Re: [pfSense] IPSec tunnels on AT U-Verse
We’ll try that, thanks for the suggestion. I don’t recall us using that anywhere else … Would be great if it works! I’ll let you know. Thanks Jim. ~ Laz Peterson Paravis, LLC > On May 13, 2017, at 3:57 PM, Jim Thompsonwrote: > > > Maybe NAT traversal? > > https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal > >> On May 13, 2017, at 5:30 PM, Laz C. Peterson wrote: >> >> Hello everyone, >> >> We’re having a pretty interesting problem here … >> >> To give you the quick summary, we have AT U-Verse “Business Fiber” (which >> is a fancy way of saying it’s actual fiber, but the budget kind …) and have >> very serious issues establishing any TLS or SSL encrypted connections >> through IPSec tunnels. >> >> If we plug a SonicWALL device in, same tunnel settings, we have no issues at >> all. But our pfSense device (it is a SG-2440) struggles very hard and we >> cannot do simple encrypted services over this tunnel — including downloading >> email, synchronizing AD domain servers, or even rsync over SSH. >> >> It’s been very troubling. When plugging in the SonicWALL, all of these >> services work completely flawlessly. The second we use the pfSense, none of >> the encrypted protocols through the tunnel work. >> >> I’ve been thinking about MSS and MTU, but I really don’t know where to >> begin. The SonicWALL seems to be able to figure these things out on its own >> (if that’s even the issue). But I’m at a total loss. >> >> Any suggestions? >> >> ~ Laz Peterson >> Paravis, LLC >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] solved: Re: uncomplete update to 2.3.4, no route to host
Ahoi Jim, Am Freitag, 12. Mai 2017, 13:25:25 CEST schrieb Jim Pingle: > pkg does not use A/ records, it uses SRV records, which are present > and work fine: ah, okay! > > $ host -t srv _https._tcp.pkg.pfsense.org > _https._tcp.pkg.pfsense.org has SRV record 10 10 443 files00.netgate.com. > _https._tcp.pkg.pfsense.org has SRV record 10 10 443 files01.netgate.com. > > OPs problem is not related to DNS. "No route to host" indicates they > have a problem with their connectivity, for example they may have broken > or half-configured IPv6 that is present but not usable for routing. thanks! for clearing this!! I just tried it and it works now. Stefan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] IPSec tunnels on AT U-Verse
Maybe NAT traversal? https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal > On May 13, 2017, at 5:30 PM, Laz C. Petersonwrote: > > Hello everyone, > > We’re having a pretty interesting problem here … > > To give you the quick summary, we have AT U-Verse “Business Fiber” (which > is a fancy way of saying it’s actual fiber, but the budget kind …) and have > very serious issues establishing any TLS or SSL encrypted connections through > IPSec tunnels. > > If we plug a SonicWALL device in, same tunnel settings, we have no issues at > all. But our pfSense device (it is a SG-2440) struggles very hard and we > cannot do simple encrypted services over this tunnel — including downloading > email, synchronizing AD domain servers, or even rsync over SSH. > > It’s been very troubling. When plugging in the SonicWALL, all of these > services work completely flawlessly. The second we use the pfSense, none of > the encrypted protocols through the tunnel work. > > I’ve been thinking about MSS and MTU, but I really don’t know where to begin. > The SonicWALL seems to be able to figure these things out on its own (if > that’s even the issue). But I’m at a total loss. > > Any suggestions? > > ~ Laz Peterson > Paravis, LLC > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] IPSec tunnels on AT U-Verse
Hello everyone, We’re having a pretty interesting problem here … To give you the quick summary, we have AT U-Verse “Business Fiber” (which is a fancy way of saying it’s actual fiber, but the budget kind …) and have very serious issues establishing any TLS or SSL encrypted connections through IPSec tunnels. If we plug a SonicWALL device in, same tunnel settings, we have no issues at all. But our pfSense device (it is a SG-2440) struggles very hard and we cannot do simple encrypted services over this tunnel — including downloading email, synchronizing AD domain servers, or even rsync over SSH. It’s been very troubling. When plugging in the SonicWALL, all of these services work completely flawlessly. The second we use the pfSense, none of the encrypted protocols through the tunnel work. I’ve been thinking about MSS and MTU, but I really don’t know where to begin. The SonicWALL seems to be able to figure these things out on its own (if that’s even the issue). But I’m at a total loss. Any suggestions? ~ Laz Peterson Paravis, LLC ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Host Overrides in Services/DNS Forwarder not working until manual restart of DNS Forwarder Service
Hi, I'm seeing this on 2.3.3-RELEASE and 2.3.4-RELEASE, not sure if older versions are affected as well. I have multiple entries in the Services/DNS Forwarder/Host Overrides section, all looking similar to this one: |wpad|office.local|192.168.2.3|Microsoft Proxy Autoconfiguration| When I attach a Client computer to any of the downstream interfaces of this pfSense installation (it has two), I get: nslookup wpad.office.local Server: 192.168.134.1 Address:192.168.134.1#53 ** server can't find wpad.office.local: NXDOMAIN (192.168.134.1 is the pfSense IP on that network) As soon as I log in to the pfSense WebGUI, go to Services/DNS Forwarder, and hit the "circle arrow" that says "Restart Service", DNS lookups from the clients start to work. Upstream DNS resolving is not affected, though - trying nslookup www.google.com will give the correct result from the start. This somehow doesn't look right. Any insights? Bug in pfSense or misconfiguration on my side? Kind Regards, Stefan Baur ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold