Categories

• TNSR

  Discussions about TNSR

  TNSR Announcements TNSR Feedback Problems Installing or Upgrading TNSR Software
  422
  Topics
  1.3k
  Posts

  F

  @matlear DHCP relay is coming in 24.10.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  Messages from the pfSense Team General pfSense Questions Problems Installing or Upgrading pfSense Software Firewalling NAT HA/CARP/VIPs L2/Switching/VLANs Routing and Multi WAN Traffic Shaping DHCP and DNS IPv6 IPsec OpenVPN Captive Portal webGUI Wireless SNMP Documentation Development Gaming Virtualization Hardware Bounties Retired
  117.9k
  Topics
  741.9k
  Posts

  J

  Hello,

  I have PFSense virtualized with Proxmox. The proxmox host has the following specs:

  2x E5-2643 CPUs @ 3.30GHz 512GB ECC RAM 10TB Storage

  The PF Sense VM has been configured as follows:

  1 CPU with 8 Cores allocated, highest priority VM - set to Host CPU instead of emulating a CPU type. 16GB dedicated (non balooned) RAM 128 GB Hard Disk Intel X550-T2 NIC passed thru directly to the VM for the WAN connection Intel X540-T2 NIC passed thur directly tot he VM for the LAN connection

  Speeds struggle - I get around 2500 Down and 2800 Up. If I connect directly to the ISP modem, I get 4500down and 4500 up on average.

  The ISP does not use PPPoE, it's a /29 static block.

  Is there a configuration issue or does the hardware as it's configured not support this speed? If it's a hardware issue, is there a lower priced small form factor computer that'll do better?

  Thanks

• pfSense Packages

  Discussions about pfSense software packages

  Cache/Proxy IDS/IPS Traffic Monitoring pfBlockerNG UPS Tools ACME FRR Tailscale WireGuard
  19.7k
  Topics
  124.8k
  Posts

  F

  Hi , i'have an error when execute the app nextcloud in iOS . You can view this error in attachment . I' afraid this is an error of to redirect incorrect .
  Screenshot 2024-10-25 alle 16.18.35.png

• pfSense International Support

  Discuss pfSense in other languages

  Chinese Deutsch Español Français Indonesian Italiano Russian Nederlands Norwegian Portuguese Polish Romanian Swedish Turkish
  42.3k
  Topics
  265.9k
  Posts

  K

  @ato77
  detta così boh, se quella aggiuntiva è migliore e più performante direi di usare quelle piuttosto di lasciarle inutilizzate

• Official Netgate® Hardware

  Information about hardware available from Netgate

  2.4k
  Topics
  19.2k
  Posts

  S

  @NopIt just to add on, firmware access and TAC Lite is free for Netgate hardware.

  https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html

• Netgate Announcements

  Information about hardware available from Netgate

  44
  Topics
  210
  Posts

  G

  @LesserBloops said in Netgate Security Advisory: CVE-2024-6387:

  I had no idea System_Patches existed until happening upon this thread

  Yeah .... well, scrap what's I've said above.
  I'll rephrase, and express my real opinion :
  It must be a package, so when an update exists, it will get flagged on the dashboard as 'update == patches' exist. That's the great thing about the pfSense package system.
  I was wondering : why isn't this build into pfSense directly ? But that would mean that there will be another thing to check, pfSense packages updates and patches updates. Another dashboard widget ?
  So : upon pfSense installation : advise the user to pick this package ?
  Or, don't signal the admin, and install the package without admin consent ?
  Humm, maybe not ...

  Right now, any package is installed with admin consent, as you have to install them 'ones'.

  Parches proposed by this package are only mostly 'quality of live' amelioration. But ones in a while they are a must have, as it solves a real issue. Then the question doesn't exist anymore : people will find the forum for support, will find that there is a solution ... a patch, and so on ...

  Real issues, like urgent software updates like (example) curl, unbound nginx etc etc (tyhese are not pfSense packages, but FreeBSD packages ! - or FreeBSD updates ported to their pfSense equivalent by Netgate ) are already getting updated using the command line ( SSH or console !! ) option 13.

  @LesserBloops : I've got one for you : Auto update check, checks for updates to base system + packages and sends email alerts
  "Install" that one also. You maybe not knowing it, but you need it 😊
  Btw : you will need to install the Cron pfSense package.

  This script file tells me, as I receive a mail, if anything has an upgrade waiting. Even pfSense itself.

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  Forum Feedback Community Job Board
  3.4k
  Topics
  18.4k
  Posts

  S

  @disi1 said in Feedback request on home network design:

  if I enable QoS for VLAN30, it is also applied on the WAN interface for all traffic?

  Shaping on WAN out is after the NAT happens, so either you have to make a pass rule on VLAN30 with your queue/limiter, or you have to jump through a couple hoops to "tag" packets from ILYA in order for pfSense to know which they are as they go out WAN.
  https://docs.netgate.com/pfsense/en/latest/trafficshaper/advanced.html#shaper-rule-matching-tips

  "To match by a private address source outbound in WAN floating rules, first tag the traffic as it passes in on a local interface. For example, match inbound on LAN and use the advanced Tag field to set a value, and then use the Tagged field on the WAN-side floating rule to match the same connection as it exits the firewall. Alternately, queue the traffic as it enters the LAN with a pass rule instead of when it exits a WAN."

  re: inspecting encrypted traffic, the PC would need to trust a cert on the proxy which decrypts the traffic. So, could be an issue for phones or other devices. I know the Bitdefender GravityZone we use for clients can do that on the PC by adding its own cert to Windows and then it intercepts traffic on the PC.