Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. General pfSense Questions
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • S

      Pfsense/Netgate unable to login, Fatal error
      • stormchaser5

      16
      0
      Votes
      16
      Posts
      277
      Views

      stephenw10

      The 7100 also has on-board eMMC, it may not have shipped with an m.2 SATA drive.
      But if the eMMC has failed you can always fit an SSD and boot from that.

      Steve

    • S

      Add this Certificate Authority to the Operating System Trust Store
      • shoulders

      6
      0
      Votes
      6
      Posts
      154
      Views

      S

      https://redmine.pfsense.org/issues/14174

    • J

      View status without having to login?
      • josephchrzempiec

      12
      0
      Votes
      12
      Posts
      188
      Views

      Gertjan

      @josephchrzempiec

      View status without having to login?

      I'm not telling you you should, but I can show you what I have : this.
      This permits me to see some basic pfSense parameters with the 'tap of a finger' wherever I am on the planet.
      It's not a click here, click there solution, as it implies that you temporarily ( ! ) activate FreeBSD package source to install a FreeBSD package called Munin (it will pull in a boatload of dependencies - this was fine, but can be 'dangerous'), and then you have to set it up (some script coding is needed).
      Munin isn't the most beautiful grapher out there, it's the one I use for .... many years.

      @josephchrzempiec said in View status without having to login?:

      Is it possible to run python on pfsense?

      I guess it's there in the basic install. I'm not sure.
      But install pfBlockerNG-devel or pfBlockerNG :

      fa349811-b3d2-4c71-8c66-64bbee3c48af-image.png

      and that will pull in Python for sure.

    • L

      pfSense Plus block file upload
      • Lucas Rey

      26
      0
      Votes
      26
      Posts
      404
      Views

      S

      @gertjan

      pfBlockerNG, by default, right after installing, does contain an 'example' DNSBL feed

      DNSBL isn’t enabled by default. There are plenty of DNSBL feeds that appear on the Feeds tab, but none of those are enabled either.

    • J

      Minimum hardware requirements for pfsense?
      • josephchrzempiec

      8
      0
      Votes
      8
      Posts
      192
      Views

      J

      Hello all, Thank you for replying back to my post. I'm only trying having one server connected to my pfsense router that is all. I was looking for the minimum requirements to run a pfsense router. I have found a few. Sense I only have one server and no need of more I have a small computer with 2gb of memory and 32gb of hard drive on a computer I have should be perfect for it.

      Joseph

    • A

      Problem with updating packages over ipv6?
      • aholmes5

      5
      0
      Votes
      5
      Posts
      136
      Views

      A

      @jknott

      @jknott said in Problem with updating packages over ipv6?:

      @aholmes5

      Does your WAN interface have an IPv6 address?

      Yes it gets a 2001:506:* address. LAN gets 2600:1700:* address.

    • K

      Gateways Status Offline
      • kp206

      5
      0
      Votes
      5
      Posts
      83
      Views

      K

      @steveits Thanks a lot!! it worked!! I wish i could buy you a cup of coffee.

    • D

      Going down the DoH wormhole....
      • deanfourie

      18
      0
      Votes
      18
      Posts
      303
      Views

      S

      @deanfourie Normally MITM is achieved by installing a CA cert on each device and then creating "certificates" on the fly. Can be done on a PC but you can't really install your cert on an IoT device.

      Easier to just block DoH per the above and then if you need to, allow a device to use it.

    • P

      Upgrade from 2.7.0 Devel to 23.01 - Boot Environments not available
      • PatRyan

      4
      0
      Votes
      4
      Posts
      107
      Views

      T

      @patryan I like the simple ones!

      Ted Quade

    • P

      Trouble with C.A. signing on the Https PFSense certificate
      • PF Sense Help

      14
      0
      Votes
      14
      Posts
      149
      Views

      johnpoz

      @pf-sense-help here is a quick walk thru I did years ago, that still valid

      https://forum.netgate.com/post/831783

      This is how you would create a CA, sign a cert and have your browser trust it. You can use whatever sections of it you need if parts have already been accomplished.

    • M

      23.01 messed up boot menu graphics
      • mvikman

      8
      0
      Votes
      8
      Posts
      253
      Views

      M

      @rcoleman-netgate
      Am I correct that the i915 kmod video driver would not help with this as it not loaded at the time boot menu shows?

      Btw I tested booting 2.7CE (feb 15th build) from usb-drive and it had the visually correct boot menu.
      For proper testing, I would need to swap in another ssd and make a test install with 2.7CE, but I don't think I'll waste time at that...

    • M

      CA/Certificate entries are expiring
      • MarioG

      4
      0
      Votes
      4
      Posts
      84
      Views

      M

      @johnpoz Thanks! That worked just fine. I am not knowledgable about certificates and was nervous about changing anything that might break web access.

    • D

      23.01 notices.inc PHP error
      • daplumber

      7
      0
      Votes
      7
      Posts
      304
      Views

      D

      @stephenw10 Yeah, it's recurring, still nothing in a Zpool scrub.

    • M

      a few website are being blocked?
      • mkubiak402

      42
      0
      Votes
      42
      Posts
      1028
      Views

      M

      @stephenw10

      LOL me 2
      ill have to reload the old settings on the old hardware and load the patches 1 by 1 and see what fixed it i guess.

    • X

      Static IP for Pfsense itself
      • Xylem007

      3
      0
      Votes
      3
      Posts
      114
      Views

      stephenw10

      pfSense itself must already have a static IP address on that interface. The DHCP server would not be able to run there if it didn't.

      The 'Copy my MAC' function there is the MAC for client you're accessing the gui from, not the pfSense MAC.

      Steve

    • Qinn

      Sonos speakers and applications on different subnets (VLAN's)
      • Qinn

      244
      13
      Votes
      244
      Posts
      41495
      Views

      B

      Hi there

      I am trying to get this working, without luck so far. I have set the firewall rules like described and also the pimd setup.
      7cd4d017-d15a-4d57-913e-8983c3304253-image.png
      f481ca80-f71f-4af1-89ab-ccdb8f4aa98d-image.png
      1b58df44-0145-4899-bc24-7495b37decfc-image.png
      56f54691-56f4-4bf9-bec5-26f5e862d65e-image.png
      f4f0226c-a5a1-40ef-b5ee-c0c9eb91785a-image.png

      As soon as I enable pimd, my devices drop from the wifi.

      Any ideas?

    • P

      Ideas to fix my IP location with PF Sense
      • pduk82

      14
      0
      Votes
      14
      Posts
      266
      Views

      I

      I work for IPinfo. If we are not providing accurate IP geolocation data for you, consider submitting an IP correction request: https://ipinfo.io/corrections

      The request goes through the verification process. If the correction is verified within 24-48 hours the geolocation data gets updated.

    • C

      Relay Captive Portal to VLANs in Layer 3 Switch
      • CNCNITC

      14
      0
      Votes
      14
      Posts
      130
      Views

      C

      @johnpoz @dobby_ Thank you I will explore

    • A

      ISP warning
      • Antibiotic

      3
      0
      Votes
      3
      Posts
      172
      Views

      A

      @rcoleman-netgate Sorry, can not reproduce now this error to make screenshots. Did fresh reinstall of Windows 11 and for this moment no any warnings. That was standard error warning "your connection is not secure and site can steeling your sensitive data."))) Took a look on certificate of this site and was intercept with additional certificate from my ISP! No any idea , how it possible during using of VPN. My laptop was connected with VPN client (ExpressVPN) throw home router ((Router not from ISP and firmware is OpenWRT ) to pfSense box (pfSense plus 23.01 is installed on old laptop). But this warning start coming not immediately on fresh copy of Windows but a few days later. Now after reinstalling will watching out this situation again(((

    • F

      Logs Settings and OpenVPN
      • ffuentes

      2
      0
      Votes
      2
      Posts
      79
      Views

      F

      @ffuentes said in Logs Settings and OpenVPN:

      After upgrading from the latest 22 branch to 23.01 I lost my logs settings page
      Also OpenVPN no longer wants to start for nether client or server.

      I fixed the OpenVPN issue with the patch: https://redmine.pfsense.org/issues/13963

    • S

      pfSense Plus Status Lost after Upgrade
      • Stugots

      7
      0
      Votes
      7
      Posts
      256
      Views

      R

      @Stugots open a ticket at https://go.netgate.com and include your current Netgate ID and the order number from your original CE->Plus upgrade token.

    • J

      pfSense & Unifi Network, failover to a Hotspot?
      • jreeder

      1
      0
      Votes
      1
      Posts
      57
      Views

      No one has replied

    • N

      Major DNS Bug 23.01 with Quad9 on SSL
      • nononono

      33
      2
      Votes
      33
      Posts
      966
      Views

      S

      I also had occasional dns failures when using quad9 dns. I simply turned off forwarding mode and have had no issues with root servers doing the work.
      I find this to be non-ideal, but at least functional.

    • A

      Virtualbox pfsense slow
      • aldar

      13
      0
      Votes
      13
      Posts
      231
      Views

      stephenw10

      I agree, it should almost always be bridged if you're running VBox in any sort of permanent way.

      400Mbps between VMs is pretty slow though. That seems like it must be a problem in the VBox config somehow. Though it's been many years since I ran in Windows.

    • W

      Connect Netgate 2100 to Satellite system router firewall switch
      • wildbill

      5
      0
      Votes
      5
      Posts
      72
      Views

      W

      Ok. I can see it now. Thanks for your help.

    • K

      [SOLVED] WAN traffic dropped by "Default deny rule IPv4"
      • kx93

      5
      0
      Votes
      5
      Posts
      70
      Views

      K

      @viragomann
      Yeah I did before you replied and that's actually what told me how it works haha. I thought "it can't be that".

    • E

      Wake On Lan from another subnet.
      • EFriseer

      2
      0
      Votes
      2
      Posts
      64
      Views

      V

      @efriseer
      Wake on LAN packets are broadcasted by default. So the packets do not pass a router at all.

      If the bot belongs to the server anyhow you can possibly put it behind pfSense as well.
      Or send the WoL packet from any other host which resides within the servers L2, maybe from pfSense itself.

    • C

      pfSense on Supermicro X10SLM-F
      • Cannondale

      16
      0
      Votes
      16
      Posts
      141
      Views

      C

      @billy_c

      Thanks for the additional information Billy! It's all helpful.

    • R

      Using multiple cheaper residential-type internet connections
      • richardsago

      7
      0
      Votes
      7
      Posts
      224
      Views

      S

      @richardsago instead of or in addition to limiters traffic shaping could be used as well for instance to prioritize UDP from the video class.

      Residential has some minor drawbacks such as outgoing port 25 is often blocked and/or the IP on the Spamhaus policy block list. Plus it normally is a DHCP IP.

    • O

      PfSense pretty slow GUI opening FW rule
      • Operations

      16
      0
      Votes
      16
      Posts
      132
      Views

      O

      @johnpoz said in PfSense pretty slow GUI opening FW rule:

      @operations said in PfSense pretty slow GUI opening FW rule:

      I don't even use PfBlocker

      So you don't have any large aliases setup like with all of the internet IP ranges in them?

      Nope, couple of aliasses with one to max 6 or 7 IP's.

    • N

      Any way to securely monitor remotely?
      • NGUSER6947

      15
      0
      Votes
      15
      Posts
      257
      Views

      B

      Other options here might be simpler but Home Assistant cloud is pretty cheap and since there is an pfsense integration that makes all the stats accessible from anywhere without “exposing” direct access to pfsense to the internet. There are other security risks involved with this approach. Just wanted to throw in some other options.

    • O

      Fine tuning PfSense for network with AD
      • Operations

      5
      0
      Votes
      5
      Posts
      81
      Views

      S

      @operations said in Fine tuning PfSense for network with AD:

      @stephenw10 yes i have my AD DNS as a forwarder pointed at PfSense atm. Just wanted to check this part.

      Then setting the override will allow pfSense to resolve names in AD DNS (e.g. local SMTP).

      Private is not necessary.

      You can also override the reverse DNS if you have AD DNS set to use/hold the reverse zone. Then it can look up LAN IPs.

    • J

      23.01 Upgrade Causing WAN Loss
      • jlw52761

      1
      0
      Votes
      1
      Posts
      55
      Views

      No one has replied

    • CreationGuy

      How to monitor internet bandwidth?
      • CreationGuy

      9
      0
      Votes
      9
      Posts
      293
      Views

      J

      If you have the ability, use Telegraf to output stats to an InfluxDB database then use Grafana to visualize the data.

    • V

      Set up GRE tunnel. Sendto error:5
      gre • • Vuiora

      2
      0
      Votes
      2
      Posts
      106
      Views

      stephenw10

      @vuiora said in Set up GRE tunnel. Sendto error:5:

      Sendto error:5

      It's an Input/Ouput error: https://man.freebsd.org/cgi/man.cgi?query=errno#RETURN_VALUES

      So maybe there's no link on the NIC it's trying to use?

      More info needed.

      Steve

    • A

      VPN client and Google domains
      • Antibiotic

      19
      0
      Votes
      19
      Posts
      89
      Views

      A

      @stephenw10 Solved by set in firewall rule( Lan traffic to ExpressVpn) default gateway to ExpressVpn. Thank you for your assistance. Have a good weekend!
      Screenshot 2023-03-25 022907.png

    • P

      open ports - strange error
      • puneet1984

      2
      0
      Votes
      2
      Posts
      115
      Views

      stephenw10

      Are you trying to connect to the IP address(es) directly? Or using fqdns, which would go via Cloudflare?

      Do you see the connections coming in if you run a packet capture or check the state table?

      Steve

    • P

      CARP without WAN?
      • puneet1984

      3
      0
      Votes
      3
      Posts
      96
      Views

      stephenw10

      It's probably possible. You'd need to arrange VLANs shared between the physical and virtual pfSense instances such that all interfaces share a layer 2 connection with each other.

      Steve

    • Simois

      Is TCP Segmentation Offloading turned off or on?
      • Simois

      6
      0
      Votes
      6
      Posts
      162
      Views

      johnpoz

      @simois no problem - its was a very valid and good question to be honest.

    • N

      pfsense panic after "sonewconn: pcb [address] Listen queue overflow"
      • number201724

      4
      0
      Votes
      4
      Posts
      71
      Views

      stephenw10

      Hmm, the last thing shown there is a zfs command. If it was unable to write to the drive whatever is accepting connections there could also be unable and eventually fill the buffers causing that queue overflow.
      However usually that would also prevent writing the crash report.

      Are you able to reproduce this?

      Steve