Categories

• TNSR

  Discussions about TNSR

  TNSR Announcements TNSR Feedback Problems Installing or Upgrading TNSR Software
  424
  Topics
  1.3k
  Posts

  F

  @matlear DHCP relay is coming in 24.10.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  Messages from the pfSense Team General pfSense Questions Problems Installing or Upgrading pfSense Software Firewalling NAT HA/CARP/VIPs L2/Switching/VLANs Routing and Multi WAN Traffic Shaping DHCP and DNS IPv6 IPsec OpenVPN Captive Portal webGUI Wireless SNMP Documentation Development Gaming Virtualization Hardware Bounties Retired
  117.9k
  Topics
  742.0k
  Posts

  J

  @sessh said in Layer 2 connection issue with Android to PC app:

  this app works by allowing connections between devices on the same Layer 2 broadcast domain and as such

  Which would have zero to do with pfsense, zero!

  What are you using for wifi?

  So your pc is connected to pfsense via a wire.. Where are you running sweech, on your phone, a tablet? How is on this same network as your pc? You running some wifi router, an AP?

• pfSense Packages

  Discussions about pfSense software packages

  Cache/Proxy IDS/IPS Traffic Monitoring pfBlockerNG UPS Tools ACME FRR Tailscale WireGuard
  19.7k
  Topics
  124.8k
  Posts

  K

  @bmeeks
  but I can see different file names available for registered and subscriber, I may be wrong but from what I can see these is the files

  registered: snortrules-snapshot-29161.tar.gz

  subscription: snortrules-snapshot-29181.tar.gz

• pfSense International Support

  Discuss pfSense in other languages

  Chinese Deutsch Español Français Indonesian Italiano Russian Nederlands Norwegian Portuguese Polish Romanian Swedish Turkish
  42.3k
  Topics
  265.9k
  Posts

  S

  @Markus4210
  hast Du mehrere WANs?

  Ich würde beim VPN Client bei (Schnittstelle) mal "any" einstellen (oder wie auch immer das im deutschen heißt), wenn er sonst auf ein anderes WAN wechselt würde er fest hängen. Den Fehler habe ich mal vor Jahren gemacht und durfte auch 300 km fahren :)

• Official Netgate® Hardware

  Information about hardware available from Netgate

  2.4k
  Topics
  19.2k
  Posts

  N

  @stephenw10 That's built-in and I never had any issues with it on any other site:

  363bf467-7bb9-43bb-bbb6-e53d8775ebf3-image.png

• Netgate Announcements

  Information about hardware available from Netgate

  44
  Topics
  210
  Posts

  G

  @LesserBloops said in Netgate Security Advisory: CVE-2024-6387:

  I had no idea System_Patches existed until happening upon this thread

  Yeah .... well, scrap what's I've said above.
  I'll rephrase, and express my real opinion :
  It must be a package, so when an update exists, it will get flagged on the dashboard as 'update == patches' exist. That's the great thing about the pfSense package system.
  I was wondering : why isn't this build into pfSense directly ? But that would mean that there will be another thing to check, pfSense packages updates and patches updates. Another dashboard widget ?
  So : upon pfSense installation : advise the user to pick this package ?
  Or, don't signal the admin, and install the package without admin consent ?
  Humm, maybe not ...

  Right now, any package is installed with admin consent, as you have to install them 'ones'.

  Parches proposed by this package are only mostly 'quality of live' amelioration. But ones in a while they are a must have, as it solves a real issue. Then the question doesn't exist anymore : people will find the forum for support, will find that there is a solution ... a patch, and so on ...

  Real issues, like urgent software updates like (example) curl, unbound nginx etc etc (tyhese are not pfSense packages, but FreeBSD packages ! - or FreeBSD updates ported to their pfSense equivalent by Netgate ) are already getting updated using the command line ( SSH or console !! ) option 13.

  @LesserBloops : I've got one for you : Auto update check, checks for updates to base system + packages and sends email alerts
  "Install" that one also. You maybe not knowing it, but you need it 😊
  Btw : you will need to install the Cron pfSense package.

  This script file tells me, as I receive a mail, if anything has an upgrade waiting. Even pfSense itself.

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  Forum Feedback Community Job Board
  3.4k
  Topics
  18.4k
  Posts

  S

  @disi1 said in Feedback request on home network design:

  if I enable QoS for VLAN30, it is also applied on the WAN interface for all traffic?

  Shaping on WAN out is after the NAT happens, so either you have to make a pass rule on VLAN30 with your queue/limiter, or you have to jump through a couple hoops to "tag" packets from ILYA in order for pfSense to know which they are as they go out WAN.
  https://docs.netgate.com/pfsense/en/latest/trafficshaper/advanced.html#shaper-rule-matching-tips

  "To match by a private address source outbound in WAN floating rules, first tag the traffic as it passes in on a local interface. For example, match inbound on LAN and use the advanced Tag field to set a value, and then use the Tagged field on the WAN-side floating rule to match the same connection as it exits the firewall. Alternately, queue the traffic as it enters the LAN with a pass rule instead of when it exits a WAN."

  re: inspecting encrypted traffic, the PC would need to trust a cert on the proxy which decrypts the traffic. So, could be an issue for phones or other devices. I know the Bitdefender GravityZone we use for clients can do that on the PC by adding its own cert to Windows and then it intercepts traffic on the PC.