Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. General pfSense Questions
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • ivor

      pfSense Hangouts are available on YouTube!
      • ivor

      1
      1
      Votes
      1
      Posts
      2182
      Views

      No one has replied

    • jdillard

      Share your pfSense stories!
      • jdillard

      37
      0
      Votes
      37
      Posts
      11108
      Views

      AKEGEC

      Former organisation hunts companies who are practicing corruption, collusion and nepotism. Usually, these organisations do hostile takeover of other companies. The organisation's goal is one organisation to control them all.

      Short story, me and a few of my colleagues resigned because of their new policies against our conscious and moral values. Remember! Just do the opposite of what this organisation tells you. If they advised you and your family to implant microchipped (WO/2020/060606) for (Covid) prevention, refuse it. When they tell you don't use an open source OS/firewall/router like pfSense, use it. That's my story on why I use pfSense.

    • S

      pfSense keeps rebooting with pfBlockerNG 3.0 devel installed
      • Smoothrunnings

      1
      0
      Votes
      1
      Posts
      9
      Views

      No one has replied

    • Z

      pfSense 2.5.0 boxes with WireGuard keep crashing (both!)
      • z3us

      4
      0
      Votes
      4
      Posts
      70
      Views

      Z

      Both boxes also have these weird log messages every second. This happened right after enabling WireGuard....

      Feb 25 09:46:37 kernel matchaddr failed
      Feb 25 09:46:36 kernel matchaddr failed
      Feb 25 09:46:36 kernel matchaddr failed
      Feb 25 09:46:35 kernel matchaddr failed
      Feb 25 09:46:35 kernel matchaddr failed
      Feb 25 09:46:34 kernel matchaddr failed
      Feb 25 09:46:34 kernel matchaddr failed

    • A

      XG-7100 1U for the webserver gateway
      • aie.sakaki

      4
      0
      Votes
      4
      Posts
      45
      Views

      A

      @jknott
      I need to explain here, actually XG-7100 1U works as a firewall only with a global IP address on my network, and the webserver is with local IP, e.g., 192.168.1.10. on another machine. Pfsense forward all required ports to webserver 192.168.1.10.

      To secure XG-7100, I need to install some packages such as snort, squid proxy server, pfblockerNG, etc. Any recommendation for any extra package to secure the webserver?

    • S

      Want to only allow on my WAN port
      • Smoothrunnings

      1
      0
      Votes
      1
      Posts
      17
      Views

      No one has replied

    • Antonio Briguglio

      Rule to block sending email through port 25 which is not secure.
      • Antonio Briguglio

      16
      0
      Votes
      16
      Posts
      161
      Views

      Antonio Briguglio

      @johnpoz OK thank you very much 👍 😊

    • R

      I want to block Facebook from certain clients on my network.
      • Roy360

      1
      0
      Votes
      1
      Posts
      23
      Views

      No one has replied

    • chudak

      "arpresolve: can't allocate llinfo for <gw_ip> on igb0" ??
      • chudak

      1
      0
      Votes
      1
      Posts
      18
      Views

      No one has replied

    • S

      Extremely Frustrating Outages
      • Stewart

      40
      0
      Votes
      40
      Posts
      601
      Views

      S

      @chpalmer Escalating with Spectrum gives me "Call us again on this and we'll bill you for coming out." I've had multiple techs go out to both sites. The techs that go on site say they put the modem in their "SCOPE" system which puts them in Device Watch. That allows the techs to go back and look at history for the unit. BUT, when you call in and talk to a CSR every one of them says that they no longer use that system. Only the techs onsite can setup or see into the SCOPE system now but you can't get a tech onsite without the possibility of them billing for every visit. Even then they just troubleshoot the moment and don't even refer to it unless you make it a point to make them. It's crazy. But still better than every DSL provider and AT&T U-Verse in this area. You pick your poison.

    • A

      OpenVPN doesn't provide IP after 21.02 Update
      • applesalwaysred

      7
      0
      Votes
      7
      Posts
      158
      Views

      A

      @bcruze Haven't restarted. What do the openvpn logs say?

    • L

      PFsense 2.5 RC OpenVPN/ExpressVPN problem
      expressvpn networking open vpn problems vpn • • LayerThree

      39
      0
      Votes
      39
      Posts
      733
      Views

      B

      @layerthree said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

      So the "Don't pull routes" solved the whole problem.

      Follow the guide, except this step and then restart ur machine. After this everything works.

      Thank you for ur help!

      I posted in the other thread. I just reset up my provider that wasn't working

      it connected. but if I restart the tunnel. traffic stop passing again

      you?

    • T

      Openvpn don't route to ipsec
      • Thiago 0

      4
      0
      Votes
      4
      Posts
      15
      Views

      JKnott

      @thiago-0

      There are some issues with OpenVPN on the new version. Check the OpenVPN forum.

    • X

      Pfsense FW behind to Mikrotik WiFi router
      • xplozia

      2
      0
      Votes
      2
      Posts
      16
      Views

      DaddyGo

      @xplozia said in Pfsense FW behind to Mikrotik WiFi router:

      What I have to do in Mikrotik in order to redirect all traffic to the Pfsense?

      Hi,

      This seems more like a MikroTik forum issue. 😉

      Proposal:
      Why not the pfSense is your main router + firewall

    • G

      QAT vs AES-NI
      • gabacho4

      1
      0
      Votes
      1
      Posts
      38
      Views

      No one has replied

    • A

      Expired Certificates not visible in GUI
      • aeleus

      6
      1
      Votes
      6
      Posts
      75
      Views

      jimp

      There is a potential for some things to be different, and moreso as time goes on, but for the time being most of the PHP code is the same on both.

      It's worth trying, and if there is a need for a patch specific to Plus 21.02 we can generate one of those as well.

    • L

      Epson WP-4530 showing as offline
      • larryjb

      3
      0
      Votes
      3
      Posts
      39
      Views

      L

      That's what I thought, so I checked the Status->DHCP Leases immediately after printing and it was still "offline". Oddly enough, my Epson R3000 which I haven't printed from in over a day is showing as "online", but the WP-4530 is "offline".

    • L

      Failover disconnects all connections to pfsense
      • LeCygne

      2
      0
      Votes
      2
      Posts
      23
      Views

      L

      @lecygne Any replies?

    • cesarmsj

      PFSense PHP time is incorrect in America/Sao_Paulo time zone
      • cesarmsj

      23
      0
      Votes
      23
      Posts
      255
      Views

      cesarmsj

      I found today that PHP is already with the correct time, even before we update to PFSense 2.5. With that, the conclusion I had is that certain packages of the FreeBSD system receive updates before the PFSense system itself, even because if I did not do this I would not receive updates from the repository to notify that there is a new update from it.

      Problem solved. FreeBSD version 11.3-Stable.

    • F

      site to site vpn configuration between pfsense and cisco asa 5505
      • franco22

      26
      0
      Votes
      26
      Posts
      295
      Views

      F

      @jknott hello How are You Can you Able to help with this issue pls asa and pfsence in same vlan and i have to do sla

    • N

      idle box, delay on local command line or pkg download
      • nagaraja

      1
      0
      Votes
      1
      Posts
      18
      Views

      No one has replied

    • Alanesi

      A number of issues after updating to 2.5.0
      • Alanesi

      7
      0
      Votes
      7
      Posts
      268
      Views

      P

      @alanesi

      You never know what happens on Pfsense ... Would be interesting what the cause of the fatal error was. The upgrade of unbound is very unlikely to cause such problem.

    • chudak

      Aliases name change (or memory lapse) ?
      • chudak

      3
      0
      Votes
      3
      Posts
      31
      Views

      chudak

      @serbus thanks G I remembered right !

      🙃

    • D

      Need pfSense developers help with xcp-ng
      • dave.opc

      2
      0
      Votes
      2
      Posts
      141
      Views

      T

      I second this request. If anything, the pfSense developers should be aware of this issue that has been uncovered. It seems there is not much more that can be done on the Xen / XCP-ng side as the issue lies more with FreeBSD / pfSense.

      (as an example), here is one post from the XCP-ng team:

      @stormi (XCP-ng Team)
      What the last tests reveal is that pfSense sends A LOT of spurious events, so no wonder it gets throttled to protect the kernel against event flood. Anyone knows a good FreeBSD kernel developer?

    • A

      NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat"
      • aniel

      2
      0
      Votes
      2
      Posts
      28
      Views

      johnpoz

      What exactly are you trying to accomplish? Nat reflection no matter what mode your trying to do should really be a last choice option working through some messed up application that has your public IP hard coded, or uses external dns that you can not change.

      The better solution is not to reflect at all, and just resolve the fqdn to your local IP.

      But did you enable the automatic outbound nat for reflection?

      natreflection.png

      If you ask me any sort of nat reflection is just an abomination to all networking in general.. I would only use it if there was no other way.. Like some borked software that had an IP hard coded and no way to fix.. Like the creator of said software has died before you could publicly flog him for his sins..

    • J

      21.02 Webconfig Takes 45 Sec to Open Dashboard
      7100 performance webconfig • • jpvonhemel

      2
      0
      Votes
      2
      Posts
      58
      Views

      J

      Is it only myself who is seeing slowness getting into the webconfig?

    • chudak

      "pcscd PC/SC Smart Card Daemon" ?
      • chudak

      7
      0
      Votes
      7
      Posts
      69
      Views

      chudak

      @viktor_g said in "pcscd PC/SC Smart Card Daemon" ?:

      support for PKCS#11 authentication (e.g. hardware tokens such as Yubikey) for IPsec: https://redmine.pfsense.org/issues/9878

      Ok makes sense, thx !

      Is there a reason to keep it on and what the best way to disable it ?

    • C

      Certificate error and no GUI
      • Cool_Corona

      3
      0
      Votes
      3
      Posts
      79
      Views

      jimp

      I created a bug report for the case mentioned above when renewing in the GUI: https://redmine.pfsense.org/issues/11514

    • DaddyGo

      LACP LAGG in Silicom NICs
      • DaddyGo

      14
      0
      Votes
      14
      Posts
      282
      Views

      DaddyGo

      @stephenw10 said in LACP LAGG in Silicom NICs:

      Completely different NIC type though.

      Yep, I think I'll wait a bit and test again under 2.5.(?)
      although, if I read it correctly (somewhere), only "ixl" got a brand new driver under FB12

    • C

      Certificate Error Expired
      • Cool_Corona

      7
      0
      Votes
      7
      Posts
      134
      Views

      dotdash

      @cool_corona
      Just pay it forward.

      I tried about every combination of options in the GUI and it always errored out. I expect that's because I've updated/restored so many times. The cert probably dated back to 2.0 if not 1.2.3

    • P

      Cannot boot via SSD: gptboot: No /boot/loader on 0:ad(0p2)
      • posix

      2
      0
      Votes
      2
      Posts
      61
      Views

      P

      This turned out to be hardware issue. Had to replace the SSD card.

      I worked with the freebsd forum.

      https://forums.freebsd.org/threads/cannot-boot-via-ssd-gptboot-no-boot-loader-on-0-ad-0p2.78994/

    • chudak

      X11 forwarding request failed on channel 0 after 2.5.0
      • chudak

      18
      0
      Votes
      18
      Posts
      79
      Views

      jimp

      I don't recall exactly when, I thought it was in 2.4.x, but we disabled X11 forwarding in the SSH daemon on the firewall for security reasons.

      The error is harmless though, you can ignore it, or like you've done, disable it on the client side.

    • K

      AWS IPSEC issue in pfsense 2.5
      • ksmtkmr

      2
      0
      Votes
      2
      Posts
      65
      Views

      jimp

      To ensure you have all of the current known and fixed IPsec issues corrected, You can install the System Patches package and then create entries for the following commit IDs to apply the fixes:

      ead6515637a34ce6e170e2d2b0802e4fa1e63a00 #11435 57beb9ad8ca11703778fc483c7cba0f6770657ac #11435 10eb04259fd139c62e08df8de877b71fdd0eedc8 #11442 ded7970ba57a99767e08243103e55d8a58edfc35 #11486 afffe759c4fd19fe6b8311196f4b6d5e288ea4fb #11487 2fe5cc52bd881ed26723a81e0eed848fd505fba6 #11488
    • R

      How renew date expiration of Certificate Authorities, OpenVpn Server Certificates and User Certificates in pfSense?
      • ramses.sevilla

      3
      0
      Votes
      3
      Posts
      42
      Views

      jimp

      On 2.5.0 you can renew CA and certificate entries in-place. You will need to give new copies of the entries to the clients who need them, though, since the certs will be different, even if their content is the same (except the dates)

    • Z

      Avahi demon behaviour
      • zimnysbrain

      1
      0
      Votes
      1
      Posts
      19
      Views

      No one has replied

    • P

      Please wait while the update system initializes
      • Pringles

      30
      0
      Votes
      30
      Posts
      12401
      Views

      jnorell

      As a suggestion, I imagine it would it be possible for pfsense to check the installed system version against the selected update branch (just like it does on the dashboard) and print an indication of this situation (new stable version, so you can't click to update packages right now) either on the 'Installed Packages' list, or on 'Package Installer' tab once an update button has been pressed. Maybe even disable the 'update' links?

    • Z

      Necessary traffic being blocked, how to identify and pass
      • zaileion

      11
      0
      Votes
      11
      Posts
      112
      Views

      Z

      ok. I have a 1GB WAN from Comcast. it runs at about 750MB, its never a Gig. anyway, I am in the process of aggregating 2 nic's into my switch from my docs 3.1 modem and 2 WAN ports into pfsense (if thats possible), and added a 2nd virtual and physical nic to the storj node. Now I'm trying to do some traffic shaping to prioritize traffic from the node in both the switch, esxi and pfsense. This is new to me as i said so its going to take me a minute to figure out how to do it. Also, it seems the storj node is working much better already and the satellite online % has increased significantly overnight.

      I am having loss and lag on the WAN port still between 8% and 22% I have an appointment scheduled for a tech to come out but of course they will say. "everything looks fine..." because unfortunately Comcast field techs get paid poorly and thus are minimally knowledgeable which is a corporate decision and is a bad one to say the least, for both the field techs and the customer but good for the share holders and board members. Right? Anyway, thank you to everyone for the help identifying my issues. So far pfsense and the community has been great!

      EDIT: I just wanted to say, that so far everything open source and Linux related is just awesome. I have been on several forums, this one is the latest and its just great how everyone helps out and i dunno. its just a great way to do things... Thanks everyone.

    • B

      Syncing openvpn settings enter auth password
      • bodom

      10
      0
      Votes
      10
      Posts
      2922
      Views

      S

      @deleted Can you please describe what exactly you have done?

    • SipriusPT

      (SOLVED) No package list in Available Packages on pfsense 2.4.5 p1
      • SipriusPT

      2
      0
      Votes
      2
      Posts
      62
      Views

      SipriusPT

      After read another topic, I notice that this was the result of pfsense repos changed to the latest branch, 21.02.x (at System/Update/Update Settings). After changing to previous 2.4.5, it happear again.

    • G

      pfSense instances in AWS crashing often
      • gchialli

      7
      0
      Votes
      7
      Posts
      183
      Views

      G

      @stephenw10 They are in tunnel mode. I have not seen then going down before the crash, but will look into it in more detail if this happens again.
      Thanks

    Products

    • Platform Overview
    • TNSR
    • pfSense
    • Appliances

    Services

    • Training
    • Professional Services

    Support

    • Subscription Plans
    • Contact Support
    • Product Lifecycle
    • Documentation

    News

    • Media Coverage
    • Press
    • Events

    Resources

    • Blog
    • FAQ
    • Find a Partner
    • Resource Library
    • Security Information

    Company

    • About Us
    • Careers
    • Partners
    • Contact Us
    • Legal
    Our Mission

    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

    Subscribe to our Newsletter

    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

    © 2021 Rubicon Communications, LLC | Privacy Policy