• Teams Issues

    8
    0 Votes
    8 Posts
    378 Views
    GertjanG

    @wc2l said in Teams Issues:

    teams.microsoft.com works just fine.
    Host "msg.teams.microsoft.com" could not be resolved.

    Same for me.

    edit : while waiting, read also C:\Program Files (x86)\Microsoft Teams Network Assessment Tool\Usage.docx - this is a Microsoft tool with a manual / notice .... ( 😊 )

  • Does this look like my pfSense was hacked

    7
    0 Votes
    7 Posts
    3k Views
    GertjanG

    @luckman212

    Click on the image :

    1c8c8a2b-ed5f-4dd1-8694-8be0e58350e8-image.png

    I didn't test other search engines ...

    edit : the link @kpa posted is, imho, the best answer ( and totally not-FreeBSD related ^^ ).

  • SG-1100 Recovery Help Needed

    11
    0 Votes
    11 Posts
    74 Views
    stephenw10S

    Yes that's correct. The 1100 has only one NIC (mvneta0) and an internal switch with VLANs to separate the ports. But, as I said, you shouldn't need to make any changes there it's detected and set automatically for any Netgate device.

  • rename boot environments

    3
    0 Votes
    3 Posts
    176 Views
    S

    @Gertjan shame on me! Didn't see that ... thanks a lot!

  • 0 Votes
    6 Posts
    91 Views
    stephenw10S

    Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

    Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.

  • System - Package Manager - Available Packages

    5
    0 Votes
    5 Posts
    139 Views
    M

    @SteveITS

    Thank you for the clarification. You're right — better to be safe. I’ll update FW2 when I'm on site, and then FW1, which is my usual one.

  • Not understanding Boot Environments

    4
    0 Votes
    4 Posts
    156 Views
    stephenw10S

    Mmm that^.

    However what you will see is that after booting back into the 24.11 BE the update branch will still be set to 25.07-RC because that was the last thing that was done before the upgrade took the snapshot. So if you plan to run 24.11 for some time after reverting you would need to set the update branch back to 24.11 in that BE before doing any package operations.

  • v2.7.2: Dynamic DNS not working with Cloudflare

    11
    0 Votes
    11 Posts
    387 Views
    R

    @70tas Indeed the global token does not work anymore, you must use the API token. And then for the login, do not use your email address. As I wrote before: "One must use the Zone ID when using the API token."

    I have this working using the DDNS GUI. I only needed the script for debugging.

  • 0 Votes
    17 Posts
    841 Views
    stephenw10S

    It's not a bug because that's the expected behaviour. You could consider it a missing feature if you need to make changes there. Open a feature request: https://redmine.pfsense.org/

    This is the first time I've seen anyone ask about it in 10 years though so it's clearly not a huge problem.

    You could just patch the file to create the config with the values you need then carry that as a custom patch in the patches package.

  • pfSense Plus 25.03 release question

    23
    1 Votes
    23 Posts
    2k Views
    stephenw10S

    Yup the issue definitely exists. I have no fix for it yet, none of the things I tried made any difference.

  • 0 Votes
    3 Posts
    155 Views
    W

    @dennypage said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

    @wolffire said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

    I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

    Is it possible to block package processes from doing so?

    You can't block individual packages. The closest you could get is to find the domain or addresses the package is accessing and block those.

    With specific regard to ntopng, I haven't examined all the callouts but I don't recall it doing much unless you were using the licensed version (activation check), or had one of ntopng's "active" modes enabled.

    Make sure you have Active Network Discovery disabled in ntopng. It's in Settings / Preferences / Network Discovery / Active Network Discovery. This option should never be enabled on pfSense. Ditto for Active Monitoring.

    Thanks for the quick answer.

    I'm a little surprised about not being able to lockdown individual processes for those 'who watches the watcher?' types of situations. Finding a dynamic workaround will be painful.

    As far as ntopng, I just don't want it to be able do anything online unless I've configured it to do so; I loath the idea of telemetry being sent off to various companies.
    Not that I've found anything (I haven't taken a serious look yet); I'm just a bit weary.

    Speaking of the settings, after reading that post about inadvertently scanning the Internet, I definitely ensured active monitoring and network discovery was turned off. 😆

  • IPSECD VPN Phase-2 configuration disappearing

    Moved
    39
    0 Votes
    39 Posts
    3k Views
    T

    @stephenw10 Correct. Way longer than the tunnel rekey times, so something must prompt a configuration reload outside of that.
    Or maybe the tunnel went down at some point and the config was reloaded when a reconnect was attempted.

  • 0 Votes
    3 Posts
    70 Views
    R

    @patient0 OK, that helped. I'm fairly certain I had tried clicking Add time before and it hadn't worked - with the error I previously reported. In any case, it worked for me now. Thank you!

  • Odd sudden kernel panic

    5
    0 Votes
    5 Posts
    290 Views
    A

    @stephenw10 I believe that is mpt attempting to talk to the RAID card as if it was in IT mode, trying to count the individual drives ("REPORT LUNS"), and the card replying "No, this is RAID, you can't talk to the drives directly" ("ILLEGAL REQUEST").

    I'll run a fs check next time it's convenient to take down the entire network. Probably this evening.

  • Kea client logs

    9
    0 Votes
    9 Posts
    669 Views
    GertjanG

    @ameinild said in Kea client logs:

    I get no logging from the kea-dhcp4 service for client DCHP logs, only from the dhclient for the WAN interface.

    Well ... this is FreeBSD/( and Linux) classic log behavior : no news is good news.

  • 0 Votes
    3 Posts
    122 Views
    A

    @stephenw10

    Thanks for the response.

    In reviewing your response and looking through my configurations, this one firewall did NOT have a valid Client name set and was missed from my template configuration when the firewall went into service.

    I apologize for taking up yours and anyone else's time. I feel like a Newby today.

  • Steady increase in Memory Usage (pfsense in proxmox vm)

    2
    0 Votes
    2 Posts
    79 Views
    stephenw10S

    Does it report the memory usage in both Proxmox and pfSense?

    Can you see what's using it in the output of top or ps?

  • Update of pfSense Plus Software

    3
    0 Votes
    3 Posts
    123 Views
    S

    @stephenw10

    Thank you, that was what I was not doing and really appreciate the guidance and support here. Thanks

  • Setting for console access via web browser

    5
    0 Votes
    5 Posts
    144 Views
    W

    @stephenw10 Eventually I was able to read the a cloned disk from a side FreeBSD I setup, then I edited the config.xml to include the correct source IP, replaced the original disk with the cloned-now-edited disk and that how I got my access back and then I enabled the console. Thank you.

  • pimd

    6
    0 Votes
    6 Posts
    241 Views
    L

    @dennypage, @maximushugus, @louis2, @jeffscott

    Good news!

    I have the PIMD version I did compile yesterday working !!
    Including the related pfSense gui.

    Not I think I can make it running the way it should in the coming week(??).

    Note that at this moment I still have the following issues:

    The warnings at compile time. Surely NOT OK!
    => I do not have the knowledge to fix this. but it does not be blocking. The man directory issue.
    => I have no idea how to solve that. My actual work around is removing the manual files from package definitions (NOT OK) Pimd does not run using the GUI.
    => At this moment I have to start pimd from the command line in debug mode and restart pimd after each config change. However pimd is running and I can access my media server.
    pimd -n -f /var/etc/pimd/pimd.conf --disable-vifs -l debug=all the firewall rules are not yet as they should be, for the test I just opened too much.

    So I have to sort out things in the coming week/weeks. But I have good hope that I can solve points 3 and 4.

    If someone can solve points 1 and 2, it would be highly appreciated!!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.