@bon-go said in NTP Sync: @bingo600 As I wrote: there's a difference between pfSense Settings (GMT +8 in pfSense means BEHIND GMT) and sometimes our common understanding about it: hours or timezone. I don't need your explanation link at 24timezones.com ... Look at your pfsense general setting and pfSense time in Dashboard, read it, change it and look again ;) Strange .. Then the pfSense documentations must be in error too https://docs.netgate.com/pfsense/en/latest/troubleshooting/time-zone.html They have made same error as me , stating GMT-5 is America/NewYork [image: 1610224341161-84620fdd-5ab7-4135-93e1-76a921c5b5c2-image.png] Maybe you should open a doc change request at their redmine /Bingo

Run at the command line ifcondig -a to see the MAC in use 'ether' and the MAC on the hardware 'hwaddr'. VLAN interfaces do not have a hardware address obviously. They inherit their MAC from the parent interface. Srteve

@johnpoz: I just responded to @DaddyGo’s religious statement about beauty and mathematics in his signature. It was just a “BTW.”

@cyberchris Nevermind I figured it out. Pfsense created default Nat rules for the additional networks I made. It did not create default firewall rules for the additional networks allowing them to communicate out. It did automatically create a default firewall rule allowing the Lan to communicate out. All I had to do was go into firewall->rules->and click on the new interface and set up a firewall rule allowing that new network assigned to that interface to communicate out.

@androbourne looking forward to solving this problem on my LAN, thanx. Did this allow you to have traffic go out with a source of either your public IP or a spectrum one, or was it your public IP only?

I see other thread, so pls disregard

@stephenw10 said in Connect to remote proxy server with RSA private key: Those scripts appeat to be aimed at setting up a remote access / mobile ipsec style server and pfSense cannot act as a mobile client. You want to be setting up a site-to-site style IPSec server. The only problem is that if you use a policy based tunnel it will have to cover any destination so will be an all or nothing option. If you use route based IPSec you can policy route traffic over it so be a lot more selective. If it were me I would run pfSense in AWS too. That gives you the most options and the easiest setup. Steve thank you steve for pointing to the directions. will do further research.

@kiokoman said in Pfsense localization connecting on console or via SSH: @fog yes but that folder isn't necessary for the keyboard layout afaik, that contain only translation/transformation like yes=sì January=Gennaio and so on LC_COLLATE String sort order LC_CTYPE Character classification LC_MESSAGES Language of messages LC_MONETARY Formatting of currency amounts LC_NUMERIC Formatting of numbers LC_TIME Formatting of dates and times Anyway, If the correct encoding is not correctly and consistently set (in this case UTF-8) you have trouble to type characters outside the ASCII range as, for example, accented characters.

@mr-newbie said in YAHOO doesn't load the page from VLAN but in LAN it works fine.: n I don't enable the proxy settings on my pc Proxy ? A VLAN has nothing to do with a proxy. @mr-newbie said in YAHOO doesn't load the page from VLAN but in LAN it works fine.: After checking the squid You were using squid without mentioning that upfront ..... I was asking : @gertjan said in YAHOO doesn't load the page from VLAN but in LAN it works fine.: Are you using pfSense packages ? You should have said "yes, squid" and the issue would have been solved 30 seconds later.

@uname Hi, It's the most craziest thing ever! I did not fix this on pfsense, but my feeling is that the hardware was the problem. I had an mini pc (router) from aliexpress and I think that was the problem, because I tried literally everything! Now I have from unifi a USG because I was done with the bad performance. Regards, Thomas

@teamits said in 1Gbps from Modem to PC, capped at 30-40Mbps through pfSense?: @girbot-0 said in 1Gbps from Modem to PC, capped at 30-40Mbps through pfSense?: now shows the Speed and Duplex for this card. (it didnt for the other one.). It was set to auto which wasn't working. Setting it to 1000baseT Full made it magically work. I would guess if the driver doesn't support speed changes it doesn't show. I poked around and on an SG-3100 the LAN doesn't have a speed dropdown...it's a switch so that is meaningless there (the WAN does). If the port was supposed to autodetect at 1000/full and changing it to 1000/full improved things, I would be looking at the connection...is the patch cable cat 6, etc. IOW that implies autodetect sets to something the hardware can't handle. Autodetect will detect the fastest speed and if the cable is insufficient there will be lots of errors. Well its weird because it DOES autodetect speed. But internet no work. When I hard set it to what it auto detects it as. It works. There's nothing in between pfSense and the modem to troubleshoot. It's literally a 6 foot cat7 cable between the two. I tried two cables. Same results. I'm using the same cables for all my wired stuff and everything LAN wise is good. If I hook up direct PC to modem I get 900+ download speed. pfSense, still around 500. No packet loss or anything. It's like a hard limit somewhere. I'll check the bios, maybe there's an update that might help... I donno. I'll grab a $35 intel pcie nic off amazon and see if that helps i guess.

@jknott Hi Jkott, I tried it with a mobile phone and it worked fine. For some unknown reason, I saw the new WAN IP assigned by the mifi 7730 to the pfsense, but the internet did not seem to work or extremely slow. Anyway, it is just a back up plan for me when the main line is down. I will use the mobile phone as a back up connection when it is needed. Thank you for your advise. Happy New Year

I will need to connect one camera via PFSense I believe as I would like to use person detection software to integrate with Home Assistant for triggering when someones on the property.

@daddygo said in Hardware Recommendations: @shinta0saint said in Hardware Recommendations: I just have some concerns connecting an additional 2.5" SSD. I'll start at the beginning... In my reading, ZFS is mandatory(!) because you see its benefits 16-32 GB of storage is sufficient for most pfSense installations. (so you don't need an awful lot of capacity (storage)) The pfSense is a NGFW, + router and such does not require large storage stuff. All of our Supermicro-based installations have SataDOM for emergencies... (it has very good performance and 32GB is enough, it includes a mirror copy of the current pfSense installation) BTW: We only use ZFS RAID setup (2 or more disk(s), SSD(s)) in production environment, due to redundancy. +++edit: I note: the Lawrence tutorials are very good, use these instead of a lot of stupid other Youtube videos +++edit2: and these, of course: https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf and for the sake of my @Raffi_ friend (he will understand :) https://docs.netgate.com/pfsense/en/latest/ Thanks so much for your time and knowledge, most appreciated, Take care :)

https://redmine.pfsense.org/issues/10409

Hey all, I used the stencil provided above and created a new one for the Netgate appliance xg-7100 with the optional interface card for 2 more SFP ports. If anyone is interested. [0_1609891911039_NetgateFirewall.vssx](Uploading 0%) NetgateFirewall.zip

Also DNS-SD (see http://dns-sd.org) doesn't work when connecting with OpenVPN and forwarding to the client correct DNS suffix name. I've setup my internal DNS server to publish many of my service on my LAN ... but them not get discovered on iOS.

If it's a static IP then it does not have to reach out for dhcp. If there have not been any connection to it inside the arp expire time it will not show. If you ping it from the firewall it will show again in the tabel. You can add that as a static dhcp lease even if it's not using dhcp so pfSense knows about it. If you have Unbound resolving static leases you can use it's hostname dircetly. Steve

Does it still have the original Celeron CPU in it? You won't see 900Mbps through that. somewhere in 500-600Mbps range is more likely. I assume you mean 150Mbps not 150MB? Bits per second not Bytes? Since that would be over 1G.... That hardware is 32bit. It has not been able to run a current version of pfSense for several years. Whatever version you have on there is obsolete, you should think about upgrading. Steve