[pfSense] excellent article about Anycast

2012-12-19 Thread Michael Schuh 
Hi @list,

i stumbled over a excellent article about Anycast.
What it is, how to apply it.

http://ignore-your.tv/?p=54559

hope some others find the article helpful and interesting.

cheers

M.

-- 
= = =  http://michael-schuh.net/  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] update from 2.0.1 to 2.1 HEAD

2012-12-19 Thread Chris Bagnall 

On 12/12/12 10:09 pm, David Burgess wrote:

Good news:
http://forum.pfsense.org/index.php/topic,48256.msg302923.html#msg302923
I haven't tried it myself yet.


A quick follow up on this. Having updated my home pfSense to the latest 
2.1-beta1 snapshot this evening, I can confirm the long delay when 
changing page/saving settings in the WebGUI on embedded does indeed seem 
to have been resolved.


Still a bit tempramental with 128MB RAM, but such is the price of 
progress, I suspect :-)


Thanks to all involved!

Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread bruno.deb...@cyberoso.com 
Ok, then no firewall rules forcing gateway, so let's try something else.

Did you configure iroute ?
http://openvpn.net/index.php/open-source/documentation/howto.html#scope
Read : Including multiple machines on the client side when using a
routed VPN

It might work :-p


Le Wed, 19 Dec 2012 15:19:25 +0100,
Cristian Del Carlo  a écrit :

> Hi,
> 
> Thanks for your help.
> 
> Even in LAN i have :
> My firewall rules  are  in both pfsense:
> Action: Pass
> Interface : LAN
> Protocol: Any
> Source: Any
> Destionation: Any
> 
> If i ping the tunnel from a client seem ok:
> 
> ping 10.0.8.1 --> Ok
> ping 10.8.8.2 --> OK
> ping 192.168.8.X --> 100% packet loss
> 
> Thanks.
> 
> 2012/12/19 WolfSec-Support :
> > may there are any fw rules there in LAN interface with similar
> > IP's/networks ?
> > some used this under 1.2.x and after upgrading to 2.x this caused
> > issues.
> >
> > onto routing:
> >
> > looks good
> >
> > here a similar setup of mine / 1 side:
> >
> > 192.168.253.13 link#13 UH 0 0 1500 ovpnc1
> > 192.168.253.14 link#13 UHS 0 0 16384 lo0
> > 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
> > ovpnc1
> > 192.168.242.0/24 link#1 U 0 1191195015 1500
> > vr0
> >
> > rgds
> > stephan
> >
> >
> >
> >
> > 2012/12/19 Cristian Del Carlo 
> >>
> >> Hi,
> >>
> >> thanks for your help.
> >>
> >> My firewall rules  are  in both pfsense:
> >> Action: Pass
> >> Interface : Openvpn
> >> Protocol: Any
> >> Source: Any
> >> Destionation: Any
> >>
> >> This are my routing from firewall ( without public ip ):
> >>
> >> pfsense 1 - client:
> >> 10.0.8.1   link#10UH  0   15 ovpnc2
> >> 10.0.8.2   link#10UHS 00lo0
> >> 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
> >> 192.168.9.0/24 link#2 U   0 37598040em1
> >>
> >> pfsense 2 - server:
> >> 10.0.8.1   link#9 UHS 00lo0
> >> 10.0.8.2   link#9 UH  0   72 ovpns1
> >> 192.168.8.0/24 link#2 U   0   229122em1
> >> 192.168.8.1link#2 UHS 00lo0
> >> 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
> >>
> >> Could be a routing problem?
> >>
> >>
> >> 2012/12/19 WolfSec-Support :
> >> > Hi,
> >> >
> >> > do you have special rules in VPN tunnel ?
> >> > make sure to open OpenVPN ruleset as necessary
> >> >
> >> > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
> >> >
> >> > but per default normally tunnel is open any<>any
> >> >
> >> > br
> >> > stephan
> >> >
> >> >
> >> > ___
> >> > List mailing list
> >> > List@lists.pfsense.org
> >> > http://lists.pfsense.org/mailman/listinfo/list
> >> >
> >>
> >>
> >>
> >> --
> >> 
> >>
> >> Cristian Del Carlo
> >>
> >> Il testo e gli eventuali documenti trasmessi contengono
> >> informazioni riservate al destinatario indicato. La seguente
> >> e-mail è confidenziale e la sua riservatezza è tutelata legalmente
> >> dal Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della
> >> privacy). La lettura, copia o altro uso non autorizzato o
> >> qualsiasi altra azione derivante dalla conoscenza di queste
> >> informazioni sono rigorosamente vietate. Qualora abbiate ricevuto
> >> questo documento per errore siete cortesemente pregati di darne
> >> immediata comunicazione al mittente e di provvedere,
> >> immediatamente, alla sua distruzione.
> >>
> >> 
> >> ___
> >> List mailing list
> >> List@lists.pfsense.org
> >> http://lists.pfsense.org/mailman/listinfo/list
> >
> >
> >
> >
> > --
> >
> > Stephan Wolf
> >
> > WolfSec
> > Rairing 65
> > CH-8108 Dällikon
> >
> > +41 43 536 1191
> > +41 76 566 8222
> > http://www.wolfsec.ch
> > ___
> > List mailing list
> > List@lists.pfsense.org
> > http://lists.pfsense.org/mailman/listinfo/list
> >
> 
> 
> 
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread WolfSec-Support 
and the clients on each side can reach internet trough their local pfsense ?

so GW info etc is ok ?

sometimes it's simply a typo etc in mask/gw etc

generally your setup seems to be fine

rgds
stephan


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread Cristian Del Carlo 
My tunnel is up.

>From a client i can ping the tunnel interfaces of my vpn but i can't'
reach the other network.

# ping 10.0.8.1 -> ok
# ping 10.0.8.2 -> ok
# ping 192.168.8.10 -> 100% packet lost

>From both firewall i can ping all the networks:
# ping 192.168.8.10 -> Ok
# ping 10.0.8.1 -> ok
# ping 10.0.8.2 -> ok
# ping 192.168.9.10 -> Ok

The problem seems to be only from the network to reach the other one.

Thanks for your help!

2012/12/19 WolfSec-Support :
> to make sure:
> - is tunnel up ?
> - can you ping from one pfsense the lan ip of the other one ?
>
> brgds
>
> stephan
>
>
> 2012/12/19 Cristian Del Carlo 
>>
>> Sorry i don't understand,
>>
>> in my case i have only a WAN so wich type of rule i need?
>>
>> I need to force the packets to my tunnel network over the vpn even if
>> my routing tables seem ok?
>>
>> My routing tables:
>>
>> 10.0.8.1   link#10UH  08 ovpnc2
>> 10.0.8.2   link#10UHS 00lo0
>> 192.168.8.0/24 10.0.8.1   UGS 0   55 ovpnc2
>> 192.168.9.0/24 link#2 U   0 38437351em1
>>
>> Thanks,
>>
>> 2012/12/19 bruno.deb...@cyberoso.com :
>> > Hello,
>> >
>> > You might need a firewall rule for the remote network in your lan rules
>> > to force traffic to follow normal routing.
>> >
>> > In my case (2 WANs), I have a rule defining the defaut gateway for lan
>> > traffic. To permit the traffic to remote vpn site, I have to add a rule
>> > earlier for the remote network with no gateway so it will follow
>> > normal routing.
>> >
>> > My 2 cents...
>> >
>> >
>> > Le Wed, 19 Dec 2012 14:39:36 +0100,
>> > WolfSec-Support  a écrit :
>> >
>> >> may there are any fw rules there in LAN interface with similar
>> >> IP's/networks ?
>> >> some used this under 1.2.x and after upgrading to 2.x this caused
>> >> issues.
>> >>
>> >> onto routing:
>> >>
>> >> looks good
>> >>
>> >> here a similar setup of mine / 1 side:
>> >>
>> >> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1
>> >> 192.168.253.14 link#13 UHS 0 0 16384 lo0
>> >> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
>> >> ovpnc1
>> >> 192.168.242.0/24 link#1 U 0 1191195015 1500
>> >> vr0
>> >>
>> >>
>> >> rgds
>> >> stephan
>> >>
>> >>
>> >>
>> >> 2012/12/19 Cristian Del Carlo 
>> >>
>> >> > Hi,
>> >> >
>> >> > thanks for your help.
>> >> >
>> >> > My firewall rules  are  in both pfsense:
>> >> > Action: Pass
>> >> > Interface : Openvpn
>> >> > Protocol: Any
>> >> > Source: Any
>> >> > Destionation: Any
>> >> >
>> >> > This are my routing from firewall ( without public ip ):
>> >> >
>> >> > pfsense 1 - client:
>> >> > 10.0.8.1   link#10UH  0   15 ovpnc2
>> >> > 10.0.8.2   link#10UHS 00lo0
>> >> > 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
>> >> > 192.168.9.0/24 link#2 U   0 37598040em1
>> >> >
>> >> > pfsense 2 - server:
>> >> > 10.0.8.1   link#9 UHS 00lo0
>> >> > 10.0.8.2   link#9 UH  0   72 ovpns1
>> >> > 192.168.8.0/24 link#2 U   0   229122em1
>> >> > 192.168.8.1link#2 UHS 00lo0
>> >> > 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
>> >> >
>> >> > Could be a routing problem?
>> >> >
>> >> >
>> >> > 2012/12/19 WolfSec-Support :
>> >> > > Hi,
>> >> > >
>> >> > > do you have special rules in VPN tunnel ?
>> >> > > make sure to open OpenVPN ruleset as necessary
>> >> > >
>> >> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>> >> > >
>> >> > > but per default normally tunnel is open any<>any
>> >> > >
>> >> > > br
>> >> > > stephan
>> >> > >
>> >> > >
>> >> > > ___
>> >> > > List mailing list
>> >> > > List@lists.pfsense.org
>> >> > > http://lists.pfsense.org/mailman/listinfo/list
>> >> > >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > 
>> >> >
>> >> > Cristian Del Carlo
>> >> >
>> >> > Il testo e gli eventuali documenti trasmessi contengono informazioni
>> >> > riservate al destinatario indicato. La seguente e-mail è
>> >> > confidenziale e la sua riservatezza è tutelata legalmente dal
>> >> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della
>> >> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi
>> >> > altra azione derivante dalla conoscenza di queste informazioni sono
>> >> > rigorosamente vietate. Qualora abbiate ricevuto questo documento
>> >> > per errore siete cortesemente pregati di darne immediata
>> >> > comunicazione al mittente e di provvedere, immediatamente, alla sua
>> >> > distruzione.
>> >> >
>> >> > 
>> >> > __

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread WolfSec-Support 
to make sure:
- is tunnel up ?
- can you ping from one pfsense the lan ip of the other one ?

brgds
stephan


2012/12/19 Cristian Del Carlo 

> Sorry i don't understand,
>
> in my case i have only a WAN so wich type of rule i need?
>
> I need to force the packets to my tunnel network over the vpn even if
> my routing tables seem ok?
>
> My routing tables:
>
> 10.0.8.1   link#10UH  08 ovpnc2
> 10.0.8.2   link#10UHS 00lo0
> 192.168.8.0/24 10.0.8.1   UGS 0   55 ovpnc2
> 192.168.9.0/24 link#2 U   0 38437351em1
>
> Thanks,
>
> 2012/12/19 bruno.deb...@cyberoso.com :
> > Hello,
> >
> > You might need a firewall rule for the remote network in your lan rules
> > to force traffic to follow normal routing.
> >
> > In my case (2 WANs), I have a rule defining the defaut gateway for lan
> > traffic. To permit the traffic to remote vpn site, I have to add a rule
> > earlier for the remote network with no gateway so it will follow
> > normal routing.
> >
> > My 2 cents...
> >
> >
> > Le Wed, 19 Dec 2012 14:39:36 +0100,
> > WolfSec-Support  a écrit :
> >
> >> may there are any fw rules there in LAN interface with similar
> >> IP's/networks ?
> >> some used this under 1.2.x and after upgrading to 2.x this caused
> >> issues.
> >>
> >> onto routing:
> >>
> >> looks good
> >>
> >> here a similar setup of mine / 1 side:
> >>
> >> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1
> >> 192.168.253.14 link#13 UHS 0 0 16384 lo0
> >> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
> >> ovpnc1
> >> 192.168.242.0/24 link#1 U 0 1191195015 1500
> >> vr0
> >>
> >>
> >> rgds
> >> stephan
> >>
> >>
> >>
> >> 2012/12/19 Cristian Del Carlo 
> >>
> >> > Hi,
> >> >
> >> > thanks for your help.
> >> >
> >> > My firewall rules  are  in both pfsense:
> >> > Action: Pass
> >> > Interface : Openvpn
> >> > Protocol: Any
> >> > Source: Any
> >> > Destionation: Any
> >> >
> >> > This are my routing from firewall ( without public ip ):
> >> >
> >> > pfsense 1 - client:
> >> > 10.0.8.1   link#10UH  0   15 ovpnc2
> >> > 10.0.8.2   link#10UHS 00lo0
> >> > 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
> >> > 192.168.9.0/24 link#2 U   0 37598040em1
> >> >
> >> > pfsense 2 - server:
> >> > 10.0.8.1   link#9 UHS 00lo0
> >> > 10.0.8.2   link#9 UH  0   72 ovpns1
> >> > 192.168.8.0/24 link#2 U   0   229122em1
> >> > 192.168.8.1link#2 UHS 00lo0
> >> > 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
> >> >
> >> > Could be a routing problem?
> >> >
> >> >
> >> > 2012/12/19 WolfSec-Support :
> >> > > Hi,
> >> > >
> >> > > do you have special rules in VPN tunnel ?
> >> > > make sure to open OpenVPN ruleset as necessary
> >> > >
> >> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
> >> > >
> >> > > but per default normally tunnel is open any<>any
> >> > >
> >> > > br
> >> > > stephan
> >> > >
> >> > >
> >> > > ___
> >> > > List mailing list
> >> > > List@lists.pfsense.org
> >> > > http://lists.pfsense.org/mailman/listinfo/list
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > 
> >> >
> >> > Cristian Del Carlo
> >> >
> >> > Il testo e gli eventuali documenti trasmessi contengono informazioni
> >> > riservate al destinatario indicato. La seguente e-mail è
> >> > confidenziale e la sua riservatezza è tutelata legalmente dal
> >> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della
> >> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi
> >> > altra azione derivante dalla conoscenza di queste informazioni sono
> >> > rigorosamente vietate. Qualora abbiate ricevuto questo documento
> >> > per errore siete cortesemente pregati di darne immediata
> >> > comunicazione al mittente e di provvedere, immediatamente, alla sua
> >> > distruzione.
> >> >
> >> > 
> >> > ___
> >> > List mailing list
> >> > List@lists.pfsense.org
> >> > http://lists.pfsense.org/mailman/listinfo/list
> >> >
> >>
> >>
> >>
> > ___
> > List mailing list
> > List@lists.pfsense.org
> > http://lists.pfsense.org/mailman/listinfo/list
>
>
>
> --
> 
>
> Cristian Del Carlo
>
> Il testo e gli eventuali documenti trasmessi contengono informazioni
> riservate al destinatario indicato. La seguente e-mail è confidenziale e
> la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
>

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread Cristian Del Carlo 
Sorry i don't understand,

in my case i have only a WAN so wich type of rule i need?

I need to force the packets to my tunnel network over the vpn even if
my routing tables seem ok?

My routing tables:

10.0.8.1   link#10UH  08 ovpnc2
10.0.8.2   link#10UHS 00lo0
192.168.8.0/24 10.0.8.1   UGS 0   55 ovpnc2
192.168.9.0/24 link#2 U   0 38437351em1

Thanks,

2012/12/19 bruno.deb...@cyberoso.com :
> Hello,
>
> You might need a firewall rule for the remote network in your lan rules
> to force traffic to follow normal routing.
>
> In my case (2 WANs), I have a rule defining the defaut gateway for lan
> traffic. To permit the traffic to remote vpn site, I have to add a rule
> earlier for the remote network with no gateway so it will follow
> normal routing.
>
> My 2 cents...
>
>
> Le Wed, 19 Dec 2012 14:39:36 +0100,
> WolfSec-Support  a écrit :
>
>> may there are any fw rules there in LAN interface with similar
>> IP's/networks ?
>> some used this under 1.2.x and after upgrading to 2.x this caused
>> issues.
>>
>> onto routing:
>>
>> looks good
>>
>> here a similar setup of mine / 1 side:
>>
>> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1
>> 192.168.253.14 link#13 UHS 0 0 16384 lo0
>> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
>> ovpnc1
>> 192.168.242.0/24 link#1 U 0 1191195015 1500
>> vr0
>>
>>
>> rgds
>> stephan
>>
>>
>>
>> 2012/12/19 Cristian Del Carlo 
>>
>> > Hi,
>> >
>> > thanks for your help.
>> >
>> > My firewall rules  are  in both pfsense:
>> > Action: Pass
>> > Interface : Openvpn
>> > Protocol: Any
>> > Source: Any
>> > Destionation: Any
>> >
>> > This are my routing from firewall ( without public ip ):
>> >
>> > pfsense 1 - client:
>> > 10.0.8.1   link#10UH  0   15 ovpnc2
>> > 10.0.8.2   link#10UHS 00lo0
>> > 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
>> > 192.168.9.0/24 link#2 U   0 37598040em1
>> >
>> > pfsense 2 - server:
>> > 10.0.8.1   link#9 UHS 00lo0
>> > 10.0.8.2   link#9 UH  0   72 ovpns1
>> > 192.168.8.0/24 link#2 U   0   229122em1
>> > 192.168.8.1link#2 UHS 00lo0
>> > 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
>> >
>> > Could be a routing problem?
>> >
>> >
>> > 2012/12/19 WolfSec-Support :
>> > > Hi,
>> > >
>> > > do you have special rules in VPN tunnel ?
>> > > make sure to open OpenVPN ruleset as necessary
>> > >
>> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>> > >
>> > > but per default normally tunnel is open any<>any
>> > >
>> > > br
>> > > stephan
>> > >
>> > >
>> > > ___
>> > > List mailing list
>> > > List@lists.pfsense.org
>> > > http://lists.pfsense.org/mailman/listinfo/list
>> > >
>> >
>> >
>> >
>> > --
>> > 
>> >
>> > Cristian Del Carlo
>> >
>> > Il testo e gli eventuali documenti trasmessi contengono informazioni
>> > riservate al destinatario indicato. La seguente e-mail è
>> > confidenziale e la sua riservatezza è tutelata legalmente dal
>> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della
>> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi
>> > altra azione derivante dalla conoscenza di queste informazioni sono
>> > rigorosamente vietate. Qualora abbiate ricevuto questo documento
>> > per errore siete cortesemente pregati di darne immediata
>> > comunicazione al mittente e di provvedere, immediatamente, alla sua
>> > distruzione.
>> >
>> > 
>> > ___
>> > List mailing list
>> > List@lists.pfsense.org
>> > http://lists.pfsense.org/mailman/listinfo/list
>> >
>>
>>
>>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list



-- 


Cristian Del Carlo

Il testo e gli eventuali documenti trasmessi contengono informazioni
riservate al destinatario indicato. La seguente e-mail è confidenziale e
la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
altro uso non autorizzato o qualsiasi altra azione derivante dalla
conoscenza di queste informazioni sono rigorosamente vietate. Qualora
abbiate ricevuto questo documento per errore siete cortesemente pregati
di darne immediata comunicazione al mittente e di provvedere,
immediatamente, alla sua distruzione.

-

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread Cristian Del Carlo 
Hi,

even with 10.0.8.0/30 i have the same problem.

Any other suggest?


2012/12/19 Vassilis V. :
> Hi!
>
> Try this:
>
> pfsense2 - server:
> Tunnel network: 10.0.8.0/30 (no need for /24 on site2site)
>
> pfsense1 - client:
> Tunnel network: 10.0.8.0/30 (You can even keep it empty)
>
> Keeping or removing the remote network on the client side shouldn't be
> important, the difference being that if you keep it, you should see an
> error message that the route that has already been pushed by the server
> is re-issued by the client.
>
>
> hope it helps!
>
> Vassilis
>
>
> Cristian Del Carlo wrote on 19.12.2012 14:09:
>> Hi,
>>
>> thanks for your help.
>>
>> My firewall rules  are  in both pfsense:
>> Action: Pass
>> Interface : Openvpn
>> Protocol: Any
>> Source: Any
>> Destionation: Any
>>
>> This are my routing from firewall ( without public ip ):
>>
>> pfsense 1 - client:
>> 10.0.8.1   link#10UH  0   15 ovpnc2
>> 10.0.8.2   link#10UHS 00lo0
>> 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
>> 192.168.9.0/24 link#2 U   0 37598040em1
>>
>> pfsense 2 - server:
>> 10.0.8.1   link#9 UHS 00lo0
>> 10.0.8.2   link#9 UH  0   72 ovpns1
>> 192.168.8.0/24 link#2 U   0   229122em1
>> 192.168.8.1link#2 UHS 00lo0
>> 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
>>
>> Could be a routing problem?
>>
>>
>> 2012/12/19 WolfSec-Support :
>>> Hi,
>>>
>>> do you have special rules in VPN tunnel ?
>>> make sure to open OpenVPN ruleset as necessary
>>>
>>> this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>>>
>>> but per default normally tunnel is open any<>any
>>>
>>> br
>>> stephan
>>>
>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>>
>>



-- 


Cristian Del Carlo

Il testo e gli eventuali documenti trasmessi contengono informazioni
riservate al destinatario indicato. La seguente e-mail è confidenziale e
la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
altro uso non autorizzato o qualsiasi altra azione derivante dalla
conoscenza di queste informazioni sono rigorosamente vietate. Qualora
abbiate ricevuto questo documento per errore siete cortesemente pregati
di darne immediata comunicazione al mittente e di provvedere,
immediatamente, alla sua distruzione.


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread bruno.deb...@cyberoso.com 
Hello,

You might need a firewall rule for the remote network in your lan rules
to force traffic to follow normal routing.

In my case (2 WANs), I have a rule defining the defaut gateway for lan
traffic. To permit the traffic to remote vpn site, I have to add a rule
earlier for the remote network with no gateway so it will follow
normal routing. 

My 2 cents...


Le Wed, 19 Dec 2012 14:39:36 +0100,
WolfSec-Support  a écrit :

> may there are any fw rules there in LAN interface with similar
> IP's/networks ?
> some used this under 1.2.x and after upgrading to 2.x this caused
> issues.
> 
> onto routing:
> 
> looks good
> 
> here a similar setup of mine / 1 side:
> 
> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1
> 192.168.253.14 link#13 UHS 0 0 16384 lo0
> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
> ovpnc1
> 192.168.242.0/24 link#1 U 0 1191195015 1500
> vr0
> 
> 
> rgds
> stephan
> 
> 
> 
> 2012/12/19 Cristian Del Carlo 
> 
> > Hi,
> >
> > thanks for your help.
> >
> > My firewall rules  are  in both pfsense:
> > Action: Pass
> > Interface : Openvpn
> > Protocol: Any
> > Source: Any
> > Destionation: Any
> >
> > This are my routing from firewall ( without public ip ):
> >
> > pfsense 1 - client:
> > 10.0.8.1   link#10UH  0   15 ovpnc2
> > 10.0.8.2   link#10UHS 00lo0
> > 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
> > 192.168.9.0/24 link#2 U   0 37598040em1
> >
> > pfsense 2 - server:
> > 10.0.8.1   link#9 UHS 00lo0
> > 10.0.8.2   link#9 UH  0   72 ovpns1
> > 192.168.8.0/24 link#2 U   0   229122em1
> > 192.168.8.1link#2 UHS 00lo0
> > 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
> >
> > Could be a routing problem?
> >
> >
> > 2012/12/19 WolfSec-Support :
> > > Hi,
> > >
> > > do you have special rules in VPN tunnel ?
> > > make sure to open OpenVPN ruleset as necessary
> > >
> > > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
> > >
> > > but per default normally tunnel is open any<>any
> > >
> > > br
> > > stephan
> > >
> > >
> > > ___
> > > List mailing list
> > > List@lists.pfsense.org
> > > http://lists.pfsense.org/mailman/listinfo/list
> > >
> >
> >
> >
> > --
> > 
> >
> > Cristian Del Carlo
> >
> > Il testo e gli eventuali documenti trasmessi contengono informazioni
> > riservate al destinatario indicato. La seguente e-mail è
> > confidenziale e la sua riservatezza è tutelata legalmente dal
> > Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della
> > privacy). La lettura, copia o altro uso non autorizzato o qualsiasi
> > altra azione derivante dalla conoscenza di queste informazioni sono
> > rigorosamente vietate. Qualora abbiate ricevuto questo documento
> > per errore siete cortesemente pregati di darne immediata
> > comunicazione al mittente e di provvedere, immediatamente, alla sua
> > distruzione.
> >
> > 
> > ___
> > List mailing list
> > List@lists.pfsense.org
> > http://lists.pfsense.org/mailman/listinfo/list
> >
> 
> 
> 
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread Cristian Del Carlo 
Hi,

Thanks for your help.

Even in LAN i have :
My firewall rules  are  in both pfsense:
Action: Pass
Interface : LAN
Protocol: Any
Source: Any
Destionation: Any

If i ping the tunnel from a client seem ok:

ping 10.0.8.1 --> Ok
ping 10.8.8.2 --> OK
ping 192.168.8.X --> 100% packet loss

Thanks.

2012/12/19 WolfSec-Support :
> may there are any fw rules there in LAN interface with similar IP's/networks
> ?
> some used this under 1.2.x and after upgrading to 2.x this caused issues.
>
> onto routing:
>
> looks good
>
> here a similar setup of mine / 1 side:
>
> 192.168.253.13 link#13 UH 0 0 1500 ovpnc1
> 192.168.253.14 link#13 UHS 0 0 16384 lo0
> 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
> ovpnc1
> 192.168.242.0/24 link#1 U 0 1191195015 1500 vr0
>
> rgds
> stephan
>
>
>
>
> 2012/12/19 Cristian Del Carlo 
>>
>> Hi,
>>
>> thanks for your help.
>>
>> My firewall rules  are  in both pfsense:
>> Action: Pass
>> Interface : Openvpn
>> Protocol: Any
>> Source: Any
>> Destionation: Any
>>
>> This are my routing from firewall ( without public ip ):
>>
>> pfsense 1 - client:
>> 10.0.8.1   link#10UH  0   15 ovpnc2
>> 10.0.8.2   link#10UHS 00lo0
>> 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
>> 192.168.9.0/24 link#2 U   0 37598040em1
>>
>> pfsense 2 - server:
>> 10.0.8.1   link#9 UHS 00lo0
>> 10.0.8.2   link#9 UH  0   72 ovpns1
>> 192.168.8.0/24 link#2 U   0   229122em1
>> 192.168.8.1link#2 UHS 00lo0
>> 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
>>
>> Could be a routing problem?
>>
>>
>> 2012/12/19 WolfSec-Support :
>> > Hi,
>> >
>> > do you have special rules in VPN tunnel ?
>> > make sure to open OpenVPN ruleset as necessary
>> >
>> > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>> >
>> > but per default normally tunnel is open any<>any
>> >
>> > br
>> > stephan
>> >
>> >
>> > ___
>> > List mailing list
>> > List@lists.pfsense.org
>> > http://lists.pfsense.org/mailman/listinfo/list
>> >
>>
>>
>>
>> --
>> 
>>
>> Cristian Del Carlo
>>
>> Il testo e gli eventuali documenti trasmessi contengono informazioni
>> riservate al destinatario indicato. La seguente e-mail è confidenziale e
>> la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
>> del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
>> altro uso non autorizzato o qualsiasi altra azione derivante dalla
>> conoscenza di queste informazioni sono rigorosamente vietate. Qualora
>> abbiate ricevuto questo documento per errore siete cortesemente pregati
>> di darne immediata comunicazione al mittente e di provvedere,
>> immediatamente, alla sua distruzione.
>>
>> 
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>
>
>
>
> --
>
> Stephan Wolf
>
> WolfSec
> Rairing 65
> CH-8108 Dällikon
>
> +41 43 536 1191
> +41 76 566 8222
> http://www.wolfsec.ch
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>



-- 


Cristian Del Carlo

Il testo e gli eventuali documenti trasmessi contengono informazioni
riservate al destinatario indicato. La seguente e-mail è confidenziale e
la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
altro uso non autorizzato o qualsiasi altra azione derivante dalla
conoscenza di queste informazioni sono rigorosamente vietate. Qualora
abbiate ricevuto questo documento per errore siete cortesemente pregati
di darne immediata comunicazione al mittente e di provvedere,
immediatamente, alla sua distruzione.


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread Vassilis V. 
Hi!

Try this:

pfsense2 - server:
Tunnel network: 10.0.8.0/30 (no need for /24 on site2site)

pfsense1 - client:
Tunnel network: 10.0.8.0/30 (You can even keep it empty)

Keeping or removing the remote network on the client side shouldn't be
important, the difference being that if you keep it, you should see an
error message that the route that has already been pushed by the server
is re-issued by the client.


hope it helps!

Vassilis


Cristian Del Carlo wrote on 19.12.2012 14:09:
> Hi,
> 
> thanks for your help.
> 
> My firewall rules  are  in both pfsense:
> Action: Pass
> Interface : Openvpn
> Protocol: Any
> Source: Any
> Destionation: Any
> 
> This are my routing from firewall ( without public ip ):
> 
> pfsense 1 - client:
> 10.0.8.1   link#10UH  0   15 ovpnc2
> 10.0.8.2   link#10UHS 00lo0
> 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
> 192.168.9.0/24 link#2 U   0 37598040em1
> 
> pfsense 2 - server:
> 10.0.8.1   link#9 UHS 00lo0
> 10.0.8.2   link#9 UH  0   72 ovpns1
> 192.168.8.0/24 link#2 U   0   229122em1
> 192.168.8.1link#2 UHS 00lo0
> 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
> 
> Could be a routing problem?
> 
> 
> 2012/12/19 WolfSec-Support :
>> Hi,
>>
>> do you have special rules in VPN tunnel ?
>> make sure to open OpenVPN ruleset as necessary
>>
>> this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>>
>> but per default normally tunnel is open any<>any
>>
>> br
>> stephan
>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
> 
> 
> 
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread WolfSec-Support 
may there are any fw rules there in LAN interface with similar
IP's/networks ?
some used this under 1.2.x and after upgrading to 2.x this caused issues.

onto routing:

looks good

here a similar setup of mine / 1 side:

192.168.253.13 link#13 UH 0 0 1500 ovpnc1
192.168.253.14 link#13 UHS 0 0 16384 lo0
192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500
ovpnc1
192.168.242.0/24 link#1 U 0 1191195015 1500 vr0


rgds
stephan



2012/12/19 Cristian Del Carlo 

> Hi,
>
> thanks for your help.
>
> My firewall rules  are  in both pfsense:
> Action: Pass
> Interface : Openvpn
> Protocol: Any
> Source: Any
> Destionation: Any
>
> This are my routing from firewall ( without public ip ):
>
> pfsense 1 - client:
> 10.0.8.1   link#10UH  0   15 ovpnc2
> 10.0.8.2   link#10UHS 00lo0
> 192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
> 192.168.9.0/24 link#2 U   0 37598040em1
>
> pfsense 2 - server:
> 10.0.8.1   link#9 UHS 00lo0
> 10.0.8.2   link#9 UH  0   72 ovpns1
> 192.168.8.0/24 link#2 U   0   229122em1
> 192.168.8.1link#2 UHS 00lo0
> 192.168.9.0/24 10.0.8.2   UGS 01 ovpns1
>
> Could be a routing problem?
>
>
> 2012/12/19 WolfSec-Support :
> > Hi,
> >
> > do you have special rules in VPN tunnel ?
> > make sure to open OpenVPN ruleset as necessary
> >
> > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
> >
> > but per default normally tunnel is open any<>any
> >
> > br
> > stephan
> >
> >
> > ___
> > List mailing list
> > List@lists.pfsense.org
> > http://lists.pfsense.org/mailman/listinfo/list
> >
>
>
>
> --
> 
>
> Cristian Del Carlo
>
> Il testo e gli eventuali documenti trasmessi contengono informazioni
> riservate al destinatario indicato. La seguente e-mail è confidenziale e
> la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
> del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
> altro uso non autorizzato o qualsiasi altra azione derivante dalla
> conoscenza di queste informazioni sono rigorosamente vietate. Qualora
> abbiate ricevuto questo documento per errore siete cortesemente pregati
> di darne immediata comunicazione al mittente e di provvedere,
> immediatamente, alla sua distruzione.
>
> 
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>



-- 

Stephan Wolf

WolfSec
Rairing 65
CH-8108 Dällikon

+41 43 536 1191
+41 76 566 8222
http://www.wolfsec.ch
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Not connect ipsec vpn remote with local network different to LAN

2012-12-19 Thread Maykel Franco 
Thanks thanks thanks Jim, it works

Very thanks. I love pfsense...is the best software firewall.

Bye.

2012/12/10 Jim Pingle 

> On 12/10/2012 11:31 AM, may...@maykel.sytes.net wrote:
> > ok, well, then only connect with cisco vpn update to pfsense 2.1?
>
> It has nothing to do with Cisco - it's the NAT+IPsec feature you need.
>
> On 2.0.x (and even 1.2.x) it connects fine to Cisco in setups that do
> not require NAT+IPsec.
>
> Since you require NAT+IPsec, you need 2.1.
>
> Jim
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread Cristian Del Carlo 
Hi,

thanks for your help.

My firewall rules  are  in both pfsense:
Action: Pass
Interface : Openvpn
Protocol: Any
Source: Any
Destionation: Any

This are my routing from firewall ( without public ip ):

pfsense 1 - client:
10.0.8.1   link#10UH  0   15 ovpnc2
10.0.8.2   link#10UHS 00lo0
192.168.8.0/24 10.0.8.1   UGS 0   45 ovpnc2
192.168.9.0/24 link#2 U   0 37598040em1

pfsense 2 - server:
10.0.8.1   link#9 UHS 00lo0
10.0.8.2   link#9 UH  0   72 ovpns1
192.168.8.0/24 link#2 U   0   229122em1
192.168.8.1link#2 UHS 00lo0
192.168.9.0/24 10.0.8.2   UGS 01 ovpns1

Could be a routing problem?


2012/12/19 WolfSec-Support :
> Hi,
>
> do you have special rules in VPN tunnel ?
> make sure to open OpenVPN ruleset as necessary
>
> this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels
>
> but per default normally tunnel is open any<>any
>
> br
> stephan
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>



-- 


Cristian Del Carlo

Il testo e gli eventuali documenti trasmessi contengono informazioni
riservate al destinatario indicato. La seguente e-mail è confidenziale e
la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196
del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o
altro uso non autorizzato o qualsiasi altra azione derivante dalla
conoscenza di queste informazioni sono rigorosamente vietate. Qualora
abbiate ricevuto questo documento per errore siete cortesemente pregati
di darne immediata comunicazione al mittente e di provvedere,
immediatamente, alla sua distruzione.


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Openvpn site to site problem

2012-12-19 Thread WolfSec-Support 
Hi,

do you have special rules in VPN tunnel ?
make sure to open OpenVPN ruleset as necessary

this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels

but per default normally tunnel is open any<>any

br
stephan


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Openvpn site to site problem

2012-12-19 Thread Cristian Del Carlo 
Hi list,

i have  a problem with a vpn site to site psk with 2 pfsense 2.0.1.

My problem is that from the firewall everything looks correct, i can
ping or ssh the remote client ( i use linux client with no personal
firewall).
But from the clients i can't reach the remote lan.
I don't know where is my problem, i try to rewrite the configuration a
lot of times.

This is my configuration ( without public ip and psk ) :

lan1 192.168.9.0  <---> pfsense1 <--> pfsense2 <--> lan 2 192.168.8.0

pfsense2 - server:
server mode: peer to peer ( shared key )
Protocol : udp
Device : tun
Tunnel network: 10.0.8.0/24
Local Network : 192.168.8.0/24
Remote network: 192.168.9.0/24
Compression : LZO

pfsense1 - client:
server mode: peer to peer ( shared key )
Protocol: udp
Device: tun
Tunnel network: 10.0.8.0/24
Remote Network : 192.168.8.0/24
Compression : LZO

My firewall in both side is set to pass any protocol for openvpn device.

Could you help me?

Thanks in advance.



Cristian Del Carlo
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Virtual IP alias on LAN interface as gateway for subnet

2012-12-19 Thread Marcio Merlone 

Greetings,

I have set a virtual ip alias on my lan interface and have to use it as 
the gateway for that subnet. This alias is on a different subnet, like this:


bge0 -> 192.168.0.1/24
bge0 alias -> 10.0.0.1/24

I need it to be the default gateway for both subnets. Is there something 
else needed besides creating the firewall rule? A client machine can 
ping 10.0.0.1 but cannot use it as gateway. Subnet 192.168.0.0/24 works 
fine.


Thanks for any hint.

--
Marcio Merlone
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list