• Internet keeps dropping

    Moved
    5
    0 Votes
    5 Posts
    677 Views
    stephenw10S

    Yes, check the logs when this happens, what's actually being triggered?

    I'd also recommend setting the default v4 gateway in System > Routing > Gateways to WAN_DHCP instead of 'automatic'.

    Steve

  • pfSense on netgate 6100 stops passing traffic multiple times per day

    16
    0 Votes
    16 Posts
    2k Views
    stephenw10S

    @dragonfly said in pfSense on netgate 6100 stops passing traffic multiple times per day:

    there was an external IP address that was mercilessly hitting the firewall

    If it was hitting the firewall I assume I was being blocked? If so adding a different rule to block it wouldn't change anything. Unless the new rule is non-logging and hit rate was so high that the number of block logs was creating a significant load.

  • Change default SSH shell?

    3
    0 Votes
    3 Posts
    547 Views
    F

    @jimp said in Change default SSH shell?:

    While you can't change the default without affecting things like the menu, you can have ssh start whatever you want. There are not a lot of alternatives available, though. But there is bash which you can install via pkg install bash.

    Then SSH in with:

    $ ssh root@x.x.x.x -t bash

    Be aware if you try to use bash -l it will end up going right into the menu if you use root or admin. As a regular non-root user that should be OK.

    Alternately, consider either having it run your preferred shell at the end of the tcsh .tcshrc or even patching the menu file (/etc/rc.initial) to run it directly for option 8.

    Thanks! Well, there were a few options, and I think loading it from .tcshrc sounds like the best option, least intrusive :) I'll give it a go!

  • Delegate on-boarding/off-boarding tasks (user creation and removal)

    3
    0 Votes
    3 Posts
    399 Views
    Dobby_D

    @ferchu

    Thoughts?

    MS AD Server or VM with LDAP & Radius role

    LDAP Server & Radius Server based on Linux or BSD

    MikroTik RouterOS with user manager (RB1100AHx4 (ARM))

    pfSense with captive portal and the only have allowed to enter the CP menue for managing.

  • 0 Votes
    2 Posts
    290 Views
    G

    Shoo, managed to get in using pfsenses' IP from a different vlan. Now time to change my shorts.

  • Netgate 1100 not getting IP address from WAN

    Moved
    4
    0 Votes
    4 Posts
    332 Views
    W

    Well, today my laptop was able to get a proper route and is able to use the internet as would be expected. I have no idea what is different from today as compared to yesterday. "I changed nothing" except that I unplugged the power from both the Netgate 1100 and the Arris S33 router overnight. I powered them up this morning, first the S33 and let it power up completely. I then powered up the 1100 waiting until the Console Menu popped up and then plugged in the S33 to the WAN port of the 1100.

    The final steps were to plug in my usb to ethernet adapter into the laptop, I then started Wireshark and started capturing packets. No packets were being captured, as expected as the there was not cable connected between the laptop and the 1100. The final step was plugging in the cable to the 1100 LAN port.

    Wireshark started capturing packets and shortly I had an address and a "proper" looking route:

    $ ip a show dev enp0s13f0u3 6: enp0s13f0u3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:05:1b:b0:6f:f0 brd ff:ff:ff:ff:ff:ff inet 192.168.1.105/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s13f0u3 valid_lft 6386sec preferred_lft 6386sec inet6 2601:647:cb00:470a::2000/128 scope global dynamic noprefixroute valid_lft 6388sec preferred_lft 3688sec inet6 2601:647:cb00:470a:37d:3b80:545c:c086/64 scope global dynamic noprefixroute valid_lft 86396sec preferred_lft 14396sec inet6 fe80::faff:5f36:799d:482d/64 scope link noprefixroute valid_lft forever preferred_lft forever $ ip r show dev enp0s13f0u3 default via 192.168.1.1 proto dhcp src 192.168.1.105 metric 100 192.168.1.0/24 proto kernel scope link src 192.168.1.105 metric 100

    And I could ping ucsc.edu:

    $ ping ucsc.edu PING ucsc.edu (128.114.119.88) 56(84) bytes of data. 64 bytes from resnet.ucsc.edu (128.114.119.88): icmp_seq=1 ttl=53 time=12.1 ms 64 bytes from resnet.ucsc.edu (128.114.119.88): icmp_seq=2 ttl=53 time=15.0 ms 64 bytes from webops-vip88.ucsc.edu (128.114.119.88): icmp_seq=3 ttl=53 time=11.9 ms 64 bytes from webops-vip88.ucsc.edu (128.114.119.88): icmp_seq=4 ttl=53 time=11.4 ms 64 bytes from resnet.ucsc.edu (128.114.119.88): icmp_seq=5 ttl=53 time=11.1 ms 64 bytes from webops-vip88.ucsc.edu (128.114.119.88): icmp_seq=6 ttl=53 time=11.1 ms ^C --- ucsc.edu ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5008ms rtt min/avg/max/mdev = 11.053/12.102/15.016/1.361 ms

    Not sure what I learned, I suspect I did something wrong, but for now I'll chalk it up to "be patient" and "never give up" :)

    Thanks @SteveITS

  • Multicast/IGMP, Bonjour and UPNP Full enable double check?

    5
    0 Votes
    5 Posts
    992 Views
    R

    @rickybaker said in Multicast/IGMP, Bonjour and UPNP Full enable double check?:

    irect need for any setting. And as far as I can tell, the LAN settings on the Unifi Controller software don't really affect anything without a Unifi Gateway (which I don't have, just the pfsense)

    lol I found this, my own post, while troubleshooting this exact same issue after creating an IoT subnet VLAN (always document the solutions kids!). @eustachy did you have to enable anything specifically to enable Multicast, Avahi and upnp across vlans?

  • Site to Site with Multi-WAN

    4
    0 Votes
    4 Posts
    569 Views
    M

    Routed IPsec VTI:
    https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html

    FRR package:
    https://docs.netgate.com/pfsense/en/latest/packages/frr/index.html?highlight=frr#frr-package

    Basically, you would have two tunnels running at the same time at each side and FRR package would run OSPF or BGP dynamic routing protocols.

  • OpenVPN SAML support

    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    OpenVPN AS is not the same as OpenVPN. OpenVPN AS is their commercial product, not the open source server/client that is found in pfSense software and others.

    That is OpenVPN "community" and it does not support SAML as far as I'm aware.

  • 0 Votes
    5 Posts
    662 Views
    M

    @dobby_ thank you, I really appreciated the content of the link you provided. I'm a newbie and this kind of documentation is really important for me.

  • 0 Votes
    4 Posts
    522 Views
    stephenw10S

    Yes, that file, like everything else, is generated from data in the main config. So after a restart manual changes there would be replaced.

  • 0 Votes
    2 Posts
    298 Views
    stephenw10S

    Does it work as expected if you call between internal extensions?

    In situations like this it's almost always because the PBX is sending it's internal IP address for external devices to connect to with RTP and that of course fails. However that doesn't prevent outgoing audio normally.

    What states do you see to and from the base-station when the call is connected but no audio is passed?

    Steve

  • Customisation of syslog priority

    2
    0 Votes
    2 Posts
    281 Views
    stephenw10S

    No, there's no way to do that in the pfSense config.

  • View current configuration

    Moved
    9
    0 Votes
    9 Posts
    1k Views
    W

    @stephenw10 the path I'm pursuing is to experiment outside of my main network using a couple laptops.

    Txs all the help and advice!

  • pfSense 2.6.0 stop working

    4
    0 Votes
    4 Posts
    570 Views
    stephenw10S

    Sometimes. It depends how far it boots and what it was doing when it failed.
    Usually it just fails to boot because it cannot create a file that's required and after freeing up space it will boot normally. Since that isn't happening it seems more damage occurred. If it's running ZFS you may be able to roll back to an earlier BE snapshot. Or just do that as a VM snap if you have any. If you have config backups I would just reinstall and restore it.

    Steve

  • 23.01 - Your device has not been registered for pfSense+

    2
    0 Votes
    2 Posts
    460 Views
    R

    @josepham Open a ticket for this.

    https://go.netgate.com/

  • [Solved] Duplicated admins group...?

    18
    0 Votes
    18 Posts
    2k Views
    F

    @jimp said in [Solved] Duplicated admins group...?:

    There is a commit on https://redmine.pfsense.org/issues/14363 which corrects the behavior.

    You can install the System Patches package and then create an entry for a2a2e8a8bee55d5b0c393d2c2d311a2fc8903bce to apply the fix.

    I have that, I'll check the patch out, thanks :)

  • GUI Lockout?!

    11
    0 Votes
    11 Posts
    1k Views
    F

    @stephenw10 said in GUI Lockout?!:

    Ah, I see this could be the result of the duplicate user groups issue you also hit. I would resolve that first before digging any further here.

    Thanks, I just finished typing in everything manually and somehow got DNS working too.. I hope there will be a limited number of rabbit holes ahead, I need it to "just work" for a while now... :P

    I will try adding the SSH key tomorrow, with all that has been, just a tiny bit worried it won't work... :/

  • pfsense dropping pppoe connection multiple times an hour

    Moved
    17
    0 Votes
    17 Posts
    2k Views
    P

    @stephenw10

    I have loaded up 197 driver and will see how that goes.

  • ldap user manager

    9
    0 Votes
    9 Posts
    842 Views
    M

    @stephenw10 Well..it works 😊

    I created a VIP on the pfsense.
    Created my backend pool
    Created my tcp front end.
    Created an ACL matching 0.0.0.0/0 and using the default pool for ldap

    Works like a charm.

    Obviously, for larger implementations, i wouldn't do this but if you are a small to midsize operation with a need for ldap, why not use pfsense with built in proxy to handle it.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.