Categories

  • Discussions about TNSR

    458 Topics
    1k Posts
    D
    Hi @Tyronejackson839, Thanks for the awesome advice! Your ACL tips worked perfectly—enabling fragment-checking and lean rules secured my nginx webserver without sacrificing performance. Really appreciate your detailed help! Best, David James | Founder of The Yes No Button!

  • Discussions about pfSense Software, click a category below

    120k Topics
    764k Posts
    C
    I would leave tun-mtu unset if you dont control both ends of the link and if the supplier has not told you to set it. The gist of it is this, if you set it below 1500, you will need working icmp mtu discovery, it also should be set same both ends of link, but if you dont have access to the other end of link you dont know what it is configured to. Typically you have a choice of either a lower tun-mtu, or a 1500/default tun-mtu combined with the fragment variable. mss you should probably specify for max-mss headers, or set it on the interface settings in pfsense so scrub adds the headers. you should always aim to use udp not tcp for openvpn. what might be reasonable in your case. #tun-mtu (not set) fragment 1400 mssfix 1400 mtu

  • Discussions about pfSense software packages

    20k Topics
    128k Posts
    D
    I recently start have trouble saving my HAProxy configuration due to a error. It keeps adding clientca_ in front of the SSL offload certificate name. On file level this file does not exist! I tested with both HA Proxy plugins, the regular and dev version. I tried to regenerate the SSL (Lets Encrypt) but this keeps happening. [ALERT] (45623) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_shared-frontend.pem' (No such file or directory). [ALERT] (45623) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:28] : 'bind 0.0.0.0:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_shared-frontend.pem Does anybody have the same behaviour? to be clear I have the 25.07-RC running. The relevant part of /var/etc/haproxy_test/haproxy.cfg frontend shared-frontend bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy_test/shared-frontend.crt_list ca-file /var/etc/haproxy_test/**clientca_**shared-frontend.pem verify required crl-file /var/etc/haproxy_test/**clientcrl_**shared-frontend.pem

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    Moty_pM
    hi all I have an OPT1 network and I can't install Portal Captive. I opened a rule in the firewall. I have config DHCP Sever and it on enable DNS resolver is on enable but i don't have ping to google.com or 8.8.8.8 also if Portal Captive it off i don't have ping(s) what can i do now? plz help ty :)

  • Information about hardware available from Netgate

    3k Topics
    20k Posts
    keyserK
    @stephenw10 said in SG-2100 packetloss in internal 5 port switch: Did you try enabling dot1q mode and trunking the VLANs through the internal switch on one port? Hard to see why that would be any different but.... Did you try a different external switch? Yes, I tried all combinations, and the issue remains as long as the builtin switch is the connection to the Internal aruba Switch.

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA
    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    AndyRHA
    @dennypage PoE is definitely on our feature list.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.