General pfSense Questions

• 

  pfSense Hangouts are available on YouTube!
  • ivor  

  2
  0
  Votes
  2
  Posts
  1163
  Views

  A

  Subscription done!!!
• 

  Share your pfSense stories!
  • jdillard  

  18
  0
  Votes
  18
  Posts
  9361
  Views

  P

  I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
• S

  randomly lose connection to pfsense router
  • ssattannae  

  23
  0
  Votes
  23
  Posts
  154
  Views

  S

  the laptop is connected to the pfsense box via a usb to ethernet adapter. I've tried different cables but no dice. Though I'm curious as to why restarting pfsense would make it work again. Edit: I forgot to mention one detail is that dhcp is on LAN interface.
• R

  Confused behind pfsense.
  • rEGiLAyt  

  4
  0
  Votes
  4
  Posts
  55
  Views

  

  Your graphs show your moving quite a bit of data.. You running p2p on that connection? 300-500kbps looks like.. 5ms to your local router seems pretty high..
• B

  What IF's to enable TFTP Proxy on ?
  tftp voip • • bingo600  

  4
  0
  Votes
  4
  Posts
  24
  Views

  

  You need to enable it on the entry interface of every firewall the initial request passes though passes through. Steve
• K

  pfSense crash after Blackout
  • keen  

  3
  0
  Votes
  3
  Posts
  36
  Views

  

  Your filesystem is damaged. Not even ZFS is guaranteed to survive a sudden power off condition intact if the underlying disk hardware is not enterprise class. Most consumer-level disks (even SSDs) will tell the operating system something is written to disk before it actually is. This is a result of internal caching within the disk electronics itself. So if power is lost at the right time, data can get scrambled even using ZFS. You always need a UPS on a computer, and most certainly on a firewall. You also need to run one of the UPS packages available for pfSense (nut or apcupsd) with a connection to the UPS so that the UPS can signal the firewall when battery exhaustion is near and the firewall can shutdown gracefully. I'm not a ZFS expert. There may be some command in ZFS that is similar to the old fsck command used by UFS. Google would be your friend. Another option is to attempt to grab the config.xml file from the firewall and perform a fresh install while importing the old configuration.
• C

  What is the difference between pfsense netgate appliance ( software base ) and pfsense open source install on your PC
  • chinoynoy  

  23
  0
  Votes
  23
  Posts
  289
  Views

  C

  @stephenw10 i like overkill i will go for 3100 and 5100 for the main office. I am also considering upgrading our bandwidth. What do you suggest for a stable vpn connections, or is my current bandwidth are enough?
• A

  Want to Access Switch from a Different Subnet.
  routing subnet • • aeboi80  

  23
  0
  Votes
  23
  Posts
  140
  Views

  

  So a smart/managed layer 2 then ;) BTW, if your going to route and your wanting to access something on your downstream from a IP that is on your transit network you are always going to run into asymmetrical problems.. If you want to route to other networks on your downstream, then that needs to be connected to your upstream router via a transit network.. If you going to want to get to it from devices on your transit network.. Then you need to host route on them, or you run into the above asymmetrical problem. Connect your upstream to your downstream via transit network (no hosts on it) and your asymmetrical issues are gone Also if you created your SVI on the L2 that your 10 network is on, then its IP would be in the 10 nework.. If you created put the svi on a different L2, then you need to route it via a transit or host routes or your going to have the asymmetrical problems.
• M

  Chelsio T520 not working as WAN interface
  • mikenemat  

  25
  0
  Votes
  25
  Posts
  829
  Views

  

  Ok so you can ping out though? Try pinging out with large packets: ping -s 1000 -c 3 1.1.1.1 Try different sized packets to see if you really are seeing an MTU issue. Steve
• V

  Very high CPU usage every 15 minutes
  • ViniciusBr  

  32
  0
  Votes
  32
  Posts
  203
  Views

  V

  Well, take a look at the previous 48hs: I will double check the Hyper-threading on the bios. Thanks a lot for the help!
• K

  Disconection from pfsense
  • Khampol  

  6
  0
  Votes
  6
  Posts
  58
  Views

  K

  @stephenw10 Thanks and noted!
• C

  [SOLVED] WAN Static IP with Virtual IPS
  wan static ip virtualip • • crooskey  

  6
  0
  Votes
  6
  Posts
  38
  Views

  

  With IPAliases you can usually use either /32 or the correct subnet size. The important thing is you have at least one IP defined on the interface with the correct subnet in order to add the correct routing. https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html#ip-alias Steve
• Y

  Accessing VLAN from LAN
  • ypapouin  

  6
  0
  Votes
  6
  Posts
  35
  Views

  

  You could narrow that destination to just the PBX IP if that's the only thing you need access to in that subnet. Steve
• S

  Pfsense with no WAN and a gateway on the LAN. Traffic issues from WIFI subnet.
  • scotttiamit  

  4
  0
  Votes
  4
  Posts
  26
  Views

  

  Yes, bridging the interfaces would allow the ISP router to 'see' the wifi subnet directly but it would still need an IP in that subnet to respond from which it does not have. With the outbound NAT rule as you have it you are passing all the wifi traffic across the LAN subnet which means, unless you have blocked it in pfSense, wifi clients will be able to access any LAN client which you might not want. Steve
• D

  User manager does not give the expected options
  • dsanchez  

  6
  0
  Votes
  6
  Posts
  26
  Views

  D

  Thank you very much, for the help the patch worked perfectly and already shows the view I needed, excellent help.
• A

  pfsense HD constant spin-up and spin down
  • aciampoli  

  20
  0
  Votes
  20
  Posts
  118
  Views

  A

  Update from my end, I think I figured it out... After @chpalmer last msg, I went back to the "Hard disk standby time" settings and it was set to 180, which even if the systems was using the 180 mins it still didn't make any sense as to why is was spinning up/down so quickly. What I did is set it back to Always on and after saving and rebooting there are no more spin ups or downs. thank you.
• T

  change theme in Pfsense
  • tjabas  

  6
  0
  Votes
  6
  Posts
  105
  Views

  

  @tjabas said in change theme in Pfsense: router after about 5 years Wow. From what version did you came from ?
• C

  user manager not working
  • coffeecup25  

  4
  0
  Votes
  4
  Posts
  48
  Views

  C

  @stephenw10 Thanks. I reactivated user admin for now and bookmarked the screen it should have gone to for other admin level users (me really).
• W

  pfSense drops Internet ?
  • wangel  

  18
  0
  Votes
  18
  Posts
  101
  Views

  W

  @chpalmer Done. Will monitor/report back if it happens anymore. Thank you sir!
• 

  opsense do not show users name AD
  • radarz  

  8
  0
  Votes
  8
  Posts
  143
  Views

  

  Just so you know there is no single sign-on style solution here. Clients have to login to the captive portal to access anything and then can have limiters applied against their traffic. Steve
• R

  Internet access from computers in LAN
  lan wan pfsense lan wan • • rgmagritte  

  9
  0
  Votes
  9
  Posts
  76
  Views

  

  pfSense should not have a LAN gateway. If you have that set on the LAN interface remove it. Then go to System > Routing and make sure the WAN gateway is set as default. The fact you are able to reach the webgui shows it must be working to some extent. Steve
• M

  Auto reboot
  • Menegas  

  9
  0
  Votes
  9
  Posts
  70
  Views

  

  Does it reboot because of some event? Do the logs show it rebooting or shuting down? Or do they just show it running then suddenly booting as though it was hard power cycled? The logs immediately before Sep 9 21:16:47 syslogd kernel boot file is /boot/kernel/kernel should show that. I assume no other VMs are rebooting at that time? Steve
• G

  Strange DNS queries from pfSense
  • gchialli  

  13
  0
  Votes
  13
  Posts
  119
  Views

  

  @bmeeks would know what snort can do and or should do - he is the snort guru around here that is for sure ;)
• S

  What can I do with the extra ports of a quad port NIC for home usage
  • shawn8888  

  7
  0
  Votes
  7
  Posts
  98
  Views

  P

  DMZ? WiFi AP for a Guest Network? ISCSI to a XigmaNAS? :)
• H

  Port forwarding port 80 to port 8080
  • Havok  

  18
  0
  Votes
  18
  Posts
  166
  Views

  

  Yup. Upgrade. You will see that port 8080 traffic blocked in the firewall log though as I suggested some time ago. That will confirm the issue. Or just add the rule and restest. Steve
• B

  My pfSense Story...
  • boii5  

  14
  0
  Votes
  14
  Posts
  271
  Views

  

  Yeah its quite possible he asked the local IT support at his office.. And he brushed him off by dropping a name... Guess he is lucky he didn't drop say palo alto or the like as the name - or maybe this guy would be down 20k+ vs the 300 and in the same boat ;) Not sure where these users get the idea that security is easy, and or push a button. There is no device you drop into or in front of your network be it 300 or 10k in cost that makes your network secure - NONE... No matter what firewall you buy, no matter what software you run.. All just tools, how you use the tools requires atleast understanding the basic concepts of what the tool does and how to use it.. And you need to know which tool you need as well, or your going to be pounding on that screw with your 300$ hammer screaming this hammer freaking sucks!!
• K

  pfSense Squid https filtering ERROR - URL cannot be retrived
  • kor_sal  

  2
  0
  Votes
  2
  Posts
  17
  Views

  K

  Ohh now i already solve it( Common i untick do not allow ip..) and it work.
• T

  Status and checks...
  • turnbulld  

  7
  0
  Votes
  7
  Posts
  119
  Views

  

  @turnbulld said in Status and checks...: That's for sure the SNMP info. Noop. But the same source. It's Munin digging into the system using whatever is needed to present stats. The plugins are written in ... perl, C, bash, etc. @turnbulld said in Status and checks...: As with what you linked, there is nothing specific to the load balancer which I find a little odd. Probably because I do not have multiple WAN's, so I didn't activate 'load balance' related Munin plugins. @turnbulld said in Status and checks...: list of commands that are the source of the data on the dashboard. The code is the source - it reads like a manual.!! The widgets on the dashboard are just PHP files. Everything is in there - here /usr/local/www/widgets/widgets/....
• C

  Bandwidth Throttling ?
  pfsense • • Carlos Magalhaes  

  8
  0
  Votes
  8
  Posts
  61
  Views

  

  i will try also to clone the MAC address from the providers router to pfsense pppoe interface
• M

  [Q] pfSense on Hyper-V 2012R2 - transparent mode - possible? {YES}
  • mdalacu  

  22
  0
  Votes
  22
  Posts
  187
  Views

  

  Yes you can. Be sure to snapshot it if you need to go back though, you cannot downgrade in the same way. Steve
• T

  SSH tunnel no longer working
  • Twist3d  

  6
  0
  Votes
  6
  Posts
  98
  Views

  

  Hmm, only time I've seen odd behaviour a little like that was when the firewall could not open a state because all the IPs and ports matched. So as though it tries to open several SSH connections to the same internal IP using the same source and destination ports. Which would never normally happen with SSH. The client would normally use a random source port for each connection and the remote side NAT device would usually randomise it anyway. It would be worth running a packet capture at the remote side to see what actually happens though. Steve
• R

  Recurring Shutdowns
  • rm  

  7
  0
  Votes
  7
  Posts
  75
  Views

  

  I've seen that before. I usually open them up, grab my multimeter and test each cell under load and replace the bad one(s). Sometimes they can hold a full charge but die as soon as they're under load.
• A

  Ruckus Access Points Heartbeat lost in LAN
  • admins  

  5
  0
  Votes
  5
  Posts
  44
  Views

  

  As chpalmer explained nicely - unless your network is different than what you have stated pfsense would not be involved in the conversations between the AP and ZD.. Devices on a network do not talk to the gateway (pfsense) to talk to other devices on the same network.. They only need to send traffic to the gateway, to get OFF the network they are on.. Since from your statement these devices are all on your LAN, pfsense is not involved in the conversation.. The only possible involvement pfsense could have is if the devices are using pfsense to resolve some fqdn to know where to send the hearbeat. But I have to assume they just talk to an IP, and not some fqdn that needs to be resolved. Only other involvement that pfsense might have, is if these devices are dhcp, and your dhcpd is running on pfsense.
• D

  notify_monitor.php causing 100% CPU usage
  bug 2.4.4 high cpu • • daveslab  

  5
  0
  Votes
  5
  Posts
  44
  Views

  

  That file could only be stuck if somehow the notifyqueue_running lock is stale or not being released. Maybe something in your notification settings is broken and it can't get messages out.
• W

  draytek vigor 132 with pfsense
  • wheelhouse20  

  5
  0
  Votes
  5
  Posts
  49
  Views

  W

  i found in the end it was just too confusing for me......
• H

  Behind pfsense and my download speed is cut in half
  • hpspar05  

  45
  0
  Votes
  45
  Posts
  307
  Views

  

  Ha. Classic!
• 

  Sonos speakers and applications on different subnets (VLAN's)
  • Qinn  

  58
  8
  Votes
  58
  Posts
  4195
  Views

  

  This is a great little tool for testing of multicast streams. https://support.singlewire.com/s/software-downloads/a17C0000008Dg7AIAS/ictestermulticastzip Simply launch the program one on the transmit side and one on the receive side and set accordingly. If multicast is making it then you will see the packets on the screen.
• M

  pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable
  • mix_room  

  12
  0
  Votes
  12
  Posts
  211
  Views

  M

  @stephenw10 said in pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable: Do those tunnels come up correctly after bootup is complete? If so that might just have to be considered log spam if those fqdns actually need to be resolved. Otherwise you could just use IPs there or maybe add static entries for them. The endpoints are on dynamic IPs, hence the need for hostnames. They resolve to dynamic ones. The tunnels come up, I would consider it log spam.
• 

  pfSense to cisco 10gb
  • kiokoman  

  11
  0
  Votes
  11
  Posts
  110
  Views

  

  well i can't set MTU to 9000. raspberry does not support MTU greater than 1500, and i have one with kodi that i use with my NAS and one configured as ntp server
• C

  uPnP Issues
  upnp open nat nanoleaf • • cobhc  

  3
  0
  Votes
  3
  Posts
  55
  Views

  C

  @stephenw10 Managed to solve it myself. I don't know how I missed this before when I created the VLAN's I created them on igb2 rather than igb1 which is where my LAN network resides. I changed that and now everything is working fine as it was before I started a fresh configuration. Thank you for the suggestions anyway!