• Terrapin SSH Attack

    Pinned
    33
    16 Votes
    33 Posts
    30k Views
    STLJonnyS
    @willowen100 It basically forces your ssh (on the Windows side) to utilize that encryption algorithm. You'll need to do that on any machine you ssh from. I'd have rather found a more elegant workaround (preferably on the pfSense side, so the mod only has to be done in one location), but this works in a pinch.
  • pfSense Hangouts are available on YouTube!

    Pinned Locked
    1
    5 Votes
    1 Posts
    11k Views
    No one has replied
  • Share your pfSense stories!

    Pinned Moved
    76
    0 Votes
    76 Posts
    64k Views
    V
    Mine may be typical, maybe not..... Took over a large sennior living facility with a pretty robust it infrastructure spread between 4 IT rooms, 23 access points, 12-14 switches, and 200 internal devices and 200 guest/resident devices, all being run by a Sonicwall TZ350. I had been wanting to reallign everything network wise for some time but the TZ had 2 ports that were failing. I had worked with ClearOS from back in the ClarkConnect days and started searching for something similar. I found PfSense and it just fit what I wanted to do. I tested it a bit on an old Athalon64x2 rig for proof of concept and had planned on installing on a mini pc or something, but I wanted 6 nics. Standing in my main IT room I looked down and in the bottom of the rack were 4 HP DL380s, 2 of which were decommissioned 2 years ago. It's such huge overkill for hardware that it's hard to explain, but who wouldn't want redundant power supplies, raid 60 with 25 drives and remote system monitoring through ILO? lol I spun one up and loaded PfSense and started tweaking. 2 weeks ago I switched over and have been working out gremlins since.. Overall it's gone well, just one snag that a couple members here have been very kind in helping me work out. Thank you to this page for all the help. [image: 1697753147328-pfsense1.png]
  • Anyone using pfSense with telMAX ISP (Canada)?

    2
    0 Votes
    2 Posts
    58 Views
    JKnottJ
    @guardian said in Anyone using pfSense with telMAX ISP (Canada)?: As an aside, at this point in time I have IPv6 disable on all interfaces Why?
  • 4 ports mini PC recommendations

    6
    0 Votes
    6 Posts
    186 Views
    provelsP
    I run mine on a used Adlink MXE-5401 industrial PC from Ebay ($2000 new, got mine for $65). I love these boxes. Used in manufacturing, transportation, etc. Cast chassis, fanless, all solid caps, ton o' ports. They even tack the SODIMMs in with a spot of glue. Meant to be set/forget. link Love these units so much, I bought 3 more of an older series with i5s just to mess around with, $45/each! Got one running as a 5G AP, another running KVM and the third, Openmediavault. There's a new, current production MXE-5500 with i3 on the 'Bay for $150 now, no affiliation. Would love that instead of the i7 I'm using now.
  • Goodbye pfSense

    2
    0 Votes
    2 Posts
    124 Views
    V
    @X-File Agree with your concerns about Netgate and open source, but a community edition grows and lives from the contributions of the community. However, according to your profile it seems, you didn't contribute very much here. So why complaining?
  • IAX2 not going out after a while

    4
    0 Votes
    4 Posts
    354 Views
    stephenw10S
    Yes there are. They are defined in pf. You can set longer timeouts or choose a firewall mode that has longer timeouts already defined, like 'conservative', in Sys > Adv > Firewall. But that only applies to states not passing traffic.
  • sshd CVE-2024-6387 vulnerability

    15
    0 Votes
    15 Posts
    3k Views
    stephenw10S
    2.8.0 has the patched code: https://github.com/pfsense/FreeBSD-src/commit/2abea9df01655633aabbb9bf3204c90722001202
  • pfSense Avahi Not Broadcasting mDNS/Bonjour Services Across VLANs

    2
    0 Votes
    2 Posts
    30 Views
    GertjanG
    @ayansaari Look here for a possible answer, or suggestion, as it was posted a couple of lines lower (3 days ago) : mDNS or Multicast Traffice Not Passing Between Multiple Vlans.
  • mDNS or Multicast Traffice Not Passing Between Multiple Vlans

    13
    0 Votes
    13 Posts
    371 Views
    A
    @dennypage [image: 1755861737523-pfsense-vlans.jpg] [image: 1755861746716-aliens1.png] [image: 1755861752774-ports.png] [image: 1755861764023-fetserver-unable-to-discover-printer.png] [image: 1755861769206-fetserver-vlan-rule.png] [image: 1755861780940-avahi-11.png] [image: 1755861785917-avahi-12.png] [image: %5B%5Berror:upload-ratelimit-reached%5D%5D] [image: 1755861861144-no-printer-discover.png]
  • OVH Virtual IP not working

    2
    0 Votes
    2 Posts
    48 Views
    M
    Got it working. I needed to add a virtual MAC in OVH [image: 1755849994302-7f78b61e-b920-4844-9aec-a984ec259bd5-image.png]
  • pfsense 2.7.0 installed as vm on xenserver now routing issue

    2
    0 Votes
    2 Posts
    43 Views
    A
    No one replying to my post or my post not make sense
  • Unable to log into WebUI after 25.07 upgrade

    11
    0 Votes
    11 Posts
    261 Views
    M
    @stephenw10 Ended up doing a reinstall. Netgate installer is pretty sweet. First time using it and absolutely no issues at all. Impressive. Also restoring from ACB was a bit nerve racking as I couldn’t find my key but it all worked out in the end. Seamless to get back online to be honest I really don’t know why people have hang up’s over the installer..it just works
  • https://acb.netgate.com failure

    3
    0 Votes
    3 Posts
    212 Views
    stephenw10S
    Usually those are seen when there is some temporary interruption in the connection. Like the WAN is down at boot for example.
  • To do 25.07 or not?! That is the question!

    28
    0 Votes
    28 Posts
    1k Views
    stephenw10S
    I probably isn't specific to boot but if there are any errors there it would be a clue. Any logs showing errors would be something to go on.
  • limit bandwidth for certain users

    3
    0 Votes
    3 Posts
    35 Views
    stephenw10S
    Yup, that. Combine it with static DHCP leases to get a fixed list of IPs to limit.
  • Poor performance over IPsec but not Internet

    16
    0 Votes
    16 Posts
    3k Views
    M
    @stephenw10 said in Poor performance over IPsec but not Internet: In the Phase 1 advanced options settings set 'NAT Traversal' to Force to test ESP specific throttling. Only one end needs to set that. I know I'm necroing a 3+ year old thread, but holy crap this was exactly what I needed here. My main office is on a 500/500 fiber connection, and we have a remote office on coaxial cable running 500/10, and over the VPN I could barely get 20 Mbps, but over the internet I could get the full 500 Mbps. I tried setting the 'NAT Traversal' to 'Force' on our main office, and forced an IPSEC reconnection and now I'm getting about 480ish Mbps over the VPN (internet is around 511 Mbps). THANK YOU THANK YOU THANK YOU Again, sorry about the thread necroing :(
  • LCDdProc seems to be broken on 25.07.1-RELEASE

    10
    0 Votes
    10 Posts
    370 Views
    stephenw10S
    Ok let's continue there then. It's definitely not working as intended.
  • Massive 10x Performance Regression in AES-GCM

    8
    0 Votes
    8 Posts
    436 Views
    G
    @Antibiotic Hi apparently the issue I mention here supposed to be only a cosmetic bug due to a change in the code for performing AES-GCM (and other AHEAD cipher) speed tests, that rely on OpenSSL routines. The change change came in, in between OpenSSL 3.0.15 and 3.0.16. So there are most-likely other reasons for your speed regression. I suggest reading the URLs I linked to further up and digging a bit further into those.
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    3 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.