General pfSense Questions

• 

  pfSense Hangouts are available on YouTube!
  • ivor  

  2
  0
  Votes
  2
  Posts
  1157
  Views

  A

  Subscription done!!!
• 

  Share your pfSense stories!
  • jdillard  

  18
  0
  Votes
  18
  Posts
  9359
  Views

  P

  I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
• A

  Want to Access Switch from a Different Subnet.
  routing subnet • • aeboi80  

  4
  0
  Votes
  4
  Posts
  47
  Views

  A

  @stephenw10 Yes 10.10.0.0 is on the LAN side of pfSense. The WAN is a public IP While yes I could assign the switch an IP in the 10.10.0.0 range and that would solve this, but for the sake of learning something...is it not possible to access the web interface of the switch at all from the 10.10.0.0 network? I thought for sure there would be a way to configure it to allow connections from that network within pfSense.
• K

  Disconection from pfsense
  • Khampol  

  4
  0
  Votes
  4
  Posts
  32
  Views

  K

  Hello. @Gertjan Sorry I forget that, as advice in topic, setting in "conservative" dont help me. This happen espcially during sessions VNC. @stephenw10 "asymmetric route" = need explain please.. ? "Do you see blocked traffic in the firewall log when it fails?" = I ll keep checking it next time it happen.
• V

  Very high CPU usage every 15 minutes
  • ViniciusBr  

  28
  0
  Votes
  28
  Posts
  151
  Views

  V

  Another update: CPU is not consuming like before, maybe the first filter reload after the change was bad, but the following spikes are much much less cpu consuming:
• S

  Pfsense with no WAN and a gateway on the LAN. Traffic issues from WIFI subnet.
  • scotttiamit  

  2
  0
  Votes
  2
  Posts
  11
  Views

  

  The ISP router probably has no route to 192.168.15.0/24 via 192.168.05 so it cannot reply. It also may not NAT traffic from the wifi subnet as it leaves. The correct way to handle that is to add that route to the ISP router. However if you cannot do that you may need to add an outbound NAT rule to pfSense LAN interface so it NATs wifi traffic to 192.168.0.5. Steve
• D

  User manager does not give the expected options
  • dsanchez  

  6
  0
  Votes
  6
  Posts
  17
  Views

  D

  Thank you very much, for the help the patch worked perfectly and already shows the view I needed, excellent help.
• A

  pfsense HD constant spin-up and spin down
  • aciampoli  

  20
  0
  Votes
  20
  Posts
  111
  Views

  A

  Update from my end, I think I figured it out... After @chpalmer last msg, I went back to the "Hard disk standby time" settings and it was set to 180, which even if the systems was using the 180 mins it still didn't make any sense as to why is was spinning up/down so quickly. What I did is set it back to Always on and after saving and rebooting there are no more spin ups or downs. thank you.
• Y

  Acessing VLAN from LAN
  • ypapouin  

  4
  0
  Votes
  4
  Posts
  19
  Views

  

  The PBX may not be accessible from outside it's own subnet. In that case an outbound NAT rule on the vlan would allow it but it would be better to configure the pbx to allow the traffic instead. Otherwise, yeah, you should need nothing other than a firewall rule on LAN to pass that traffic. Steve
• T

  change theme in Pfsense
  • tjabas  

  6
  0
  Votes
  6
  Posts
  101
  Views

  

  @tjabas said in change theme in Pfsense: router after about 5 years Wow. From what version did you came from ?
• C

  user manager not working
  • coffeecup25  

  4
  0
  Votes
  4
  Posts
  44
  Views

  C

  @stephenw10 Thanks. I reactivated user admin for now and bookmarked the screen it should have gone to for other admin level users (me really).
• W

  pfSense drops Internet ?
  • wangel  

  18
  0
  Votes
  18
  Posts
  99
  Views

  W

  @chpalmer Done. Will monitor/report back if it happens anymore. Thank you sir!
• 

  opsense do not show users name AD
  • radarz  

  8
  0
  Votes
  8
  Posts
  134
  Views

  

  Just so you know there is no single sign-on style solution here. Clients have to login to the captive portal to access anything and then can have limiters applied against their traffic. Steve
• R

  Internet access from computers in LAN
  lan wan pfsense lan wan • • rgmagritte  

  9
  0
  Votes
  9
  Posts
  74
  Views

  

  pfSense should not have a LAN gateway. If you have that set on the LAN interface remove it. Then go to System > Routing and make sure the WAN gateway is set as default. The fact you are able to reach the webgui shows it must be working to some extent. Steve
• M

  Auto reboot
  • Menegas  

  9
  0
  Votes
  9
  Posts
  66
  Views

  

  Does it reboot because of some event? Do the logs show it rebooting or shuting down? Or do they just show it running then suddenly booting as though it was hard power cycled? The logs immediately before Sep 9 21:16:47 syslogd kernel boot file is /boot/kernel/kernel should show that. I assume no other VMs are rebooting at that time? Steve
• G

  Strange DNS queries from pfSense
  • gchialli  

  13
  0
  Votes
  13
  Posts
  111
  Views

  

  @bmeeks would know what snort can do and or should do - he is the snort guru around here that is for sure ;)
• S

  What can I do with the extra ports of a quad port NIC for home usage
  • shawn8888  

  7
  0
  Votes
  7
  Posts
  93
  Views

  P

  DMZ? WiFi AP for a Guest Network? ISCSI to a XigmaNAS? :)
• H

  Port forwarding port 80 to port 8080
  • Havok  

  18
  0
  Votes
  18
  Posts
  165
  Views

  

  Yup. Upgrade. You will see that port 8080 traffic blocked in the firewall log though as I suggested some time ago. That will confirm the issue. Or just add the rule and restest. Steve
• B

  My pfSense Story...
  • boii5  

  14
  0
  Votes
  14
  Posts
  258
  Views

  

  Yeah its quite possible he asked the local IT support at his office.. And he brushed him off by dropping a name... Guess he is lucky he didn't drop say palo alto or the like as the name - or maybe this guy would be down 20k+ vs the 300 and in the same boat ;) Not sure where these users get the idea that security is easy, and or push a button. There is no device you drop into or in front of your network be it 300 or 10k in cost that makes your network secure - NONE... No matter what firewall you buy, no matter what software you run.. All just tools, how you use the tools requires atleast understanding the basic concepts of what the tool does and how to use it.. And you need to know which tool you need as well, or your going to be pounding on that screw with your 300$ hammer screaming this hammer freaking sucks!!
• K

  pfSense Squid https filtering ERROR - URL cannot be retrived
  • kor_sal  

  2
  0
  Votes
  2
  Posts
  16
  Views

  K

  Ohh now i already solve it( Common i untick do not allow ip..) and it work.
• T

  Status and checks...
  • turnbulld  

  7
  0
  Votes
  7
  Posts
  119
  Views

  

  @turnbulld said in Status and checks...: That's for sure the SNMP info. Noop. But the same source. It's Munin digging into the system using whatever is needed to present stats. The plugins are written in ... perl, C, bash, etc. @turnbulld said in Status and checks...: As with what you linked, there is nothing specific to the load balancer which I find a little odd. Probably because I do not have multiple WAN's, so I didn't activate 'load balance' related Munin plugins. @turnbulld said in Status and checks...: list of commands that are the source of the data on the dashboard. The code is the source - it reads like a manual.!! The widgets on the dashboard are just PHP files. Everything is in there - here /usr/local/www/widgets/widgets/....
• S

  randomly lose connection to pfsense router
  • ssattannae  

  20
  0
  Votes
  20
  Posts
  142
  Views

  A

  @ssattannae said in randomly lose connection to pfsense router: I was assigned to customize a CP for our business, but my boss doesn't want to install a wifi card on the router. I think eventually the device will wirelessly connect to a switch and that switch will be wired to the router. That's not how it works... You add wireless access points around your building or campus, wire those access points into the switch(es), and then the switch(es) is/are wired into pfsense/router. Jeff
• C

  Bandwidth Throttling ?
  pfsense • • Carlos Magalhaes  

  8
  0
  Votes
  8
  Posts
  60
  Views

  

  i will try also to clone the MAC address from the providers router to pfsense pppoe interface
• C

  WAN Static IP with Virtual IPS
  wan static ip virtualip • • crooskey  

  4
  0
  Votes
  4
  Posts
  23
  Views

  

  No, you add them as they were assigned .115/29, .116/29 .117/29 etc etc
• M

  [Q] pfSense on Hyper-V 2012R2 - transparent mode - possible? {YES}
  • mdalacu  

  22
  0
  Votes
  22
  Posts
  185
  Views

  

  Yes you can. Be sure to snapshot it if you need to go back though, you cannot downgrade in the same way. Steve
• T

  SSH tunnel no longer working
  • Twist3d  

  6
  0
  Votes
  6
  Posts
  98
  Views

  

  Hmm, only time I've seen odd behaviour a little like that was when the firewall could not open a state because all the IPs and ports matched. So as though it tries to open several SSH connections to the same internal IP using the same source and destination ports. Which would never normally happen with SSH. The client would normally use a random source port for each connection and the remote side NAT device would usually randomise it anyway. It would be worth running a packet capture at the remote side to see what actually happens though. Steve
• R

  Recurring Shutdowns
  • rm  

  7
  0
  Votes
  7
  Posts
  75
  Views

  

  I've seen that before. I usually open them up, grab my multimeter and test each cell under load and replace the bad one(s). Sometimes they can hold a full charge but die as soon as they're under load.
• A

  Ruckus Access Points Heartbeat lost in LAN
  • admins  

  5
  0
  Votes
  5
  Posts
  43
  Views

  

  As chpalmer explained nicely - unless your network is different than what you have stated pfsense would not be involved in the conversations between the AP and ZD.. Devices on a network do not talk to the gateway (pfsense) to talk to other devices on the same network.. They only need to send traffic to the gateway, to get OFF the network they are on.. Since from your statement these devices are all on your LAN, pfsense is not involved in the conversation.. The only possible involvement pfsense could have is if the devices are using pfsense to resolve some fqdn to know where to send the hearbeat. But I have to assume they just talk to an IP, and not some fqdn that needs to be resolved. Only other involvement that pfsense might have, is if these devices are dhcp, and your dhcpd is running on pfsense.
• D

  notify_monitor.php causing 100% CPU usage
  bug 2.4.4 high cpu • • daveslab  

  5
  0
  Votes
  5
  Posts
  44
  Views

  

  That file could only be stuck if somehow the notifyqueue_running lock is stale or not being released. Maybe something in your notification settings is broken and it can't get messages out.
• W

  draytek vigor 132 with pfsense
  • wheelhouse20  

  5
  0
  Votes
  5
  Posts
  49
  Views

  W

  i found in the end it was just too confusing for me......
• H

  Behind pfsense and my download speed is cut in half
  • hpspar05  

  45
  0
  Votes
  45
  Posts
  303
  Views

  

  Ha. Classic!
• 

  Sonos speakers and applications on different subnets (VLAN's)
  • Qinn  

  58
  8
  Votes
  58
  Posts
  4158
  Views

  

  This is a great little tool for testing of multicast streams. https://support.singlewire.com/s/software-downloads/a17C0000008Dg7AIAS/ictestermulticastzip Simply launch the program one on the transmit side and one on the receive side and set accordingly. If multicast is making it then you will see the packets on the screen.
• M

  pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable
  • mix_room  

  12
  0
  Votes
  12
  Posts
  192
  Views

  M

  @stephenw10 said in pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable: Do those tunnels come up correctly after bootup is complete? If so that might just have to be considered log spam if those fqdns actually need to be resolved. Otherwise you could just use IPs there or maybe add static entries for them. The endpoints are on dynamic IPs, hence the need for hostnames. They resolve to dynamic ones. The tunnels come up, I would consider it log spam.
• 

  pfSense to cisco 10gb
  • kiokoman  

  11
  0
  Votes
  11
  Posts
  108
  Views

  

  well i can't set MTU to 9000. raspberry does not support MTU greater than 1500, and i have one with kodi that i use with my NAS and one configured as ntp server
• C

  uPnP Issues
  upnp open nat nanoleaf • • cobhc  

  3
  0
  Votes
  3
  Posts
  55
  Views

  C

  @stephenw10 Managed to solve it myself. I don't know how I missed this before when I created the VLAN's I created them on igb2 rather than igb1 which is where my LAN network resides. I changed that and now everything is working fine as it was before I started a fresh configuration. Thank you for the suggestions anyway!
• Z

  Can't connect to steam network through steam client
  • zyntec724  

  8
  0
  Votes
  8
  Posts
  1015
  Views

  N

  @zyntec724 said in Can't connect to steam network through steam client: pf box Could be simply because your Download server is set to a different location and basically it's proving so hard for steam to pull out the files from the remote server. Go to the setting and change the Download Location or Server to your nearest location. I hope this helps.
• C

  Plan to change LAN subnet
  • coffeecup25  

  22
  0
  Votes
  22
  Posts
  99
  Views

  

  192.168.xxx.0/24 xxx took some research to find one that was not on Google as a default that some company uses or has ever used. Ah I see what you mean now. That's obviously fine. It's very hard to judge peoples level of experience based only on a few forum posts. Which can easily lead to either coming across incredibly patronising or totally incomprehensible. I've done both! I had visions that you might be just using some random public subnet based on a Google search. Glad to see you're not. Steve
• P

  Is my hardware sufficient?
  • pwnell  

  9
  0
  Votes
  9
  Posts
  106
  Views

  P

  @stephenw10
• C

  What is the difference between pfsense netgate appliance ( software base ) and pfsense open source install on your PC
  • chinoynoy  

  5
  0
  Votes
  5
  Posts
  115
  Views

  

  Yeah, the differences are small in terms of the software. There are some packages available in factory that are not available in CE, AWS Wizard, IPSec profile exporter. You can do those things manually anyway it's just much easier via the packages. We are able to tune the factory images in some ways as we know what hardware they are running on. The CE images have to be compatible with everything. But mostly by buying hardware from us you are funding development and you can be sure future versions will be compatible as we test that on all our hardware before release. Steve
• 

  1m ipv4 udp receive buffer errors
  • manjotsc  

  2
  0
  Votes
  2
  Posts
  47
  Views

  

  Disable any hardware off loading you might have. Check for other errors on that interface. Maybe a bad cable or failing NIC etc. Steve