• Can’t access portal.netgate.com

    9
    0 Votes
    9 Posts
    947 Views
    chudakC

    @johnpoz thx 🙏

  • 0 Votes
    6 Posts
    1k Views
    stephenw10S

    @astrolabius said in pfsense with mikrotik LTE in passthrough mode, how to access mikrotik admin panel ?:

    I thought that during VIP creation I'm setting up IP pool which will be assigned to this Interface, and not used by this interface.

    Not for an IPAlias VIP on WAN. You would add one for each IP you want to use there and at least one them has to be defined with the correct subnet mask so the routes are added. Otherwise pfSense has no idea how to reach any other IP in the subnet.

    So you you just need to change your VIP on WAN to be 192.168.88.2/24.

    Then change the source in the outbound NAT rule to 'LAN net' so that traffic from clients in the LAN matches it.

  • Can I use my sg-1100 as a FTTP router?

    7
    0 Votes
    7 Posts
    797 Views
    stephenw10S

    The incoming fibre from Openreach (or pretty much anyone) is GPON. You need a GPON adapter of some sort, like the ONT. You can get GPON SFP adapters but they need to be programmed.
    It's unlikely you would see any advantage by doing that anyway.

  • Support for dynamic dns for the client side

    5
    0 Votes
    5 Posts
    462 Views
    W

    @viragomann King!! THanks.

  • Plus VS CE current differences??

    9
    0 Votes
    9 Posts
    1k Views
    T

    @Popolou
    Tryb running

    zpool trim pfSense

    I run it from time to time and it gives back your free place. But your VM has to be set properly. Said trim will work on proxmox (I use it) only if your pfSense disk has "discard" set (I hope I remember it correctly - I am away from device and writing from memory)

  • Email Notifications not working

    12
    0 Votes
    12 Posts
    1k Views
    GertjanG

    @optimusprime said in Email Notifications not working:

    thanks for pointing that out,,

    You mean :

    b3c219b0-4d9d-4429-817c-903578852ece-image.png

    Good news and bad news : It's pointed out. Your not the first not understanding what you've been reading 😊

    @optimusprime said in Email Notifications not working:

    if any interface goes down

    LAN shouldn't go down. If it does, some one was ripping out cables, and then doesn't need to be confirmed by a mail.
    WAN : it's hard to send mails if that one goes down. The mail, if such a mail exists, I'm not sure, will get send when WAN comes back again. For example : after an ISP WAN IP change.

    I receive mails from pfSense when :
    There is a power issue (using the NUT package, an UPS - and my own NUT-mail settings.
    When pfSense can be upgraded, a pfSense package is avaible and also when a FreeBSD-pfSEnse package is avaible. I use a 'home made script', available here on the forum.
    The acme pfSense package renew the certificate I used for my pfSense GUI access.
    pfSEnse started up / was rebooted.

    Actually, pfSense doesn't send a lot of notification. This all depends on your setup, of course.

    If you use any of the Services / Dynamic DNS / .... the an IP update (WAN IP change) will be notified also.

    I'm not using other functionalities or pfSense packages so can't tell if there are more notifications sources.

  • 0 Votes
    4 Posts
    210 Views
    M

    @kurt19001 Yes if you are going to do an explict proxy then the firewall cert will need to be loaded on all the machines. All SSL certificates are going to be signed by the firewall as its performing a 'man in the middle' operation.

  • Macbook "Connecting" message all the time in OpenVPN Connect

    2
    0 Votes
    2 Posts
    319 Views
    stephenw10S

    Check the logs at both ends.

    Does the server show the client even trying to connect?

    An expired or weak certificate can present like that.

    Steve

  • Certificate P12 password required on MacBook

    3
    0 Votes
    3 Posts
    2k Views
    J

    @araujo0608

    Where is the certificate from?

    I've had this problem where an acme certificate obtained by and exported from the Netgate in the .p12 format would not import on an "older" windows system.

    After trying all the available under the certificate's Export PKCS#12 button,
    Screen Shot 2023-10-31 at 6.52.02 PM.png

    I noticed that the file being exported directly from the Netgate was always about 2k larger than the previous .p12 that I still had and that worked on the target system. The size difference was regardless of the encryption method and/or password used or not on the export shown above.

    my solution (workaround) was to finally just export the certificate (.crt) and key files individually from the Netgate, and then use openssl (on a MacBook no less) to generate the .p12 format file there. That certificate (always about 2k smaller) would then load into the windows system, with no issues.

    I've built the .p12 on various openssl versions from 2.x and 3.x no issues with the resultant certificate from any of them.

    and if needed you can set a password on the .p12 file in the process (good idea)

    openssl pkcs12 -password pass:your_password -export -in your-crt-file.crt -inkey your-key-file.key -name "CertName" -out your_p12_file.p12
  • Inter-vlan traffic is rate limited as VM

    18
    0 Votes
    18 Posts
    1k Views
    stephenw10S

    Ah, nice catch!

  • 0 Votes
    33 Posts
    3k Views
    AndyRHA

    @Patch said in Would Netgate reconsider reinstating home+lab license but as a subscription model?:

    and electronic devices have a useful life of 3-5 years.

    I disagree, useful life is how long it will do its job. My firewall can easily pass 5 years because my internet connection is unlikely to be increased. I don't really use the 1Gb I have. Support of old HW is another issue, but I find there is a sweet spot for grabbing whole systems full of spare parts.
    Apple and others build in the life span so they can sell you another one. A FW should not be the same, I only upgrade/change when there is a need.

  • Purchased pfSense+ new licence

    1
    0 Votes
    1 Posts
    246 Views
    No one has replied
  • config backup failure

    8
    0 Votes
    8 Posts
    1k Views
    JonathanLeeJ

    I had that same issue it seemed to resolve itself after a package reinstall for me.

  • So... with Plus home/lab gone, and updates are *dead*

    9
    0 Votes
    9 Posts
    1k Views
    T

    After prodding this and stephenw10 not finding the NDI, I went back and reactivated the subscription keys I had obtained today and it worked.

    I had attempted to do this yesterday but it hard-failed so something between yesterday and today 'unbroke' or something really odd was going on at the NG side of things. At least I'm getting package update lists again.

  • Grep logs for last hour?

    5
    0 Votes
    5 Posts
    1k Views
    C

    @jrey said in Grep logs for last hour?:

    You could also just ask for the entire hour for the previous hour, regardless of when you start it in the current hour.

    this would give you the detail of every record

    grep "$(date -v -1H +'%b %d %H:')" /var/log/resolver.log | grep "Restart"

    This worked out perfectly for what I was doing. Thanks.

  • Not getting a DHCP WAN IP Address on netgate hardware.

    47
    0 Votes
    47 Posts
    7k Views
    JKnottJ

    @stephenw10 said in Not getting a DHCP WAN IP Address on netgate hardware.:

    The ISP gateway may not appear in a traceroute.

    The gateway's address might not appear. However, if it doesn't the hop still does and is indicated by an "*".

  • LAN client cannot connect

    Moved
    101
    0 Votes
    101 Posts
    18k Views
    stephenw10S

    I forked this topic since this is not an issue with the driver.

    Either test using a different client if you can.

    Or test from Windows using the IP address of the LAN IP directly like: nslookup wikipedia.org 192.168.100.1

  • Is Netgate Management Asleep at the Wheels?

    2
    2 Votes
    2 Posts
    405 Views
    T

    @NollipfSense said in Is Netgate Management Asleep at the Wheels?:

    Some of the members here are corporate executives and board governance member...we're all not fools...

    You got it!

    Ted

  • Downgrade from pfSense+ to CE

    25
    4 Votes
    25 Posts
    5k Views
    stephenw10S

    No it won't fall over. It simply won't re-install any packages that are not present in the repo.

    Steve

  • WAN Issue

    8
    0 Votes
    8 Posts
    1k Views
    stephenw10S

    Anything that was happening in 2019 is unlikely to apply to current pfSense. A lot has changed.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.