Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - brunovic

Pages: [1]
General Questions / Re: Can ping one way but not the other
« on: March 06, 2018, 02:58:43 pm »
In your case, I don't know.  I've never tried to bridge a LAN to a VPN and get them all to talk properly.  The firewall rules for extra interfaces is a common gotcha that I wanted to let you know about.

Understood and thank you. Yeah I got the firewall rules covered and I am still stumped. I am trying to think from a networking perspective but I have never encountered a situation where two IPs from the same subnet can ping one way but not the other.

General Questions / Re: openvpn or ipsec vpn tunnel
« on: March 06, 2018, 02:47:02 pm »
DDNS is preferable but not a requirement for any VPN connectivity. As far as what order that doesn't matter because DDNS is not a dependency for VPN and that can be changed at a later time.

General Questions / Re: Can ping one way but not the other
« on: March 06, 2018, 02:35:45 pm »
I did add the access rule to allow all on both the VPN interface and the BRIDGE interface. But shouldn't that be irrelevant if the source IP is coming from an IP in the same subnet?

General Questions / Can ping one way but not the other
« on: March 06, 2018, 01:22:12 pm »
Hello I am having issues with IP communication between two interfaces in a bridge. I have followed this guide right here to set up the bridge: Right now I have a LAN interface doing VLAN 20 tagging bridged with an OpenVPN interface to allow layer2 TAP communication. The LAN interface has the IP address DHCP is configured correctly and all devices on the LAN as well as the OpenVPN are getting IPs from the DHCP server. From inside the LAN all devices can communicate with each other and they can ping the gateway. However from the client connected to OpenVPN I can ping the gateway but I cannot ping any other device on the LAN. And from the pfSense I cannot ping the OpenVPN client. I am stumped and cannot figure out why this is not working.

OpenVPN / UPDATE: OpenVPN bridged with LAN VLAN issues
« on: March 05, 2018, 08:52:47 pm »
So after doing some research I have realized that I do not need to assign a bridge to an interface with an IP. I can simply just bridge VPN and LAN with the LAN interface having the IP address. Once I've made those changes everything on the LAN works perfectly fine however I can no longer ping the LAN IP from the OpenVPN client.

OpenVPN / OpenVPN bridged with LAN VLAN issues
« on: March 05, 2018, 06:15:26 pm »
I am trying to bridge my OpenVPN L2 TAP (not Tunnel) with my LAN VLAN. That part works fine and my devices are able to get an IP address however when I VPN in I am able to ping the gateway IP address which is assigned to the bridge interface however any devices on the VLAN are not able to ping the gateway. After reviewing the packet logs I notice there are a lot of ARP request going to the pfSense and the pfSense is replying but it seems to me that the switch is not getting those replies on the trunk interface. The set up I have is the pfSense as a vmware appliance with the interface trunked to my Cisco switch with VLANS for LAN, MGMT and Guest users. MGMT and Guest users work fine because they are not linked to a bridge and LAN was working before but the moment I linked it to the bridge and reassigned the IP to the bridge interface my LAN network no longer works. I am stumped and am out of ideas. Can any of you guys help me out with this?

Illustration01: Here I am able to ping the bridge IP from a device logged into OpenVPN.
Illustration02: From here I am able to ping a device on the LAN from the Switch sourcing an Switch Virtual Interface.
Illustration03: However here I cannot ping a device on the LAN from a device connected to the OpenVPN.
Illustration04: And here no device on the LAN can ping the Bridge IP address.

Packages / Re: FreeRADUIS not Authenticating with PFSense using OTP
« on: October 31, 2017, 01:57:38 pm »
So no one has any ideas on this? Why isn't pfSense passing the authentication to the py script like the other logins?

Packages / Re: FreeRADUIS not Authenticating with PFSense using OTP
« on: October 23, 2017, 10:45:02 am »
I also want to add while looking through the logs I notice on the Cisco switch logins it passes the authentication to however when I try to log into pfSense it doesn't pass the authentication to It just fails.

Log from logging into pfSense:

Oct 23 11:28:43   radiusd   16311   (18) Login incorrect (Failed retrieving values required to evaluate condition): [admin] (from client FamFirewall port 0)

Log from logging into Cisco switch:

Oct 23 11:23:40   radiusd   16311   (16) Login OK: [admin] (from client FamSwitch port 1 cli
Oct 23 11:23:40      freeRADIUS: Google Authenticator - Authentication successful for user: admin

Packages / FreeRADUIS not Authenticating with PFSense using OTP
« on: October 23, 2017, 10:39:19 am »
Hello I am having issues with FreeRADUIS in that when you go to Diagnostic > Authentication it keeps failing whenever I use an account with OTP. However it works fine with static passwords. On the same token I have a Cisco switch that is authenticating with FreeRADIUS as well and that has no problem authenticating with OTP. Why is it that I can authenticate fine using OTP on a Cisco switch but it fails on pfSense?

Pages: [1]