Since I'm using pfSense as my DNS server (behind a PI-Hole blocker) I have the pfSense DHCP server pass out the preferred NTP servers so I don't have to go to multiple systems to tweak them. A couple boxes that have static addresses assigned do have the NTP servers defined in their config and do need individually tweaked which is much more aggravation than the DHCP option.

I use the FQDN here too, that lets me easily move a server to a new IP if I decide to rearrange my IP assignments. Every step you automate is one you won't forget to do and get a 2:00 AM call about!

@MeeleIkon:

From what I gleam from your post, you have a server that you want to access remotely however you have security concerns on having open ports. You wanted to use OpenVPN but it is blocked in your country. You tried to use IPsec as a replacement and it is not working.

I run all of my LAN Traffic through VPN client on Pfsense, except for one server that I route through WAN so it won't eat up bandwidth on the VPN connection. VPN use isn't illegal they just make it very hard to access, until recently ISP would only throttle OpenVPN traffic, now all OpenVPN traffic is being blocked. So I switched to using IPsec which I know doesn't allow for policy-based routing on pfsense currently.  So I'm am looking for solutions to allow me to route LAN traffic over IPsec and keep the server on the WAN. I'm willing to buy new hardware if there is something out there at the enterprise level that will allow for this kind of thing. I didn't want to start blindly buying things, I hope I have made the picture a little clearer.

Thanks

They are not in a database.

They are in the config.xml file at /cf/conf/config.xml.

You might be able to create one, get the XML format, and then script the creation of other entries then insert them but, all in all, you are probably looking to do something that is outside the scope of what the aliases are designed to handle at present.

That's an arp table maintained withing pfsense.  It's not the arp cache as used by freeBSD.  Go to a command prompt and enter the command "arp -a", which will show the contents of the arp cache.  If a host name is there, it's because something did a host lookup on the IP address.  An arp cache is used when trying to reach an IP address on the local net, by providing the MAC address for it.  A host name has nothing to do with that function.

@wizard1:

resetting system logs didn't seem to make any difference either so I manually deleted the files via command prompt and did a reboot.

Disk space recovered.

Can I ask on how you did the manual deleting of files?

I'm experiencing this now:

845M /usr
43G /var

TIA!

ast

Hi!

For some weird reason, my disk usage jumped up to 106%,  how is that possible?  And also, can i ask on how I can "delete" some files to make room?

@viragomann:

Seems your terminal program is on another speed rate than pfSense. pfSense use 115200 by default.
Look here for more details: https://doc.pfsense.org/index.php/Connecting_to_the_Serial_Console

Changing the speed rate did it, thank you!

@nazuro:

Hi all, this is my first pfSense build and have noticed some issues with ping spikes while gaming. The issue is not severe - it seems that I have random ping spikes (around three in my last test of 100 pings to 8.8.8.8 ). The latency will be around 24 or 25 and then will shoot up to the hundreds or even 200 ms then go straight back down again.
…

Hi,

Delayed answer, but in case someone else is struckling with same problem…

I had exactly same issue for months, and tried to find cause from every component in network. Yet it was my pfsense hardware afterall.

Solution:
disable 'Monitor M-Wait' in bios
Could be under Features tab > CPU Configuration

At least work with my Zotac Ci-327

I used to use it in conjunction with Nircmd's speech function to get it to tell me audibly when something is down.

http://www.nirsoft.net/utils/nircmd.html

CheckHost "When no longer available", Start Program: C:\Users\Me\My Utils\CheckHost\FluentStream_Down.bat

FluentStream_Down.bat:

C:\Users\Me\Software\NirCmd\nircmd.exe speak text "FluentStream is not responding" 0 100

iperf would have no effect.  It's just a network throughput tester.

Thank you for the help. Capturing on GST resulted in nothing. So this was really a client problem, not pfSense.

I don't have solved all details yet however at least one client is now working as desired. This one had a problem with the DNS cache. (I accessed the server through a DNS name which is overwritten in my DNS Forwarder.)

Anyway the routing between the subnets is now proven to work ok in my pfSense.

The reason I did not capture any traffic in pfSense when accessing with IP address is still a mystery to me but independent from pfSense.

Anyone?

Download iperf on the two good and two bad desktops.

Run iperf ( server mode ) to iperf ( client mode ) record the speed between both good desktops

Run iperf ( server mode ) to iperf ( client mode ) record the speed between a good desktops and bad desktop.

Repeat test 2 but put fixed IP addresses on the devices and connect them directly together.

I'm guessing it's the nics on the bad desktops, test 3 would prove this.

@overpf:

So then, pfsense cannot be virtualized.

It can be virtualized fine. Just pass the NIC through instead of emulating one, or see if the VM can emulate a link-down event when the physical connection is interrupted.

Btw. there is a dedicated board for that kind of questions: https://forum.pfsense.org/index.php?board=37.0

I just really liked how basic it was.  It created a small little graph that sat on top of all windows, and if Internet performance started to seem spotty, you could glance up and see if your Internet connection was getting saturated.  If it was, then you could dive into the GUI and dig into what was hogging the bandwidth.  The only things I've found recently, are big and bulky, and are overkill for what I'm trying to achieve.

At least you can use that TP-Link for port mirroring.  It works OK in that role.

Actually, promiscuous mode is more about getting frames off the wire that have been sent to other, non-broadcast MAC addresses regardless of VLAN… The connected switch will already be filtering most of this in normal circumstances unlike when hubs were a thing and you could see everything.

Promiscuous mode need not be enabled for a pfSense interface to "trunk" VLANs.