General pfSense Questions

• M

  Kernel: update_fs error?
  • markn62  

  10
  0
  Votes
  10
  Posts
  1304
  Views

  1

  @Gertjan will try this. thanks!
• P

  Internet crashes when torrenting.
  • packergeek  

  6
  0
  Votes
  6
  Posts
  134
  Views

  T

  The driver built in to FreeBSD for Realtek chips will crash under load. You can use the latest official Realtek driver to achieve stability, but if you already got Intel cards you're better off anyway.
• P

  Internet drops at bandwidth saturation
  • pleb  

  2
  0
  Votes
  2
  Posts
  66
  Views

  M

  A device with a Celeron CPU and 8 GB of ram wouldn't be my first choice to install a hypervisor on. Not to mention, the Realtek NIC's aren't doing you any favors either. The first thing I would do is install PFsense on bare metal and blow Proxmox away. Also, if that ZBOX is modular, grab some Intel NICs.
• I

  TFTP Server behind pfSense
  • iberiaerik  

  5
  0
  Votes
  5
  Posts
  36
  Views

  

  @iberiaerik did you reboot the firewall since enabling the proxy? I believe this is required.
• 

  Issues after upgrade 2.4.4p3 to 2.4.5
  • beria-pl  

  8
  0
  Votes
  8
  Posts
  123
  Views

  

  @beria-pl said in Issues after upgrade 2.4.4p3 to 2.4.5: @bmeeks Thanks - works like a charm, after setting up 1 vCPU on both. At least it working now for 30 minutes without any issues. Is there any timeframe to expect this fix? Or in longer-term it may be better to wait for 2.5.0p1 ;) and now survive with 2.4.5 or downgrade to 2.4.4p3 ? I am not privy to the release dates as I am not affiliated with Netgate. As with pretty much every software company out there, Netgate is usually tight-lipped about release schedules (at least ones with very specific target dates). I suspect companies do this to minimize flak in the event they miss the release date due to unforeseen issues that may crop up. I personally don't expect a long delay in the 2.4.5-p1 fix for this issue, but whether that is later this week or several months from now, I have no idea. If one virtual CPU appears to be working for you, then I would suggest staying on the 2.4.5-RELEASE and not moving to 2.5.0-DEVEL as that branch understandably may have issues crop up -- especially if you keep up with the snapshot updates. The upstream FreeBSD guys merged the fix into FreeBSD-11.3-STABLE on May 11th, and so far as I can tell from the Github updates, the pfSense team is keeping up. So maybe the fix release won't be too far away.
• G

  Gateway alarm: WAN_DHCP with Virgin Hub router
  • g0nz0uk  

  2
  1
  Votes
  2
  Posts
  80
  Views

  G

  Restarted the Virgin Superhub 3 last night and it's great again, we monitor again, but it will start to degrade later today or tomorrow as others have mentioned. If I set back to just use their Superhub as an all in one again all is fine, it has to be something to do with the hub in modem mode and the way it talks to pfSense.
• D

  Is it possible to open a internal Moodle server to internet using NAT 1:1?
  • dilhanmail  

  2
  0
  Votes
  2
  Posts
  28
  Views

  D

  Sorry for troubling you guys. I got it solved by adding following line to the moodle config file. (Instead of using a hardcoded IP) $CFG->wwwroot = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/lms';
• H

  Problem with large transfers after update
  • hhjohan  

  3
  0
  Votes
  3
  Posts
  44
  Views

  H

  @Harvy66 Yes, that absolutely an interesting idea that I will look up.
• V

  Block TCP port 445 at network edge?
  • VirtuousVigor  

  4
  0
  Votes
  4
  Posts
  50
  Views

  

  @Rico Thanks.. I saw LAN when I read the OP the first time. ^^ what Rico said. :)
• K

  2 LAN with 1 WAN
  • kwestby  

  6
  0
  Votes
  6
  Posts
  33
  Views

  D

  you welcome bro :-)
• R

  Seeing spikes in WAN monitor the past couple days, ideas?
  • realityman_  

  5
  0
  Votes
  5
  Posts
  68
  Views

  R

  @stephenw10 Ah gotcha. I'll stay tuned for the 2.4.5_1 release. Thanks!
• L

  Using NUT on pfSense to control 2 UPS attached to QNAP NAS and Ubuntu VM
  pfsense nas nut qnap • • LaUs3r  

  1
  0
  Votes
  1
  Posts
  54
  Views

  No one has replied

• 

  The correct way to Schedules internet on some IPs??
  • x3rl  

  7
  0
  Votes
  7
  Posts
  41
  Views

  

  @YannTKO I had it on wan! ive changed the rules to lan thanks lol
• R

  VPN IPsec with various Phases 2.
  ipsec • • ramses.sevilla  

  1
  0
  Votes
  1
  Posts
  20
  Views

  No one has replied

• 

  Why does my pfsense DNS give non-local NTP servers
  • IsaacFL  

  14
  0
  Votes
  14
  Posts
  174
  Views

  

  @JKnott I now have a stratum 2¹ server on my pfSense firewall. One thing I've noticed since switching from pool.ntp.org, is that the clock on my computer appears in closer agreement with a WWVB radio clock I have. When I was using pool.ntp.org, my computer seemed to lag the WWVB clock by a half second or so. Now it appears the same, at least as close as I can tell by eye. pool.ntp.org provides stratum 2, which means pfSense provided stratum 3. TorIX provides stratum 1, so pfSense can be stratum 2.
• F

  Not all devices are listed in DHCP
  • firefox  

  11
  0
  Votes
  11
  Posts
  107
  Views

  F

  @johnpoz said in Not all devices are listed in DHCP: If you just pinged it from pfsense, it would be in the arp table!! it worked Thanks
• 

  Massive change users exp.date
  • nnicola82  

  3
  0
  Votes
  3
  Posts
  60
  Views

  

  if there are no other alternatives to edit xml file exported, e.g. with 'sed' command directly from the console, I can try only this way best regards, thanks!
• F

  pfSense group edit
  • fireix  

  4
  0
  Votes
  4
  Posts
  118
  Views

  

  @fireix It seems that Ansible or Puppet is open source applications would work for you since it appears you're not shy to use CLI (like me). Ansible uses SSH whereas Puppet (from OpenStack) uses a user agent installed on client's box. Let's hope more senior members will follow-up.
• I

  Can I run server applications and pfSense on the same computer? How is pfSense different from FreeBSD?
  • inf3rno  

  17
  0
  Votes
  17
  Posts
  175
  Views

  D

  My opinion is that FreeBSD is one of the best choices for NGFWs, due to the distinctive behavior of the OP system itself. However, you can't run it cleanly on FreeBSD, so like pfSense, sticking to the parent basics (FreeBSD), you need to implement a different philosophy = pfSense. NollipfSense / I agree with you that the future belongs to the VM, but we still have a lot to learn in this area. What is currently worrying is that only mirror solutions can create large stability systems. I currently work for a world-wide insurance company, in the current unfortunate situation (COVID), more than 8,000 employees work from home on a VM basis. It works, but 25 extra mirror servers have been set up in 15 countries to eliminate the any possible problems. Virtualization is a wonderful part of the IT world, flexible and I hope there will be more and more serious availability. (I started with Windows NT servers and Win 3.1 has changed a lot since then :-))
• 

  pfSense 2.4.4-p3 defined alias is blank - can we add patches from 2.4.5 to 2.4.4-p3?
  • nzkiwi68  

  3
  0
  Votes
  3
  Posts
  152
  Views

  

  @bmeeks Thanks very much for the answer. I did try and download the patches and test, but, not apply and saw that it wasn't going to work from the patch test. Hence the post asking. 2.4.5-p1 - I shall have to wait. Thanks again.
• F

  pfSense VM latency and WAP performance issues
  proxmox latency access point • • firerobin  

  22
  0
  Votes
  22
  Posts
  193
  Views

  

  @firerobin said in pfSense VM latency and WAP performance issues: @bmeeks Thanks again for the info. I'll ask around in neighborhood forums to see if anyone else is having issues with their xfinity connection. Hopefully I can find someone as knowledgeable as the folks in this forum, but then they'd probably already be on top of the issue Would this problem be as noticeable if they have a higher bandwidth service plan? If you have issues with the node you are served from, a higher speed tier is not likely to help. An overloaded or malfunctioning node would be expected to affect all speed tiers. The one exception might be if they moved you to another node for a higher tier, but that is extremely unlikely as the node serving you is usually fixed due to the realities of coax cable routing on the poles. To test and make sure a saturated uplink is not your issue, play your game at a time when you are 100% certain nobody else is using your Internet connection but you and your gaming machine. No streaming or anything else going on. If you have problems then, it is likely to be an upstream ISP problem. If you have no issues, then somebody really loading up on downloads can hurt your gaming and ping times as all the ACKs from the busy downloads can eat up the upload bandwidth.
• L

  Adding second network, 10.0.0.0
  • lewis  

  20
  0
  Votes
  20
  Posts
  193
  Views

  L

  I think I'll just add a couple more interfaces and do it that way. I got to thinking about how I might be able to use the separate lans anyhow. Thanks to all for the input.
• S

  How to block web pages to users with the captive portal, squid and squidguard
  • starnix  

  4
  0
  Votes
  4
  Posts
  39
  Views

  

  Sure you can apply a schedule to a firewall rule so it only applies at certain times: https://docs.netgate.com/pfsense/en/latest/book/firewall/time-based-rules.html I'm not sure how that would help filtering different groups of users though. Steve
• Z

  VoIP phones that will not register behind a PFsense firewall
  • zoinkz  

  16
  0
  Votes
  16
  Posts
  279
  Views

  T

  Hello together again, creepy. Two days ago my PFSense wasn't able anymore to connect in anyway to my CG VPN Service. Always "decompression failure" or something like that appeared. The final solution was to change from adaptive LZO Compression to OMIT Preference. Then this connection worked again. And what started to work as well? The VOIP Connections. I don't know how this belongs together, but now i can register like always my softphones and make calls. I think we would have searched years to find this out...But well, fortunately finally now it works again. That is the most important! Thanks again anyway for the interesting information you posted here and the support you gave! Have a nice weekend
• S

  Addding PPA gets routing/redirect error
  routing router newbie redirect • • strongthany  

  3
  0
  Votes
  3
  Posts
  68
  Views

  S

  @stephenw10 I just tried it again and it works. Looks like they finally updated their certs. Thanks for the help!
• M

  pfSense and OpenVPN speeds
  • Morpheus101  

  16
  0
  Votes
  16
  Posts
  140
  Views

  

  Well I don‘t care about 5-10Mbps VPN traffic more or less. Only would see a problem if you say like in your testings the speed is double or 1/3 more. :-) -Rico
• C

  PFSense Private network interface disable very frequetly
  • chandranath  

  12
  0
  Votes
  12
  Posts
  220
  Views

  C

  Hello.. If someone gets similar issue, please try disabling LACP strict mode. It worked in our case. All the best
• M

  Changing interface name crashes dhcp
  • markgca  

  6
  0
  Votes
  6
  Posts
  56
  Views

  

  Do not post them directly here! There is quite a lot of stuff in the config you probably don't want public. You could use the redacted config from the status_output file. Go to <your firewall IP>/status.php to get that. But even that has your public IP etc. We probably only need the interfaces and dhcp sections as I said. That should show any mismatch if it's happening. Steve
• 

  When downloading at full speed, Internet Connection drops.
  • uxm  

  24
  0
  Votes
  24
  Posts
  152
  Views

  

  @provels wow! fake Intels?? omg. :) My motherboard can handle PCI Express 3.0 so I guess I am alright :) Thank you a bunch @provels!
• S

  Unknown Android Device
  • slimypizza  

  13
  0
  Votes
  13
  Posts
  181
  Views

  P

  The device must have came from those who has access to your LAN...either household or guest. I even believe your Alexa uses Android. For sure, pfSense has NOTHING to do with this issue.
• A

  Firewall Rule Logging (for PERMIT Rule)
  • anengelsen  

  5
  0
  Votes
  5
  Posts
  45
  Views

  A

  @stephenw10 PFsense is definitely logging events (within the Firewall log view). Currently, the log is only showing the denied traffic. Based on the timestamps, it looks like I am not encountering a DoS attack.
• T

  LDAP
  • tidodo  

  4
  0
  Votes
  4
  Posts
  26
  Views

  

  How are you testing? From Diag > Auth?
• C

  Change interface assignments: effects on firewall rules
  • clarknova  

  3
  0
  Votes
  3
  Posts
  20
  Views

  C

  That's helpful, thanks. I am recreating the rules on pfSense B, rather than trying to import them. pfSense B currently has two em NICs but I will be adding two vmxnet NICs in the next maintenance window, then two more in a future maintenance window. I will be watching for reordering as they are added.
• X

  WAN Permit Inbound All Traffic
  • Ximulate  

  4
  0
  Votes
  4
  Posts
  41
  Views

  

  Yes, I completely agree with that. Having pfBlocker create aliases only and assigning them yourself allows you to see exactly what's happening. That's how I use it. Steve
• G

  pulling my hair out: single website cannot access on one system
  • gsrcrxsi  

  2
  0
  Votes
  2
  Posts
  33
  Views

  

  Try a port test to the site from pfSense. That should work though if other clients behind it can access the site. Run packet captures to see what's happening. Is traffic for the site actually arriving at the internal pfSense interface? Is it leaving the WAN? If not where is it leaving, if anywhere? I assume you do not have Snort or Suricata running? Steve
• W

  Intel gigabit ct Desktop not detected
  interfaces pfsense setup network problem • • WAR10CK  

  3
  0
  Votes
  3
  Posts
  88
  Views

  W

  @WAR10CK said in Intel gigabit ct Desktop not detected: AHCI enclosure management bridge OK, pfsense recognizes the netcard, but why is it saying : AHCI enclosure management bridge under interface em0. There is no link when I plugin the cable to em0. The cable works fine in em1.
• A

  Can a PFSENSE log onto another PFSENSE'S webgui?
  • armandelli  

  2
  0
  Votes
  2
  Posts
  34
  Views

  T

  If they're set up to sync configurations (HA sync).
• J

  Mobile-to-TV casting across subnets
  • JacobS  

  1
  0
  Votes
  1
  Posts
  45
  Views

  No one has replied

• 

  SG-5100 UDP States still alive after schedule expires. [2.4.5-RELEASE (amd64)]
  • Phizix  

  18
  0
  Votes
  18
  Posts
  222
  Views

  

  All, After running for a week with the "pfctl -F state" method, it seems that most of the TV's never miss a beat since they seem to have enough buffered to keep going while reconnecting. My Amazon devices on the other hand are unresponsive for several minutes while reestablishing connection. DOH! And my wife, that is another matter altogether. She is pretty unhappy when it boots her out of what she is doing at the time and she has to reconnect. "C'est la vie." Phizix
• F

  UPNP Help
  • Flicky  

  4
  0
  Votes
  4
  Posts
  50
  Views

  

  Does your WAN have a public IP? miniupnpd cannot open port forwards from private IPs. You should at least see the logs from miniupnpd starting in the system log when you save the config or restart the service. Steve