General pfSense Questions

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

J

Terrapin SSH Attack

• • jimp

33

16
Votes

33
Posts

20.4k
Views

S

@willowen100 It basically forces your ssh (on the Windows side) to utilize that encryption algorithm. You'll need to do that on any machine you ssh from.

I'd have rather found a more elegant workaround (preferably on the pfSense side, so the mod only has to be done in one location), but this works in a pinch.
I

pfSense Hangouts are available on YouTube!

• • ivor

1

5
Votes

1
Posts

10.5k
Views

No one has replied
J

Share your pfSense stories!

• • jdillard

76

0
Votes

76
Posts

48.7k
Views

V

Mine may be typical, maybe not.....
Took over a large sennior living facility with a pretty robust it infrastructure spread between 4 IT rooms, 23 access points, 12-14 switches, and 200 internal devices and 200 guest/resident devices, all being run by a Sonicwall TZ350. I had been wanting to reallign everything network wise for some time but the TZ had 2 ports that were failing. I had worked with ClearOS from back in the ClarkConnect days and started searching for something similar. I found PfSense and it just fit what I wanted to do.
I tested it a bit on an old Athalon64x2 rig for proof of concept and had planned on installing on a mini pc or something, but I wanted 6 nics. Standing in my main IT room I looked down and in the bottom of the rack were 4 HP DL380s, 2 of which were decommissioned 2 years ago. It's such huge overkill for hardware that it's hard to explain, but who wouldn't want redundant power supplies, raid 60 with 25 drives and remote system monitoring through ILO? lol

I spun one up and loaded PfSense and started tweaking. 2 weeks ago I switched over and have been working out gremlins since.. Overall it's gone well, just one snag that a couple members here have been very kind in helping me work out. Thank you to this page for all the help.

pfsense1.png
N

Questions about the future of pfsense 2.7 CE

• • Nitrobeast

16

0
Votes

16
Posts

365
Views

N

@michmoor said in Questions about the future of pfsense 2.7 CE:

ir question but i think its safe to say that CE is what i would describe as being in "maintenance mode". Short of system patches, I would not put much thought on when 2.8 will be released. They are working

The only feature I would like is vxlan but this is not a priority. Which I do not believe is not going to make it in pfsense.
J

24.11 not registered after NIC change

• • jrussell05

2

0
Votes

2
Posts

66
Views

S

Send me your NDI in chat I'll check it.

But, no, you would not need to reinstall if you had to register a new NDI.
Y

Unable to update repository pfSense

• • yon 0

29

0
Votes

29
Posts

4.2k
Views

S

Hmm, weird. Hard to imagine what could have caused that for pfSense but not clients behind it. 🤔
M

Connecting to server on a seperate LAN from camera connected to NVR wifi LAN

• • msurg

8

0
Votes

8
Posts

105
Views

J

@msurg well not sure that will even allow and route - and the manual is freaking huge..

But how you would setup pfsense to route to that 22 network is how same with any downstream router.

pfsense-layer-3-switch.png
C

How to block a website ?

• • cheleby

7

0
Votes

7
Posts

145
Views

C

thank you all
M

24.11-RELEASE Shows update available, but the update appears to be a beta release

• • mikek

10

0
Votes

10
Posts

218
Views

G

@Gertjan said in 24.11-RELEASE Shows update available, but the update appears to be a beta release:

edit : also : afaik : Here, very soon now, a 25.03 Beta release bulletin will be posted.

There it is : https://www.netgate.com/blog/tag/pfsense

and it's shows up on the dashboard :

9b54c578-ac85-4c71-9951-dbc77ef09d57-image.png
F

Rebooting Problem

• • fallenleavesgocrunch

5

0
Votes

5
Posts

107
Views

F

@stephenw10 I decided since I was going to do a completely clean install that I'd follow the instructions to install an nmve ssd. Much success - everything works including reboot.

But there was a mystery - tehere's a step to erase the metdata on your emmc drive. But when I got in to the recovery mode there were no drives at all.

I suspect I had a bum emmc drive and it finally gave up when I went to do the reinstall. Good/lucky timing I guess.
G

Strange Log Entries, File Changes, Etc

• • Grub42

10

0
Votes

10
Posts

128
Views

S

If you never logged from 192.168.1.100 then that looks bad!
R

CE and Plus wierdness

• • rbwillis

20

0
Votes

20
Posts

311
Views

S

Yeah the MAC address being the same is odd...
M

NAT Logs

• • michmoor

50

0
Votes

50
Posts

958
Views

S

Yup there we go. Tailscale acts more like a proxy in firewall terms. You can only see the traffic to/from it and not the source/destination inside the tailscale network.
B

a very simple ping question

• • baitinghollw

5

0
Votes

5
Posts

113
Views

B

Thanks All,

The other confusing part for me was that I couldn't ping the Windows machines as you have explained. However, I could ping the Debian12 machines. Boy is there a lot to learn.
Thanks again.
M

ISP Large flow/elephant policing

• • mikeygit

10

0
Votes

10
Posts

185
Views

S

So if any one 'flow' exceeds 2Gbps then all other traffic will be dropped?

You can apply limiters with masks set retrict any particular flow to 2Gbps, or just below that.
https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html#creating-limiters
S

Internset Service Database in pfSense

• • sysadminfromhell

4

0
Votes

4
Posts

82
Views

S

Some services are pre-defined in the shaper wizard but it's by no means definitive.
L

no wireguard handshake with mullvad?

• • lostnetworker

10

0
Votes

10
Posts

239
Views

L

@stephenw10 @nimrod

Thanks for the advice guys. I have been so busy but managed to get free to look into this. I nuked my pFsense and this time I set a keep alive 25 seconds on the peer, now I get handshakes.

I followed every step in the Mullvad guide, looks like I've got a Mullvad IP assigned and no DNS leaks so I guess it worked.

Only issue I noticed is that if I reboot my Protectli, there is still a handshake between the peer and tunnel but I can't get internet access. I had to nuke my install again and follow the guide again for Mullvad wireguard to work.
S

pfSense vs TNSR

• • sysadminfromhell

11

0
Votes

11
Posts

268
Views

G

@sysadminfromhell said in pfSense vs TNSR:

if I have to move to another Firewall Vendor :(

Why move?
I doubt you will get much better performance from other firewalls on the same HW. Assuming you want to have some level of functionality that is similar to what pfsense offers.
I have been playing around with Sophos XG, which is available for free for home use. It has some minor limitations in # of CPU's and memory, but I get pretty much the same performance out of that as I do with pfsense in a like for like comparison (same amount of CPU's). Memory has never been an issue for me...
+

Is there an RSS Feed with Patch/Release notes ?

• • +DS_DV+

12

1
Votes

12
Posts

550
Views

G

@bobleny said in Is there an RSS Feed with Patch/Release notes ?:

Are they announced anywhere else

Here Netgate blogs and pick one.
Or a RSS reader on your phone - never tried that myself ?
Or, somewhat related : [this](Auto update check, checks for updates to base system + packages and sends email alerts) - and this I'm using for years now, works perfect.
J

Update to 24.11

• • johngessner63

4

0
Votes

4
Posts

117
Views

J

@stephenw10 Tremendous!! Upgrade completed successfully.. Much appreciated.

1
2
3
4
5
1317
1318

1 / 1318