Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - rudivd

Pages: [1]
1
IPv6 / IPv6 prefix delegation to OVPN interfaces
« on: December 18, 2017, 08:38:56 am »
Hi all,

I got prefix delegation working for my DSL connection (fritz-> provider (xs4all)). With the setting "follow interface"
I get clear v6 adresses and subnets on my *wired* (ie REAL) interfaces. ipv6 works through these interfaces. Now,
when it comes to OVPN (server) interfaces, I only can set a tunnel network for v6 in the setup. (this is with 2.4.2)

On 2.2.5 I got this working by selecting a subnet within my v6 block, (in the openvpn settings as tunnel subnet)
 but not used by the real interfaces, and not changing anything else (in other settings apart from ovpn).
I had v6 through openvpn with a correct v6 ip address on the client (which was within the selected tunnel
network (as it showed on the internet as well) and had routing to the internet). No problems there.

Getting the same setup working on 2.4.2, I get the idea that the dhcp6 client on WAN just asks and gets subnets for
the wired (real) interfaces, and does not request either the full v6 range or the subnets I select for the OVPN server
in pfsense, as I got outgoing packets from the ovpn client, and can ping6 alle real pfsense interfaces including the WAN
but not the router (fritz) and beyond. Yes, I have allowed ipv6* on the OVPN interface to * in firewall rules.....

Any idea here ?! The weird thing is that it looks that the behaviour (either dhcp6c or openvpnd)  has changed
from 2.2.x -> 2.4.2

Thanks !
Rudi


2
IPv6 / xs4all native IPv6 on pfsense
« on: December 18, 2015, 06:00:31 am »
Hi all,

I recently upgraded from 2.1 to 2.2.5 on a soekris 6501.
the setup has a FritzBox (7360 software 6.30) set to Assign DNS server and IPv6 prefix (IA_PD)
How do I get this v6 working with PD on my pfsense ? (earlier I did static IPv6 WAN and added routes to fritz using telnet).
I have on my LAN (and other interfaces ) static v6 ip numbers, and RA on for that subnet on that interface (worked before)
I do not want / need "track interface"

I have read various posts, and came up with the following setup:

interfaces: WAN DHCP6, Advanced send options: ia-pd 0 Identity Assoc Statement: "Prefix delegation" ticked.
I now see some weird behaviour. My WAN gets an (global) v6 number next to the link local ones. I assumed just link local (correct ?)

Now v6 does not work, not even from the pfsense box, let alone from LAN or other interfaces

What is the correct setup here ?? (both for Fritz and pfsense)

It seens that in ratvd.conf (on pfsense) there is also an entry for the WAN interface, which I find strange, as the WAN is just dhcp6 client right ?!

Is there some light on this with you specialists ?
Rudi


3
Firewalling / packets getting blocked
« on: July 11, 2014, 02:50:02 am »
Hi all,

I regulary see packets being blocked from my LAN to outside, where I have set my firewall to allow.
pretty often they heve are either FIN ACK, FIN ACK PUSH or ACK PUSH ticked, and are blocked by
the default deny rule ...

Sorry for my ignorance, but I think they should be allowed, or am I thinking wrong ?

Thanks.
R.

4
Packages / Postfix package breaks 2.1.3 ?
« on: June 25, 2014, 04:32:28 am »
Hi all,

I posted this message just today: https://forum.pfsense.org/index.php?topic=78547.0
could this be the return of issue : https://forum.pfsense.org/index.php?topic=44319.0 ?

My system seemingly suddenly looks to corrupt the system.inc file......

Rudi

5
General Questions / URGENT: pfsense eats his /etc/inc/system.inc
« on: June 25, 2014, 02:49:46 am »
Hi all,

I'm running 2.1.3 on a soekris 6501 (boot from usb) where I had no problems for a month or so.
Right now, I see pfsense corrupting the /etc/inc/system.inc on a regular basis. it seems to be
connected to the restarting packages, where either it tries to stop postfix:


Jun 24 19:12:22 pfsense postfix/postfix-script[79176]: fatal: the Postfix mail system is not running
Jun 24 19:12:22 pfsense php: rc.start_packages: The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
Jun 24 19:12:22 pfsense php: rc.start_packages: sync_package_postfix called with via_rpc=no
Jun 24 19:12:22 pfsense php: rc.start_packages: The command '/sbin/mount -u -w -o sync,noatime /cf' returned exit code '1', the output was 'mount: /dev/ufs/cf : Device busy'
Jun 24 19:12:23 pfsense php: rc.start_packages: sync_package_postfix called with via_rpc=no
 

or someway it tries to restart unbound:

Jun 24 19:12:53 pfsense php: rc.start_packages: Stopping postfix
Jun 24 19:12:53 pfsense postfix/postfix-script[45581]: fatal: the Postfix mail system is not running
Jun 24 19:12:53 pfsense php: rc.start_packages: The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
Jun 24 19:13:00 pfsense php: servicewatchdog_cron.php: Service Watchdog detected service unbound stopped. Restarting unbound (Unbound is a validating, recursive, and caching DN...)
Jun 24 19:13:06 pfsense php: servicewatchdog_cron.php: Message sent to xxx@xxx OK
Jun 24 19:13:09 pfsense php: config.inc: The command '/usr/pbi/unbound-i386/sbin/unbound-control start' returned exit code '1', the output was '[1403629989] unbound-control[91750:0] fatal error: could not exec unbound: No such file or directory'
Jun 24 19:13:14 pfsense Unbound_Alarm[96496]: Unbound has exited.
Jun 24 19:13:14 pfsense Unbound_Alarm[96897]: Attempting restart...
Jun 24 19:13:18 pfsense Unbound_Alarm[1080]: Unbound has resumed.


which then results in a next time :

Jun 24 20:17:15 pfsense postfix/postfix-script[31549]: fatal: the Postfix mail system is not running
Jun 24 20:17:16 pfsense php: rc.start_packages: The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
Jun 24 20:17:18 pfsense php: rc.start_packages: The command '/sbin/mount -u -w -o sync,noatime /cf' returned exit code '1', the output was 'mount: /dev/ufs/cf : Device busy'
Jun 24 20:17:19 pfsense php: rc.start_packages: The command '/usr/local/etc/rc.d/unbound.sh stop' returned exit code '255', the output was ' Parse error: syntax error, unexpected $end, expecting T_VARIABLE or T_END_HEREDOC or T_DOLLAR_OPEN_CURLY_BRACES or T_CURLY_OPEN in /etc/inc/system.inc on line 948'
Jun 24 20:17:19 pfsense php: rc.start_packages: The command '/usr/local/etc/rc.d/unbound.sh stop' returned exit code '255', the output was ' Parse error: syntax error, unexpected $end, expecting T_VARIABLE or T_END_HEREDOC or T_DOLLAR_OPEN_CURLY_BRACES or T_CURLY_OPEN in /etc/inc/system.inc on line 948'

and if you look in the filesystem the first (19:13) action has corrupted /etc/inc/system.inc.
Needless to say the GUI does not work anymore after this.
When I manually copy the system.inc things seem to be ok again.

I have installed the following packages:

mailreport       Network Management     2.0.12
Postfix Forwarder        Services       2.10.2 pkg v.2.3.7
Service Watchdog         Services       1.6 
Unbound  Services       1.4.22_2

Have any of you encountered such a problem ??
This is really weird, as it started occurring seemingly "out of the blue"

Rudi



6
OpenVPN / OpenVPN client status problem
« on: May 30, 2014, 12:44:43 pm »
Hi all,

In 2.1.3 I see a problem with the openvpn client status display as shown here. Anyone has this same issue ??
https://forum.pfsense.org/index.php?topic=77637.0

Rudi

7
webGUI / OpenVPN client status problem
« on: May 30, 2014, 12:41:03 pm »
Hi,

This problem is related to 2.1.3.

I have 2 openvpn clients defined. If they are connected the status display does not (correctly) reflect the status, when one of the 2 clients had a sucessfull reconnect it does not show connected, and keeps: showine "Unable to contact daemon    Service not running? although the network to the client is up.

Rudi

8
General Questions / # of processes increasing
« on: May 28, 2014, 04:14:39 am »
Hi all,

Running 2.1.3 I see the number of processes increasing by 1 or 2 every 24 hours, whilst it does normal firewalling,
some vpn etc. I suspect the ssh lockout proces reforks and then hangs. any ideas, or seen the same behaviour ?

the ssh locklout table is empty.

looking / digging deeper, can it be that sshlockout_pf gets haywire when encountering an ssh logline with an ipv6 ip number ??


Rudi

9
Hardware / Soekris 6501 coretemp
« on: May 06, 2014, 02:46:45 am »
Hi all,

I do not have great success with the core temp module on http://files.pfsense.org/jimp/ko-8.3/i386/coretemp.ko installed on 2.1.3 (i386)
runing on a soekris 6501. I installed it in /boot/modules, then loaded the module (kldload core temp). After that the temperatures in sysctl
show -1 ! like:

sysctl -a | grep temperature
dev.cpu.0.temperature: -1
dev.cpu.1.temperature: -1

Any similar experiences with 2.1.3 on 6501 ?

Rudi

10
IPsec / pfsense as client to cisco
« on: December 17, 2013, 12:29:03 pm »
Hi,

I got all credentials to set up an IPsec connection to a cisco environment , and it works on macosx with the built in (cisco) vpn client.
So ar so good, but now I want pfsense to create the VPN and terminate it, so that I can use more machines behind the pfsense to reach
the network behind the VPN, and not needing the vpn client on the mac.

Is there a tutorial for setting pfsense to be a client to the cisco network ?
Or: any clues for settings !?

Rudi

11
IPsec / 2.1-DEV IPsec to MacOSX 10.8
« on: January 12, 2013, 08:54:47 am »
Hi all,

I am running 2.1-DEVELOPMENT (i386) built on Fri Nov 25 17:47:58 EST 2011
FreeBSD 8.1-RELEASE-p6, and want to connect using IPsec (with NATT) from
my 10.8 mac using the built-in (cisco-like) client. I got to the point where I
solved all issues regarding to authentication and such, the VPN connects, I see
no errors in the log and see the bannertext I put in. but now have the idea
of pfsense is not routing or accepting packets or so. Yes I have firewall rules
that open up stuff on the IPsec interface and such.

I have read of similar issues, but with other (2.0) releases. Are there any people
that have a similar setup (with a 2.1-dev version) working !?

Any hints will be appriciated
Thanks !

Rudi

Pages: [1]