Categories

• TNSR

  Discussions about TNSR

  • TNSR Announcements
  • TNSR Feedback
  • Problems Installing or Upgrading TNSR Software
  453 Topics

  1k Posts

  S

  I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

  What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

  When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

  interface bridge domain 10
  flood
  uu-flood
  forward
  learn
  exit

  int Interface1
  bridge domain 10
  enable
  exit
  int Interface1.22
  bridge domain 10
  enable
  exit
  interface loopback bridgeloop
  instance 1
  exit
  interface loop1
  ip address 10.25.254.1/24
  bridge domain 10 bvi
  enable
  exit

  I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

  Thanks,
  Shawn

  For background:
  On TNSR device1:
  Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
  Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
  Interface3 is connected to a second switch and has no IP address

  TNSR device2 :
  Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

  Interface 2 is connected to the 2nd switch and has no IP address

  Interface 3 is connected to the first switch and has no IP address

  As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

• pfSense® Software

  Discussions about pfSense Software, click a category below

  • Messages from the pfSense Team
  • General pfSense Questions
  • Multi-Instance Management
  • Problems Installing or Upgrading pfSense Software
  • Firewalling
  • NAT
  • HA/CARP/VIPs
  • L2/Switching/VLANs
  • Routing and Multi WAN
  • Traffic Shaping
  • DHCP and DNS
  • IPv6
  • IPsec
  • OpenVPN
  • Captive Portal
  • webGUI
  • Wireless
  • SNMP
  • Documentation
  • Development
  • Gaming
  • Virtualization
  • Hardware
  • Bounties
  • Retired
  120k Topics

  762k Posts

  E

  BACKGROUND

  With 2.7.2 CE, I have a USB flash drive with my most recent config.xml file for an emergency offline restore in case my appliance fails. It automatically install pfSense and my config.xml file during installation.

  The reason is if my appliance fails (for what ever reason), since pfSense hosts all my services (DNS, DHCP, routing, etc.) I will loose access to devices on my network and internet until I have a working pfSense appliance. The only time I have needed to use is when upgrading my pfSense appliance.

  2.7.2 CE README.txt

  Note: I simply dropped the config.xml in the root folder and confirmed it works.

  Restoring an Existing Firewall Configuration (amd64) ---------------------------------------------------- An existing configuration file (config.xml) can be restored during the installation process. Place a copy of the config.xml file on this FAT partition, in this directory or under X:\conf\config.xml where X: is the letter of this drive. At the end of the installation process, this file will be copied to the target drive and used in place of the default configuration. Packages will be restored after the firewall boots with the new configuration in place.

  MOVING FORWARD

  Now that Netgate only offers an online installer, I loose the ability to perform an emergency offline install.

  OPTIONS

  Create a bootable USB flash drive with an disk image of my install to allow offline emergency restore. - TBD Use the online installer with my config.xml and figure out how to get the appliance on the internet (Laptop on hotspot, appliance bridged to my laptop via wired Ethernet, etc.) - PITA Simply resort to installing pfSense on a cold spare appliance and test swapping it out. - Advantage is I can get all the packages and patches installed, plus update Tailscale and its keys. Figure out how to set up HA with a second appliance. - Additional power consumption and learning curve.

  QUESTION

  Has anyone figure out a way to make a bootable USB flash drive with an disk image of an install to perform an emergency offline install?

  If not, I guess #3 is my only other easy option.

• pfSense Packages

  Discussions about pfSense software packages

  • Cache/Proxy
  • IDS/IPS
  • Traffic Monitoring
  • pfBlockerNG
  • UPS Tools
  • ACME
  • FRR
  • Tailscale
  • WireGuard
  20k Topics

  127k Posts

  D

  on HAProxy I have multiple backends and cookie based persistance. How can I add to the cookie response the samesite value "SameSite=Lax"? Looking on the UI I do not see anything like that

• pfSense International Support

  Discuss pfSense in other languages

  • Chinese
  • Deutsch
  • Español
  • Français
  • Indonesian
  • Italiano
  • Russian
  • Nederlands
  • Norwegian
  • Portuguese
  • Polish
  • Romanian
  • Swedish
  • Turkish
  43k Topics

  267k Posts

  E

  @esquire1968-0

  Puh, war jetzt mal davon ausgegangen, dass der Host bei dir in der Wihnung, der Firma steht. Viel kann man bei dem was das in deinem Bild zu sehen ist an virtueller Hardware auch nicht konfigurieren.

  1 GB empfinde ich an RAM inzwischen aber als recht wenig.

  Konkrete Ideen habe ich da jetzt keine, außer mal mind. 2GB RAM zu testen. Meine virtualiesierte pfsense hat 6GB.

  Ich würde mich mal an den Support von Netcup wenden.

• Official Netgate® Hardware

  Information about hardware available from Netgate
  3k Topics

  20k Posts

  G

  @jdstlnet

  According the BIOS, the boot order seems fine : the first partition called pfSense (on da0p1) is most probably your pfSense 24.11.
  What happens when you boot into that partition ?

  @jdstlnet said in Netgate 4200 - Another stuck on orange status (standby):

  sudo screen -U -A /dev/cu.usbserial-02786962 115200,-ixoff

  I never used 'screen', I'm a Putty man myself (or any other native 'terminal' client that support also plain dumb serial connections.

  I'm pretty sure screen can log to a file what you see on the screen, so you'll always have the history of what was shown.

  What happens when you boot ?

  You are aware that there are 'many' forum threads about worn out drives ? (because drives can die, they did so in the past, they still do).
  Worst case scenario : you'll find forum threads that tell you how to change the drive, if needed. While doing so, take a big SSD - so you'll wind up with something that is comparable with the "4200 MAX" and you'll be good for decades to come.

• Netgate Announcements

  Information about hardware available from Netgate
  44 Topics

  211 Posts

  A

  It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  • Forum Feedback
  • Community Job Board
  3k Topics

  19k Posts

  S

  I don't know how Truenas would set that up but in Proxmox you could add an address to the bridge and use that to access Proxmox. It could be dhcp or static. I would probably leave it as dhcp and set a static dhcp lease in pfSense so it always get the same IP address.

  Just to be clear though that is config in Proxmox it is not a bridge in pfSense.