from:"Alberto Moreno"

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

2017-12-01 Thread Alberto Moreno

The last version from 2.3.x is 2.3.5 u can stick with latter u can test
2.4.2 upgrade.


On Sun, Nov 26, 2017 at 4:04 AM, Eero Volotinen 
wrote:

> just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there any
> known issues?
>
> it's not so complex setup, but running as our hq main firewall. so, some
> ipsec and openvpn connections are running against it.
>
>
>
> Eero
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
LIving the dream...
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] SquidGuard Allow facebook/company url only?

2017-11-30 Thread Alberto Moreno

Hi.

I'm trying to figure out how to allow our users just access Facebook
company site:

www.facebook.com/My-Company/

I add in Target Categories the url above, I select the Target as whitelist
in our users, but SG is not accepting my url, I have try different inputs
like:

www,
.facebook

different settings, but checking squid log I got this:

ERROR: URL-rewrite produces invalid request: GET ERR HTTP/1.1

My SG log I had this:

facebook.com:443 Request(RH/blk_BL_socialnet/-) equezada CONNECT REDIRECT

For some reason my Target Whitelist is not working because SG jump and go
to the socialnet block and done, block our users.

RH  {
pass FB whitelist !in-addr !blk_BL_anonvpn !blk_BL_porn
!blk_BL_socialnet blk_BL_searchengines all
redirect
http://192.168.100.2:80/sgerror.php?url=403%20Sitio%20Prohibido%20para%20el%20departamento%20de%20RH=%a=%n=%i=%s=%t=%u
log block.log
}

We don't want them to access social sites just our company-site inside
facebook.

Is possible?

Pfsense 2.3.5, thanks.

-- 
LIving the dream...
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Voucher system inside FreeRadius?

2014-07-11 Thread Alberto Moreno

Hi.

I'm working with CP, the voucher system can this info be genenerate with
FRadius2 and save the info in a DB like MySQL.

The ides is to go enterprise +500 users.

Some is doing this now with the current voucher system with ot without
fradius?

Running pfsense 2.1.4.

-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Per-user bandwidth restriction by voucher roll?

2014-07-11 Thread Alberto Moreno

Hi.

Is possible to setup Per-user bandwidth restriction by voucher roll?

Maybe I want to sell, 7 days voucher for VIP users and other with normal
bandwidth.

Thanks.

-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Per-user bandwidth restriction by voucher roll?

2014-07-11 Thread Alberto Moreno

On Fri, Jul 11, 2014 at 9:24 AM, A Mohan Rao mohanra...@gmail.com wrote:

 With capative portal it works good.
 There u can very easily set per user through mac binding set bandwidth.

 Thanks

 Mohan Rao
 On Jul 11, 2014 9:50 PM, Alberto Moreno ports...@gmail.com wrote:

 Hi.

 Is possible to setup Per-user bandwidth restriction by voucher roll?

 Maybe I want to sell, 7 days voucher for VIP users and other with normal
 bandwidth.

 Thanks.

 --
 LIving the dream...

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



In a Hotel by example, is impossible to manage MAC's.
Don't u think?

LIving the dream...
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Per-user bandwidth restriction by voucher roll?

2014-07-11 Thread Alberto Moreno

On Fri, Jul 11, 2014 at 9:52 AM, A Mohan Rao mohanra...@gmail.com wrote:

 So u can use traffic shaping!
 On Jul 11, 2014 10:11 PM, Alberto Moreno ports...@gmail.com wrote:




 On Fri, Jul 11, 2014 at 9:24 AM, A Mohan Rao mohanra...@gmail.com
 wrote:

 With capative portal it works good.
 There u can very easily set per user through mac binding set bandwidth.

 Thanks

 Mohan Rao
 On Jul 11, 2014 9:50 PM, Alberto Moreno ports...@gmail.com wrote:

 Hi.

 Is possible to setup Per-user bandwidth restriction by voucher roll?

 Maybe I want to sell, 7 days voucher for VIP users and other with
 normal bandwidth.

 Thanks.

 --
 LIving the dream...

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



 In a Hotel by example, is impossible to manage MAC's.
 Don't u think?

 LIving the dream...

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



More complex the setup, if this works for general cp maybe we can do
something to make it work by voucher will a good bonus...
-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] traffic shaping doubts about floating rules?

2014-05-06 Thread Alberto Moreno

 Once we setup TS on pfsense(2.1.3), the wizard create some floating rules.
 Now, we have the option in the firewall-rules-LAN, to create our rule
and specify if we want to use some Ackqueue/Queue/

 What difference we have if setup here or with floating rules?

 And what is the meaning of those fields?

Thanks.

-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] captive portal https any success?

2013-07-24 Thread Alberto Moreno

I had finally made this works.

Squid help me, most sites that use https like paypal.com, they don't just
have 1 domain, once u get connected u see a lot of domains/ip that appear
related to the domain, I just start adding them to Allowed IP or Allowed
hostname.

Some of them work with IP, others with hostnames, others need both.

But is working, thanks!!!


On Tue, Jul 23, 2013 at 5:30 PM, Alberto Moreno ports...@gmail.com wrote:

 Hi Chris.

 Went u say certificate errors u mean that ugly message that appear in
 the browser went u access sites with certificates not register?

 Will be great to see this working, maybe for me is not a problem, if works.

 Wondering how other open/commercial products handle this?

 Thanks Chris.


 On Tue, Jul 23, 2013 at 4:55 PM, Chris L c...@viptalk.net wrote:


 On Jul 23, 2013, at 9:19 AM, Alberto Moreno ports...@gmail.com wrote:

  Just wondering.
 
  I'm running pfsense 2.0.3, does anyone have any success history with
 pfsense and https pages like https://facebook.com?
 
  I want to allow under cp some pages without auth, like facebook and
 others.
 
  But u know that fb change to https:// but once a user type facebook
 the browser point to https:// which is good but the browser won't load
 the page.
 
  U see pfsense logs and u see the connection but is all.
 
  The long history is that pfsense cp does not allow that because the
 developers need to do a hack is what I understand I'm not a developer.
 
  Some one have been able to allow fb without auth under pfsense?
 
  Does only pfsense suffer this or is general for other products?
 
  Someone had try to fix this?
 
  Thanks.


 It's not that a hack is necessary.  Nobody can redirect an https page to
 a captive portal signon without the user being presented with certificate
 errors.

 At least not without a lot of https proxying and a root certificate
 installed in the client browser.
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list




 --
 LIving the dream...




-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] captive portal https any success?

2013-07-23 Thread Alberto Moreno

Just wondering.

I'm running pfsense 2.0.3, does anyone have any success history with
pfsense and https pages like https://facebook.com?

I want to allow under cp some pages without auth, like facebook and others.

But u know that fb change to https:// but once a user type facebook the
browser point to https:// which is good but the browser won't load the page.

U see pfsense logs and u see the connection but is all.

The long history is that pfsense cp does not allow that because the
developers need to do a hack is what I understand I'm not a developer.

Some one have been able to allow fb without auth under pfsense?

Does only pfsense suffer this or is general for other products?

Someone had try to fix this?

Thanks.

-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] captive portal https any success?

2013-07-23 Thread Alberto Moreno

Hi Chris.

Went u say certificate errors u mean that ugly message that appear in the
browser went u access sites with certificates not register?

Will be great to see this working, maybe for me is not a problem, if works.

Wondering how other open/commercial products handle this?

Thanks Chris.


On Tue, Jul 23, 2013 at 4:55 PM, Chris L c...@viptalk.net wrote:


 On Jul 23, 2013, at 9:19 AM, Alberto Moreno ports...@gmail.com wrote:

  Just wondering.
 
  I'm running pfsense 2.0.3, does anyone have any success history with
 pfsense and https pages like https://facebook.com?
 
  I want to allow under cp some pages without auth, like facebook and
 others.
 
  But u know that fb change to https:// but once a user type facebook the
 browser point to https:// which is good but the browser won't load the
 page.
 
  U see pfsense logs and u see the connection but is all.
 
  The long history is that pfsense cp does not allow that because the
 developers need to do a hack is what I understand I'm not a developer.
 
  Some one have been able to allow fb without auth under pfsense?
 
  Does only pfsense suffer this or is general for other products?
 
  Someone had try to fix this?
 
  Thanks.


 It's not that a hack is necessary.  Nobody can redirect an https page to a
 captive portal signon without the user being presented with certificate
 errors.

 At least not without a lot of https proxying and a root certificate
 installed in the client browser.
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list




-- 
LIving the dream...
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Captiev Portal+Freeradius2, Amount Of Time not working.

2012-11-26 Thread Alberto Moreno

   I setup a centos  box running 5.x with freeradius, I setup freeradius
for user time stuff, I setup pfsense-CP and point to this machine, I start
my test and... failed.
   The same issue, the counter is not doing they job.
   Now this could be related to pfsense-cp module or freeradius?



On Sat, Nov 3, 2012 at 10:36 AM, Alberto Moreno ports...@gmail.com wrote:

 Hi.

  Is enable!!!


 On Fri, Nov 2, 2012 at 6:53 AM, Ermal Luçi ermal.l...@gmail.com wrote:




 On Thu, Nov 1, 2012 at 6:17 AM, Alberto Moreno ports...@gmail.comwrote:

 Hi.
 I have been trying to figure out how to setup pfsense 2.0.1 captive
 portal+freeradius2, I want to enable the Amount of Time feature.
 I had read the doc about this, but maybe I miss something.

 The thing is that if I test in the console I can see FreeRADIUS give to
 me the info right.

 What is the problem?


 From what i see you fail to enable radius session-timeout(Use radius
 session timeout attribute) on the CP config page.


  Went I add a user example:

 user1 psw1 Amount of Time=15
 user2 psw2 Amount of Time=3
 user3 psw3 Amount of Time=20

 CP always close the connection before time, check logs:

 20:14:1220:19:41 user1 real time: 5 minutes
 20:30:3020:33:00 user2 real time: 3 minutes
 20:35:2820:42:16 user3 real time: 7 minutes

 U can see the problem.

 Now, lets see FR2 user settings:

 user1 Cleartext-Password := psw1, Max-Daily-Session := 900
 user2 Cleartext-Password := psw2, Max-Daily-Session := 180
 user3 Cleartext-Password := psw3, Max-Daily-Session := 1200

 I had test each user with radtest and I see my settings good, check:

 radtest user1 user1 172.16.1.1 100 secret

 Sending Access-Request of id 48 to 172.16.1.1 port 1812
 User-Name = user1
 User-Password = psw1
 NAS-IP-Address = 192.168.50.1
 NAS-Port = 100
 Message-Authenticator = 0x
 rad_recv: Access-Accept packet from host 172.16.1.1 port 1812, id=48,
 length=26
 Session-Timeout = 900

 Looks good, right?

 This is my radiusd.conf:

 /usr/local/etc/raddb/radiusd.conf
 prefix = /usr/local
 exec_prefix = ${prefix}
 sysconfdir = ${prefix}/etc
 localstatedir = /var
 sbindir = ${exec_prefix}/sbin
 logdir = ${localstatedir}/log
 raddbdir = ${sysconfdir}/raddb
 radacctdir = ${logdir}/radacct
 confdir = ${raddbdir}
 run_dir = ${localstatedir}/run
 libdir = ${exec_prefix}/lib/freeradius-2.1.12
 pidfile = ${run_dir}/radiusd.pid
 db_dir = ${raddbdir}
 name = radiusd
 #chroot = /path/to/chroot/directory
 #user = freeradius
 #group = freeradius


 ###
 ### Is not present in freeradius 2.x radiusd.conf anymore but it was in
 1.x ###
 ### delete_blocked_requests =
 no###
 ### usercollide =
 no###
 ### lower_user =
 no ###
 ### lower_pass =
 no ###
 ### nospace_user =
 no   ###
 ### nospace_pass =
 no   ###

 ###

 max_request_time = 30
 cleanup_delay = 5
 max_requests = 1024
 hostname_lookups = no
 allow_core_dumps = no
 regular_expressions = yes
 extended_expressions = yes
 listen {
 type = auth
 ipaddr = 172.16.1.1
 port = 1812
 }
 listen {
 type = acct
 ipaddr = 172.16.1.1
 port = 1813
 }

 log {
 destination = syslog
 file = ${logdir}/radius.log
 syslog_facility = daemon
 stripped_names = no
 auth = yes
 auth_badpass = yes
 auth_goodpass = yes
 msg_goodpass = 
 msg_badpass = 
 }

 checkrad = ${sbindir}/checkrad
 security {
 max_attributes = 200
 reject_delay = 1
 status_server = no
 }

 ### disbale proxy module. In most environments we do not need to proxy
 requests to another RADIUS PROXY server
 #proxy_requests = yes
 #$INCLUDE  proxy.conf
 $INCLUDE  clients.conf
 thread pool {
 start_servers = 5
 max_servers = 32
 min_spare_servers = 3
 max_spare_servers = 10
 max_queue_size = 65536
 max_requests_per_server = 0
 }

 modules {
 $INCLUDE ${confdir}/modules/
 $INCLUDE eap.conf
 ### Dis-/Enable sql.conf INCLUDE
 #$INCLUDE sql.conf

 ### Dis-/Enable sql/mysql/counter.conf INCLUDE
 #$INCLUDE sql/mysql/counter.conf

 #$INCLUDE sqlippool.conf
 }

 instantiate {

 exec
 expr
 daily
 weekly
 monthly
 forever
 expiration
 logintime
 ### Dis-/Enable sql instatiate
 #sql
 }
 $INCLUDE policy.conf
 $INCLUDE sites-enabled/

 Clients.conf

 /usr/local/etc/raddb/clients.conf

 client cp {
 ipaddr = 172.16.1.1
 proto = udp
 secret = secret-key

Re: [pfSense] Captiev Portal+Freeradius2, Amount Of Time not working.

2012-11-03 Thread Alberto Moreno

Hi.

 Is enable!!!


On Fri, Nov 2, 2012 at 6:53 AM, Ermal Luçi ermal.l...@gmail.com wrote:




 On Thu, Nov 1, 2012 at 6:17 AM, Alberto Moreno ports...@gmail.com wrote:

 Hi.
 I have been trying to figure out how to setup pfsense 2.0.1 captive
 portal+freeradius2, I want to enable the Amount of Time feature.
 I had read the doc about this, but maybe I miss something.

 The thing is that if I test in the console I can see FreeRADIUS give to
 me the info right.

 What is the problem?


 From what i see you fail to enable radius session-timeout(Use radius
 session timeout attribute) on the CP config page.


 Went I add a user example:

 user1 psw1 Amount of Time=15
 user2 psw2 Amount of Time=3
 user3 psw3 Amount of Time=20

 CP always close the connection before time, check logs:

 20:14:1220:19:41 user1 real time: 5 minutes
 20:30:3020:33:00 user2 real time: 3 minutes
 20:35:2820:42:16 user3 real time: 7 minutes

 U can see the problem.

 Now, lets see FR2 user settings:

 user1 Cleartext-Password := psw1, Max-Daily-Session := 900
 user2 Cleartext-Password := psw2, Max-Daily-Session := 180
 user3 Cleartext-Password := psw3, Max-Daily-Session := 1200

 I had test each user with radtest and I see my settings good, check:

 radtest user1 user1 172.16.1.1 100 secret

 Sending Access-Request of id 48 to 172.16.1.1 port 1812
 User-Name = user1
 User-Password = psw1
 NAS-IP-Address = 192.168.50.1
 NAS-Port = 100
 Message-Authenticator = 0x
 rad_recv: Access-Accept packet from host 172.16.1.1 port 1812, id=48,
 length=26
 Session-Timeout = 900

 Looks good, right?

 This is my radiusd.conf:

 /usr/local/etc/raddb/radiusd.conf
 prefix = /usr/local
 exec_prefix = ${prefix}
 sysconfdir = ${prefix}/etc
 localstatedir = /var
 sbindir = ${exec_prefix}/sbin
 logdir = ${localstatedir}/log
 raddbdir = ${sysconfdir}/raddb
 radacctdir = ${logdir}/radacct
 confdir = ${raddbdir}
 run_dir = ${localstatedir}/run
 libdir = ${exec_prefix}/lib/freeradius-2.1.12
 pidfile = ${run_dir}/radiusd.pid
 db_dir = ${raddbdir}
 name = radiusd
 #chroot = /path/to/chroot/directory
 #user = freeradius
 #group = freeradius


 ###
 ### Is not present in freeradius 2.x radiusd.conf anymore but it was in
 1.x ###
 ### delete_blocked_requests =
 no###
 ### usercollide =
 no###
 ### lower_user =
 no ###
 ### lower_pass =
 no ###
 ### nospace_user =
 no   ###
 ### nospace_pass =
 no   ###

 ###

 max_request_time = 30
 cleanup_delay = 5
 max_requests = 1024
 hostname_lookups = no
 allow_core_dumps = no
 regular_expressions = yes
 extended_expressions = yes
 listen {
 type = auth
 ipaddr = 172.16.1.1
 port = 1812
 }
 listen {
 type = acct
 ipaddr = 172.16.1.1
 port = 1813
 }

 log {
 destination = syslog
 file = ${logdir}/radius.log
 syslog_facility = daemon
 stripped_names = no
 auth = yes
 auth_badpass = yes
 auth_goodpass = yes
 msg_goodpass = 
 msg_badpass = 
 }

 checkrad = ${sbindir}/checkrad
 security {
 max_attributes = 200
 reject_delay = 1
 status_server = no
 }

 ### disbale proxy module. In most environments we do not need to proxy
 requests to another RADIUS PROXY server
 #proxy_requests = yes
 #$INCLUDE  proxy.conf
 $INCLUDE  clients.conf
 thread pool {
 start_servers = 5
 max_servers = 32
 min_spare_servers = 3
 max_spare_servers = 10
 max_queue_size = 65536
 max_requests_per_server = 0
 }

 modules {
 $INCLUDE ${confdir}/modules/
 $INCLUDE eap.conf
 ### Dis-/Enable sql.conf INCLUDE
 #$INCLUDE sql.conf

 ### Dis-/Enable sql/mysql/counter.conf INCLUDE
 #$INCLUDE sql/mysql/counter.conf

 #$INCLUDE sqlippool.conf
 }

 instantiate {

 exec
 expr
 daily
 weekly
 monthly
 forever
 expiration
 logintime
 ### Dis-/Enable sql instatiate
 #sql
 }
 $INCLUDE policy.conf
 $INCLUDE sites-enabled/

 Clients.conf

 /usr/local/etc/raddb/clients.conf

 client cp {
 ipaddr = 172.16.1.1
 proto = udp
 secret = secret-key
 require_message_authenticator = no
 max_connections = 16
 shortname = cp
 nastype = other
 ### login = !root ###
 ### password = someadminpass ###

 U had seen the users config file.

 For the GUI I will add the images of the screens, any tip please let me
 know, appreciated your time, thanks!!!
 --
 LIving the dream

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

[pfSense] SquidGuard Allow facebook/company url only?

[pfSense] Voucher system inside FreeRadius?

[pfSense] Per-user bandwidth restriction by voucher roll?

Re: [pfSense] Per-user bandwidth restriction by voucher roll?

Re: [pfSense] Per-user bandwidth restriction by voucher roll?

[pfSense] traffic shaping doubts about floating rules?

Re: [pfSense] captive portal https any success?

[pfSense] captive portal https any success?

Re: [pfSense] captive portal https any success?

Re: [pfSense] Captiev Portal+Freeradius2, Amount Of Time not working.

Re: [pfSense] Captiev Portal+Freeradius2, Amount Of Time not working.

12 matches

Site Navigation

Mail list logo

Footer information