• TRIGKEY G1 mini pc

    3
    0 Votes
    3 Posts
    657 Views
    B

    Thanks! I have PFSense running under a VM on TrueNas Scale, and it works great. Not the ideal setup. It has plenty of horsepower, disk, & memory on the Scale Server (probably WAY overkill).
    For the price of that little guy might as well try it out. If it doesn't work out, it goes back. I did find out the NIC's are Realtek, and I'll beat it up to see how it performs.

  • RTL8125, Is there a way to enable this option?

    8
    0 Votes
    8 Posts
    3k Views
    stephenw10S

    It looks like it's mentioned in two places. One where it's disabled for a list of MAC types:

    if (sc->re_type == MACFG_68 || sc->re_type == MACFG_69 || sc->re_type == MACFG_70 || sc->re_type == MACFG_71 || sc->re_type == MACFG_72 || sc->re_type == MACFG_73 || sc->re_type == MACFG_74) { //Disable Giga Lite MP_WritePhyUshort(sc, 0x1F, 0x0A42); ClearEthPhyBit(sc, 0x14, BIT_9);

    And the other where it's disabled unconditionally in the setup function for the 8125:

    static int re_ifmedia_upd_8125(struct ifnet *ifp) { struct re_softc *sc = ifp->if_softc; struct ifmedia *ifm = &sc->media; int anar; int gbcr; int cr2500 = 0; if (IFM_TYPE(ifm->ifm_media) != IFM_ETHER) return(EINVAL); //Disable Giga Lite ClearEthPhyOcpBit(sc, 0xA428, BIT_9); ClearEthPhyOcpBit(sc, 0xA5EA, BIT_0); cr2500 = MP_RealReadPhyOcpRegWord(sc, 0xA5D4); cr2500 &= ~RTK_ADVERTISE_2500FULL;

    Neither has any sort of external config dependency so it doesn't look like you can choose.
    And it looks like it's always disabled in the 8125.

    Steve

  • google ldap connection issue

    7
    0 Votes
    7 Posts
    847 Views
    D

    @stephenw10 Oh my God, you're right, I just couldn't see it, on Monday I'll change the port to 636, I'll update you, thanks so much for your help.
    Greetings
    Domenico

  • I don't think PLEX is connecting to plex.tv

    25
    0 Votes
    25 Posts
    4k Views
    J

    @johnpoz said in I don't think PLEX is connecting to plex.tv:

    If its in AP mode why would your client be trying to ask it for dns?
    You should be asking pfsense for dns 10.0.0.2

    Well, when you put it that way, It's obvious what's wrong. HA! HA!
    I feel like I should have caught that.

    I changed the DNS server setting in ProxMox to the correct IP and everything works as it should. It was a setting that was left from the old router. I actually tried to have those two IPs the other way around when installing pfsense, but ran into issues.

    I still don't know why this caused playback errors for transcoding, but it all works now.

    Thanks so much for all the help.

  • Slow PPPoE on WAN

    2
    0 Votes
    2 Posts
    440 Views
    stephenw10S

    PPPoE is effectively single threaded so it's probably hitting a single core limit:
    https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

    Though at 5% total that would have to be a lot of cores! What CPU is it? What NICs are you using?

    Setting net.isr.dispatch to deferred as shown in that doc will help though.

    Steve

  • Bandwidth problems between sites

    39
    0 Votes
    39 Posts
    4k Views
    stephenw10S

    Well if you can do a test to make sure it will actually solve the problem first that may be worth it then.

  • Broken packages no updates available 22.05-RELEASE

    Moved
    11
    0 Votes
    11 Posts
    746 Views
    M

    @stephenw10 Thanks Steve! Everything is ok now. I've built a new image and restored my backup. Yeah you were right guys, it took at least 40 min to reinstall and update packages in the background. I wish I can monitor all background processes, to be able to understand what is happening behind the scene.

  • pfsense "vm_fault: pager read error

    2
    0 Votes
    2 Posts
    386 Views
    stephenw10S

    @brianmaimo said in pfsense "vm_fault: pager read error:

    vm_fault: pager read

    That's a very generic error. Do you have a crash report?

    Any other errors logged?

    Steve

  • Ubuntu and Pfsense connectivity issues

    8
    0 Votes
    8 Posts
    2k Views
    stephenw10S

    Yes, I would definitely recommend that. If only because that's how virtually all networks with VLANs are setup and if you do something unusual like that you will hit unusual problems!
    Really the only reason to trunk tagged VLANs to a host is so that host can access multiple VLANs. So you might do that for a VM server or an access point with multiple SSIDs.

    Steve

  • Certain destinations unreachable

    6
    0 Votes
    6 Posts
    706 Views
    stephenw10S

    Hmm, yeah seems odd.
    Maybe you can whitelist your IP (or dyndns name) to prevent it.

    Steve

  • dpinger exiting on signal 15

    Moved
    6
    0 Votes
    6 Posts
    5k Views
    stephenw10S

    That can happen certainly if an assigned interface changes state. That can trigger a whole number of things depending on what is installed or configured. Generally though it shouldn't be a problem. The logs you see there are not a cause for concern by themselves.

    Steve

  • 0 Votes
    3 Posts
    729 Views
    stephenw10S

    Yeah just do that.
    It is possible to disable the pkg reinstall process but not in any easy way. For example if you interrupt the boot and go into single user mode you can remove the 'needs_package_sync' file from /conf. If you're running ZFS that's a bit involved but possible.

    https://docs.netgate.com/pfsense/en/latest/troubleshooting/single-user-mode.html#single-user-mode-zfs

    You could probably also comment out the check in rc.bootup but that's likely more error prone.

    Steve

  • Problem with traffic after upgrade 2.5.2 to 2.6.0

    6
    0 Votes
    6 Posts
    732 Views
    P

    @stephenw10 Thank You, i got it :)

  • DNS Resolver doesn't work with my university domain.

    60
    0 Votes
    60 Posts
    11k Views
    johnpozJ

    @gertjan said in DNS Resolver doesn't work with my university domain.:

    I would like to understand what the reason for the ISP is to block this port 123.

    While I agree it low bandwidth, but it is also a common amplification tool via for one that old monlist command, but pretty sure that was disabled many versions ago to prevent that attack vector.

    But maybe they are just playing it safe because not like users keep their stuff updated all the time.. Look at here where they are still running like 2.3 versions of pfsense..

    They could do it a different way to allow for source 123 to be answered, with yeah a stateful firewall. so if one of there users asks some ntp server with source port 123 that is allowed, but nonstateful traffic inbound to 123 would be denied. While sure udp is not really a stateful protocol, most firewalls do keep track of the state.

    But that would be more work for them so they most likely just go the easy route. And don't monitor state of the users traffic and just block all inbound to their network on 123..

  • 0 Votes
    3 Posts
    319 Views
    stephenw10S

    Mmm, really you should be using some other type of authentication for that sort of connection.

    Steve

  • pfsense concerns that I've read

    12
    0 Votes
    12 Posts
    2k Views
    G

    @pwood999 that’s the point I was making. Terrorism, organized crime, espionage…but not basement dwelling hentai watchers. The level of paranoia some people have is nuts. It you want to truly be safe, don’t use anything electronic. Ever.

  • 2.5.2 Crashing Every Few Weeks

    6
    0 Votes
    6 Posts
    602 Views
    stephenw10S

    Hmm, the only thing this looks like is an issue we had before 2.5.2 was released where pfctl was bogging and exhausting the RAM triggering a panic in ZFS. But to trigger that we had to deliberately use very low memory systems and this has 32GB so.... that seems unlikely!

    However check the memory usage history in Status > Monitoring.

  • Lost Admin Password

    8
    0 Votes
    8 Posts
    833 Views
    B

    @stephenw10 @andyrh Yes, you are right. I need to set things up so that I can get in when/if something like this happens again.

    Thanks for you help.

  • Epyc 3251 and Wireguard

    3
    0 Votes
    3 Posts
    301 Views
    johnpozJ

    @jarhead thanks - deleted it, but you can just click the little 3 dots in the bottom right corner and flag the post next time.

  • Any chance to import cert/key from backup .xml?

    6
    0 Votes
    6 Posts
    696 Views
    S

    @stephenw10

    thank you Steve, that was the problem!

    Simply decode under Linux:

    cat certb64 | base64 -d > cert cat keyb64 | base64 -d > key
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.