• PfSense MTU, Bufferbloat and Netalyzr results

    5
    0 Votes
    5 Posts
    1k Views
    T

    @curtisgrice:

    You would need to run a traceroute to the netalyzr.icsi.berkeley.edu testing host (not necessarily that address). from that you can look at the DNS ptr records (host names found by IP) to get a sense of where that is.

    The address it reported could be an address in your ISPs network or just an IP on an interface on a router along the way.

    Also try both ICMP and TCP traceroute as many transit routers cant be bothered to reply to a ICMP/UDP ping.

    I have not tried the ICMP traceroot yet but have tried the TCP traceroot and unfortunately it was unrevealing as well. I do know now though that it is not coming from pfSense or my home network as I have removed pfsense from the network temporarily for testing. My configuration is now ISP > Modem/router > Testing PC.

  • Recommended smart switch for Unifi AP? Easy interface, inexpensive, secure

    21
    0 Votes
    21 Posts
    3k Views
    occamsrazorO

    @Grimson:

    In that case you can also use an RPI2 or 3 to run the controller on. Maybe you have one collecting dust somewhere.

    Running the controller on the pfSense OS can have unforseen issues when pfSense upgrades or a controller upgrade installs conflicting packets. If you absolutely need to run both on the same hardware I'd strongly agree with johnpoz, put each into it's own VM.

    Good points there. Thanks. I don't have an RPI but I do have a Macbook that runs 24/7 so could use that. Also I have a QNAP NAS running 24/7 and I believe you can run the Unifi controller as a package or via a docker.

  • Gateway Email notifications not consistent

    5
    0 Votes
    5 Posts
    804 Views
    T

    @Gertjan: sorry, yes i have two wan connections. i was referring to them as they are in the status/gateways and the gateway groups. i have one on tier 1, and the other on tier 2, so it should fail over (which it does). the problem is the gateway down notification. i never receive those, only gateway up notifications:

    MONITOR: WANGW is available now, adding to routing group WAN_Group 8.8.8.8

    @jimp: i'll set default gateway switching and if that doesnt help will try 2.4.3.

  • PFsense config storing plaintext passowrds world readable

    5
    0 Votes
    5 Posts
    705 Views
    jimpJ

    https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml

    If you are worried about someone seeing the contents of config.xml, then they shouldn't have access to anything that can read config.xml.

  • DNS configuration for LAN interface

    6
    0 Votes
    6 Posts
    569 Views
    GertjanG

    "Normal" is, this :
    A device - a PC - on your LAN, hook it up as when it came out of the box :

    C:\Users\Réception-Gauche>ipconfig /all Configuration IP de Windows Carte Ethernet Connexion au réseau local :   Description. . . . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet   DHCP activé. . . . . . . . . . . . . . : Oui   Configuration automatique activée. . . : Oui   Adresse IPv6\. . . . . . . . . . . . . .: 2001:470:1f13:5c0:2::c6(préféré)   Bail obtenu. . . . . . . . . . . . . . : lundi 26 février 2018 06:45:20   Bail expirant. . . . . . . . . . . . . : lundi 26 février 2018 08:45:20   Adresse IPv6 de liaison locale. . . . .: fe80::75cd:7073:d0a4:bc7c%10(préféré)   Adresse IPv4\. . . . . . . . . . . . . .: 192.168.1.6(préféré)   Masque de sous-réseau. . . . . . . . . : 255.255.255.0   Bail obtenu. . . . . . . . . . . . . . : mercredi 14 février 2018 10:25:15   Bail expirant. . . . . . . . . . . . . : mardi 27 février 2018 06:45:19   Passerelle par défaut. . . . . . . . . : fe80::212:3fff:feb3:5875%10                                       192.168.1.1   Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1   IAID DHCPv6 . . . . . . . . . . . : 246983791   DUID de client DHCPv6\. . . . . . . . : 00-01-00-01-14-20-18-E3-B8-AC-6F-47-2C-77   Serveurs DNS. . .  . . . . . . . . . . : 2001:470:1f13:5c0:2::1                                       192.168.1.1   NetBIOS sur Tcpip. . . . . . . . . . . : Activé

    So, gateway and DNS are set to 192.168.1.1 - my pfSense. This isfo was given to my PC by pfSense.

    pfSense : I never touched the DNS settings, use settings out of the box.
    Set up my WAN connection using DHCP-clientso it obtains an IP from my upstream ISP router, and done.

    My System => General Setup is pretty empty, I only set a host name and domain name for pfSense.
    On  Status => Dashboard => Status => Dashboard says for DNS server(s) : 127.0.0.1

    LAN firewall rule : a big pass all rule (TCP,UDP,ICMP,IPv4,IPv6)

    That's it.

    Actually, pfSense behaves exactly identical to any any other box that an ISP gives you : hook up to power, setup WAN, slide in a LAN cable and your online.
    Never actually understood why people want something from 8.8.8.8 or 8.8.4.4 …  ;)

  • High Latency on LAN after power failure - fixed, but not sure how

    5
    0 Votes
    5 Posts
    433 Views
    jahonixJ

    169.254.0.0 /16 is called APIPA (automatic private IP addressing) and not specific to an operating system.
    https://wiki.wireshark.org/APIPA

  • Automaticity run a command after reboot?

    6
    0 Votes
    6 Posts
    444 Views
    GrimsonG

    @smegheed:

    root /usr/local/bin/screen usr/local/bin/stunnel screen -dmS tunnel stunnel vpn.ssl ?

    :o

    Take your command and add the full path to binaries and (config) files. So:

    screen -dmS tunnel stunnel vpn.ssl

    becomes

    /usr/local/bin/screen -dmS tunnel /usr/local/bin/stunnel /root/vpn.ssl

    Note: Paths in the example above are just guessed, so make sure they are correct.

    Also I'd advise to use the shellcmd and cron packages to configure this instead of messing with the config.xml by hand.

  • Best practices for using home proxy while connected to a work VPN

    2
    0 Votes
    2 Posts
    368 Views
    No one has replied
  • Why MTU limit of 9000?

    15
    0 Votes
    15 Posts
    7k Views
    E

    Thank you for the great discussion everyone. Lots of good info.

  • MOVED: Is pfsense more trouble then its worth Sg2440

    Locked
    1
    0 Votes
    1 Posts
    199 Views
    No one has replied
  • 0 Votes
    1 Posts
    242 Views
    No one has replied
  • Snort syslog

    1
    0 Votes
    1 Posts
    465 Views
    No one has replied
  • Awww NUTs! (Network UPS Tools) detects UPS, but won't display telemetry

    4
    0 Votes
    4 Posts
    1k Views
    A

    What is in the log?
    With UPS not connected I see the same "Failed to retrieve status" on UPS Status page and lots of messages from upsd and upsmon in the log.
    What is the part number of the cable you have? Something like 940-XXXX
    Do you have the same software (NUT) on your web server where you tested your UPS?

  • Update URL / Version File

    3
    0 Votes
    3 Posts
    661 Views
    F

    Thanks!

    #!/usr/local/bin/php -f # # Script to check the Version and print a Output in the Nagios-Plugin-Syntax # require("globals.inc"); require("config.inc"); require("functions.inc"); require_once("pkg-utils.inc"); $system_version = get_system_pkg_version(true, false); $iCheckExitCode = 3; if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) {         echo "Uknown - Error in version information";         exit( $iCheckExitCode ); }         switch ($system_version['pkg_version_compare']) {         case '<':                 echo "Critical -  Version " . $system_version['version'] . " is available.";                 $iCheckExitCode = 2;                 break;         case '=':                 echo "Ok - The system is on the latest versioni (" . $system_version['installed_version'] . ").";                 $iCheckExitCode = 0;                 break;         case '>':                 echo "Warning - The system is on a later version than official release.";                 $iCheckExitCode = 1;                 break;         default:                 echo "Unknown - Error comparing installed with latest version available";                 $iCheckExitCode = 3;                 break;         } exit( $iCheckExitCode ); ?>
  • HTTPS blocking

    6
    0 Votes
    6 Posts
    1k Views
    johnpozJ

    So your using squid?  And blocking say www.facebook.com but they are getting through via https?

    To give you the best solution some more context would be helpful.  Why are you wanting to block this, is this a work setting, home, school are you using proxy or squidguard currently, etc.

  • Cannot edit firewall rules

    3
    0 Votes
    3 Posts
    2k Views
    S

    This is the current/correct code for that section:

    // Gateway selector is populated by JavaScript updateGWselect() function $section->addInput(new Form_Select( 'gateway', 'Gateway', '', [] ))->setHelp('Leave as \'default\' to use the system routing table. Or choose a '. 'gateway to utilize policy based routing. %sGateway selection is not valid for "IPV4+IPV6" address family.', array(' ')); $group = new Form_Group('In / Out pipe');

    I don't know why your system is not picking up the current version (2.3.6.a.20180223.0519) Try option 13 from the command line interface and see if that helps.

  • PCI Scan failing with weak cipher. Disabled on server. Is it pfSense?

    16
    0 Votes
    16 Posts
    2k Views
    J

    Thanks for doing that JohnPoz.

    This is the answer I expected but I wanted to cover all the bases.

    The issue is obviously something between what IISCrypto is showing and what the server is actually using.

  • Resolve internal DNS with OpenVPN Client connection

    1
    0 Votes
    1 Posts
    336 Views
    No one has replied
  • Pfsense Nagios Monitoring SNMP/NRPE help!

    11
    0 Votes
    11 Posts
    9k Views
    U

    I know this is an old thread, but I'd really like to see the contents of the "check_cputemp.sh" file for pfsense.

  • Ikev2/IPsec as VPN client to VPN service

    4
    0 Votes
    4 Posts
    1k Views
    R

    Hey, once more.

    So, I have played around a little bit more with configurations and I managed to force that opt1 interface would be used on tun0:
    http://prntscr.com/iifq73

    I set Manual NAT rules, and forced LAN to go through OPT1 gateway but that did not make the trick.

    Maybe you guys would have any trick under the sleeve? As it feels that all configurations are so close.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.