So is it accepted to create a VPN server on the pfsense computer, that you login to first?

http://cable-dsl.navasgroup.com/#WhyItMatters

This used to matter more when connections were slower but increasing in speed and before the standard OS's really became meant to deal with the new latency speed combinations.

With satellite, I used to get a little better performance out of our system… But that was older technology and Windows 2000.

Newer OS's are supposed to handle todays connections much better and should pretty much work out of the box. Once again though the satellite thing...

Speedguide.net has an optimization program you can look for... or

Cablenut.com has a program that can help you if your XP or earlier...

Your on your own if it breaks. I assume nothing ect ect...     Good Luck!

The aliases section is not relevant here. Sounds like you want to use inbound load balancing. See:
http://doc.pfsense.org/index.php/Setup_Incoming_Load_Balancing
That might be a bit outdated but it gives you the idea.

Steve

Im no means in any way an expert but will link CMB from another thread:

http://forum.pfsense.org/index.php/topic,51238.0.html

Thanks everyone. That got me the information I was looking for.

@pookguy88:

Ok, so I've decided I want to try playing with VOIP and VLANs.

… I've purchased a VLAN capable 5 port Netgear switch to test.

Hope this is still helpful… I noticed you mention Netgear, so the attached show my VLAN / Netgear setup. It's working fine.


@dhatz:

What does "re-staging" mean?

to clear and set up a device for redeployment,  after it had been in service.

Did you wipe clean the disk / cflash and re-install pfsense 2.0.2 and restore the .xml config file?

format yes,  restore no.  I didn't want to potentially import the issue.  As I mentioned my set up is simple,  it firewalls,  proxies,  routes, reports  and has fail over set up.  everything else is basically disabled or at default values so there wasn't a lot of vaule to use the xml.  Only took a few minutes to put it back to where it was.  Keeps you familiar with where the settings are which you don't often access.  8)

-g

@Mrfairweather:

Now I don't have access to the GUI. I tried killing the squid via cli but it keeps restarted.

There is a process called sqpmon (SQuid Proxy MONitor) that checks every minute or so to see if Squid is running. If Squid is not running it will restart it. If you really want to kill off Squid to test something, then you need to kill sqpmon first.

@Mrfairweather:

Side note should i update the base OS or is that frowned upon in these establishments  :)

pfSense is tightly integrated with the underlying FreeBSD (extra patches and goodies to make things even better). You need to stick with pfSense builds.

Well it started working. Not sure why but it just started working the other day. After a month of using untangle so I could use my works vpn I decided to try smoothwall. Smoothwall wouldn't install because the drivers wouldn't work so I figured might as well install pfsense again and get some logs for this thread. The only thing I did different was to not use the auto install. I just clicked through the defaults. So, I doubt this had anything to do with the vpn working this time but figured I would post about it so maybe it will help someone else. Maybe my work changed something but I have no idea. Its a very large enterprise network so I never submitted a ticket to network team.

I think I know what you mean…

By way of experimentation I put this on a webserver:

<rss version="2.0"><channel><title>IP</title>         http://www.pfsense.org         <description>Your info as seen by this server</description>         <ttl>1</ttl>         <title>IP address</title></channel></rss>

and then subscribed the RSS reader on the dashboard to http://my.web.server/ip_rss.php

Obviously it's dependent on the 'public' webserver component.  Is that what you wanted?

Thank you for the response, I do appreciate the assistance.

Here is what i have discovered, location A and B are connected via ipsec. Location A holds the mail server.  Location B is unable to ping Location A's External Ip.  Location A is unable to ping location B's external Ip

Location B can ping Locations A's INTERNAL IP

After looking through the logs I was able to allow Location a to ping Location B, I had to enable ICM (echo request).

Unfortunately reversing this on location B was unsuccessful.

I have used traceroute for (mail@mydomain.com) which points to location A's external IP on the remote network

the route is incomplete at ip 64.230.152.250

I then ran a traceroute at 64.230.152.250

the route gave one hop from my pfbox to 50.43.250.1 then the hop became incomplete.

I installed Microsoft Network monitor on a server in Location B and filtered 50.43.250.1

This was the result

943021 2:01:37 PM 3/19/2013 12161.0588449 System PRISMUSASERVER  50.43.250.1 NbtNs NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service {UDP:7589, IPv4:7513}
943023 2:01:37 PM 3/19/2013 12161.0744699 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Destination Unreachable Message, Port Unreachable, 50.43.250.1:137 {IPv4:7513}
943095 2:01:39 PM 3/19/2013 12162.5588449 System PRISMUSASERVER  50.43.250.1 NbtNs NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service {UDP:7589, IPv4:7513}
943099 2:01:39 PM 3/19/2013 12162.5744699 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Destination Unreachable Message, Port Unreachable, 50.43.250.1:137 {IPv4:7513}
945442 2:02:49 PM 3/19/2013 12232.6994699 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Time Exceeded Message {IPv4:7513}
945444 2:02:49 PM 3/19/2013 12232.7307199 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Time Exceeded Message {IPv4:7513}
945446 2:02:49 PM 3/19/2013 12232.7463449 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Time Exceeded Message {IPv4:7513}
945527 2:02:53 PM 3/19/2013 12237.1994699 System PRISMUSASERVER  50.43.250.1 NbtNs NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service {UDP:7589, IPv4:7513}
945528 2:02:53 PM 3/19/2013 12237.2150949 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Destination Unreachable Message, Port Unreachable, 50.43.250.1:137 {IPv4:7513}
945566 2:02:55 PM 3/19/2013 12238.6994699 System PRISMUSASERVER  50.43.250.1 NbtNs NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service {UDP:7589, IPv4:7513}
945568 2:02:55 PM 3/19/2013 12238.7150949 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Destination Unreachable Message, Port Unreachable, 50.43.250.1:137 {IPv4:7513}
945626 2:02:56 PM 3/19/2013 12240.1994699 System PRISMUSASERVER  50.43.250.1 NbtNs NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> <0x00> Workstation Service {UDP:7589, IPv4:7513}
945629 2:02:56 PM 3/19/2013 12240.2150949 50.43.250.1 PRISMUSASERVER  ICMP ICMP:Destination Unreachable Message, Port Unreachable, 50.43.250.1:137 {IPv4:7513}

looking through location A logs I see no records of Location B's ext Ip, or 50.43.250.1

As for DNS forwarding, My domain has a DNS server, (windows) I assume I would need to put this into the DNS server instead of the PFbox I can't seem to get this to work either.

Any more ideas would be appreciated.  I have tried to use the DNS forwarding via pfsense (location b) but also unsuccessful,  I'm  going to reboot the firewall tonight when no one is online, With hopes that there mayu be a glitch although I doubt there is.

"Do such pings go over the public internet or over the VPN? On which path should they go? Why?"

I expect the pings go outside the VPN, which is ok, this will allow my laptop users which fluctuate inside and outside the building to use the same setting.

found it for those who are interested…

/usr/local/sbin/pfSctl -c 'interface reload wan'

It varies a lot, but it can be from things like interface events, scheduled changes, DNS changes, etc. Usually it would log the filter reload in the system log and just before it would likely show the reason.

I'm thinking that my pkg_add of a newer curl broke things at some point. Comparing to an absolutely clean installation, I discovered the following difference:

diff php.ini php.ini.prev 27d26 < extension=curl.so

Fixing that fixed the issue.

We don't have a setting in the GUI for that right now, but you can edit /etc/inc/vslb.inc, around line 204, and change it there.

np - glad I could be of help.