Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - jamesonp

Pages: [1]
1
IPv6 / Odd IPv6 Issue
« on: November 27, 2017, 04:49:34 pm »
I have Time Warner (now Spectrum).  The WAN interface has the DHCP6 option set for IPv6 Config Type and I have it set to request a /56 delegation size.  The WAN interface is assigned 2606:yyyy:xxxx:x:xxxx:xxxx:xxx:xxxx from TW.

I have four different VLANs which I've set the IPv6 config type to track the WAN interface.  Each of the four VLANs has a different prefix ID (0-3) and obtain a different IPv6 /64 range starting with 2606:yyyy.  I have the RA daemon for each VLAN set to advertise as Unmanaged with the router priority set as high.

Now here's the odd part.  IPv6 only works for a short time on each of the clients PCs when running an "ipconfig /renew6" as seen in this short video:

https://streamable.com/uksmx

Windows Firewall is off for testing purposes in the above video.

Now similarly, upon disconnecting an Android phone from the wireless and reconnecting it, the IPv6 works for a short time before reverting back to IPv4.

I can't for the life of me figure out what would be causing this behavior!  Thank you for your help.

2
IPsec / IPsec sending traffic to wrong interface
« on: December 26, 2016, 07:42:52 pm »
I'm trying to setup a mobile client IPsec VPN tunnel. I already have an IPsec tunnel successfully setup to Azure and am running a few VMs over there.

My network configuration is as follows:

VLAN 10 [Home]- 192.168.1.0/24
VLAN 11 [Guest] - 10.1.1.0/24
VLAN 12 [VMs] - 10.1.2.0/24
VLAN 13 [Legacy] - 10.1.3.0/24
Azure - 10.0.5.0/24

IPsec Mobile Client settings:

Mobile client tab
Phase 1
Phase 2

The device on the other end is running Android with the native IPsec client. The issue I'm having is only the 192.168.1.0/24 VLAN subnet is accessible over the IPsec tunnel. All the other phase 2 entries are being routed to the wrong interface as seen below in the states table:

Code: [Select]
IPsec    icmp    10.0.100.1:218 -> 10.0.5.4:218    0:0    1 / 0    84 B / 0 B   
IPsec    icmp    10.0.100.1:220 -> 10.0.5.4:220    0:0    1 / 0    84 B / 0 B   
IPsec    icmp    10.0.100.1:221 -> 10.0.5.4:221    0:0    1 / 0    84 B / 0 B
IPsec    tcp    10.0.100.1:37926 -> 10.1.2.18:80    SYN_SENT:ESTABLISHED    6 / 11    360 B / 660 B   
IPsec    tcp    10.0.100.1:37927 -> 10.1.2.18:80    SYN_SENT:ESTABLISHED    6 / 11    360 B / 660 B   
IPsec    tcp    10.0.100.1:38436 -> 10.1.2.16:80    CLOSED:SYN_SENT    7 / 0    420 B / 0 B   
IPsec    tcp    10.0.100.1:38437 -> 10.1.2.16:80    CLOSED:SYN_SENT    7 / 0    420 B / 0 B   
IPsec    tcp    10.0.100.1:47377 -> 10.1.2.1:80    SYN_SENT:ESTABLISHED    7 / 11    420 B / 660 B   
IPsec    tcp    10.0.100.1:47378 -> 10.1.2.1:80    SYN_SENT:ESTABLISHED    7 / 11    420 B / 660 B
HOME    tcp    10.0.100.1:48095 -> 192.168.1.19:8080    ESTABLISHED:ESTABLISHED    74 / 43    17 KiB / 13 KiB
HOME    tcp    10.0.100.1:48158 -> 192.168.1.19:8080    ESTABLISHED:ESTABLISHED    37 / 20    8 KiB / 6 KiB

Anybody have any ideas?

3
Hello,

Prior to updating to 2.2.5-RELEASE I did not have any trouble transferring any files over 1GB cross VLAN.  After updating, I am no longer able to transfer large files >1GB cross VLAN.  Doing so will cause the network adapter to go into a down link state and cause all VLANs to become disconnected.

pfSense Specs:

Motherboard: ASRock H61MV-ITX LGA 1155
CPU: Intel Celeron G1610 Ivy Bridge Dual-Core 2.6GHz
RAM: 4GB
Onboard nic (LAN w/VLANs) & TP-LINK TG-3468 (WAN)

Network Setup:

VLAN 10 - 192.168.1.0/24  GW: 192.168.1.1 (pfSense)
VLAN 11 - 10.1.2.0/24  GW: 10.1.2.1 (pfSense)

File transfers from 192.168.1.200 (desktop) to 10.1.2.18 (file server) fail and cause pfSesnse to temporarily drop VLANs.  File transfer from 10.1.2.14 (laptop) to 10.1.2.18 (file server) sucessfully transfers.

I've uploaded a video of the behavior:

https://www.youtube.com/watch?v=ufwO1Gp_OHw

4
Gaming / How to make GTA 5 on PC work
« on: April 28, 2015, 10:14:41 am »
I was having major problems joining sessions and connecting to heists.  After much frustration, I've found what fixes the problem.

1) Go to Diagnostics->Backup/Restore->Download configuration (save the file to your computer.  congrats you backed up your current config)

2) Set a static DHCP lease for the computer you're going to be playing on.

3) Go to Firewall->NAT->Outbound

*Change the Mode to: Hybrid Outbound NAT rule generation and hit save.

*Add a NAT rule:
Interface: WAN
Protocol: any
Source: type - network, address - the_static_dhcp_lease_ip_you_just_set /32
Translation: Static-port (check the box)
Click save

Click apply and restart pfSense.

4) Go to Firewall->Rules and create the following port forward rules:

UDP Ports: 6672, 61455, 61457, 61456, and 61458

Example:


5
NAT / OpenVPN Client and PPTP Server
« on: September 24, 2014, 07:38:54 am »
I'm having a problem with my rules/outbound NAT since setting up an OpenVPN client tunnel and changing the NAT type to manual.  I have a legacy server which connected via PPTP to my pfsense box but ever since changing my NAT rules to manual the PPTP server has stopped working.

I currently have pfsense set to route all traffic through an OpenVPN client tunnel.  I have the following routes set:



I'm a little bit lost on how to setup the rules/outbound NAT settings to allow the PPTP server to be connected to.  Any help would be much appreciated.

Pages: [1]