pfSense Support Subscription

Recent Posts

Pages: [1] 2 3 4 5 ... 10
1
Portuguese / Re: Vlan_Hyper-v2012_com 1 Placa Rede
« Last post by brassup on Today at 06:35:48 am »
Acabei de checar, meu windows não é o 2012r2, é apena standard 2012
Vou pesquisar melhor
Obrigado
2
Portuguese / Re: Proxy Transparente com SSL
« Last post by vandeir on Today at 06:30:04 am »
Resolvi esse problema usando esse código: Services, squid proxy server, show advanced options, custon options (before auth).

acl https_proto proto https
always_direct allow https_proto
ssl_bump none localhost
sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression
sslproxy_cipher ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all
ssl_bump splice all
# peek at TLS/SSL connect data
# splice: no active bumping
3
OpenVPN / OpenVPN accessing LAN systems
« Last post by border on Today at 06:27:19 am »
Hi,

Many discussions on this topic (how to access LAN systems through OpenVPN) but no clear step-by-step guide. Unfortunately none of the discussions provides a solution.

What I would like to achieve is that my pfSense box runs an OpenVPN server through which road warriors can connect and have access to the LAN systems. While setting up the OpenVPN server works and accessing the pfSense box is possible, none of the LAN systems can be reached.

Current settings:
* OpenVPN is running (tun device) on tunnel network 10.0.8.0/24
* IPv4 Local network is set to 192.168.2.0/24 (the LAN)
* custom option: push "route 192.168.2.0 255.255.255.0"

In the Firewall -> NAT -> Outbound:
* WAN   127.0.0.0/8 192.168.2.0/24 10.0.8.0/24   *   *   500   WAN address   *      Auto created rule for ISAKMP
* WAN   127.0.0.0/8 192.168.2.0/24 10.0.8.0/24   *   *   *   WAN address   *      Auto created rule

Would be great to get this working so if anybody has a pointer to a step-by-step guide that would be very helpful!

4
Packages / Re: Remote Desktop Gateway via Reverse Proxy
« Last post by Mats on Today at 06:14:21 am »
I'm sorry that I can't help you more with squid.
I did dig through my old backups but no luck.

even if it's a little-off topic:
I did find an old 2008/TSGW virtual machine though so I just had to test to set up a TSGW behind HAproxy. That worked.

I know got a public certificate (Lets encrypt) with a san name for my TSGW, a hostname that points to the external IP of my firewall and a Haproxy config  that forwards the traffic to the TSGW server on my DMZ.

For reference:
Ha proxy frontend

ACL
TSGW   Host starts with:   no   tsgw.Example.com

Action
Use Backend   See below   TSGW

The backend is even easier, just a server list
active   TSGW   Address+Port:   192.168.5.2   443   yes


5
OpenVPN / openvpn+freeradius+Accounting
« Last post by mohsen.abbaspour2012 on Today at 06:10:54 am »
Hello Guys 
I saw this post  "https://forum.pfsense.org/index.php?topic=111874.msg623102#msg623102 "    , have  any one  a solution for this
problem.
I want  to   set  time and amount traffic limit for openvpn  user but  i figure  out   it may be only    authentication     with freeradius  possible  no  amount of traffic and no amount of  time. 
6
OpenVPN / Re: OpenVPN Authentication Fails
« Last post by johnpoz on Today at 06:04:28 am »
Pretty sure when you buy hardware you get 2 free support calls included in the price.  I did when bought the sg-2440.  Haven't used yet, prob never need them - but nice to know they are there if needed..

For setting up road warrior - you click through the wizard, then go to the export package and download you config.  Done!

Now what I did run into recently, is that the ios app does not support the newer tls-crypt feature of 2.4 openvpn.. So you have to make sure your just using tls auth and not crypt..

I would suggest you post up your config, post up your logs from client and server and we can figure out what you are doing wrong.
7
Packages / Re: 2.3.3-RELEASE-p1, "Unable to check for updates"
« Last post by Bismarck on Today at 06:01:57 am »
Login via ssh and go to the Shell:

Code: [Select]
pkg-static install -f pkg
if pkg still throw a sqlite error about wrong version, you need to fix it first:

Code: [Select]
pkg shell
CREATE VIRTUAL TABLE pkg_search USING fts4(id, name, origin);
pragma user_version=33;

if not just skip this step and update from cli with option 13.



Good luck.
8
As soon as I switched any of the network cards in Suricata into Inline mode (Alert and Block Settings)
all Internet connections are cut off immediately, pfSense manual reboot doesn't help, and after boot of pfSense is complete white massage on the screen:
"pfsense 082.315525 [1233] netmap_mem_global_config reconfiguring".
For my situation the nearest reference is found here: https://forum.pfsense.org/index.php?topic=110534.0

Network cadrs: Intel(R) 82574L Gigabit Network

Screenshot of (Suricata's?) message type here:
http://dropmefiles.com/oYw5c
http://ks.mf-image.ru/d/eyJ0IjoiMjAxNy0wNS0yN1QxMDoyMToyMy4wNDI0OTQ2WiIsInRtIjoxNSwiYmQiOjEsImZkIjo0NDEyNjI1LCJyZiI6bnVsbCwic2wiOjAsImZuIjpudWxsLCJyIjoiaHR0cDovL215LWZpbGVzLnJ1L2w3b2ZycCIsImwiOm51bGx9.6A3F8AE135B9ADF8BEA90B9CCF225863./IMG_20170526_190338_.jpg

screenshot of mainboard type here:
http://dropmefiles.com/oYw5c - second picture
or
http://4c.mf-image.ru/d/eyJ0IjoiMjAxNy0wNS0yN1QxMDoyMzoxNS4zNzU5MzUzWiIsInRtIjoxNSwiYmQiOjEsImZkIjo0NDEyNjI4LCJyZiI6bnVsbCwic2wiOjAsImZuIjpudWxsLCJyIjoiaHR0cDovL215LWZpbGVzLnJ1L3o4dXU3ZyIsImwiOm51bGx9.0F0451CD8844BFA27D25987C8AEF20F2./Mainboard.png

NIC #1:
http://dropmefiles.com/oYw5c - picture #3
or
http://7y.mf-image.ru/d/eyJ0IjoiMjAxNy0wNS0yN1QxMDozMjozMS4xOTA5MjY5WiIsInRtIjoxNSwiYmQiOjEsImZkIjo0NDEyNjM4LCJyZiI6bnVsbCwic2wiOjAsImZuIjpudWxsLCJyIjoiaHR0cDovL215LWZpbGVzLnJ1L3Q0Y2UxcSIsImwiOm51bGx9.63DCAFC4E7EDCD91DDF5B46D417C18E5./NIC-1.png

NIC #2:
http://dropmefiles.com/oYw5c - picture #4
or
http://xg.mf-image.ru/d/eyJ0IjoiMjAxNy0wNS0yN1QxMDozNzoyMy4zNzk5NDI2WiIsInRtIjoxNSwiYmQiOjEsImZkIjo0NDEyNjQ1LCJyZiI6bnVsbCwic2wiOjAsImZuIjpudWxsLCJyIjoiaHR0cDovL215LWZpbGVzLnJ1L3E0c3V4YSIsImwiOm51bGx9.AE7358079919236B81FA5A0F1FA48FE3./NIC-2.png


NICs both:
http://dropmefiles.com/oYw5c - picture #5
or
http://ko.mf-image.ru/d/eyJ0IjoiMjAxNy0wNS0yN1QxMDozODozMC4wMTE1NzkyWiIsInRtIjoxNSwiYmQiOjEsImZkIjo0NDEyNjQ3LCJyZiI6bnVsbCwic2wiOjAsImZuIjpudWxsLCJyIjoiaHR0cDovL215LWZpbGVzLnJ1LzV1dHk2ayIsImwiOm51bGx9.0A805D2770EADBA2C889082B77F52AC7./NICs-Both.png

SouthBridge with NICs controller:
http://dropmefiles.com/oYw5c - picture #6
or
http://j3.mf-image.ru/d/eyJ0IjoiMjAxNy0wNS0yN1QxMDozOTowNy4xNTk5NTc4WiIsInRtIjoxNSwiYmQiOjEsImZkIjo0NDEyNjQ5LCJyZiI6bnVsbCwic2wiOjAsImZuIjpudWxsLCJyIjoiaHR0cDovL215LWZpbGVzLnJ1L2gxYmM3bSIsImwiOm51bGx9.F6281DA9EFC7222CD3DCABADC9A35DB2./SouthBridge.png
9
Turkish / Re: LAN'da internet yok
« Last post by raiko on Today at 05:40:31 am »
Dediğiniz gibi gateway ile alakalı bir sorunmuş teşekkür ederim. Bir sorum daha olucak ofisin dışından pfsense yüklü makineye ulaşmak için port açtım ama dışardan ip adresi/port numarası ile pfsense yüklü makineye ulaşamıyorum. Modemde köprü modu olmadığı için köprüye alamadım. Sorun bundan kaynaklımıdır ?

Merhaba,   Ben deneme amaçlı şirket içine kurdum. Şirkette zaten şu an cyberoam var. Cyberoamdan Cyberoamdan kendi bilgisayarıma gelen ip yi yani 192.168.2.168 i pfsense serverma taktım ordan da bir çıkış alıp kendi bilgisayarıma bağladım. Oda 192.168.3.5X
Cyebroamdan port yönlendirme yaptım, pfsenseden de gelen bağlantıyı iç ağa yönlendirdim ama bir türlü sorunu aşamıyorum. diğer bilgisayarlardan bağlanamıyorum.
Bir IPv4 Configuration Type İP4 yapıp 192.168.2.168 yazdığımda internete çıkamıyorum ama IPv4 Configuration Type DHCP Yaptığımda internete çıkabiliyorum.


 WAN      100baseTX <full-duplex>   192.168.2.168
 LAN      1000baseT <full-duplex>   192.168.3.55
10
Russian / Re: Падение pfSense. Как понять логи?
« Last post by pigbrother on Today at 05:38:42 am »
pfSense 2.3.2


Раз в неделю происходит падение, с созданием лога.
Есть возможность понять логи от pfSensa. Что бы найти причину падения.

Читать и анализировать логи. Существует и более затратный вариант - у pfSense есть платная поддержка. Но реально недешево.
Удобно поднять внешний syslog-сервер, транслировать логи на него и на нем же их анализировать.
Серверов syslog - множество под любую ОС. Для одного-нескольких  источников данных практически все - бесплатные.
Например:
https://syslogwatcher.com/syslog-watcher/
Powerful Syslog Server for Windows OS

Syslog Watcher can collect, parse, store and analyze syslogs from:

    firewalls / switches / routers / modems of any vendor
    network hosts and servers (Windows, Unix, Linux, etc.)
    syslog forwarders (to forward Windows Event Log use Eventlog Inspector)
    any syslog enabled devices or appliances
    any software that can send logs via syslog protocol
Pages: [1] 2 3 4 5 ... 10