• NTP set to time.google.com not working after reboot

    40
    0 Votes
    40 Posts
    551 Views
    R

    @johnpoz ~ I also added filter-AAAA to the DNS forwarder's Options so I think I've now killed IPv6 in every way possible on my firewalls! :o)

    Roy...

  • I RESTART THE PFSENSE BECAUSE OF THIS NOW I CANNOT ACCESS IT

    Moved
    18
    0 Votes
    18 Posts
    272 Views
    R

    @Gertjan thanks you so much ๐Ÿ™๐ŸคŸ๐Ÿป

  • first boot freez (pfsense 2.7.2 + protectli)

    7
    0 Votes
    7 Posts
    179 Views
    stephenw10S

    Yup that^. ๐Ÿ˜

    But yes all the output after mountroot is run only appears on the primary console until bootup completes and the console menu is shown on both consoles. With the exception of a few message types such as NIC linkup logs which are written to all consoles.

    Hence you quite often see user reports of 'freezing' during boot because that's what appears to happen.

  • LDAP Authentication with Active Directory Windows Server 2025, bind fails

    7
    0 Votes
    7 Posts
    13k Views
    L

    @Laxarus Thanks for the help my friend. It helped me a lot!! After 12 hours of migrating 4 domain controllers, I almost hit the rollback button until I saw your tip. I tried this and it worked for two systems that had problems. The only two systems that we could not test in our lab environment.

  • CAN'T FIND PFSENSE

    3
  • Auto config backup question

    4
    0 Votes
    4 Posts
    116 Views
    stephenw10S

    We may be able to recover the old key if you send me the NDI or hint in chat.

  • 0 Votes
    33 Posts
    564 Views
    stephenw10S

    Aha, that would do it! Easy mistake, we've all done stuff like that. ๐Ÿ˜

  • Questions about log messages

    33
    0 Votes
    33 Posts
    2k Views
    stephenw10S

    Ok so the main concern here is that the logged source IP doesn't match what is seen in a pcap?

    Accepting that some rogue devices are sending traffic incorrectly that pfSense can do nothing about. Except logging the failure.

  • Complete Fail replacing NIC

    Moved
    8
    0 Votes
    8 Posts
    234 Views
    stephenw10S

    If you have a legitimate reason to need to migrate the NDI then we can accommodate that. If you had a hardware failure for example. Or, here, if you upgraded and found your new hardware is incompatible. We're not completely inflexible.

  • Mellanox ConnectX-4 LX causing hard panic on boot intermittently

    14
  • External access to a internal web server (VPN site2site)

    13
    0 Votes
    13 Posts
    199 Views
    W

    @viragomann, thank you very much for your help!

  • WireGuard gateway pending after reboot

    3
    0 Votes
    3 Posts
    273 Views
    A

    @LaUs3r

    I am experiencing the same even on the latest pfSense Plus beta version (25.03)

  • pfBlocker GeoIP rules getting confused ?

    5
    0 Votes
    5 Posts
    190 Views
    N

    @stephenw10 Thanks again. I've submitted a correction suggestion to MaxMind for the IP. I assume that the regular scheduled auto updates of pfBlocker databases within my pfSense also update Maxmind's free GeoIP database as well -- I noticed the free GeoIP database is updated by Maxmind every month. Cheers

  • Possibility of capturing ssl-keys using tcpdump in the pfsense shell

    11
    0 Votes
    11 Posts
    235 Views
    B

    @johnpoz

    getting a squid transparent proxy running on pfsense with ssl/mitm from scratch wasn't easy tbqh (but maybe that's another topic...)
    it is quite satisfying though to see the RT access logs flow in pfsense, and the secure lock in the browser at the same time (=
    squiddie.jpg
    but still, as you mentioned before, without the device accepting my ""internal-ca"", it's besides the point ๐Ÿ˜

  • Schedule a reboot?

    9
    0 Votes
    9 Posts
    193 Views
  • KIA DHCP

    7
    0 Votes
    7 Posts
    193 Views
    stephenw10S

    Are you able to test in 25.03-Beta?

  • Netgate 6100 using 2.5Gbe port for WAN?

    11
    0 Votes
    11 Posts
    233 Views
    stephenw10S

    I have seen it happen in the past when the change is initially made. Somehow the dhcp server is still running on the interface. But not for a while and not beyond the initial switch.

  • 0 Votes
    16 Posts
    425 Views
    stephenw10S

    Well from what we've seen here it is googles fault. Cogent is not preventing you use other DNS servers. What's happening is that Google's servers detects you are resolving DNS from a different location than you're are sourcing requests and flags the connection as suspicious in some way requiring additional screening. The same way that some sites will do that for VPN connections. A "DNS leak" is one way sites detect it. The interesting thing is that they only flag the Cogent connection that way.

    One other thing you could do VPN all your traffic over the Cogent WAN to the same location you are resolving from.

    But I would at least try resolving locally first since that would also set the DNS and source IPs to match. With DNSSec enabled you can be pretty confident in the results. Using DoT really just outsources your trust to cloudflare.

  • BGW320-500 set up without passthrough....problems?

    10
    0 Votes
    10 Posts
    347 Views
    AndyRHA

    @BigTulsa Exactly. Allows me to run with 1 less piece of equipment and a few less cables. XGS-pon on one end and regular 10Gb SFP on the other end. My 7100 is happy with it. It does get hot, so I have a 20mm USB powered fan cooling it. Now I have a use for one of the USB ports on the firewall. ๐Ÿ˜€

    You do need to keep the ATT router ready to power up, it would be best if it is up if you have a problem.

  • How to handle Telnet access to industrial control appliance

    8
    0 Votes
    8 Posts
    185 Views
    N

    @stephenw10 Excellent thank you.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.