ip route show table 0 will give you the current routes in Android. At least it does on my older device. 😉

Had you done that you would have found 192.168.1.0/24 via the openvpn server IP was missing. Adding it as a local network there is what causes the server to pass that route to the clients.
Glad you found it.

Steve

You can't have two mobile IPSec servers, no. But this is OpenVPN, you can have as many instances as you have ports/resources.

the solution was reverse php version to 5.6 on the vhost in www/mailserver so not related to pFsense

There's no easy way to do that really. If I was doing it I would probably edit the config file directly and reboot to load it.

Your WAN should look like:

<wan> <if>pppoe0</if> <descr><![CDATA[PPPoEWAN]]></descr> <blockpriv></blockpriv> <blockbogons></blockbogons> <enable></enable> <ipaddr>pppoe</ipaddr> </wan>

And you'll need a PPP section like:

<ppps> <ppp> <ptpid>0</ptpid> <type>pppoe</type> <if>pppoe0</if> <ports>em0</ports> <username>your_username</username> <password>base64_encoded_password</password> <descr><![CDATA[WAN]]></descr> <provider>Your_ISP</provider> </ppp> </ppps>

Or similar with your details in it.

Steve

Yeah that's where inverted rules can bite you. !LAN net or !WIFI net is effectively everywhere. 😉

Your 'Wide Open' rule is actually only to the WAN subnet which is probably only small subnet with your public IP in it. You probably want destination 'any' there to allow traffic to any external IP.

Steve

Because if it changes we want people to know about that change. You can edit the file to change the interval if you want or prevent access to the fqdn so it never sees any changes.

Steve

Hmm, not sure why you would have to do that. You could just add them as static leases so they always get the same IP.

Steve

@stephenw10 Nervermind, Thanks anyways, I just a bought ethernet switch, no need bridge and working fine now.

So you are authenticating using Radius from pfSense to the Synology device?

Does it resturn groups locally correctly?

Why are you using LDAP and Radius?

Steve

Exactly what VPN type are you using here?

I don't really see why you could not use certs signed by another CA as long as the server and clients were both using it. Though I'm not sure I've ever tried that myself, for mobile IPSec at least.

Steve

Indeed. If @eiger3970 is seeing this in 2.1 then upgrade!

If it's in 2.4.4 then it's almost certainly unrelated to whatevet was happening here and a new thread is more appropriate.

Steve

@gboone

I preferred the previous spelling. I thought it was more accurate.

Aw, interesting. Yes that file is there. I removed it and the notices have gone away. Thanks!

@HW said in Need help configuring:

OK. Enabled the firewall and can ping both 8.8.8.8 and google.com. But still mail isn't working and not possible to reach the Remote Desktop Gateway from outside.

Good to hear it's working. Don't forget to backup the configuration this time! Diagnostics > Backup & Restore.

I hope you're not using remote desktop into your network without encryption. That's not the best practice.

@viragomann said in Internet only accessible when rules has all interfaces:

ti

Slap on head - the penny just dropped for me! :)

I was, for some reason, considering "WAN network" to imply the next step in the journey to the destination - give access to that and I'm all set. I guess, technically, all I was doing was providing access to any host in the subnet as the IP address my ISP assigns to me :)

Not sure what I was thinking but that makes complete sense now and I thank you.

Mark

Yeah it pulls in the copyright message and checks it's hash against the message that's stored locally. If it has changed it displays the new message.
In this case we wanted to get the survey link out to users so updated the message to include it.

Unfortunately the initial link was bad so it was corrected. Some users might have seen the pop-up twice.

Steve

@armandelli

I doubt it. That would involve reading the contents of encrypted traffic and then looking up accounts. There is no way pfSense could do that.

Same problem here, as johnpoz said, its a problem related to the windows host, in my case, not enough memory.
On windows servers if there is not enough memory, RDP is blocked.

@Ralphworth Shouldn't really be an issue if both the LAN and WAN v-switches the pfSense VM connects to are External.
Private - Communication between VMs only.
Internal - Communication between VMs plus Host.
External - Communication between VMs, Host, plus physical network (outside world)