Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - cmcologne

Pages: [1]
Deutsch / Dual VDSL Telekom keine feste IP auf zweiter Leitung möglich
« on: February 09, 2018, 04:45:42 pm »

ich habe zwei VDSL-Leitungen mit externem Zyxel Modem. Dies übernimmt das VLAN 7 tagging. Beide Verbindungen wählen sich auch ein und sind nutzbar. Wenn ich nun im Kundencenter für den ersten Anschluss die feste IP aktiviere, ist noch alles gut. Wenn ich das aber für den zweiten Anschluss auch mache, wählt sich der zweite gar nicht mehr ein. Deaktiviere ich die feste IP auf dem zweiten Anschluss wieder, wählt er sich wieder mit der dynamischen ip ein.

Meine Vermutung der Ursache ist, dass beide PPPoE-Verbindungen für die Punkt zu Punkt Verbindung das selbe Gateway verwenden und daher die PfSense ein Routingproblem hat. Ich kann dem PPP log aber nur entnehmen, dass die Pfsense die Config vom isp nicht mag, mehr nicht.

anbei Bilder und Logfile.

Besten Dank!

IPsec / Double Remote Network
« on: December 18, 2017, 01:12:55 am »

i have two remote networks, that are identical subnets. The subnets cannot be changed. I want to connect a IPsec vpn to each remote network.

How to nat that? It should be possible, that I use it this way:

establishing connection to packet goes to vpn 1 subnet
establishing connection to pakcet goes to vpn 2 subnet

I tried the binat, but that changes only my subnet, not the remote subnet.

Thank you guys

OpenVPN / Public-IPs over OpenVPN
« on: March 17, 2017, 07:48:22 pm »
Hi Guys,

I have a pfsense firewall in a Datacenter. I got a /29 Network provided by the Datacenter and want to use this IPs at an other site.

In the Datacenter there is a Route for the /29 net, which points to the WAN-IP von pfsense.
I created an OpenVPN-Server using the /29 as Tunnel Network, Topology Subnet and Server mode Remote Access.
At the Pfsense on outside the datacenter I configured the OpenVPN-Client and it successfully got an IP address from the /29 address space.
I did create an Outband Nat rule on the OpenVPN-Client Pfsense: Nat all traffic for the Open-VPN Interface with the Openvpn-interface-address.
If I now create a advanced firewall rule and set the openvpn-tunnel as gateway, I can surf the web with the IP from the /29 net.

But how can I get inbound connections in order to use servers outside the datacenter, but with datacenters ip?

I tried to create a 1:1 NAT-Rule as I do when I would like to map a WAN IP to a rfc1918 ip from the lan. But in this case, I cannot reach any service on the IP from the /29 net, which is routet trough the vpn-tunnel.

I added several allow all firewall rules, but doesen't work. It seems that this issue is related to NAT, rather than firewall rules.

Anybody knows, what the problem is or an other why to use a Public-IP on an other site?

Thanks for reading!

Best regards

IPsec / Windows internal VPN-Client to pfSENSE 2.2
« on: January 25, 2015, 12:44:03 pm »
Hi everyone,

does anybody successfully configured pfSENSE 2.2 to work with the internel Windows VPN-Client?

In 2.1 i have configured a VPN-Provider as a OpenVPN Client Connectionl:
importing certificates, add openvpn clientconnection, store user/pass in separate file, assign an dhcp interface to the openvpnclientconnection, created outbond nat rule, created firewall rule with advanced gateway flag.

Doing this in 2.2 the same way except, that user/pass doesn't needs to be stored in separte file. After adding the firwall rule for the specific IP adresse, wich needs to be online via vpn, ther was no internetconnection on this client.

Testing traceroute from the client only gives me timeouts.
Removing the firewall rule, the client is back online, but without vpn.

On the 2.1 i have a site-to-site vpn to an other 2.1 machine. The other one is the Server.
Authentication is shared key.

On 2.2 I configured the tunnel like in the 2.1 except the new field "digest auth". This was set to "nothing".
Having access to both pfsense maschines from the same computer over wan, it was eaysy to copy and past the shared key. So it should be right.

On the Serversite PFsense getting much HMAC Authentication erros. VPN will not connect.

Hardware / Supermicro X9SBAA-F
« on: February 19, 2013, 07:27:53 am »

I bought this motherboard with 4GB of ECC Kingston RAM. But the pfSense Live CD will not start. I get the following error:

It also makes no difference whether I connect the ISO file via IPMI or use a USB drive.

Does anyone have experience with this new motherboard?

Pages: [1]