Couldn't get LAN to work Dell Dimension
-
Yep, agree with divsys. :)
Your WAN is presumably connected to your existing home router? That is handing out the 192.168.1.22 address but it's overlapping the default LAN address used by pfSense so you need to change the LAN IP to, say, 192.168.10.1/24.
Both your network cards are 100Mbps types so it's very unlikely they support auto-MDIX. Not a problem for the WAN because your router is already wired correctly but to connect your laptop to the LAN side you will need to use either a cross-over cable or a switch.
Steve
-
Thanks for the words of wisdom and encouragement guys!
Just to clarify a few things, I was plugging the pfSense machine into the back of a modem/wifi router device (I keep wifi off on that device). I currently use a wireless router plugged into another one of the ports of that modem/router, and I left that wifi router plugged in and broadcasting. That shouldn't matter, right?
Also, before I find the switch I'd like to clarify the steps…
I need to change the LAN address to 192.168.10.1/24 from the pfSense box directly. I.e, BEFORE I hookup with a switch and laptop, correct? And leave WAN unchanged, correct? Are there any other settings I will need to change when I'm changing the LAN address? What was that thing about HTTP?
My goal for this project is to setup a VPN client on the pfSense box and plug into it a wireless router, set as an access point, to broadcast the VPN through my house. This would be much faster than a VPN-enabled wireless router, right? I live overseas and my speeds are awful. I figure this will speed it up a bit. What do you think?
Thanks for your help!
-
A couple of things…...
First, the typical setups go something like:
_Laptop
/
[ISP Modem/Router] <–> [WAN][[b]pfsense][LAN]<–>[switch]–-Printer(maybe)
\ __Other computers(if needed)
__Wireless Access Point(your wireless router)If at all possible, you want to use pfsense as the first thing between your internet provider and the rest of your network.
You want to plug the pfsense WAN port directly into the ISP router modem. If possible, the best way to setup that modem/router is to disable the router features completely, some vendors describe that as putting the router into "Bridge" mode. That way you're not putting two routers in series, which can be made to work, but is a little more complex (and not usually necessary).Once you have pfsense handling all the access to the internet, it can assign traffic for all the devices on your LAN network. The 2nd wireless router, becomes a simple access point, if you plug it into the LAN side, you don't even need to enable DHCP on it, so pfsense can assign all the network addresses for you.
I need to change the LAN address to 192.168.10.1/24 from the pfSense box directly. I.e, BEFORE I hookup with a switch and laptop, correct? And leave WAN unchanged, correct? Are there any other settings I will need to change when I'm changing the LAN address? What was that thing about HTTP?
Yes, once you change the LAN address from the console (and change the DHCP addresses to match it], you plug the switch in and your LAN port will hand out addresses from the new range.
The HTTP configurator question has to do with whether or not you use HTTP or HTTPS to access the Web GUI on the pfsense box. On the LAN side it doesn't typically matter, but if you open up your WAN to allow external access, you probably want HTTPS. I usually pick some other port than 443 for my HTTPS just to add a small layer of confusion to any external bots patrolling for open sites…..
I would try and get it setup and working for your existing devices (including wireless) first, then try adding on the VPN pieces after you understand how it all should work.
Distributing a VPN access to your devices is definitely doable, but will take more steps after you have the basic setup running.Welcome aboard :)
-
This would be much faster than a VPN-enabled wireless router, right?
Potentially, yes. What sort of bandwidth is your WAN connection? Specialist VPN equipment will have chips for encrytion/decryption in hardware whereas pfSense does it all in software (unless you've added a VPN card).
Steve
-
Hi divsys and stephenw10,
Thanks so much for your excellent posts. That was exactly what I needed to get it up and running. My buddy made me a crossover cable and it worked like a charm after I set the LAN and WAN ports correctly.
And I was able to get an old router flashed with dd-wrt and set up as an access point.
I'm quite pleased, despite the frustrations at first. I must say, it has been highly educational to tinker with this stuff. I went from knowing absolutely nothing, to nearly nothing about networking :)
I'm going to let the setup run until this weekend, see if it's stable, and then attempt step 2– set it up as a VPN client.
Hopefully I'll get a little faster download speeds. Here is a comparison I just did running a test through my current VPN-enabled wireless router, and another through the pfSense box with wireless access point:
VPN-wifi router: 5.15 down; 8.25 up; 248 ping
Pfsense+WAP: 8.82 down; 5.89 up; 238 pingBoth tests were to Freemont, CA from Vietnam, 1 minute apart, both from my iPad. These are more or less in-line with other results I've had over the last day or two. I actually thought there would be a much bigger difference between the two. Perhaps running the VPN client will not speed it up as much as I'd thought. But I've gone this far and I am determined to see this project through.
Any words of wisdom before I try to install the VPN client? I have seen there are already forum posts about it, so I don't mean to bother before I've even started, but if there is a particularly tricky part, I'd love to know.
Thanks again for all your guys help!
-
Glad to hear your up and running, well done ;)
Just a small suggestion (learned the hard way over more than a few installs), login to your pfsense GUI and go to:
Diagnostics->Backup/Restore->Backup/restore and click on the "Download configuration" button
This will prompt you to save your current config.xml file.
Do this.
Do this often.Especially when you're about to make "changes" to a running system. The config.xml lets you easily restore a system back to a known good state. It's really helpful if you have a hardware accident due to flood, fire, or small children ::)
You can reload a box from scratch with the default install and then restore back to your last good config.xml often times faster than trying to correct a string of dubious "changes".
As far as the dedicated VPN setup I'll let wiser heads than mine, there's more than just a few around here (of which stephpenw10 is definitely one 8)) chime in. I've done a fair bit of site to site and road warrior setups, but none with an ISP dedicating VPN. I'm clear on the concepts, but someone else can probably relate their experiences, especially if you mention what ISP you're trying to connect up to.
Welcome aboard, and good luck :)
-
Excellent advice! I will definitely do that before I tinker with anything.
Thanks again!
DW -
Which Dell did you end up using for pfSense?
The Pentium4 and PentiumD have very similar single thread performance. Neither is very fast but both should be able to push >10Mbps of VPN traffic. Check the CPU loading when you are testing to see if it's causing problem. Often the bottleneck with those types of connections is the remote VPN service.Steve
-
I ultimately chose the 8300 for pfSense. If I'm able to get the VPN client to work, I'll let you know how much it (seemingly) slows it down. After my first few tests through the local Vietnamese network vs. through the VPN-ready wifi router, I'm starting to think it's not going to make much of a difference at all. I think my problem is probably that the Vietnamese internet provider is throttling my connection to servers outside Vietnam. Is there any definitive test to prove they are doing that?
And I'll look at CPU loading as you suggested.
My plan for the 9100 is to load a media server called Amahi onto that box. Any know issues with Amahi and pfSense working together?
Thanks again guys! The support is awesome!
DW
-
I've never used Amahi so I can't help you there but I wouldn't anticipate any issues. The most CPU intensive task out of everything you've mentioned (Amahi and pfSense) is going to be the VPN termination. The 9100 would probably have been better used for pfSense. You may find there's no problem though.
Steve
-
@DW - been there in Vietnam virtually working on a project a few years ago where we had subcontracted your excellent plane mechanics for some work. My pieces involved connectivity to your airplane mechanics instruction guides. I "sort of owned the database of the instruction manuals". I did too travel to various locations to speak with mechanics all over the place; much fun. Never did get to your country due to my time constraints; even though I was there virtually.
Is there any definitive test to prove they are doing that?
Not sure if DiffProbe will help; but giving it a try is non invasive.
I have used it here in the Midwest, US near Chicago with my ISP / Internet Service Provider when I switched from a Docsis 2.0 to a Docsis 3.0 modem. I own the modem but have a limited read access to it and do see the multiple channel bonding going on with the Docsis 3.0 cable modem. Curious what type of modem you are using to the internet there?
DiffProbe Shaper Module: Detecting ISP Traffic Rate-Limiting
The goal of DiffProbe is to detect if an ISP is classifying certain kinds of traffic as "low priority", providing different levels of service for them. DiffProbe actively (and non-intrusively) probes the network path and tries to diagnose the nature and extent of traffic discrimination. This page presents a module of DiffProbe, called ShaperProbe. ShaperProbe tries to answer the question:
Is the ISP shaping my traffic? In other words, is my "connection speed" dropped automatically to a low rate after some time?
We detect traffic shaping, which means that the customer gets a large rate for a certain number of bytes, and then the rate is dropped automatically to a lower value. If a user gets rate limited for certain time periods, he/she can detect that observing the capacity estimates given by ShaperProbe.DiffProbe's ShaperProbe makes use of the Measurement Lab (M-Lab) research platform. To learn more, go here. In order to advance network research, all collected data will be made publicly accessible.
Here is an example generic output; not taken from any particular ISP:.
$ ./prober
DiffProbe alpha release. April 2009.
Shaper Detection Module.Connected to server 123.231.123.231.
Estimating capacity:
Upstream: 10800.39 Kbps.
Downstream: 37127.07 Kbps.Checking for traffic shapers:
Upstream: Burst size: 5402 KB; Shaping rate: 1008.00 Kbps.sending measurement data to server..done.
Downstream: No shaper detected.For more information, visit: http://www.cc.gatech.edu/~partha/diffprobe
You can find it here: (works with Wintel, MAC, Linux and FreeBSD)
http://netinfer.com/diffprobe/shaperprobe.html
And I was able to get an old router flashed with dd-wrt and set up as an access point.
I am currently utilizing a "dd-wrt'd" Linksys WRT-54GL and a Buffalo WRT-HP-G54 at one place and did notice that the DD-WRT QOS did mess a bit with the throughput. I recently burned up the RF pieces of the Linksys router pushing on it a bit; that said replaced it with same. (it had been running 24/7 for some 6 years). The Linksys is bridged to another router which is connected to a fiber Verizon connection.
In the midwest utilizing an Ubiquiti AP; nice little device; works well and reasonably priced.
Relating to the WAN and DHCP connection and wondering about your modem….here the Docsis 3 modem gets sticky with the WAN MAC address such that switching the WAN link from the DD-WRT modem to the PFSense WAN link would probably do stuff. You can just spoof the DD-WRT WAN MAC address on the PFSense box such that it matches your DD-WRT box. I've been doing similiar here playing with PFSense 2.1.3 and 2.2 Alpha with same MAC address.
Typically to shutting down the modem and restarting it will look at the request for DHCP and see it coming from a new MAC and just give you a new WAN DHCP address.
-
Hi Pete and Steve,
Thanks for your replies. I will give DiffProbe a gander when I have a chance. Thanks for the tip about that. I've also mentioned it to my buddy who is much better educated on networking. We will let you know if it tells us anything.
Unfortunately, I spent the better part of last weekend trying to get a StrongVPN client working. So far, no luck. Had to do a complete factory reset at one point, started over and tried all the various tutorials in the forum as well as links to other directions. I'll post in the existing thread on that topic. If you guys may be of help, I'd appreciate the input.
@ Steve, I was able to get Amahi working. I successfully turned off DHCP server on the pfSense box and gave that job to the Amahi box.
Thanks again guys for sharing the wisdom!
DW