Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Derelict

Pages: 1 2 3 4 [5] 6 7 8 9 ... 703
   Derelict .....

According to Suddenlink, all the static IP's I will be issued are class C  /24


So on the interface itself in a larger subnet than your allocation.

There is no good way to put those addresses directly on servers.

I would 1:1 NAT in that case.

Or I would ask for a routed subnet to an address on that /24.

OpenVPN / Re: Hostname Resolution over OpenVPN
« on: May 15, 2018, 03:05:21 pm »
From the client:

dig @dns_server_ip_address

Does that work? If not find out why not.

You are keying on the statements of the poster who doesn't seem to have a complete grasp of the problem at-hand.

Is your public subnet routed or is it simply a network on the WAN interface itself?

It matters.

Sorry. Don't know about all that microsoft crap.

I don't think you can. The high /25 might be the best you can do with source hash since it must be a subnet.

You could try to break up the sources into multiple outbound NAT rules with the other subnets but that sounds kind of messy.

Something like:,,,

OpenVPN / Re: Hostname Resolution over OpenVPN
« on: May 15, 2018, 06:04:27 am »
maybe the DNS server does not have a route back to the OpenVPN client's tunnel address?

You should be able to troubleshoot this using dig commands targeted at the DNS server in question.

A lot of this has to do with how the client, not pfSense, is configured too.

Routing and Multi WAN / Re: Delay or manual failback?
« on: May 15, 2018, 06:01:31 am »
If you want a manual failback in that situation, just mark that gateway as down. You will still get dpinger data and be able to see what's going on with the gateway.

Force state
Mark Gateway as Down This will force this gateway to be considered down.

When you want to put it back in the gateway group, just unmark it as down.

You can tweak the parameters used for how long it takes to mark a gateway as down or up to help reduce flapping but I don't think you can make it fail quickly then wait to come back up. The failure and recovery thresholds are the same

OpenVPN / Re: Hostname Resolution over OpenVPN
« on: May 15, 2018, 05:47:04 am »
Have you tried setting it as the DNS server that gets pushed to the OpenVPN clients in the OpenVPN server configuration?

Does RADIUS work in Diagnostics > Authentication?

Yes. There is a checkbox for that in the server config.

Strict User-CN Matching
Enforce match When authenticating users, enforce a match between the common name of the client certificate and the username given at login.

General Questions / Re: Dynamic DNS IP caching problem ?
« on: May 15, 2018, 04:21:52 am »
In general you bind the dynamic DNS you want to update to the interface address/vip you want it to update from.

Is the common name in the certificate exactly the same as the login name used in the RADIUS credentials?

OpenVPN / Re: OpenVPN Exiting due to fatal error
« on: May 15, 2018, 03:53:41 am »

i figured it out.

there is a bug: pfsense doesn't support 2 or more OpenVPN client configurations with TUN device.

Completely untrue.

You must, however, use different tunnel networks for each tunnel.

General Questions / Re: RV mobile PFsense box. (sanity check)
« on: May 15, 2018, 03:48:07 am »
Yup. I would dedicate a cabinet/space for the APU, the switch, the AP, and the 4g modem device and all the associated patch cords, power strips and cubes, etc. Any decent AP should be fine in that space even if in a cabinet, etc. Certainly better than any "built-in" wifi card. A cabinet with AC power is also a decent place for things like battery chargers, etc. Just plan for the heat.

Not sure I can. Sorry. You might be trying to do the impossible from behind a captive portal. You'll have to wait to see if someone else chimes in.

Pages: 1 2 3 4 [5] 6 7 8 9 ... 703