Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - her0wh1m

Pages: [1]
OpenVPN / Re: Multi OVPN Clients - Clashing Same Virtual IP Address
« on: March 09, 2018, 06:12:29 am »
Thanks for the response. I know I have set this up in the past with the ip being pushed from the server to the client, but starting to question myself also if it can be done client side. I dont see why not, I dont pull routes from the VPN provider.

I did manage to assign static ip client side using the client specific overrides. This was based on assigning static ip per certificate authority. Unfortunately, all the VPN clients share the same certificate authority though - so although I have proven you can assign static ip client side I still havent managed to do it per client.

It seems that the ifconfig-push directive works in the 'Client Specific Overrides' section but not in the 'Client' section.
I dont understand why in the 'Client' section you cannot just specify the ip in 'IPv4 Tunnel Network'

OpenVPN / Multi OVPN Clients - Clashing Same Virtual IP Address
« on: March 08, 2018, 08:24:42 pm »
I have set-up multi-vpn, using 3 x vpn connections. The servers are controlled by an external VPN provider.

The issue is that 2 x of these connections are assigned virtual addresses on the same subnet, and sometimes they are assigned identical virtual ip addresses.

I want to be able to assign / control the virtual ip addresses for each connection through the OVPN client config.

I see conflicting information and am not sure what the correct way is.

Currently in the client config I have the VPN/OpenVPN/Clients/Edit -->Tunnel Settings --> IPv4 Tunnel Network -->
Topology = net30.

I therefore expect an ip of to be applied to the OVPN virtual address, but it is not.

Any insights / assistance appreciated.

Firewalling / Re: Firewall Port Option Not Working
« on: February 18, 2018, 10:56:17 am »
Perfect, all sorted. Many thanks.

Firewalling / Re: Firewall Port Option Not Working
« on: February 18, 2018, 10:14:31 am »
OK, thanks for the suggestions on this. All up and running now, needed to change a few settings at my DNS provider but all good now.

The only thing remaining is minor. When I input my domain name into a computer on the LAN - the pfsense page is loaded, rather than my webserver, along with an error message on DNS rebinding.

If I access my domain name from outside the LAN (i.e. on mobile phone) it all works OK. Does anyone have a hint, as to how do I make my webserver load when requested by the domain name over the LAN.

Firewalling / Re: Firewall Port Option Not Working
« on: February 18, 2018, 08:52:31 am »
Thank-you. Agreed, from further investigating that the outgoing port is random. I got confused as I used to have a set-up that tunneled based on UID, i.e. it was the process UID that responsible for the routing policy, whereas here I'm dealing with IP & Port.

Yes, I had previously considered routing the traffic I want to go via the WAN instead - I have now implemented this. What I want is for my webserver (port 80) to be accessible via the WAN, obviously it doesnt work if its tunneled through the VPN.

I have set this up, including moving the dynamic dns from my server to the pfsense machine (i.e. as the ddclient was on the server it was returning the VPN IP). The pfsense dynamic DNS provider is updating the ip address to the WAN address, so all OK. However, when I try to access the webserver via my URL I now get webserver errors, 403 forbidden. If I use the WAN IP rather than the URL the webserver works as expected.

Firewalling / Re: Firewall Port Option Not Working
« on: February 18, 2018, 07:07:22 am »
Thanks for the response. I'm using rtorrent, it communicates on a single port. DHT etc is not enabled on my client so I dont need the associated additional ports.

Im really stuck on this. I have found some guides for achieving what I want but they simply dont work, the port is ignored when specified.

If I have set-up a config that works at tunneling the required machines ip through the VPN. In the same interface / config, adding the port breaks things. What I am trying to say is either;
1) pfsense is broken;
2) The tunneling of ports follows a different concept / strategy to that of IP's and I dont understand this (although why put the port option on the webui if this is the case?)

Firewalling / Re: Firewall Port Option Not Working
« on: February 17, 2018, 02:39:32 pm »
Thanks for your response. The port is the port of my torrent client and is static

So, in my mind what I want is when my torrent client (i.e. port and ip) is detected it is tunneled through the VPN. It works for ip only but not when the port of the client is specified.

Firewalling / Firewall Port Option Not Working
« on: February 17, 2018, 02:04:29 pm »

I have a server at a static ip ( I only wish to tunnel a specific port on this server through the VPN, everything else over WAN.

If I create a rule and select the ip ( through the VPN the rule works. However, when I select a source port it is not tunneling the source port to the VPN. i.e. I can tunnel by ip but I cannot tunnel by ip AND port.

I cant understand why the rule works without a port but when a port is specified instead of tunneling that port it ignores the rule.

I feel like I'm missing something really obvious here . . . any assistance appreciated.

Hardware / Re: Unofficial QOTOM Hardware Topic
« on: January 18, 2018, 08:45:45 am »
It's already disabled - against known threats, we are just trying to remove the ME stuff - as much as we can, so as to make it secure against any unknown threats.

So if Iím understanding this correctly, flashing the BIOS with the modified version you uploaded didnít do anything for ME? Or does it at least disable it but doesnít remove any of the code?
Sorry if I have missed something in the preceding pages, but I'm confused. For the avoidance of doubt, do we need flash with the modified bios (kindly provided by dropbox link) or is the ME stuff already disabled by default?

Hardware / Re: Unofficial QOTOM Hardware Topic
« on: January 02, 2018, 10:03:43 am »
I bought of aliexpress in the end, as they had the shipping option to avoid the customs duty fluff

Hardware / Re: Unofficial QOTOM Hardware Topic
« on: December 31, 2017, 11:14:16 am »
OK, the i5-5250U is back in stock, so I am going to purchase.

Is it just me or do they have the same computers / boxes under all sorts of different links - i.e. I've decided that I want the Q355G4 with the if-5250U processor, the thing is that there are multiple exclusive links with very minor price differences for the same product. Its all a bit confusing really but maybe related to courier options and installed OS.

Anyone else come across this? What was the approach, just order any of them?

Hardware / Re: Unofficial QOTOM Hardware Topic
« on: November 22, 2017, 02:39:14 pm »
Hi, I am not able to order Q355g4 qotom on aliexpress.  Does anyone have link to it?  All Q355g4 are sold out.  Only 350g4 are available.  does i5 4200u and i5 5250u makes difference in openvpn performance output?
Hello, my first post here. Yeah, I've read through this thread, done my research and was about to purchase Q355G4 with i5-5250U - not available, doh!

I wonder if it is due to the security vulnerability discussed at the tale of page 30 of this thread? Either way, I cant justify pushing the button on a processor from 2013 c.f. 2015, even if the comparison shows little difference,75459

Guess I will wait for a bit and keep an eye on the store to see if any updates

Pages: [1]