• Why are there multiples of these processes

    7
    0 Votes
    7 Posts
    851 Views
    M

    @stephenw10 thank you very much! I am working on why my memory utilization went from 3-4 percent to 11-12 percent and growing. Once I collect and compare the top info for a few days I will seek more help. Thanks for the quick responses.

  • Site to Site VPN Notifications

    2
    0 Votes
    2 Posts
    315 Views
    stephenw10S

    Do the gateways show as down?

  • No internet access

    22
    0 Votes
    22 Posts
    2k Views
    R

    Thank you all, it's solved !

  • Disable hardware TCP segmentation offload

    4
    0 Votes
    4 Posts
    2k Views
    stephenw10S

    Mmm, it's a known issue. It's ugly but harmless.

    You shouldn't ever manually edit the loader.conf file normally but you can remove the duplicates.
    Any loader value you need to set or unset should always be put in loader.conf.local.

    Steve

  • Problems setting up WAN connection with KCOM

    Moved
    11
    0 Votes
    11 Posts
    2k Views
    G

    @stephenw10
    Finally got it working!
    On the fifth support call to KC I asked them to double check the login details with me, the password was one character wrong!
    I had manually typed this in to my router a year ago yet somehow the connection worked. I can only assume their modem management filled in the correct details.

    Thank you for your help Stephen. I'm mad it took me 5 days to get this sorted but relieved I don't have to change ISP to get it working.

  • Best non-Intel Quad port NICs ?

    8
    0 Votes
    8 Posts
    930 Views
    N

    @srytryagn said in Best non-Intel Quad port NICs ?:

    @nimrod

    Udate-a-bility-> If the firmware is not updated and vulnerable was thinking that it might not be a good idea to to use it for an edge device, i.e/ a very trusted firewal. Perhaps some Broadcomss or modern intel.

    Those are extremely rare cases that NIC needs a firmware update to fix a critical security issue. Im with @stephenw10 on this one. Stick with Intel. You will save yourself from unnecessary headaches.

    to your point -> do you mind expanding on that ? Is there a mitigation? Thought that was only an issue for " pro" amd and that intels had a way to shut off in bios.`

    There is no mitigation. Every Intel and AMD motherboard manufactured after 2006 has a embedded chip that runs modified closed source version of MinixOS that has low level DMA access. DMA access means.

    Full access to the contents of your RAM. Full access to your storage. Full access to your I/O devices. It can capture keystrokes, mouse movements, take screenshots...etc.

    It basically owns your system completely from the moment you turn it on. It boots first, so its completely irrelevant what operating system you use.

    Intel calls this "feature" Intel Management Engine, and AMD calls it PSP which is short for "Platform Security Processor". There were several attempts to remove ME/PSP but intel/AMD made it impossible. When your system is done with POST, CPU microcode checks for the presence of ME/PSP and makes a handshake through a custom encrypted protocol. If the handshake fails, a timer in CPU is triggered and system reboots after 30 minutes. Basically, if you somehow remove ME/PSP your system will be stuck in permanent reboot loop state until full ME/PSP functionality is restored.

    There are very limited number of motherboards and old laptops where ME can be fully or partially disabled. You can find more info about this here.

  • DNS Delay?

    2
    0 Votes
    2 Posts
    496 Views
    stephenw10S

    What do you see from Diag > DNS Lookup in pfSense?

    Are the clients using 1.1.1.1 dircetly for normal lookups?

    Steve

  • Certain webpages and images slow to load or won't load at all

    5
    0 Votes
    5 Posts
    2k Views
    johnpozJ

    Just turn off IPv6 - does it work now? There you go you know where the problem is happening.

    But doing a directed query to 1.1.1.1 which wouldn't be IPv6 and getting a timeout just seems like bad connectivity, or slow connection, are you routing through a vpn? Are you on sat connection?

    You doing some odd redirection of dns traffic on pfsense?

    Do you have isp or other router in front of pfsense doing dns redirection?

  • SCTP and NAT not logging

    7
    0 Votes
    7 Posts
    718 Views
    stephenw10S

    It should be logged there if you have logging enabled on the pass rule(s) and any states have been opened.
    It may have left the logs already if you have a very busy WAN.

  • Anyrevo fanless appliance hitting >60 C, is this normal?

    27
    0 Votes
    27 Posts
    4k Views
    N

    @bokolobs said in Anyrevo fanless appliance hitting >60 C, is this normal?:

    @nimrod I actually have an extra tube of Thermal Grizzly Kryonaut lying around. I might re-paste it if I feel adventurous.

    I would not do it. Although cheap, there is absolutely nothing wrong with your unit. All the issues you had so far were software issues. Just install pfBlockerNG, apply the patch and you are good to go.

    And thanks for the info regarding mini pc brands. This is my first unit like this. I'm used to assembling my own PCs, but I got lazy and just purchased this. It is also very difficult to get 4-port Intel NICs right now where I live. I still have a Beelink GK55 mini pc which I used as an Untangle box for almost a year, but it only had 2 Realtek ethernet ports and is no longer suitable for our network needs. I'll probably use this Anyrevo one until it breaks or gives me trouble. Or maybe I'll just build a low powered, mini-atx one with better specs if I can get my hands on Intel NICs. If you guys have recommendations, that would be awesome.

    Anyevo is a cheap appliance, but make no mistake. The board inside still has a Intel CPU and Intel NICs. Anyevo and other cheap Chinese brands, get lower prices by using lower quality metals for their case. Packaging is cheap. They have bad machining (rough metal), poor paint and printing on the case. They also ship their units with cheap AC adapters, cheap no name RAM and SSDs. There are no bios updates, software support, or any support for that matter. Warranty is also questionable.

    If you, for example, get higher quality power supply and better SSD, that unit will serve you for many many years with zero issues.

  • pfSense 2.6.0 crashes Panic String: sleeping thread

    9
    0 Votes
    9 Posts
    991 Views
    stephenw10S

    It looks like it's something in multicast routing though which is probably why more people are not hitting it.
    I don't see either IGMPproxy or pimd shown in your console output but do you have either configured?
    It could be same root cause as this: https://redmine.pfsense.org/issues/12079
    It's very difficult to reproduce that issue unfortunately.

    Steve

  • Packet loss when two clients are using large amounts of data

    4
    0 Votes
    4 Posts
    553 Views
    stephenw10S

    Are you running that as TCP or UDP? It's hard to say from their website but it looks like it's UDP by default.
    That hardware should pass that without any difficulty at all. It could probably pass >5Gbps.
    I'd be amazed if this is not a restriction in the WAN some where. If you connect a client to the WAN directly do you see the expected 1Gbps with no loss?

    Does pfSense show packet loss in the WAN monitoring?

    Steve

  • VPN Gateway leak prevention

    3
    0 Votes
    3 Posts
    495 Views
    c0dyhi11C

    @stephenw10
    You sir are amazing!
    Thanks a bunch!!

  • PHP Error - Allowed memory exhausted

    7
    0 Votes
    7 Posts
    918 Views
    D

    @stephenw10 Ok, thanks!

  • Ring and Eufy client behind pfSense

    Locked
    56
    0 Votes
    56 Posts
    10k Views
    B

    @stephenw10 Yes, all working perfectly now.

  • 0 Votes
    18 Posts
    2k Views
    R

    @jimp
    I came across a post talking about this option. My configuration already had it disabled.

  • Auto Configuration Backup not saving

    12
    0 Votes
    12 Posts
    1k Views
  • How to make pfSense "scrub" lan VMs MAC-addresses?

    5
    0 Votes
    5 Posts
    604 Views
    stephenw10S

    There was a similar thread to this a few months back. User kept getting warnings from Hetzner about unregistered MAC addresses. It was a configuration issue though IIRC.
    As long as LAN side clients are sending all their traffic through pfSense anything on the WAN side cannot see the LAN side MACs.
    Since it's all virtual though Hetzner may be looking on the LAN side?

    Steve

  • Cannot Access WebConfigurator

    Moved
    26
    0 Votes
    26 Posts
    3k Views
    B

    @jarhead I have solved my Problems! 😊 I deleted everthing and started again several times! I have documented everything I did. Since it is a Word Document I've uploaded it to Dropbox, in case anyone is interrested here DropBox
    .
    Essentially I discovered that when I set up pfSense it connected to the DHCP Server in my ISP's Modem and gave it an IP Address on my WAN. I could not see why this needed changing so I left it alone and did not try to give it a static IP Address.

    I also think that when I had been asked during the pfSense installation process, when I was asked whether I wanted to enable a HTTP connection for WebConfigurator, I had answered "n", thinking that the alterantive would be HTTPS. This time I answered "y", and low and belhold I can now get into the WebConfigurator!

    Anyway, everything is now going and I no-longer have problems.

  • DNS Resolver requires restart after power loss.

    2
    0 Votes
    2 Posts
    370 Views
    stephenw10S

    Check the logs. Unbound probably shows why it cannot start.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.