The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - robina80

Pages: [1] 2 3 4 5 ... 16
1
OpenVPN / Re: tunnelblik - no tun or tap detected in file
« on: January 18, 2018, 04:09:55 pm »
i will try it jimp, thanks

2
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 17, 2018, 05:28:47 pm »
sorted!!!

i made a stupid mistake

when i was making the vpn interface (so i can use it as a gateway for my specific vpn traffic) i ticked both boxes under "reserved networks" which blocks rfc1918 but i dont want to block them as the virtual vpn ip im assigned is 10.8.0.2 which is a rfc1918 address

i put back protonvpn interface back in the "ALLInt" so i can easily manage the rules under one tab as its long winded otherwise

also in firewall > rules > outbound i had to make it hybrid and copy the wan and make another one for the protonvpn address as it didnt work otherwise

see pic of what i did

https://s10.postimg.org/jk6oiio7t/rule.png

thanks for all your help in this Derelict much appreciated!

3
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 16, 2018, 06:47:50 am »
thanks derelict, i will try that

sorry havnt replied just personal issues atm

4
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 14, 2018, 03:53:31 pm »
allnet is all my actual interface NICS ie manage (i call it home) DMZ and proton vpn

mmm... maybe i shouldnt put proton vpn in the all interfaces as really my all interfaces should be my acyual physical NICS on pfsense, what do you reckon?

5
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 14, 2018, 06:16:46 am »
i attach a better network diagram including my static routes

https://s18.postimg.org/v2d0so15l/my_network.png

but i would had thought this rule that i attach works as i dont see it not working

https://s18.postimg.org/vduh5aruh/rules.png

my three top rules are for my alias "vpnclients" which in the diagram i showed you is my windows PC with the VPN IP

and the bottom rule is for my "internalnet" to go out to the internet this is the manage and VM subnets

but when i plug in the ethernet cable in my NIC which is on the VPN network i have network access ie i can see the LAN but not the WAN which i would have thought it would of been going out the proton vpn gateway but its not working

6
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 13, 2018, 08:20:53 pm »
you mean this under firewall > NAT > outbound

https://s18.postimg.org/pmgvbe4jd/nat_out.png

sorry i dont reallt understand second question?

i have an alia called "internal network" with manage and VM networks that are allowed out to the intnernet but the vpn isnt

8
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 12, 2018, 06:14:13 pm »
i attach a better betwork diagram of my static routes to my switch and pfsense

https://s18.postimg.org/v2d0so15l/my_network.png

yeah i have static routes set up to route traffic from my default network on my pfsense to all my other networks on my switch

i attach a picture so you have more of a understanding on my network

https://s18.postimg.org/nz8tnpn4p/route.png

my pfsense ip is "10.100.1.254" and switch on the same network is "10.100.1.253" and it carrys static routes down it so my devices connected to my switch on different subnets can see the network and the internet

on my pc i have made my default gateway the VPN network switch IP "172.17.2.253"

9
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 12, 2018, 05:35:37 pm »
ok i have added a new network on my switch "172.17.2.0/24" and i have made my pc "172.17.2.1"

i have added a new static route on pfsense so the to can talk to eachother ie pfsense and my switch

i have network access fine ie i can talk to other subnets but i still get no internet activity

can anyone help please

thanks

rob

10
OpenVPN / tunnelblik - no tun or tap detected in file
« on: January 10, 2018, 04:07:32 pm »
hi all,

i have a mac client trying to connect to our work pfsense firewall with openvpn server but he cannot connect when he drags and drops the .ovpn file, he gets some message saying something along the lines cant find tun or tap in config but when i open the file "dev tun" is on the first line so im struggling sort of

i give him the "bundled configuration > archives" on his username under client export (see attachment)

is that the right one?

https://s18.postimg.org/6aju4na8p/export.png

many thanks,

rob

11
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 10, 2018, 02:18:09 pm »
mmm... somethings not right

i attach a picture of my rules and floating rules -

https://s18.postimg.org/fxir0ko49/rules.png

basically my "internal network" is 10.100.1.0/24

my "VPNclient" is 10.100.1.10 so it falls within the internal network subnet, i dont know if that matters

my DHCP server is from the range of 10.100.1.50-10.100.1.200 so my vpnclient alias IP is not in the scope

as soon as i change my pc NIC to 10.100.1.10 i loose internet

any help would be great, i persume im doing something really stupid!

cheers,

rob

12
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 05, 2018, 08:13:00 pm »
thanks Derelict

13
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 05, 2018, 04:53:32 pm »
the last step i need help with is point 10 (below)  the "no_wan_egress" i imagine this is an alias to some networks?

10-create-floating-firewall-rules

Create a floating rule that watches for and rejects outbound WAN traffic that's marked NO_WAN_EGRESS.  This prevents vpnclients from connecting to the internet via the WAN when the VPN interface goes down.

14
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 05, 2018, 03:22:18 pm »
ok so below point 9 is what your saying "policy based route" so make that host use the WAN 2 gateway instead of the default one ie WAN1

but why has he done point 8?

thanks,

rob


08-configure-outbound-nat

There's a new(ish) hybrid mode for outbound NAT which makes this pretty easy.  Add the two rules shown in the screenshots and then set the Mode to Hybrid Outbound NAT.  I use the entire LAN subnet as the source address for these entries, but it could also be limited to the network block chosen for vpnclients (192.168.1.128/27).  I use the entire LAN subnet so I don't have to worry about updating outbound NAT rules if I want to change the vpnclients alias.

09-create-lan-firewall-rules

Add a rule to block vpnclients from making DNS queries to the LAN IP.  This prevents vpnclients from using the DNS Resolver and prevents DNS leaks if you forget to override DNS settings when adding static DHCP mappings for vpnclients.

Add a rule that creates a policy based route for vpnclients.  Traffic that matches the rule will be sent via the VPN (ex:TORGUARD) gateway.  Traffic that doesn't match will fall through to the default LAN rule.

15
Routing and Multi WAN / Re: make host go out specific WAN interface
« on: January 05, 2018, 12:51:39 am »
This is exactly what im after

https://forum.pfsense.org/index.php?topic=106305.0

I still really dont get what outband nat is as i thought it was exactly for this to make a host or network go out a different gateway or wan interface

Pages: [1] 2 3 4 5 ... 16