Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - AndrewZ

Pages: [1] 2 3 4 5 ... 21
OpenVPN / Re: Site to site and remote access gateway
« on: Yesterday at 02:26:16 pm »
Check your routing tables on all the routers, then add a missing route (for a site and/or client) if necessary.
I suggest to read the neighboring topic: - configuration described there is quite similar to yours.

Hardware / Re: Huawei ME909S-120 setup help needed
« on: Yesterday at 02:22:34 pm »

you should try this IPs for connection monitoring:
Apr 24 18:56:06 pfSense ppp: [wan]   PRIDNS
Apr 24 18:56:06 pfSense ppp: [wan]   SECDNS

OpenVPN / Re: Android client routes all traffic via VPN
« on: Yesterday at 09:28:11 am »
1. check use default route

I think this is what OP is trying to avoid, i.e. VPN connection should be used only to access resources on another network. Please correct me if I'm wrong.

General Questions / Re: qmi, mbim, ncm, rndis protocols
« on: Yesterday at 09:23:45 am »
Driver - I meant  if_urndis.ko
Flashing - in this context I mean loading 22.X HiLink firmware to a modem running 21.X Stick firmware.
Web GUI will be available (on by default) once ue0 is up and usual interface and NAT configuration steps are completed.
In the example I found it seems that the author was successful with if_cdce.ko, not if_urndis.ko ;
as I understood switching the modem [by usb_modeswitch] to 0x14dc makes it detectable by if_cdce.ko driver.

Here is another working example:
E8372 does work indeed, I've tested it. However, mode switching works unstable and unpredictable for me.
E3372 (HiLink) should work with the same settings, will be good to hear feedback on this.
Here is the up-to-date link for usb_modeswitch:
Code: [Select] seems that lte.cfg file is not really needed, it should be enough to use the following command line:
Code: [Select]
/usr/local/sbin/usb_modeswitch -v 0x12d1 -p 0x1f01 -P 0x14db -J

OpenVPN / Re: Android client routes all traffic via VPN
« on: Yesterday at 04:04:36 am »
Make sure you're using the right client on Android:
Then check your connection settings on the "Routing" tab.
I'm also thinking about possible DNS issues, worth to check as well.

General Questions / Re: qmi, mbim, ncm, rndis protocols
« on: April 23, 2018, 01:59:09 pm »
I'm not 100% sure about VID/PID and usb_modeswitch in this particular case. Just an idea - the source code of the driver should contain all the vid:pid supported.
I'll try to re-flash one of my modems to HiLink and see how it looks like in a real life, but later.
Ideally, the modem should be recognized by the OS as it is, a new interface like ue0 should be created and pfSense will obtain the IP address from the modem (192.168.8.X by default).
Just found this - looks a like a success story?

Hardware / Re: Huawei ME909S-120 setup help needed
« on: April 23, 2018, 09:28:36 am »
you might set the monitoring IP to a different address

Some candidates:
- your gateway, i.e. ISP side of the link
- ISP's DNS servers
- ISP's landing page address (the one you redirected to when your balance is low)

pr4499, try to ping them first from the router before configuring the monitoring.

OpenVPN / Re: Android client routes all traffic via VPN
« on: April 23, 2018, 05:35:40 am »
Check for "redirect-gateway" in the config files you have.

NAT / Re: Local VOIP - no incoming calls
« on: April 23, 2018, 05:30:41 am »
Delete all the rules you created for SIP/RTP then start analyzing your SIP traffic.

Hardware / Re: How to configure RNDIS on E3372
« on: April 22, 2018, 05:24:30 pm »
This script is for NDIS mode (NCM, network card), not for RNDIS.
In order to use this script you will need 21.X (non-HiLink) firmware used in your modem.

General Questions / Re: qmi, mbim, ncm, rndis protocols
« on: April 21, 2018, 06:49:47 am »
My understanding that RNDIS is the only option currently available [from the protocol list mentioned] as it was mentioned here.

At the same time I was able to use Huawei E5372 which presents itself to the system as NCM (modem is a network card), however the overall behavior was more similar to RNDIS (modem is a NAT router). The whole story is here.

NCM (NDIS) mode should be possible as well, but this will require a shell script to configure connection and bring it up, i.e. no GUI support.

OpenVPN / Re: Client VPN wont pass traffic to site to site
« on: April 11, 2018, 11:07:31 am »
Start from checking your routing tables.
I suppose that remote site may have no information on how to reach your remote access subnet.

OpenVPN / Re: PFSense server connect as Client to OpenVPN server
« on: April 11, 2018, 08:14:48 am »
You don't need to touch configuration files.
Navigate to VPN-OpenVPN-Clients and add your client configuration there.

I did that manually and it worked fine.

Could you please compare my configuration with yours? Here a the relevant part of the server config and override file:
Code: [Select]
--- /var/etc/openvpn/server4.conf ---

topology subnet

--- /var/etc/openvpn-csc/server4/username ---
push "route"

With this configuration - client IP is not on "server" subnet- I get the error message I mentioned earlier.
As I'm reading OpenVPN documentation I realize that server configuration page needs some modification in order to support pool configuration with topology subnet.

that was an OpenVPN [server] message, System Logs / OpenVPN

Pages: [1] 2 3 4 5 ... 21