• 0 Votes
    3 Posts
    308 Views
    GertjanG

    @jaybee32

    Something has changed recently ....

    You saw this :

    cab5bb5f-a430-4633-a13f-60b820c27d8f-image.png

    ?

    I'm not using the CE myself, but what about testing the newer, upcoming 2.8.0 ?

  • DNS FQDNs not resolving from DMZ side of pfSense

    2
    0 Votes
    2 Posts
    140 Views
    GertjanG

    @drhans

    This server uses the DMZ interface as the DNS destination ?
    Check : can you see DNS coming into the DMZ interface ?

    Does the resolver listen on the DMZ interface for DNS requests ?

    Do you allow DNS traffic (port 53, TCP and UDP, destination "DMZ Address") on the DMZ interface ?

  • Domain Controller resolution over IPSec

    14
    0 Votes
    14 Posts
    631 Views
    C

    @SteveITS these aren't actually mobile clients, this is a site to site IPSec.

    But yeah I think we agree the way to go here is to specifically assign the DC as DNS one way or another. Since I control DHCP on both sides, that seems to be the way to go in this case.

  • 0 Votes
    5 Posts
    304 Views
    T

    To add some more information:

    I only used configuration settings which are available via GUI. in the dhcp log: I get warnings when kea dhcp service starts: Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 16, queue size: 64 Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
  • kea dhcp server in HA mode drops 50% of dhcp requests

    1
    0 Votes
    1 Posts
    140 Views
    No one has replied
  • 0 Votes
    1 Posts
    89 Views
    No one has replied
  • 0 Votes
    16 Posts
    1k Views
    johnpozJ

    @pjaiswal0231 said in Switch Doesn't accept DHCP Lease after Pfsense service gets boot late after the switch is already booted.:

    i changed from auto negotiation to 100 full duplex according to my switch

    So this dumb switch is also ancient - 100 full duplex.. ouch..

  • Wireguard not resolving DNS.

    2
    0 Votes
    2 Posts
    179 Views
    Bob.DigB

    @horsesteroids said in Wireguard not resolving DNS.:

    Not able to ping IPs such as 8.8.8.8

    That is an ip-address, no DNS involved here. So your problems are bigger than your title is telling. Maybe search for a better tutorial.

  • add host to pfsense

    2
    0 Votes
    2 Posts
    158 Views
    GertjanG

    @WEAREHEREFORIT

    I'll answer in the reverse order :

    @WEAREHEREFORIT said in add host to pfsense:

    Can i add the host to PFsense somehow?

    If, and only f, your pfSense LAN devices are using pfSense as their DNS server (or source), then an easy solution exists :

    Goto the bottom of this page : Services > DNS Resolver > General Settings

    0365dbef-abd8-469f-8ba0-d61637cbbc39-image.png

    (I added 'aa' before the namle so it gets sorted at the top )

    Hit save, Then, at the top of the page : Apply and done.
    Nearly.
    Because now, welcome to your new live : you do things, and then you test them.

    Go to some PC on your network :
    Enter a dos or command box:
    Type :

    nslookup galenclinicas.mywebsite.com

    and admire the result.

    Why does this work ?
    Easy.
    Type

    ipconfig /all

    and you'll see something like this :

    Serveurs DNS. . . . . . . . . . . . . : 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c 192.168.8.1 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c NetBIOS sur Tcpip. . . . . . . . . . . : Activé

    You see the 192.168.8.1 ?
    That your pfSense.
    So, when you use enter a host name like 'www.facebook.com' or 'galenclinicas.mywebsite.com' on your PC (with a browser, probably) the PC will ask the DNS server 192.168.8.1 to do the resolving.
    And that's where the magic kicks in : you told the pfSense Resolver what IPv4 to return when "galenclinicas.mywebsite.com" is used as a host name.

    Btw : this isn't a "pfSense" solution. Your ISP router can - most probably - do the same. Any other router out, with DNS capabilities, there do the same.

    Btw : If your PC uses some other DNS like 8.8.8.8 or 1.1.1.1 or something else as a DNS source (server) then ..... yeah, you have a problem. [ as you can't call them to say "Hey, if "galenclinicas.mywebsite.com" is asked for, can you please return 192.168.8.12 ? ]

    @WEAREHEREFORIT said in add host to pfsense:

    but it's not registered in the Cpanel of the domain

    And why not ?
    ( less important, what is a cpanel ? )

    If you know something about these 192.168.8.x - it's a RFC1918 network/IP, the you know that these IP addresses are not routable over the Internet.
    You have to use your WAN IP as the IPv4.
    If your "mywebsite.com" or "www.mywebsite.com" is already accessible from the Internet, you know what to do. The same pfSense NAT rule will be used.

    Btw : "NAT rules" isn't a pfSense thing neither. Every router box (ISP etc) on planet earth can do NAT since .... a bit before 1980 or so. I bet your are not new to this 👍

  • Kea DHCP Server config changes not applied until reboot

    15
    0 Votes
    15 Posts
    949 Views
    GertjanG

    @KB8DOA said in Kea DHCP Server config changes not applied until reboot:

    Had it happen again.

    If you have some spare moments, run this while using ISC, and Kea :

    7526decc-6b7f-44a0-a722-bc7d827070b1-image.png

    and hit the start button.

    You'll see the DHCP "client" requests in real time, the ones reaching your pfSense DHCP server, and the DHCP server answers.

  • Please explain these log messages

    11
    0 Votes
    11 Posts
    571 Views
    gregeehG

    @skogs - Many thanks for you comments, it's most appreciated.

    Recently I have written a script that pings the failing devices every 15 secs and logs the failures and when the connection returns. There's no pattern, unlike yourself, but they generally all fail, and communications return, at the same time which does sound like a network issue of some sort as I would not expect all the devices to intermittently fail at the same time. These disconnects and connects are also seen in the Unifi Network Application.

    My present AP is an 8 year old Unifi AC-Lite and I'm going to take your advise and temporarily replace it with a Modem/Router in AP Mode that I have in the cupboard. It's not a new device but it will hopefully shine some light on the issue, one way or another.

    My other option is just replace the AC-Lite with the Unifi 6 Plus.

    Thanks once again for your input.

    Greg

  • 0 Votes
    7 Posts
    683 Views
    A

    As the original poster, I wanted to supply an update. Somehow the Yealink phone "took over" the identity of the Synology NAS device. (I don't have any more precise of a definition than that right now). The effect is that a Datto Backup Appliance that takes incremental backup of the Synology appliance started erroring out in mid-March. When I looked at the Datto appliance, it was trying to connect to the IP# that was (now) the static number of the Yealink phone to initiate the agent to trigger a backup. It's almost like something was using MAC Masquerade...

    Apart from that I have nothing more to share on this. I just wanted to get the things working and move on to other tasks.

  • KEA dhcp not controlling acess as used in previous versions.

    6
    0 Votes
    6 Posts
    310 Views
    bmeeksB

    @Ramosel said in KEA dhcp not controlling acess as used in previous versions.:

    Is this the appropriate venue for this bug report or should this be input elsewhere??

    Bug reports should be made to the pfSense Redmine site here: https://redmine.pfsense.org/projects/pfsense. That is the official site where the developers track bugs. Posting on the forum generally will not specifically bring a bug to the attention of the developers.

  • Unbound Service Hanging After Upgrade to pfSense 2.7.2 (CE)

    3
    0 Votes
    3 Posts
    213 Views
    GertjanG

    @JP-IIIT

    Go one level up in the forum and check how many are posting about 'unbound hangs' or 'fails' or needs to be 'restarted' ?
    Give this a thought : how many 2.7.2 are there out there ? Hundreds of thousands. Does unbound 'fail' for them ? Noop. Why would it for you ?
    True, unbound does restart a couple of times per week (?) see these (my) graphs, it shows she memory used. Every time it drops to zero : it was restarted.
    It wasn't crashing, it was ordered to restart by 'pfBlockerng', as I use pfBlockerng. Totally normal, as pfBlockerng can reload / update DNSBL, and if the news ones contain new host names, then unbound has to restart so they will be taken i account.
    Most of my unbound restarts are actually not pfBlockerng, it's because I change the settings, also know as : messing around with pfSense, trying out new thinks.

    About "Service Watchdog" : don't use it. You don't need it. Its a developer package, and can do more harm as help.
    Example : Your unbound gets restarted. That's ok, it takes a couple of seconds, no one will notice it ^^
    But what happens a fraction of a second later : "Service Watchdog" detects that unbound isn't running.... so it does what it was told to do : it starts unbound .... which was already in the start phase ... now you have two instances running .... and you've just managed to make things 'in-stable' with race conditions, and only lighting up candlers and other scarifies wills ave you know.
    ( and you'll know now it's the admin creating the issues .... (as always) ^^ )

    unbound dying on you 'without notice' niether reason ? Noop. People didn't look, for the reason, that's all.

    So, tell us how you use unbound, you you've set it up, and we'll help you locating the issue.

    Btw : default 'Netgate' pfSense DNS settings are perfect, you should try it 😊

  • DNS Resolver outgoing interface list with site-to-site VPN

    2
    0 Votes
    2 Posts
    133 Views
    JonathanLeeJ

    @jhg OpenVPN has options for DNS have you looked at hard setting them?

  • Prevent ISP from adding DNS servers via WAN DHCP

    2
    0 Votes
    2 Posts
    260 Views
    johnpozJ

    @jhg not like everyone doesn't know what the comcast dns servers are - they have been the same IPs for years and years. 75.75.75.75 and 75.75.76.76, ipv6 2001:558:feed::1 and ::2

    So don't let dhcp override - and manually set them to hand out to your openvpn in the vpn settings.

  • 0 Votes
    9 Posts
    801 Views
    J

    @Gertjan I did take your suggestion of switching back to "ALL" outgoing interfaces, and things still work.

    So I'm going to chalk this up to the DNS resolver getting itself into a funky state over IPv6, which was corrected by restarting the resolver.

    If this happens again I'll crank up logging to see if anything interesting shows up in the logs.

    For now the issue is closed.

  • OpenVPN DNS working in one direction only

    3
    0 Votes
    3 Posts
    190 Views
    A

    @arad85 Needed to make sure outgoing n/w interfaces were set to All...

  • Subnet collapses periodically since 24.11-RELEASE

    38
    0 Votes
    38 Posts
    3k Views
    johnpozJ

    @vf1954 unless your running 25.03 beta and want to report stuff in that section. I see little point in pointing out what might be wrong with 24.11 version of kea. Now if your using what is about to come out, and you see problems - they still might be able to be fixed before release.

  • Need update for "PorkBun" Dynamic DNS Clients

    13
    0 Votes
    13 Posts
    1k Views
    M

    Ok. For those who need to fix that error before update comes out, here is an instruction for a solution:

    If you are on web interface: Open "Diagnostics" > "Edit File" Open file in /usr/local/pkg/acme/dnsapi/dns_porkbun.sh path Search for line which starts with PORKBUN_Api= (probably row 7) and change its value from "https://porkbun.com/api/json/v3" to "https://api.porkbun.com/api/json/v3" Save the file Rerun acme renewal process If you have access to CLI Open Shell Open vi editor for /usr/local/pkg/acme/dnsapi/dns_porkbun.sh file Search for line which starts with PORKBUN_Api= (probably row 7) Press i to (INSERT) and change value from "https://porkbun.com/api/json/v3" to "https://api.porkbun.com/api/json/v3" Hit Esc and save file with :wq! Go back to Web interface and rerun acme renewal procedure
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.