• Deployment Advice - possibly VLANS ?

    1
    0 Votes
    1 Posts
    344 Views
    No one has replied
  • PfSense with external Wireless Access Point

    7
    0 Votes
    7 Posts
    860 Views
    P

    Access Point What's the point of doing it?

  • Config Pfsense to accept a connection to a bridged mode Huawei HG8245h

    3
    0 Votes
    3 Posts
    809 Views
    C

    Ok. Thanks for the response. I will try it.

  • How to setup one IP as bridged mixed with multiple NAT IP's

    1
    0 Votes
    1 Posts
    256 Views
    No one has replied
  • Block Devices from Accessing My Network

    7
    0 Votes
    7 Posts
    760 Views
    H

    @SammyWoo:

    @H20FRKS:

    SammyWoo, are you saying building a pfSense server with better hardware will not resolve the through put issue I have?

    Just the opposite.

    Great thanks! I will continue my efforts to understand pfSense better and work on building a server.

  • Hotplug event every minute

    13
    0 Votes
    13 Posts
    2k Views
    N

    Hi Steve,

    I fully support your statement. Do not upload files to your firewalls from an unknown sources.

    The driver was compiled on freeBSD 11.1 amd64 release.

    Kind Regards,
    Nick

  • Snort vs Suricata vs Both

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Quick Config switch (Nat Gateway and Openvpn) how?

    1
    0 Votes
    1 Posts
    250 Views
    No one has replied
  • Can access router through serial port but cannot get into webconfigurator

    4
    0 Votes
    4 Posts
    443 Views
    K

    I was able to get back into the router after setting my static IP address (and then unsetting it afterwards).  I was able to restore my router using a backup to the point BEFORE I tried to implement OpneVPN.

    This issue is resolved.  Thank you all for your help.

  • Fresh Install & Crashes. pfsense 2.4.2 on apu2c4

    12
    0 Votes
    12 Posts
    1k Views
    G

    Reflashed the BIOS to 4.0.12.

    Ran a memtest for a week, 0 errors.

    Stopped the memtest this morning. Let PFSENSE boot, withing 5 minutes it crashed. Below is the log in the pastebin link.

    https://pastebin.com/hHSnpnmg

  • PFsense With Single NIC

    21
    0 Votes
    21 Posts
    3k Views
    M

    @stephenw10:

    If you have Gold membershiop or Book access then:
    https://portal.pfsense.org/docs/book/usermanager/external-authentication-examples.html#active-directory-ldap-example

    Otherwise there's troubleshooting tips here: https://doc.pfsense.org/index.php/LDAP_Troubleshooting

    Steve

    Yes i Have , i found it

    Many Thanks Steve

  • Lcdproc + 502 gateway error

    6
    0 Votes
    6 Posts
    633 Views
    stephenw10S

    USB Ethernet is notoriously variable. Usually not too much we can do about that other than swap it out.

    Try increasing the number of available php processes. In System > Advanced > Admin Access set 'Max Processes' to 4.

    That may resolve it if it's something temporarily using resources or it may just increase the time between issues.

    Steve

  • MTU confusion

    5
    0 Votes
    5 Posts
    1k Views
    junicastJ

    Hi,

    the modem isn't the source of the problem. Since it doesn't handle the pppoe session the settings for MTU are greyed out.

    Here's a snippet of my pfsense config file:

            <ppps><ppp><ptpid>0</ptpid>                         <type>pppoe</type>                         <if>pppoe0</if>                         <username>myusername@netaachen.de</username>                         <password>youwontbelieveit</password>                         <provider>netaachen</provider>                         <idletimeout>0</idletimeout></ppp>                 <ppp><ptpid>1</ptpid>                         <type>pppoe</type>                         <if>pppoe1</if>                         <ports>vtnet0</ports>                         <username>myusername@netaachen.de</username>                         <password>youwontbelieveit</password>                         <provider>netac</provider></ppp></ppps>         <interfaces><wan><enable></enable>                         <if>pppoe1</if>                         <spoofmac></spoofmac>                         <ipaddr>pppoe</ipaddr>                         <ipaddrv6>dhcp6</ipaddrv6>                         <dhcp6-ia-pd-len>16</dhcp6-ia-pd-len>                         <dhcp6usev4iface></dhcp6usev4iface>                         <mtu>1492</mtu></wan> [...]</interfaces>

    What's REALLY weird is that the password I find in the config is different to the one I find in my tcpdump/wireshark recordings. WTF? How can that be?
    Session is coming up fine though.
    What I haven't found is some RFC explanation about how MTU is being negotiated.

    This is what my interface is saying btw:

    pppoe1: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1442</up,pointopoint,running,noarp,simplex,multicast>

    Ping6 seems to verify that, since 1442 - 40 (IPv6) - 8 (ICMP6) are actually 1394 which is the maximum packet size I can ping6.
    Confusion starts to grow. :-\

    Edit:
    I took a closer look at the tcpdump and what I found is that the Router Advertisement is saying 1442. Why would the provider want to do this? It looks like a faulty setup Router Advertiser to me.

    wireshark_pppoe.png
    wireshark_pppoe.png_thumb

  • Setting up stunnel on openvpn

    3
    0 Votes
    3 Posts
    888 Views
    K

    I asked about this just recently..  https://forum.pfsense.org/index.php?topic=145261.0

    and using openvpn seems like something people would expect you to use from home-to-work. (but that is already setup by our sysadmin)

    So I'm guessing your asking how to setup this - because you do not have this feature today.

    Check out this: https://www.ceos3c.com/2017/04/10/configure-openvpn-for-pfsense-2-3-step-by-step/

  • 0 Votes
    7 Posts
    785 Views
    DerelictD

    Well, you have no choice but to VLAN from something to get the Wireless AP behavior you desire. But that does not have to be done on pfSense. A switch could do it. pfSense would have two physical interfaces to two untagged ports on the different VLANs in that case. But why not just VLAN it?

    If you don't want to mix tagged and untagged traffic on a physical interface, don't. Just leave the untagged interface unassigned.

  • Connectivity issues

    3
    0 Votes
    3 Posts
    482 Views
    D

    Thank you for your response. I will try and keep notes on when it occurs throughout the day tomorrow and see if anything odd is in the system logs.

  • Basic static route question, doesn't seem to be working.

    12
    0 Votes
    12 Posts
    1k Views
    M

    @viragomann:

    ping and traceroute maybe do well. ICMP is a stateless protocol. The problems with that come if you establish a stateful connection.

    So I'd try one of the suggestions.

    OK, thanks for bearing with me! That one got through, I can just about picture how that makes a difference with how things are flying around.

  • Connect from work to home with ssh tunnel ?

    Locked
    7
    0 Votes
    7 Posts
    1k Views
    jimpJ

    Sounds like a good way to get fired. Or worse than that if "classified" material is involved, assuming you meant government "classified", and not company secrets/work product, which could still be a crime depending on the circumstances.

    Locking thread. If you want to evade your company policies, you are on your own.

  • [SOLVED] WAN only recognized through switch, getting awful speed

    8
    0 Votes
    8 Posts
    900 Views
    D

    @muppet:

    I would check with your ISP and see if they have hard-set your port to 100/Full
    Maybe the pfSense is trying auto and, seeing nothing, not bringing up the port.
    And the switch, not seeing auto frame either, might be defaulting to 100M half-duplex, thus causing all the frame drops/problems.

    This really sounds like an Ethrnet problem, nothing to do with pfsense itself.

    PfSense works just fine, so it's not the problem.  The problem will be your Ethernet card, the drivers or similar.
    Try and do some diagnosis to see what speed and duplex the port is coming up at, especially when connected to your laptop (is auto-neg being used or not?)

    Thank you!
    It really was something wrong with ISP's port. It was set to auto, but still didn't work correctly, so my connection was regularly jumping through different modes-speeds and getting big error rate. They just changed the port, and now everyhing is perfect.

    They would never do anything if I said them it's pfSense or any incompatible router, but they couldn't reject the issue with just switch.

    @stephenw10:

    At layer 3, yes (probably). At layer 2, maybe. At layer 1, nope.

    The reason it's a good test to put an unmanaged switch between your WAN interface and modem is because it can show up issues exactly like this.

    If your modem is set to 100Mb full duplex rather than auto the switch will likely connect to that fine and will also connect to the WAN interface that is set top auto negotiation fine. But without it you get a default connection which is often 10Mb half duplex, horrible speeds and huge error rate.

    Ethernet hardware should all conform to the specs and be compatible but that is not 100% true. Some cards will refuse to establish a link or continually flap up and down for no good reason. I have a Realtek card here that behaves exactly like that but only when connected to one switch I have.  ::)

    What is the NIC in the Win7 PC?

    Can you see the link speed/duplex on the switch in each of these cases?

    Steve

    Thanks for the info. Yes, they seem to implement things a bit differently. My Realtek NIC refused to see that broken connection at all, while Broadcom's one somehow worked fine on that… Also that Realtek only accepts it's hw mac, while Broadcom don't care.

  • URL Alias WildCard for Windows Updates

    2
    0 Votes
    2 Posts
    1k Views
    DerelictD

    Can't be done. There is no way to obtain a list of IP addresses for a wildcard domain. You would have to resolve every possible hostname which would be infeasible if not impossible.

    One of the other packages, such as pfblockerng might have a pre-compiled list you can use. Not sure.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.