Have the IPSEC changes been committed and built yet? I'm looking at the update files, and they all still say March 27 2007. I'm using this repository http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/
Should I be looking somewhare else for the update with the IPSEC fix? Thanks, Vaughn On Thu, 29 Mar 2007 15:26:58 -0400, "Vaughn L. Reid III" <[EMAIL PROTECTED]> said: > Thanks for your hard work. I appreciate it and I'm sure my customers do > too. > > Vaughn > > Vaughn L. Reid III wrote: > > The ones ones that say Computer Support are from the test tunnel that > > I created to use OPT2. > > > > The interfaces on this machine are labeled like this: > > > > LAN => em0 > > WAN => em1 > > ATTDSL => em4 -- This is the OPT interface that I was using for the > > Computer Support VPN test > > wireless => em2 > > > > Vaughn > > > > Scott Ullrich wrote: > >> Okay, so that I am on the same page as you. Those $wan rules should > >> have read $optX ?? > >> > >> Scott > >> > >> > >> On 3/29/07, Vaughn L. Reid III <[EMAIL PROTECTED]> wrote: > >>> Oops! Sorry for the double post. > >>> > >>> Vaughn L. Reid III wrote: > >>> > Here is the relevant text of my rules.debug file. It looks like the > >>> > interface on the connection "computer support" has the same interface > >>> > as the rest of the tunnels. This is the test connection that should > >>> > be using OPT3. > >>> > > >>> > # let out anything from the firewall host itself and decrypted IPsec > >>> > traffic > >>> > pass out quick on $lan proto icmp keep state label "let out anything > >>> > from firewall host itself" > >>> > pass out quick on $wan proto icmp keep state label "let out anything > >>> > from firewall host itself" > >>> > pass out quick on em1 all keep state label "let out anything from > >>> > firewall host itself" > >>> > # pass traffic from firewall -> out > >>> > anchor "firewallout" > >>> > pass out quick on em1 all keep state label "let out anything from > >>> > firewall host itself" > >>> > pass out quick on em0 all keep state label "let out anything from > >>> > firewall host itself" > >>> > pass out quick on em4 all keep state label "let out anything from > >>> > firewall host itself" > >>> > pass out quick on em2 all keep state label "let out anything from > >>> > firewall host itself" > >>> > pass out quick on $pptp all keep state label "let out anything from > >>> > firewall host itself pptp" > >>> > pass out quick on $enc0 keep state label "IPSEC internal host to > >>> host" > >>> > > >>> > # let out anything from the firewall host itself and decrypted IPsec > >>> > traffic > >>> > pass out quick on em4 proto icmp keep state label "let out anything > >>> > from firewall host itself" > >>> > pass out quick on em4 all keep state label "let out anything from > >>> > firewall host itself" > >>> > > >>> > > >>> > # VPN Rules > >>> > pass out quick on $wan proto udp from 209.218.218.138 to > >>> > 65.119.178.137 port = 500 keep state label "IPSEC: Fire Station 3 - > >>> > outbound isakmp" > >>> > pass in quick on $wan proto udp from 65.119.178.137 to > >>> 209.218.218.138 > >>> > port = 500 keep state label "IPSEC: Fire Station 3 - inbound isakmp" > >>> > pass out quick on $wan proto esp from 209.218.218.138 to > >>> > 65.119.178.137 keep state label "IPSEC: Fire Station 3 - outbound esp > >>> > proto" > >>> > pass in quick on $wan proto esp from 65.119.178.137 to > >>> 209.218.218.138 > >>> > keep state label "IPSEC: Fire Station 3 - inbound esp proto" > >>> > pass out quick on $wan proto udp from 209.218.218.138 to > >>> > 65.119.178.129 port = 500 keep state label "IPSEC: Street > >>> Department - > >>> > outbound isakmp" > >>> > pass in quick on $wan proto udp from 65.119.178.129 to > >>> 209.218.218.138 > >>> > port = 500 keep state label "IPSEC: Street Department - inbound > >>> isakmp" > >>> > pass out quick on $wan proto esp from 209.218.218.138 to > >>> > 65.119.178.129 keep state label "IPSEC: Street Department - outbound > >>> > esp proto" > >>> > pass in quick on $wan proto esp from 65.119.178.129 to > >>> 209.218.218.138 > >>> > keep state label "IPSEC: Street Department - inbound esp proto" > >>> > pass out quick on $wan proto udp from 209.218.218.138 to > >>> > 65.119.178.154 port = 500 keep state label "IPSEC: Fire Station 2 - > >>> > outbound isakmp" > >>> > pass in quick on $wan proto udp from 65.119.178.154 to > >>> 209.218.218.138 > >>> > port = 500 keep state label "IPSEC: Fire Station 2 - inbound isakmp" > >>> > pass out quick on $wan proto esp from 209.218.218.138 to > >>> > 65.119.178.154 keep state label "IPSEC: Fire Station 2 - outbound esp > >>> > proto" > >>> > pass in quick on $wan proto esp from 65.119.178.154 to > >>> 209.218.218.138 > >>> > keep state label "IPSEC: Fire Station 2 - inbound esp proto" > >>> > pass out quick on $wan proto udp from 209.218.218.138 to 70.227.28.14 > >>> > port = 500 keep state label "IPSEC: EMS Building - outbound isakmp" > >>> > pass in quick on $wan proto udp from 70.227.28.14 to 209.218.218.138 > >>> > port = 500 keep state label "IPSEC: EMS Building - inbound isakmp" > >>> > pass out quick on $wan proto esp from 209.218.218.138 to 70.227.28.14 > >>> > keep state label "IPSEC: EMS Building - outbound esp proto" > >>> > pass in quick on $wan proto esp from 70.227.28.14 to 209.218.218.138 > >>> > keep state label "IPSEC: EMS Building - inbound esp proto" > >>> > pass out quick on $wan proto udp from 209.218.218.138 to > >>> 70.237.44.110 > >>> > port = 500 keep state label "IPSEC: Computer Support - outbound > >>> isakmp" > >>> > pass in quick on $wan proto udp from 70.237.44.110 to 209.218.218.138 > >>> > port = 500 keep state label "IPSEC: Computer Support - inbound > >>> isakmp" > >>> > pass out quick on $wan proto esp from 209.218.218.138 to > >>> 70.237.44.110 > >>> > keep state label "IPSEC: Computer Support - outbound esp proto" > >>> > pass in quick on $wan proto esp from 70.237.44.110 to 209.218.218.138 > >>> > keep state label "IPSEC: Computer Support - inbound esp proto" > >>> > > >>> > pass in quick on em0 inet proto tcp from any to $loopback port 8021 > >>> > keep state label "FTP PROXY: Allow traffic to localhost" > >>> > pass in quick on em0 inet proto tcp from any to $loopback port 21 > >>> keep > >>> > state label "FTP PROXY: Allow traffic to localhost" > >>> > pass in quick on em1 inet proto tcp from port 20 to (em1) port > > >>> 49000 > >>> > user proxy flags S/SA keep state label "FTP PROXY: PASV mode data > >>> > connection" > >>> > # enable ftp-proxy > >>> > pass in quick on em4 inet proto tcp from any to $loopback port 8022 > >>> > keep state label "FTP PROXY: Allow traffic to localhost" > >>> > pass in quick on em4 inet proto tcp from any to $loopback port 21 > >>> keep > >>> > state label "FTP PROXY: Allow traffic to localhost" > >>> > > >>> > Vaughn > >>> > > >>> > > >>> > Scott Ullrich wrote: > >>> >> On 3/29/07, Vaughn L. Reid III <[EMAIL PROTECTED]> > >>> wrote: > >>> >>> I didn't get the request, but I'll be happy check to see if > >>> rules are > >>> >>> being added. Should I remove the manual rules that I created first > >>> >>> before checking? > >>> >> > >>> >> Yes, please. Then open up /tmp/rules.debug and look for "VPN > >>> >> Rules".. Below that marker is the system generated IPSEC rules. Do > >>> >> you see entries for the OPT interface? > >>> >> > >>> >> Scott > >>> >> > >>> >> > >>> --------------------------------------------------------------------- > >>> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> >> For additional commands, e-mail: [EMAIL PROTECTED] > >>> >> > >>> > > >>> > --------------------------------------------------------------------- > >>> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> > For additional commands, e-mail: [EMAIL PROTECTED] > >>> > > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Vaughn L. Reid III [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
