• MOVED: 2.4.3 issue with captive_portal

    Locked
    1
    0 Votes
    1 Posts
    166 Views
    No one has replied
  • MOVED: suricata wont block VPN interface

    Locked
    1
    0 Votes
    1 Posts
    174 Views
    No one has replied
  • Can this step compromise security ?

    15
    0 Votes
    15 Posts
    1k Views
    S

    @stephenw10:

    Yes, keep 400,000. As Johnpoz says above that will be the default value in the next release and in current 2.4.4 snapshots.

    Steve

    Got it / Thanks

  • /rc.newwanip dilema, it detects a new IP when the IP is still the same

    9
    0 Votes
    9 Posts
    680 Views
    R

    ok look, I actually restored my config after I tried all the possible fixes, i tell you not even a vanilla installation fixes it, and i dont want to bother my self to resinstall pfsense just to post new logs.

    you can just use your imagination or common sense and think of those extra packages doesnt exits.

    I repeat, I restored my config after I tried everything and gave up posted here to ask help and thus those logs says.
    just fyi that pfblocker should not be causing issues anyway since it was disabled as I posted those logs.

  • Networking problem

    9
    0 Votes
    9 Posts
    1k Views
    M

    @jsaad:

    Comcast calls them micro-outages which kills the remote desktop and the phone.

    It’s fairly common to see 2-10 seconds outages in cable modems, I see notifications all the time from our system and I normally see this on the same sites repeatedly. Usually ends up being signal fluctuations from somewhere up the street but the ISP don’t deem them problematic enough to fix. Higher latency and jitter are also known issues with these types of service and while most applications work fine with this, VDI and RDS do not. If your customer considers these application critical than they really need to look into a fiber solution. I prefer PRI over SIP for phones but it depends on the business and their current phone system. You could look at a low speed fiber for mission critical applications and push everything else out the modem.

  • LLDP Required of pfSense When Using LLDP Switch?

    5
    0 Votes
    5 Posts
    2k Views
    I

    Just a bump on my last question about how to use a DHCP special option setting for assigning VLAN's. Thanks.

  • No internet connectivity (can pay)

    2
    0 Votes
    2 Posts
    307 Views
    V

    Since you haven't checked "Don't pull routes", the NordVPN gateway will be your default gateway. That means that any traffic including that one from pfSense itself (DNS) is routed to the VPN gateway. However, that won't work, cause you are missing an outbound NAT rule for pfSense.

    So either check "Don't pull routes" in the client settings or add an outbound NAT rule for 127.0.0.0/8 to the NordVPN interface.
    The outbound NAT solution should avoid DNS leaks.

  • Haproxy Configuration - Local Network Access?

    4
    0 Votes
    4 Posts
    3k Views
    Z

    I've been trying to get this to work for a long time but just can't get HAproxy setup correctly with Ombi. Any chance you can do a step by step?

    Also, are you using SSL?

    Cheers,

    Zane

  • Understanding pfInfo Status

    3
    0 Votes
    3 Posts
    2k Views
    M

    https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&n=1

    urgent Generate debug messages only for serious errors.

    The pfSense devs are using "debug urgent" so it only shows debug messages for serious errors.

  • Virtualbox IDS configuration

    6
    0 Votes
    6 Posts
    1k Views
    KOMK

    Probably not.  All your traffic is going to be within your switch but it depends on where you're putting these clients relative to your bridge.

    I don't know why you don't just create a fake WAN and LAN.  Make the WAN a bridged adapter on your LAN, and make the LAN an intnet interface.  Then put server on LAN and attacker on WAN.  Then you have pfSense acting as routing firewall between them.  You can use pfSense's Suricata package instead of needing a third system.

  • What is the EOL for 2.4.3-RELEASE ?

    11
    0 Votes
    11 Posts
    1k Views
    S

    @johnpoz:

    Huh… Where did Gertjan say you should do a fresh install?

    A fresh install might be good idea if your on say 2.1 trying to go to 2.4 etc.. But you should never be there, you should upgrade asap after new versions are released.. 2.4.x+1 and p1 and p2, if they release, etc..

    When they make a statement on if any upgrade caveats, etc.. But I had upgraded through all the 2.x to 2.4... I only went fresh install when I moved to sg4860 vs VM, etc.

    Sorry English is not my language so I struggle a bit. Okay If an in place upgrade is possible there is nothing better than that.

    Thanks.

  • NTP server 4 seconds slow

    3
    0 Votes
    3 Posts
    447 Views
    chpalmerC

    set the desktop here to an outside source this morning earlier..    Ill play some more later this weekend.

    time2.jpg
    time2.jpg_thumb

  • Softflowd does not export MAC addresses

    5
    0 Votes
    5 Posts
    794 Views
    jimpJ

    Sure, but I said "most", not "all".

    Can your switches export the Netflow instead?

  • Blocking company ranges

    6
    0 Votes
    6 Posts
    851 Views
    johnpozJ

    Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo…

  • There was an error loading the rules

    2
    0 Votes
    2 Posts
    358 Views
    S

    UPDATE:

    Noticed some threads describing same isssue here
    https://forum.pfsense.org/index.php?topic=145990.0

    SYSTEM > ADVANCED > FIREWALL and NAT >

    Firewall Max Table Entries increased from 200000 to 500000

    Will see if that fixes it.

  • How do I stop all network traffic that's not 100% needed or a OpenVPN?

    9
    0 Votes
    9 Posts
    518 Views
    J

    @Pippin:

    @JohnSCarter:

    To anyone who's interested what I was referring to is called a VPN Kill switch, it disables all network traffic that's not going through the VPN to ensure 100% that all traffic is VPN'd.

    Not exactly.
    A kill switch prevents traffic going out WAN if VPN is down.

    What almost never comes up as a question is NTP, pfSense update servers and maybe more.
    Can put it in an alias, etc…...
    Do a tcpdump to see what is not leaving through the VPN.

    I can't find tcpdump within pfSense, is there a command or somthing?

    Also do you happen to know how I would router one OpenVPN connection through another OpenVPN connection?

  • What about fstrim for SSD ?

    5
    0 Votes
    5 Posts
    1k Views
    KOMK

    For my answer I just did a forum search and Ivor definitively answered it last year.

    https://forum.pfsense.org/index.php?topic=138273.0

  • Data usage Monitoring

    4
    0 Votes
    4 Posts
    607 Views
    GertjanG

    Munin doesn't make Excel sheets neither (Excel does  ;))
    But it does work on pfSense.

  • MOVED: cant install from USB

    Locked
    1
    0 Votes
    1 Posts
    170 Views
    No one has replied
  • UDP Payload Size / Allowed Fragmented Packets

    8
    0 Votes
    8 Posts
    2k Views
    T

    Hi Kevin,

    Sorry to resurect an old post but did the System Tunables resolve your Vonage phone BLF issues? I'm having similar with some Polycom phones on a Gamme PBX system.

    Packet capture shows successful UDP defragmentation on one ofSense box and not on the other!?

    Comments would be appreciated.

    Tim

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.