Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. General pfSense Questions
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • ivor

      pfSense Hangouts are available on YouTube!
      • ivor

      1
      1
      Votes
      1
      Posts
      2184
      Views

      No one has replied

    • jdillard

      Share your pfSense stories!
      • jdillard

      37
      0
      Votes
      37
      Posts
      11109
      Views

      AKEGEC

      Former organisation hunts companies who are practicing corruption, collusion and nepotism. Usually, these organisations do hostile takeover of other companies. The organisation's goal is one organisation to control them all.

      Short story, me and a few of my colleagues resigned because of their new policies against our conscious and moral values. Remember! Just do the opposite of what this organisation tells you. If they advised you and your family to implant microchipped (WO/2020/060606) for (Covid) prevention, refuse it. When they tell you don't use an open source OS/firewall/router like pfSense, use it. That's my story on why I use pfSense.

    • chudak

      "igb1: link state changed to UP/DOWN" is it benign ?
      • chudak

      1
      0
      Votes
      1
      Posts
      1
      Views

      No one has replied

    • Z

      pfSense 2.5.0 boxes with WireGuard keep crashing (both!)
      • z3us

      18
      0
      Votes
      18
      Posts
      126
      Views

      jimp

      Is it all regular L3 traffic from one subnet to another? Or could some of it be trying to send broadcast or multicast on the WireGuard interface?

      I wouldn't think so, since it can't be bridged and that would typically involve something like Samba running on the firewall (which it can't) but it makes me curious.

      Also what entries do you have in "Allowed IPs" on both sides? Is it empty? Or do you have the remote subnets listed?

      If you have the Allowed IPs list filled in, could something be trying to route across WireGuard that isn't listed in Allowed IPs?

    • D

      disable user change admin password account
      • dzung042

      3
      0
      Votes
      3
      Posts
      17
      Views

      noplan

      @divsys
      yes !
      so far confirmed

    • A

      NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat"
      • aniel

      8
      0
      Votes
      8
      Posts
      56
      Views

      johnpoz

      @aniel said in NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat":

      192.168.1.x:5000 (dsm diskstation)

      Dude you have your dsm open to the public?? That is NOT a good idea at all!!

      I also have a synology nas.. So I could for sure duplicate that.. Why would you do that.. Not a secure Idea to open that to the public internet..

      I access DSM pretty much every single day, multiple times a day.. Just hit it via is local dns name in my case nas.local.lan.. I have this as entry in my pfsense dns..

      edit: BTW - its not "u" guys.. Its the netgate/pfsense guys - I have nothing to do with.. I am just a glorified garbage man deleting spam ;) hehehe... Nothing more than a user like you with the ability to delete spam off the forum ;)

    • A

      XG-7100 1U for the webserver gateway
      • aie.sakaki

      5
      0
      Votes
      5
      Posts
      55
      Views

      DaddyGo

      @aie-sakaki said in XG-7100 1U for the webserver gateway:

      Any recommendation for any extra package to secure the webserver?

      I would put this directly on the web server, it was invented for this:
      WAF
      https://modsecurity.org/

      BTW:
      Be careful, with a lot of filtering and restrictions on NGFW in front of WEB server, because in the end no one can see your page 😉

    • chudak

      Recover via WebGUI feature
      • chudak

      5
      0
      Votes
      5
      Posts
      44
      Views

      chudak

      @jimp said in Recover via WebGUI feature:

      No, that is not viable.

      It was more like a dream :)

      (On the 'ceph' project we've been taking about "downgrade" feature for a long time and still talking...)

      But it's a nice dream !

    • S

      pfSense keeps rebooting with pfBlockerNG 3.0 devel installed
      • Smoothrunnings

      1
      0
      Votes
      1
      Posts
      23
      Views

      No one has replied

    • S

      Want to only allow on my WAN port
      • Smoothrunnings

      1
      0
      Votes
      1
      Posts
      21
      Views

      No one has replied

    • W

      Consolidate 2 PFsense machine into one machine
      • waimun.wong

      16
      0
      Votes
      16
      Posts
      188
      Views

      W

      Thanks @maverickws . The purpose of this revamp:

      they wanted to use only single pair of pfSense so that it can handle the traffics for the whole subnet 172.16.0.0/21. For eg 172.16.1.0/24 for client A, 172.16.2.0/24 for client B, 172.16.3.0/24 for client C and so on. Initially there are 2 WAN as in 2 ISP, 1 for each pair of the old pfSense unit. So now will be reduce to only 1 WAN (1 ISP). I will need to create few VIP at the new pfsense as a gateway for each subnet, for eg 172.16.1.1/24 for client A, 172.16.2.1/24 for client B, and assign VLAN to each of the subnet and configure some rules so that they wont be able to communicate with each other.
    • Antonio Briguglio

      Rule to block sending email through port 25 which is not secure.
      • Antonio Briguglio

      16
      0
      Votes
      16
      Posts
      173
      Views

      Antonio Briguglio

      @johnpoz OK thank you very much 👍 😊

    • chudak

      To 2.5.0 or not ? that is the question :)
      • chudak

      81
      1
      Votes
      81
      Posts
      2370
      Views

      B

      Installed fresh from 2.5 image.
      restored 2.4.5p1 .xml.
      Everything works again, EXCEPT LAN Traffic Graph.

      Bummer, something in my .xml config?
      I can't seem to find the reason...

      @buggz said in To 2.5.0 or not ? that is the question :):

      Hmm, well, cleared the error, but still no traffic for LAN shown on the Traffic Graph...

    • R

      I want to block Facebook from certain clients on my network.
      • Roy360

      1
      0
      Votes
      1
      Posts
      26
      Views

      No one has replied

    • D

      PC Engines APU2 + pfsense 2.5.0
      • dgoogle

      6
      0
      Votes
      6
      Posts
      133
      Views

      D

      thanks @daddygo for the reference/information. I'll check it out and see if it resolves the problem

    • chudak

      "arpresolve: can't allocate llinfo for <gw_ip> on igb0" ??
      • chudak

      1
      0
      Votes
      1
      Posts
      20
      Views

      No one has replied

    • S

      Extremely Frustrating Outages
      • Stewart

      40
      0
      Votes
      40
      Posts
      606
      Views

      S

      @chpalmer Escalating with Spectrum gives me "Call us again on this and we'll bill you for coming out." I've had multiple techs go out to both sites. The techs that go on site say they put the modem in their "SCOPE" system which puts them in Device Watch. That allows the techs to go back and look at history for the unit. BUT, when you call in and talk to a CSR every one of them says that they no longer use that system. Only the techs onsite can setup or see into the SCOPE system now but you can't get a tech onsite without the possibility of them billing for every visit. Even then they just troubleshoot the moment and don't even refer to it unless you make it a point to make them. It's crazy. But still better than every DSL provider and AT&T U-Verse in this area. You pick your poison.

    • L

      PFsense 2.5 RC OpenVPN/ExpressVPN problem
      expressvpn networking open vpn problems vpn • • LayerThree

      39
      0
      Votes
      39
      Posts
      744
      Views

      B

      @layerthree said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

      So the "Don't pull routes" solved the whole problem.

      Follow the guide, except this step and then restart ur machine. After this everything works.

      Thank you for ur help!

      I posted in the other thread. I just reset up my provider that wasn't working

      it connected. but if I restart the tunnel. traffic stop passing again

      you?

    • T

      Openvpn don't route to ipsec
      • Thiago 0

      4
      0
      Votes
      4
      Posts
      19
      Views

      JKnott

      @thiago-0

      There are some issues with OpenVPN on the new version. Check the OpenVPN forum.

    • X

      Pfsense FW behind to Mikrotik WiFi router
      • xplozia

      2
      0
      Votes
      2
      Posts
      18
      Views

      DaddyGo

      @xplozia said in Pfsense FW behind to Mikrotik WiFi router:

      What I have to do in Mikrotik in order to redirect all traffic to the Pfsense?

      Hi,

      This seems more like a MikroTik forum issue. 😉

      Proposal:
      Why not the pfSense is your main router + firewall

    • G

      QAT vs AES-NI
      • gabacho4

      1
      0
      Votes
      1
      Posts
      41
      Views

      No one has replied

    • A

      Expired Certificates not visible in GUI
      • aeleus

      6
      1
      Votes
      6
      Posts
      76
      Views

      jimp

      There is a potential for some things to be different, and moreso as time goes on, but for the time being most of the PHP code is the same on both.

      It's worth trying, and if there is a need for a patch specific to Plus 21.02 we can generate one of those as well.

    • S

      Issue with certificates after 2.5 upgrade
      • sbs

      8
      1
      Votes
      8
      Posts
      180
      Views

      jimp

      That's what happened with the one I received from the other user as well, I couldn't base64 decode it even on other systems.

      You don't need those certs on the firewall unless you need to use them for export in some way, though. If the users have them already, they can keep using them. If they need to get a new copy you could use that opportunity to give them a new one.

      As long as you know the cert serials you can revoke them without the certs being present in the GUI, too.

    • L

      Epson WP-4530 showing as offline
      • larryjb

      3
      0
      Votes
      3
      Posts
      40
      Views

      L

      That's what I thought, so I checked the Status->DHCP Leases immediately after printing and it was still "offline". Oddly enough, my Epson R3000 which I haven't printed from in over a day is showing as "online", but the WP-4530 is "offline".

    • L

      Failover disconnects all connections to pfsense
      • LeCygne

      2
      0
      Votes
      2
      Posts
      25
      Views

      L

      @lecygne Any replies?

    • cesarmsj

      PFSense PHP time is incorrect in America/Sao_Paulo time zone
      • cesarmsj

      23
      0
      Votes
      23
      Posts
      257
      Views

      cesarmsj

      I found today that PHP is already with the correct time, even before we update to PFSense 2.5. With that, the conclusion I had is that certain packages of the FreeBSD system receive updates before the PFSense system itself, even because if I did not do this I would not receive updates from the repository to notify that there is a new update from it.

      Problem solved. FreeBSD version 11.3-Stable.

    • F

      site to site vpn configuration between pfsense and cisco asa 5505
      • franco22

      26
      0
      Votes
      26
      Posts
      297
      Views

      F

      @jknott hello How are You Can you Able to help with this issue pls asa and pfsence in same vlan and i have to do sla

    • N

      idle box, delay on local command line or pkg download
      • nagaraja

      1
      0
      Votes
      1
      Posts
      19
      Views

      No one has replied

    • Alanesi

      A number of issues after updating to 2.5.0
      • Alanesi

      7
      0
      Votes
      7
      Posts
      273
      Views

      P

      @alanesi

      You never know what happens on Pfsense ... Would be interesting what the cause of the fatal error was. The upgrade of unbound is very unlikely to cause such problem.

    • chudak

      Aliases name change (or memory lapse) ?
      • chudak

      3
      0
      Votes
      3
      Posts
      32
      Views

      chudak

      @serbus thanks G I remembered right !

      🙃

    • D

      Need pfSense developers help with xcp-ng
      • dave.opc

      2
      0
      Votes
      2
      Posts
      142
      Views

      T

      I second this request. If anything, the pfSense developers should be aware of this issue that has been uncovered. It seems there is not much more that can be done on the Xen / XCP-ng side as the issue lies more with FreeBSD / pfSense.

      (as an example), here is one post from the XCP-ng team:

      @stormi (XCP-ng Team)
      What the last tests reveal is that pfSense sends A LOT of spurious events, so no wonder it gets throttled to protect the kernel against event flood. Anyone knows a good FreeBSD kernel developer?

    • maverickws

      Several issues upon 2.5.0 upgrade
      • maverickws

      11
      0
      Votes
      11
      Posts
      932
      Views

      jimp

      Authenticated binds are much different that attempting to query for a user, which is affected by all the other settings on the page for the various containers/base dn/etc.

      All that proves is you can communicate with the server, it doesn't mean your other settings are OK.

      Turn off TLS, take a packet capture of some auth attempts. See what is happening. That's the only way forward.

    • J

      21.02 Webconfig Takes 45 Sec to Open Dashboard
      7100 performance webconfig • • jpvonhemel

      2
      0
      Votes
      2
      Posts
      59
      Views

      J

      Is it only myself who is seeing slowness getting into the webconfig?

    • chudak

      "pcscd PC/SC Smart Card Daemon" ?
      • chudak

      7
      0
      Votes
      7
      Posts
      76
      Views

      chudak

      @viktor_g said in "pcscd PC/SC Smart Card Daemon" ?:

      support for PKCS#11 authentication (e.g. hardware tokens such as Yubikey) for IPsec: https://redmine.pfsense.org/issues/9878

      Ok makes sense, thx !

      Is there a reason to keep it on and what the best way to disable it ?

    • C

      Certificate error and no GUI
      • Cool_Corona

      3
      0
      Votes
      3
      Posts
      80
      Views

      jimp

      I created a bug report for the case mentioned above when renewing in the GUI: https://redmine.pfsense.org/issues/11514

    • DaddyGo

      LACP LAGG in Silicom NICs
      • DaddyGo

      14
      0
      Votes
      14
      Posts
      283
      Views

      DaddyGo

      @stephenw10 said in LACP LAGG in Silicom NICs:

      Completely different NIC type though.

      Yep, I think I'll wait a bit and test again under 2.5.(?)
      although, if I read it correctly (somewhere), only "ixl" got a brand new driver under FB12

    • C

      Issues after upgrading to 2.5.0
      • ColinDexter

      2
      0
      Votes
      2
      Posts
      61
      Views

      dotdash

      @colindexter
      Not sure on the first one- I'd try re-installing the latest version pf pfB and force updating the rules. The other two are known issues. If you search, there are some patches you can apply to fix the IPSec status. The IP6 gateway will at least go online if you specify a monitor IP. I used google's DNS.

    • C

      Certificate Error Expired
      • Cool_Corona

      7
      0
      Votes
      7
      Posts
      139
      Views

      dotdash

      @cool_corona
      Just pay it forward.

      I tried about every combination of options in the GUI and it always errored out. I expect that's because I've updated/restored so many times. The cert probably dated back to 2.0 if not 1.2.3

    • P

      Cannot boot via SSD: gptboot: No /boot/loader on 0:ad(0p2)
      • posix

      2
      0
      Votes
      2
      Posts
      62
      Views

      P

      This turned out to be hardware issue. Had to replace the SSD card.

      I worked with the freebsd forum.

      https://forums.freebsd.org/threads/cannot-boot-via-ssd-gptboot-no-boot-loader-on-0-ad-0p2.78994/

    • chudak

      X11 forwarding request failed on channel 0 after 2.5.0
      • chudak

      18
      0
      Votes
      18
      Posts
      79
      Views

      jimp

      I don't recall exactly when, I thought it was in 2.4.x, but we disabled X11 forwarding in the SSH daemon on the firewall for security reasons.

      The error is harmless though, you can ignore it, or like you've done, disable it on the client side.

    Products

    • Platform Overview
    • TNSR
    • pfSense
    • Appliances

    Services

    • Training
    • Professional Services

    Support

    • Subscription Plans
    • Contact Support
    • Product Lifecycle
    • Documentation

    News

    • Media Coverage
    • Press
    • Events

    Resources

    • Blog
    • FAQ
    • Find a Partner
    • Resource Library
    • Security Information

    Company

    • About Us
    • Careers
    • Partners
    • Contact Us
    • Legal
    Our Mission

    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

    Subscribe to our Newsletter

    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

    © 2021 Rubicon Communications, LLC | Privacy Policy