• CoS (802.1p) tag bug with virutalized pfsense

    10
    0 Votes
    10 Posts
    1k Views
    B

    Correct. It's a Mikrotik CRS328-24P-4S+. I can add the tag using /interface ethernet switch rule add vlan-id=2 ports=<ports> new-vlan-priority=3

    As soon as I add that to the corresponding physical ports (on the switch) the VMs are on top of, it all magically starts working again.

  • APCUPSD - No UPS page

    20
    0 Votes
    20 Posts
    4k Views
    JKnottJ

    @stephenw10 said in APCUPSD - No UPS page:

    Could be. My guess would be that the FreeBSD port supports some subset of the data only. But testing against FreeBSD is the only way to know that. Or reading the code...

    Steve

    I just plugged in an older model APC UPS and it now works. The old model is a " Back-UPS ES 500". So, there is something different in the protocol between old and new that keeps apcupsd and NUT from working with the new UPS. BTW, I had previously used NUT with this old model and it worked fine. As I mentioned, the new UPS works fine with Linux.

  • Multiple VPN tunnels to appear as if device is from another country

    3
    0 Votes
    3 Posts
    360 Views
    A

    thanks! I appreciate your input/help.

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    3 Views
    No one has replied
  • A command will run in command prompt but not in cron service

    4
    0 Votes
    4 Posts
    375 Views
    K

    @stephenw10 Found the problem. Somehow characters that don't show up got in there. Perhaps when I did a copy/past from the old config? Manually retyping fixed it. But unlike before, the entire path is required.

  • All system logs empty

    6
    0 Votes
    6 Posts
    1k Views
    M

    Resolved!

    @Gertjan said in All system logs empty:

    @MrSnuggles said in All system logs empty:

    pfSense should be on the newest version (v4.0.11).

    I advice you to ditch whatever you have and use the real pfSense : https://www.pfsense.org/download/

    Oops I quoted the BIOS version (4.0.11) instead of the pfsense version (2.4.4). Should be as official as it gets. Otherwise I would be surprised 😅

    @jimp said in All system logs empty:

    Go to the settings tab and click the button to reset all your log files.

    Thanks! I had the same idea after reading what Steve pointed out about the logs being from 2017. Ran rm -rf /var/log and now the system is logging happily. I don't understand though what the problem was since the permissions look exactly the same now. At least I have logging back 🎉 Thanks again!

  • OPT Interface - No Network

    30
    0 Votes
    30 Posts
    4k Views
    stephenw10S

    It's old but should work fine. I can only think there must be some rogue configuration going on, something left in the config file from previous settings. But if that was the case the clean install should have resolved it.
    The other thing is some low level conflict between the cards but I would expect that to follow the card not the assigned interface.

    Steve

  • 0 Votes
    6 Posts
    1k Views
    johnpozJ

    What? Are you in the wrong lang section Vellin? No offense your terse response makes no sense at all with the context of this thread?

  • Assign 3rd interface to Pfsense

    27
    0 Votes
    27 Posts
    2k Views
    T

    So I deleted the entire interface and recreated under opt2 different interface and it works fine now, strange.

  • block ip with multi wan ip

    Moved
    5
    0 Votes
    5 Posts
    425 Views
    E

    thank you, it working.
    for archive this my custom rules:

    drop tcp $EXTERNAL_NET any -> 1.1.1.2/32 any (msg:"Ignore all traffic"; sid: 1;)
    drop udp $EXTERNAL_NET any -> 1.1.1.2/32 any (msg:"Ignore all traffic"; sid: 1;)

  • High Memory Usage

    5
    0 Votes
    5 Posts
    1k Views
    stephenw10S

    Yes, I'm not actually seeing an issue there besides the high RAM usage from Squid. It's not exhausting the RAM certainly.

    Are you seeing errors in the system log or Squid log?

    Steve

  • Poor throughput to remote site

    2
    0 Votes
    2 Posts
    236 Views
    stephenw10S

    Ok, so I assume A to B is local traffic, not via VPN?

    And B to C is also not via the VPN?

    What speeds to you see from C to A compared with B to C? Is it the same A to C or C to B.

    I would try testing directly between the pfSense firewalls using iperf3 on each both inside and outside the VPN to see if you can pin down the throttle point.

    pkg install iperf3 rehash

    Steve

  • Broken unit won't fully boot

    2
    0 Votes
    2 Posts
    155 Views
    stephenw10S

    @Stewart said in Broken unit won't fully boot:

    pkg-static: Warning: Major OS version upgrade detected

    That implies it is either running 2.3.X and has pulled in 2.4.X packages or is set the dev channel and is trying to pull in 2.5.X packages. You can probably recover it by doing this:
    https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#upgrade-not-offered-library-errors

    But it will be quicker, and cleaner, to just reinstall at this point.

    The Suricata package had a bug in it at one point that meant log rotation was not working correctly. You had to go to the log management tab and save the default settings there to activate it. I imagine that's what you hit there.

    Steve

  • Add dhcp, pppoe and DNS

    6
    0 Votes
    6 Posts
    1k Views
    stephenw10S

    You haven't added the address range or server address to the PPPoE server config.

    I'm not sure I've ever tried running it on a numbered interface, certainly not WAN. You might need firewall rules to allow the traffic in. Though I don't see any required on my test box here to allow the PPPoE traffic you will need them on the PPPoE server interface to allow traffic inside the connections.

    Steve

  • Hyper-V LAB setup with pFSense as internet gateway

    2
    0 Votes
    2 Posts
    283 Views
    M

    Alright.
    We can do this :)

    On for example Forefront TMG you would have created a rule saying that anything going to external is allowed and drop the rest. PFSense however doesn't have an external object so instead we will need two rules per network instead instead

    First we need a Block rule that stops the unwanted traffic. Second we need an allow any rule that allows anything we haven't already blocked.

    In your case you need a block rule as rule nr2 on LAN:
    Source Any
    Destination 192.0.0.129/25

    You will need a Block rule on OPT1 to (before the allow any-any rule)
    Source Any
    Destination 192.0.0.1/25

  • Port 443 suddendly stopped by the firewall

    2
    0 Votes
    2 Posts
    132 Views
    V

    Okay I ran out of ideas so I grabbed a backup of the config file from before I installed HAProxy and ACME and restored it.

    Access is again granted to port 443. I will have to assume it was HAProxy but I only had set it up for port 80 and it was working. I was starting to work on 443 but everything for those backends and frontend was disabled. Also I completely disabled HAProxy and no difference.

    Oh well. I will just start again with ACME and HAProxy and see what happens

  • DHCP Timouts

    5
    0 Votes
    5 Posts
    526 Views
    A

    Can you add some network addresses and ranges to your diagram?

    For example - 192.168.0.1/24 or something similar?

    Jeff

  • HAProxy SSL Offload and LAN users [SOLVED]

    3
    0 Votes
    3 Posts
    381 Views
    P

    Hi @PiBa
    After a good night sleep, and some coffee, I discovered a domain override for https://www.yourdomain.tld/ in my DNS resolver. False alarm.
    Thank you for your time.

  • [SOLVED] First time install. Need help!

    10
    0 Votes
    10 Posts
    1k Views
    B

    @KOM In accordance to Aristotle - the first sign of real knowledge is ability to explain shortly the matter and teaching this matter. I wish you big money in your free time ... The information that I've got from @stephenw10 - all that I've been asking. For now all is working.

  • pfSense Crash

    3
    0 Votes
    3 Posts
    414 Views
    GertjanG

    @Ozzmosis said in pfSense Crash:

    can not find the problem.

    Cut the problem in pieces.
    Like : remove the VM from the equitation.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.