Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - cmcologne

Pages: [1] 2
1
Deutsch / Re: Dual VDSL Telekom keine feste IP auf zweiter Leitung möglich
« on: February 13, 2018, 06:33:05 am »
Habe von der Telekom ein anderes Gareway bekommen.

2
Deutsch / Re: Dual VDSL Telekom keine feste IP auf zweiter Leitung möglich
« on: February 12, 2018, 06:34:52 pm »
Habe jetzt mal ein Ticket bei der Telekom aufgemacht. Falls im Schrank mehrere Dslams sein sollten, wollen sie eine Leitung umlegen. Gibt aber aktuell ein Problem mit nem Radius Server, dass erst gelöst werden muss.

3
Deutsch / Dual VDSL Telekom keine feste IP auf zweiter Leitung möglich
« on: February 09, 2018, 04:45:42 pm »
Hallo,

ich habe zwei VDSL-Leitungen mit externem Zyxel Modem. Dies übernimmt das VLAN 7 tagging. Beide Verbindungen wählen sich auch ein und sind nutzbar. Wenn ich nun im Kundencenter für den ersten Anschluss die feste IP aktiviere, ist noch alles gut. Wenn ich das aber für den zweiten Anschluss auch mache, wählt sich der zweite gar nicht mehr ein. Deaktiviere ich die feste IP auf dem zweiten Anschluss wieder, wählt er sich wieder mit der dynamischen ip ein.

Meine Vermutung der Ursache ist, dass beide PPPoE-Verbindungen für die Punkt zu Punkt Verbindung das selbe Gateway verwenden und daher die PfSense ein Routingproblem hat. Ich kann dem PPP log aber nur entnehmen, dass die Pfsense die Config vom isp nicht mag, mehr nicht.

anbei Bilder und Logfile.


Besten Dank!

4
IPsec / Re: Double Remote Network
« on: December 23, 2017, 05:30:36 pm »
Thank you. I have access to these routers an will try to configure n:m NAT on the remote lancom devices.

5
IPsec / Double Remote Network
« on: December 18, 2017, 01:12:55 am »
Hi,

i have two remote networks, that are identical subnets. The subnets cannot be changed. I want to connect a IPsec vpn to each remote network.


How to nat that? It should be possible, that I use it this way:

establishing connection to 10.1.1.0/24 packet goes to vpn 1 subnet 192.168.1.0/24
establishing connection to 10.2.1.0/24 pakcet goes to vpn 2 subnet 192.168.1.0/24

I tried the binat, but that changes only my subnet, not the remote subnet.


Thank you guys

6
OpenVPN / Public-IPs over OpenVPN
« on: March 17, 2017, 07:48:22 pm »
Hi Guys,

I have a pfsense firewall in a Datacenter. I got a /29 Network provided by the Datacenter and want to use this IPs at an other site.


In the Datacenter there is a Route for the /29 net, which points to the WAN-IP von pfsense.
I created an OpenVPN-Server using the /29 as Tunnel Network, Topology Subnet and Server mode Remote Access.
At the Pfsense on outside the datacenter I configured the OpenVPN-Client and it successfully got an IP address from the /29 address space.
I did create an Outband Nat rule on the OpenVPN-Client Pfsense: Nat all traffic for the Open-VPN Interface with the Openvpn-interface-address.
If I now create a advanced firewall rule and set the openvpn-tunnel as gateway, I can surf the web with the IP from the /29 net.

But how can I get inbound connections in order to use servers outside the datacenter, but with datacenters ip?

I tried to create a 1:1 NAT-Rule as I do when I would like to map a WAN IP to a rfc1918 ip from the lan. But in this case, I cannot reach any service on the IP from the /29 net, which is routet trough the vpn-tunnel.

I added several allow all firewall rules, but doesen't work. It seems that this issue is related to NAT, rather than firewall rules.

Anybody knows, what the problem is or an other why to use a Public-IP on an other site?

Thanks for reading!


Best regards
Chris

7
Packages / Re: Packages wishlist?
« on: June 18, 2016, 01:25:07 am »
I would like to have arpwatch back. Is there anyone who could convert it to bootstrap?

8
IPsec / Windows internal VPN-Client to pfSENSE 2.2
« on: January 25, 2015, 12:44:03 pm »
Hi everyone,

does anybody successfully configured pfSENSE 2.2 to work with the internel Windows VPN-Client?

9
In 2.1 i have configured a VPN-Provider as a OpenVPN Client Connectionl:
importing certificates, add openvpn clientconnection, store user/pass in separate file, assign an dhcp interface to the openvpnclientconnection, created outbond nat rule, created firewall rule with advanced gateway flag.

Doing this in 2.2 the same way except, that user/pass doesn't needs to be stored in separte file. After adding the firwall rule for the specific IP adresse, wich needs to be online via vpn, ther was no internetconnection on this client.

Testing traceroute from the client only gives me timeouts.
Removing the firewall rule, the client is back online, but without vpn.

10
On the 2.1 i have a site-to-site vpn to an other 2.1 machine. The other one is the Server.
Authentication is shared key.

On 2.2 I configured the tunnel like in the 2.1 except the new field "digest auth". This was set to "nothing".
Having access to both pfsense maschines from the same computer over wan, it was eaysy to copy and past the shared key. So it should be right.

On the Serversite PFsense getting much HMAC Authentication erros. VPN will not connect.

11
Hardware / Re: Supermicro X9SBAA-F
« on: September 14, 2014, 05:07:07 pm »
Hi eSPezi,

thanks for this advice. Can you confirm OpenVPN Client and Server is working?

12
Hardware / Re: Supermicro X9SBAA-F
« on: September 14, 2014, 10:23:11 am »
I've much Problems copying this file. I just have de xhci.ko (amd64). Does anybody have already a customized image?

13
Hardware / Re: Supermicro X9SBAA-F
« on: October 03, 2013, 12:27:15 pm »
@bigbird007: Why don't you use my successful way to fix it?

14
Hardware / Re: Supermicro X9SBAA-F
« on: August 13, 2013, 03:33:30 pm »
Today is good news day!

I used my other Supermicro Board (nas4free maschine) to boot with sata ODD and installed PFsense to a flashdrive and a Delock SATA DOM.

I buyed a Delock SATA PCI USB card (has one internal port). And a Risercard. Now the following test results:
Booting from onboard USB: Booting possible, but same mount error as we know.
Booting from PCI USB card: No Boot support by BIOS - flashdrive ignored.
Booting from SATA DOM and PCI USB card for keyboard worked!

How can I capture an image of this Sata DOM for you all? Now I'm running ipfire from USB. It has got SSH access and IPMI. How can I capture an image of the sata dom using the ipfire started from usb flashdrive?

15
Hardware / Re: Supermicro X9SBAA-F
« on: April 01, 2013, 09:29:23 am »
That Board is flex-ATX.

Pages: [1] 2