[pfSense] DHCP/Local DNS ping host name

2015-12-12 Thread Ryan Coleman 
I’m totally having a brain far weekend on this… but there’s a way (or so I 
think) to link the DNS and DHCP hostnames… How do I do that?

—
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] HAproxy question

2015-12-12 Thread Kostas Backas 
Do you have Snort in your setup? I've seen IPS causing this behavior.

Best regards

Kostas

Sent from my iPhone

> On 12 Δεκ 2015, at 00:13, C. R. Oldham  wrote:
> 
> Actually I think I characterized this problem the wrong way.
> 
> It appears that neither haproxy nor nginx (when used as a proxy) are
> reliable on our pfSense firewall.  They will work for a while, then they
> stop passing traffic for a while, then they work awhile.  Restarting them
> doesn't make them responsive immediately.  I am at a loss to explain this.
> I've confirmed there are no other processes listening on port 443 on any IP
> (virtual or physical).  If anyone has ideas I'd love to hear them.
> 
> --cro
> 
> 
>> On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham  wrote:
>> 
>> Greetings,
>> 
>> We've recently replaced both our routers with pfSense.  I am using tinc
>> for site-to-site VPN and OpenVPN for clients to connect.
>> 
>> Since some of our support engineers often end up onsite with customers, I
>> want to enable OpenVPN over TCP port 443--we've noticed that many of our
>> customers block outbound UDP, but using the https port works fine.
>> 
>> However, we also have haproxy on our firewall proxying for some web
>> applications on port 443. but on a different virtual IP from OpenVPN.  If I
>> enable OpenVPN on the TCP port, haproxy stops working, even though they are
>> listening on different IPs.
>> 
>> I have appropriate firewall rules for both virtual IPs in place.
>> 
>> Can anyone shed some insight on how I can fix this?
>> 
>> Thanks.
>> 
>> --cro
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

2015-12-12 Thread Doug Lytle 
It would appear you're just interested in being confrontational.  I have you 
have a nice day.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] HAproxy question

2015-12-12 Thread Ivo Tonev 
Run "netstat -anl | grep LISTEN | grep 443" ( for tcp ) to verify on whitch
port/ip haproxy and openvpn are running. Openvpn don't listen on VIP.
Em 12/12/2015 10:31, "C. R. Oldham"  escreveu:

> Actually I think I characterized this problem the wrong way.
>
> It appears that neither haproxy nor nginx (when used as a proxy) are
> reliable on our pfSense firewall.  They will work for a while, then they
> stop passing traffic for a while, then they work awhile.  Restarting them
> doesn't make them responsive immediately.  I am at a loss to explain this.
> I've confirmed there are no other processes listening on port 443 on any IP
> (virtual or physical).  If anyone has ideas I'd love to hear them.
>
> --cro
>
>
> On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham  wrote:
>
> > Greetings,
> >
> > We've recently replaced both our routers with pfSense.  I am using tinc
> > for site-to-site VPN and OpenVPN for clients to connect.
> >
> > Since some of our support engineers often end up onsite with customers, I
> > want to enable OpenVPN over TCP port 443--we've noticed that many of our
> > customers block outbound UDP, but using the https port works fine.
> >
> > However, we also have haproxy on our firewall proxying for some web
> > applications on port 443. but on a different virtual IP from OpenVPN.
> If I
> > enable OpenVPN on the TCP port, haproxy stops working, even though they
> are
> > listening on different IPs.
> >
> > I have appropriate firewall rules for both virtual IPs in place.
> >
> > Can anyone shed some insight on how I can fix this?
> >
> > Thanks.
> >
> > --cro
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] HAproxy question

2015-12-12 Thread Chris Buechler 
On Fri, Dec 11, 2015 at 9:14 AM, C. R. Oldham  wrote:
> Greetings,
>
> We've recently replaced both our routers with pfSense.  I am using tinc for
> site-to-site VPN and OpenVPN for clients to connect.
>
> Since some of our support engineers often end up onsite with customers, I
> want to enable OpenVPN over TCP port 443--we've noticed that many of our
> customers block outbound UDP, but using the https port works fine.
>
> However, we also have haproxy on our firewall proxying for some web
> applications on port 443. but on a different virtual IP from OpenVPN.  If I
> enable OpenVPN on the TCP port, haproxy stops working, even though they are
> listening on different IPs.
>

One or the other must be bound to *:443 (guessing haproxy since
OpenVPN will only bind to a single IP). You can check that with
'sockstat -4' if you want to pursue that further.

It's probably easiest to just run your OpenVPN on some other port on
localhost, say port 4443. Then add a port forward on WAN to send 443
on the OpenVPN VIP to 127.0.0.1:4443. Then you can also add port
forwards for ports 80, 53, and however many others you want to make
available for additional options.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold