www.homeseer.com    
 

Go Back   HomeSeer Message Board > General Home Automation > General Home Automation Hardware Discussion > Personal Computers

Personal Computers Discussion area for NON-HomeSeer related discussions on personal computers, hardware and operating systems.

Reply
 
Thread Tools Display Modes
  #261  
Old September 6th, 2017, 08:26 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
How do you have no ip dot com configured in your pfSense config?

Only thing I have configured for the the no ip configuration in first tab is:

login name = email address
password = password

Hostname = here use one of 16 hostnames.

Is it only in the Client Export side of things?

I do not utilize any dynamic dns name stuff for VPN configuration in PFSense VPN configuration.

On the client side I first test with the wan IP, then I change it to the DNS name.

Here utilize IPSec rather than OpenVPN.

Do you still use a UDP port (e.g. 1194) in the main config?

Thinking the UDP port for openVPN is configured automatically.

It is recommended using the iPhone that you change UDP port 1194 to TCP port 443 such that the UDP port doesn't get blocked.

Have a look see here:

iPhone OpenVPN Setup
__________________
- Pete

Automator
Reply With Quote
  #262  
Old September 6th, 2017, 09:43 PM
rprade's Avatar
rprade rprade is online now
OverSeer
 
Join Date: Jan 2014
Location: Colorado
Posts: 5,482
Quote:
Originally Posted by langenet View Post
Like you Randy, I too want to minimize my energy footprint. So what are you using as an 8-watt firewall appliance?

Robert
It is the same box as this eBay listing, but I sourced it from China early this year. J1900 Celeron Quad core, 32GB MSata SSD 4GB ram. I may have understated the power a little, it is drawing 9.2 watts today. It is rated at 10-watts. I think I paid ~$200 shipped.
__________________
Randy Prade
Aurora, CO
Prades.net

"Do or do not, there is no try"
-Yoda

PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino
Reply With Quote
  #263  
Old September 6th, 2017, 10:05 PM
cheeryfool's Avatar
cheeryfool cheeryfool is offline
Super Seer
 
Join Date: Apr 2008
Location: Jersey Shore
Posts: 1,507
Quote:
Originally Posted by Pete View Post
How do you have no ip dot com configured in your pfSense config?

Only thing I have configured for the the no ip configuration in first tab is:

login name = email address
password = password

Hostname = here use one of 16 hostnames.

Is it only in the Client Export side of things?

I do not utilize any dynamic dns name stuff for VPN configuration in PFSense VPN configuration.

On the client side I first test with the wan IP, then I change it to the DNS name.

Here utilize IPSec rather than OpenVPN.

Do you still use a UDP port (e.g. 1194) in the main config?

Thinking the UDP port for openVPN is configured automatically.

It is recommended using the iPhone that you change UDP port 1194 to TCP port 443 such that the UDP port doesn't get blocked.

Have a look see here:

iPhone OpenVPN Setup
Got it!

In the Client Connection Behaviour section of the Client Export Utility I needed to set the Host Name Resolution to "Other", then specify my domain name in the "Host Name' field. Then re-export the config to my iPhone and it now connects via domain instead of IP.

As I suspected, I was missing something simple.

Thanks!
__________________
cheeryfool
Reply With Quote
  #264  
Old September 7th, 2017, 08:24 AM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
Good news cheeryfool!!!!

A while back a Cocoontech user asked me to post a comparison between using IPSec and OpenVPN speeds.

I never did compare the two. Supposition was that throughput would be the same using VPN.

So in the DIY section above when I write will do a comparison of using IPSec and OpenVPN. PFSense will do both at the same time.

This will be testing multiple crypto sessions (pushing a bit on the CPU / memory stuff).

To date I have only created one VPN configuration on PFSense and have configured internal VPN devices / tunnels.

Last edited by Pete; September 7th, 2017 at 09:29 AM.
Reply With Quote
  #265  
Old September 7th, 2017, 11:21 AM
cheeryfool's Avatar
cheeryfool cheeryfool is offline
Super Seer
 
Join Date: Apr 2008
Location: Jersey Shore
Posts: 1,507
Quote:
Originally Posted by Pete View Post
Good news cheeryfool!!!!

A while back a Cocoontech user asked me to post a comparison between using IPSec and OpenVPN speeds.

I never did compare the two. Supposition was that throughput would be the same using VPN.

So in the DIY section above when I write will do a comparison of using IPSec and OpenVPN. PFSense will do both at the same time.

This will be testing multiple crypto sessions (pushing a bit on the CPU / memory stuff).

To date I have only created one VPN configuration on PFSense and have configured internal VPN devices / tunnels.
I will watch with interest this comparison. Not that I expect any issues with OpenVPN with my hardware and Gig internet.

Unfortunately my corporate environment closed out another route to home this weekend as Domotz.com remote access came into an excluded list (I think based on a Symantec perceived threat). My Corp Wifi blocks outbound VPN, even on the guest networks and my corporate laptop is locked down so hard that I can't install anything on it. I guess it's all for good reason, but frustrating none the less. Going to have to bring in an old Mac and tether it to my phone hotspot and keep track of data usage. Or perhaps I go back to the Nokia banana phone (the one in The Matrix) and Compaq iPaq, communicating together over infrared - late '90s style.
Reply With Quote
  #266  
Old September 7th, 2017, 11:58 AM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
I really don't think there is much of a difference in using IPSec VPN or OpenVPN these days.

Enterprise wise many years ago got involved in the cost savings measure of switching over from secureID to an easy to access on the internet VPN.

I do not even know today if it is being utilized....vpn.ual.com...also built a public network for vendors and employees (although it did go thru a firewall and we did allow VPN connections)...

I am noticing now the massage of internet connectivity by cellular telco's (T-Mobile). Probably soon it may block VPN connections. I can envision large ISP's here starting to do that which would be a bad thing.

Last few short vacations here did only utilize my cell phone tethering / VPN to connect back to home.

Yeah here wife works for a bank and they have upped their security (no remote email access anymore) and doing DR scenarios more often than not lately.

There is a lot of Internet paranoia lately and VPN paranoia. Both Russia / China mentioned something about restricting VPN use just in the last couple of weeks.

Here in the US it's relating to the free untethered Internet access versus what it is that is wanted to be seen on a stifled internetlandia. (or which way will it be to make the most money?) .

Weird because these issues have been around since the beginning of the Internet and lately with the use of many cloud applications.

It's sort of like coming up with a recovery scenario for Homeseer after the fact.

Last edited by Pete; September 7th, 2017 at 03:36 PM.
Reply With Quote
  #267  
Old September 7th, 2017, 03:44 PM
vasrc's Avatar
vasrc vasrc is offline
Seer Master
 
Join Date: May 2003
Location: Locust Dale, VA
Posts: 1,108
Was testing PFsense to see if it would work on my system, but decided to go the Sophos route instead. Have a clean one owner Qotom box (back to factory default) that I'll let go for $200 (shipping included), usually $320 + shipping if anyone is interested. All loaded up with PFsense and ready to go. I believe this is the box Logbuilder is using.

QOTOM Core i5 Fanless Mini PC with 4 Intel LAN ports, 8GB RAM 64GB SSD, HD Video port, 4 USB, 1 COM, Linux Mini PC PFSENSE Router firewall

PM me if interested.

You can return to your regularly scheduled program now.

Thanks,
Z

Already spoken for. Thanks!

Last edited by vasrc; September 8th, 2017 at 06:33 AM.
Reply With Quote
  #268  
Old September 7th, 2017, 04:11 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
That is a great deal Z!

Still probing the Pacific Rim here (well not in China anymore)....letting my fingers do the walking....

I have read good things about them Sophos router / firewalls.

And now a brevity break...



A bit curious here went to the Sophos website and got in to a chat about Sophos XG wares with a Sophos sales representative. Interesting almost AI stuff...(modular pricing and sandbox free testing).

Last edited by Pete; September 7th, 2017 at 11:22 PM.
Reply With Quote
  #269  
Old September 8th, 2017, 06:36 AM
vasrc's Avatar
vasrc vasrc is offline
Seer Master
 
Join Date: May 2003
Location: Locust Dale, VA
Posts: 1,108
Quote:
Originally Posted by Pete View Post
That is a great deal Z!

Still probing the Pacific Rim here (well not in China anymore)....letting my fingers do the walking....

I have read good things about them Sophos router / firewalls.

And now a brevity break...



A bit curious here went to the Sophos website and got in to a chat about Sophos XG wares with a Sophos sales representative. Interesting almost AI stuff...(modular pricing and sandbox free testing).
Other than the price (which for me is actually less since I'm replacing two cisco routers and a firewall), it's pretty nifty stuff... XG stumbled for awhile on release, but seems pretty stable now. I suspect Ubiqutiy will have something shortly as well since the lead PFsense designer moved there.
Firewalls are the new Orange

Z
Reply With Quote
  #270  
Old September 8th, 2017, 01:22 PM
waynehead99 waynehead99 is offline
Super Seer
 
Join Date: May 2015
Location: Colorado
Posts: 1,942
So I officially moved over to PFSense yesterday... that was very nerve racking, but very calming when I plugged it in place of my edge router... and it worked

One thing that was throwing me for a loop and almost made me scrap the whole project was the VLAN setup. I have 3 vlans for security purposes and for some reason I could only get an IP address from my main vlan dhcp. No matter what, I was unable to get an IP on my other vlans.

So I share the resolution with you here in hopes that you don't run into the same problem (it was kinda silly what the problem was once seen, but that is usually the case with anything computers). I setup my PFSense on a ESXi host, purchased a 4 port intel NIC that I have tied directly to the router in the ESXi host. The problem was the LAN port configuration on the host. I didn't set it to allow vlan ID's to be passed through, so because of this only ID 1 was allowed and the reason I was seeing the results I was seeing. Once I change this to 4095 (allow all VLANS), I started to magically get IP's on all my vlans.

Got all my pinholes put in place between the vlans (things like allow camera access from its vlan back to the main one, disable any internet connectivity on the camera vlan. You want a network scare, look at the traffic coming from your cams on the internet, back to china. You'll lock yours down too).

Overall, once I got it setup finally, I am happy with it and its much easier to manage than my ubiquiti edge router, with a lot more features.

Time will tell if the move was really worth it.

Thanks Pete for sparking interest in a project for me.
Reply With Quote
  #271  
Old September 8th, 2017, 01:56 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
Good news Wayne!!

Going to add a PFSense VLAN configuration section above in the DIY. Do you mind if I use your stuff? Will do a step by step with pictures above. Going baby steps above doing the DIY.

Once you have the PFBlocker running it will Geo Block much of the nepharious stuff for you automatically.

Here I would like to pin hole a telnet / ssh connection from the main LAN to the secondary ISP connection to manage the modem. By default all traffic routes through the primary modem unless there is a failure then goes to the secondary modem. The firewall rules use a configured alias that works with whatever router is being utilized. I have tried a couple of times and have never been able to get it to work. That and the secondary modem is a cellular combo AP, Network, Firewall and telephone line so the IP I connect to is in a DMZ on the cellular modem.

Last edited by Pete; September 8th, 2017 at 02:22 PM.
Reply With Quote
  #272  
Old September 9th, 2017, 03:16 PM
logbuilder logbuilder is offline
Seer Master
 
Join Date: Nov 2016
Location: Pacific North West
Posts: 529
Good thread on Qotom hardware

On the pfSense forum I found a thread that had gobs of info on the Qotom hardware. It starts kind of negative but keep reading. 10 pages of good info. For reasons you will see as you read the thread, they basically consolidated all the Qotom discussions to one thread so it is a great resource whether you already own one or are considering the purchase of one.

https://forum.pfsense.org/index.php?topic=132528.0
Reply With Quote
  #273  
Old September 9th, 2017, 03:18 PM
waynehead99 waynehead99 is offline
Super Seer
 
Join Date: May 2015
Location: Colorado
Posts: 1,942
Quote:
Originally Posted by Pete View Post
Good news Wayne!!

Going to add a PFSense VLAN configuration section above in the DIY. Do you mind if I use your stuff? Will do a step by step with pictures above. Going baby steps above doing the DIY.

Once you have the PFBlocker running it will Geo Block much of the nepharious stuff for you automatically.

Here I would like to pin hole a telnet / ssh connection from the main LAN to the secondary ISP connection to manage the modem. By default all traffic routes through the primary modem unless there is a failure then goes to the secondary modem. The firewall rules use a configured alias that works with whatever router is being utilized. I have tried a couple of times and have never been able to get it to work. That and the secondary modem is a cellular combo AP, Network, Firewall and telephone line so the IP I connect to is in a DMZ on the cellular modem.


Sure Pete. If you need me to get you details and screen shots, let me know.
Reply With Quote
  #274  
Old September 9th, 2017, 04:00 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
Thank you Wayne.

Here to get screen shots I been disabling and clearing stuff. This gets me remembering what it is I did. I have reset my PFSense basic configuration a few times now just to get these screen shots. That said doing the DIY above breaking it down to commonly utilized options et al.
Reply With Quote
  #275  
Old September 10th, 2017, 01:02 AM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
Going to add another section above in the DIY. By default here have always installed the Squid plugin.

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol.

Squid was originally designed to run as a daemon on Unix-like systems. A Windows port was maintained up to version 2.7. New versions available on Windows use the Cygwin environment. Squid is free software released under the GNU General Public License.
Reply With Quote
  #276  
Old September 10th, 2017, 03:23 AM
logbuilder logbuilder is offline
Seer Master
 
Join Date: Nov 2016
Location: Pacific North West
Posts: 529
To ALL:

As you may remember, last weekend I was trying to get my new Qotom pfSense server working in my Exede satellite ISP network. We did not reach resolution at that time.

I let it sit for a few days but got back to it today. Our super pfSense local guy PETE worked with me over on the pfSense forum and we got it working. Here is the pfSense thread if you are interested.

Net is we turned off DNS Resolver and configured two external DNS servers. Might be specific to my Exede network, might not. But it does work.

Big thanks to PETE!

Robert
Reply With Quote
  #277  
Old September 11th, 2017, 01:15 PM
cheeryfool's Avatar
cheeryfool cheeryfool is offline
Super Seer
 
Join Date: Apr 2008
Location: Jersey Shore
Posts: 1,507
Took me a while to get my FiOS setup configured, but seems to be working now. VOD, Widgets, Caller ID, Remote DVR all working well. The only thing I haven't got working yet is the remote control within the FiOS Mobile app. Not a big deal as we rarely use it, but I may try and figure it out at some point.

Playing with pfBlocker now. Basics up and running already. Beginning to see the benefits of address reservation vs static IP. I have always used a combination, preferring static on the device if possible. But given that DNS is more easily managed with address reservation, I have now set most devices with reserved addresses in pfSense. Just need to switch all my devices over now!
Reply With Quote
  #278  
Old September 11th, 2017, 07:53 PM
mystic860 mystic860 is offline
Seer Deluxe
 
Join Date: Feb 2016
Location: Groton, CT
Posts: 127
is there a timeline (even a loose one) on this group buy?
Reply With Quote
  #279  
Old September 11th, 2017, 08:10 PM
Pete's Avatar
Pete Pete is online now
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,713
Before Christmas?

Prices are dropping on the J1900's where I could probably do a group purchase including shipping for a bit under $100 now. (did get a price already for this).

Waiting here on new wares using the new old Skylake new ARK SoC (Atom)...call the new Intel Atom a baby i9 series Intel chip ....
Reply With Quote
  #280  
Old September 14th, 2017, 01:37 PM
Blade's Avatar
Blade Blade is offline
OverSeer
 
Join Date: Aug 2003
Location: Ontario Canada
Posts: 6,764
I just got my QOTOM machine and am getting ready to setup pfsense

What is the best way to connect to it my existing network to set it all up (DHCP reservation, port forwarding, etc) and then once complete, swap it out with my existing ASUS router.

I am looking to cause very little interference with internet at home.
__________________
Cheers,
Bob
Web site | Help Desk | Feature Requests | Message Board
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using UltraLog3 HSPI Syslog with pfSense Firewall 2.3 Ultrajones UltraLog HSPI 0 February 21st, 2015 06:36 PM
PFSense VPN Tunnel Use Pete How-To's 0 August 21st, 2014 07:09 AM
TI203-RS232 group purchase (Aus TI103) Jumpyj HomeSeer X10 Plug-in 0 December 18th, 2013 05:54 PM
Potential Purchase Interest sckoman ISY Plug-in Beta (3P) 0 December 26th, 2008 05:44 PM
Louisville Group Interest fireball LUG General Discussion 17 February 27th, 2005 02:36 PM


All times are GMT -4. The time now is 07:39 PM.


Copyright HomeSeer Technologies, LLC