• add host to pfsense

    2
    0 Votes
    2 Posts
    156 Views
    GertjanG

    @WEAREHEREFORIT

    I'll answer in the reverse order :

    @WEAREHEREFORIT said in add host to pfsense:

    Can i add the host to PFsense somehow?

    If, and only f, your pfSense LAN devices are using pfSense as their DNS server (or source), then an easy solution exists :

    Goto the bottom of this page : Services > DNS Resolver > General Settings

    0365dbef-abd8-469f-8ba0-d61637cbbc39-image.png

    (I added 'aa' before the namle so it gets sorted at the top )

    Hit save, Then, at the top of the page : Apply and done.
    Nearly.
    Because now, welcome to your new live : you do things, and then you test them.

    Go to some PC on your network :
    Enter a dos or command box:
    Type :

    nslookup galenclinicas.mywebsite.com

    and admire the result.

    Why does this work ?
    Easy.
    Type

    ipconfig /all

    and you'll see something like this :

    Serveurs DNS. . . . . . . . . . . . . : 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c 192.168.8.1 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c NetBIOS sur Tcpip. . . . . . . . . . . : Activé

    You see the 192.168.8.1 ?
    That your pfSense.
    So, when you use enter a host name like 'www.facebook.com' or 'galenclinicas.mywebsite.com' on your PC (with a browser, probably) the PC will ask the DNS server 192.168.8.1 to do the resolving.
    And that's where the magic kicks in : you told the pfSense Resolver what IPv4 to return when "galenclinicas.mywebsite.com" is used as a host name.

    Btw : this isn't a "pfSense" solution. Your ISP router can - most probably - do the same. Any other router out, with DNS capabilities, there do the same.

    Btw : If your PC uses some other DNS like 8.8.8.8 or 1.1.1.1 or something else as a DNS source (server) then ..... yeah, you have a problem. [ as you can't call them to say "Hey, if "galenclinicas.mywebsite.com" is asked for, can you please return 192.168.8.12 ? ]

    @WEAREHEREFORIT said in add host to pfsense:

    but it's not registered in the Cpanel of the domain

    And why not ?
    ( less important, what is a cpanel ? )

    If you know something about these 192.168.8.x - it's a RFC1918 network/IP, the you know that these IP addresses are not routable over the Internet.
    You have to use your WAN IP as the IPv4.
    If your "mywebsite.com" or "www.mywebsite.com" is already accessible from the Internet, you know what to do. The same pfSense NAT rule will be used.

    Btw : "NAT rules" isn't a pfSense thing neither. Every router box (ISP etc) on planet earth can do NAT since .... a bit before 1980 or so. I bet your are not new to this 👍

  • Kea DHCP Server config changes not applied until reboot

    15
    0 Votes
    15 Posts
    924 Views
    GertjanG

    @KB8DOA said in Kea DHCP Server config changes not applied until reboot:

    Had it happen again.

    If you have some spare moments, run this while using ISC, and Kea :

    7526decc-6b7f-44a0-a722-bc7d827070b1-image.png

    and hit the start button.

    You'll see the DHCP "client" requests in real time, the ones reaching your pfSense DHCP server, and the DHCP server answers.

  • Please explain these log messages

    11
    0 Votes
    11 Posts
    556 Views
    gregeehG

    @skogs - Many thanks for you comments, it's most appreciated.

    Recently I have written a script that pings the failing devices every 15 secs and logs the failures and when the connection returns. There's no pattern, unlike yourself, but they generally all fail, and communications return, at the same time which does sound like a network issue of some sort as I would not expect all the devices to intermittently fail at the same time. These disconnects and connects are also seen in the Unifi Network Application.

    My present AP is an 8 year old Unifi AC-Lite and I'm going to take your advise and temporarily replace it with a Modem/Router in AP Mode that I have in the cupboard. It's not a new device but it will hopefully shine some light on the issue, one way or another.

    My other option is just replace the AC-Lite with the Unifi 6 Plus.

    Thanks once again for your input.

    Greg

  • 0 Votes
    7 Posts
    670 Views
    A

    As the original poster, I wanted to supply an update. Somehow the Yealink phone "took over" the identity of the Synology NAS device. (I don't have any more precise of a definition than that right now). The effect is that a Datto Backup Appliance that takes incremental backup of the Synology appliance started erroring out in mid-March. When I looked at the Datto appliance, it was trying to connect to the IP# that was (now) the static number of the Yealink phone to initiate the agent to trigger a backup. It's almost like something was using MAC Masquerade...

    Apart from that I have nothing more to share on this. I just wanted to get the things working and move on to other tasks.

  • KEA dhcp not controlling acess as used in previous versions.

    6
    0 Votes
    6 Posts
    303 Views
    bmeeksB

    @Ramosel said in KEA dhcp not controlling acess as used in previous versions.:

    Is this the appropriate venue for this bug report or should this be input elsewhere??

    Bug reports should be made to the pfSense Redmine site here: https://redmine.pfsense.org/projects/pfsense. That is the official site where the developers track bugs. Posting on the forum generally will not specifically bring a bug to the attention of the developers.

  • Unbound Service Hanging After Upgrade to pfSense 2.7.2 (CE)

    3
    0 Votes
    3 Posts
    212 Views
    GertjanG

    @JP-IIIT

    Go one level up in the forum and check how many are posting about 'unbound hangs' or 'fails' or needs to be 'restarted' ?
    Give this a thought : how many 2.7.2 are there out there ? Hundreds of thousands. Does unbound 'fail' for them ? Noop. Why would it for you ?
    True, unbound does restart a couple of times per week (?) see these (my) graphs, it shows she memory used. Every time it drops to zero : it was restarted.
    It wasn't crashing, it was ordered to restart by 'pfBlockerng', as I use pfBlockerng. Totally normal, as pfBlockerng can reload / update DNSBL, and if the news ones contain new host names, then unbound has to restart so they will be taken i account.
    Most of my unbound restarts are actually not pfBlockerng, it's because I change the settings, also know as : messing around with pfSense, trying out new thinks.

    About "Service Watchdog" : don't use it. You don't need it. Its a developer package, and can do more harm as help.
    Example : Your unbound gets restarted. That's ok, it takes a couple of seconds, no one will notice it ^^
    But what happens a fraction of a second later : "Service Watchdog" detects that unbound isn't running.... so it does what it was told to do : it starts unbound .... which was already in the start phase ... now you have two instances running .... and you've just managed to make things 'in-stable' with race conditions, and only lighting up candlers and other scarifies wills ave you know.
    ( and you'll know now it's the admin creating the issues .... (as always) ^^ )

    unbound dying on you 'without notice' niether reason ? Noop. People didn't look, for the reason, that's all.

    So, tell us how you use unbound, you you've set it up, and we'll help you locating the issue.

    Btw : default 'Netgate' pfSense DNS settings are perfect, you should try it 😊

  • DNS Resolver outgoing interface list with site-to-site VPN

    2
    0 Votes
    2 Posts
    132 Views
    JonathanLeeJ

    @jhg OpenVPN has options for DNS have you looked at hard setting them?

  • Prevent ISP from adding DNS servers via WAN DHCP

    2
    0 Votes
    2 Posts
    258 Views
    johnpozJ

    @jhg not like everyone doesn't know what the comcast dns servers are - they have been the same IPs for years and years. 75.75.75.75 and 75.75.76.76, ipv6 2001:558:feed::1 and ::2

    So don't let dhcp override - and manually set them to hand out to your openvpn in the vpn settings.

  • 0 Votes
    9 Posts
    782 Views
    J

    @Gertjan I did take your suggestion of switching back to "ALL" outgoing interfaces, and things still work.

    So I'm going to chalk this up to the DNS resolver getting itself into a funky state over IPv6, which was corrected by restarting the resolver.

    If this happens again I'll crank up logging to see if anything interesting shows up in the logs.

    For now the issue is closed.

  • OpenVPN DNS working in one direction only

    3
    0 Votes
    3 Posts
    182 Views
    A

    @arad85 Needed to make sure outgoing n/w interfaces were set to All...

  • Subnet collapses periodically since 24.11-RELEASE

    38
    0 Votes
    38 Posts
    3k Views
    johnpozJ

    @vf1954 unless your running 25.03 beta and want to report stuff in that section. I see little point in pointing out what might be wrong with 24.11 version of kea. Now if your using what is about to come out, and you see problems - they still might be able to be fixed before release.

  • Need update for "PorkBun" Dynamic DNS Clients

    13
    0 Votes
    13 Posts
    1k Views
    M

    Ok. For those who need to fix that error before update comes out, here is an instruction for a solution:

    If you are on web interface: Open "Diagnostics" > "Edit File" Open file in /usr/local/pkg/acme/dnsapi/dns_porkbun.sh path Search for line which starts with PORKBUN_Api= (probably row 7) and change its value from "https://porkbun.com/api/json/v3" to "https://api.porkbun.com/api/json/v3" Save the file Rerun acme renewal process If you have access to CLI Open Shell Open vi editor for /usr/local/pkg/acme/dnsapi/dns_porkbun.sh file Search for line which starts with PORKBUN_Api= (probably row 7) Press i to (INSERT) and change value from "https://porkbun.com/api/json/v3" to "https://api.porkbun.com/api/json/v3" Hit Esc and save file with :wq! Go back to Web interface and rerun acme renewal procedure
  • DDNS does not work

    9
    0 Votes
    9 Posts
    469 Views
    GertjanG

    @Felix-4 said in DDNS does not work:

    However, in this case it is necessary to update at least once a month to preserve your DNS name. Therefore, in the setup I have set it to "force update" every 20 days, and due to the certificate problem it fails.

    The pfSense 'dyndns' software will do a forced update after some (20 ?) days.
    You saw the cache file, it contains the latest successfully updated IPv4 and something else : a time stamp value.
    So pfSense knows when the last successful update happened, as it knows when to update based on the elapsed time.

    If you can edit the update URL that contains the https://dyndns.dk/....., change it for http://dyndns.dk/ and your issue is gone.
    True, now the traffic goes over http so its not encrypted anymore, but, imho, that's not a big deal.

  • iCloud Private Relay

    18
    0 Votes
    18 Posts
    3k Views
    DefenderLLCD

    @michmoor said in iCloud Private Relay:

    @DefenderLLC

    You're trying to get me again.......lol
    let me think about this.
    The biggest hurdle is converting these firewall rules. Thats a weekend task. Bad enough i have to do firewall migrations for my job but do it at home as well?

    I like to use pfSense and UniFi together. In fact, that’s the way I ran it for over two years. They introduced zone based firewall rules now, so things are much more granular than they ever used to be. I guarantee you it wouldn’t take you more than a day.

  • nip.io behind unbound on pfSense

    3
    0 Votes
    3 Posts
    181 Views
    S

    @johnpoz wow, great, thanks for the quick help! works already, wonderful.

  • kea-dhcp4 Kea DHCP Server broken

    Moved
    11
    0 Votes
    11 Posts
    3k Views
    D

    Well, not sure when i switched of to changing my DHCP server backend from ISC to Kea but that resolved it

    For who may be wondering why their DHCP is not assigning leases
    Step 1: Status > services > check if your dhcpd services are running or not
    Step 2: In case they were not (like for me) Advanced > Networking > Set Server backend to ISC

    Strange thing is despite using numerous 1-2month old backups, this sitting appears to not changed. I guess its something that isn't backed up?

    Anyways, was a fun headscratcher

  • DHCP relay over IPSEC VPN?

    27
    0 Votes
    27 Posts
    9k Views
    I

    Hello together.
    Seems almost 2 years later still an issue.
    I tried out the fix with the route, only change is, that I can now ping the remote-side from the diagnostic menu.
    DHCP Relay still not working.
    On the remote side the is no switch, it a virtualized network without any further setting possible.
    The issue might also be:
    You can have only one setting for DHCP-Relay.
    So if you have VLANs on the remote-side that need to communicate with the same DHCP-Server on the central side, the packets won't come from the respective VLAN-interface, and will be routed into the wrong scope of the DHCP.
    What also is weird, the local DHCP in the PFSense also isn't working, or so to speak only serving the LAN-Interface, not the VLAN-interfaces althoug activated on every interface.

  • DHCP leases status timeout

    9
    0 Votes
    9 Posts
    1k Views
    R

    Wow, thanks guys! This helped me get my DHCP leases page working again. I also had reverse lookups redirected to the domain controller DNS via 'Domain Overrides' on the DNS resolver page. Somehow that did time out. I remove the overrides, and now everything works smoothly. Now I just have to figure out how to repair the overrides, or whether I need the reverse lookups for Active Directory at all. Because they obviously didn't work for a while now, and I didn't see any issues so far...

  • Issue on wifi clients using DHCP KEA (Aruba AP22 access points)

    1
    0 Votes
    1 Posts
    185 Views
    No one has replied
  • The DHCPv6 relay sends an oddly formatted Interface-ID

    2
    0 Votes
    2 Posts
    273 Views
    gigabitguruG

    @Gorf Grab it from tcpdump or wireshark. It's truncated in the log. Should look something like this:

    a3ae9da6-984e-4f95-a702-54724bd12951-image.png

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.