• Fatal trap 12

    14
    0 Votes
    14 Posts
    907 Views
    crc_error_79C

    Ciao, @stephenw10

    I did some test as suggested.

    With pfblocker enabled worked well for 2 days, then it begun to had some random crashes.
    These crashes usually happens during video stream (netflix) or watching youtube.
    Also, the router crashes even after pressing the "save" button to disable the plugin. But I have no issue when I do the same procedure but to enable it.. very strange.

    Unfortunately I haven't any log of these situations, usually on the home screen I have a yellow bar with a link, but now after the router reboot, it is like nothing happened.

    Now I removed pfblocker and eneble the traffic shaper again and I will do some new test with this settings

  • 0 Votes
    14 Posts
    1k Views
    Z

    @stephenw10 Thanks for the offer, I had already decided to just open a case as I was about to call it a night. I removed the 2 SSDs and replaced with an NVMe drive. This time I installed 2.5.0 -> 2.6.0 and amazingly I got a super quick reply to my case, they offered to remote access the system to see what was going on. I did the upgrade to 22.01 and uname -a showed correctly and this time no issues with temperature sensors and AES-NI was showing as active. Did the upgrade to 22.05 and again uname shows correct and everything works as expected.

    I really appreciate the help, I am not sure what the issue was, either some problem with the ZFS mirroring and it was reading conflicting data from the disks or somehow the 2.5.0 starting point helped. Interestingly this time, I noticed that the wall of text during the upgrade was much much shorter and faster, not just the result of the faster NVMe drive, it just had less text, this time I recorded the upgrade incase it was showing errors, so I can only assume during the previous upgrade there were lots of errors reported but wasn't paying attention to what they said as I didn't expect any errors, I really don't know. I am happy that it's working and again thanks for your help.

  • OneDrive for Business issue when upgrading from 2.5.2 to 2.6.0

    Moved
    1
    0 Votes
    1 Posts
    286 Views
    No one has replied
  • Forward /29 through gre tunnel and allocate public ips on hosts.

    41
    0 Votes
    41 Posts
    8k Views
    S

    I was in contact with my ISP and we managed to solve the problem by changing the ip 185.113.141.145 to the ip 185.113.143.xx inside the /24 of my /28. Thank you for help.

  • weekly crash newsyslog

    13
    0 Votes
    13 Posts
    1k Views
    stephenw10S

    Yes, you would think. If it got stuck in a loop compressing the logs it could have high CPU usage for a long while though.

  • Automount ZFS volumes/datasets

    5
    0 Votes
    5 Posts
    998 Views
    M

    @skilledinept said in Automount ZFS volumes/datasets:

    could it be that it's not loading some service that mounts the ZFS pools?

    That is a good possibility. On a normal FreeBSD system /etc/rc.conf has "zfs_enable=YES" to enable/start the zfs service.
    I don't have a pfSense with ZFS in front of me, but in the Web GUI, look under services and see if there is a ZFS somewhere to enable.

  • No-IP Updating DDNS Address from VPN

    27
    0 Votes
    27 Posts
    3k Views
    D

    @bob-dig @stephenw10 You guys were 100% right... lol. I ended up having it configured through my wireless router (which I had setup as ap mode only). In AP only mode, it hides the ddns configuration... (smh). So when I checked it as a possibility it didn't show up. But after monitoring tcpdump I saw it reach out and try to update, so changed it back to router mode and was able to disable it. Thank you all for your help!

  • New tp PFSENSE, how do I change the allowed bandwidth per interface

    2
    0 Votes
    2 Posts
    355 Views
    A

    @matthew_beck You setup a traffic shaper (also called a limiter), or multiple traffic shapers, and apply that to an interface or one specific machine, or an alias of machines (hosts) on an interface.

    https://docs.netgate.com/pfsense/en/latest/trafficshaper/index.html

    Here'a a good video on the process:

    https://www.youtube.com/watch?v=gIvc1qZn5dc

  • Local Password policy

    7
    0 Votes
    7 Posts
    1k Views
    GertjanG

    @hlrobert said in Local Password policy:

    My PCI/SOC2 auditor would like to talk to you.

    I known you're joking ;)

    When handling private data like credit card stuff, medical data, or worse, army stuff, all bets are off. Even simple systems that handle the power grid should be seriously protected, because it's the blood of our society.

    I only need one training when I have to deal with "PCI/SOC2" : and that is wrting clear and correct huge payment checks, as I would eject myself out of the "I know that" position.
    I would pay some one. And sue the hell out of him when thing go wrong.

  • 0 Votes
    7 Posts
    796 Views
    S

    Thanks, everyone.

    You're all correct. The count did include the replies. hahaha, I need more coffee. But, I also would like to reduce the noise. These answers are exactly what I was looking for. Really appreciate the quick responses. Thank you again!!

  • Is there a way to set the source address to gateway monitor?

    4
    0 Votes
    4 Posts
    515 Views
    stephenw10S

    But it could be and by doing that the other side will be able to reply.

    Your rule need only apply to the monitoring pings. So you probably want it on the MPLS interface.

    Steve

  • Excessive Freeradius page load time

    18
    0 Votes
    18 Posts
    2k Views
    stephenw10S

    Right obviously the package is not required and the Radius config is all on the remote and not in the firewall. But from the user auth point of view t configured in the same way. In both cases you need to add a Radius server in User Manager. The only difference there is that with Freeadius the server is specified as running at 127.0.01, because it's local. With a remote Radius server you need to configure the server IP address so pfSense knows where to find it.

    But the OpenVPN config is no different, the only change would be selecting the new radius server to use.

    Steve

  • Reset to factory default from CLI

    3
    0 Votes
    3 Posts
    2k Views
    T

    @tedquade Seems it was quite broken. Did a bare-metal memstick install and config restore. Am now back in operation.

    Thanks for your help.

    Ted

  • Me too.

    2
    0 Votes
    2 Posts
    492 Views
    stephenw10S

    Not sure what post you were refering to there, the link was removed.

    What exactly are you seeing? I assume a 502 error.

    What pfSense version are you running?

    Did this just start happening?

    Steve

  • pfSense pkg from FreeBSD ports or repo

    16
    0 Votes
    16 Posts
    2k Views
    ?

    @stephenw10 said in pfSense pkg from FreeBSD ports or repo:

    That's really only any use if you have wifi hardware in the firewall. And we are all familiar with the issues there.

    Unless you run kismet in server/drone config. But in that setup running the server part on some other host would probably be better. With the drone part running on an AP. Been many years since I did that....

    Ok thanks for clarifying this, I would set up it then better
    on an small RAPI and combine there kismet and fail2ban
    for rough hosts in AP mode.

  • NTP and Leap seconds

    7
    0 Votes
    7 Posts
    1k Views
    stephenw10S

    I've never tried that. But I'd say you're doing it correctly since the logs are reporting the file was loaded as expected.

  • Nagios monitoring of PFsense interfaces

    12
    0 Votes
    12 Posts
    2k Views
    stephenw10S

    Mmm, OK I replicated that. That clearly that is loaded though. Something in the perl config maybe. Someone more familiar with perl will need to look at it.

  • 0 Votes
    6 Posts
    931 Views
    ?

    I'm using the RADIUS class property (Group Membership) > like described here.

    Is there not a way to write into the radius server certificate
    in wich vlan the user must be put in? And each vlan has
    then its own IP range. Done.

  • Access Point Admin portal different subnet help?

    16
    0 Votes
    16 Posts
    1k Views
    C

    @johnpoz
    @stephenw10

    Yes working great, thank ya'll so much :)!

  • No Internet

    12
    0 Votes
    12 Posts
    971 Views
    JKnottJ

    @bert-0 said in No Internet:

    BTW: I am new to CMTs. How can you tell if a device you hit is a CMT or not?

    A CMTS is the device you connect to at the cable company head end. I used Wireshark to examine the DHCPv6-PD packets and saw the error message that identified, by host name, the failing system.

    Anyway, as I said, try connecting a computer to your modem directly. And if a tech comes make sure he can connect with his own equipment.

    BTW, have him try test-ipv6.com to show you everything is working properly. You should get 10/10.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.