@jimp https://www.youtube.com/watch?v=n2Z3rr4W2xw - great guide for starters

Is it possible to use pfsense +freeradius for EAP-TLS auth for wired clients?

Hello,

Thank you for your answers and clarifications, I'm learning a lot here 😊

I'm going to switch from “WebGUI pfSense”, that suits me too.

Can we see the system logs covering time the wizard is run and immediately afterwards?

To enable full core dumps edit /etc/pfSense-ddb.conf set the kdb.enter.default script line to:

Reboot.
Check: sysctl debug.ddb.scripting.scripts make sure it shows the above line.
If you can test a panic: sysctl debug.kdb.panic=1
That will immediately panic the kernel and should generate a full core file.

SWAP is usually double the RAM size so you might not have enough space depending on the usage.

Hmm, pretty much identical. 😕

You need to policy route clients via the VPN gateway. So first add static leases for the clients so they always have the same IP addresses. Or if you have different subnets for those clients just policy route all traffic from the subnet.

https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

Ha, well that's a good outcome compared with some obscure hardware incompatibility. 😉

While this is an old topic, for anyone struggling to get Huawei modem to connect in CDC ECM mode using NDISUP command, the problem is it will ignore those commands sent to cuX serial devices. They need to be sent using the WDM interface, which Linux exposes as cdc-wdmX, but FreeBSD does not.

A workaround is to use a usbconfig command and send that command directly to the device. I explained my findings here: https://dawidwrobel.com/journal/initializing-lte-modem-using-raw-usb-communication/

@stephenw10 said in Bridge mode static IP config vodafone HFC:

Well if the ISP are charging for it and you ware paying then I would want to see it.

100%, if it is something like this which they charge €15 for... https://www.vodafone.es/c/empresas/autonomos/es/vodafone-para-tu-negocio/servicios-one-profesional/ip-fija/

But for regular home use, or even small business use, why pay that money? Unless it would otherwise change frequently and create regular interruptions, it really doesn't matter.

@borjaevo Perhaps a long shot, but which port is pfsense connected to on the modem? Sometimes in Bridge Mode it's only one of the ports that provide internet, likely port 1.

@McMurphy Excellent, glad it worked. @stephenw10 was of course right on the money too, and faster then me :).

Thank you all for your comments.

Not sure what I did, but Firefox stopped complaining.

You can speed up mounting root by changing the value of kern.cam.boot_delay in a custom loader value. But some systems require that delay to allow the root device to become active.

The WAN setup should be quick unless it's waiting for something. Usually that's DHCP but not if it's set static. Do you have it set to dhcpv6 with no v6 server present perhaps?

@andrerochedo Thank you

You can try to resolve those fqdns as an alias and use that in policy routing. However there's a good chance they resolve to numerous IP addresses. Especially for something like that where anonymising the traffic may be important. They may6 not respond to ping but they do resolve. YMMV!

@stephenw10 just saw that thx,
"By default, the M.2 SATA drive will then be the first drive recognized by pfSense" that's good :)
Thanks for your help!

@stephenw10
Thanks for looking at this and helping me out, when i restarted the states, and toggled some firewall rules after testing with packet capture, it just randomly started working.

ive rebooted a couple times and changed things around and it seems to be good for now, not sure what caused the issue however, but i think i should be good now.

Thank you again for the help.

@stephenw10 said in VM access in LAN pfsense from home network:

add the routes to the Orange Pi directly

Okay, thanks for the idea. initially, I tried to add a path to the router itself, but I did not find such an opportunity. I'll try your idea tomorrow. Thanks for the quick replies, have a nice evening!)

@stephenw10 said in Pfsense 2.6 : Google Map picks last known location:

in some database somewhere

multiple dbs I am sure.. There are a few public ones you can use as an example

https://wigle.net/

It is an interesting problem sure - but its not pfsesnse manipulating your location info ;) I wish it was that simple - then I could easy use my pc for making bets vs having to do it on my phone ;)

Back on Plus - thank you @stephenw10.

Given I do not really mess with my firewall much, this should be stable for a while as long as I do not change any hardware. It would be neat if the NDI did not change with simple hardware changes. I get it, but man alive, I hope I never have to change anything. Time will tell.

Cheers,

@xmacj Perhaps the remote side didn't like something about your original ip address.

I have an ecobee premium (upgraded by ecobee due to wifi issues on a ecobee 3 lite - data drop outs, morse code).

No wifi issues (it's bound to 2.4ghz band). But it does like to phone home to amazon every 50s. None of the amazon features are enabled, but it still insists.

To mitigate this, 2 different measures are in place. On the dns side, only requests to *.ecobee.com are resolved (adguard home). All others return 0.0.0.0 .

On the pfsense side, amazon asn is blocked for this device just in case the dns filters are off (sometimes happens during testing).