• Terrapin SSH Attack

    Pinned
    33
    16 Votes
    33 Posts
    41k Views
    STLJonnyS
    @willowen100 It basically forces your ssh (on the Windows side) to utilize that encryption algorithm. You'll need to do that on any machine you ssh from. I'd have rather found a more elegant workaround (preferably on the pfSense side, so the mod only has to be done in one location), but this works in a pinch.
  • pfSense Hangouts are available on YouTube!

    Pinned Locked
    1
    5 Votes
    1 Posts
    16k Views
    No one has replied
  • Share your pfSense stories!

    Pinned Moved
    76
    0 Votes
    76 Posts
    67k Views
    V
    Mine may be typical, maybe not..... Took over a large sennior living facility with a pretty robust it infrastructure spread between 4 IT rooms, 23 access points, 12-14 switches, and 200 internal devices and 200 guest/resident devices, all being run by a Sonicwall TZ350. I had been wanting to reallign everything network wise for some time but the TZ had 2 ports that were failing. I had worked with ClearOS from back in the ClarkConnect days and started searching for something similar. I found PfSense and it just fit what I wanted to do. I tested it a bit on an old Athalon64x2 rig for proof of concept and had planned on installing on a mini pc or something, but I wanted 6 nics. Standing in my main IT room I looked down and in the bottom of the rack were 4 HP DL380s, 2 of which were decommissioned 2 years ago. It's such huge overkill for hardware that it's hard to explain, but who wouldn't want redundant power supplies, raid 60 with 25 drives and remote system monitoring through ILO? lol I spun one up and loaded PfSense and started tweaking. 2 weeks ago I switched over and have been working out gremlins since.. Overall it's gone well, just one snag that a couple members here have been very kind in helping me work out. Thank you to this page for all the help. [image: 1697753147328-pfsense1.png]
  • To do 25.07 or not?! That is the question!

    38
    0 Votes
    38 Posts
    8k Views
    stephenw10S
    Are you using RAM disks? Also can we assume you mean a 4200 upgraded from 24.11 to 25.07.1?
  • IPv6 Link Local in Interface Status

    9
    0 Votes
    9 Posts
    648 Views
    A
    Hmm, what do you have OPT1 assigned to in that configuration? OPT1 is assigned to the em0 device, which is common to the WAN. There is additional information. When I close the PPPoE session using the Disconnect icon in the WAN interface status, the WAN interface status no longer displays any information, but the Interfaces Widget continues to display the IPv6 Address fore WAN interface, and the WAN interface in the console also continues to display the IPv6 Address.
  • Issue with WAN speed negotiation after upgrading from 2.7 to 2.8 or 2.8.1

    Moved
    20
    0 Votes
    20 Posts
    2k Views
    stephenw10S
    Yup. It appears this patch attempted to allow linking to ports where speed is fixed but duplex is still negotiated. Which seems like an extreme edge case, I don't think I've ever seen it. It has wound up introducing this but where igb is trying to negotiate the duplex and the other side is set fixed. Hence it falls back to half-duplex. Obviously it should be possible to just set it fixed because, yes, both sides must be set the same.
  • Upgrading from 2.7.2 tot 2.8.1 breaks

    13
    0 Votes
    13 Posts
    860 Views
    stephenw10S
    Mmm, it's not that old. I have an APU1 here and runs fine. But, yes, you need to create an account on the store but it's zero cost to get the Net Installer and try it that way.
  • 0 Votes
    4 Posts
    537 Views
    stephenw10S
    HAProxy proxies the traffic. So connections are to it directly. It then creates new connections to the backend servers to carry the traffic. So clients can connect to it on any IP address it listening on, But that access is filtered by firewall rules on whatever interface the traffic enters through. Thus for internal clients traffic to the proxy is filtered by the rules on the internal interface. External clients are filtered by rules on the WAN.
  • Strange Routing Issue

    24
    0 Votes
    24 Posts
    2k Views
    stephenw10S
    Could be a subnet conflict if they both have the same LAN subnet. That will be an issue when you try to tunnel traffic between them also if so. Change the LAN subnet on the new device to something unused. Otherwise nothing special should be required there. The default WAN setup as DHCP should work fine behind another pfSense install.
  • CARP Setup Constant Listen Queue Log Entries And Traffic Dropping

    11
    0 Votes
    11 Posts
    3k Views
    planedropP
    @stephenw10 Well the good news is I haven't been able to reproduce this at all. But also wish I knew what the actual cause was lol. This was enough to check off my "incident report" but would be nice to dig deeper, just not sure where to go from here with the logs I have so I guess that's that. I've made some changes similar to what I did when this happened (aliases, rules, IPsec tunnels, etc...) and nothing went wrong.
  • No-IP DDNS Client - Broken in 2.8.1 ?

    13
    0 Votes
    13 Posts
    1k Views
    J
    @stephenw10 BINGO !! Thanks again as ever. My ISP recently changed the behaviour on the fibre accounts. The upstream gateway showed offline - I changed the monitor IP and - all working - thanks so much!!
  • if_pppoe problems with php-fpm causing loops. (resolved)

    74
    0 Votes
    74 Posts
    12k Views
    C
    @stephenw10 Yep IP alias for me.
  • High CPU usage from egrep in pfSense+ v25.07.1

    23
    0 Votes
    23 Posts
    10k Views
    stephenw10S
    Still nothing logged at the point the RRD process start to rack up?
  • PHP error and log files

    3
    0 Votes
    3 Posts
    1k Views
    stephenw10S
    It looks like what actually triggered that 'crash' though was trying to open a 600MB file in Diag > Edit.
  • upgrading to 25.07, if_pppoe and new bug or what?

    19
    0 Votes
    19 Posts
    4k Views
    stephenw10S
    Oh you mean you have the PPPoE session running on the CARP VIP? Not the VIP on the PPPoE? That makes more sense. That's what was used in an HA setup previously. But that is not a supported setup. if_pppoe cannot run on a CARP VIP in the same way. I believe there is a user script being developed in another thread as a workaround.
  • how to identify Windows 10 PC's in LAN with PfSense

    4
    0 Votes
    4 Posts
    1k Views
    S
    @detox The "ver" command line program shows: C:\>ver Microsoft Windows [Version 10.0.26100.6584] The Windows command "winver" works also. I was asking if you see that in NtopNG since I have no idea. We don't identify that at the router because for our clients we have records of the PCs and most have our ITS TeamCare agent on them anyway, so we have all sorts of automated reporting.
  • How to diagnose a region error?

    6
    0 Votes
    6 Posts
    4k Views
    stephenw10S
    Unless you're somehow tunneling traffic to somewhere else in pfSense then that message is nothing to do with pfSense. It's the server telling you the source IP you're using (the pfSense WAN address) is not allowed to access it. For some reason. Now if you have a VPN setup in pfSense it could be tunnelling your traffic to some remote source IP that's in a completely different region. But where is the VPN server your client VPN connects to that then allow the connection?
  • ANNOUNCEMENT: ansible collection pfsensible.core 0.7.0 released

    1
    1 Votes
    1 Posts
    659 Views
    No one has replied
  • 0 Votes
    4 Posts
    2k Views
    S
    @TTWE can you post the logs around the 2:00 event?
  • sonewconn: pcb 0xfffff8004791b000

    5
    0 Votes
    5 Posts
    4k Views
    G
    @stephenw10 Yes, after reboot no issue. Good, but strange.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.