PPTP/L2TP on interfaces
-
well, then I guess it's fine (it should allow from any to Exchange on any port -TCP/UDP) on OPT1 interface.
what's with the LAN port? Do u mean the LAN interface?Yea i mean lan interface
-
so how come you're accessing web gui through 230.7?
-
firewall rules SS
-
so how come you're accessing web gui through 230.7?
funny me :-)
iwas wrong im on 230.7 :-)230.5 is connected using the same MODEM but in dial up gets a different IP
because i want the exchange to use different external IP than the office computers
-
let me get this straight, u have 230.5 and 230.7 both on the same machine, just as different interfaces? same subnet? are they bridged? i'm not sure u can do that.
-
let me get this straight, u have 230.5 and 230.7 both on the same machine, just as different interfaces? same subnet? are they bridged? i'm not sure u can do that.
it's irrelevent to the problem but ill try to explain what i did.
i have 2 machines 2 different machines.
i have 2 ISP users from the ISP (2 Public Ip's Perminent) and 1 Cable Modem so i put a hub after the modem and both pfsense (230.5, 230.7) Dials Differently and recive each own Ip.
230.5 will serve the offices while 230.7 will be for exchange use only. -
i see, nice thinking ;)
i'm asking because everything seems fine, so i'm looking for other things that could go wrong.
i only got 2 things on my mind:
1. is it actually possible to port forward several port via alias? i've never done that. maybe u should try just one port for now.
2. i hope u remembered to change the gateway on the exchange. -
the gateway for the exchange server is correclly something else a Fortigate router 230.2 which will go down in few days because we left the ADSL provider
im still keeping it like this because the pfsense wont deliver mails
-
omg you accually right ! i switched the gateway for the exchange server and it works !
why it is rellevent ? the exchange delivers information to the pfsense on the local network why it should use the gateway to trasnfer it ? -
because otherwise the exchange will send the reply to the fortigate router instead and it will never reach the original source on the internet. and it doesn't deliver the information to the pfsense - it tries to deliver to the outside.
-
great you helped me alot :-)
second thing that im considering is insted of using 2 ISP Users and 2 pfsense's my ISP can Give me virtualIP Pool i know how to configure it im the fortigate but how do i do it in pfsense over the L2TP dialup ? -
as far as I know you just configure it as virtual IPs.
http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F -
I've got very strange behavior: I've got L2TP over DHCP, sometimes "Connect/disconnect" button disappears after reboot. Now I've got snapshot built on 21 april. And the second strange behavior: after disappearing "Connect/disconnect" button MAC-address is always 00:00:….00 (on WAN(L2TP) page I've entered MAC-address). Any suggestions?
-
@roi: yes.
Here's how you do it:1. After installing pfSense connect by SSH or from the console choose 12) pfSense Developer Shell.
Type: playback gitsync. After it finishes installing all the needed packages type http://gitweb.pfsense.org/pfsense/gnhb-clone.git and answer yes to all questions or just press enter. Reboot.
After that you may also want to go to System->Firmware and add this link permanently (this section will be shown only after the first gitsync and reboot). This way it will sync after every upgrade.I did this way back when…
...should this still be in there now, or with RC3 etc. out, is this superfluous now?
What do/don't I get if I continue having this git-sync link in my settings? -
All I can tell you is that I upgraded from RC1 to RC3 with this link saved in the "firmware" section and I still have the PPTP/L2TP dialer.
-
All I can tell you is that I upgraded from RC1 to RC3 with this link saved in the "firmware" section and I still have the PPTP/L2TP dialer.
Maybe I have to rephrase the question :)
a) who maintains that repository?
b) what are the diffs against the main branch?
c) what policies are there to integrate them with the main branch?
d) etc.In short, what's the relationship between this and the regular releases, update policies, active maintenance, feeding back of patches, etc.
Basically, if there's something that requires this to work, it really should get folded into the regular release in a timely manner, so why would this be required in the long haul?
-
actually, those really are valid questions.
I only know the answer to the first one, gnhb maintains it.but I'd really like to know the answers to others too.
-
I was able to get the PPTP connection working without modifying any code. Using the latest build (7/22/11), I set the WAN to PPTP, created an OPT1 interface (set to DCHP and based on the WAN interface) and rebooted. The combo was able to connect right away. The only thing I can't see immediately is whether the setup is using the VPN1411 card. (The card was working in an earlier setup using an OpenVPN connection.)
I was expecting it to be a bit more complicated.
Thanks for your good work.
-
I can add a bit of information I gleamed from another thread, plus some personal observation:
The git repository in question doesn't seem to be in sync with what's going on right now, because if the gitsync is enabled, the OS version always reads RC1, without the gitsync, it properly shows RC3.
So it seems it's somewhere stuck in the RC1 time frame. So either the changes have been propagated and are part of RC2++, or the bugs have independently fixed, or the bugs are still there, but in either case doing the gitsync puts you in a time warp and prevents your system from properly updating to a more current code base.
So for now, I disabled it, because at this moment, I don't have the need to deal with PPTP/L2TP since my future direction likely is going to involve OpenVPN. If things change, and I run into problems, I'll try again with this, but for now, it's more important to me to be on the most current release.
-
I was able to get the PPTP connection working without modifying any code. Using the latest build (7/22/11), I set the WAN to PPTP, created an OPT1 interface (set to DCHP and based on the WAN interface) and rebooted.
…Pls, step by step