Announcement

Collapse
No announcement yet.

PFSense Firewall Group purchase interest

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Good news Robert!!

    You can also have a look at creating a management VLAN that talks to the trusted, guest and IOT networks. Many years ago on the enterprise network we used a management VLAN to manage all of the Cisco switches. Playing a bit we called it area 51 (51 was the VLAN). I have been using the TP-Link 24 port managed switches here and they do fine these days.

    Relating to VPN these days OpenVPN seems more popular than IPSec VPN. Both work fine. I still utilize IPSec VPN here. But it is just me. I have been asked which one is faster and still do not think one is faster than another. Thinking with Cisco stuff years ago utilize IPSec VPN and maybe that is why I am using it today. There are VPN clients available for Windows, Linux, Android and iOS. Some are free and some are not.

    Here have repurposed a micro AP such that the main OS (openwrt) of the firmware is running TOR. Easy to use wirelessly. It is though very resource intensive and pushes much on the CPU of the microrouter. Mostly utilize it out of curiousity.

    Lately here have noticed if I change my geolocation (virtually) between an east coast or west coast or out of country routers I am seeing differently styled web pages for Fox or CNN. This isn't using tor rather its just a VPN tunnel connecting to specific routers on the internet. I see differences here too using the T-Mobile internet connection versus the Comcast internet connection. Outside of country routers cannot get to US news sites as they appear to be blocking. I wonder why though.

    Midwest see:

    [ATTACH]63384[/ATTACH]

    Westcoast see:

    [ATTACH]63385[/ATTACH]
    Last edited by Pete; September 17, 2017, 06:25 AM.
    - Pete

    Auto mator
    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
    HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

    Comment


      L2TP/iPsec

      Trying to move off my Edgeport router over to PFSense. Can anyone suggest a decent how-to guide for setting up L2TP/iPsec VPN? The learning curve is steep for me and I must make this work - or fall back to the Edgeport.

      Note that I have spent the last 2 hours searching for a decent guide, but they do not coincide closely enough for me to follow. Older version of Pfsense being used, etc.
      My search continues.

      Comment


        The PFSense one should do it, you would think but it doesn't jive exactly.
        https://doc.pfsense.org/index.php/L2TP/IPsec

        Comment


          This is the one I used for IPSec a couple of years ago.

          IPsec Road Warrior/Mobile Client How-To

          and a newer one.

          pfSense Road Warrior IPSec Config That Works - 2016
          - Pete

          Auto mator
          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
          HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

          Comment


            Thank you, Pete. Using the https://doc.pfsense.org/index.php/L2TP/IPsec
            (which I printed out & checked items off one by one) I have made it through to the point where I can connect but have no ability to use local resources. Going to recheck the firewall rules... Will also look at the links you provided.
            In this for the long haul

            Comment


              You can test too enabling the NAT reflection so that you can test inside of your home network. I used to do this and also test using my cell phone tethering.

              The firewall rules get auto created for the VPN.
              - Pete

              Auto mator
              Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
              Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
              HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

              HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
              HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

              X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

              Comment


                Originally posted by Pete View Post
                You can test too enabling the NAT reflection so that you can test inside of your home network. I used to do this and also test using my cell phone tethering.

                The firewall rules get auto created for the VPN.
                Just happened to be looking into this right now - the guide
                \pfSense Road Warrior IPSec Config That Works - 2016
                Makes mention of that.
                The pfSense guide had me manually create them.
                Going to see if maybe I have that turned off or.... quite possibly may just start over by restoring my config & use road-warrior guide from scratch.

                Comment


                  Thanks Pete - ended successfully - still had to manually create a firewall rule but other than that, the guide gave me all I needed.

                  Comment


                    I have been using the heck out of youtube videos as a tool for learning pfSense. From watching things made over the last several years, I can see the changes and improvements made to pfSense over time. It has definately improved from even just 2 years ago. To surface the more informative and timely videos, I do my search and then filter by duration and upload date. As example, just for VPN, I would guess I have about 20 videos that are all useful to some degree.

                    Due to my satellite metered environment, downloading from youtube is a challenge. But, I use Internet Download Manager (IDM) and throughout the day and add items to the download list. IDM knows about the 3am to 6m free zone and only downloads then. I wake up to a potload of new videos to assist me.

                    All in all, this is working out nicely. As example, last night I had 14 videos in IDM to download and iTunes that would be allowed to update. Before I went to bed I checked Excede and it said I had downloaded 12.3GB so far in this billing cycle. This morning checked that number again and it still at 12.3 which was perfect. Checked the WAN interface and it had increased by .9GB. iTunes was up to date and I had 14 videos downloaded. Happy camper here.

                    Comment


                      logbuilder,

                      I think 3 mentioned you have 3 networks in your house.

                      I am going to add another just for wireless. I use a Nighthawk WiFi Range Extender EX7000 for my wireless so I believe all I need to do is plug that device into one of the OPTs on the QOTOM mini pc and set it up as a static ip or am I missing something.

                      Right now the Nighthawk WiFi Range Extender is connected to a switch on my network off of the main LAN connection on the QOTOM but I would like to separate it
                      Cheers,
                      Bob
                      Web site | Help Desk | Feature Requests | Message Board

                      Comment


                        Originally posted by Blade View Post
                        logbuilder,

                        I think 3 mentioned you have 3 networks in your house.

                        I am going to add another just for wireless. I use a Nighthawk WiFi Range Extender EX7000 for my wireless so I believe all I need to do is plug that device into one of the OPTs on the QOTOM mini pc and set it up as a static ip or am I missing something.

                        Right now the Nighthawk WiFi Range Extender is connected to a switch on my network off of the main LAN connection on the QOTOM but I would like to separate it
                        @blade

                        I have an EX7000 too so I can answer what I did (actually didn't do).

                        OK, from the start. Before pfSense, I had 1 router that everything went thru. It had dual band but due to my IOT devices being spread all around my property, I have 2 wifi range extenders. One is the wireless EX7000 and another is a powerline extender that attaches to the router with a cable. It created the 192.168.0.xxx network.

                        First I took the router and made it an access point (AP). All that really entailed was to make sure it had a static IP on the lan side and turned off DHCP. Those changes are on the router itself. Now it is an AP. The powerline wifi extender which was plugged into the router needed no change. All the devices using the wifi on that router needed no change. That includes all the IOT devices that were using wifi to get to the HS3/BI4 server including all the cameras, nodeMCUs, wemo outlets, and a Amazon Fire tablet that serves a HSTouch app. All were perfectly happy.

                        Then I attached pfSense to the satellite modem via WAN. Satellite provided DHCP which gave it an IP address on WAN. Setup the IOT lan segment as 192.168.0.1 with DHCP. Plugged a cable into the router (now in AP mode) into one of the router lan ports and then into the IOT port on pfSense. If everything is configured properly, the old network and all attached device should be online and mostly unaware that upstream of the old router has even changed.

                        In my TRUSTED lan, again the router is in AP mode. TRUSTED lan setup as 192.168.1.xxx. Two wifi networks with really strong passwords. All known trusted devices mac address configured into DHCP for the TRUSTED lan with static IPs. In each trusted device, moved them over to the new trusted wifi networks. Told the devices to forget the old 192.168.0.1 networks

                        3rd network is GUEST which will have another router just for wifi. It is the 192.168.2.xxx network. Looked at craigslist and see that N600s are selling for $10-$15 and are quite available. Will pick one up next time I am in the city.

                        Whew! Hope that helps.

                        Comment


                          In one of the posts in this thread, Pete had suggested using vlans. I had no knowledge of these so it kind of flew over my head. But the thought stuck. I did some research via youtube and found this video which seems to explain them well and shows how to configure within pfSense. Note that it is 2 years old and the GUI has improved since then.

                          I get it but since my Qotom came with 4 intel ports, I don't think I really need vlans at this point. However, if my pfSense machine only had 2 ports, WAN and LAN, vlans would be used give me 3 lans to work with. Pretty cool and not hard at all to understand (thanks to the video).

                          https://www.youtube.com/watch?v=mPXMnSDOE8U

                          Comment


                            Thanks for the info - I am still learning and feel a little out of my league with pfsense right now
                            Cheers,
                            Bob
                            Web site | Help Desk | Feature Requests | Message Board

                            Comment


                              Originally posted by logbuilder View Post
                              In one of the posts in this thread, Pete had suggested using vlans. I had no knowledge of these so it kind of flew over my head. But the thought stuck. I did some research via youtube and found this video which seems to explain them well and shows how to configure within pfSense. Note that it is 2 years old and the GUI has improved since then.

                              I get it but since my Qotom came with 4 intel ports, I don't think I really need vlans at this point. However, if my pfSense machine only had 2 ports, WAN and LAN, vlans would be used give me 3 lans to work with. Pretty cool and not hard at all to understand (thanks to the video).

                              https://www.youtube.com/watch?v=mPXMnSDOE8U
                              I actually use vlans throughout the house to sandbox networks like the guest network. Vlans allow you to have more than one lan accessible on the same ethernet cable (not just port) by tagging the packets.

                              For instance I have 3 access points around the house. Each one broadcasts an additional guest wifi (same ssid on all), which is on a separate vlan and the devices connected to that vlan can't reach devices in the main lan (nas and all).

                              Basically I'm using the same access points for both the main wifi as well as the guest, which are on separate lans.

                              Comment


                                Originally posted by Blade View Post
                                Thanks for the info - I am still learning and feel a little out of my league with pfsense right now
                                Boy can I relate to that! Normally for me, with a new technology I flounder around at first trying to wrap my head around the new technology. Often I am thinking I might understand something and then find I was completely off base. But there always seems to be a point when it just seems to 'click' and come into focus. Then I am usually off and running.

                                As you are learning and trying new things. Take frequent backups so that if you find yourself lost or otherwise hosed, you can quickly get back to a known good state.

                                Hang in there. Won't take long to feel more comfortable.

                                Comment

                                Working...
                                X