fine

You cannot "see" them in your network places because of the same reason you cannot play games over a VPN.
The discovery of windows shares works via UDP broadcasts which dont get routed.

If you want to access a windows share on the other side of a tunnel, you can do that directly via the IP of the destination computer.
Another possibility would be to set up a WINS server on the other side of the tunnel, which resolves your SMB-names into IP's.

You really should read up on how routing works and what it means, since you seem to run into the same problems over and over again.

I think I figured this one out on my own…

I had to change my setup to advanced outbound NAT, create two NAT rules (one for each WAN interface), and make sure that the remote subnet was excluded from those rules.  There is still no route to the remote subnet that displays in the web interface, but maybe that's normal.  I'm just used to seeing one having come from a Linux/OpenSwan world.

So, judging from what I had to do, I'm assuming the NAT portion of the packet processing happens prior to the routing?  It seems like you should figure out where the packet is headed before you figure out if it needs to be NAT'ed or not.  ???

I think with EZVPN server on the ASA, no.

I think you can setup a pure IPSec SA on the ASA which can work with FreeBSD/pfSense.  I believe the considerations are the same as for regular FreeBSD.

http://www.google.com/search?q=FreeBSD+IPSec+PIX

I hope this helps, or at least does no harm. :-)

Use rSync instead of iSCSI, FTP or SAMBA …

There are rSync client and server for Windows out there. That is fast reliable and it's designed to work over unreliable network. Plus the algorithm of rSync will only send what have changed in your file instead of sending everything back. So your file of 1.5 GB could be backed up in less than 100 KB if only small portion of the file where changed.

I have several rSync configurer on Windows as server and client and it's working great. Then you schedule a batch file.

Instead of using IPSec VPN you could use SSH tunnelling again available a client and server for Windows

Here is the site you should look at: http://itefix.no/cwrsync/

If your more serious about backup, you should also check Ahsay Online Backup Server. That's what we use at work, we have an offsite server in a datacenter running Ahsay OBS there's about 150 GB of data there backup takes less than 30 minutes each day... Ahsay technology is based on rsync. We have used Storegrid for a year and the backup set got corrupted ... We have switched to Ahsay for that reason.

MageMinds

;)
regards
heiko

Hi Heiko, thank you very much for the detail reply. I will test with greater lifetime and search the forum for better lifetime setting. Thanks again.

please take a look…..

http://forum.pfsense.org/index.php/topic,3701.0.html

Except I want to do it by port, not destination IP.

I've beaten the hell out of a WRAP with a Xeon server as the other end point and it was never unstable. That sounds like an ALIX, which I haven't put through the same rigor yet.

It's kernel panicing, so you're hitting either some sort of FreeBSD bug or hardware problem. Can you follow this:
http://devwiki.pfsense.org/ObtainingPanicInfoForDevelopers

and get us the results from when it panics? Assuming you can reliably replicate it, or at least replicate it once. you can email it to me (cmb@pfsense.org), it'll be pretty long.

So because only 1 end has multi subnets this wont work? or am I missunderstanding and so long as I use FQDN and they match on both sides for both tunnels (each tunnel uniq FQDN of course) I am good?

One end has 1 pub and 1 lan subnet, other has 1 pub and 2 lan subnets.

Right now I have the original posters problem but they do work, just is a mess.

So I guess there is no way possible to get DHCP over IPsec, huh?

I haven't had any success with OpenVPN either…seams much more complicated.

Seams like a deadend.

??? ::) :-[ :'(

yes, no Problem, if you meant 6 loactions with different lan subnets…. ;)

Cannot be both site static?

IPSEC wont allow you to play udp-broadcast based games.

IPSEC poses the same limitations as OpenVPN does.
In fact, less. Because you alwys can hack yourself an OpenVPN bridge together.

http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN at the bottom

Please post your settings!

With all my testing I've been up to, I've had this occur a couple times….it was the wierdest thing...The IPsec would show green, but I couldn't ping anything. It freaked me out the first time...

The first time, on the ipsec settings I had to put the remote public IP of the host for the Remote Gateway. I had accedently put the internal local IP fro the Remote Gateway. I was surprised it even connected!

The second time, I had rebooted the PF breaking the connection suddenly. And for some reason it seamed to get 'suck'. IPsec showed green, but the DHCP and Relay DHCP both were saying each other was active, so no settings showed. Dispite, my user PC was still connecting via DHCP ok. I made a backup config file, then restored to factory defaults, then restore the config....unsurprisingly, it also restored the issue! LOL! So I did it one more time...and it did the same thing, surprise, surprise... So I figured it was soemthing else causing it. So I changed the "Lifetime" setting from 28800 and 84400 to 1200 for both, and wammo! It resolved it. My guess is, if you're making lots of setting changes, it's better to have a shorter lifetime setting... then to make it longer once things have settled.

Hope that helps!