Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 5 6 [7] 8

Author Topic: Ronski's Pfsense router build  (Read 10179 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #90 on: February 01, 2017, 01:23:49 PM »

Time is short in the morning, so just didn't have time look into things and work out how, and of course the others needed broadband access whilst I'm at work.

I'll have a look at the logs tonight.
Logged

Chunkers

  • Reg Member
  • ***
  • Posts: 327
  • Brick Wall head-banger
Re: Ronski's Pfsense router build
« Reply #91 on: February 01, 2017, 06:52:14 PM »

System had been up for 29 days.

grrrr, only 29 days?  lol

Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #92 on: February 01, 2017, 08:20:56 PM »

the answer was to not reboot and login to the terminal.  Then you can find if some sort of process was hung or just chewing up extra cpu, now that you have already rebooted its harder.  But you can check all the logs to see if anything stands out.

Well looking at the logs tonight I can't see anything untoward*, I suppose http://192.168.0.1/status.php#Processes would have come in very useful this morning.

I have notice (some time ago) my swap file has disappeared, I realise this is unrelated.

*I can see hundreds of these errors bad name in /var/dhcpd/var/db/dhcpd.leases which I think relates to one of my devices which has a host name with () in it, I've no way to change the host name, so not sure how to get aground that - I have posted on a thread on the pfSense forums so I'll see what they suggest.
Logged

displaced

  • Reg Member
  • ***
  • Posts: 119
Re: Ronski's Pfsense router build
« Reply #93 on: February 05, 2017, 10:26:29 PM »

I think a possible solution for the device with the dodgy hostname would be to create a static DHCP entry for it. 

From my tinkering with pfSense, the option's under Services > DHCP Server > DHCP Static Mappings for this Interface.

It should be enough to provide the MAC address of the device and a new hostname.  If you don't provide an IP address for the mapping, one will be allocated as normal from the pool.  Everything else can be left empty.  You're simply telling the DHCP server to override the hostname.
Logged
Vodafone Landline+FTTC: Huawei HG612 modem, pfSense router, AirPort access points. Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #94 on: February 06, 2017, 06:00:22 AM »

Thanks Displaced, I did try that exactly as you suggest but it didn't work.
Logged

displaced

  • Reg Member
  • ***
  • Posts: 119
Re: Ronski's Pfsense router build
« Reply #95 on: February 06, 2017, 03:54:49 PM »

Don't give up just yet!  The dhcpd.leases file is a little odd.  It's not just a record of the current state of the leases -- it's sort of a historic journal.  So it could be that your settings change has resolved the issue, but there are still old records in the file which contain the previous bad hostname.

Might be worth trying to clear the leases -- I can't get to my pfSense installation right now, but I'd presume there'll be an option somewhere to clear the file.

Chris
Logged
Vodafone Landline+FTTC: Huawei HG612 modem, pfSense router, AirPort access points. Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #96 on: February 06, 2017, 08:14:56 PM »

My static mapping is still there, I did delete the lease (I no longer have that option), and also restarted the service but alas made no difference.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #97 on: May 30, 2017, 08:36:20 PM »

I've been playing around with PFsense again this week, I've had a VPN setup for some time on my Windows Home Server 2011. Whilst Windows laptops connect fine I could not get my Android devices to connect, something to do with GRE I believe, which I couldn't understand.

So I decided to setup Open VPN, I looked around for a guide that seemed to make sense to me and found this.

https://chubbable.com/setup-openvpn-pfsense

Which I followed, and after a bit of trial and error I can finally get my Android phone to connect to my home network through OpenVPN.

But when I turn on tethering on my phone, other devices such as my tablet don't seem to get an IP address, so never connect and I get an error message saying "AP currently not in use.  internet connection slow", then it says failed to obtain an IP address. Any idea how to resolve this?

Also having followed the setup guide my phone gets an IP of 10.0.1.2, how can I set it up so that I appear to be on my internal network via the VPN. Not sure if I should just change that to my normal subnet.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #98 on: May 31, 2017, 02:21:33 PM »

It seems there is a known bug in Android that stops tethering from working when using OpenVPN.

So I've tried IPSEC using the guides below.

https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel#Allow_IPsec_traffic_through_the_firewall

I can connect, but get no internet access on my phone, also my phone's IP address stays the same, which seems odd.
Logged

Dray

  • Kitizen
  • ****
  • Posts: 2348
Re: Ronski's Pfsense router build
« Reply #99 on: May 31, 2017, 02:35:48 PM »

There's nothing wrong with that IP address - I believe it has to be outside your LAN for the routing to work.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5031
Re: Ronski's Pfsense router build
« Reply #100 on: May 31, 2017, 07:06:16 PM »

Seems you have done it in an odd way ronski.

The documention for using openvpn on pfsense is a bit confusing and even incomplete.

I cannot remember the exact steps I carried out but mine is setup something like this.

1 - The pfsense unit is the VPN endpoint. So everything LAN/NAT side is same as before.
2 - The VPN is always connected, I actually have 2 VPN's always connected right now.
3 - The routing to the VPN is carried out using firewall rules, so the src ip is the LAN ip of the device and then you route it via the VPN interface.
4 - Each VPN has a gateway device configured in the routing section of pfsense, so I have OPT1 and OPT2 interfaces assigned to my VPN's, these need to be setup so you can route via the firewall.

This basically means your lan device has the same config as before, it will have the same LAN ip address and still have the pfsense unit set as its gateway, so this shouldnt break android phones.

I can change routing for devices etc. on the fly simply by adjusting my firewall rules, I cannot document this soon tho as I got other stuff to work on sadly, but if you still stuck in a few weeks I will try to document what I did.

Also I can ping VPN's from any device e.g. this is a VPN I have hosted in america.

Code: [Select]
C:\Windows\system32>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=97ms TTL=63
Reply from 192.168.0.1: bytes=32 time=96ms TTL=63
Reply from 192.168.0.1: bytes=32 time=96ms TTL=63

It was definitely a more complicated process to set all this up on my pfsense unit than say asuswrt, but its also a more powerful setup.
« Last Edit: May 31, 2017, 07:10:00 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #101 on: May 31, 2017, 08:07:34 PM »

Seems you have done it in an odd way ronski.

Probably because I don't have much clue as to what I'm doing, there are so many options, and not many explanations that make sense.

All I want to be able to achieve is to VPN in securely with my phone, and then tether other devices to my phone, allowing access to the internet via my home connection and local resources such as my TV Server.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20344
  • Over the Rainbow
    • The ELRepo Project
Re: Ronski's Pfsense router build
« Reply #102 on: May 31, 2017, 08:58:50 PM »

Surely there needs to be two ends for a VPN?  :-\

If you are defining your Pfsense router to be one end, then where is the other end?  ???
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2351
Re: Ronski's Pfsense router build
« Reply #103 on: May 31, 2017, 09:10:19 PM »

The other end in this case is my mobile phone, wherever that may be in the world.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20344
  • Over the Rainbow
    • The ELRepo Project
Re: Ronski's Pfsense router build
« Reply #104 on: May 31, 2017, 10:01:31 PM »

Right, got that.  :)

Now I need to let it ferment . . .
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.
Pages: 1 ... 5 6 [7] 8
 

anything