Search Results

Search found 122 results on 5 pages for 'pfsense'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/5 | 1 2 3 4 5  | Next Page >

  • How do I learn IPSec VPN implementation on FreeBSD from pfSense

    - by Lang Hai
    I've been trying to figure out a complete working solution for IPSec VPN implementation on FreeBSD but with no luck till now. pfSense seems did a fantastic job on supporting IPSec and even for mobile clients, so I downloaded and installed pfSense hoping to figure out how it works, or at least see some configuration examples, but I couldn't find anything interesting maybe because I'm not familiar with pfSense, so I'd like to ask for help. How pfSense implements IPSec, what tools are used? Where does pfSense store all its configuration files? And since pfSense has its own kernel mods and acts as a different OS, there's no way for us to install it on top of an existing FreeBSD box, and plus that it is such a great project combining those fantastic features, so my question can kinda be extended as: How do we learn from pfSense, and implement its features on top of a regular FreeBSD server?

    Read the article

  • Unable to access internal network through PfSense WAN port

    - by Sean
    Our branch office is unable to connect to our internal network for some reason. However we can connect to the branch office domain controller from behind PfSense. The following is our setup: |Branch DC - 192.168.0.101 | |Branch Firewall - 192.168.0.2 | |(Internet) | |Local Firewall - 192.168.3.1 | |PFSense WAN port - 192.168.3.100 |PFSense LAN port - 192.168.1.1 | | DC1 - 192.168.1.2|DC2 - 192.168.1.4 Branch DC can ping and connect to PFSense WebGUI on the WAN port successfully (we set this up using the PfSense documentation). DC1 and DC2 can connect outbound to the Branch DC. There seems to be a rule that prevents internal access on the WAN port. However our rules are set to allow all traffic on the LAN and WAN ports. It would be ideal to just disable the firewall altogether since we already have a firewall but when we do this, PfSense doesn't allow any internal traffic at all. I look forward to any assistance and thank you ahead of time.

    Read the article

  • once VPNed into pfSense, unable to hit the public URLs of my websites - they are routed to the pfSense box

    - by Sean
    I have a pfSense box setup as the firewall/router/VPN appliance at my colo. Once I VPN into the colo (either pptp or openvpn, pptp preferred due to multiple clients and ease of configuration), I am able to hit all my servers by their private 10.10.10.x ip and am able to browse the public internet without issue. When I try and hit the URL of a domain hosted by one of my servers, I am prompted for credentials. If I login using the pfSense credentials, I'm connected to pfSense as if I'd used it's internal IP. If I hack my hosts file to point url - server private IP it works fine, but this is obviously not a good solution. To recap: not connected to VPN - www.myurl.com works connected to VPN - www.myurl.com never makes it to the correct server, but is sent only to the pfSense box I'm sure it's something small that I've missed in the pfSense config.

    Read the article

  • Forefront TMG vs pfSense

    - by Macropus
    We currently run pfSense with no problems, however we are looking at TMG as it is included in our partner subscription to MS and allows Windows 7 DirectConnect features to our domain for off-site users. I have had a google, but there don't seem to be any comparisons of TMG to pfSense. Anyone have experience/knowledge of this? Our infrastructure is Windows Server 2008 R2 behind pfSense at the moment.

    Read the article

  • Software Router: pfSense or Vyatta ?

    - by Kedare
    Hello, I'm rebuilding my home network and I am look to an alternative to the very expensives Cisco. So I take a lookt at the software routers, I've found Vyatta and pfSense. I have tested both and I find both great, but I don't know which one to choose. I need a router software that : Supports IPv6 (both do with pfSense 2 RC1) Allows me to join an OpenVPN Network Is free Configurable by CLI (WebGUI is a plus) After some testing, it looks like both a very featured, but Vyatta looks more CLI-centric where pfSense looks more WebGUI-centric. Which do you recommend me ? Why ? Is there any limitations on the free version of Vyatta ? I would like to run it on a small box like Soekris ones, it that possible ? (pfSense will run it, but I'm not sure with Vyatta) Thank you

    Read the article

  • pfsense log file retention

    - by Colin Pickard
    We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this? pfSense uses clog rather than the usual BSD newsyslog. I only want the log for debugging firewall rules, not compliance or anything, and the firewall has 100GB of spare disk space, so I'd rather have the logs on the firewall itself than set up a syslog server.

    Read the article

  • Trouble with site-to-site OpenVPN & pfSense not passing traffic

    - by JohnCC
    I'm trying to get an OpenVPN tunnel going on pfSense 1.2.3-RELEASE running on embedded routers. I have a local LAN 10.34.43.0/254. The remote LAN is 10.200.1.0/24. The local pfSense is configured as the client, and the remote is configured as the server. My OpenVPN tunnel is using the IP range 10.99.89.0/24 internally. There are also some additional LANs on the remote side routed through the tunnel, but the issue is not with those since my connectivity fails before that point in the chain. The tunnel comes up fine and the logs look healthy. What I find is this:- I can ping and telnet to the remote LAN and the additional remote LANs from the local pfSense box's shell. I cannot ping or telnet to any remote LANs from the local network. I cannot ping or telnet to the local network from the remote LAN or the remote pfSense box's shell. If I tcpdump the tun interfaces on both sides and ping from the local LAN, I see the packets hit the tunnel locally, but they do not appear on the remote side (nor do they appear on the remote LAN interface if I tcpdump that). If I tcpdump the tun interfaces on both sides and ping from the local pfSense shell, I see the packets hit the tunnel locally, and exit the remote side. I can also tcpdump the remote LAN interface and see them pass there too. If I tcpdump the tun interfaces on both sides and ping from the remote pfSense shell, I see the packets hit the remote tun but they do not emerge from the local one. Here is the config file the remote side is using:- #user nobody #group nobody daemon keepalive 10 60 ping-timer-rem persist-tun persist-key dev tun proto udp cipher BF-CBC up /etc/rc.filter_configure down /etc/rc.filter_configure server 10.99.89.0 255.255.255.0 client-config-dir /var/etc/openvpn_csc push "route 10.200.1.0 255.255.255.0" lport <port> route 10.34.43.0 255.255.255.0 ca /var/etc/openvpn_server0.ca cert /var/etc/openvpn_server0.cert key /var/etc/openvpn_server0.key dh /var/etc/openvpn_server0.dh comp-lzo push "route 205.217.5.128 255.255.255.224" push "route 205.217.5.64 255.255.255.224" push "route 165.193.147.128 255.255.255.224" push "route 165.193.147.32 255.255.255.240" push "route 192.168.1.16 255.255.255.240" push "route 192.168.2.16 255.255.255.240" Here is the local config:- writepid /var/run/openvpn_client0.pid #user nobody #group nobody daemon keepalive 10 60 ping-timer-rem persist-tun persist-key dev tun proto udp cipher BF-CBC up /etc/rc.filter_configure down /etc/rc.filter_configure remote <host> <port> client lport 1194 ifconfig 10.99.89.2 10.99.89.1 ca /var/etc/openvpn_client0.ca cert /var/etc/openvpn_client0.cert key /var/etc/openvpn_client0.key comp-lzo You can see the relevant parts of the routing tables extracted from pfSense here http://pastie.org/5365800 The local firewall permits all ICMP from the LAN, and my PC is allowed everything to anywhere. The remote firewall treats its LAN as trusted and permits all traffic on that interface. Can anyone suggest why this is not working, and what I could try next?

    Read the article

  • pfSense router on a LAN with two gateways

    - by JohnCC
    I have a LAN with an ADSL modem/router on it. We have just gained an alternative high-speed internet connection at our location, and I want to connect the LAN to it, eventually dropping the ADSL. I've chosen to use a small PFSense box to connect the LAN to the new WAN connection. Two servers on the LAN run services accessible to the outside via NAT using the single ADSL WAN IP. We have DNS records which point to this IP. I want to do the same via the new connection, using the WAN IP there. That connection permits multiple IPs, so I have configured pfSense using virtual IP's, 1:1 NAT and appropriate firewall rules. When I change the servers' default gateway settings to the pfSense box, I can access the services via the new WAN IPs without a problem. However, I can no longer access them via the old WAN IP. If I set the servers' default gateway back to the ADSL router, then the opposite is true - I can access the services via the ADSL IP, but not via the new one. In the first case, I believe this is because an incoming SYN packet arrives at the ADSL WAN IP, and is NAT'd and sent to the internal IP of the server. The server responds with a SYN/ACK which it sends via its default gateway, the pfSense box. The pfSense box sees a SYN/ACK that it saw no SYN for and drops the packet. Is there any sensible way around this? I would like the services to be accessible via both IPs for a short period at least, since once I change the DNS it will take a while before everyone picks up the new address.

    Read the article

  • Forefront TMG vs pfSense

    - by JD01
    Hi all, We currently run pfSense with no problems, however we are looking at TMG as it is included in our partner subscription to MS and allows Windows 7 DirectConnect features to our domain for off-site users. I have had a google, but there don't seem to be any comparisons of TMG to pfSense. Anyone have experience/knowledge of this? Our infrastructure is Windows Server 2008 R2 behind pfSense at the moment.

    Read the article

  • pfsense log file retention

    - by Colin Pickard
    We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this? pfSense uses clog rather than the usual BSD newsyslog. I only want the log for debugging firewall rules, not compliance or anything, and the firewall has 100GB of spare disk space, so I'd rather have the logs on the firewall itself than set up a syslog server.

    Read the article

  • How to Zone Forward to a List of Alternative Name Servers in pfSense 2.0.1

    - by Bob B.
    I'm not sure if dnsmasq is involved in this process on pfSense or not. Before pfsense, we'd do this in BIND thusly: zone "firstpartner.com" { type forward; forwarders { 1.2.3.4; 5.6.7.8; w.x.y.z; }; I'm intentionally over-explaining this in the interests of specificity: We currently use dnsmasq to direct local queries for our primarydomain.com. Anything that doesn't match a host override entry in pfSense gets passed off to our external name servers, as defined elsewhere in pfSense. There are certain other zones which are not publicly accessible, let's call them firstpartner.com and secondpartner.com that each have various subdomains that their own name servers handle. I need a way to define a list of name server IPs for each domain zone (see BIND example above). Thanks in advance for any help you can provide.

    Read the article

  • cisco vpn client randomly disconnects with pfSense

    - by Andre
    My network has two gateways, one is a pfSense box that everyone uses. The other one is a TP-Link firewall essentially for tests. Some machines inside my network need to access a VPN through the Cisco VPN client. If one of those machines is using the pfSense box as the gateway, I experience random connection drops on the VPN. If I am using the TP-Link gateway that doesn't happen. I've tried changing the MTU in the pfSense box and that improved things a little bit but didn't really solve the problem. I also followed the guidelines for traffic shaping in pfSense and the connections still drop quite often. Ideas?

    Read the article

  • Configuring dnsmasq to handle mx records on pfsense 2.0.1

    - by Bob B.
    I know from dnsmasq's man page that it is capable of handling mx records, but I can't seem to find anything in pfsense's web GUI or anywhere online that talks about how to include mx records. I'm running pfsense 2.0.1 on a turnkey hardware appliance. I have root shell access. I would prefer not to move away from using DNS Forwarder/dnsmasq if I can help it. I've searched for a dnsmasq.conf file, but none exists. pfsense handles everything through a centralized xml config file. That file merely designates the dnsmasq section using the tag, then drops immediate into listings for each host override you define. My understanding of pfsense's implementation: In the GUI, you can only define an override using the host, domain, IP and description. In the XML that translates to: <hosts> <host>foo</host> <domain>foo.com</domain> <ip>127.0.0.1</ip> <descr/> </hosts> The above example results in foo.foo.com resolving to 127.0.0.1, for instance. But that's it. No ability to select a record type with which to define things like MX. Anyone had any luck with this? Thank you for any insights you might have.

    Read the article

  • pfSense with two WANs, routing skype traffic over a specific WAN

    - by Eric
    I have a pfSense setup with two WANs (WAN1 and WAN2) and one LAN network. The two WANs are setup for failover. However, QoS has recently been an issue for skype calls in our office place (about 30 people) so we want to dedicate WAN2 for skype traffic (we use skype for all voip calls, etc.) As Skype is notoriously difficult to deal with, does anyone have any suggestions on how I should deal with this? A simple rile based on ports will not work, and using layer7 inspection witha skype porfile on all incoming LAN packets doesn't seem like the way to go eiter. here is a related pfsense forum post: http://forum.pfsense.org/index.php/topic,50406.msg268520.html#msg268520

    Read the article

  • pfSense command to delete stale SAD

    - by Justin Shin
    I'm experiencing an issue with pfSense where duplicate SAD's are getting created after rekeying, forcing me to manually go ahead and delete the old SAD's. It's not a huge issue but it does get to be a problem once I let it go for a few days. I just installed the cron package for pfSense so I could run a script to identify stale SAD's and delete them but I am not that familiar with BSD or pfSense. Is there a command that enumerates SAD's and their properties, and another that can delete by ID? I can form the conditional parts of the script but I do not know the commands to run. I would imagine it would be something like: Enumerate SAD's Identify Duplicate ones by matching Source and destination IP's Find the one with the larger bytes transferred Delete

    Read the article

  • dd-wrt switch for PfSense

    - by Kmao
    I currently have eth2 on my pfsense set up, and configured as 192.168.1.1, it has dhcp setup with allocation being 192.168.1.10 - 192.168.1.245. On my dd-wrt box, i disabled the WAN, and set it to act as a port for the switch. I disabled dhcp, dnsmasq, spi firewall, Wlan0 and set a static IP for the router being 192.168.1.10 Pfsense is plugged into lan0 and pc plugged into lan1 (wan port is empty) I have followed a few different guides, but i can't seem to get my router to act as a switch. Anyone have success using DD-WRT as a switch while using pfsense as your dhcp/dns/gateway. Any advice would help :)

    Read the article

  • Pfsense mbuf full, what to do?

    - by sathia
    I noticed today that the MBUF usage has hit its limit. Apparently the site I'm running under pfsense is having some troubles too, I'd like to know if it would be safe to just sysctl kern.ipc.nmbclusters=65536 I wouldn't like to reboot the server, is it safe (or useful) to do it via pfsense shell? thanks you very much 2.0-RELEASE (amd64) built on Tue Sep 13 17:05:32 EDT 2011 State table size 35573/550000 MBUF Usage 25600/25600 CPU usage 2% Memory usage 17% (2GB) Swap 0% CPU: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz

    Read the article

  • Assignment to LAN queues (qWAN1 & qWAN2) from dual-WAN in pfSense

    - by Kurian
    I need help creating floating rules in pfSense for the following: I have two upper limited download queues qWAN1 and qWAN2 on my LAN interface. Each has its own qACK1, qDefault1 etc. How do I assign all unclassified traffic from WAN1 to LAN->qWAN1->qDefault1 and from WAN2 to LAN->qWAN2->qDefault2. qLink is the one and only default queue on LAN so that I get wire speed to the pfSense host from the LAN.

    Read the article

  • Using pfSense, OpenVPN Connects but Still Can't See the Network

    - by nicorellius
    I am having an OpenVPN issue. I have a pfSense box at home configured to allow traffic through a VPN tunnel. The client computer is Windows XP Home, behind a standard Comcast connection and a Netgear wireless router. I use OpenVPN to access my work network (from where I am trying to get out of in this post) from home (with an XP Pro machine behind pfSense), and this works fine. The client config is similar but has the changes specific to my setup... Here is my XP Home config: client dev tun proto tcp remote pfsense.*.org 1194 (starred out by me) resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 When I launch the OpenVPN GUI, the Tunnel TAP network connection turns red, and I can right-click that to connect to the server. Everything seems to work fine until I browse for the actual network. The Tunnel TAP connection turns green and it says connected to 10.1.1.6 (I have tried different IP pools here too with no luck). I can see the internal network fine, but my home network behind pfSense is not there. I have tried browsing there by using Tools Map Network Drive, using the browser, with no success. When I open the command line on the client and use the ipconfig -all command, I get the following: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : *** (starred out by me) Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.1.1.6 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.1.1.5 Lease Obtained. . . . . . . . . . : Monday, March 15, 2010 1:18:37 PM Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 1:18:37 PM I noticed that the default gateway is not present. Could this be my problem? I am still relatively new to firewalls, VPN, and network configuration so I'm sure I am messing up something simple. Oh yah, I should note that I have firewall rules configured for pfSense to allow traffic through the WAN and the LAN. At first there was just the WAN firewall rule, because that is what I got from the literature I was reading. I then created a LAN rule as well, but I'm not sure if this was correct. Neither way works, though. Screen shots below: Any help is much appreciated.

    Read the article

  • Route specific HTTP requests through pfSense OpenVPN

    - by DennisQ
    Hi, to start, I have very little knowledge on routes, iptables, etc. That said, here's what I'm trying to accomplish and where I think I'm stumped: Problem: We have an external website which we recently firewalled so it only accepts traffic from our office IP addresses. This works well at the office, but doesn't work for remote access through VPN as we don't route all traffic through OpenVPN. I would rather avoid forcing everyone to route all traffic through just to accommodate this one site. Environment: Main router box is running pfSense. Em0 is internal IP, Em1 is external. Internal net is 10.23.x and VPN is 10.0.8.0/24 I believe what I need to do is add a route to the VPN server config to send all traffic to that IP over the VPN tunnel. I think that part's working, but I don't get a response back, so I'm assuming that I need some NAT config on the VPN server to route the response back over the tunnel? What I've found so far is to try the following, but since this is a pfSense box on FreeBSD, I can't run iptables, etc. Make sure ip forwarding is enabled: echo 1 /proc/sys/net/ipv4/ip_forward Setup NAT back out: iptables -t nat -A POSTROUTING -s 10.0.8.0/24 -o em0 -j MASQUERADE Am I on the right path, and if so how do I accomplish this through pfSense UI or FreeBSD CLI? Thanks!

    Read the article

  • Issues with sustained traffic with PFSense

    - by Farseeker
    Last week we had to replace our PFSense firewall because it had a catastrophic hardware failure. All but one of the NICs were taken out of the old server and put into the new one. The one NIC that was not moved was the LAN NIC as this is on-board. The other NICs are all WAN connections and the must all be present (i.e. I can't disable one just for the sake of testing) After re-installing PFSense and restoring our backup of the configuration, everything came back online just fine, however on the new hardware any download that takes longer than about 10 seconds just times out in the middle. Example 1: Downloading from Microsoft.com goes at about 900k/sec and times out after about 10 seconds (thus, just under 10Mb of content) Example 2: Downloading from cnet.com goes at about 300k/sec and times out after about 10 seconds (thus, about 3Mb of content). By times out, I mean that the download just stops, and you have to pause/resume to get the next part done, repeat and rinse until the download is complete. However it's not consistant, sometimes it's 10 seconds, sometimes it's 4 seconds, and it sometimes you can't even load a heavy HTML page because the page never finishes. I assume this is most likely because PFSense does not like the onboard NIC, as this is the primary difference between the two servers. It's recognised as NFE0, and there's no room in the server for any more NICs and I don't have any dual-port NICs handy to experiment with a different LAN connection. I've never had to troubleshoot this sort of issue before. Can anyone give me some pointers about where to start? Linux is not my forte so please be kind!

    Read the article

  • reverse proxy on PFsense, squid or otherwise

    - by Mustafa Ismail Mustafa
    I've been trying to get this to work for days now and its not working. After bashing my head against the desk enough times, I've decided to man up and ask. I'm desperately trying to set up a reverse proxy on the pfsense box itself. One because its a pretty powerful box and its not being utilized to the maximum at all and two because I don't have any spare machines to setup squid (or any other reverse proxy [capable]) server on. So, on pfsense, everytime I set up rules (on ServicesProxy ServerGeneral) as so: acl surveillance dstdomain surveillance.myweb.local; acl camera dstdomain camera.myweb.local; http_access allow surveillance AND camera (ad nauseum) when I check the services, squid stops and refuses to restart until I remove them pesky acls that are supposed to make my life easier! What am I doing wrong? How can I get it to work? Is there another way/package I can use? Thanks

    Read the article

  • Pfsense: Inbound Load Balancing https with sticky connection

    - by Zeux
    first of all I'm very sorry for my English... This is my scenario: Internet Firewall+LB: pfsense_1(Active) + pfsense_2(Passive) in CARP Pool servers: 3 x nginx(PHP5+HTTP+HTTPS) Pfsense 1 and 2 CARP configured with Virtual IP (pubblic). Nginx servers's ips are all private. I want to load balance inbound HTTP and HTTPS connections between the 3 nginx web servers. An importat thing is that the HTTPS connections must be "sticky connections": in HTTPS connections, after login by username and password, I setup a php session and therefore when a client starts a HTTPS connection it will be always redirected to the same nginx server, until it disconnects itself, it closes the page/browser or after a timeout (30minutes?) without activity. Is this possible whit the last release(2.0.1) of pfsense? thank you very much...

    Read the article

  • pfSense + DDoS Protection

    - by Jeremy
    I run a gaming community on a colo with a 100Mbps port. I want to buy a very cheap 35 dollar server with the same 100Mbps port, and run pfSense to use as a hardware firewall. I'm dealing with a bunch of 14 year old kids that have access to botnets, so it can become a bit necessary to get something like this. My overall question, is using pfSense on a cheap identical datacenter/port speed server worth it to actually block DDoS attacks? A bit more into detail since I assume you will ask this, the attacks we receive are normally around 1Gbps. We currently run CentOS using CSF Firewall, and even when using a software firewall, we block 500Mbps UDP floods, or just generic attacks pretty easily. Thanks, - Necro

    Read the article

  • PFSENSE and IPV6 , direct connect rules

    - by Bgnt44
    My question is about pfsense configuration for ipv6 In theory Ipv6 are fully routable even in a LAN For stating point i ve Using this tutorial : http://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker So my Lan network has ipv4 connection and ipv6 I would like to be able to access my LAN machines by their IPV6 i'm confused with firewall rules which i need to set to be able to do that Even if i set all interfaces to pass all packets, i'm not able to directly access any machine by their IPV6 Did i miss something ? Edit : Ok i found that it work now, think it has always work but my isp seems to support ipv6 sometimes and sometimes not ... weird

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5  | Next Page >