I have my client setup, server setup. I did however setup the client
side to have an IP address of one from the server side, which has blocks
of public ip's. I am trying to get the client side of the VPN to be
able to use public IP's from the server side. I added a line in the
xml file under system to refelct that
so as of now, the vpn is up, i can ping back and forth, but if i ping
the public IP from the server side, or the internet to the public ip,
behind the client vpn, it gets there and doesnt respond.
here is my config, i lost bout 10% of hair on my head ;) so i need a
breather. if anyone see's a simple stupid thing i didnt do or could do,
please dont hestitate.
peace
-topher
<?xml version="1.0"?>
<pfsense>
<version>3.0</version>
<lastchange/>
<theme>nervecenter</theme>
<system>
<optimization>normal</optimization>
<hostname>pfsense</hostname>
<domain>local</domain>
<username>admin</username>
<password></password>
<timezone>Etc/UTC</timezone>
<time-update-interval/>
<timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<certificate/>
<private-key/>
<port/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<ssh>
<authorizedkeys/>
<port/>
</ssh>
<enablesshd>yes</enablesshd>
<maximumstates/>
<shapertype/>
<dnsserver>68.87.69.146</dnsserver>
<dnsserver>68.87.85.98</dnsserver>
<dnsallowoverride/>
<shellcmd>ifconfig fxp0 inet 216.127.61.136 netmask 255.255.255.255 alias</shellcmd>
</system>
<interfaces>
<lan>
<if>fxp0</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
</lan>
<wan>
<if>xl0</if>
<mtu/>
<blockpriv/>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<spoofmac/>
<disableftpproxy/>
<ipaddr>75.149.163.189</ipaddr>
<subnet>30</subnet>
<gateway>75.149.163.190</gateway>
</wan>
</interfaces>
<staticroutes/>
<pppoe>
<username/>
<password/>
<provider/>
</pppoe>
<pptp>
<username/>
<password/>
<local/>
<subnet/>
<remote/>
</pptp>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dhcpd>
<lan>
<enable/>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat/>
</diag>
<bridge/>
<syslog/>
<nat>
<ipsecpassthru/>
<advancedoutbound>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<sourceport/>
<descr>Auto created rule for LAN</descr>
<target/>
<interface>wan</interface>
<destination>
<any/>
</destination>
<natport/>
</rule>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
</filter>
<shaper>
<schedulertype>hfsc</schedulertype>
</shaper>
<ipsec>
<preferredoldsa/>
</ipsec>
<aliases/>
<proxyarp/>
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/140</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
<wol/>
<installedpackages>
<openvpnclient>
<config>
<disable/>
<protocol>UDP</protocol>
<serveraddr>216.127.61.138</serveraddr>
<serverport>1194</serverport>
<interface_ip/>
<remote_network/>
<proxy_hostname/>
<proxy_port>3128</proxy_port>
<crypto>AES-256-CBC</crypto>
<auth_method>pki</auth_method>
<shared_key/>
<ca_cert>nope</ca_cert>
<client_cert>nope0=</client_cert>
<client_key>nope againt</client_key>
<use_lzo>on</use_lzo>
<use_shaper/>
<use_dynamicport/>
<custom_options># egad</custom_options>
<description>tunnel to public ip</description>
</config>
</openvpnclient>
</installedpackages>
<revision>
<description>/firewall_nat_out.php made unknown change</description>
<time>1209081491</time>
</revision>
<rrd>
<enable/>
</rrd>
<ezshaper>
<step2>
<inside_int>lan</inside_int>
<download>25000</download>
<outside_int>wan</outside_int>
<upload>10000</upload>
</step2>
<step3>
<provider>Generic</provider>
<address/>
<bandwidth>32</bandwidth>
</step3>
<step4>
<address/>
<bandwidthup/>
<bandwidthdown/>
</step4>
<step5>
<enable>on</enable>
<p2pcatchall>on</p2pcatchall>
<bandwidthup>500</bandwidthup>
<bandwidthdown>30</bandwidthdown>
</step5>
<step7>
<enable>on</enable>
<msrdp>D</msrdp>
<vnc>D</vnc>
<appleremotedesktop>D</appleremotedesktop>
<pcanywhere>D</pcanywhere>
<irc>D</irc>
<jabber>D</jabber>
<icq>D</icq>
<aolinstantmessenger>D</aolinstantmessenger>
<msnmessenger>D</msnmessenger>
<teamspeak>D</teamspeak>
<pptp>D</pptp>
<ipsec>D</ipsec>
<streamingmp3>D</streamingmp3>
<rtsp>D</rtsp>
<http>H</http>
<smtp>H</smtp>
<pop3>H</pop3>
<imap>H</imap>
<lotusnotes>D</lotusnotes>
<dns>D</dns>
<icmp>D</icmp>
<smb>D</smb>
<snmp>D</snmp>
<mysqlserver>D</mysqlserver>
<nntp>D</nntp>
<cvsup>D</cvsup>
</step7>
</ezshaper>
</pfsense>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
