Messages

1

17.7 Legacy Series / anyone have ipsec vpn passthru working?

« on: August 18, 2017, 03:42:09 am »

somewhere around 16.7 I lost the ability to use my at&t network client which uses ipsec. do I need to declare that only one IP can do ipsec passthru and forward port(s) there? seems even many cheap routers have checkboxes for enabling ipsec passthru, lt2p passthru, etc....
any advice welcome. thanks in advance!
nrf

2

17.1 Legacy Series / Re: ipsec vpn passthru?

« on: August 17, 2017, 05:12:28 am »

just a thought, if I set up an openvpn service, does that keep ipsec clients from passing thru by interfering with authentication port?

3

17.1 Legacy Series / Re: ipsec vpn passthru?

« on: August 16, 2017, 08:29:10 pm »

thanks for getting back to me. I posted here originally as this is the point at which it stopped working and I had to make alternate arrangements for my work pc. in the past I would have tried some other package but opnsense is otherwise very satisfying to me. whatever was done has 'stuck' as I keep trying from time to time as I upgrade to the newer versions, hoping it would have gotten corrected.

when I attempt to set up the work client it tells me it timed out and I must have a firewall that is dropping udp packets.

(specifically I use the AT&T Global Network Client for vpn and the configuration is for "Managed VPN - IPSec)

4

17.7 Legacy Series / so why no detailed doc on firewall/nat settings?

« on: August 16, 2017, 08:20:18 pm »

As a reference manual, the online document doesn't really satisfy my appetite for understanding and mastering the firewall and its NAT settings. there are even no main sections on this, nor how-to topics. I am trying to understand how it is blocking my work vpn client from getting thru even though port 500 appears to be open, but  I am really asking this question in a more general vein. It seems a great manual would have full reference for every point on the menu tree as all the little 'info' buttons don't qualify as reference material in my mind.

Maybe we are just supposed to know this stuff or refer to documents for the underlying open source components, in which case what would that be for the firewall/nat part?

5

17.1 Legacy Series / Re: ipsec vpn passthru?

« on: August 16, 2017, 05:29:01 am »

bump? no help for this?
I'd like my work computer to have the benefit of this firewall....

6

17.1 Legacy Series / ipsec vpn passthru?

« on: February 28, 2017, 02:57:29 am »

I am happy to now be able to use suricata on my n40L with this release. but in exchange for that benefit, now I cannot use my ipsec vpn client which was working fine on previous release - a daily driver for me. I thought there might be some plugin needed but didn't find any related to passthru. puttering around in the forums I found some comments about nat rules for port 500, and I do have one that seems to come from setting up my openvpn server.

did I miss something in the release notes that I need to enable for ipsec passthru?

thanks in advance for your help.

and as I tweeted, the major upgrade went so well!!!! impressive!!!!

7

16.7 Legacy Series / Re: Upgrading to 16.7, known issues and workarounds

« on: November 30, 2016, 11:05:11 pm »

I just got the 16.7.6 update and still can't keep Intrusion Detection alive. And it seems to have spread to RADVD so now I don't get my ipv6 announcements and thus lost ipv6 to the web.

trying to keep it factual

8

16.7 Legacy Series / so ids is periodically dying with a core dump

« on: August 01, 2016, 03:32:47 pm »

anyone following this? seems I bumped up to 16.7 too soon, should have let others soak it

9

16.7 Legacy Series / diagnosing slowness issues...

« on: July 30, 2016, 03:43:21 am »

so I've had a couple cases of this since stepping up, rebooting didn't help, after the reboot I had to drop and restore the wan interface before it was 'ok'. Unfortunately, I"m not seeing anything on the dashboard turning red to tell me I can't get to the dns servers or there is high latency. And I'm not seeing any troubleshooting guide in the doc.

Ideally I'd like to be able to see response time for dns requests on a per server basis, with something turning red when that stops being timely, I am sure there are other things that could be read out given the router is in a position to observe everything...barring that, troubleshooting tips beyond 'reboot the modem reboot the router hope and pray'?

10

16.7 Legacy Series / Re: [SOLVED] Country Blocks

« on: July 14, 2016, 01:28:13 am »

so a guy has to ask, given that either intrusion prevention or firewall rules can do this, are there any pros/cons to one or the other? importantly, performance differences?

thanks for your participation in this forum!

11

16.7 Legacy Series / Re: [SOLVED] Country Blocks

« on: July 12, 2016, 12:41:47 pm »

thanks for your kind consideration. given it is kind of a one-time thing I will be patient for such an improvement!

12

16.7 Legacy Series / Re: [SOLVED] Country Blocks

« on: July 12, 2016, 03:41:18 am »

nice, but could be more efficient to be able to specify both ipv4 and ipv6 or at least clone/copy one to a new one so that can be tweaked.

just a suggestion from someone who now is making two very long lists and hoping they are the same.
nrf