• 2.7.0 PPPoE not routing traffic

    16
    0 Votes
    16 Posts
    2k Views
    stephenw10S
    I assume 192.168.20.1 is the pfSense LAN IP? It would only send an ARP request for 1.1.1.1 there if it thinks it has an IP in the same subnet as that. So at least when it was sending that ARP request it must have had a bad route present somehow.
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    20 Views
    No one has replied
  • New Installation - Intermittent Slow Downs

    2
    0 Votes
    2 Posts
    309 Views
    stephenw10S
    The interrupts are expected and shouldn't be a huge issue at that rate. You could just be seeing some saturation. Check Status > Monitoring for the traffic on WAN and LAN. Is it hitting the available bandwidth? You may need some shaping prioritise remote desktop. Steve
  • pfsense 2.7 menu stuck with NUT crash

    19
    0 Votes
    19 Posts
    2k Views
    dennypageD
    @darkcorner said in pfsense 2.7 menu stuck with NUT crash: I wouldn't even know where to configure console protection with a password. So the answer is, no, there shouldn't be. It's a checkbox in System / Advanced / Admin Access. [image: 1696345052088-screenshot-2023-10-03-at-07.56.17-resized.png] It's quite likely something you set and didn't think too much about at the time. It's in a bunch of pfSense HowTos.
  • Simple question about KEA DHCP

    6
    0 Votes
    6 Posts
    989 Views
    jimpJ
    @michmoor said in Simple question about KEA DHCP: @jimp Based on notes in the ticket is it expected to arrive for 23.09? That's the plan, but as stated there it is working for IPv4 and not IPv6, so it may not be 100% in 23.09. Keep an eye on the Redmine to know for sure.
  • Upgrading SG-1100 to SG-2100 VLAN rebuild necessary?

    4
    0 Votes
    4 Posts
    428 Views
    C
    @Cabledude TAC ticket opened.
  • Issues getting SMTP Notifications working

    10
    0 Votes
    10 Posts
    841 Views
    T
    @Gertjan Thank you. The requirements are Port 587, Auth method is Plain, with STARTTLS @SteveITS I've just tried it again, without Enable SMTP over SSL/TLS or Validate the SSL/TLS certificate presented by the server enabled, and it worked... I thought I'd tried that earlier and it failed, not sure what I've tried now, been messing about with it for so long :) But thanks everyone, all good now.
  • pfsense stopped at vlan and interface prompt on every reboot

    4
    0 Votes
    4 Posts
    1k Views
    stephenw10S
    Yup, tailscale should do that for you.
  • Traffic Graph and trunk links

    15
    0 Votes
    15 Posts
    1k Views
    M
    @stephenw10 You did ask i must have misunderstood, my bad on that. But good to know its expected behavior. Thank you so much for the assist here. Appreciate it!!
  • APu1C latest BIOS?

    Moved
    8
    0 Votes
    8 Posts
    890 Views
    J
    @stephenw10 said in APu1C latest BIOS?: @joea said in APu1C latest BIOS?: I found a windows version of the installer Not entirely sure what that would be. flashrom is a FreeBSD pkg that we have in our repo. For reference you can install it in pfSense at the command line if it's not already: pkg-static install flashom Anyway glad you were able to get the BIOS flashed. Ah, my description was poor, probably should have turned in by that time. It was actually a means to create, via Windows, a bootable USB stick to perform the flash. I found the "windows installer" here: https://pcengines.ch/howto.htm#TinyCoreLinux Thanks for the additional info.
  • How to monitor Wifi logins, set il delay

    4
    0 Votes
    4 Posts
    184 Views
    johnpozJ
    @stephenw10 that could be failure to the captive portal - but that means they have already joined the wifi network.
  • Can't login from subnets

    6
    0 Votes
    6 Posts
    186 Views
    D
    Ok fixed solved this is an apple keychain problem. I deleted the keychain and re-entered the password.
  • Netgate pfSense Router stopped working?

    20
    0 Votes
    20 Posts
    2k Views
    B
    @stephenw10 Well I ended up finding a used cheap 4860-1U to use for the time being, and the console feature worked using the same cable and computers that the other one would not work with. So my guess is I had a hardware failure.
  • Listen queue overflow: 193 already in queue awaiting acceptance

    9
    0 Votes
    9 Posts
    1k Views
    mtarboxM
    @stephenw10 Hmmm, I will have to wait it does it again.. Thank you for taking the time, and I will report back the next time it does it.
  • 0 Votes
    6 Posts
    637 Views
    stephenw10S
    Can we assume you don't have a note of the ACB key then?
  • SSHGUARD logging attempts even though 22 is blocked?

    10
    0 Votes
    10 Posts
    727 Views
    T
    @stephenw10 Ugh... missed an interface on the DMZ. It's a /27 routed through the WAN. There was a virtual IP assigned which was acting as a gateway for the network behind it. I failed to manually block the admin ports. Thanks for helping me with my troubleshooting gymnastics!
  • A way to increase PPPoE initialization timeout?

    Moved pppoe ppp-connection ppp
    10
    0 Votes
    10 Posts
    2k Views
    A
    @stephenw10 ok thank you I will try
  • VPN point to point

    Moved
    40
    0 Votes
    40 Posts
    4k Views
    stephenw10S
    If nothing was changed in pfSense in between those connection attempts then the difference is that it succeeds when pfSense initiates the connection: Sep 27 14:02:48 charon 18669 09[IKE] <con2|5> initiating Main Mode IKE_SA con2[5] to 200.0.211.137 Sep 27 14:02:48 charon 18669 09[IKE] <con2|5> IKE_SA con2[5] state change: CREATED => CONNECTING Sep 27 14:02:48 charon 18669 09[CFG] <con2|5> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Sep 27 14:02:48 charon 18669 09[ENC] <con2|5> generating ID_PROT request 0 [ SA V V V V V ] Sep 27 14:02:48 charon 18669 09[NET] <con2|5> sending packet: from 190.13.88.176[500] to 200.0.211.137[500] (180 bytes) Sep 27 14:02:48 charon 18669 11[NET] <con2|5> received packet: from 200.0.211.137[500] to 190.13.88.176[500] (104 bytes) Sep 27 14:02:48 charon 18669 11[ENC] <con2|5> parsed ID_PROT response 0 [ SA V ] Sep 27 14:02:48 charon 18669 11[IKE] <con2|5> received NAT-T (RFC 3947) vendor ID Sep 27 14:02:48 charon 18669 11[CFG] <con2|5> selecting proposal: Sep 27 14:02:48 charon 18669 11[CFG] <con2|5> proposal matches But fails when the other side is initiating: Sep 27 14:02:43 charon 18669 16[NET] <4> received packet: from 200.0.211.137[500] to 190.13.88.176[500] (168 bytes) Sep 27 14:02:43 charon 18669 16[ENC] <4> parsed ID_PROT request 0 [ SA V V V V ] Sep 27 14:02:43 charon 18669 16[CFG] <4> looking for an IKEv1 config for 190.13.88.176...200.0.211.137 Sep 27 14:02:43 charon 18669 16[IKE] <4> no IKE config found for 190.13.88.176...200.0.211.137, sending NO_PROPOSAL_CHOSEN So there is probably some difference between the configs. For example if the other side is set to IKEv1or2 it may be defaulting to v2 when it proposes but allows v1 when pfSense proposes it.
  • CARP-based PPPoE failover stops working on 2.7.0

    18
    0 Votes
    18 Posts
    2k Views
    stephenw10S
    If the other node is not running the same version then config sync will be disabled. But state sync would still be enabled. And the CARP status doesn't care about the version. It could be related that bug, though I don't see the same flood of CARP events that triggered.
  • Smacked from sort of experienced back to novice

    15
    0 Votes
    15 Posts
    704 Views
    stephenw10S
    It depends who/what the users are. If they are real people they usually let you know pretty quick when things don't work. If it's IoT devices etc you have to test yourself. As with all things it's a question of security vs convenience. Though the actual security benefits are questionable at best and the inconvenience is significant so.....
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.