I have a pfsense firewall up and running with the following specs:
3.0 ghz Pentium IV processor
1 gigabyte of ECC (unregistered unbuffered) ram
1 40 gigabyte western digital hard drive
Tyan entry level server motherboard with 2 onboard intel gigabyte
network cards
2 dual port pci-x intel server
side
ethernet interface after adding or removing VPN tunnels.
Any additional help would be appreciated.
On Thu, 8 Feb 2007 00:29:09 -0500, Scott Ullrich [EMAIL PROTECTED]
said:
On 2/8/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I have a pfsense firewall up and running with the following
: pseudo-random number generator used for IPsec processing
em1: link state changed to DOWN
em1: link state changed to UP
On Fri, 09 Feb 2007 10:51:55 -0500, Vaughn L. Reid III
[EMAIL PROTECTED] said:
I am experiencing the same problem with the daily snapshots as I am with
the 1.0.1 release version
PROTECTED]
said:
On Mon, 2007-02-12 at 07:32 -0500, Vaughn L. Reid III wrote:
I'm not sure this is the correct forum for this sort of item, but I'll
ask anyway.
Is there any sort of extension available to provide a logoff capability
from the web gui? I need this capability for HIPAA
I have a pfsense firewall in a test network like the one below.
Internet
provider 1 | | provider 2
Pfsense Firewall
from the entire 192.168.0.0/16
network on the LAN interface, the pfsense box explicitly denies and logs
all traffic trying to pass to it or through it from subnet 2.
Vaughn
sai wrote:
On 3/18/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I have a pfsense firewall in a test network like
configs after midnight. :-)
Vaughn
Vaughn L. Reid III wrote:
I'll post the config file a little later today, when I get to my test
box. In the mean time, I want to make it clear that subnet 2 is not
directly connected to the pfsense box.
Currently, the pfsense box has 4 interfaces: a Lan
I have a question about the IPSec keep-alive feature in pfsense. What
is the preferred IP address to ping with this feature, the public IP of
the remote tunnel end-point, or a host that is not the remote router on
the private network side of the remote end-point, or the private IP
address of
to bring up the tunnel or keep it alive as there is
traffic for the remote subnet.
Holger
-Original Message-
From: Vaughn L. Reid III [mailto:[EMAIL PROTECTED]
Sent: Monday, March 26, 2007 1:53 PM
To: support@pfsense.com
Subject: [pfSense Support] IPSec Keep Alive Question
I
I am running the 3-27 snapshot of pfsense.
I've been testing out adding a 2nd OPT interface that goes to remote
sites over a wireless link. A dedicated access point is doing all the
wireless stuff, so that is not a responsibility of the pfsense box.
Here's my problem though.
I can ping
I'm using the 3-27 snapshot on the pfsense box.
I've searched both the forum and the mailing list archives, and I can't
seem to find an updated listing of how to get IPSEC to work over an OPT
interface as well as over WAN at the Same time.
Here's what I want to do:
I have several remote
the source of my
problem, I
will let you know.
Robert
On Thursday 29 March 2007 07:13, Vaughn L. Reid III wrote:
I am running the 3-27 snapshot of pfsense.
I've been testing out adding a 2nd OPT interface that goes to remote
sites over a wireless link. A dedicated access point is doing all
the pfsense's WAN ip and change
the tunnel definition on the pfsense box to use the WAN interface, then
everything immediately works after hitting the save and apply buttons.
Thanks,
Vaughn
Scott Ullrich wrote:
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I'm using the 3-27
noticed that, for
WAN at least, that those rules are automatically created and are not
visible on the rules page.
Vaughn
Scott Ullrich wrote:
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I've set up a test tunnel between my office and my customer site. The
VPN tunnel will work
:17:02 racoon: INFO: respond new phase 1 negotiation:
75.44.169.169[500]=70.237.44.110[500]
Vaughn
Scott Ullrich wrote:
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I changed the My Identifier on the tunnel definition to IP Address and
then specified 75.44.169.169. I clicked save
noticed that, for
WAN at least, that those rules are automatically created and are not
visible on the rules page.
Vaughn
Scott Ullrich wrote:
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I've set up a test tunnel between my office and my customer site. The
VPN tunnel will work
(fd=17)
Thanks,
Vaughn Reid III
Vaughn L. Reid III wrote:
I have only the default allow everything rule on the IPSEC tab. I
manually added rules to the firewall to allow UDP 500 to the OPT2
interface and to allow ESP to the OPT2 interface, and now I'm getting
different IPSEC log results
to localhost
Vaughn
Scott Ullrich wrote:
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I didn't get the request, but I'll be happy check to see if rules are
being added. Should I remove the manual rules that I created first
before checking?
Yes, please. Then open up /tmp/rules.debug
to localhost
Vaughn
Scott Ullrich wrote:
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I didn't get the request, but I'll be happy check to see if rules are
being added. Should I remove the manual rules that I created first
before checking?
Yes, please. Then open up /tmp/rules.debug
Oops! Sorry for the double post.
Vaughn L. Reid III wrote:
Here is the relevant text of my rules.debug file. It looks like the
interface on the connection computer support has the same interface
as the rest of the tunnels. This is the test connection that should
be using OPT3.
# let out
Ullrich wrote:
Okay, so that I am on the same page as you. Those $wan rules should
have read $optX ??
Scott
On 3/29/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
Oops! Sorry for the double post.
Vaughn L. Reid III wrote:
Here is the relevant text of my rules.debug file. It looks like
Thanks for your hard work. I appreciate it and I'm sure my customers do
too.
Vaughn
Vaughn L. Reid III wrote:
The ones ones that say Computer Support are from the test tunnel that
I created to use OPT2.
The interfaces on this machine are labeled like this:
LAN = em0
WAN = em1
ATTDSL = em4
On Thu, 29 Mar 2007 15:26:58 -0400, Vaughn L. Reid III
[EMAIL PROTECTED] said:
Thanks for your hard work. I appreciate it and I'm sure my customers do
too.
Vaughn
Vaughn L. Reid III wrote:
The ones ones that say Computer Support are from the test tunnel that
I created to use OPT2
IPSEC
issue, but I thought I'd comment in case it is relevant.
Thanks,
Vaughn Reid III
Tunge2 wrote:
If this is working it would be a great step a head :)
-Oorspronkelijk bericht-
Van: Vaughn L. Reid III [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 30 maart 2007 1:08
Aan: support
I'll check back later this evening or Monday day sometime.
Thanks,
Vaughn
Scott Ullrich wrote:
This is an old image. The snapshot server has been down for some
time... Try again 2-3 hours from now or on Monday.
Scott
On 3/30/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I just tried
file. To do that, I will need to wait
for the weekend when firewall usage is low.
Vaughn
On Fri, 30 Mar 2007 12:23:44 -0400, Vaughn L. Reid III
[EMAIL PROTECTED] said:
I'll check back later this evening or Monday day sometime.
Thanks,
Vaughn
Scott Ullrich wrote:
This is an old
* * Interface IP Address * * Blank
Vaughn
On Mon, 2 Apr 2007 20:11:10 -0400, Scott Ullrich [EMAIL PROTECTED]
said:
On 4/2/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I've just tested the most recent pfsense update available on
http://snapshots.pfsense.com/FreeBSD6
tunnel definition in /tmp/rules.debug, but it
showed the wrong interface.
Vaughn
On Mon, 2 Apr 2007 20:32:47 -0400, Scott Ullrich [EMAIL PROTECTED]
said:
On 4/2/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
Here are the rules for the interface in question that seem to make the
IPSEC tunnel
IP Address * * Blank
Vaughn
On Mon, 02 Apr 2007 20:43:38 -0400, Vaughn L. Reid III
[EMAIL PROTECTED] said:
Interesting,
This version of the firmware doesn't even list the VPN tunnel that is
configured for the OPT interface in the vpn section of /tmp/rules.debug.
The tunnel
I have a customer with a setup that sounds very similar to what you are
describing. They have 2 WAN type connections. The first is an SDSL
line that is used for IPSEC and other general WAN stuff. The second is
an ADSL line that they use to feed their proxy server/content filter.
They don't
and seem very stable.
Vaughn
Vaughn L. Reid III wrote:
Just to be thorough, I added two more rules to the firewall's OPT
interface to make sure all the IPSEC stuff gets through. I'm fuzzy on
if the last two are needed, but just to be safe, I added them.
Here are all the rule that I've added
listed in my previous post, my IPSEC VPN's over the OPTx interface are
working well and seem very stable.
Vaughn
Vaughn L. Reid III wrote:
Just to be thorough, I added two more rules to the firewall's OPT
interface to make sure all the IPSEC stuff gets through. I'm fuzzy on
if the last two
of
NAT or port forwarding, it just kills IPSEC VPN stability. This seems
especially true for the Linksys and Netgear devices that I've run across.
Vaughn
Vaughn L. Reid III wrote:
No. The only things that I added/changed were the firewall rules.
Actually, I don't have manually entered static
I have PPTP successfully working on my pfsense box. Here's how I got
stuff working.
1. My lan IP is 192.168.10.1/24, and my Lan net is 192.168.10.0/24
2. On the VPN PPTP page, I selected the radio button that corresponds
to Enable PPTP Server
3. My PPTP server address is: 192.168.150.25
Sorry for the confusion, I should have been slightly more explicit in my
previous reply.
I was trying to explain that, on my pfsense box, I have allow everything
from everywhere to everywhere on my PPTP interface in the firewall
rules. On my machine, I know that I have this type of setup because
to acc a machine on my network it isnt there and the ip is rejected
- Original Message - From: Vaughn L. Reid III
[EMAIL PROTECTED]
To: support@pfsense.com
Sent: Tuesday, April 17, 2007 12:28 PM
Subject: Re: [pfSense Support] help pptp plz
I have PPTP successfully working on my pfsense box
I have a few questions about Pfsense full versus Pfsense embedded.
1. What, specifically, are the differences between the full and
embedded versions? Are there features available in one that is not
available in the other? Do they both support the same hardware?
2. Do both the embedded and
If I understand you correctly then the embedded version does not support
the addition of packages and does not write to disk during runtime
operations. The full version, on the other hand, supports the addition
of packages and definitely writes to disk during runtime operation. Are
these the
My local Fire Dept has asked me about the feasibility of building them a
dual Wan Pfsense box using two Internet Access provided by two accounts
to Verizon's wireless cellular broadband service.
Does Pfsense provide support for any cellular modems? Do any of the
pfsense resellers, support
]
said:
Vaughn L. Reid III wrote:
My local Fire Dept has asked me about the feasibility of building them a
dual Wan Pfsense box using two Internet Access provided by two accounts
to Verizon's wireless cellular broadband service.
Does Pfsense provide support for any cellular modems? Do any
Cool, thanks for the links. I'll check out the Soekris list too.
Vaughn :-)
RB wrote:
A couple of potential options - we just chased a similar rabbit over
on the Soekris list, and I got a lot of good links out of it:
http://www.digi.com/products/cellulargateways/digiconnectwanfamily.jsp
I have a pfsense box with the June 30th snapshot, and have it connected
to two Linksys RV016's, two Linksys RV082's, and two Hotbrick 800/2.
The pfsense box has two adsl connections with static IP's for WAN
connectivity, and the remote sites also have adsl connections. Both
brands of units
That is true. I believe, however, that their 6000 and 4000 series are,
perhaps, pfsense based.
Vaughn III
Pedro Paulo Oliveira Jr wrote:
Hotbrick VPN800/2 is not based on pfsense.
-Original Message-
From: Vaughn L. Reid III [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 2 de julho
Also, with all of the money that you can save on technician costs and
hardware by implementing something like pfsense, you might be able to
afford an additional layer of transparent firewalling or some other
security hardware/software or redundancy that you might otherwise be
unable to afford.
Oops!!! I didn't realize I had jumped topics. :(
Vaughn Reid III
Vaughn L. Reid III wrote:
Also, with all of the money that you can save on technician costs and
hardware by implementing something like pfsense, you might be able to
afford an additional layer of transparent firewalling
I have two pfSense boxes running a recent version of 1.2 RC3. Fail-over
seems to work correctly when the master unit dies, and the master unit
takes back over when it comes back online, so I figure most of my
settings must be mostly correct (I followed the visual tutorial listed
on the
Try creating a firewall rule on the Wan interface to allow ICMP packets.
Vaughn
Anil Garg wrote:
My ISP has created a CLAN for me with the following public address:
xxx.xxx.xxx.64/27
Gateway for my pfsense is xxx.xxx.xxx.65
I have configured the pfsense to static IP of xxx.xxx.xxx.66/27 and
I have been successfully using the spamd package for about 2 weeks at
one of my client sites, and it is working wonderfully. It has reduced
the amount of spam that the site's email server was receiving from about
15000 per day to about 50 to 75 per day.
I configured the package as follows:
the spamhaus terms of service for their Zen
service. It is not free for commercial use as you are apparently doing.
Otherwise, thank you for the feedback on the package.
-Gary
Vaughn L. Reid III wrote:
I have been successfully using the spamd package for about 2 weeks at
one of my client sites
Hello, I have a policy routing and re-direct question.
Is it possible in PFSense to do something like the following:
A request comes to PFSense on the internal LAN interface on port 80 or
port 443. Instead of passing this out WAN to the Internet, can the
traffic, instead, be re-directed to a
I have a pfsense router configured with the following WAN setup. It's
running 1.2.2.
Wan Physical Interface Contains:
WAN is mapped to the default untagged interface (I know this isn't a
completely normal setup with VLAN's also on the interface too, but it's
a legacy setup I've inherited and
Thanks for the confirmation that I'm experiencing expected behavior. I
thought that was the case, but I wanted to be sure.
Vaughn III
Chris Buechler wrote:
On Wed, Mar 25, 2009 at 9:16 AM, Vaughn L. Reid III
vaughn_reid_...@elitemail.org wrote:
I have a pfsense router configured
I have a Intel Atom based board that I'm trying to get pfsense to
install on. I can boot fine into safe mode but I get a panic message
when I try the default boot config. I can reproduce this from both the
pfsense ISO and after an actual install onto the hard drive. I'm trying
to install
message.
Chris Buechler wrote:
On Mon, Mar 30, 2009 at 4:58 PM, Vaughn L. Reid III
vaughn_reid_...@elitemail.org wrote:
I have a Intel Atom based board that I'm trying to get pfsense to install
on. I can boot fine into safe mode but I get a panic message when I try the
default boot config
I reset the jetway dual-core atom board's bios to optimized defaults.
The board rebooted and worked like a charm.
Thanks for everyone's help and advice.
VRIII
On 3/30/2009 6:44 PM, Dave Warren wrote:
In message49d1326b.3050...@elitemail.org Vaughn L. Reid III
vaughn_reid_
I have now had an unexpected dhcp server behavior occur twice on a
pfsense cluster when a power supply has malfunctioned and caused one
pfsense device to go offline. Here are the details.
Hardware Setup:
2 Server grade servers running pfsense 1.2.3RC1 with Intel Nics, dual
core processors
I've got a PfSense version 1.2.3 cluster at a Public Library customer
connected to 6 WAN links.
The first 5 are connected as VLANS through a TP-Link SL3428 switch then
to an ISP provided Router (4 ATT ADSL links each with a Netopia ADSL
router and a Fiber Link with a Cisco 2800 series
According to page 15 of the reference manual address learning is:
Enable or disable MAC address learning for the selected ports. When
Enabled, destination and
source MAC addresses are automatically listed in the forwarding table.
When address learning
is Disabled, MAC addresses must be
traffic on the
interface.
With a dedicated interface for the Carp related stuff to use, do the
other interfaces still send and receive multi-cast pfsync traffic?
On 2/9/2011 5:10 PM, David Newman wrote:
On 2/9/11 1:12 PM, Vaughn L. Reid III wrote:
According to page 15 of the reference manual
?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On 11-02-09 04:12 PM, Vaughn L. Reid III wrote:
According to page 15 of the reference manual address
On 2/9/2011 10:09 PM, Chris Buechler wrote:
On Wed, Feb 9, 2011 at 8:51 PM, Vaughn L. Reid III
vaughn_reid_...@elitemail.org wrote:
My understanding of forwarding also was that address learning is a normal
part of switch operation. But, I find it odd that turning that off lets the
fail-over
On 2/10/2011 2:43 AM, Seth Mos wrote:
Op 10-2-2011 4:18, Vaughn L. Reid III schreef:
1. All the Master and backup status notifications in the web interface
on both PFSense boxes show the correct status
2. I'll do a packet capture tomorrow and see if the carp-heartbeat
shows up
I
On 2/10/2011 9:32 AM, Vaughn L. Reid III wrote:
On 2/10/2011 2:43 AM, Seth Mos wrote:
Op 10-2-2011 4:18, Vaughn L. Reid III schreef:
1. All the Master and backup status notifications in the web interface
on both PFSense boxes show the correct status
2. I'll do a packet capture tomorrow
On 2/10/2011 10:42 AM, Vaughn L. Reid III wrote:
On 2/10/2011 9:32 AM, Vaughn L. Reid III wrote:
On 2/10/2011 2:43 AM, Seth Mos wrote:
Op 10-2-2011 4:18, Vaughn L. Reid III schreef:
1. All the Master and backup status notifications in the web interface
on both PFSense boxes show
On 2/10/2011 12:57 PM, Evgeny Yurchenko wrote:
On 11-02-10 11:07 AM, Vaughn L. Reid III wrote:
On 2/10/2011 10:42 AM, Vaughn L. Reid III wrote:
On 2/10/2011 9:32 AM, Vaughn L. Reid III wrote:
On 2/10/2011 2:43 AM, Seth Mos wrote:
Op 10-2-2011 4:18, Vaughn L. Reid III schreef:
1
--
Moshe Katz
-- mo...@ymkatz.net mailto:mo...@ymkatz.net
-- +1(301)867-3732
On Thu, Feb 10, 2011 at 7:19 PM, Vaughn L. Reid III
vaughn_reid_...@elitemail.org mailto:vaughn_reid_...@elitemail.org
wrote:
On 2/10/2011 12:57 PM, Evgeny Yurchenko wrote:
On 11-02
On 2/10/2011 7:58 PM, Vaughn L. Reid III wrote:
On 2/10/2011 7:30 PM, Moshe Katz wrote:
Is your ISP Verizon? We have had many ARP issues with Verizon FIOS.
For our pfSense box to get all of our IPs, we have to manually set
each of the IPs as the WAN IP (one by one), then set up
On 4/29/2011 4:49 PM, bsd wrote:
Le 29 avr. 2011 à 19:08, bsd a écrit :
Le 29 avr. 2011 à 09:37, bsd a écrit :
Hi,
I have created a simple L7 container where I have put SIP and SkypeOut traffic.
Then created a Queue called VoIP where this traffic is supposed to end (HFSC
with 10%
On 5/4/2011 11:18 AM, Ermal Luçi wrote:
On Wed, May 4, 2011 at 4:47 PM, Vaughn L. Reid III
vaughn_reid_...@elitemail.org wrote:
On 4/29/2011 4:49 PM, bsd wrote:
Le 29 avr. 2011 à 19:08, bsd a écrit :
Le 29 avr. 2011 à 09:37, bsd a écrit :
Hi,
I have created a simple L7 container where
On 5/4/2011 11:37 AM, Vaughn L. Reid III wrote:
On 5/4/2011 11:18 AM, Ermal Luçi wrote:
On Wed, May 4, 2011 at 4:47 PM, Vaughn L. Reid III
vaughn_reid_...@elitemail.org wrote:
On 4/29/2011 4:49 PM, bsd wrote:
Le 29 avr. 2011 à 19:08, bsd a écrit :
Le 29 avr. 2011 à 09:37, bsd a écrit
On 7/30/2011 9:17 AM, Isamar Maia wrote:
Ok. Great. Thanks for the tip, dude.
Anyone knows an workaround for the item 2 ?
Thanks,
Isamar
2011年7月30日10:10 Chris Clark ch...@belthasar.com
mailto:ch...@belthasar.com:
Isamar,
The captive portal in m0n0wall/pfSense isn’t capable
71 matches
Mail list logo