@Wepee said in pfSense auto reboot continuously itself after power was restored:

@bmeeks Thanks for sharing. I have a couple of UPS lying around since the batteries have failed to hold power.
I am thinking of replacing it with my own batteries if I can get those DEEP CYCLE type rechargeable battaries,
which should last longer.

Does the APC package(plugin) downloadable from the package manager, works with other 3rd UPS?

Has anyone try it?

Yes, the apcupsd package will work with 3rd party UPS equipment. It will work best with newer devices which have a USB signalling interface. There is also another package for pfSense called nut that works the same as apcupsd. If your particular UPS model does not work correctly with one package, you can try installing the other one.

Batteries in a UPS will naturally age out every few years. I seem to get about two or three years of life out of one. Depending on the size of the UPS (output power capability), it is sometimes about the same cost to just replace the entire UPS instead of changing just the battery. This is more true with the small 350 KVA or so units. I just look at the battery replacement as an expected expense and plan for it for all of my machines. I have a UPS on every PC, my two servers and the firewall in my home.

@akuma1x I didn't wrote that I have them in switch mode I wrote that there is possibility to do that. The way you showed I know I can do it like that but it's not as simple as you think, like I wrote those are just main connections so simplifying it to just remove MikroTik and connect to pfSense is delicate saying "lame". You not resolving network problem with workaround, changing network structure that was growing past 10years is not as easy as you think.

Going back to topic and for future people with similar question answer is very simple, creating static route on
pfSense resolve problem - 15sec of work and not whole week setting up entire new network.

So again.. as I stated before and Derelict is saying - pfsense can not handle scopes for other vlans that are handed to it via a relay. It has to have an interface in the L2 where it will see the dhcp discovers.

And you sure can not hand out the wrong mask for what the interface is set to that dhcpd is listening on.

Changing the mask on the clients so they can talk to other clients in some larger L2 is NOT the CORRECT solution anyway!!!! It would just be some borked up nonsense. Devices that reside on the same L2 all need to be in the same L3 network via proper sized mask for the L3 you want to run on that L2.

If you want to have a dhcpd that can handle multiple scopes for different vlans - then your MS can do that now. Or as suggested fire up stand alone isc dhcpd.. But you would need relays to send the data to the dhcpd. Pfsense can be a relay from the different vlans that its connected to.

But mixing masks on a large L2 is not a valid configuration.

Yeah, you are probably going to have to navigate any captive portals manually. That will probably involve disabling any policy routing over the VPN, using a web browser behind the firewall on HTTP, negotiating through whatever captive portal dance they have choreographed, then re-enabling policy routing over the VPN.

@NogBadTheBad said in Optical Fiber, Splitter & Pfsense:

Wide Operating Wavelength: From 1260nm to 1650nm

That range includes several wavelengths, including the entire CWDM range.

SOLVED. I have accessed through PuTTY and have reset the web configurator password. Thank you so much.

I will give it a shot. Thank you again for your time and insight.

Sounds like a good plan, and as suggested I have adjusted it to convervatitive as this firewall has lots of resources with dual E5-2640 v3's, and 64G RAM, using up a little more of it should be just fine..

Thanks...

I use VLANs to segregate my WiFi traffic and VPN; I have a VLAN for my private WiFi, a VLAN for my guest WiFi, a VLAN for my VPN, and my wired LAN is untagged. All of it plugs into a cheapo unmanaged D-Link gigabit switch, which passes it just fine. All of this goes out over my LAN port (assigned as such).

The APs are VLAN-aware (and tag and filter the appropriate packets) and of course pfSense is VLAN-aware on the other end. Sure I might be able to do some magic configuration on one of my wired ethernet systems to be able to touch VLAN-tagged traffic, but given that there are only ethernet ports in the office and bedrooms, if a bad actor has access to my wired LAN, I have bigger problems than them picking up stuff off the VLANs.

In the meantime, any communication between those three segments (Guest WiFi, Private WiFi, LAN) is at the pleasure of my firewall rules -- which is to say guest WiFi can't see 💩 while the others are, by and large, unfettered (though there are some restrictions on VPN).

Yeah what confused me the most is that router->internet was testing at 750mbps+ with speedtest-cli, and desktop to router (through the same switch I'm normally connected through) was testing at 400+mbps (when downloading a dummy 1GB zip file I put in the web dir on the router... and it probably could have ramped up faster if it hadn't yanked the entire file in ~20 seconds).

That's what got me looking at the router configuration itself, because obviously the router->internet connection was fine, and the PC->router connection was fine -- so it had to be something on the router itself that was bottlenecking things.

From your other thread I'm going to assume this was because you have not enabled SSH...

it's probably active or a static lease,
check and eventualy remove the static lease under "DHCP Static Mappings for this Interface" (Services -> DHCP server)

Thanks. I get it now. Don't specify the static ip on the pc. Set it to use DHCP and then in pfsense, make it a static ip on the DHCP leases page. Works great! Thank you.

@johnpoz i think this is the best way.. tq sir

@Manguu said in pfSense + Catalyst 3750G:

Now I need to figure out how to NAT on pfSense all my vlans behind the 3750G

If your using auto outbound nat, it will auto do it for you once you create the gateway and the routes to the downstream router (your 3750).. All you will have to do is make sure the rules on your transit interface (the interface that gets to the 3750) allows the downstream networks in its rules.

You can see the mbuf usage on the dashboard in the sys info widget or from the command line:

[2.5.0-DEVELOPMENT][root@apu.stevew.lan]/root: netstat -m 4983/1092/6075 mbufs in use (current/cache/total) 4501/565/5066/1000000 mbuf clusters in use (current/cache/total/max) 4501/559 mbuf+clusters out of packet secondary zone in use (current/cache) 0/6/6/524288 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/524288 9k jumbo clusters in use (current/cache/total/max) 0/0/0/20840 16k jumbo clusters in use (current/cache/total/max) 10247K/1427K/11674K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for mbufs delayed (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters delayed (4k/9k/16k) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0 sendfile syscalls 0 sendfile syscalls completed without I/O request 0 requests for I/O initiated by sendfile 0 pages read by sendfile as part of a request 0 pages were valid at time of a sendfile request 0 pages were valid and substituted to bogus page 0 pages were requested for read ahead by applications 0 pages were read ahead by sendfile 0 times sendfile encountered an already busy page 0 requests for sfbufs denied 0 requests for sfbufs delayed

You can also check the mbuf usage history in Status > Monitoring.

Steve

https://redmine.pfsense.org/issues/8987
https://redmine.pfsense.org/issues/9677