• Terrapin SSH Attack

    Pinned
    33
    16 Votes
    33 Posts
    31k Views
    STLJonnyS
    @willowen100 It basically forces your ssh (on the Windows side) to utilize that encryption algorithm. You'll need to do that on any machine you ssh from. I'd have rather found a more elegant workaround (preferably on the pfSense side, so the mod only has to be done in one location), but this works in a pinch.
  • pfSense Hangouts are available on YouTube!

    Pinned Locked
    1
    5 Votes
    1 Posts
    11k Views
    No one has replied
  • Share your pfSense stories!

    Pinned Moved
    76
    0 Votes
    76 Posts
    65k Views
    V
    Mine may be typical, maybe not..... Took over a large sennior living facility with a pretty robust it infrastructure spread between 4 IT rooms, 23 access points, 12-14 switches, and 200 internal devices and 200 guest/resident devices, all being run by a Sonicwall TZ350. I had been wanting to reallign everything network wise for some time but the TZ had 2 ports that were failing. I had worked with ClearOS from back in the ClarkConnect days and started searching for something similar. I found PfSense and it just fit what I wanted to do. I tested it a bit on an old Athalon64x2 rig for proof of concept and had planned on installing on a mini pc or something, but I wanted 6 nics. Standing in my main IT room I looked down and in the bottom of the rack were 4 HP DL380s, 2 of which were decommissioned 2 years ago. It's such huge overkill for hardware that it's hard to explain, but who wouldn't want redundant power supplies, raid 60 with 25 drives and remote system monitoring through ILO? lol I spun one up and loaded PfSense and started tweaking. 2 weeks ago I switched over and have been working out gremlins since.. Overall it's gone well, just one snag that a couple members here have been very kind in helping me work out. Thank you to this page for all the help. [image: 1697753147328-pfsense1.png]
  • Order / Timing of Booting Modem and pfsense PC

    9
    0 Votes
    9 Posts
    90 Views
    provelsP
    @mer I imagine it could depend on the brand of modem, but it's be a fixed IP in the Netgears and Motorolas I've had. Or if the modem even offers DHCP in the first place.
  • Ecobee thermostat can’t connect to servers

    84
    0 Votes
    84 Posts
    3k Views
    J
    @ezhawk out of curiosity have you checked with ecobee ? "ecobee has determined that a very small percentage of Smart Thermostats may experience difficulty connecting to our servers, leading to disconnection issues. If your thermostat has exhibited this problem, please use the serial number checker below to see if your device qualifies for our Connectivity Support Program." maybe you have and I just missed the reference or mention in this thread here is the link to check your serial number https://support.ecobee.com/s/esp/smart-thermostat-connectivity-issues
  • Firewall Logs with Unavailable Matched Rule and Empty Tracker ID

    9
    0 Votes
    9 Posts
    288 Views
    johnpozJ
    @marchand.guy what we need is a better understanding of what pfsense actually means when it gives a reason of "short" - I assume it has to do with the scrubbing functionality.. Is something not working? You could try disable scrub to see if those log messages go away. [image: 1756567524421-scrub.jpg] I don't recall ever seeing such a block ever.. Since that is udp to 443, I would assume a quic connection.. That IP is a china telecom IP.. inetnum: 101.224.0.0 - 101.231.255.255 netname: CHINANET-SH descr: CHINANET SHANGHAI PROVINCE NETWORK descr: China Telecom what is trying to talk to that IP? I would look in your state table to see what client is talking to that.. I don't see you ever connecting to the forums with a IPv4 address, only IPv6 and not a china telecom IPv6 address
  • Wireguard fails after reboot (2.8.0)

    26
    0 Votes
    26 Posts
    1k Views
    B
    @stephenw10 Sorry for the delayed reply - I have just got back from a business trip. Anyway, this is the output from the CLI [2.8.1-RC][root@pfSense.mymain.local]/root: ls /var/run check_reload_status cron.pid daemon_sshguard.pid devd.pid devd.pipe devd.seqpacket.pipe dhclient.igb0.pid dmesg.boot dnsbl.pid dpinger_VPNUNLIMITED_L2TP~10.240.0.2~10.240.0.1.pid dpinger_VPNUNLIMITED_L2TP~10.240.0.2~10.240.0.1.sock dpinger_WANV6_TUNNELV6~2001:470:1f08:84a::2~2001:470:1f08:84a::1.pid dpinger_WANV6_TUNNELV6~2001:470:1f08:84a::2~2001:470:1f08:84a::1.sock dpinger_WAN_DHCP~82.13.203.142~82.13.202.1.pid dpinger_WAN_DHCP~82.13.203.142~82.13.202.1.sock dpinger_wg1GW~10.102.1.114~10.102.1.114.pid dpinger_wg1GW~10.102.1.114~10.102.1.114.sock dpinger_wg2GW~10.102.100.206~10.102.100.206.pid dpinger_wg2GW~10.102.100.206~10.102.100.206.sock expire_accounts.pid filter_reload_status filterlog.pid ipsec_keepalive.pid kea kea2fib6.cache kea4-ctrl-socket kea4-ctrl-socket.lock kea6-ctrl-socket kea6-ctrl-socket.lock l2tp_opt9.pid ld-elf.so.hints ld-elf32.so.hints log logpriv mdns-bridge.pid miniupnpd.pid nginx-webConfigurator.pid ntpd.pid pfSense_version pfSense_version.rc php-fpm.pid php-fpm.socket ping_hosts.pid radvd.pid sshd.pid sshguard.pid syslog.pid unbound.pid update_alias_url_data.pid updaterrd.sh.pid utmp utx.active wireguardd.pid [2.8.1-RC][root@pfSense.mymain.local]/root: [2.8.1-RC][root@pfSense.mymain.local]/root: ls /var/run kea4-ctrl-socket.lock kea6-ctrl-socket kea6-ctrl-socket.lock l2tp_opt9.pid [2.8.1-RC][root@pfSense.mymain.local]/root:: Too many arguments. [2.8.1-RC][root@pfSense.mymain.local]/root: check_reload_status ld-elf.so.hints ld-elf32.so.hints log logpriv mdns-bridge.pid miniupnpd.pid nginx-webConfigurator.pid ntpd.pid pfSense_version pfSense_version.rc php-fpm.pid php-fpm.socket ping_hosts.pid radvd.pid sshd.pid sshguard.pid syslog.pid unbound.pid update_alias_url_data.pid updaterrd.sh.pid utmp utx.active wireguardd.pid
  • Upgrading pfSense 21.05 to 23.01

    upgrade
    11
    0 Votes
    11 Posts
    86 Views
    stephenw10S
    ZFS is also a lot more resilient to filesystem issues than UFS. So if you see frequent power outages it's a much better choice. But, yes, it does write more to the drive. Though the default values in 25.07 reduce that significantly. You can mitigate it almost entirely by running RAM disks too.
  • pfsense 2.7.0 installed as vm on xenserver now routing issue

    13
    0 Votes
    13 Posts
    698 Views
    stephenw10S
    Yup so check the routing and arp table on a client when it's unable to browse.
  • 25.7.1 package issue

    1
    0 Votes
    1 Posts
    33 Views
    No one has replied
  • 0 Votes
    10 Posts
    66 Views
    AndyRHA
    @ChrisJenk said in Netgate 6100 / 25.07 - any recipes / guidelines for optimising high speed LAN and WAN connections?: Speedtest program on the router itself No, I ran it on a Windows computer connected at 2.5Gb. I got full line speed up and down. I have since changed my internet to 1Gb so I only get 1.2Gb up and down now. A while back a friend and I were building and testing a VPN tunnel between us, a 7100 and a 6100, we found a noticeable speed difference if we used iperf on pfSense vs a computer on each end. We only get in the 700Mb/s range and still iperf on pfSense really added a load and skewed the results at least 10%.
  • Port Forwarding stopped working after upgrading to 2.8.0

    113
    0 Votes
    113 Posts
    6k Views
    C
    guess back to testing... after a reboot of pfsense i can search again on the HD site with that disabled.. will test more to see if it comes back.. havent solved how the isp dns or cloudflare dns show up on the vpn side as it says you maybe leaking i gave up trying for now jsut working on this pfblocker
  • Restore pfS config.xml to new h/w

    20
    0 Votes
    20 Posts
    159 Views
    stephenw10S
    If it's a paid subscription and you had to replace the hardware you should open a TAC ticket. We are not completely inflexible. Yes, it's tied to the hardware but if you are forced to change that we have options.
  • Strange Memory

    9
    0 Votes
    9 Posts
    807 Views
    J
    ^^ yes - this. - and the syslogd fix in the works should resolve this.
  • Why do we need to pay for pfS + ????

    12
    0 Votes
    12 Posts
    146 Views
    S
    @chudak said in Why do we need to pay for pfS + ????: How do you connect monitor to it? See for example https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/#how-to-guides In general Netgate makes sure new releases work on old Netgate hardware until it can’t.
  • Switched to AT&T fiber, IPv6 tunnel broken

    8
    0 Votes
    8 Posts
    76 Views
    BiloxiGeekB
    @johnpoz Yep, that's the setup I've got in place. It's been working for quite a few years for me when I was on a cable modem. @Bob.Dig My SG2100 does get a public IP, it is pingable from the outside world but still get no tunnel. In the Gateways widget the tunnel just shows "Offline, Packetloss"
  • New if_pppoe module no logging in Status / System Logs / PPP?

    3
    0 Votes
    3 Posts
    51 Views
    S
    @stephenw10 thanks for the feedback!
  • IAX2 not going out after a while

    6
    0 Votes
    6 Posts
    901 Views
    stephenw10S
    Mmm, you'll probably have to wait for it to fail and check what states are still there. I'd expect it to just re-connect if the states timed out and start to fail.
  • Cannot access some legit 443 on 25.07.1

    5
    0 Votes
    5 Posts
    371 Views
    stephenw10S
    Sounds like they are getting redirected locally if they see a cert error. Check what cert they are being offered. The details there may indicate what is intercepting the traffic.
  • Transfer license

    3
    0 Votes
    3 Posts
    613 Views
    R
    @akhuyna It's like I already said that. :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.