Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vpn appliance

    Scheduled Pinned Locked Moved Hardware
    18 Posts 2 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      covex
      last edited by

      whatever is posted in download sections of their websites. cd version

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Please test with the latest snapshot. It's based on a newer FreeBSD version: http://snapshots.pfsense.com/FreeBSD6/RELENG_1/

        1 Reply Last reply Reply Quote 0
        • C
          covex
          last edited by

          it worked, thanks! now it is about the same speed that i have on my old open bsd box. how stable this snapshot? is it safe to put it in the production environment?

          what about monowall will it be up to the task? i've read that it wont use more then 64mb of memory even under heavy load…

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            The m0n0wall 1.3 branch and the snapshots run on FreeBSD 6.2 and perform from my tests pretty similiar. The pfSense RELENG1 snapshots are only bugfixes of 1.0.1 plus some small usability additions and a few minor new features. They are considered pretty stable though we don't mark them as "stable" yet. See http://pfsense.blogspot.com/2007/01/102-beta-period-will-start-soon-5-9s.html

            1 Reply Last reply Reply Quote 0
            • C
              covex
              last edited by

              thanks! i'll give pfsense a try…
              one more question though.
              i'm not familiar with bsd at all but i know that my old bsd box is setup the way that every time i add new remote location i don't have to do anything on the vpn server, just do settings on remote endpoint.
              is it posible to recreate on pfsense or do i have to setup each tunnel separatly?

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Not sure how this is done in your old config but you at least have to setup identifiers for the remote endpoints when using the mobile clients option.

                1 Reply Last reply Reply Quote 0
                • C
                  covex
                  last edited by

                  here is isakmpd.conf file. will it help?

                  XXXXXXXXX Firewall @ HQ

                  ###  What will  actually connect
                  [Phase 1]
                  XXX.XXX.XXX.XXX =        Ics
                  Default=        Remote_store

                  [Phase 2]
                  Connections=            Hq-ics,Hq-remote

                  Define the gateways

                  [Ics]
                  Phase=                  1
                  Transport=              udp
                  Local-address=          XXX.XXX.XXX.XXX
                  Address=                XXX.XXX.XXX.XXX
                  Configuration=          Default-main-mode
                  Authentication=        xxxxxxxx

                  [Remote_store]
                  Phase=                  1
                  Transport=              udp
                  Local-address=          XXX.XXX.XXX.XXX
                  Configuration=          Default-main-mode
                  Authentication=        xxxxxxxx

                  Define the connection

                  [Hq-ics]
                  Phase=                  2
                  ISAKMP-peer=            Ics
                  Configuration=          Default-quick-mode
                  Local-ID=              Net-hq
                  Remote-ID=              Net-ics

                  [Hq-remote]
                  Phase=                  2
                  ISAKMP-peer=            Remote_store
                  Configuration=          Default-quick-mode
                  Local-ID=              Net-hq
                  Remote-ID=              Net-remote

                  Define the networks

                  [Net-ics]
                  ID-type=                IPV4_ADDR_SUBNET
                  Network=                192.168.2.0
                  Netmask=                255.255.255.0

                  [Net-hq]
                  ID-type=                IPV4_ADDR_SUBNET
                  Network=                192.168.1.0
                  Netmask=                255.255.255.0

                  [Net-remote]
                  ID-type=                IPV4_ADDR_SUBNET
                  Network=                192.168.0.0
                  Netmask=                255.255.0.0

                  Golbal settings

                  [Default-main-mode]
                  DOI=                    IPSEC
                  EXCHANGE_TYPE=          ID_PROT
                  Transforms=            3DES-MD5

                  [Default-quick-mode]
                  DOI=                    IPSEC
                  EXCHANGE_TYPE=          QUICK_MODE
                  Suites=                QM-ESP-3DES-MD5-SUITE

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    Do you use the same identifier for all tunnels? Not sure if this will work with the mobile client option but you can give it a try. See http://pfsense.com/mirror.php?section=tutorials/mobile_ipsec/ for how to set such a scenario up.

                    1 Reply Last reply Reply Quote 0
                    • C
                      covex
                      last edited by

                      am i using identifier??!!  :o ;D

                      1 Reply Last reply Reply Quote 0
                      • C
                        covex
                        last edited by

                        as far as i know this is the only config file i have for all my tunnels.
                        in pfsense it always asks for remote gateway ip, so i guess there is no way to set it up like i wanted  :(

                        1 Reply Last reply Reply Quote 0
                        • H
                          hoba
                          last edited by

                          Try the mobile IPSEC option like I told you before and have a look at the tutorial I posted. You will see that one end just waits for incoming connections without knowing from where the connections are coming from.

                          1 Reply Last reply Reply Quote 0
                          • C
                            covex
                            last edited by

                            hmmm… i tried this tutorial but when i did i must have been smoking a wrong pipe. i see now where i went wrong. i'll try it again tomorrow.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.