General pfSense Questions

• 

  pfSense Hangouts are available on YouTube!
  • ivor  

  2
  0
  Votes
  2
  Posts
  972
  Views

  A

  Subscription done!!!
• 

  Share your pfSense stories!
  • jdillard  

  18
  0
  Votes
  18
  Posts
  9065
  Views

  P

  I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
• V

  Issue with TFTP IP Phone Provisioning for phones behind PFSense
  • vividIT  

  1
  0
  Votes
  1
  Posts
  5
  Views

  No one has replied

• N

  DLNA, IGMP Proxy, VLANs, Subnets... Oh, dear...
  • nfld_republic  

  34
  0
  Votes
  34
  Posts
  169
  Views

  

  You can start it at boot with a shellcmd easily enough: https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html Yeah a gui page to select interfaces and set those options should not be hard. All the code exists in other packages. Steve
• T

  Asking here as I'm not sure if it's a firewall or nat problem.
  • throwawaytoday  

  4
  0
  Votes
  4
  Posts
  29
  Views

  

  Ah OK, then yeah it should be just a matter of adding the port forwards for those ports. Try connecting to it externally then check the state table for states on those ports. Steve
• S

  Big DNS Problems *Illustrated*
  • skalyx  

  23
  0
  Votes
  23
  Posts
  154
  Views

  

  Yeah, this seems much more likely to be a DNS resolution issue. I would try running the resolver directly in resolving mode if you are going to have DNSSec enabled and see if the issue repeats. Steve
• L

  pfSsense Fail - PHP Startup: Unable to load dynamic library...
  • loopery  

  7
  0
  Votes
  7
  Posts
  68
  Views

  

  It's probably a filesystem issue. It could be an upgrade failure. It's probably not hardware unless the drive is failing perhaps but I would expect bigger issues in that case. The fastest way to get back up is to re-install and restore your config from that situation. You can try this though since you still have command line access: https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#forced-pkg-reinstall Be sure to backup the config first though if you do. Steve
• P

  lan rule setup for webfiltering only with firewall rules
  • patelsaheb  

  6
  0
  Votes
  6
  Posts
  56
  Views

  

  You can use Squid ACLs directly rather than using Squidguard if you really wanted to. It's far more complex though. Steve
• A

  pfSense not recovering from WAN event
  • axxxxe  

  5
  0
  Votes
  5
  Posts
  30
  Views

  A

  Yes!
• I

  OpenVPN client cannot see VLAN network(s)
  • ITNiels  

  4
  0
  Votes
  4
  Posts
  27
  Views

  

  I try!
• S

  Firewall public routing
  • Sessa45  

  10
  0
  Votes
  10
  Posts
  78
  Views

  

  Hmm, well you would first need to configure a tunnel from the server to pfSense. That could be a number of things but an OpenVPN tunnel is probably the easiest to work with in pfSense. Then configure the server to listen on the VPN tunnel address and forward queries to it over the tunnel in pfSense. Is there some reason you're doing this? There might be a much better solution if we knew what you are trying to workaround with this setup. If you can't install pfSense in front of the server can you just move the server to behind pfSense for example? Steve
• K

  WAN IP redirect to LAN
  • keeng1  

  3
  0
  Votes
  3
  Posts
  38
  Views

  

  Like based on source IP maybe? You can set that too in a port forward or 1:1 NAT. Steve
• T

  Unraid and Ubiquiti Unifi: STUN Communication failed
  • truetype  

  14
  0
  Votes
  14
  Posts
  3856
  Views

  Q

  @truetype Okies nevermind, I found out the issue. I had put a pass between the two subnets, BUT i forgot and left it at TCP and not any, so UDP was not passed. Dumb mistake, but I hope it helps someone who googles and finds this. Check firewall rules!
• Z

  OPT1 connect WAP
  • zemlik  

  16
  0
  Votes
  16
  Posts
  51
  Views

  Z

  @Gertjan OK problem resolved. Seems I didn't have enough protocols allowed on OPT1 working now and also NTP on WAP thanks ever so much for assist.
• L

  Intel MDS vulnerabillity and Hyperthreading
  • Longreen  

  1
  0
  Votes
  1
  Posts
  30
  Views

  No one has replied

• S

  Unexplained WAN/Gateway Packetloss?
  • Spicy Spice  

  2
  0
  Votes
  2
  Posts
  29
  Views

  

  Try setting the monitoring IP to something other than the gateway IP, so 8.8.8.8 for example is commonly used. That gives you a better idea of actual connection quality. The ISP gateway usually doesn't guaranty ping response. Steve
• B

  Using another router behind pfSense as an wireless AP
  • badgerlolz  

  7
  0
  Votes
  7
  Posts
  87
  Views

  

  The router used as an access point can, and probably should, be on the same subnet just set as static and outside the DHCP range.... and not the same IP as anything else! That way you will still be able to access it's interface to check signal strengths or make further changes. Steve
• B

  help with purpose and life of /cf/conf/lastpfSbackup.txt
  • bbrendon  

  2
  0
  Votes
  2
  Posts
  26
  Views

  

  What problem are you seeing? Looking at firewalls here it contains the correct time of the last ACB backup. Steve
• T

  Time for PGP signed sha256sums?
  • tkerin  

  1
  0
  Votes
  1
  Posts
  27
  Views

  No one has replied

• W

  Pfsense, No internet when it is said "You are connected".
  • weiphyo  

  36
  1
  Votes
  36
  Posts
  2513
  Views

  

  Going to need more than "has no internet."
• J

  Behind Pfsense Slow my Download Speed
  • Janiboy  

  7
  0
  Votes
  7
  Posts
  101
  Views

  J

  @akuma1x This is a hotel network ISP>PFSENSE>SWITCH>AP>Users
• N

  Best Way to Achieve this?
  • nambi  

  4
  0
  Votes
  4
  Posts
  44
  Views

  

  @nambi said in Best Way to Achieve this?: if I have something else using 443 would I then need to use the reverse proxy? That's one way. You could also reconfigure the web listen port for one of your servers to some other port. I tend to avoid using a reverse proxy because its extra complexity with potential issues that I'd rather avoid. Also yes, VLANs give you network separation as if they were physical interfaces. You always want to provide a gap between front-facing services and your LAN so that any exploited servers aren't used as a stepping stone to taking over your network.
• J

  Every couple of weeks pfSense completly stops responding?
  • JohnnyBeGood  

  29
  0
  Votes
  29
  Posts
  566
  Views

  

  Yup, that could be it. Though that's not one of the symptoms usually seen with Realtek NICs I would not rule it out. Steve
• A

  User Manager Access
  • ahking19  

  4
  0
  Votes
  4
  Posts
  38
  Views

  A

  @jimp said in User Manager Access: b9ed452dbba4689e6280efa7f503e30809a3d8e4 Thanks, that worked! I didn't know about the System Patches package. Pretty slick. -Andrew
• W

  Setting up pfSense and L3 switch
  • Wholelottapfsense  

  10
  0
  Votes
  10
  Posts
  178
  Views

  H

  Sometimes I like to overcomplicate my home network too. I use it to learn new things. Most of the time, I get back to previous design but, in the process, I've learned something and sometimes even stump on stupid errors made before. I love KISS technology but it's nice to go over the head sometimes. ;)
• N

  Dual WAN load Balancing + Squid Web Proxy
  • noor92  

  1
  0
  Votes
  1
  Posts
  10
  Views

  No one has replied

• P

  Shell - Restore Factory Defaults
  • penicheiro  

  3
  0
  Votes
  3
  Posts
  29
  Views

  P

  @stephenw10 thanks. Thankfully I had a good recent backup. Reinstalled pfsense via image provided by Netgate, restored backup back in business. Thank you
• P

  Connections dropping under heavy load
  • pedreter  

  18
  0
  Votes
  18
  Posts
  178
  Views

  

  I mean 10k states per client does seem..... high! But it depends what those clients are doing. If those are all legitimate states then you could be hitting something else more quickly than we would otherwise expect. But, yeah, did disabling pfSync on the secondary correct the connection drops you were seeing? Steve
• J

  Azure pfSense ipsec IP Forwarding
  • jdemmer  

  2
  0
  Votes
  2
  Posts
  37
  Views

  J

  Solved by adding static routes in azure pfsense and adding UDR routes of the remote network in the azure route table....finally!
• D

  Hello all. Just got a msg, "pfSense has detected a crash report or programming bug."
  • davey_bones  

  8
  0
  Votes
  8
  Posts
  143
  Views

  D

  Yep, it does seem right the drive failed after power surge thru the network. Took out one of my switches and two of my Ethernet ports on the server also........
• D

  MAC cloning on SG-1100
  • darkqueman  

  4
  0
  Votes
  4
  Posts
  32
  Views

  N

  Oh I forgot they’re switch ports, I guess you’d need to go into the switch part of the config and change the main interface mvneta0. https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/getting-started.html#mac-address https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html
• S

  Manual Restore
  • Stewart  

  17
  0
  Votes
  17
  Posts
  113
  Views

  S

  @stephenw10 When I do a backup/restore I always do that and make sure I grab every option I have and it always moves over. At this point it doesn't really matter all that much as I'd be losing the recent stuff anyway. Now it's just a matter of how it can be done and if it works manually.
• T

  pfSense n00b (Smoothwall user)
  • The_Librarian  

  12
  0
  Votes
  12
  Posts
  176
  Views

  

  Are we correct in thinking both pfSense and Smoothwall have a WAN IP in the 192.168.8.0/24 subnet in your test setup? Steve
• D

  pid 27436 (snort), uid 0: exited on signal 11
  • digger30  

  2
  0
  Votes
  2
  Posts
  16
  Views

  

  Do you have the Service Watchdog package enabled? If so, you must not use it for Snort! That is one cause of this problem. Check to see if you perhaps have gotten multiple instances of Snort on the same interface. Run this command from a shell prompt on the firewall: ps -ax | grep snort If Snort is running, you should see only one process per configured interface. If you see two Snort processes with the exact same information and arguments, then you have a zombie running. If this is the case, kill all Snort instances and start Snort on each interface again from the GUI. Finally, it's possible some particular rule you have enabled is the source of the crash. A Signal 11 error is basically a segment fault (meaning a process attempted to access memory that was out-of-bounds for that process). I run Snort on my personal home firewall and have no issues with crashes. I don't run the OpenAppID rules, though. And there is no guarantee that even if two people run the same rule categories that they have the exact same rule SIDs enabled. So it's hard to compare apples-to-apples when talking about IDS/IPS setups.
• T

  Cannot send mails using office365 smtp server
  • TheNetStriker  

  19
  0
  Votes
  19
  Posts
  25607
  Views

  V

  @bethelcolonyit. Helped in big way. Thank you so much for the poast
• L

  What is wrong with pfsense?
  • lmh1  

  6
  0
  Votes
  6
  Posts
  193
  Views

  

  @lmh1 said in What is wrong with pfsense?: system_crlmanager.php So you are using this page : and then what ? Clicked on one of the green buttons and you fed it with a something that isn't recognized ? You want to revoke a certificate ?
• O

  Crash after upload speed test
  • o51  

  2
  0
  Votes
  2
  Posts
  32
  Views

  

  Try this Realtek driver: https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release -Rico
• D

  THE NEW GATEWAY BLOCKS INTERNET ON pfSense
  • DAVID 1  

  3
  0
  Votes
  3
  Posts
  86
  Views

  

  Yeah you can't have the same subnet on two interfaces. Is that what's happening here? Or this other 'WAN network' a router on the LAN side of pfSense? A diagram would probably be helpful here. Steve
• F

  Login successful, but browser not allowing it
  • felesaerius  

  18
  0
  Votes
  18
  Posts
  3765
  Views

  

  I will just add here that I am not seeing this and I connect to many different pfSense boxes everyday using Chromium by IP address. Whatever it is you're hitting seems more nuanced than just that. Steve
• I

  PFsense Intel CPU MDS Vulnerabilties
  • Iceman  

  6
  0
  Votes
  6
  Posts
  155
  Views

  I

  @chrismacmahon Awesome, thank you sir!