• Check_Reload_Status 100% CPU Again Again

    10
    0 Votes
    10 Posts
    854 Views
    stephenw10S

    I agree if it shows that uptime it's not rebooting. Odd then that it's somehow losing link.

    I also agree that check_reload_status should not get stuck like that. As you found we have had issues with it in the past and they are difficult to pin down because it's normally not repeatable on demand. If we can narrow it down to something like a link state change that would be very helpful.

  • California and standard time

    8
    0 Votes
    8 Posts
    873 Views
    dennypageD

    @mer said in California and standard time:

    But if they set start date to 1 jan and end date to 31 dec they sidestep the "law"

    Nope. If a state uses any form of daylight savings time, they have to use the date schedule set forth by federal law. Originally states had the right to set their own schedules, but that was done away with in the Uniform Time Act. The only way around this is to use standard time year-around like Arizona and Hawaii.

  • BUG? - 2.7.* IGMP issues with spanish imagenio TV deployment

    2
    0 Votes
    2 Posts
    333 Views
    stephenw10S

    Try starting igmpproxy in verbose mode at the CLI amd see what's shown when it fails. Compare that to what's shown in 2.6.

  • sarg is missing for pfsense 2.7.2

    2
    0 Votes
    2 Posts
    394 Views
    stephenw10S

    Use Lightsquid like it says in that guide. The sarg package was deprecated way back in 2.3.0.

  • LAN setup issue, pfSense on new Protectli Vault

    2
    0 Votes
    2 Posts
    512 Views
    johnpozJ

    @tedjackowestnet when pfsense only has a "wan" it allows for access to gui on wan.. When you add a lan, that allow will go away..

    You should edit your wan rules to allow for gui access, setup your lan.. Then once your in on lan remove your wan rule that allows gui access.

    or just setup lan from the console, or why did you not setup wan and lan when you first set it up?

  • 0 Votes
    3 Posts
    335 Views
    C

    @stephenw10 Thanks! I think this may work for what I need. I will experiment...

  • Network goes down in the early morning twice in a row

    7
    0 Votes
    7 Posts
    685 Views
    stephenw10S
    Jan 26 13:00:44 kernel re1: watchdog timeout Jan 26 13:00:44 kernel re1: link state changed to DOWN

    Try the alternative Realtek driver. Since I assume you can't change the NICs.

  • add user and enable chroot ssh scp access

    2
    0 Votes
    2 Posts
    677 Views
    rcfaR

    FYI, here are the results of my investigation
    https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
    any improvements (and I wish there are) are welcome!

  • Privilege "User - System: Copy files to home directory (chrooted scp)"

    5
    0 Votes
    5 Posts
    1k Views
    rcfaR

    FYI, here are the results of my investigation
    https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
    any improvements (and I wish there are) are welcome!

  • pfSense unresponsive during and for several seconds after an iperf3 test?

    5
    0 Votes
    5 Posts
    461 Views
    stephenw10S

    It's unlikely you're using anything anywhere near 16GB unless there is a serious memory leak somehow. That should be pretty obvious from the monitoring graphs.

  • Troubleshooting question

    9
    0 Votes
    9 Posts
    1k Views
    johnpozJ

    @guardian the instructions how to get to your modem have already been given multiple times.

    I do it this way.. I have a 192.168.100.2 vip on my wan, that is connected to my modem..

    vip.jpg

    Do you have any outbound rules in floating that block rf1918? Do you have any rules on your lan where where your client is trying to access 192.168.100.1 that would block or policy route?

  • Picture widget play?

    4
    0 Votes
    4 Posts
    466 Views
  • Is a VPN service really worth it?

    16
    0 Votes
    16 Posts
    3k Views
    JKnottJ

    @JonathanLee said in Is a VPN service really worth it?:

    I have my VPN set up so that I have access to my private cloud (NAS) while not at home. I can remote into my VPN and access my files.

    Same here. I've had my own VPN going back over 20 years, to when I was using a CIPE VPN.

  • No internet on LAN

    72
    0 Votes
    72 Posts
    15k Views
    johnpozJ

    @stephenw10 very true, using dot or doh to prevent interception is a valid use case for those 2 protocols.

    I personally don't have any issues with the actual tech, what I have a problem with is doh, and your browser or app using it without your clear acknowledgement to the fact..

    If the network your connected to is intercepting dns, then sure use of dot would be one way to actually forward to where you want without them intercepting it and redirecting it to their own dns.

    But its going to be impossible for you to actually resolve in such a setup.. And if your not actually talking to the authoritative NSers then yeah dnssec is going to fail.. As it is designed too do.

    So you can either get with the landlord or whoever has access to this isp router to turn off that intercept feature. Or you can just forward and let it be intercepted.. Or you can use forward via dot to circumvent their interception, or you could use doh on your clients directly as another method of circumventing their interception.

    Or you could setup a vpn and resolve your dns via the vpn connection, which would also circumvent their interception of your dns.. But with their interception your not going to be able to directly resolve, nor is dnssec going to work.

    Turning off dnssec and leaving it in "resolve" mode could work, but your dns is still being intercepted.. And most likely its going to fail, because the answers you get are not really going to be what the resolver is looking for when it resolves.

    if it was me I would go the vpn route and resolve through that connection. You could get a cheap vps, couple of bucks a month and just route your dns traffic through that.. if you can not get the building your in to turn off that dns feature of the isp router is doing.

    If that is too complicated for you.. Then just setup dot forwarding to some dns you trust to use, googledns, clouldflare, quad9, etc.. etc.. Not like there are not plenty to choose from.. They all have the best interests of everyone for their only motivation for wanting users to send them their dns queries ;) heheheh

    I mean its not like these companies are out to make money or anything, I mean how much could it cost to setup a global dns infrastructure that can provide dns to the planet ;) Why not just do it for free.. I mean what else could their motivation be - if not to just provide free service to the planet ;) ehehhehe

  • pfsense 2.7.0 crashes daily - help please

    3
    0 Votes
    3 Posts
    489 Views
    D

    Steve,

    thanks for your feedback and the further information. My limiter settings to reduce bufferbloat might have caused the crashes.

    I have changed the setting on AQM to Tail Drop on both, limiter (pipe) and child queue and scheduler to fq_codel on limiter (pipe) now.

    I hope the errors:
    "config_aqm Unable to configure flowset, flowset busy!" don't show up anymore and the system doesn't crash. Let's see!

    Currently, I have no packages installed. There is no real reason, why I have not upgraded to 2.7.2. Well, the update does't show up in the GUI. But I'll try to do the update by command line.

    Thanks. Daniel

  • [crash report] system went down and took 3h30 to self recover

    3
    0 Votes
    3 Posts
    538 Views
    L

    @stephenw10 Thank you very much !!

  • DNS 8000+ms, troubleshooting help

    75
    0 Votes
    75 Posts
    11k Views
    stephenw10S

    If the ISP router is terminating the PPPoE session then none of that applies. It only applies if that is bridging the PPPoE traffic to pfSense.

    If PPPoE is terminated on pfSense then:
    https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

    PPPoE adds an 8 byte overhead so to carry the standard 1500B MTU the frames on the parent NIC must be 1508B. Those are referred to as mini-jumbo or baby-jumbo frames (RFC4638).

  • Packet Tracer function

    15
    0 Votes
    15 Posts
    6k Views
    NollipfSenseN

    @stephenw10 Okay!

  • Daily Crashes pfsense 2.7.0 - how to solve it?

    1
    0 Votes
    1 Posts
    105 Views
    No one has replied
  • Accessing a CPE/Modem from Inside the Firewall Recipe XG-7100

    2
    0 Votes
    2 Posts
    227 Views
    stephenw10S

    You shouldn't need to add a second connection.

    You won't be able to if you have a local subnet including 192.168.100.1 on any other interface.

    You may need to add an IP Alias VIP to the WAN of, say, 192.168.100.2/24 so that the firewall has an IP when the WAN is down. You might also need an outbound NAT rule for traffic from internal interfaces to the modem specifically.

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.