Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Andrew Mitchell
Ryan,
I know this is not your question but, my company setup Dynster.net for DDNS 
needs. It's not built in to pfSense because we are trying to get info from devs 
but, we do support a simple manual pfSense integration work around. It does 
work.
Maybe it will help.
Andrew 


 On Monday, September 7, 2015 9:25 PM, Ryan Coleman  
wrote:
   

 This begs the question from me, then…

How do you get this to function with Dyn.com (formerly DynDNS.com 
)? I have the paid domain and I’ve gotten CenturyLink DSL 
modems to negotiate the IP without issue before but I cannot seem to figure out 
the configuration for pfSense.

Thanks!

—
Ryan


> On Sep 7, 2015, at 3:03 PM, David Christensen  
> wrote:
> 
> On 09/07/2015 12:19 PM, David Christensen wrote:
>> But, myself and he.net technical support are unclear as to what needs to
>> be done on the he.net end.
> 
> he.net created the DDNS record, username, and password hash for me.  I 
> entered the information into pfSense and now it works!  :-)
> 
> 
> David
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

  
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Voipo

2014-12-21 Thread Andrew Mitchell
I'm curious... Do you have packet captures. I'd want to see your RTP media. I'm 
wondering if that is causing your issue.

Andrew K. Mitchell, MSISPM
Managing Member  Senior Network Engineer
VoIPster Communications, LLC.
Toll-Free: (877) 378-1045 x2221
International: +1.502-694-3106 x2221

- Original Message -
From: Brian Caouette bri...@dlois.com
To: pfSense Support and Discussion Mailing List list@lists.pfsense.org
Sent: Sunday, December 21, 2014 6:17:04 PM
Subject: [pfSense] Voipo









From: DJ-BrianC  djbrianc...@gmail.com  
Date: December 21, 2014 at 5:43:19 PM EST 
To: pfSense Support and Discussion Mailing List  list@lists.pfsense.org  
Subject: Voipo 




Has anyone had success with Voipo and pfSense? I'm not sure if this is a pf 
issue or their issue but out going calls work fine. Incoming are very spotty 
and fail most of the time. I've port forwarded the ports as marked here: 
http://www.voip-info.org/wiki/view/NAT+and+VOIP 

Suggestions? 

Sent from my iPad 
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] bogon networks

2014-09-29 Thread Andrew Mitchell
Thanks for the info. 

I've been working working on this all night on and off. 

My questions to you guys is, does files.pfsense.org and/or updates.pfsense.org 
block bogon networks and if so, can I ask the update schedule? I ask because 
the bogon list on a pfSense box connected to our 192.40.140.0/23 block 
currently does contain our block and we can't connect from source 192.40.140.2 
to download updates. 

Drew 

- Original Message -

From: Moshe Katz mo...@ymkatz.net 
To: pfSense support and discussion list@lists.pfsense.org 
Sent: Sunday, September 28, 2014 12:04:25 PM 
Subject: Re: [pfSense] bogon networks 


The pfSense bogon list is at 
https://files.pfsense.org/lists/fullbogons-ipv4.txt and the current version 
there also doesn't have your block. Make sure that your pfSense has the newest 
list. (This should usually be done automatically, but you should be able to do 
it from the console/SSH by running /etc/rc.update_bogons). 
Moshe 
Sent from mobile device; sorry for top-posting. 
On Sep 28, 2014 10:26 AM, Chris Bagnall  pfse...@lists.minotaur.cc  wrote: 


On 28 Sep 2014, at 12:19, Andrew Mitchell  andrew.k.mitch...@att.net  wrote: 
 My apologies. 192.40.140.0/23 

I'm not sure what pfSense uses as its Bogons source, but my reference has 
usually been: 
http://www.team-cymru.org/Services/Bogons/http.html 

Your IP block isn't in there, from what I can see... 

Kind regards, 

Chris 
-- 
This email is made from 100% recycled electrons 

___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 



___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] bogon networks

2014-09-29 Thread Andrew Mitchell
Yeah. Connects to both files.pfsense.org and updates.pfsense.org servers fine. 

Drew 

- Original Message -

From: Ryan Coleman ryan.cole...@cwis.biz 
To: pfSense Support and Discussion Mailing List list@lists.pfsense.org 
Sent: Monday, September 29, 2014 9:46:13 AM 
Subject: Re: [pfSense] bogon networks 

Have you tried pinging the IP from another machine not being routed through 
your subnet? 

On 9/29/2014 6:37 AM, Andrew Mitchell wrote: 



Thanks for the info. 

I've been working working on this all night on and off. 

My questions to you guys is, does files.pfsense.org and/or updates.pfsense.org 
block bogon networks and if so, can I ask the update schedule? I ask because 
the bogon list on a pfSense box connected to our 192.40.140.0/23 block 
currently does contain our block and we can't connect from source 192.40.140.2 
to download updates. 

Drew 

- Original Message -

From: Moshe Katz mo...@ymkatz.net 
To: pfSense support and discussion list@lists.pfsense.org 
Sent: Sunday, September 28, 2014 12:04:25 PM 
Subject: Re: [pfSense] bogon networks 


The pfSense bogon list is at 
https://files.pfsense.org/lists/fullbogons-ipv4.txt and the current version 
there also doesn't have your block. Make sure that your pfSense has the newest 
list. (This should usually be done automatically, but you should be able to do 
it from the console/SSH by running /etc/rc.update_bogons). 
Moshe 
Sent from mobile device; sorry for top-posting. 
On Sep 28, 2014 10:26 AM, Chris Bagnall  pfse...@lists.minotaur.cc  wrote: 

blockquote
On 28 Sep 2014, at 12:19, Andrew Mitchell  andrew.k.mitch...@att.net  wrote: 
 My apologies. 192.40.140.0/23 

I'm not sure what pfSense uses as its Bogons source, but my reference has 
usually been: 
http://www.team-cymru.org/Services/Bogons/http.html 

Your IP block isn't in there, from what I can see... 

Kind regards, 

Chris 
-- 
This email is made from 100% recycled electrons 

___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 



___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 


___
List mailing list List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 
/blockquote


___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] bogon networks

2014-09-29 Thread Andrew Mitchell
Indeed it did. 

Thanks, 

Drew 

- Original Message -

From: Jeremy Porter jpor...@electricsheepfencing.com 
To: list@lists.pfsense.org 
Sent: Monday, September 29, 2014 1:55:42 PM 
Subject: Re: [pfSense] bogon networks 


I've forced an update on the firewalls for the bogon, list, that protect 
files/updates.pfsense.org. This should resolve your issue. 

On 9/29/2014 6:37 AM, Andrew Mitchell wrote: 



Thanks for the info. 

I've been working working on this all night on and off. 

My questions to you guys is, does files.pfsense.org and/or updates.pfsense.org 
block bogon networks and if so, can I ask the update schedule? I ask because 
the bogon list on a pfSense box connected to our 192.40.140.0/23 block 
currently does contain our block and we can't connect from source 192.40.140.2 
to download updates. 

Drew 

- Original Message -

From: Moshe Katz mo...@ymkatz.net 
To: pfSense support and discussion list@lists.pfsense.org 
Sent: Sunday, September 28, 2014 12:04:25 PM 
Subject: Re: [pfSense] bogon networks 


The pfSense bogon list is at 
https://files.pfsense.org/lists/fullbogons-ipv4.txt and the current version 
there also doesn't have your block. Make sure that your pfSense has the newest 
list. (This should usually be done automatically, but you should be able to do 
it from the console/SSH by running /etc/rc.update_bogons). 
Moshe 
Sent from mobile device; sorry for top-posting. 
On Sep 28, 2014 10:26 AM, Chris Bagnall  pfse...@lists.minotaur.cc  wrote: 

blockquote
On 28 Sep 2014, at 12:19, Andrew Mitchell  andrew.k.mitch...@att.net  wrote: 
 My apologies. 192.40.140.0/23 

I'm not sure what pfSense uses as its Bogons source, but my reference has 
usually been: 
http://www.team-cymru.org/Services/Bogons/http.html 

Your IP block isn't in there, from what I can see... 

Kind regards, 

Chris 
-- 
This email is made from 100% recycled electrons 

___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 



___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 


___
List mailing list List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 
/blockquote


___ 
List mailing list 
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list 
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] bogon networks

2014-09-28 Thread Andrew Mitchell
My company has just recently been assigned it's own block from ARIN. We have a 
handful of pfSense boxes we need to connect to from that block. I have noticed 
we can't when Block bogon networks is enabled on the WAN interfaces.

Interestingly enough I also noticed that our block can't connect to 
updates.pfsense.org as well.

Any thoughts, ideas, advise or thoughts would be greatly appreciated.

Thanks,

Drew
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] bogon networks

2014-09-28 Thread Andrew Mitchell
My apologies. 192.40.140.0/23

Drew

- Original Message -
From: Jim Thompson j...@netgate.com
To: pfSense Support and Discussion Mailing List list@lists.pfsense.org
Sent: Sunday, September 28, 2014 7:01:05 AM
Subject: Re: [pfSense] bogon networks

Perhaps if you specified your block?



 On Sep 28, 2014, at 5:59 AM, Andrew Mitchell andrew.k.mitch...@att.net 
 wrote:
 
 My company has just recently been assigned it's own block from ARIN. We have 
 a handful of pfSense boxes we need to connect to from that block. I have 
 noticed we can't when Block bogon networks is enabled on the WAN interfaces.
 
 Interestingly enough I also noticed that our block can't connect to 
 updates.pfsense.org as well.
 
 Any thoughts, ideas, advise or thoughts would be greatly appreciated.
 
 Thanks,
 
 Drew
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


[pfSense] Update check fails based on location

2014-09-25 Thread Andrew Mitchell
We have two independent facilities. One in Kansas City, MO and the other in 
jacksonville, FL.

For the last two weeks or so, I have noticed something that seems odd.If I 
traceroute from KC to updates.pfsense.org, here are my results:

 1  dcna01.kc.voipster.org (192.40.140.1)  1.273 ms  0.468 ms  0.484 ms
 2  204.27.61.17 (204.27.61.17)  0.361 ms  0.298 ms  0.493 ms
 3  96.43.134.173 (96.43.134.173)  0.365 ms  0.306 ms  0.241 ms
 4  gi0-0-0-4.nr11.b006290-1.mci01.atlas.cogentco.com (38.104.87.129)  0.867 ms 
 1.000 ms  0.857 ms
 5  154.24.21.89 (154.24.21.89)  0.739 ms
154.24.21.85 (154.24.21.85)  0.546 ms
154.24.21.89 (154.24.21.89)  0.800 ms
 6  te0-0-0-29.ccr21.mci01.atlas.cogentco.com (154.54.28.85)  0.889 ms
te0-0-0-4.ccr22.mci01.atlas.cogentco.com (154.54.30.165)  1.081 ms  1.164 ms
 7  be2157.ccr42.ord01.atlas.cogentco.com (154.54.6.118)  14.729 ms
be2156.ccr41.ord01.atlas.cogentco.com (154.54.6.86)  13.149 ms
be2157.ccr42.ord01.atlas.cogentco.com (154.54.6.118)  13.405 ms
 8  be2114.ccr21.jfk02.atlas.cogentco.com (66.28.4.201)  32.235 ms
be2116.mpd21.jfk02.atlas.cogentco.com (154.54.7.25)  32.529 ms
be2115.ccr22.jfk02.atlas.cogentco.com (154.54.6.189)  32.406 ms
 9  be2062.ccr21.jfk05.atlas.cogentco.com (154.54.7.14)  32.782 ms  32.660 ms
be2060.ccr21.jfk05.atlas.cogentco.com (154.54.31.10)  32.723 ms
10  te0-0-2-3.rcr11.b007023-2.jfk05.atlas.cogentco.com (154.54.45.2)  32.535 ms 
 32.637 ms  34.713 ms
11  * * *
12  cs50.cs30.jfk.nyinternet.net (64.147.125.153)  33.767 ms  33.731 ms  33.722 
ms
13  cs30.cs59.v.jfk.nyinternet.net (64.147.125.130)  35.719 ms  34.026 ms  
32.473 ms
14  66.111.2.169.static.nyinternet.net (66.111.2.169)  31.723 ms  30.402 ms  
30.651 ms
15  66.111.2.169.static.nyinternet.net (66.111.2.169)  30.659 ms  30.443 ms  
30.476 ms

Yet from FL, I see:

 1  dcna01.wi.voipster.org (192.40.141.1)  0.606 ms  0.518 ms  0.488 ms
 2  edge-dc-gw01.wi.voipster.org (198.205.119.157)  5.857 ms  2.893 ms  2.868 ms
 3  162.216.158.1 (162.216.158.1)  0.867 ms  0.772 ms  0.618 ms
 4  core-b.jax.as19531.net (23.239.72.253)  0.244 ms  0.297 ms  0.243 ms
 5  te4-4-21.br01.atl02.pccwbtn.net (63.218.69.61)  6.366 ms  6.368 ms  6.342 ms
 6  xe-2-2-0.er2.dfw2.us.above.net (64.125.12.133)  51.443 ms  51.366 ms  
51.339 ms
 7  ae7.cr2.dfw2.us.above.net (64.125.20.233)  51.581 ms  51.662 ms  51.576 ms
 8  ae2.cr2.iah1.us.us.above.net (64.125.21.62)  56.332 ms  44.889 ms  44.967 ms
 9  ae14.cr2.dca2.us.above.net (64.125.21.53)  45.088 ms  45.160 ms  44.966 ms
10  ae4.cr2.lga5.us.above.net (64.125.26.106)  52.339 ms  53.642 ms  73.567 ms
11  * lag3.mpr4.lga7.us.above.net.32.125.64.in-addr.arpa (64.125.32.229)  
53.947 ms  50.876 ms
12  ae1.mpr2.lga7.us.above.net.32.125.64.in-addr.arpa (64.125.32.222)  49.219 
ms  53.395 ms  49.214 ms
13  64.124.193.85.IPYX-076763-001-ZYO.above.net (64.124.193.85)  54.837 ms  
53.051 ms  51.686 ms
14  cs30.cs59.v.jfk.nyinternet.net (64.147.125.130)  65.578 ms  53.767 ms  
50.838 ms
15  * * *
16  * * *
17  * * *
18  * * *

I'm curious, is anyone else seeing similar results?

Thanks,

Andrew
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] OpenVPN - site to site questions

2012-02-26 Thread Andrew Mitchell
You can most certainly route VoIP traffic. I have an installation now 4500+ 
telephones between two locations. Open VPN works wonderful for this type of 
traffic in my opinion because it's a connection overhead is extremely low even 
with depression it's speeds are more than acceptable for what I need. Now, 
that's not to say it gets complex, it does. But it can be done. 

Sent from my iPhone

On Feb 26, 2012, at 4:44 AM, Fuchs, Martin martin.fu...@trendchiller.com 
wrote:

 For each tunnel with different ip ranges it's neccessarry to use a unique 
 OpenVPN server.
 
 Because every tunnel in OpenVPN gets it's own interface you can route between 
 the interfaces and also filter in them using the OpenVPN Tab in the firewall 
 rules.
 For more fine grained web control you can define ovpnX as an Interface using 
 the interfaces tab and then also use squid in this interface.
 
 I'n not award of any points why VoIP should not work...
 
 Good luck,
 
 Martin ;-)
 
 Am 26.02.2012 um 07:12 schrieb runi...@gmail.com runi...@gmail.com:
 
 I am considering deploying pfSense using OpenVPN (site to site) to
 interconnect a dozen offices to a main site. Each remote office will
 have fewer than 10 connected IP devices. This setup may replace a
 IPSec VPN's.  My questions:
 
 1, Assuming the main site is the OpenVPN server will each remote site
 require a unique server process or can one server provide VPN's to all
 the remote OpenVPN clients?
 
 2. I need to restrict all network traffic between all sites to the
 VPN's. No open internet access. Is this possible?
 
 3. Each of the remote sites needs to be able to route to each other
 but through the main site (hub-spoke).  The primary need is because of
 VOIP calls between the offices. Possible?
 
 Any insights or caveats are welcome.  My apology if this is not the
 correct forum for these questions.
 
 Regards, R
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list
 
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] multi-tunnel routing

2012-01-04 Thread Andrew Mitchell
OK, I have added:

route 192.168.16.0 255.255.255.0;
route 192.168.15.0 255.255.255.0;
route 192.168.8.0 255.255.255.0;
route 192.168.7.0 255.255.255.0;
route 192.168.1.0 255.255.255.0;

to the 10.0.7.1 server.

Now, a traceroute shows that traffic sent down the tunnel but it dies 1 hop
later:

Tracing route to 192.168.16.10 over a maximum of 30 hops

  1 1 ms 1 ms 2 ms  watchdog.snarrow.com [10.0.7.1]
  276 ms73 ms77 ms  10.8.1.2
  3 *** Request timed out.
  4 *** Request timed out.
  5 * ^C

Nothing shows up in the firewall on the destination side of the tunnel.

I can't figure out where I have gone wrong. I would appreciate any advise.

Thanks,

Andrew

On Mon, Jan 2, 2012 at 8:04 AM, John Busch jbusch...@gmail.com wrote:

 On Thu, Dec 29, 2011 at 5:50 AM, Andrew Mitchell
 andrew.mitch...@wdidata.net wrote:
  I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The
 LAN
  on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24.
  Server and client have bidirectional traffic just fine.
 
  The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels
  tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24,
  192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels
 have
  bidirectional traffic with the client just fine. Further,
 192.168.16.0/24
  can not see 192.168.0.0/24 (for example) and vice versa. This is the
 exact
  functionality I am looking for between those subnets on the other side of
  the client.
 
  However, I would like to be able to establish at least one way
 communication
  between the server (10.0.7.0/24) and the 192.168.15.0/24,
 192.168.16.0/24,
  192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets using the
 existing
  server/client tunnel. Nothing I have tried seems to work.
 
  I would be grateful for any advise.
 
  Thanks,
 
  Andrew

 Have you tried adding an additional route statement in the advanced
 field on the server's OpenVPN config page?  For example, adding

 route 192.168.15.0 255.255.255.0;

 will route server packets destined to that network across the OpenVPN
 tunnel.  If IP forwarding on the client is enabled, it will look at
 its routing table and forward the packet appropriately.  Adding a
 statement like this for each of your listed subnets to the server's
 OpenVPN config page should achieve your objective.  Adding a similar
 statement of

 route 10.0.7.0 255.255.255.0;

 to the 192.168.15.0/24 OpenVPN configuration will ensure
 bi-directional traffic.  This statement would need to be in the
 OpenVPN config of each of the subnets you listed above.

 http://openvpn.net/index.php/manuals/427-openvpn-22.html

 - John
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Fatal trap 12 page fault

2012-01-02 Thread Andrew Mitchell
I have quite a few pfSense boxes deployed. I have only run into this twice.
Once was a DDR2 clockspeed mismatch. The second was a bad memory module.
So, in both cases it was memory/hardware related.

Hope that helps.

Andrew

On Mon, Nov 14, 2011 at 4:16 AM, Hiren Joshi j...@moonfruit.com wrote:

 I'm still no closer and the carp is still kicking in every now and then, a
 reboot seems to sort it out for a few weeks but then it starts again.

 Is there any chance this could be a hardware issue?

 Thanks,

 Josh.

 -Original Message-
 From: list-boun...@lists.pfsense.org [mailto:
 list-boun...@lists.pfsense.org] On Behalf Of Chris Buechler
 Sent: 25 October 2011 19:05
 To: pfSense support and discussion
 Subject: Re: [pfSense] Fatal trap 12 page fault

 On Sat, Oct 22, 2011 at 1:59 PM, Hiren Joshi j...@moonfruit.com wrote:
  We had a crash and I managed to get the output:
 
 http://hirenjoshi.moonfruit.com/communities/0/004/006/261/100/images/4555952160.jpg
 
  Last time it was HAproxy, this time it was another process. Does this
 help?
 

 Would help someone who can read back traces and fully understand them.
 Best I can tell from that is it's something in PF, the process doesn't
 actually have any relation to the cause of the panic in most cases.
 I've never seen a panic like that nor heard of one.

 You have the countryblock package installed by chance? Not sure if
 it's the same in 1.2.3 as 2.0, but something bad it does to PF can
 repeatedly panic systems.
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


[pfSense] multi-tunnel routing

2011-12-29 Thread Andrew Mitchell
I have 2 pfSense boxes on a peer-to-peer shared-key OpenVPN tunnel. The LAN
on the server is 10.0.7.0/24. The LAN on the client is 192.168.1.0/24.
Server and client have bidirectional traffic just fine.

The client has multiple seperate peer-to-peer shared-key OpenVPN tunnels
tunnels to which it is also connected: 192.168.15.0/24, 192.168.16.0/24,
192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24. All of those tunnels
have bidirectional traffic with the client just fine. Further,
192.168.16.0/24 can not see 192.168.0.0/24 (for example) and vice versa.
This is the exact functionality I am looking for between those subnets on
the other side of the client.

However, I would like to be able to establish at least one way
communication between the server (10.0.7.0/24) and the 192.168.15.0/24,
192.168.16.0/24, 192.168.0.0/24, 192.168.7.0/24 and 192.168.8.0/24 subnets
using the existing server/client tunnel. Nothing I have tried seems to work.

I would be grateful for any advise.

Thanks,

Andrew
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] relayd fails to start after 2.0.1 upgrade

2011-12-27 Thread Andrew Mitchell
In the GUI, I do see the blank entry listed under both the Pools and
Virtual Servers tabs. However, I do not see it in config file. I'm sorry
Iseem to be so dense and missing this one. Any pointers and/or advise?

load_balancer
monitor_type
nameICMP/name
typeicmp/type
options/
descr![CDATA[ICMP]]/descr
/monitor_type
monitor_type
nameTCP/name
typetcp/type
options/
descr![CDATA[Generic TCP]]/descr
/monitor_type
monitor_type
nameHTTP/name
typehttp/type
options
path//path
host/
code200/code
/options
descr![CDATA[Generic HTTP]]/descr
/monitor_type
monitor_type
nameHTTPS/name
typehttps/type
options
path//path
host/
code200/code
/options
descr![CDATA[Generic HTTPS]]/descr
/monitor_type
monitor_type
nameSMTP/name
typesend/type
options
sendEHLO nosuchhost/send
expect250-/expect
/options
descr![CDATA[Generic SMTP]]/descr
/monitor_type
lbpool/
lbaction/
lbprotocol/
virtual_server/
/load_balancer

Thanks,

Andrew

On Mon, Dec 26, 2011 at 10:11 AM, Jim Pingle li...@pingle.org wrote:

 On 12/26/2011 7:32 AM, Andrew Mitchell wrote:
  redirect  {
listen on  port
forward to  port
  }

 You must have a blank entry under the Load Balancer config somewhere,
 under Virtual Server, most likely.

 In your config.xml what does your load balancer section look like?
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] OpenVPN and saved username/password credentials

2011-12-27 Thread Andrew Mitchell
Perhaps I am misunderstanding but could you setup a separate tunnel? Peer
to peer shared key as an example?

Andrew

On Tue, Dec 27, 2011 at 4:16 AM, Dave Warren li...@hireahit.com wrote:

 Does anyone happen to know if pfSense (2.x)'s OpenVPN installation will be
 willing to use saved username/password credentials?

 I'm looking into connecting to a remote service that (unfortunately)
 requires a username/password, apparently their system can't be configured
 around this requirement, and I'd like to move the VPN connection from the
 desktop to the firewall level if feasible.

 --
 Dave Warren, CEO
 Hire A Hit Consulting Services
 http://ca.linkedin.com/in/**davejwarrenhttp://ca.linkedin.com/in/davejwarren

 __**_
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] relayd fails to start after 2.0.1 upgrade

2011-12-27 Thread Andrew Mitchell
Doh! Found the issue... virtual_server/ was closed but never opened for
whatever reason. Works now!

Thanks,

Andrew

On Tue, Dec 27, 2011 at 3:31 AM, Andrew Mitchell 
andrew.mitch...@wdidata.net wrote:

 In the GUI, I do see the blank entry listed under both the Pools and
 Virtual Servers tabs. However, I do not see it in config file. I'm sorry
 Iseem to be so dense and missing this one. Any pointers and/or advise?

 load_balancer
 monitor_type
 nameICMP/name
 typeicmp/type
 options/
 descr![CDATA[ICMP]]/descr
 /monitor_type
 monitor_type
 nameTCP/name
 typetcp/type
 options/
 descr![CDATA[Generic TCP]]/descr
 /monitor_type
 monitor_type
 nameHTTP/name
 typehttp/type
 options
 path//path
 host/
 code200/code
 /options
 descr![CDATA[Generic HTTP]]/descr
 /monitor_type
 monitor_type
 nameHTTPS/name
 typehttps/type
 options
 path//path
 host/
 code200/code
 /options
 descr![CDATA[Generic HTTPS]]/descr
 /monitor_type
 monitor_type
 nameSMTP/name
 typesend/type
 options
 sendEHLO nosuchhost/send
 expect250-/expect
 /options
 descr![CDATA[Generic SMTP]]/descr
 /monitor_type
 lbpool/
 lbaction/
 lbprotocol/
 virtual_server/
 /load_balancer

 Thanks,

 Andrew


 On Mon, Dec 26, 2011 at 10:11 AM, Jim Pingle li...@pingle.org wrote:

 On 12/26/2011 7:32 AM, Andrew Mitchell wrote:
  redirect  {
listen on  port
forward to  port
  }

 You must have a blank entry under the Load Balancer config somewhere,
 under Virtual Server, most likely.

 In your config.xml what does your load balancer section look like?
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] relayd fails to start after 2.0.1 upgrade

2011-12-27 Thread Andrew Mitchell
I know. Sorry I misspoke. Thanks for the help though.

Andrew.

On Tue, Dec 27, 2011 at 10:09 AM, Vick Khera vi...@khera.org wrote:

 On Tue, Dec 27, 2011 at 4:34 AM, Andrew Mitchell
 andrew.mitch...@wdidata.net wrote:
  Doh! Found the issue... virtual_server/ was closed but never opened for
  whatever reason. Works now!

 In XML, that is a combo Open + Close tag.  Close tags look like /
 virtual_server for example.
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


[pfSense] relayd fails to start after 2.0.1 upgrade

2011-12-26 Thread Andrew Mitchell
 My fellow pfSensers,

Since I upgaded to 2.0.1, relayd fails to start reporting the following
error in System Logs:

The command '/usr/local/sbin/relayd -f /var/etc/relayd.conf' returned exit
code '1', the output was '/var/etc/relayd.conf:7: syntax error no
redirections, nothing to do unused protocol: dnsproto'

The config itself is:

[2.0.1-RELEASE][ad...@watchdog.snarrow.com]/root(1): less
/var/etc/relayd.conf
log updates
timeout 1000
dns protocol dnsproto {
tcp { nodelay, sack, socket buffer 1024, backlog 1000 }
}
redirect  {
  listen on  port
  forward to  port
}
/var/etc/relayd.conf (END)

I figure I'm missing silly or I missed some notes on version changes but,
I'm missing something. If anyone could shed light I'd be grateful.

Thanks,

Andrew
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list