Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - moikerz

Pages: [1] 2 3 4 5 ... 10
1
General Questions / Re: VLAN for my wireless
« on: Yesterday at 07:12:44 pm »
Sorry I didn't read that correctly.

In pfSense, do you have the DHCP service only on the VLAN2 port, and turned off on VLAN1 & LAN?

2
General Questions / Re: VLAN for my wireless
« on: Yesterday at 07:10:57 pm »
So the VLAN2 wireless client is asking for a DHCP address, pfsense is the first to receive it and sends out it's response. But since you have LAN bridged to WAN, the DHCP broadcast also reaches the Comcast router, and it sends out its own DHCP response.

Have you logged into the Comcast device and simply turned off the DHCP service?

3
General Questions / Re: VLAN for my wireless
« on: Yesterday at 06:48:36 pm »
You're aware that this means that DHCP packets from the Comcast are also flowing through to the pfSense LAN because of this?

4
General Questions / Re: VLAN for my wireless
« on: Yesterday at 04:46:38 pm »
What exactly is bridged here? i'm not following why you have something bridged.

And you're saying that your AP has two SSIDs configured, or are you referring to your AP + the Comcast wifi? If the former then that's good, if the latter then I'm assuming you're aware that if you connect to Comcast SSID the pfSense sees nothing.

5
Official pfSense Hardware / Re: Using the onboard crypto chip
« on: February 16, 2018, 07:12:27 pm »
The onboard crypto accelerator will be used with pfSense 2.5.

Using OpenVPN AES-128-CBC can achieve up to 20Mbps.
Using IPsec AES128-GCM IKEv2 can achieve up to 22Mbps.

Perhaps those 3 sentences (or at least an indication) can be put on the product page? Seems a lot of people are interested in rough VPN throughput of the SG devices. Even suggestions like "Use SG-3100 for WAN connections above 200Mbps" would give purchasers a guide :)

6
General Questions / Re: SG-2440 reset, disk usage and OpenVPN users
« on: February 12, 2018, 04:23:55 pm »
Odd. Perhaps now would be a good time for you to take a full backup, and reinstall from scratch, then restore from your backup. Cos something sounds a little messed up..!

7
General Questions / RADIUS, 802.1x, AD Computer-based authentication
« on: February 09, 2018, 06:43:47 pm »
I'm getting a bit snowed-under with the options available to secure our wireless client access, so I'm finally resorting to asking a question :P

What I'd like is only AD Computers and pre-approved devices to join the corp wireless without additional prompts. If the wireless device has an active AD account, or has a pre-approved MAC, then just connect already.

I have read https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS and a few days' worth of various pfsense & other sites, but:

- I do not want to use AD user/pass authentication, as I do not want my users to join their personal devices to the corp wireless just by entering their AD user/pass
- I do not want to use a Windows CA; pfSense CA would be ok; if possible I'd like to avoid CA altogether.

Unless I'm just not grokking the concept, why is it so hard to have an access point query Active Directory / LDAP to see if a computer is valid, and then allow it to connect?


EDIT:
I should note my driving reason:
I'm tired of people (including my boss) at our remote locations asking for the corp wireless PSK password. I'd rather be happier knowing that all AD devices can connect automatically without my input. Thus I'd rather not use CAs, which would need to connect to the wired network at least once in order to obtain the CA via GPO, which cannot happen for Windows tablets.

8
General Questions / Re: SG-2440 reset, disk usage and OpenVPN users
« on: February 09, 2018, 01:51:30 pm »
Are your vpn users local users? Or are they AD/LDAP users (or groups)? Or are they RADIUS users?

Are you just using a single certificate between all users?

9
General Questions / Re: Change OPT order for VLANs
« on: February 05, 2018, 12:34:35 pm »
Always good to get a sense of humour going - thanks Derelict; nice flower  ;D

I'm not overly fussed about the misaligned VLAN numbering. I was half-anticipating that you give a solution as you have stated, by juggling the firewall rules after reassigning the OPTs. But no biggie. Perhaps it could be listed as a low-priority UX feature/option to list OPTs by name instead of number on the dashboard/dropdowns/etc.

10
General Questions / Change OPT order for VLANs
« on: February 02, 2018, 04:33:50 pm »
As time goes on, I'm adding various VLANs to pfSense. The order that the VLANs display in is ordered by the OPT number (ie, OPT1, OPT2, OPT3). But my VLANs are labelled such that they are no longer alphabetical. That is:

OPT1 = VLAN4
OPT2 = VLAN2
OPT3 = VLAN9

How can I make it so:

OPT1 = VLAN2
OPT2 = VLAN4
OPT3 = VLAN9

so that they're sorted "nicely" in the GUI? I see that I can change the dropdown in Interfaces > Assignments, but will that move the Firewall rules as well, or are rules tied to the OPT number?

A follow up request could be that I want a pretty flower on the dashboard. But I'll settle for sorting alphabetically for now. :P

11
Firewalling / Re: Block Unknown clients when connecting to our network
« on: January 26, 2018, 06:11:44 pm »
This is the purpose of NAP. Built into Windows 2008R2 and up, as well as offered by PacketFence and some others for free. Both solutions utilize RADIUS and VLANs. Initial requests are put into an isolated VLAN for assessment. If they pass the assessment they can be re-VLAN'd dynamically to a corporate VLAN, or onto a guest/DMZ VLAN for remediation or guest processing. Could be as cheap as $0 plus your electricity ;)

12
OpenVPN / Re: OpenVPN Site to Site Issue
« on: January 25, 2018, 04:50:08 pm »
I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

Wat. Remote network field only appears for the device configured as the "server" - "client" side does not get that field.

13
Same symptoms; no console output, two computers, two cables, no routing being performed, no access ... But just got approved for an RMA so I'll see how that works out. Thank goodness my backup was only done 2 weeks ago; a temp desktop is tiding me over.

14
Hey I got the same behaviour. Did Support manage to resolve it?

15
Installation and Upgrades / Re: Using pfSense on a single NIC
« on: January 15, 2018, 11:50:10 am »
This is called "router on a stick", and you will need to utilize VLANs and a switch capable of tagging (aka a smart / web / managed switch). Lots of examples online if you search for that term for what you want to do :)

Pages: [1] 2 3 4 5 ... 10