• Load balancing not working with Wireguard client

    21
    0 Votes
    21 Posts
    2k Views
    M
    @rikazkhan Your message was just a quote. Did you mean to add something ?
  • Is there a clear and complete recipe for ipv6 multi-wan

    1
    1 Votes
    1 Posts
    160 Views
    No one has replied
  • Gateway Monitor 100% Traffic Loss for Monitor IP

    4
    0 Votes
    4 Posts
    346 Views
    johnpozJ
    @manjotsc glad you got it sorted, and thanks for explaining what the actual problem was - this for sure helps the next guy!
  • Unable to ping 1.1.1.1 and 8.8.8.8 from LAN all other pings work

    12
    0 Votes
    12 Posts
    2k Views
    johnpozJ
    @klubar well I would just delete the other route as well to see if they come back. The only thing that I recall where routes like that would be set is if had set dns per interface. With the gateway, see my dropdown that says none above.. And I thought that if you allowed dns to be overriden by dhcp it could add a route there too Maybe one of those things is where they got added, but never got deleted.. I would just delete the other route, and make sure next time you reboot that they don't come back. Are they using dns to resolve what they should ping to see if hey have internet? Not a fan of company XYZ using some other service to check if your device you sell has an internet connection.. And you sure and the heck shouldn't hard code IPs.. If you want to check if your device you sell to people can get to the internet it should use what ever dns was provided to your device by either dhcp or set on it and look up some fqdn that you the company controls.. If you then want it to ping that IP, it should be pinging your resource not some other companies IP.. NTP is in line with this as well - if you making a device that will want/use ntp.. And you want to point it to the ntp pool, then get with ntp org and get your own vendor fqdn.. And if your just going to point to ntp in general, don't for F sake point to your country code..When the device is going to be used in different country.. I had one of those smart wifi plug things, still do actually just use it when put out the xmas lights. But clearly the thing is not going to be used in the UK.. We use different power plugs, so there is no freaking way I bought this in the uk and just using it in the us.. But it wants to check its time with the uk.ntp pool.. So I created a host override for what is was looking for.. [image: 1714671290374-ntp.jpg] Just pure laziness if you ask me, or they are hiring the cheapest developers they can hire? Or they have some developer and said hey make this work by tmrw we need to start shipping them out next week.. And failed to even give him any parameters or where it might be used.. Hey have it check ntp time while your at it ;) My other pet peeve is these iot devices that have zero dns cache.. Ok we know you want to talk to fqdn xyz.. But do you really need to ask dns every 2 seconds for it, when you were just given the answer 10 seconds with a ttl of 24 hours ;) I mean it takes really nothing to store the dns record for the next time you want to go there in 2 seconds.. You don't have to store 10k records you need to store the handful you might be wanting to talk too.. Well now I have just gotten off on a rant, sorry ;)
  • different clients go through different gateways

    14
    0 Votes
    14 Posts
    1k Views
    T
    @heliop100 I think you have to give permission - route - to the LAN segment to go out each of the gateways. This is done under firewall, NAT, Outbound. Usually it is recommended before adding rules to select manual then save. Then start adding rules for routing. [image: 1714666796595-untitled.jpg]
  • HA, gateway groups and firewall's default route.

    11
    0 Votes
    11 Posts
    927 Views
    M
    @viragomann said in HA, gateway groups and firewall's default route.: Is it this, why you were looking for localhost? Not OpenVPN, but the outbound connections from the firewall itself. In the documentation, localhost should be 'NATted' to interface IP address, which is OK, this part is clear to me. What wasn't clear to me is if I should have created a new gateway group, using Interface address, to use as the default route of the firewall. However, since it doesn't translate anything and everything is working, including IPsec, I'll leave as it is right now, everything using the same gateway group, that has the CARP IP there. Note that without those CARP IPs in the gateway group, IPsec tunnels won't go up.
  • WireGuard Zugriff auf Fritz!Box

    6
    0 Votes
    6 Posts
    386 Views
    N
    Gut, denn das sollte einfach so funktionieren, wenn die IP der Fritz im Netz liegt was durch den VPN Tunnel geroutet wird. Also Route in die Fritz mit Ziel pfSense für das gleiche netzt und auf geht es.
  • Not Getting IP Address from Cable Modem

    12
    0 Votes
    12 Posts
    2k Views
    M
    @Dobby_ Yes, this is how we are setup. There is not a static IP address, but the cable modem assigns an address to the WAN port on the pfsense router through DHCP. This has been stable for several years before it suddenly stopped working and showed an IP address of 0.0.0.0. Since MAC spoofing solves it, I think the cable modem or ISP is somehow locking the old MAC address and excluding it.
  • Multiple local networks with multiple vpn connections

    1
    0 Votes
    1 Posts
    120 Views
    No one has replied
  • 0 Votes
    1 Posts
    135 Views
    No one has replied
  • 2 gateways showing identical IP ?

    6
    0 Votes
    6 Posts
    381 Views
    M
    @madbrain I rebooted one more time, and the problem went away - Verizon gateway no longer showed. Very strange. It's an intermittent problem. I decided to remove the USB Realtek 8156B NIC, and replace it with a PCI-E Intel I-225V (B3) that I bought at Central Computers earlier today. This necessitated shutting down the machine to insert the PCI-E card. During the next boot, this is what the interface assignment screen looked like (MAC adresses omitted) : [image: 1714104594603-58150e9e-53b2-46dd-81e9-09f2c62e0d3d-image-resized.png] As you can see, both the Comcast and Verizon interfaces are assigned to the same ix0 network port. Previously, Verizon was assigned to the ue0 network port for the RTL8156B. That port no longer exists since the USB NIC was unplugged. It is a bit disconcerting to see two interfaces on the same NIC, to say the list. Not sure what the right behavior should be, though. Maybe have the interface be unbound (no network port) ? So far, I am not seeing the same issue with all 4 Ethernet ports using Intel NICs (motherboard 1 Gbe, X550-T2 2 x 10 GBe, I225-V (B3) 2.5 Gbe), but it's only been a few minutes.
  • using 2nd public IP subnet

    3
    0 Votes
    3 Posts
    218 Views
    G
    @viragomann perfect - thank you for the response
  • LAN traffic to Staging page?

    1
    1 Votes
    1 Posts
    104 Views
    No one has replied
  • Direct web browser access to device on OPT2?

    1
    0 Votes
    1 Posts
    117 Views
    No one has replied
  • Routing to another subnet through new gateway inside the server's network

    2
    0 Votes
    2 Posts
    187 Views
    V
    @ssppcc You just need to add a static route for the docker subnet. So in System > Routing > Gateway add a new gateway within the server network with the IP 10.0.200.8. Then go to the Static routes tab and and a new static route for 10.31.0.0/16 and state the gateway you've created before.
  • Force gateway group NOT to fail back

    5
    0 Votes
    5 Posts
    364 Views
    D
    @Gblenn I teach daily, days and nights so my occurrences are likely more visible. Typically, it fails over to Tier 2 and often is unnoticable. (I find out later looking at logs.) However, on this latest instance, the Tier 1 was flapping and zoom reported my connection was unstable. Students reported poor audio and video. It was only resolved by changing the backup to Tier 1 and restarting zoom. Later that night my main connection stabilized. so naturally I'm thinking it is trying to switch back as soon as Tier 1 is available. I will test to verify.
  • PfSense HAProxy certificate export import

    57
    0 Votes
    57 Posts
    10k Views
    V
    @viragomann I’ll work on that and some spare time Another quick question from another Bundoo machine and two other windows machines I’m not able to get a SSL connection to the Qnap machine even though I imported the CA certificate into the browsers this goes for chrome and Firefox getting a machine reboot cleared cookies and data from browsers. Any suggestions on this one? Thank you,
  • Pfsense port forwarding across Wireguard VPN - Asymmetric routing issue

    3
    0 Votes
    3 Posts
    1k Views
    Tom5051T
    @viragomann I figured it out in the end. The guide I followed to setup the site to site wireguard tunnel specified not setting the upstream gateways on the tunnels and using static routes to avoid double nat. It also stops reply-to working correctly.
  • How to force a client to only have access to WAN1?

    4
    0 Votes
    4 Posts
    364 Views
    M
    @SteveITS Indeed that was the issue! You're a legend mate, I've been struggling with this for almost a week now, whats even worse is that I scoured the docs and still somehow managed to miss the bit you highlighted for me ‍️
  • Route subnet through VPN Client - Outbound NAT

    10
    0 Votes
    10 Posts
    930 Views
    U
    @viragomann Super - and thanks for the patience anf final explanations
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.