User Panel
User Panel
User Panel
|
Posted: 12/30/2014 12:18:33 AM EDT
[#1]
sounds like you want something like an untangle router.
http://www.untangle.com/ |
|
|
|
Posted: 12/30/2014 12:43:33 AM EDT
[#2]
Quote HistoryQuoted:
sounds like you want something like an untangle router. http://www.untangle.com/ +1. If someone really wants to get into your home network, They will. |
|
|
|
Posted: 12/30/2014 1:14:01 AM EDT
[#3]
Quote HistoryQuoted:
+1. If someone really wants to get into your home network, They will. Quote HistoryQuoted:
Quoted:
sounds like you want something like an untangle router. http://www.untangle.com/ +1. If someone really wants to get into your home network, They will. Hmmm. No AMD or Intel gear laying around, but I could look into building a mini-ITX box. The CPU/motherboard sets look fairly cheap. I could throw on the free package. I normally use >$100 ARM SBCs if possible. The $1100 appliance is not in the budget... I'll give this a look if nothing else sounds better. Thanks for the info. As far as the statement in bold, I say it all of the time to people, so I understand and agree. 
|
|
|
|
Posted: 12/30/2014 3:25:12 AM EDT
[#4]
You want to do this right?
Server VLAN, Workstation VLAN, VLAN for DMZ all with ACLs RADIUS server for authenticating devices on the LAN tied to the ACLs RADIUS for wifi access, with certificate based encryption Active directory domain, with kerberos and a full CA Full patch management, centrally managed AV/AM/AS GPOs enforcing hardening on all workstations IPS/IDS, probably Snort plus maybe something else. Gateway AV as well. That would be what we in the industry refer to as "A good start" |
|
|
|
Posted: 12/30/2014 10:10:20 AM EDT
[#5]
Quote HistoryQuoted:
You want to do this right? Server VLAN, Workstation VLAN, VLAN for DMZ all with ACLs RADIUS server for authenticating devices on the LAN tied to the ACLs RADIUS for wifi access, with certificate based encryption Active directory domain, with kerberos and a full CA Full patch management, centrally managed AV/AM/AS GPOs enforcing hardening on all workstations , probably Snort plus maybe something else. Gateway AV as well. That would be what we in the industry refer to as "A good start" I'll research RADIUS servers. This could happen. I'll have to look at OS support, as I have a hodge podge of devices that will be connecting, including linux, Windows 8.1 home, android, and IOS machines, as well as a PS3 and smart tv. Domain running AD doesn't seem to be in the cards. My Windows clients are "home" versions that cannot authenticate to the network , plus I do not have a copy of Windows Server above 2003, which is close to end of life.  I've built AD domains, in the past, and would love to do this, but I don't feel like spending $400+ of my budget on Windows software, plus the hardware needed. I know Linux supports LDAP, but I would assume that I would still be held back by my Windows machines.
What am I missing on these two, besides money?  Is a RADIUS server still valuable if I'm not running AD?
VLANs could happen. I'll look at what current capabilities I have through my routers. What is the basics on VLANs, as far as interconnectivity and routing? Do you have a good resource? |
|
|
|
Posted: 12/30/2014 10:25:40 AM EDT
[#6]
Might want to look into trying openBSD.
|
|
|
|
Posted: 12/30/2014 10:55:47 AM EDT
[#7]
you don't need a brand new computer, any old computer from preferably the cor2 duo age/ amd athlon II will do. it just needs 2 gigs of ram, 2 nics, and 80gb of hdd. im sure you could find a craigslist or even one of those refurbished office computers.
something like this and add another nic http://www.newegg.com/Product/Product.aspx?Item=N82E16883266495 |
|
|
|
Posted: 12/30/2014 12:24:08 PM EDT
[#8]
Build a Linux box and throw pf on it. It'll do literally everything you need it to do.
|
|
|
|
Posted: 12/30/2014 5:22:22 PM EDT
[#9]
I'm looking at both untangle and pf (pfsense). So far, pfsense seems to be the easiest on system requirements...
Still looking in to the hardware. I've seen some refurbs that would work, and I'm also looking at Atom-based systems that are >$200. ARM is a no-go for both of the packages. Thanks for the input. LAMP server is in the works, and I'm looking at rededicating my RPi to a flight tracker, for the time being. I also have another board, an ODRIOD, incoming. It ships today. 
|
|
|
|
Posted: 12/30/2014 5:33:21 PM EDT
[#10]
the cpu overhead for pf is minimal. I can pull a real-world example here in a sec if you want...
|
|
|
|
Posted: 12/30/2014 5:35:56 PM EDT
[#11]
Hopped onto one of our pf boxes functioning as NAT and basic firewall and default gw for two dozen or so VLANs with probably a /20 of private space across those dozen:
last pid: 36399; load averages: 0.90, 0.81, 0.81 up 96+01:53:36 14:35:13 37 processes: 1 running, 36 sleeping CPU: 0.2% user, 0.0% nice, 0.4% system, 9.8% interrupt, 89.5% idle Mem: 22M Active, 22M Inact, 5923M Wired, 5898M Free ARC: 3946M Total, 582M MFU, 2568M MRU, 528K Anon, 171M Header, 625M Other Swap: 4096M Total, 4096M Free It's a 16 core AMD machine but to scale, a Pentium 4 with a gig of memory should be more than enough for a home PF box. |
|
|
|
Posted: 12/30/2014 9:20:34 PM EDT
[#12]
I'll definitely be running OpenVPN as well, although there will likely be only one connection at a time. We're talking about a home network, so maybe 20-25 IPs when I'm done. I'm also thinking about a RADIUS server. I liked that idea.
Still think a P4 with 2 GB will work? Also, is there a difference between pf and pfsense, or are they the same thing? |
|
|
|
Posted: 12/30/2014 9:33:01 PM EDT
[#13]
Quote HistoryQuoted:
I'll definitely be running OpenVPN as well, although there will likely be only one connection at a time. We're talking about a home network, so maybe 20-25 IPs when I'm done. I'm also thinking about a RADIUS server. I liked that idea. Still think a P4 with 2 GB will work? Also, is there a difference between pf and pfsense, or are they the same thing? imo yes it should be heres my opinion go next generation to the core 2, mainly for power usage and heat output. |
|
|
|
Posted: 12/31/2014 12:14:42 AM EDT
[#14]
Quote HistoryQuoted:
you don't need a brand new computer, any old computer from preferably the cor2 duo age/ amd athlon II will do. it just needs 2 gigs of ram, 2 nics, and 80gb of hdd. im sure you could find a craigslist or even one of those refurbished office computers. something like this and add another nic http://www.newegg.com/Product/Product.aspx?Item=N82E16883266495 Does that box even have an extra slot for a NIC? Also from the comments at new egg it may not have a NIC already, just wireless. edit: looking at the pic and re-reading the comments it looks like it has two PCI expansion slots and an unknown speed NIC. Assuming gigabit is a requirement, and unless there's a confirmed gigabit ethernet already on the motherboard, you'd have to pick up two NICs, which would double the cost of the gear. Still a good deal though. |
|
|
|
Posted: 12/31/2014 1:10:21 AM EDT
[#15]
Quote HistoryQuoted:
I'll definitely be running OpenVPN as well, although there will likely be only one connection at a time. We're talking about a home network, so maybe 20-25 IPs when I'm done. I'm also thinking about a RADIUS server. I liked that idea. Still think a P4 with 2 GB will work? Also, is there a difference between pf and pfsense, or are they the same thing? I think so; not saying you can't use something more modern, just illustrating the idea that you don't need a lot of horsepower to run a software-based firewall at home. |
|
|
|
Posted: 12/31/2014 1:16:54 AM EDT
[#16]
FPNI
Untangle is a good firewall. I use it, and it runs easily on an Atom-based 1U supermicro box. I put the OS on an SSD drive, and it just sits there in the rack and does its thing. The logging it provides is very useful, and it also does content-filtering for the kiddos. |
|
|
|
Posted: 12/31/2014 11:09:05 AM EDT
[#17]
Quote HistoryQuoted:
Does that box even have an extra slot for a NIC? Also from the comments at new egg it may not have a NIC already, just wireless. edit: looking at the pic and re-reading the comments it looks like it has two PCI expansion slots and an unknown speed NIC. Assuming gigabit is a requirement, and unless there's a confirmed gigabit ethernet already on the motherboard, you'd have to pick up two NICs, which would double the cost of the gear. Still a good deal though. Quote HistoryQuoted:
Quoted:
you don't need a brand new computer, any old computer from preferably the cor2 duo age/ amd athlon II will do. it just needs 2 gigs of ram, 2 nics, and 80gb of hdd. im sure you could find a craigslist or even one of those refurbished office computers. something like this and add another nic http://www.newegg.com/Product/Product.aspx?Item=N82E16883266495 Does that box even have an extra slot for a NIC? Also from the comments at new egg it may not have a NIC already, just wireless. edit: looking at the pic and re-reading the comments it looks like it has two PCI expansion slots and an unknown speed NIC. Assuming gigabit is a requirement, and unless there's a confirmed gigabit ethernet already on the motherboard, you'd have to pick up two NICs, which would double the cost of the gear. Still a good deal though. imo gig speeds aren't needed unless his internet is over 100meg speed anyways as it only affects the connection to the internet. |
|
|
|
Posted: 12/31/2014 5:15:29 PM EDT
[#18]
While there is no reason for me to do this it does sound like fun. Tag.
|
|
|
|
Posted: 1/1/2015 4:25:24 AM EDT
[#19]
What Windows Server stuff do you want? I could probably get you lab stuff.
|
|
|
|
Posted: 1/1/2015 6:10:44 PM EDT
[#20]
I run two Atom 2500s, both with integrated Intel GigE interfaces, one runs pfsense and the other runs untangle, bridging, behind it.
Forums say these systems will handle up to 500MB/s, YMMV. Have been very happy with both. Hardware was cheap, software was free. |
|
|
|
Posted: 1/1/2015 8:09:10 PM EDT
[#21]
Quote HistoryQuoted:
I run two Atom 2500s, both with integrated Intel GigE interfaces, one runs pfsense and the other runs untangle, bridging, behind it. Forums say these systems will handle up to 500MB/s, YMMV. Have been very happy with both. Hardware was cheap, software was free. I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? |
|
|
|
Posted: 1/1/2015 8:41:26 PM EDT
[#22]
Untangle/pfSense will serve you well for firewall needs. I'm running Check Point R77 on Gaia.. Overkill for the house, but holy shit the bells and whistles are great.
At a minimum, have separate networks for workstations, servers (dmz), and wireless. |
|
|
|
Posted: 1/3/2015 4:05:38 PM EDT
[#23]
Quote HistoryQuoted:
I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? Quote HistoryQuoted:
Quoted:
I run two Atom 2500s, both with integrated Intel GigE interfaces, one runs pfsense and the other runs untangle, bridging, behind it. Forums say these systems will handle up to 500MB/s, YMMV. Have been very happy with both. Hardware was cheap, software was free. I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? I'm interested, too. The top one is on my "short list," as well as some prebuilt boxes on mini-box.com. This is assuming I don't go with a refurb/pre-owned box. I'll link them when I have a minute... ETA: Working on a SBC I just got in the mail today. It's an ARM processor, so I can't use it for the firewall. They're cheaper, though.
|
|
|
|
Posted: 1/3/2015 9:52:57 PM EDT
[#24]
I just remembered I decommissioned a HTPC a few weeks ago (replaced with a firetv), so I have a spare box that is relatively low power. It's a dual core pentium like this. Ordered an extra NIC, and I plan to have a pfsense router setup by Monday.
I will have to relocate some boxes and wiring but that should be a snap. If I end up really liking the router I will make it a priority to grab one of those atom mini-itx boards and try to build a real low power router. |
|
|
|
Posted: 1/6/2015 2:46:38 PM EDT
[#25]
Quote HistoryQuoted:
I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? Quote HistoryQuoted:
Quoted:
I run two Atom 2500s, both with integrated Intel GigE interfaces, one runs pfsense and the other runs untangle, bridging, behind it. Forums say these systems will handle up to 500MB/s, YMMV. Have been very happy with both. Hardware was cheap, software was free. I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? I've been looking at embedded solutions, too. One of them is this: http://store.netgate.com/kit-APU1C.aspx Pros: Cheap: The setup is less than $200 ready to go. Dual-core processor (AMDm so 64bit is okay), 2 or 4 GB RAM, x3 gigabit LAN. Should fit the purpose: This seems to also be the systems sold on the pfsense website, and they're one of the main contributors to the community. Low power: These are supposed to be low power boards. Cons: Not upgradable, so you get what you get. Input: Does anyone have experience with these? Also, Should I have an expectation that hardware upgrades will be needed in the near future with pfsense? Untangle requires an 80gb HD, so I'm not so sure this would work for it, although you might be able to add a USB drive or get aan 80gb or more mSATA. I'm leaning towards pfsense for this reason, as well as almost all features are unlocked, completely (not that I'll necessarily need them). Thanks. |
|
|
|
Posted: 1/6/2015 3:38:35 PM EDT
[#26]
i do have a 256gb msata drive in my laptop. imo having a ssd in it would be a nice option because it would speed up the router some and in reality a 128gb ssd is the same price as plain hard drives now days.
that kit seems fine but if you want cheap you could just buy the refurbished desktop and slap a 128gb ssd in and still be cheaper then that kit. |
|
|
|
Posted: 1/6/2015 3:48:40 PM EDT
[#27]
I have a asa 5505 at home that was slightly modified to allow all features. VPN and botnet filters work great. Looking at integrating the cloud security feature soon. running 4 vlans. 1 for home everything including wireless and 3 for test / my stuff it keeps the misses happy when her stuff always works.
|
|
|
|
Posted: 1/9/2015 5:46:02 PM EDT
[#28]
Quote HistoryQuoted:
I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? Quote HistoryQuoted:
Quoted:
I run two Atom 2500s, both with integrated Intel GigE interfaces, one runs pfsense and the other runs untangle, bridging, behind it. Forums say these systems will handle up to 500MB/s, YMMV. Have been very happy with both. Hardware was cheap, software was free. I'd like to hear more info on the devices you're running. I found these on newegg, do you have something similar? http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007 This is it exactly, but it looks like they are out of stock. ETA http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=100008345%20600045147&IsNodeId=1&bop=And&Order=PRICE&PageSize=30 Here is a list of all the dual-nic "book pcs" on newegg, sorted by price. I will say, spend the money, get INTEL or BROADCOMM NICS!!!!!!!! No REALTEK!!!!!!!!! I did use an old T7200-based Dell notebook for a while, pulled out the screen and cut holes in the lid for two USB 120mm fans. Used the onboard NIC and a cardbus 10/100 adapter. That worked semi-OK, in a pinch, while I waited for my Atoms to arrive, but performance wasn't great (cardbus NIC sucked) |
|
|
|
Posted: 1/11/2015 3:43:27 AM EDT
[#29]
Quote HistoryQuoted:
Build a Linux box and throw pf on it. It'll do literally everything you need it to do. Why in the world would you suggest that when openBSD is so much better for that application? |
|
|
|
Posted: 1/23/2015 1:30:28 PM EDT
[#30]
Sorry for the delay in getting to this. I hit a "snag" with some things that took priority, money-wise...
So I'm getting ready to buy my hardware. I'm going to go cheap and buy an old desktop and use it. One question, though, has anyone used the home Sophos product? I'm hearing some pretty decent things about it, including that it has a nice set of reports, as well as a slick interface. I'm not sure about the hardware requirements, though. |
|
|
|
Posted: 1/23/2015 2:03:50 PM EDT
[#31]
Quote HistoryQuoted:
Why in the world would you suggest that when openBSD is so much better for that application? Quote HistoryQuoted:
Quoted:
Build a Linux box and throw pf on it. It'll do literally everything you need it to do. Why in the world would you suggest that when openBSD is so much better for that application? Probably because I've got four pairs of legacy BSD boxes running relayd and pf in varying capacities here in the data center, and I hate the fuckers.
The community around Linux environments is a bit better, and he can afford to lose a bit of performance in a home situation. |
|
|
|
Posted: 1/23/2015 9:13:13 PM EDT
[#32]
Quote HistoryQuoted:
Sorry for the delay in getting to this. I hit a "snag" with some things that took priority, money-wise... So I'm getting ready to buy my hardware. I'm going to go cheap and buy an old desktop and use it. One question, though, has anyone used the home Sophos product? I'm hearing some pretty decent things about it, including that it has a nice set of reports, as well as a slick interface. I'm not sure about the hardware requirements, though. The Sophos UTM is tits, do it. |
|
|
|
Posted: 1/23/2015 9:16:54 PM EDT
[#33]
Don't forget to disable WPS on your routers.
Doesn't matter how fancy your authentication and encryption is. A brute force attack on WPS is stupid simple, doesn't take long, and bypasses all that shit
|
|
|
|
Posted: 1/23/2015 9:24:17 PM EDT
[#34]
Quote HistoryQuoted:
Don't forget to disable WPS on your routers. Doesn't matter how fancy your authentication and encryption is. A brute force attack on WPS is stupid simple, doesn't take long, and bypasses all that shit While you're at it, you might as well also use reaver to validate that turning it off actually turns it off. I had two routers that had WPS, and when I switched the option to off, I was still able to crack the wifi with reaver over the WPS flaw. DD-WRT would probably be preferable, the firmware doesn't even support WPS. How router manufacturers still include it as a feature is beyond comprehension. |
|
|
|
Posted: 1/23/2015 9:25:38 PM EDT
[#35]
Quote HistoryQuoted:
While you're at it, you might as well also use reaver to validate that turning it off actually turns it off. I had two routers that had WPS, and when I switched the option to off, I was still able to crack the wifi with reaver over the WPS flaw. DD-WRT would probably be preferable, the firmware doesn't even support WPS. How router manufacturers still include it as a feature is beyond comprehension. Quote HistoryQuoted:
Quoted:
Don't forget to disable WPS on your routers. Doesn't matter how fancy your authentication and encryption is. A brute force attack on WPS is stupid simple, doesn't take long, and bypasses all that shit While you're at it, you might as well also use reaver to validate that turning it off actually turns it off. I had two routers that had WPS, and when I switched the option to off, I was still able to crack the wifi with reaver over the WPS flaw. DD-WRT would probably be preferable, the firmware doesn't even support WPS. How router manufacturers still include it as a feature is beyond comprehension.  
|
|
|
|
Posted: 1/24/2015 7:22:40 PM EDT
[#36]
Quote HistoryQuoted:
The Sophos UTM is tits, do it. Quote HistoryQuoted:
Quoted:
Sorry for the delay in getting to this. I hit a "snag" with some things that took priority, money-wise... So I'm getting ready to buy my hardware. I'm going to go cheap and buy an old desktop and use it. One question, though, has anyone used the home Sophos product? I'm hearing some pretty decent things about it, including that it has a nice set of reports, as well as a slick interface. I'm not sure about the hardware requirements, though. The Sophos UTM is tits, do it. What are the system requirements? I had trouble finding it. Also, is it still a 50 IP address limit? I won't hit that, yet... |
|
|
|
Posted: 1/24/2015 8:48:44 PM EDT
[#37]
look at fortigate http://www.fortinet.com/products/fortigate/index.html we put these in banks , the feds use them , and very highly regarded.
|
|
|
|
Posted: 1/25/2015 12:22:02 AM EDT
[#38]
Quote HistoryQuoted:
What are the system requirements? I had trouble finding it. Also, is it still a 50 IP address limit? I won't hit that, yet... Quote HistoryQuoted:
Quoted:
Quoted:
Sorry for the delay in getting to this. I hit a "snag" with some things that took priority, money-wise... So I'm getting ready to buy my hardware. I'm going to go cheap and buy an old desktop and use it. One question, though, has anyone used the home Sophos product? I'm hearing some pretty decent things about it, including that it has a nice set of reports, as well as a slick interface. I'm not sure about the hardware requirements, though. The Sophos UTM is tits, do it. What are the system requirements? I had trouble finding it. Also, is it still a 50 IP address limit? I won't hit that, yet... Minimum is a gig of ram and a intel processor. I find that how much you need depends on the amount of traffic, for normal home use I'd say any dual core from the last 5 years and 1 gig of ram should be sufficient. |
|
|
|
Posted: 1/26/2015 11:14:45 AM EDT
[#39]
I ordered an old Core 2 desktop and a NIC. So far, I'm leaning towards pfsense since most everything is free, and there are no licensing limitations.
Sophos UTM looked good, but I was concerned with the 50 IP limit, even though I'm not close, at this point. I do plan to add some security cameras, IR motion sensors, and some other goodies, and I would hate to get inthe middle of everything and run in to a problem. Untangled also looked nice, but I read, on their forums, that many of the features are dumbed down in the "Lite" packages. I'm still reviewing Fortinet... I'll update it once I get the parts in and the install completed. Up next: a manged switch. Any thoughts on what to buy, with emphasis on CHEAP? This is a home network, so it shouldn't need enterprise level equipment, unless I can get it for a steal.
|
|
|
|
Posted: 1/29/2015 10:51:54 AM EDT
[#40]
New (old refurb, actually) firewall box is in. NIC installed, and pfsense installed, but it's not install as the firewall yet. Hopefully, that will be tonight. I'll try that first and see how I like it.
On a side note, I bought a refurbed Core 2 Duo from TigerDirect.com, and it was in excellent visual condition. The outside had some rough spots on it, but they cleaned the internals and checked all parts. As long as it lasts, it looks like it was a good deal. I would recommend it, at this point. Give me some time to make sure the computer stays up and running, though.
I went with the above option due to price. I would have preferred to buy something like this, but I couldn't see speding almost double for it, plus the PC has some expansion possibilities. It's a give and take. I realize the parts have some wear, and it's more of a power hog that the alternative. So no one has any suggestions on a managed switch? I see some cheap Dell switches on eBay. Should I avoid buying those? What about throwing a wireless card in the PC to make it the main access point? I'm looking at one of these. Either the N300 or N900 model. I don't have any 5ghz devices, yet, but it seems to have some decent range, which has been an issue in my home. I have to put in a router configured as a repeater for my current wireless setup. The N900 may, or may not, help. Thoughts? |
|
|
|
Posted: 1/29/2015 11:19:18 AM EDT
[#41]
Putting a wireless NIC in your fw/router is great if all the devices are within range. You're better off with a separate AP, ceiling mounted.
Ubiquity makes a great one, i'm sure others will throw their vote in. |
|
|
|
Posted: 1/29/2015 2:17:00 PM EDT
[#42]
Quote HistoryQuoted:
Putting a wireless NIC in your fw/router is great if all the devices are within range. You're better off with a separate AP, ceiling mounted. Ubiquity makes a great one, i'm sure others will throw their vote in. Yep. That's what I use. |
|
|
|
Posted: 1/30/2015 3:45:58 AM EDT
[#43]
Ubiquiti for everything wireless.
Netgear, Cisco, Dell, HP, used commercial trade-ins, un-installs, refurbs, etc from Ebay. I picked up a 16 port Netgear gig managed switch that does VLANs and what not for a song, paid more in shipping than I did for the switch. If you are going to do cameras, you might look into something with POE ports, although my cameras are going to be all spread out and not centrally connected to any one switch, so I am going with a injectors like these: http://www.open-mesh.com/8p18vpoe.html (You can find them way cheaper, I am just posting as an example) As an aside, I just upgraded (finally) my untangle machine to the latest, still running behind pfsense, still one of the finest systems I own (and yes, I am using the "dumbed down" lite versions, ha) |
|
|
|
Posted: 1/30/2015 2:06:41 PM EDT
[#44]
Just got my pfsense box up and running last night. It was plug-n-play, except I kept losing my wireless. As it turns out, my linksys router had the same ip as the pfsense box.
That cost me about 45 minutes. 
OpenVPN was a breeze to set up, and the installer makes it too damn easy! Just don't mess with the server configs when you're logged in remotely, or you could lock yourself out while you're not at home, like I did this morning.
Now I can't play while it's slow at work! Gotta catch up on snort and get that loaded tonight, and get my repeater up and running. Now, off to ebay to grab me a switch and, maybe, an access point... Question #1: When I vpn'd back into my network from work this morning, the vpn connected, and I was able to access the pfsense box with no problem, but all http traffic seemed to be going out of my work's guest network instead of through my network. I know because I hit a firewall trying to get out to one of those evil "gun" sites. I've never had my traffic do that when connected to my home vpn. What am I missing in my configuration? Question #2: My pfSence DHCP server doesn't show a reservation for my linksys router, which I'm using as my wireless access point. Is this normal? It's in the DHCP range. |
|
|
|
Posted: 1/30/2015 3:01:08 PM EDT
[#45]
Quote HistoryQuoted:
Question #1: When I vpn'd back into my network from work this morning, the vpn connected, and I was able to access the pfsense box with no problem, but all http traffic seemed to be going out of my work's guest network instead of through my network. I know because I hit a firewall trying to get out to one of those evil "gun" sites. I've never had my traffic do that when connected to my home vpn. What am I missing in my configuration? Quote HistoryQuoted:
Question #1: When I vpn'd back into my network from work this morning, the vpn connected, and I was able to access the pfsense box with no problem, but all http traffic seemed to be going out of my work's guest network instead of through my network. I know because I hit a firewall trying to get out to one of those evil "gun" sites. I've never had my traffic do that when connected to my home vpn. What am I missing in my configuration? Set up a route so traffic destined for evil gun sites goes out your tunnel instead. Quoted:
Question #2: My pfSence DHCP server doesn't show a reservation for my linksys router, which I'm using as my wireless access point. Is this normal? It's in the DHCP range. Is the IP addr on your router still static config'ed? DHCP won't push an address to a device, it only responds to discovery requests. |
|
|
|
Posted: 1/30/2015 5:32:08 PM EDT
[#46]
Quote HistoryQuoted:
Just got my pfsense box up and running last night. It was plug-n-play, except I kept losing my wireless. As it turns out, my linksys router had the same ip as the pfsense box.
That cost me about 45 minutes.
. LOL I've done that. 
|
|
|
|
Posted: 1/31/2015 2:02:34 PM EDT
[#47]
Wow! That took a while. I couldn't get VPN to connect to the Internet through the firewall. Come to find out, I needed the rules and DNS. I hardwired Google DNS in, but can I put in 127.0.0.1 in the vpn server settings to use pfsense' DNS first? This way I'll have my internal DNS...
|
|
|
|
Posted: 1/31/2015 2:04:52 PM EDT
[#48]
Quote HistoryQuoted:
Set up a route so traffic destined for evil gun sites goes out your tunnel instead. Is the IP addr on your router still static config'ed? DHCP won't push an address to a device, it only responds to discovery requests. Ugh. Yes. Thanks. I feel dumb, now... Quote HistoryQuoted:
Quoted:
Question #1: When I vpn'd back into my network from work this morning, the vpn connected, and I was able to access the pfsense box with no problem, but all http traffic seemed to be going out of my work's guest network instead of through my network. I know because I hit a firewall trying to get out to one of those evil "gun" sites. I've never had my traffic do that when connected to my home vpn. What am I missing in my configuration? Set up a route so traffic destined for evil gun sites goes out your tunnel instead. Quoted:
Question #2: My pfSence DHCP server doesn't show a reservation for my linksys router, which I'm using as my wireless access point. Is this normal? It's in the DHCP range. Is the IP addr on your router still static config'ed? DHCP won't push an address to a device, it only responds to discovery requests. Ugh. Yes. Thanks. I feel dumb, now... |
|
|
|
Posted: 1/31/2015 6:18:58 PM EDT
[#49]
My fresh and most recent untangled install is on a 40gb disk with 32gb free... Don't think the 80gb requirement is legit.
|
|
|
|
Posted: 2/3/2015 12:37:08 AM EDT
[#50]
So router is up and functional, but my old wireless router had a bug that locked it up from any admin when you turned off DHCP.
And it bricked when I went to dd-wrt, and I made it worse messing with it.
Oh well. Gonna try a couple of cheap wireless access points to fix it... A decent switch is imminent. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
