Categories

• TNSR

  Discussions about TNSR

  TNSR Announcements TNSR Feedback Problems Installing or Upgrading TNSR Software
  440
  Topics
  1.4k
  Posts

  S

  I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

  What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

  When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

  interface bridge domain 10
  flood
  uu-flood
  forward
  learn
  exit

  int Interface1
  bridge domain 10
  enable
  exit
  int Interface1.22
  bridge domain 10
  enable
  exit
  interface loopback bridgeloop
  instance 1
  exit
  interface loop1
  ip address 10.25.254.1/24
  bridge domain 10 bvi
  enable
  exit

  I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

  Thanks,
  Shawn

  For background:
  On TNSR device1:
  Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
  Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
  Interface3 is connected to a second switch and has no IP address

  TNSR device2 :
  Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

  Interface 2 is connected to the 2nd switch and has no IP address

  Interface 3 is connected to the first switch and has no IP address

  As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  Messages from the pfSense Team General pfSense Questions Multi-Instance Management Problems Installing or Upgrading pfSense Software Firewalling NAT HA/CARP/VIPs L2/Switching/VLANs Routing and Multi WAN Traffic Shaping DHCP and DNS IPv6 IPsec OpenVPN Captive Portal webGUI Wireless SNMP Documentation Development Gaming Virtualization Hardware Bounties Retired
  119.7k
  Topics
  758.2k
  Posts

  P

  @jontheil said in VLAN assignment to LAN and Ubiquiti switch:

  The only thing I see with tcpdump is a lot of ARP reqests for DHCP clients.

  That is indeed confusing since it a) worked with the D-Link switch and b) should really work, after all VLAN100 is just another VLAN.

  Can you post a screenshot of the LAN interface when configured for VLAN100 and one of the working VLAN interface config and VLANs config? (Temporary allow access to the pfSense GUI from the guest or wlan VLAN).

  I have tried to setting port 4 to either native VLAN 1 or native VLAN 100 to no avail.

  I read that again and setting it to native VLAN100 on port 4 is never going to work, just leave it on native VLAN1.

  Setting it to native VLAN100 means setting the port 4 as an access port. All traffic entering untagged (from pfSense) will be tagged with VLAN100. But setting LAN to VLAN100 leaves pfSense traffic tagged with VLAN100.

  I also tested with simple ping from a labtop connected to either VLAN 1 or VLAN 10

  Can you set port 4 to native VLAN1 and the port you connect your laptop to to native VLAN100 and try again?

• pfSense Packages

  Discussions about pfSense software packages

  Cache/Proxy IDS/IPS Traffic Monitoring pfBlockerNG UPS Tools ACME FRR Tailscale WireGuard
  20.1k
  Topics
  126.9k
  Posts

  B

  @johnytb Show how your WAN is configured in pfSense.

• pfSense International Support

  Discuss pfSense in other languages

  Chinese Deutsch Español Français Indonesian Italiano Russian Nederlands Norwegian Portuguese Polish Romanian Swedish Turkish
  42.5k
  Topics
  266.8k
  Posts

  M

  @dorabiatto said in Como definir o MSS:

  e se eu setar MTU e MSS nas Interfaces WAN e LAN resolveria o problema?

  Se você setar na WAN, vai afetar todas as conexões e não apenas da VPN, perdendo performance.

  Se é uma conexão IPsec com problema, e se o outro lado suportar IPsec VTI, sugiro você usar VTI pois você pode configurar cada túnel com um MTU e MSS específicos.

  Ou, seta o MSS clamping nesse campo que te sugeri que já resolve.

  Se precisar de ajuda para descobrir o MTU e MSS adequados, avisa, posso ajudar.

• Official Netgate® Hardware

  Information about hardware available from Netgate

  2.5k
  Topics
  20.1k
  Posts

  S

  The external config loader tries to read da devices at boot to check for config files in root. That's probably what you're seeing there.

  So it just throws errors when you try to gpart destroy or zpool labelclear it?

• Netgate Announcements

  Information about hardware available from Netgate

  44
  Topics
  211
  Posts

  A

  It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  Forum Feedback Community Job Board
  3.5k
  Topics
  18.7k
  Posts

  N

  🔐 pfSense Authentication Monitoring System – Get Login Alerts via Email (Gotify Optional)
  Hey folks!

  I just released a lightweight monitoring solution for pfSense authentication events:
  👉 pfSense Authentication Monitoring System

  ✅ Features:
  Tracks successful and failed login attempts

  Sends email notifications using pfSense’s built-in SMTP system

  Optional: Sends Gotify push notifications if configured

  Avoids duplicate alerts by tracking processed log entries

  Easy to customize and set up

  ⚙️ How it works:
  A shell script scans /var/log/auth.log for new login entries

  When an event is detected, it sends an email (and Gotify message if configured)

  Can be run every few minutes using a cron job

  📦 Requirements:
  pfSense with shell access

  SMTP settings configured under System > Advanced > Notifications

  Optional: Gotify server for push alerts

  🛠️ Installation:
  Drop in two simple shell scripts, set a cron job, and you’re good to go.
  👉 Full setup instructions here:
  📎 https://github.com/ngfblog/pfLoginTracker