• [Solved] No logging after upgrade to 2.7.2

    13
    0 Votes
    13 Posts
    851 Views
    m0ursM

    @stephenw10 @jrey

    Ok, I ordered a USB-serial cable and did a reinstall from scratch this morning.

    It was easier than I thought and everything seems to be fine again.

    I also saw that the router had (from factory) still UFS as file system before and that might be the reason why I had such strange file system corruptions. Hopefully ZFS is more robust now against power failures. And I will try to change the configuration so that my router is also powered by my UPS

    Thanks to all,
    Michael

  • 0 Votes
    11 Posts
    2k Views
    K

    @stephenw10 Back to pfSense from Sophos. Glad to be back. That is all I will say. Fresh install of 2.7.2 CE and upgraded to 23.09.1 plus on a new NVME drive. No other hardware changes. All is working perfectly out of the box. I have purchased TAC Lite. I didn't realize before I was on home/lab license so I didn't get any kind of support except for community. All is right in the pfSense world now.

  • 0 Votes
    7 Posts
    803 Views
    keyserK

    @sloopbun Hmm, that does sound strange. I have no suggestions for how to troubleshoot that. It could be that the NIC PCIe card needs different drivers or some optimisations are needed for the current driver.
    But it could also be that the SFP does not play nice with that NIC.

  • Wireguard issue

    2
    0 Votes
    2 Posts
    167 Views
    T

    Had one incorrect CIDR included. Solved

  • Setup of Dynamic DNS

    5
    0 Votes
    5 Posts
    525 Views
    S

    @kdmiller61 For one web server, a NAT port forward. For multiple, a oroxy as noted.

  • WAN has IP addresses, but no internet

    Moved
    8
    0 Votes
    8 Posts
    988 Views
    stephenw10S

    They should use them when they try to pull a new lease. So if the client is rebooted it should pull the new static lease.

  • Travel Netgate Box

    5
    0 Votes
    5 Posts
    617 Views
    stephenw10S

    @Jarhead said in Travel Netgate Box:

    Although FreeBSD 14 has started to support wifi6,

    It supports some wifi6 hardware but not at 802.11ax speeds. And as far as I know none of it supports hostap mode so they are client only.

  • Dead in the water.

    7
    0 Votes
    7 Posts
    805 Views
    D

    OMG!! Just checked the date stamps! That came through about 5 minutes after I submitted the original request. Now the stupidity and blunder rests upon me. I will have to add +.@netgate.com to my whitelist.
    Thanks for gentle reminder.

    -d

  • Why did my WAN drop and not reconnect?

    14
    0 Votes
    14 Posts
    1k Views
    stephenw10S

    Check in sysctl dev.igc.0 for example

  • PFSense fails badly, and it is a sad day.

    2
    0 Votes
    2 Posts
    269 Views
    M

    well spoke too soon...... may be a hardware issue.

  • Moved Pfsense from hardware to VM - No Plus

    11
    0 Votes
    11 Posts
    990 Views
    V

    Got around this morning to contacting support about the change in NDI from the "repair".

    Essentially told to pound sand with the Plus upgrade.. So I guess grandfathering in the Plus for homelab is not a thing anymore. :(

    That's too bad.

  • Hosting websites from Germany

    4
    1 Votes
    4 Posts
    432 Views
    johnpozJ

    @kdmiller61 said in Hosting websites from Germany:

    my internet provider will charge a huge amount of money for a static IP like I had in the states

    So you checked on that already? Or your assuming?

    Is your IP actually changing? I have a dynamic IP, and its only changed once in years. And that was when the isp merged with another isp and redid all their address space.

    Normally the way dhcp is suppose to work, is as long as you are renewing the IP it shouldn't change.. Only when you have not renewed and the lease expires could the lease be given to someone else.

  • step-ca private CA with pfSense

    3
    0 Votes
    3 Posts
    751 Views
    CatSpecial202C

    @stephenw10 I still have more questions. I access pfSense through a browser that is on my network. To secure the connection between my browser on my PC and pfSense's webGUI I need to configure a certificate issued by my CA inside pfSense? My browser still has (Error code: SEC_ERROR_UNKNOWN_ISSUER) when I access pfSense's webGUI. This is not a globally recognized CA this is a private CA running within my local network.

    https://smallstep.com/certificates/

    My current understanding of setting up certificate authentication is as follows:

    Certificate Authority generates the root certificate Root certificate or Root fingerprint needs to be upload and installed on each individual server that trusts the CA Each server then needs to be issued a certificate from the CA. Each service within the server needs to be configured to use that certificate issued by the CA. After this if you have the root fingerprint or root certificate installed on your client you will trust all certificates issued by the CA.

    I'm still looking for specific advice on configuration.

    What is the difference between a root certificate and a root fingerprint? Can I paste my CA's root fingerprint directly into the 'certificate data' field? Then just upload a certificate that my CA issues into pfSense.

    How should I handle Certificate Signing Requests in pfSense? After generating a CSR in pfSense, what is the correct process to get it signed by my private CA and correctly installed?

    Is having a certificate signed equivalent to being issued a certificate by the CA?

  • "TAC Donation Only" possible? We like to support the project.

    3
    0 Votes
    3 Posts
    346 Views
    S

    @stephenw10
    yes that's true, we try to buy one to donate (don´t need support), but we need an NDI.

    That's why the idea comes up to offer the "TAC Donation Only" or maybe an "pfsense CE Donation" item in the shop...

    Edit: Or can we have a donation NDI?

  • 2.7.1 Proxy stteings not working properly

    2
    0 Votes
    2 Posts
    307 Views
    stephenw10S

    Probably hitting this if that's an authenticated upstream proxy:
    https://redmine.pfsense.org/issues/15094

    Steve

  • Invalid Signature - Cannot Update Pfsense+ on 2 devices

    6
    0 Votes
    6 Posts
    501 Views
    stephenw10S

    Ah, OK. 2.8 snapshots are not public right now so you can't update that.

  • KEA DHCP Leases file

    3
    0 Votes
    3 Posts
    4k Views
    Y

    @NollipfSense I think you're correct as per https://kea.readthedocs.io/en/kea-1.6.2/arm/dhcp4-srv.html

    Thanks!

  • WireGuard tunnel like TailScale?

    2
    0 Votes
    2 Posts
    416 Views
  • Changing to RAM Disk - Failure

    7
    0 Votes
    7 Posts
    939 Views
    J

    @stephenw10 @SteveITS

    Thanks both.

    I think the curiosity of what gets moved is satisfied. The empty / small directories in the following, have not been considered.

    Consider the following from the dashboard where
    /var is reported as 53M on tmpfs
    /var/cache/pkg is reported as 161M on zfs
    /var/db/pkg is reported as 5.2M on ifs

    Screen Shot 2023-12-23 at 9.35.03 AM.png

    then consider this.

    [2.7.2-RELEASE][bob]/var: du -sh /var/* 0B /var/at 161M /var/cache (on zfs Dashboard /var/cache/pkg 161) 0B /var/crash 0B /var/cron 41M /var/db (on tmpfs) 8.0K /var/dhcpd 0B /var/empty 33K /var/etc 8.3M /var/log (on tmpfs) 94K /var/run 0B /var/spool 0B /var/tmp 326M /var/unbound (on zfs based on size of var located on tmpfs but not accounted for on dashboard)

    total on tmpfs 41 + 8.3 = 49.3 (daahboard shows 53 on tmpfs) - not concerned about this, could just be the way the tmpfs does "It's not preallocated anymore." I don't see any hidden files/directories Also easy enough to test.. I could just drop a large file each and see where it is counted.
    curious is "It's not preallocated anymore." a one way street? or if a bunch of stuff gets added and removed does the tmpfs allocation shrink. of course also easy enough to test.

    The dashboard doesn't account for the 326M under /var/unbound. This should likely be another of the entries similar to /var/cache/pkg and /var/db/pkg both of which remain on zfs.

    Not the end of the world, just things don't add up and therefore is somewhat misleading.

    also values before and after are zfs compression vs. tmpfs not 💡

  • pfSense traffic question?

    2
    0 Votes
    2 Posts
    287 Views
    stephenw10S

    The interface stats are generally since the interface last went down where as the traffic totals could be for whatever internal you selected.

    I would normally both In and Out to be higher or lower though. I'm not sure what scenario would show in lower but out higher.

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.