General pfSense Questions

• 

  pfSense Hangouts are available on YouTube!
  • ivor  

  2
  0
  Votes
  2
  Posts
  1164
  Views

  A

  Subscription done!!!
• 

  Share your pfSense stories!
  • jdillard  

  18
  0
  Votes
  18
  Posts
  9361
  Views

  P

  I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
• C

  using ssh to connect to netgate?
  • ctmoore  

  25
  0
  Votes
  25
  Posts
  134
  Views

  

  If this is not a public WAN-type environment then all you have to run is this: pfSsh.php playback enableallowallwan That is all I do when I make a new lab VM. Standard disclaimer about not doing that on an actual public interface yadda yadda yadda applies.
• R

  Confused behind pfsense.
  • rEGiLAyt  

  12
  0
  Votes
  12
  Posts
  86
  Views

  

  So internet in general was working, you had no issues resolving anything.. Just speed test was failing? And you had tried just changing the servers you were doing the test too? That latency error you were getting seems to just point to one of there servers being down https://support.speedtest.net/hc/en-us/articles/203845540-What-does-Latency-Test-Error-mean- "Latency Test Error" typically occurs when the server has gone temporarily down. We have a server watchdog that will periodically contact servers to verify they're working properly, but there may be a slight delay before we automatically recognize the server is down. Please let us know by filing a support ticket specifically identifying which server caused the error, and try testing to a different server.
• W

  Multiple random crashes - Crashlog
  • Wastapi  

  2
  0
  Votes
  2
  Posts
  11
  Views

  

  Those are almost always hardware issues. Just before many of your crashes, your network cards seem to be bouncing up and down a lot: <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP <5>em1: link state changed to DOWN <5>em1: link state changed to UP Fatal trap 9: general protection fault while in kernel mode cpuid = 0; apic id = 00 Notice that the actual process on the CPU is always different for every crash. What is your config? I see references to a couple of different NICs, and a bridge.
• K

  pfSense crash after Blackout
  • keen  

  5
  0
  Votes
  5
  Posts
  58
  Views

  

  @NollipfSense : Found some posts elsewhere on the web that provided an explanation of why, sometimes, even ZFS can die. It has to do with the internal electronics of the disk drives themselves. Many provide caching, and some of those that do cache report a "write complete" operation to the OS when in reality the write is still sitting in the onboard cache of the drive controller. While the actual write happens a few milliseconds later, if power goes out at that very instant the data could in fact be lost. Many enterprise class disk drives have specially designed power storage capacitors integrated into their electronics for precisely this reason. They provide a half second's worth of power to allow flushing of any cache data. Cheaper consumer-level drives cut out this feature to save a few cents on the per-unit cost.
• S

  randomly lose connection to pfsense router
  • ssattannae  

  25
  0
  Votes
  25
  Posts
  179
  Views

  S

  Yup, I remembered now I was showing a technician how to install a production version of our pfsense onto a generic build. He resetted to factory default first and changed the interfaces so WAN was on a usb port. At the time I didn't think too much about it but it turns out to be a big head for me. @johnpoz I would so buy you a case of beer if I can. Thanks everyone for the inputs, I believe this is now solved.
• B

  What IF's to enable TFTP Proxy on ?
  tftp voip • • bingo600  

  4
  0
  Votes
  4
  Posts
  28
  Views

  

  You need to enable it on the entry interface of every firewall the initial request passes though passes through. Steve
• C

  What is the difference between pfsense netgate appliance ( software base ) and pfsense open source install on your PC
  • chinoynoy  

  23
  0
  Votes
  23
  Posts
  300
  Views

  C

  @stephenw10 i like overkill i will go for 3100 and 5100 for the main office. I am also considering upgrading our bandwidth. What do you suggest for a stable vpn connections, or is my current bandwidth are enough?
• A

  Want to Access Switch from a Different Subnet.
  routing subnet • • aeboi80  

  23
  0
  Votes
  23
  Posts
  141
  Views

  

  So a smart/managed layer 2 then ;) BTW, if your going to route and your wanting to access something on your downstream from a IP that is on your transit network you are always going to run into asymmetrical problems.. If you want to route to other networks on your downstream, then that needs to be connected to your upstream router via a transit network.. If you going to want to get to it from devices on your transit network.. Then you need to host route on them, or you run into the above asymmetrical problem. Connect your upstream to your downstream via transit network (no hosts on it) and your asymmetrical issues are gone Also if you created your SVI on the L2 that your 10 network is on, then its IP would be in the 10 nework.. If you created put the svi on a different L2, then you need to route it via a transit or host routes or your going to have the asymmetrical problems.
• M

  Chelsio T520 not working as WAN interface
  • mikenemat  

  25
  0
  Votes
  25
  Posts
  875
  Views

  

  Ok so you can ping out though? Try pinging out with large packets: ping -s 1000 -c 3 1.1.1.1 Try different sized packets to see if you really are seeing an MTU issue. Steve
• V

  Very high CPU usage every 15 minutes
  • ViniciusBr  

  32
  0
  Votes
  32
  Posts
  241
  Views

  V

  Well, take a look at the previous 48hs: I will double check the Hyper-threading on the bios. Thanks a lot for the help!
• K

  Disconection from pfsense
  • Khampol  

  6
  0
  Votes
  6
  Posts
  60
  Views

  K

  @stephenw10 Thanks and noted!
• C

  [SOLVED] WAN Static IP with Virtual IPS
  wan static ip virtualip • • crooskey  

  6
  0
  Votes
  6
  Posts
  39
  Views

  

  With IPAliases you can usually use either /32 or the correct subnet size. The important thing is you have at least one IP defined on the interface with the correct subnet in order to add the correct routing. https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html#ip-alias Steve
• Y

  Accessing VLAN from LAN
  • ypapouin  

  6
  0
  Votes
  6
  Posts
  36
  Views

  

  You could narrow that destination to just the PBX IP if that's the only thing you need access to in that subnet. Steve
• S

  Pfsense with no WAN and a gateway on the LAN. Traffic issues from WIFI subnet.
  • scotttiamit  

  4
  0
  Votes
  4
  Posts
  27
  Views

  

  Yes, bridging the interfaces would allow the ISP router to 'see' the wifi subnet directly but it would still need an IP in that subnet to respond from which it does not have. With the outbound NAT rule as you have it you are passing all the wifi traffic across the LAN subnet which means, unless you have blocked it in pfSense, wifi clients will be able to access any LAN client which you might not want. Steve
• D

  User manager does not give the expected options
  • dsanchez  

  6
  0
  Votes
  6
  Posts
  29
  Views

  D

  Thank you very much, for the help the patch worked perfectly and already shows the view I needed, excellent help.
• A

  pfsense HD constant spin-up and spin down
  • aciampoli  

  20
  0
  Votes
  20
  Posts
  118
  Views

  A

  Update from my end, I think I figured it out... After @chpalmer last msg, I went back to the "Hard disk standby time" settings and it was set to 180, which even if the systems was using the 180 mins it still didn't make any sense as to why is was spinning up/down so quickly. What I did is set it back to Always on and after saving and rebooting there are no more spin ups or downs. thank you.
• T

  change theme in Pfsense
  • tjabas  

  6
  0
  Votes
  6
  Posts
  105
  Views

  

  @tjabas said in change theme in Pfsense: router after about 5 years Wow. From what version did you came from ?
• C

  user manager not working
  • coffeecup25  

  4
  0
  Votes
  4
  Posts
  49
  Views

  C

  @stephenw10 Thanks. I reactivated user admin for now and bookmarked the screen it should have gone to for other admin level users (me really).
• W

  pfSense drops Internet ?
  • wangel  

  18
  0
  Votes
  18
  Posts
  102
  Views

  W

  @chpalmer Done. Will monitor/report back if it happens anymore. Thank you sir!
• 

  opsense do not show users name AD
  • radarz  

  8
  0
  Votes
  8
  Posts
  145
  Views

  

  Just so you know there is no single sign-on style solution here. Clients have to login to the captive portal to access anything and then can have limiters applied against their traffic. Steve
• R

  Internet access from computers in LAN
  lan wan pfsense lan wan • • rgmagritte  

  9
  0
  Votes
  9
  Posts
  76
  Views

  

  pfSense should not have a LAN gateway. If you have that set on the LAN interface remove it. Then go to System > Routing and make sure the WAN gateway is set as default. The fact you are able to reach the webgui shows it must be working to some extent. Steve
• M

  Auto reboot
  • Menegas  

  9
  0
  Votes
  9
  Posts
  73
  Views

  

  Does it reboot because of some event? Do the logs show it rebooting or shuting down? Or do they just show it running then suddenly booting as though it was hard power cycled? The logs immediately before Sep 9 21:16:47 syslogd kernel boot file is /boot/kernel/kernel should show that. I assume no other VMs are rebooting at that time? Steve
• G

  Strange DNS queries from pfSense
  • gchialli  

  13
  0
  Votes
  13
  Posts
  121
  Views

  

  @bmeeks would know what snort can do and or should do - he is the snort guru around here that is for sure ;)
• S

  What can I do with the extra ports of a quad port NIC for home usage
  • shawn8888  

  7
  0
  Votes
  7
  Posts
  99
  Views

  P

  DMZ? WiFi AP for a Guest Network? ISCSI to a XigmaNAS? :)
• H

  Port forwarding port 80 to port 8080
  • Havok  

  18
  0
  Votes
  18
  Posts
  168
  Views

  

  Yup. Upgrade. You will see that port 8080 traffic blocked in the firewall log though as I suggested some time ago. That will confirm the issue. Or just add the rule and restest. Steve
• B

  My pfSense Story...
  • boii5  

  14
  0
  Votes
  14
  Posts
  279
  Views

  

  Yeah its quite possible he asked the local IT support at his office.. And he brushed him off by dropping a name... Guess he is lucky he didn't drop say palo alto or the like as the name - or maybe this guy would be down 20k+ vs the 300 and in the same boat ;) Not sure where these users get the idea that security is easy, and or push a button. There is no device you drop into or in front of your network be it 300 or 10k in cost that makes your network secure - NONE... No matter what firewall you buy, no matter what software you run.. All just tools, how you use the tools requires atleast understanding the basic concepts of what the tool does and how to use it.. And you need to know which tool you need as well, or your going to be pounding on that screw with your 300$ hammer screaming this hammer freaking sucks!!
• K

  pfSense Squid https filtering ERROR - URL cannot be retrived
  • kor_sal  

  2
  0
  Votes
  2
  Posts
  17
  Views

  K

  Ohh now i already solve it( Common i untick do not allow ip..) and it work.
• T

  Status and checks...
  • turnbulld  

  7
  0
  Votes
  7
  Posts
  119
  Views

  

  @turnbulld said in Status and checks...: That's for sure the SNMP info. Noop. But the same source. It's Munin digging into the system using whatever is needed to present stats. The plugins are written in ... perl, C, bash, etc. @turnbulld said in Status and checks...: As with what you linked, there is nothing specific to the load balancer which I find a little odd. Probably because I do not have multiple WAN's, so I didn't activate 'load balance' related Munin plugins. @turnbulld said in Status and checks...: list of commands that are the source of the data on the dashboard. The code is the source - it reads like a manual.!! The widgets on the dashboard are just PHP files. Everything is in there - here /usr/local/www/widgets/widgets/....
• C

  Bandwidth Throttling ?
  pfsense • • Carlos Magalhaes  

  8
  0
  Votes
  8
  Posts
  62
  Views

  

  i will try also to clone the MAC address from the providers router to pfsense pppoe interface
• M

  [Q] pfSense on Hyper-V 2012R2 - transparent mode - possible? {YES}
  • mdalacu  

  22
  0
  Votes
  22
  Posts
  187
  Views

  

  Yes you can. Be sure to snapshot it if you need to go back though, you cannot downgrade in the same way. Steve
• T

  SSH tunnel no longer working
  • Twist3d  

  6
  0
  Votes
  6
  Posts
  98
  Views

  

  Hmm, only time I've seen odd behaviour a little like that was when the firewall could not open a state because all the IPs and ports matched. So as though it tries to open several SSH connections to the same internal IP using the same source and destination ports. Which would never normally happen with SSH. The client would normally use a random source port for each connection and the remote side NAT device would usually randomise it anyway. It would be worth running a packet capture at the remote side to see what actually happens though. Steve
• R

  Recurring Shutdowns
  • rm  

  7
  0
  Votes
  7
  Posts
  75
  Views

  

  I've seen that before. I usually open them up, grab my multimeter and test each cell under load and replace the bad one(s). Sometimes they can hold a full charge but die as soon as they're under load.
• A

  Ruckus Access Points Heartbeat lost in LAN
  • admins  

  5
  0
  Votes
  5
  Posts
  46
  Views

  

  As chpalmer explained nicely - unless your network is different than what you have stated pfsense would not be involved in the conversations between the AP and ZD.. Devices on a network do not talk to the gateway (pfsense) to talk to other devices on the same network.. They only need to send traffic to the gateway, to get OFF the network they are on.. Since from your statement these devices are all on your LAN, pfsense is not involved in the conversation.. The only possible involvement pfsense could have is if the devices are using pfsense to resolve some fqdn to know where to send the hearbeat. But I have to assume they just talk to an IP, and not some fqdn that needs to be resolved. Only other involvement that pfsense might have, is if these devices are dhcp, and your dhcpd is running on pfsense.
• D

  notify_monitor.php causing 100% CPU usage
  bug 2.4.4 high cpu • • daveslab  

  5
  0
  Votes
  5
  Posts
  44
  Views

  

  That file could only be stuck if somehow the notifyqueue_running lock is stale or not being released. Maybe something in your notification settings is broken and it can't get messages out.
• W

  draytek vigor 132 with pfsense
  • wheelhouse20  

  5
  0
  Votes
  5
  Posts
  49
  Views

  W

  i found in the end it was just too confusing for me......
• H

  Behind pfsense and my download speed is cut in half
  • hpspar05  

  45
  0
  Votes
  45
  Posts
  309
  Views

  

  Ha. Classic!
• 

  Sonos speakers and applications on different subnets (VLAN's)
  • Qinn  

  58
  8
  Votes
  58
  Posts
  4207
  Views

  

  This is a great little tool for testing of multicast streams. https://support.singlewire.com/s/software-downloads/a17C0000008Dg7AIAS/ictestermulticastzip Simply launch the program one on the transmit side and one on the receive side and set accordingly. If multicast is making it then you will see the packets on the screen.
• M

  pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable
  • mix_room  

  12
  0
  Votes
  12
  Posts
  220
  Views

  M

  @stephenw10 said in pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable: Do those tunnels come up correctly after bootup is complete? If so that might just have to be considered log spam if those fqdns actually need to be resolved. Otherwise you could just use IPs there or maybe add static entries for them. The endpoints are on dynamic IPs, hence the need for hostnames. They resolve to dynamic ones. The tunnels come up, I would consider it log spam.