Lost my Button



  • While editing by box to clean up firewall and nat rule and simplify since I've got the basic setup I need except for Working over the VPN so I can push only the clients I want to the tunnel I found a "problem".

    I was trying to apply Alias's to all the static interfaces I noticed that I no longer have the (+) under Interfaces=Assignments….....Is there a limit to these or am I just plain lostin my add interface button?

    My setup......Internal Port>LAN...........OPT0>WAN......OPT1&OPT2>Bridged........OPT3>DMZ.

    Under Interface > assign tab I am showing the following.

    WAN-vge0 (static ip from provider)
    LAN-vr0 (default ip)
    OPT1>|======Bridge1-vge1(no ip)
    OPT2>|======Bridge2-vge2(no ip)
    DMZ>======vge3 (static ip)
    VPN>==ovpnc1 (no ip, dynamic)
    BRIDGED Network>==Bridged (static ip--for 2 Bridge interfaces, making the bridge)

    Thats it. And no **+**Button

    Problem?????
    Or do I have to delete all but WAN  and LAN and Rules and NAT and VPN etc and completely redo to 1. GET my + button back 2. Prevent weird errors and hangs??? As taking several things out and then rebooting box it hung up on line 50 due to some weird error and I had to restore a XML backup to get it back up.

    Am trying to Redo my VPN connection to allow only certain clients through it, not the whole network….as of now the only way to prevent everyone from going thru vpn is to firewall rule the static interface to the WAN instead of default (VPN on LAN) as everything seems tied to the LAN (and grabs everybody, on all interfaces to the VPN.

    But to do this I need to be able to add a Virtual Interface (as the VPN is Using now and like the Bridge is setup) and tie that to an individual client and push that vI to the LAN or set each client a static ip and use firewall rules to ....Either way got, no Plus button.

    Would like to Have OPT0(WAN-gigabit port), OPT1&2(Bridge+vpn-gigabit ports) selective clients, OPT3(DMZ or Video Stream--gigabit port), OPT4(LAN100mb port--Video Stream, DMZ, or just dedicated Management Access) My Video for 2 TVs has been working fine on the 100mb, but was trying to open up more bandwidth, the DMZ I need for my Home Server--maybe? and AT&T Microcell<--which really could use all ports open as its a touchy witch !)

    I take it I must start basically from scratch?  Idea's?


  • Netgate Administrator

    I think you're probably going about this the wrong way. If you want only certain clients to use the VPN you should check the VPN settings for something that changes the default route when the VPN comes up. Disable that setting and then add firewall rules to send only the rquired clients via the VPN.

    You only see the "+" button when there are unassigned interfaces waiting to be assigned. As soon as you've assigned them all it disappears.

    Steve



  • I think your right…........I know your right, still reading up on this topic. But now I am a port short due to unintentional bridging the LAN to OPT1.......Even with a nice clean image on install I've lost vge2 on my Quad NIc. Pfsense can't see it when it scans for available ports on install....or later in the WebConfig

    When it rains it pours.

    Thanks much.


  • Netgate Administrator

    Hmm, odd. It worked fine before though?
    Anything vge related in the system or boot logs?

    Steve


Log in to reply