. Thanks for the information. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Raja Subramanian [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Fri, 18 Aug 2006 02:26:29 +0530 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] source-hash and sticky-address in pf pools On 8/18/06, Heath Henderson [EMAIL PROTECTED] wrote: Did you use any special setup with this? I'm using a stock RC2e box and my setup has been holding good since RC1. The only missing feature is that when a WAN link fails, the default gateway is not automatically changed. This causes things like dns forwarder, ftp-proxy, ntpd, etc to fail. I have a script that changes default route when wan fails. It's customized for my setup, so I don't know if you'll find it useful. Let me know if you want it. I am currently building a 4 Nic setup. 2 Broadband Connection, 1 DMZ and 1 LAN. Any pointers, I have to setup VOIP on this at some point. New to this setup, have worked with IPCOP in the past. This looks much stronger though. I've not tried traffic shaping yet. I don't know how well it works with multiple interfaces and such. I'm sure there are others on this list who can comment. I mucked around with Linux/IPTables before I settled on OpenBSD/pf. Now that I'm on pfSense I've never been happier. - Raja
