• Crashdump for 23.01-RELEASE

    2
    0 Votes
    2 Posts
    313 Views
    stephenw10S

    Backtrace:

    db:1:pfs> bt Tracing pid 79686 tid 100334 td 0xfffffe010ce053a0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe010bfa8900 vpanic() at vpanic+0x182/frame 0xfffffe010bfa8950 panic() at panic+0x43/frame 0xfffffe010bfa89b0 trap_fatal() at trap_fatal+0x409/frame 0xfffffe010bfa8a10 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe010bfa8a70 calltrap() at calltrap+0x8/frame 0xfffffe010bfa8a70 --- trap 0xc, rip = 0xffffffff80f9352c, rsp = 0xfffffe010bfa8b40, rbp = 0xfffffe010bfa8b70 --- X_ip_mrouter_done() at X_ip_mrouter_done+0x31c/frame 0xfffffe010bfa8b70 rip_detach() at rip_detach+0x3f/frame 0xfffffe010bfa8ba0 sorele_locked() at sorele_locked+0x89/frame 0xfffffe010bfa8bc0 soclose() at soclose+0xeb/frame 0xfffffe010bfa8c20 _fdrop() at _fdrop+0x11/frame 0xfffffe010bfa8c40 closef() at closef+0x24b/frame 0xfffffe010bfa8cd0 fdescfree() at fdescfree+0x4b3/frame 0xfffffe010bfa8d90 exit1() at exit1+0x4c7/frame 0xfffffe010bfa8df0 sys_exit() at sys_exit+0xd/frame 0xfffffe010bfa8e00 amd64_syscall() at amd64_syscall+0x10c/frame 0xfffffe010bfa8f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe010bfa8f30 --- syscall (1, FreeBSD ELF64, sys_exit), rip = 0x822b5786a, rsp = 0x820a03288, rbp = 0x820a032a0 ---

    Panic:

    Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 06 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80f9352c stack pointer = 0x28:0xfffffe010bfa8b40 frame pointer = 0x28:0xfffffe010bfa8b70 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 79686 (pimd) rdi: fffffe00e204ad18 rsi: 4 rdx: 1 rcx: 0 r8: 0 r9: fffff80010067000 rax: 100 rbx: fffffe010ce053a0 rbp: fffffe010bfa8b70 r10: 0 r11: 800000044d83ed99 r12: fffffe010ce053a0 r13: 0 r14: fffff805734b4700 r15: 0 trap number = 12 panic: page fault cpuid = 6 time = 1680781157 KDB: enter: panic

    Console also shows:

    config_aqm Unable to configure flowset, flowset busy! config_aqm Unable to configure flowset, flowset busy!

    It's probably this or related to it: https://redmine.pfsense.org/issues/12079
    Except it's in pimd rather than igmpproxy hence the differences.

    Steve

  • Restoring backup from 22.01 breaks 23.01 installation

    Moved
    5
    0 Votes
    5 Posts
    727 Views
    stephenw10S

    If you're able to replicate it then a bug would be helpful. We would need to know what the config was in 22.01 in order to prevent it failing it upgrade.

    Steve

  • pfSense VLAN Issues

    6
    0 Votes
    6 Posts
    930 Views
    C

    @nocling I can't thank you enough. This worked! I've read so much documentation, posted in numerous forums, etc. No one brought up the switch aspect. Thanks!!!

  • Unable to Register pfSense Plus

    6
    0 Votes
    6 Posts
    1k Views
    stephenw10S

    @soupdiver said in Unable to Register pfSense Plus:

    I guess some kind of user error would be nice here

    Hmm, I agree. Let me see what we can do there.

  • Config restore on different machine with different interface naming

    Moved
    2
    0 Votes
    2 Posts
    547 Views
    cappieC

    @riggi Yes, the first boot after you restore the config to the bare metal device, pfSense will prompt you to correct/assign interfaces.

    You can also edit the config.xml file to change the interface names before restoring with a tool like NotePad++. Being careful to replace the names individually and not just do a lazy-man 'replace all'. Simple and effective.

  • WAN Gateway Status is pending

    Moved
    16
    0 Votes
    16 Posts
    17k Views
    A

    @stephenw10
    Well I have not tested on 23.01 but I used to get similar issues for many of my installations with 2.6.

    Yes, Ofcourse, Rebooting firewall or restarting service makes the gateway come online.

    Recently I found a work around, if it gives some kind of pointer. I have set the WAN as static IP instead of dhcp. This solves the pending issue. I guess it is more of an issue in uplink modem, unable to assign a dhcp address to WAN port of firewall.

    So i guess there is no issue with pfsense.

  • changing vga mode to serial console mode

    25
    0 Votes
    25 Posts
    3k Views
    JonathanLeeJ

    @jknott The earliest computer I had was an At&t PC6300 it had a DB-9 for the keyboard, monochrome guy. I also remember my Tandy 102 my uncle got us one christmas had a DB25 on the back. My Dad had a Commodore 64 I never got to play with it. The thing was disconnected by the time I was able to. Again, the monitor was dead that went with it and it was outdated at that point but that guy had some connections on the back also. Today I have the C64 mini so I got to play with it in the end, Thank you Santa!!!

  • IPSec vlan firewall rules

    4
    0 Votes
    4 Posts
    533 Views
    stephenw10S

    You could do this using an alias with all the client subnets in it and then use that as the source in the firewall rule at site A on the IPSec tab.
    That wouldn't filter clients that are at site A that don't use tunnel so you'd still need a rule on the client VLAN there directly.
    Or as you say you could put that rule as floating outbound on the resources VLAN at site A.

  • Multiple networks on one pfsense router?

    3
    0 Votes
    3 Posts
    2k Views
    Dobby_D

    There are some ways to realize it;

    Each LAN Port gets an own subnet like
    192.168.1.0/24 and on the next one 192.168.2.0/24 You can also add a switch to each LAN port and enrich
    that scenario for more users or devices. You may be able to work with VLANs for privat and home
    VLAN10 = Home - 192.168.1.0/24
    VLAN20 = Work - 192.168.2.0/24
    VLAN30 = WiFi - 172.xxx

    You may be able to set up behind the pfSense also a small
    MikroTik router for each network if you want.

    There are many ways you may be able to walk on.

  • can we change http requests using squid proxy?

    2
    0 Votes
    2 Posts
    214 Views
    stephenw10S

    You can use rewrites in Squidguard. It's limited though, it might do what you need.

    Screenshot from 2023-04-14 18-45-20.png

    Steve

  • My wifi does not access

    Moved
    3
    0 Votes
    3 Posts
    436 Views
    stephenw10S

    Um....yes we will need a lot more information to offer any sort of solution here! 😉

  • Firmware details

    15
    0 Votes
    15 Posts
    2k Views
    C

    @stephenw10 ah that makes sense. Thanks. The 8200 already has uc-18 so it was just a BIOS update.

  • Possible to get Intel PCH/Chipset temperature to Thermal Sensor Widget?

    21
    0 Votes
    21 Posts
    2k Views
    stephenw10S

    Probably. I have no insight there. I imagine the intention was to have the widget display flash in some way to alert the user.

  • Network wide compliance policy

    9
    0 Votes
    9 Posts
    1k Views
    K

    @stephenw10 said in Network wide compliance policy:

    Right, I'm not sure that's in the open source server.

    Ugh that is the paid server for 180 dollars a month "built on the open-source structure".
    I think I am gonna stay away from that. Anyways seems like my quest has hit a rough end. I will try to harden my network in a different way.

    Thanks for all of the replies. Great community!

  • Add certificate for upstream proxy SSL Interception trust

    3
    0 Votes
    3 Posts
    534 Views
    S

    @stephenw10 this worked. Thanks!

  • WAN RTT degraded over time

    9
    0 Votes
    9 Posts
    1k Views
    GertjanG

    @rubensan112

    I'm pretty sure that IP, 192.168.1.1, is very close to you.
    Like 3 foot away, the cable between pfSense and your ISP router.

    The idea is that you use another, public, IP, one that is further down "the road", a gateway IP of your ISP.
    If that one is to hard to find, you could use some other "nearby" IP, like 8.8.8.8.

    I'm using the IP of one of my servers somewhere nearby the main 'ISP gateway' :

    ececd44b-0e5d-4945-99ec-7b2f9438d480-image.png

    Now I see :

    8f8df7d3-43ff-4671-90b1-f7a38245e45a-image.png

    Which means :
    192.168.10.1 is the IP of the LAN of my ISP router, just 30 away from me and pfSense.
    188.165.5x.87 is my server IP, and that one is just to 'test' my uplink.
    The whole ieda of all this is : If I (pfSense) can reach (receive answers to my pings) from 188.165.5x.87, I know (and pfSEse) that my connection is ok.

    Pinging your upstream router on your site/home makes no sense. That says nothing about the 'quality' of your uplink.
    Test this yourself : remove the cable (phone/adsl/coax/satellite disk/fiber/whatever you use) from your ISP router : you will see no alerts in the pfSense GUI dashboard, as your 1921.168.1.1 is still answering, so pfSense thinks the connection is ok.
    Well, it's not.

  • One interface

    5
    0 Votes
    5 Posts
    965 Views
    JKnottJ

    @matrix2113

    You could use a VLAN and managed switch to separate WAN & LAN interfaces.

  • 0 Votes
    11 Posts
    1k Views
    S

    @shaw222 I don’t have a link but forward the ports to your VPN server running on your LAN. I was just brainstorming.

  • We are planing to setup the pfSense software firewall

    Moved
    11
    0 Votes
    11 Posts
    1k Views
    V

    @stephenw10 i got it, thank you so much!. if any doubts will let you know.

  • Cisco vs. pfSense

    13
    0 Votes
    13 Posts
    2k Views
    O

    @johnpoz said in Cisco vs. pfSense:

    Throw ddwrt or openwrt on that 20$ box and he would have cool stuff to play with for days and days.. Vs trying to get 15 year old hardware trying to do something actually productive.

    I know both DD-WRT and OpenWRT very well and I also use them.
    But even then, the differences lie in the hardware.
    Just as I wouldn't buy a PC with water cooling if I only use it for writing programs and the Internet, I don't have to invest expensive hardware for an AP if I don't use it in a productive environment.
    As @stephenw10 said so beautifully.....

    @stephenw10 said in Cisco vs. pfSense:

    It's all relative.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.