Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. General pfSense Questions
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • T

      Console display missing letters 'u' and 'l'
      • terryzb

      12
      0
      Votes
      12
      Posts
      309
      Views

      johnpoz

      @terryzb said in Console display missing letters 'u' and 'l':

      The SiLab driver notes list several bug fix

      I will have to take a look see if I am behind in driver version - even though have never seen that issue, I like to be up to date with everything ;)

      edit: I was a couple releases behind, was on 11.0 now on 11.2..

    • M

      OpenVPN private key
      • michmoor

      7
      0
      Votes
      7
      Posts
      89
      Views

      M

      @viragomann If i re-run the installer from Clients export in pfsense, then it installs the PCKS12 file i need and in the certificate store. OpenVPN config file is generated to automatically to look at the trust store. So thats what i have been doing to test.
      User Cert + 2FA, and no admin rights on this workers laptop...Im happy.

    • O

      Unable to make changes to LAN Interface
      • Octopuss

      4
      0
      Votes
      4
      Posts
      68
      Views

      S

      @octopuss That's what I was vaguely remembering...someone that had enabled it then disabled IPv6, or similar. I don't really recall the details.

      I suppose another option would be to edit it out of the config .xml file and restore.

    • S

      Apply all system patches
      • shoulders

      17
      0
      Votes
      17
      Posts
      406
      Views

      jimp

      By the time a patch makes it into the "Recommended" list it's usually either already included in a newer release or it's been well tested internally and confirmed to solve the problem in question.

    • V

      After upgrade to 23.01 IPTV KPN in The Netherlands broken
      • vjizzle

      4
      0
      Votes
      4
      Posts
      159
      Views

      V

      A quick update. Today I tried the upgrade again and now IPTV/IGMP is working fine. Upon checking the igmp package I can see that the working version (0.3_1,1) is installed automatically. Always nice to wait a little before upgrade. Thanks and another happy upgrade running here.

    • E

      intel nic
      • elmo1943

      2
      0
      Votes
      2
      Posts
      71
      Views

      M

      I'm running pfSense Plus 23.01 with HPE 561T card, which is basically a HP made X540-T2.
      No problems here.

    • K

      1100/2100 upgrade available again?
      • keyser

      1
      0
      Votes
      1
      Posts
      60
      Views

      No one has replied

    • D

      How can I access in home servers with pfsense as my router
      • dlohrke

      13
      0
      Votes
      13
      Posts
      186
      Views

      D

      @gertjan Your main post about private/public network looks like it may have been the main thing, then I forwarded the ports for Plex, my old box forwarded them automatically which is odd, looks like that has fixed the main issues. Thanks for the help there, I was losing my mind.

    • M

      Clamav in pfsense 2.6.0 when it is active when it is not
      • Mr.Trieu

      1
      0
      Votes
      1
      Posts
      46
      Views

      No one has replied

    • P

      PFSense stops working
      • p2ranger

      3
      0
      Votes
      3
      Posts
      131
      Views

      stephenw10

      Mmm, that error is usually the result of traffic shaping and isn't usually a problem.
      https://redmine.pfsense.org/issues/8991

    • A

      IPSEC VPN
      • alex992

      3
      0
      Votes
      3
      Posts
      73
      Views

      jimp

      If you just see two, it's probably OK and a normal part of (re)negotiation depending on which side does what.

      If you get more and they start piling up, then you might need to adjust the settings:

      https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec-duplicate-sa.html

    • valigha

      Netgate 1100 High Memory Consumption
      • valigha

      6
      0
      Votes
      6
      Posts
      185
      Views

      valigha

      @steveits It worked after the patch. I had already rebooted and tried a few other things, and let it even sit for several days to see it it would drop. Using top it would always have the High memory usage. After that patch, the reboot it has not hit 30% memory usage yet. I feel more confident adding rules and such now. I do believe the patch corrected this issue for me, as I was up to date, at least the system said I was, and I had purchased this netgate 1100 only a couple weeks ago. Thanks again!

    • A

      Checking emmc memory health for Netgate 1100 appliance
      • applesalwaysred

      6
      0
      Votes
      6
      Posts
      197
      Views

      stephenw10

      Yes, some 1100s don't have eMMC that supports reading that data.

    • M

      23.01 grep consuming all memory
      • motific

      4
      0
      Votes
      4
      Posts
      139
      Views

      M

      @gertjan - I do know how to do the troubleshooting, I was just trying to avoid the 24 hours for each iteration but I'm sure it will help someone else if they're reading.

      I had already updated pfBlocker but it looks like those processes were orphaned from before I updated the package. All seems to be fine now.

    • F

      running out of swap space
      • f5alcon

      8
      0
      Votes
      8
      Posts
      141
      Views

      stephenw10

      By default all traffic inbound is blocked on the WAN anyway so this only applies if you've added a rule to pass traffic.

    • L

      23.01 breaks DNS resolver and pFblocker
      • lpfw

      23
      1
      Votes
      23
      Posts
      794
      Views

      stephenw10

      Generally you would not have DNSSec enabled with DoT but only because you will be in forwarding mod for DoT. You should be able to use them together but it's likely far less tested because there's little point.

    • M

      Will this UPS unit work well?
      • michmoor

      7
      0
      Votes
      7
      Posts
      185
      Views

      dem

      @michmoor My CyberPower has been stable with the NUT workaround from the thread I referred to previously.
      NUT Screen Shot.png

    • M

      OpenVPN 2FA disconnects
      • michmoor

      5
      0
      Votes
      5
      Posts
      77
      Views

      M

      @the-other

      f2b8929a-3ac9-43ba-99a2-4e7d6fd6257d-image.png

      e6e9eced-0a1c-41e8-b66e-6752a70d1860-image.png

    • S

      Questions about setting up a more secure home- and small business network
      • Stef_R

      6
      0
      Votes
      6
      Posts
      176
      Views

      S

      @johnpoz said in Questions about setting up a more secure home- and small business network:

      @stef_r please tell you don’t have idrac exposed to public internet you vpn into the edge?

      I am aware that exposing the iDRAC interface to the public isn't a smart way to do it! :-)
      So yes, I have restricted access for only one trusted IP address and only through the VPN connection through the EdgeRouter.

    • JonathanLee

      Analytics cookies being listed when logging into firewall with Chrome Browser.
      • JonathanLee

      19
      0
      Votes
      19
      Posts
      364
      Views

      Dobby_

      @jonathanlee

      As soon as cookies are cleaned it's gone.

      I would say you could install some privacy addons
      and say absolute no to cookies! And you only keep
      your cookies from your switches and routers or firewalls
      and use only that one (browser) for your internal tech equipment.

      Google Analytics I have never seen on it. I have seen
      cloudflare analytics also.

      pfBlocker-NG and/or Squid & SquidGuard may be sorted
      with some add blocker lists.

    • B

      Basic firewall rules for interfaces
      • bumzag

      13
      0
      Votes
      13
      Posts
      226
      Views

      J

      @bumzag said in Basic firewall rules for interfaces:

      I want LAN to have access to every interface indiscriminately, and NET2 to have WAN access, but no LAN access.

      The block comes before the allow so LAN would be blocked

    • N

      bad nginx errors in system logs
      • nononono

      9
      0
      Votes
      9
      Posts
      109
      Views

      N

      @steveits fair enough, will just pivot to blocking all and only allowing ports that are confirmed in use, thank you for the confirmation

    • C

      HELP: NETGATE 3100 - After updating from 22.05 to 23.01 unable to create/use GIF interfaces
      • ChrisJenk

      31
      0
      Votes
      31
      Posts
      634
      Views

      J

      @stephenw10 Yes, it's a Hurricane Electric tunnel.

      And deleting the gateway gives the same error on attempting to create the GIF.

    • J

      pfsense vs Fritzbox securety
      • Julian 3

      5
      0
      Votes
      5
      Posts
      273
      Views

      C

      As the Fritzbox can be accessed and adjusted remotely by your ISP (similarly to most ISP supplied boxes) you can not guarantee your configuration as well as one can with a pfsense box. It is worthwhile with a Fritz!Box looking at the security tab to see what open ports exist and the services supported.
      Configuring pfsense to work with a Fritz!Box in modem mode is a whole other kettle of fish!

    • L

      Migration several Netgate 7100 to 8200
      • Luca De Andreis

      3
      0
      Votes
      3
      Posts
      75
      Views

      L

      Ok perfect...

      I would like to keep all the configuration of ACLs, VPN, etc. redoing everything by hand, besides the waste of time would definitely cause errors.

      Thank you very much

    • K

      Migrating from Mini Computer with pfsense to 6100
      • Kevin 4

      10
      0
      Votes
      10
      Posts
      255
      Views

      stephenw10

      I would not remove the switch if you have multiple devices on the same VLANs talking to each other. The 6100 ports are not a switch. If you have devices connected to them that need to be in the same subnet they would have to be bridged and that uses significant CPU cycles. An external switch can do that without loading the firewall.

      Steve

    • P

      Upgrade to 23.01 - crash report
      • pfguy2018

      29
      0
      Votes
      29
      Posts
      490
      Views

      stephenw10

      Ok, start a new thread for that then it seems unrelated to the notifications issue.

    • M

      Pfsense Error
      • macj72x

      2
      0
      Votes
      2
      Posts
      103
      Views

      jimp

      That is the same error we saw from others who had an outdated Home Assistant pfSense integration installed. You will need to update the integration in Home Assistant (or disable it).

      The error isn't coming from code in pfSense, but code being sent by that pfSense integration, so there is nothing pfSense can do to alter that code.

      There are several threads for this already if you need more information.

    • M

      Moving current network to pfsense
      • mikey6283

      6
      0
      Votes
      6
      Posts
      135
      Views

      V

      @johnpoz
      Oh yeah. Go to correct it. Thanx.

    • M

      Unable to check for updates (SOLVED)
      • Matt2

      94
      10
      Votes
      94
      Posts
      17250
      Views

      K

      @stephenw10 said in Unable to check for updates (SOLVED):

      Interesting. It looks like at some point you added the ntop repo to get the subscription version?

      Yes I did but was just a newer version as the Netgate Package of ntopng is or was quite far behind.

      Now I understand the ramifications of installing outside of Official Packages.

    • S

      Register custom hostname by MAC address
      • sdugoten

      4
      0
      Votes
      4
      Posts
      129
      Views

      JKnott

      @sdugoten said in Register custom hostname by MAC address:

      Could you please point me to which screen that would do the static mapping? Thanks.

      Bottom of the DHCP server page.

      22781824-e8e8-47a2-a8b6-2d91a794a058-image.png

      Also, the easy way to make a static mapping is to connect the device and find it in Status / DHCP leases and convert it to static mapping, to add the desired address and host name.

    • M

      Boot environment - cannot erase
      boot • • markgca

      1
      0
      Votes
      1
      Posts
      75
      Views

      No one has replied

    • S

      Setup ISP Router Bridged with ISP VOIP
      • sphillips

      1
      0
      Votes
      1
      Posts
      55
      Views

      No one has replied

    • N

      Network UPS tools (nut server) youtube video
      • netboy

      1
      0
      Votes
      1
      Posts
      70
      Views

      No one has replied

    • L

      Authenicated NTP
      • LamaZ

      36
      1
      Votes
      36
      Posts
      1387
      Views

      JonathanLee

      @lamaz time flys haha 😂 as we talk about time servers

    • J

      crontab changes
      • jrey

      8
      0
      Votes
      8
      Posts
      129
      Views

      S

      @jrey I only looked because I was expecting it to comment out the periodic daily line but it didn’t. Then it rewrote the file at boot, still I commented, so I pulled up the patch details. no memory spike the next day so it must have worked.

      Perhaps crontab write triggers again at other criteria?

    • B

      VPN routing broken afer upgrade to 23.01
      • bambam

      11
      0
      Votes
      11
      Posts
      316
      Views

      B

      @derelict Thanks for pointing this out - we hadn't had a rule on the previous version but added it in before the gateway rule and all is working OK again.

    • A

      Unable to ping or tracrt to one specific external IP from one of 4 SG3100s
      • apothecaryjohn

      5
      0
      Votes
      5
      Posts
      147
      Views

      A

      @viragomann

      I found the culprit, why it only has been on this one unit, I cant explain. It was being blocked by Snort..

      140:20
      (spp_sip) Invite replay attack

      Disabled the rule and it has resolved fine. All 4 units run Snort, only this one has had an issue.

      Thank you for your help.

      John

    • S

      PFsense with multiple lans and nighthawk mr60 with satellites
      • sfigueroa

      3
      0
      Votes
      3
      Posts
      114
      Views

      S

      @steveits thank you for the reply, I'll try finding the docs :)

    • A

      Error regarding ubus
      • andro_b

      1
      0
      Votes
      1
      Posts
      52
      Views

      No one has replied