Re: [pfSense] Multiple Roadwarrior OpenVPN on my PFSense server

2015-01-20 Thread Chris Buechler
On Mon, Jan 19, 2015 at 10:28 PM, Mark Wass m...@market-analyst.com wrote: Hi Guys I want to add a second Roadwarrior OpenVPN server to my PFSense server but when I go through the wizard process of creating it (on port 1196) I can't connect to it. When I do a telnet to the WAN port IP on

Re: [pfSense] Multiple Roadwarrior OpenVPN on my PFSense server

2015-01-20 Thread Bryan D.
On 2015-Jan-19, at 8:28 PM, Mark Wass m...@market-analyst.com wrote: snip'd I've checked my WAN firewall rules and can see that the Wizard has added an open port to 1196 in the rules. Is there some sort of rule that does not allow me to have multiple OpenVPN servers running? I have 3

Re: [pfSense] issues registering VoIP phone through pfSense

2015-01-20 Thread Doug Lytle
marc matthes wrote: I have Nat turned on and to register with proxy enabled but I can’t get the phone to register. Did you also turn NAT on in sip.conf for the extension in Asterisk? It is necessary. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a

Re: [pfSense] openvpn - how do i nat the vpn segment?

2015-01-20 Thread Antonio Prado
On 1/20/15 4:27 PM, Randy Bush wrote: i do not know how to dump the NAT and firewall rules to text, darn it. randy, backup -- [Firewall Rules | NAT] -- download that's conf to text (xml), not so compact and viewer friendly tho -- antonio ___ pfSense

[pfSense] openvpn - how do i nat the vpn segment?

2015-01-20 Thread Randy Bush
pfsense openvpn comes up. the macintosh client's viscosity blob turns green and i can ping only very close things.pfsense vm. .. || | debian libvirt host +--- 42.666.165.138/26 |

Re: [pfSense] [Bulk] Re: openvpn - how do i nat the vpn segment?

2015-01-20 Thread PiBa
Check you have 'manual outbound nat' selected, otherwise the manual rules dont apply.. As to view the actual pf rules created you can look at the file /tmp/rules.debug using for example the menu option diagnostics/editfile. Or run pfctl -sn on ssh/console to view nat rules. Antonio Prado

Re: [pfSense] Enforcing policy routing gateway

2015-01-20 Thread Steven Sherwood
I have two kludgy (and untested) ideas if per gateway functionality is required. 1) Disable gateway monitoring for your VPN gateway so pfSense always considers it ‘up’. Your traffic wouldn’t flow to the default gateway, but you also wouldn’t know the VPN gateway was down. (in pfSense at

[pfSense] IPSec (V1), using Mutual RSA + Xauth in Road-Warrior

2015-01-20 Thread Robert Guerra
I've uploaded to my Google Drive a quick set instructions for using IPSec (V1), using Mutual RSA + Xauth in Road-Warrior style. You can access the PDF at the following address: https://drive.google.com/file/d/0B5vAD_Xq4PXzRVUzNTBkVXJ5bjA/view?usp=sharing The instructions are a modified

Re: [pfSense] openvpn - how do i nat the vpn segment?

2015-01-20 Thread Randy Bush
pfsense openvpn comes up. the macintosh client's viscosity blob turns green and i can ping only very close things.pfsense vm. .. || | debian libvirt host +--- 42.666.165.138/26 |

Re: [pfSense] Multiple Roadwarrior OpenVPN on my PFSense server

2015-01-20 Thread Mark Wass
Thanks Guys all sorted now. Ended up being a problem with an old OpenVPN client trying to connect. On 20/01/2015 7:36 pm, Chris Buechler wrote: On Mon, Jan 19, 2015 at 10:28 PM, Mark Wass m...@market-analyst.com mailto:m...@market-analyst.com wrote: Hi Guys I want to add a second

Re: [pfSense] VFA VPN throughput?

2015-01-20 Thread Jim Thompson
On Jan 20, 2015, at 4:53 PM, Adam Thompson athom...@athompso.net wrote: Jim/other: Do you have any guidelines for sizing VPN throughput when using the pfSense Certified VFA ? -- -Adam Thompson athom...@athompso.net ___ pfSense mailing

[pfSense] VFA VPN throughput?

2015-01-20 Thread Adam Thompson
Jim/other: Do you have any guidelines for sizing VPN throughput when using the pfSense Certified VFA ? -- -Adam Thompson athom...@athompso.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] Enforcing policy routing gateway

2015-01-20 Thread Chris L
On every rule that specifies a gateway, set a mark on the traffic then block the traffic with the mark on the interface(s) you don’t want it to egress. Say you have GW_WAN1 and GW_WAN2. On the rule that policy routes traffic out GW_WAN2, make the rule also set a mark of WAN2_ONLY. Then make a