Welcome, Guest. Please login or register.

Recent Posts

Pages: [1] 2 3 ... 10
1
Feature Requests / Re: Multiple Phase 2 Entries for IPSec Tunnels
« Last post by andywhite on April 07, 2021, 11:56:46 AM »
Hi,  Is there a link to the diagram ?  I can't understand the request without it I think
2
Feature Requests / Multiple Phase 2 Entries for IPSec Tunnels
« Last post by tuaris on March 22, 2021, 06:51:54 PM »
In case the title isn't self explanatory, this allows you to use IPsec with multiple subnets.  The diagram below explains this.

Without another phase 2 entry, hosts 192.168.7.123 and 10.8.8.2 are unable to communicate with each other.  Unless there was a way to tell t1n1wall to route traffic from 192.168.7.0/24 to 10.8.8.0/24 over the existing IPSec tunnel (which there isn't and static routes don't work). 

Additionally, some have suggested to create a 3rd IPSec tunnel using the same keys and endpoints, but with different subnets.  That doesn't work either.  It results in only one of the two tunnels working.



The correct solution is the create a second phase 2 entry for the existing IPSec tunnel.
3
Feature Requests / Re: Support creating generic tunnel interface (GIF)
« Last post by tuaris on March 22, 2021, 06:24:46 PM »
Ah, thanks.  I didn't realize this was already possible.
4
Feature Requests / Re: Support creating generic tunnel interface (GIF)
« Last post by andywhite on January 31, 2021, 08:18:04 PM »
Hi !

There is support already there , carried over from m0n0wall days, for an ipv6 tunnel. 

Once ipv6 is enabled (in the system settings), the wan interface will show options for using a tunnel endpoint for ipv6
5
Feature Requests / Support creating generic tunnel interface (GIF)
« Last post by tuaris on January 17, 2021, 02:26:45 PM »
This is a feature request to support creating a generic tunnel interface:
https://www.freebsd.org/cgi/man.cgi?query=gif

A use case example is with https://tunnelbroker.net.  The tunnel would be created as follows on a FreeBSD system

Code: [Select]
ifconfig gif0 create
ifconfig gif0 tunnel $IPv4_address_of_Firewall WAN interface $IPv4_address_of_remote_tunnel_server
ifconfig gif0 inet6 $assigned_IPV6_client_address $assigned_IPV6_endpoint_address prefixlen $given_prefixlen
route -n add -inet6 default $assigned_IPV6_endpoint_address
ifconfig gif0 up

The GUI/form to create this interface would probably be a new tab under Interfaces with a page name like interfaces_gif.php.  The form would prompt for the variables above:

Code: [Select]
$IPv4_address_of_Firewall = get_ip_of_wan_inet();
$IPv4_address_of_remote_tunnel_server= "x.x.x.x";
$assigned_IPV6_client_address = "x:x:x:x::x";
$assigned_IPV6_endpoint_address = "x:x:x:x::x";
$given_prefixlen = 128;

Afterwards a new interface should be present on the firewall, and the firewall has IPv6 connectivity.  The part I'm unsure of how to do (since I haven't experimented with dual stack yet, is how to configure the firewall to use dual stack to 1) provide cleints with IPv6 addresses, and 2) route IPv6 client packets over the GRE tunnel.
6
Installation / Re: restore config
« Last post by andywhite on June 15, 2020, 09:13:24 AM »
Hi, 

Sounds like a firewall rule that worked with ipfilter, but not pf.  can you send DM output of /status.php to me ?

Thanks
7
Installation / restore config
« Last post by RobbanG on June 15, 2020, 04:55:55 AM »
I need help with my new APU3C4 i can login when its newly installed but as soon as i load an old config from smallwall or t1n1wall i cant get any ip or cant access webinterface.
but if i disable pf i get an ip and i can access webinterface.
But same occur if i reboot.
8
VPN / Firewall Rules for PPTP VPN clients
« Last post by tuaris on October 19, 2019, 10:06:19 AM »
I already have the default rule in place to allow PPTP clients to access hosts on the remote network (LAN).  No issue when a PPTP VPN client makes an outbound connection to a host on the LAN.



The hosts on the LAN are unable to make outbound connections to (or ping) any of the VPN clients.  Additionally, VPN clients are unable to communicate with each other.
What additional firewall rules do I need to add?

This is what my LAN rules currently are:

9
General Questions / Re: DNSSEC Problem?
« Last post by hb2000 on September 19, 2019, 11:20:18 AM »
the new images are working and DNSSEC is working great too.  Thanks!
10
General Questions / Re: DNSSEC Problem?
« Last post by andywhite on September 18, 2019, 11:21:48 PM »
i have re-uploaded the images, something seems to have gone wrong last time, corrupting the images.
Pages: [1] 2 3 ... 10