Re: [pfSense] IPSec connection without default-route
Hi, sorry for my rerequest. Is there a way to set up an IPsec connection without routing all the client-traffic thrue the pfSense router? In my case the client is setting a route add 0.0.0.0 netmask 0.0.0.0 gw ipsec-connection-ip. Wished would be that the client only add a route route add 192.168.150.0 netmask 255.255.255.0 gw ipsec-connection-ip. Best regards, Claudio Am 06.02.2013 11:25, schrieb Claudio Thomas: Hi, actually when connecting via IPSec from Client (A) to pfSense 2.02 (B) all traffic from A is routed to B. Actual routing look like: Client ApfSense BNetwork 10.8.0.5/32 - 10.8.0.1/24 192.168.150.0/24 | +-- Internet But the whiched routing is: Client ApfSense BNetwork 10.8.0.5/32 - 10.8.0.1/24 192.168.150.0/24 | +-- Internet What must I change on my pfSense Config, so that A only receives a route to the Network behind B an not a default route (0.0.0.0/0)? Best regards, Claudio ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Snort and multiple vlans
I'm having issues where Snort is not alerting anything on my LAN as well as my VLAN's...My WAN works fine, but its connected to the cloud, but for some reason snort isn't logging anything on my other interfaces that are inside my network. -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ugo Bellavance Sent: Tuesday, February 12, 2013 4:45 PM To: list@lists.pfsense.org Subject: Re: [pfSense] Snort and multiple vlans On 2013-02-12 15:41, Josh Bitto wrote: I've read the documentation on snort not working really that well with vlansIs there anyone out there that has been successful with this? What do you mean exactly? I think that if snort is listening on interfaces in all the vlans you want to cover it should be OK. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] bogon networks update failing
On 2013-02-12 20:48, Chris Buechler wrote: On Tue, Feb 12, 2013 at 12:46 PM, Ugo Bellavance u...@lubik.ca wrote: Hi, I get this error in the logs: root: Could not download http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5 (md5 mismatch) That's what happens when something upstream is breaking your Internet connectivity and returning bunk data, for instance maybe a captive portal, or a proxy server returning something other than the actual file, amongst other possibilities. Go to a command prompt on the firewall and run: fetch http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5 and cat the resulting file to see what you're getting, should help track down what's happening. [2.0.1-RELEASE][user@]/home/user(4): cat bogon-bn-nonagg.txt.md5 MD5 (/home/cmb/bogons/bogon-bn-nonagg.txt) = 9fb7d3a1645fbbe899e4c0938b6858f1 I fetched http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt, md5'd it and it gives this: MD5 (bogon-bn-nonagg.txt) = 9fb7d3a1645fbbe899e4c0938b6858f1 I don't really see what could have been wrong. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Snort and multiple vlans
On 2013-02-13 11:12, Josh Bitto wrote: I'm having issues where Snort is not alerting anything on my LAN as well as my VLAN's...My WAN works fine, but its connected to the cloud, but for some reason snort isn't logging anything on my other interfaces that are inside my network. I haven't ever used snort on pfsense, but have you configured it to listen on all the interfaces you want to monitor? You'd have to provide more info on your setup... ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] bogon networks update failing
On 2013-02-12 20:57, Michael Schuh wrote: DNS is working correct? Yes an MTR reports no packet loss or bogus routing or flaky routes? Hmmm, MTR? Your provider does not block or control traffic through transparent proxies? I really don't think so. Wen I go to http://www.whatismyip.com/, it returns the IP address associated with my wan interface, and it says No proxy detected. Thanks, Ugo ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list