• What to put in IoT vlan ?

    3
    0 Votes
    3 Posts
    724 Views
    V

    @fjmp24
    Assuming all these devices are connected via wifi, my approach is to put all within a wifi SSID, which don't need to connect to any other. In this SSID I prohibit communication between stations on the AP.
    Access to other network segments is restricted on pfSense, if even any needed.

  • NTP no server suitable for synchronization found

    2
    0 Votes
    2 Posts
    414 Views
    stephenw10S

    The checksum is probably because you have hardware checksum offloading enabled. But if it's not that would be a problem.

    Those clients are set to sync against stratum 1 only? Seems unlikely.

  • Installation swapfile question

    4
    0 Votes
    4 Posts
    525 Views
    stephenw10S

    Yes, if you're using SWAP in 'normal' use there's probably a problem. The biggest use for SWAP in pfSense is to be able to store crash reports should you ever hit a kernel panic. So I would argue that having it mirrored should not really be that important. Should.

  • PHP error updating SYNC tab pfBlocker

    10
    0 Votes
    10 Posts
    499 Views
    stephenw10S

    Yup, that will require a different bug ticket. We are just discussing how to handle both issues.

  • Question About Network Performance

    4
    0 Votes
    4 Posts
    524 Views
    stephenw10S

    @antonioremigio1 said in Question About Network Performance:

    How do I know if pfSense is supporting this traffic from connected users or if it is bottlenecking?

    Check the graphs in Status > Monitoring. Are you seeing traffic close to the maximum bandwidth? Are you seeing CPU usage close to 100%?

  • Errors(?) on bootup and constant errors with nvme

    3
    0 Votes
    3 Posts
    527 Views
    stephenw10S

    @pnadd said in Errors(?) on bootup and constant errors with nvme:

    fib_algo

    That error is harmless.

    If the issue started happening after installing a new PCIe device and you're using an NVMe drive then I'd suspect some low level PCIe issue. Probably nothing you can do about that in pfSense if so.

  • 0 Votes
    25 Posts
    3k Views
    V

    @Gblenn you sir, are a blessing!

    I see now there was a diagnostic report in pi-hole that I missed ...

    Too hyper-focused on the pfsense side of things.

    Thank you <3

  • NTP server issue in PFSense 2.7.2 ?

    12
    1 Votes
    12 Posts
    1k Views
    D

    @stephenw10

    Hi - hard to be sure, as there's not really any diagnostics or logging available on the camera UI's to test NTP, other than just setting the time to be wrong then trying to force an update, which I'm not keen to do manually on over 60 cameras...

    The proof of the pudding will be if they start drifting out of time again, but that will take a while to find out.

    I think in my specific use case of it only serving specific internal clients that disabling KoD is the best option.

  • Help debugging PHP Errors

    13
    0 Votes
    13 Posts
    1k Views
    stephenw10S

    Ok you're hitting this but with a slightly different underlying error: https://redmine.pfsense.org/issues/15157

    In both cases the config file is somehow unreadable and the error/notice generated is calling badly creating those PHP errors. That's masking the real problem.

    Try resaving the Sys > Adv > Notifications page so the config does have a notifications section if you can. That may workaround the error so you can see the real issue.

  • pfsense dns redirect failure

    3
    0 Votes
    3 Posts
    231 Views
    X

    @stephenw10 said in pfsense dns redirect failure:

    Otherwise you can add Alternate Hostnames it will accept in System > Advanced > Admin Access.

    That worked thank you

    I have a bunch of dns rewrites to blah.local so pfsense.local is just easy to remember

  • Problem with TCP and GRE tunnel

    Moved
    64
    0 Votes
    64 Posts
    9k Views
    stephenw10S

    OK so everything is /24 and thus you have the same subnet at both ends on the tunnel. Hence, routing conflict with that iperf command and anything else sourced from the firewall itself.

    Really you want those things is different subnets but because the remote WAN is using .132 you can't use /25 there.

    I would try to set the gateway as outside the subnet. There's a setting for that in the advanced gateway settings: 'Use non-local gateway'

    You can then set the remote WAN subnet to something much smaller, /32 even.

    Then you can set the other IPs in a different subnet such as 185.113.141.208/28. You can add that as the static route on the remote pf and then use the IPs directly on the local pf.

    The local pf LAN should use one of those IPs.

    As an alternative to all of that you could just add all the IPs at the remote side as VIPs and then NAT the traffic to/from them and use private IPs at the local LAN.

    Steve

  • Nprobe on pfSense - experiences?

    7
    0 Votes
    7 Posts
    1k Views
    keyserK

    @dennypage Hi Denny

    Really great that you are willing to put this effort into providing more options with NtopNG on pfSense.

    I already have a licensed NtopNG Enterprise Embedded running on a Raspberry Pi 4 collecting flows from Softflowd and a licensed nProbe Pro embedded I have (Portmirror on switch). I have been testing the difference between flows recorded by SoftflowD on pfSense and Nprobe Pro (portmirrored LAN to pfSense).
    The difference is HUGE. NProbe does a lot of DPI analysis + records all DNS queries and fills alll that in as flow metadata to NtopNG. So in the UI you can the client sessions with domainnames instead of IP addresses and a lot of trafficanalysis of the sessions.
    So it is much easier to dissect/analyze what happened in the nProbe flows than from SoftflowD.

    I record this to a Clickhouse server on the same Pi. Runs great, and gives me 180 days history of all flows back in time.

    I have decided to forego running the NtopNG package on pfSense as it cannot be licensed and work fully featured. I realize that one could perhaps avoid the licensing cost of a nProbe (And a port switchmirror) by setting up nTopNG like you suggested, but its a “heavy” package with lots of discwrites for nothing compared to nProbe. So I’ll stick with the nProbe Embedded as the deluxe flow generator, and look forward to testing the built-in pf flow exporter in 24.03 as the poormans flow solution.

    But your work is still very much appreciated, and I’m sure it will be very well recieved in the community

  • php scripting and PHP shell broken after update

    4
    0 Votes
    4 Posts
    296 Views
    P

    @bmeeks
    why the PHP shell i reach from menu point 12 does not give any hints?
    All the examples given in the help commands don't work.

    As this is the place, where I tested my scripts, I expected to get information about changes there.

    Thanks for your link, I will dig from there.

  • Intermittent reboots

    9
    0 Votes
    9 Posts
    734 Views
    stephenw10S

    It shouldn't be possible for anything external to reboot it. You might see a lo of logs or disconnections. Or potentially it could stop passing traffic entirely but it would still remain up. Or panic and log that.

  • PHP Fatal error on a newly wiped 1541, the FW shuts down without warning.

    9
    0 Votes
    9 Posts
    999 Views
    D

    @Gertjan How did you solve this error? I'm struggling with it on a couple of appliances

  • adguard type setup?

    5
    0 Votes
    5 Posts
    758 Views
    X

    @stephenw10

    Understood. Was more looking to follow his process and I would download manually and install

  • SSL certificate from IONOS?

    4
    0 Votes
    4 Posts
    647 Views
    stephenw10S

    Because when you test from inside the firewall that traffic never hits the forwarding rules.

    https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

  • pfSense advanced settings: System/Advanced/Networking

    4
    0 Votes
    4 Posts
    741 Views
    stephenw10S

    Tunables for FreeBSD will generally apply in pfSense but may not improve performance. On the page the default values should be fine for igc.

  • Pfsense PPPoE Server and Dhcp option 43.

    4
    0 Votes
    4 Posts
    553 Views
    stephenw10S

    Well it would have to be a value that can be set in mpd5 since that's what the PPPoE server uses.

    As a test you could try adding values to the conf file for the server in, for example, /var/etc/pppoe1-vpn/mpd.conf. You would need to manually kill the process and restart it like:
    /usr/local/sbin/mpd5 -b -d /var/etc/pppoe1-vpn -p /var/run/pppoe1-vpn.pid -s poes poes

    If you are able to find a value that works there most of that is created in /etc/inc/vpn.inc

    Steve

  • New commit and merge in FreeBSD source code of MAP-E

    20
    0 Votes
    20 Posts
    2k Views
    T

    @Patch yes, seeing the link for the earlier FR, I went to comment on that but couldn't as it was closed, hence the new FR with a link to the previous one. Not sure if that's the "right" way of doing it, but just wanted to bring it to their attention.
    I'm hoping that if the new FreeBSD has it built-in, it requires minimal development on the pfSense side to include it as a feature - just a few Web UI tweaks?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.