"This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
18.1 Legacy Series / Oddity with vpn and default LAN subnet
February 01, 2018, 09:04:19 PM
I have LAN subnet of 10.0.0.1/24 and it seems to collide with 10.129.0.0/16 which is transfer network of VPN from the vpn-provider before it reaches internet. When looking in firewall log it thinks the stuff coming in from openvpn on 10.129.*.* is coming in on LAN. Any ideas?
Here is status of routes...
ipv4 10.0.0.1 link#1 UHS 0 16384 lo0
ipv4 10.129.0.0/16 10.129.0.1 UGS 0 1500 ovpnc2 OVPN_DHCP
ipv4 10.129.0.1 link#9 UH 0 1500 ovpnc2 OVPN_DHCP
ipv4 10.129.113.134 link#9 UHS 0 16384 lo0
And here is example log of icoming connection from internet via OpenVPN
lan Feb 1 21:16:34 31.11.121.72:55093 10.0.0.20:6112 tcp let out anything from firewall host itself
Here is status of routes...
ipv4 10.0.0.1 link#1 UHS 0 16384 lo0
ipv4 10.129.0.0/16 10.129.0.1 UGS 0 1500 ovpnc2 OVPN_DHCP
ipv4 10.129.0.1 link#9 UH 0 1500 ovpnc2 OVPN_DHCP
ipv4 10.129.113.134 link#9 UHS 0 16384 lo0
And here is example log of icoming connection from internet via OpenVPN
lan Feb 1 21:16:34 31.11.121.72:55093 10.0.0.20:6112 tcp let out anything from firewall host itself
#3
17.7 Legacy Series / Advanced VPN settings for Mac OS X
January 15, 2018, 07:05:50 PM
Is it possible to somehow specify options not visible in the gui?
Like this....
https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients
Split-DNS can be implemented for iOS 10.3.1 and newer with the INTERNAL_DNS_DOMAIN attribute and the INTERNAL_IP4_DNS or INTERNAL_IP6_DNS attributes.
Support for MAC OSX isn't known at the moment.
For older versions, all traffic has to be tunneled (full-tunnel).
However, the latter doesn't work for any application, because none honor scoped DNS servers. A magic number for the INTERNAL_DNS_DOMAIN has been assigned by IANA and is supported by iOS 10.3.1 and newer.
Alternatively, the the DNS domains can be supplied in the client configuration.
Assigning DNS servers without full-tunnel can only be achieved by sending an INTERNAL_DNS_DOMAIN to the responder (for iOS 10.3.1 and nwer) or
by supplying it in the client configuration.
Like this....
https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients
Split-DNS can be implemented for iOS 10.3.1 and newer with the INTERNAL_DNS_DOMAIN attribute and the INTERNAL_IP4_DNS or INTERNAL_IP6_DNS attributes.
Support for MAC OSX isn't known at the moment.
For older versions, all traffic has to be tunneled (full-tunnel).
However, the latter doesn't work for any application, because none honor scoped DNS servers. A magic number for the INTERNAL_DNS_DOMAIN has been assigned by IANA and is supported by iOS 10.3.1 and newer.
Alternatively, the the DNS domains can be supplied in the client configuration.
Assigning DNS servers without full-tunnel can only be achieved by sending an INTERNAL_DNS_DOMAIN to the responder (for iOS 10.3.1 and nwer) or
by supplying it in the client configuration.
#4
17.1 Legacy Series / Block connections from LAN to WAN allow only from LAN to VPN.
February 28, 2017, 01:33:23 PM
Is it possible to block all connections LAN to WAN and only allow from LAN to VPN for certain LAN-ip-clients?
#5
16.7 Legacy Series / Schedules not working
December 28, 2016, 05:16:19 PM
I run the newest build of 16.7 (11 I think).
I added a schedule and attached it to a floating rule, the is not enabled or disabled and traffic still floats. If I toggle enable/disable manualy it works. Do I need to do anything more to get it running? Any logs to look in?
Should the enable/disable change when schedule is used?
I added a schedule and attached it to a floating rule, the is not enabled or disabled and traffic still floats. If I toggle enable/disable manualy it works. Do I need to do anything more to get it running? Any logs to look in?
Should the enable/disable change when schedule is used?
#6
16.7 Legacy Series / Turn rule on/off by remotecomputer cli or api
November 28, 2016, 02:25:44 PM
Hello,
I searched forums and found out that I cannot use the API to turn off a specific rule. Can I use SSH or directly via some kind of weburl/post or whats my options?
I want to setup a simple webpage for my wife to be able to shut internet off for the kids so they can go to bed ;)
I searched forums and found out that I cannot use the API to turn off a specific rule. Can I use SSH or directly via some kind of weburl/post or whats my options?
I want to setup a simple webpage for my wife to be able to shut internet off for the kids so they can go to bed ;)
Pages1
