Are these two issues going to be resolved in 2.0?
-
http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F
We use Apple Remote Desktop and it fails over PFSense IPSec VPN due to this. We can use the VNC aspect of ARD, but everything else fails. We don't have 100% of our clients on PFSense, so switching to OpenVPN for everything isn't possible at this time.
And this:
http://doc.pfsense.org/index.php/What_are_the_limitations_of_PPTP_in_pfSense%3F
Kind of a pain to keep re-enabling PPTP and then disabling it again.
-
The second one should not be anymore an issue.
For the first if you really need it put some effort behind it.
-
I'm up for putting effort in, but I'm an idiot and cannot program to save my life.
Sorry if my post sounded snarky btw.
-
well put funding behind it.
The knowledge required in coding might be quite high. -
Ermal,
Are you saying that the PPTP limitations have been resolved or will be resolved before the release of 2.0?
Roy…
-
They are confirmed fixed and now pptp is not anymore an issue in 2.0.
-
I can confirm the second issue is now solved! YES!
-
It's possible to get issue one resolved so it works properly in version 2 beta right now. If you go to System->Routing, add a gateway on the LAN Interface with a Gateway and Monitor IP of the LAN IP address of pfSense. Then, go to the Routes tab, and add a new route where the Destination network is the subnet of the remote network that you are trying to access pfSense from over IPsec, and the Gateway is the LAN gateway you just created. Once you save this, you should be able to access services on pfSense itself from over the IPsec tunnel, assuming firewall rules on the IPsec interface allow it. I have this working myself. It's a slight modification of the steps given at the link you provided to the Wiki with the description of the problem, since the UI changed a bit in pfSense 2.
-
@ermal:
They are confirmed fixed and now pptp is not anymore an issue in 2.0.
Excellent!!! I've been holding of switching my customers from m0n0wall to pfsense because of the PPTP limitations. Would be glad to donate some dollars to the person who resolved this issue or to the project.
Roy…
-
Well I resolved teh issue and you can get a support subscription which helps both me and teh project.
You can even get a direct donation to me if you like. -
Ermal,
I routinely donate to the project so if you PM me your contact info I'll send you a check directly.
Thanks for all your hard work on this !!!
Roy…
-
Ermal, paypal payment on the way.
rugby, sorry for hijacking your thread.
Roy…
-
Thanks for the support.
-
Ermal, paypal payment on the way.
rugby, sorry for hijacking your thread.
Roy…
No worries, I'm sending some $$$ as well. I just loaded 2.0 on my home test box and the PPTP bug is definitely fixed!
-
It's possible to get issue one resolved so it works properly in version 2 beta right now. If you go to System->Routing, add a gateway on the LAN Interface with a Gateway and Monitor IP of the LAN IP address of pfSense. Then, go to the Routes tab, and add a new route where the Destination network is the subnet of the remote network that you are trying to access pfSense from over IPsec, and the Gateway is the LAN gateway you just created. Once you save this, you should be able to access services on pfSense itself from over the IPsec tunnel, assuming firewall rules on the IPsec interface allow it. I have this working myself. It's a slight modification of the steps given at the link you provided to the Wiki with the description of the problem, since the UI changed a bit in pfSense 2.
David,
I can access the resources just fine from the remote PFSense router (or at least as well as I want to), the issue lies with Apple Remote Desktop and not being able to remotely administer machines. With a PFSense->SG300 IPSec tunnel I can administer them just fine, with a PFSense->PFSense tunnel I cannot. I did get an OpenVPN tunnel setup at one point and that works well, but that doesn't work with some of our clients' firewalls.