General pfSense Questions

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

pfSense Hangouts are available on YouTube!
• ivor

3

0
Votes

3
Posts

1293
Views

A

Subscription done!!!
Share your pfSense stories!
• jdillard

18

0
Votes

18
Posts

9482
Views

P

I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
A

Unnecessary rules
• angdigi

2

0
Votes

2
Posts

31
Views

Reject for internal clients is a good option. It replies reject specifically to the client which means it immediately closes the connection rather than having to timeout. Be aware though that unless you enable logging on those rules you won't see it in the firewall log, unlike default blocked traffic. That can make troubleshooting harder. Steve
R

Redmine Data Issue
• rschell

1

0
Votes

1
Posts

11
Views

No one has replied
K

Fresh install internet access issue
• kimi4

15

0
Votes

15
Posts

173
Views

That looks to be working fine, it pulls an IP and then renews it every hour. Was it not working at that point?
D

pfSense 2.5.0 development status ???
• Diggy

2

0
Votes

2
Posts

66
Views

https://redmine.pfsense.org/projects/pfsense/issues?query_id=104
Change Keyboard Layout permanently
• pmisch

1

0
Votes

1
Posts

8
Views

No one has replied
R

Why is file sharing not recommended on a pfSense box?
nas samba nfs iscsi storage • • RAMChYLD

8

0
Votes

8
Posts

120
Views

P

pfSense is also an enterprise-capable firewall. I don't think you'd want to bet your real business on a Linksys or Asus from Walmart. Looking at it this way, you are getting enterprise-level performance and security for your home net at no required expense except what it takes to learn to manage it. Of course, being open source, you can always get creative and roll your own: https://github.com/pfsense/
L

Netflow Data from PPPoE Server
• leacho73

1

0
Votes

1
Posts

8
Views

No one has replied
S

Fresh Install Allows All Traffic
• scchearn

3

0
Votes

3
Posts

18
Views

S

Thank you. So I am not crazy after all.
S

Solved : how to add service name in pppoe server
• sagardawda

14

0
Votes

14
Posts

2153
Views

L

Hi, Sagardawa! I do not mean to bother you but the files you uploaded seem to be removed. I am now trying to settle my PPPoE server with a service name so that the clients would not connect to the undesired server. Could you kindly send the files again?
M

Interface with my AP cuts out regularly
• mh13

24

0
Votes

24
Posts

115
Views

Right but it will be limited to "converting" the media on the other side, which 1Gbit fiber. Not the same thing. If you want the same thing, use a switch to "convert" from fiber to copper.
T

New user. Cannot get wireless router to work with WAN. *** SOLVED ***
• thedharma

6

0
Votes

6
Posts

39
Views

M

Glad it's working. Yep, plugging the AP it into the switch is the preferred deployment. However, the other way would have worked also. All you needed were firewall rules on the re0 interface allowing the traffic out and then a NAT entry on the PIA interface for the 192.168.2.0/24 subnet.
N

sendto error: 65
• newUser2pfSense

11

0
Votes

11
Posts

140
Views

N

Well, I wish I could report that the new ONT didn't drop the internet, but it did. I have a call back into Verizon.
V

WAN packet loss when new LAN connection made
• vx

3

0
Votes

3
Posts

24
Views

V

Finally tracked the issue down which was with the firewall state sync. This was setup on seperate interface and seperated from normal LAN traffic via 802.1Q VLAN on switches (the two routers were in different areas and weren't possible to run another cable through). No idea why this was causing such problems but disabled now and rather a brief connection interuption if it switches over.
E

WAN_DHCP6 Pending
• Elliott32224

5

0
Votes

5
Posts

43
Views

E

@JKnott Thanks for educating on this. It does look like my modem (Netgear C7100V) has that set up.
P

Noob needs help with pfsense
• Perseverance66

7

0
Votes

7
Posts

78
Views

P

@stephenw10 Epic fail! on my part.... Wow, I'm betting I was trying to use the serial console image and should actually be using the VGA image instead... I'll double check when I get home. Thanks stephen!
R

URL Redirect for Search Engines
• rsaanon

7

0
Votes

7
Posts

83
Views

H

if you have control over those devices: https://docs.netgate.com/pfsense/en/latest/cache-proxy/wpad-autoconfigure-for-squid.html#setting-up-wpad-autoconfigure-for-the-squid-package or you can start messing with fake ssl certificates todo this transparently ... but thats messy
A

Remove LAN interface
• angdigi

28

0
Votes

28
Posts

148
Views

N

@angdigi said in Remove LAN interface: Isn't this considered "flapping". Maybe it's something on the NIC that's causing the issue and not the ISP.... Flapping is generally a term for when a mac address moves rapidly between different ports on a switch / switches.
D

pfSense halving Virgin fibre connection speed
• danneh82

10

0
Votes

10
Posts

144
Views

@danneh82 said in pfSense halving Virgin fibre connection speed: Swapped data ports (luckily ran extra drops!) and now getting full speed. The problem is probably at one of the connectors. Reterminating the cable should fix that or perhaps there's a bad connector. The cable itself rarely goes bad, unless physically damaged.
M

Add Custom Tables
• meaglerick

9

0
Votes

9
Posts

174
Views

Yes, there's no way to do that directly. You can try using the Netflix ASN in pfBlocker to create an alias then use that in a policy routing rule. https://forum.netgate.com/post/848939 Steve
S

how to deploy pfsense in the current network?
• success127

6

0
Votes

6
Posts

117
Views

M

Another vote for replacing the USG with PFsense. I haven't seen anything in your diagrams that would warrant having two firewalls in your environment.
T

Deny dhcp lease and lan access to unknow and unwanted devices
• T.Soprano

8

0
Votes

8
Posts

119
Views

yeah that would be a possibility I guess..
F

NAT - Source Hash netblock - assigning GW & Broadcast
• fusionp

4

0
Votes

4
Posts

48
Views

There's no other way I'm aware of I'm afraid. If you need to use source hash you need to use a subnet as the translation so you need to use a set of smaller translation rules. Steve
S

Exporting LetsEncrypt Certificates in Automated mode.
• smr

2

0
Votes

2
Posts

37
Views

Why do you need to do that if you're off-loading SSL in HAProxy? To do that though you would need to pull in the cert and then restart whatever service is using it in the VM. So a script running on the VM seems like the first option. Though allowing the VM direct access to the firewall is a security issue. You might be able to pull it via the gui using a user with limited access similar to the pull automated backup described here: https://docs.netgate.com/pfsense/en/latest/backup/remote-config-backup.html#pull-it Steve
C

Where does pfSense fit into the SD-WAN market?
• coreybrett

8

0
Votes

8
Posts

3927
Views

ZeroTier is a great solution... I use it on a bunch of devices in 2 different countries and I can operate everything as if they were on the same LAN. But if we could get it integrated into pfSense and run it at the router level, the entire sites could do the same (not just specific devices running ZeroTier locally on each device). https://forum.netgate.com/topic/91683/zerotier-one-as-a-package-100usd
B

PfSense as PXE boot server
• Balanga

14

0
Votes

14
Posts

9157
Views

F

nice! I'm working on a similar project. when I circle back to pxe boot from pfSense I'll expand on this.
Problems with flaky internet and pfSense
• Bob.Dig

38

0
Votes

38
Posts

235
Views

I would check for a missing or bad default route when this happens. Diag > Routes If there is no default route client traffic will not be able to get out. pfSense itself would not be able to ping out to arbitrary sites. However the gateway monitoring will show onlint because that has a static route via the WAN gateway. Do you have more than one gateway in System > Routing > Gateways? If the default IPv4 gateway is set to automatic setting it to the WAN dhcp gateway instead should get you back a default route if that is what you're hitting. Steve
N

Make Netgate XG-7100 and Cisco Mobility Express work together on 2nd WLAN
• noel.alanguilan

17

0
Votes

17
Posts

103
Views

Ok there are several problems there. Which port on the XG-7100 is connected to Unmanagedswitch1? It looks like it's probably on LAN so that would be port 2 only. That is the port you need VLAN3003 to be tagged out on. The switch config for vlan 3003 should read: vlangroup6: vlan: 3003 members 2t,9t,10t The actual VLAN group number there is not relevant. VLAN 3001 appears to be something else there. EDIT: Moved out of wireless, this isn't a wifi issue. Steve
S

Has any one use type transparent in DNS resolver?
• sabinlal28

1

0
Votes

1
Posts

21
Views

No one has replied
K

Need hardware for PfSense gateway!
• Keanu

4

0
Votes

4
Posts

136
Views

Hmm Ok, well I know you can order from Voleatech: https://www.voleatech.de/de/produkt/sg-5100/ They are probably closest to you and have stock of most of our devices. Steve
C

Dynamic DNS (route53) failing after moving from virtual machine to sg-3100
• Craquehead

2

0
Votes

2
Posts

25
Views

C

As is always the case, I was able to resolve this immediately after posting. the comments in https://www.ceos3c.com/cloud/aws-with-pfsense-part-2-route53-dyndns-with-pfsense/ suggest that there is some uncertainty around prefixing the zone id with "us-east-1" which may have changed around 2.4.0. My old VM had been through many upgrades so perhaps it was still working with the old value while my fresh install on the sg-3100 was not. I deleted the dynamic DNS entry entirely and recreated it from scratch with just the hosted zone ID sans the us-east-1 prefix, and it worked immediately. Hopefully this proves useful to someone in the future.
L

PfSense and Disabled Interfaces
• lucas1

7

0
Votes

7
Posts

129
Views

L

@stephenw10 said in PfSense and Disabled Interfaces: You're right. Yes really network cards were messed up (by FreeBSD itself). re0 became re1, and vice versa. Defined it as you advised on MAC addresses. Changed their places in the slots. re0 became re0, re1 became re1. kernel ae0: phy read timeout: 17. kernel arpresolve: can't allocate llinfo for on ae0 In the interface properties, remove auto-negotiation and set the exact connection speed, for example 100 FD.
A

my client cannot connect to the internet from LAN interface
• asti-mis

3

0
Votes

3
Posts

38
Views

A

Hi Sir Steve, Just to give you an update, my client is now able to ping external IPs, I just changed the Default gateway from None to Automatic under System>Routing>Gateways. Kindly see image below: My problem right now is, still my client was not able to access the internet or even ping 8.8.8.8 or google.com. Can you help me troubleshoot with this? I can't see any problem with our set-up. Below are some of my configs: YOUR HELP IS GREATLY APPRECIATED, SIR STEVE! :) GOD BLESS!
A

Alias table for FQDN is not updating.
• atul.chauhan

7

0
Votes

7
Posts

73
Views

@jimp Leonardo Acropolis thinks you are a genius.
G

PHP Error - Timezone
• guilherme_egb

7

0
Votes

7
Posts

69
Views

@guilherme_egb Thanks.
S

Setup specific traffic through VPN
• spiross

4

0
Votes

4
Posts

85
Views

S

That's great. Thank you very much. I'll give that a try and let you know how it goes. Many thanks
P

lets encrypt cert from pf sense to pydio
• pooperman

2

0
Votes

2
Posts

24
Views

how can I make the pydio work with the certificate? You don't. Install certbot on your pydio box and then let it get its own certificate.
V

Bootstrap XSS
• vmb

5

0
Votes

5
Posts

67
Views

The file could be stock and still not affected, it depends on the bug and how the library is used. I haven't looked deeply at that particular issue, but in similar cases in the past we've seen instances where we happened to not use a particular affected component so even though the vendor library was flawed, pfSense was not vulnerable. So it does take a bit deeper analysis than just inspecting version numbers. Still, it is very out of date, so we are certainly looking at what the impact of updating it will be.
G

fix current time
• guilherme_egb

20

0
Votes

20
Posts

103
Views

G

Sorry, I've answered wrong. Today, I'll try to change my time manually.

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 448

pfSense Hangouts are available on YouTube! • ivor

Share your pfSense stories! • jdillard

Unnecessary rules • angdigi

Redmine Data Issue • rschell

Fresh install internet access issue • kimi4

pfSense 2.5.0 development status ??? • Diggy

Change Keyboard Layout permanently • pmisch

Why is file sharing not recommended on a pfSense box? nas samba nfs iscsi storage • • RAMChYLD

Netflow Data from PPPoE Server • leacho73

Fresh Install Allows All Traffic • scchearn

Solved : how to add service name in pppoe server • sagardawda

Interface with my AP cuts out regularly • mh13

New user. Cannot get wireless router to work with WAN. *** SOLVED *** • thedharma

sendto error: 65 • newUser2pfSense

WAN packet loss when new LAN connection made • vx

WAN_DHCP6 Pending • Elliott32224

Noob needs help with pfsense • Perseverance66

URL Redirect for Search Engines • rsaanon

Remove LAN interface • angdigi

pfSense halving Virgin fibre connection speed • danneh82

Add Custom Tables • meaglerick

how to deploy pfsense in the current network? • success127

Deny dhcp lease and lan access to unknow and unwanted devices • T.Soprano

NAT - Source Hash netblock - assigning GW & Broadcast • fusionp

Exporting LetsEncrypt Certificates in Automated mode. • smr

Where does pfSense fit into the SD-WAN market? • coreybrett

PfSense as PXE boot server • Balanga

Problems with flaky internet and pfSense • Bob.Dig

Make Netgate XG-7100 and Cisco Mobility Express work together on 2nd WLAN • noel.alanguilan

Has any one use type transparent in DNS resolver? • sabinlal28

Need hardware for PfSense gateway! • Keanu

Dynamic DNS (route53) failing after moving from virtual machine to sg-3100 • Craquehead

PfSense and Disabled Interfaces • lucas1

my client cannot connect to the internet from LAN interface • asti-mis

Alias table for FQDN is not updating. • atul.chauhan

PHP Error - Timezone • guilherme_egb

Setup specific traffic through VPN • spiross

lets encrypt cert from pf sense to pydio • pooperman

Bootstrap XSS • vmb

fix current time • guilherme_egb

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter

pfSense Hangouts are available on YouTube!
• ivor

Share your pfSense stories!
• jdillard

Unnecessary rules
• angdigi

Redmine Data Issue
• rschell

Fresh install internet access issue
• kimi4

pfSense 2.5.0 development status ???
• Diggy

Change Keyboard Layout permanently
• pmisch

Why is file sharing not recommended on a pfSense box?
nas samba nfs iscsi storage • • RAMChYLD

Netflow Data from PPPoE Server
• leacho73

Fresh Install Allows All Traffic
• scchearn

Solved : how to add service name in pppoe server
• sagardawda

Interface with my AP cuts out regularly
• mh13

New user. Cannot get wireless router to work with WAN. * SOLVED *
• thedharma

sendto error: 65
• newUser2pfSense

WAN packet loss when new LAN connection made
• vx

WAN_DHCP6 Pending
• Elliott32224

Noob needs help with pfsense
• Perseverance66

URL Redirect for Search Engines
• rsaanon

Remove LAN interface
• angdigi

pfSense halving Virgin fibre connection speed
• danneh82

Add Custom Tables
• meaglerick

how to deploy pfsense in the current network?
• success127

Deny dhcp lease and lan access to unknow and unwanted devices
• T.Soprano

NAT - Source Hash netblock - assigning GW & Broadcast
• fusionp

Exporting LetsEncrypt Certificates in Automated mode.
• smr

Where does pfSense fit into the SD-WAN market?
• coreybrett

PfSense as PXE boot server
• Balanga

Problems with flaky internet and pfSense
• Bob.Dig

Make Netgate XG-7100 and Cisco Mobility Express work together on 2nd WLAN
• noel.alanguilan

Has any one use type transparent in DNS resolver?
• sabinlal28

Need hardware for PfSense gateway!
• Keanu

Dynamic DNS (route53) failing after moving from virtual machine to sg-3100
• Craquehead

PfSense and Disabled Interfaces
• lucas1

my client cannot connect to the internet from LAN interface
• asti-mis

Alias table for FQDN is not updating.
• atul.chauhan

PHP Error - Timezone
• guilherme_egb

Setup specific traffic through VPN
• spiross

lets encrypt cert from pf sense to pydio
• pooperman

Bootstrap XSS
• vmb

fix current time
• guilherme_egb