• pfSense 2.8.0 USB Image Installs Plus on Protectli Vault Hardware!

    16
    0 Votes
    16 Posts
    1k Views
    stephenw10S

    Well it's presented that way because the vast majority of users are either reinstalling Plus on an eligible device or installing CE on one that isn't. But I agree it could be clearer. I'll raise it.

  • 0 Votes
    2 Posts
    198 Views
    stephenw10S

    You should open a request here: https://redmine.pfsense.org/

  • CE install not available in install, only shows plus

    3
    0 Votes
    3 Posts
    333 Views
    stephenw10S

    I can remove your NDI if you send it to me in chat. Or if you upgrade to 2.7.2 first you will see 2.8.0 offered.

  • How to redirect IPv4 *and* IPv6 NTP traffic

    7
    0 Votes
    7 Posts
    513 Views
    JKnottJ

    @ChrisJenk said in How to redirect IPv4 *and* IPv6 NTP traffic:

    Any idea how I can redirect IPv6 NTP traffic alongside IUPv4 NTP traffic?

    What I did was find what host name they were using and created an alias to my home server.

  • multicast inconsistant

    49
    0 Votes
    49 Posts
    6k Views
    M

    To update on this problem, it is solved with the CE 2.8 version

  • RAM Disks not sizing properly

    7
    0 Votes
    7 Posts
    586 Views
    S

    The 4200 must be one such model. I restored to a new one using ECL (super handy not to need to connect to it), noted it hadn't enabled the RAM disks (presumably, needed a restart), and then it remained the default 40/60 after a couple of boots. Not sure if that means the values get set sometimes, or it's been that way for months...seems like I would have noticed before now. Anyway I see it's fixed in 25.03 as noted.

    For those worried about drive wear there is https://redmine.pfsense.org/issues/16210.

  • What am I missing? Migrating SG-1100 to USB storage

    8
    0 Votes
    8 Posts
    577 Views
    N

    @stephenw10

    Good news. I was able to format the USB drive as UFS, reinstalled, and everything is up and running on my (now) backup 1100.

    Interestingly, on this one it configured the /VAR disk for 120MB as I had set in the configuration, rather than limiting it to 60MB as the other device did. I am guessing that the Restore process just sets it to whatever the configuration is and it doesn't have the UI glitch holding it at 60MB.

    Thanks so much for your assistance (again), Stephen. Very much appreciated.

  • Log rotation problems (?) after pfSense+ update(s)

    3
    0 Votes
    3 Posts
    232 Views
    stephenw10S

    If you have Snort or Suricata installed make sure the log settings for those are saved as something useful.

  • Proper way to upgrade pfSense CE 2.4.5_1 to latest

    3
    0 Votes
    3 Posts
    276 Views
    stephenw10S

    Yup just install 2.8 clean and restore your config into it. There's little point in trying to upgrade an ancient 2.4.5 install.

  • 0 Votes
    14 Posts
    2k Views
    F

    Confirmed still an issue as of May 2025 with pfSense CE 2.8.0 and Status Traffic Totals package version 2.3.2_7

    I also updated the Redmine bugtracker: https://redmine.pfsense.org/issues/11797

  • What site-to-site solution supports Avahi reflection?

    16
    0 Votes
    16 Posts
    949 Views
    stephenw10S

    Mmm. Fun*. Yeah I still agree this all seems like a workaround to force something that wasn't designed to work that way. There must be a better way...

  • pfSense 2.8.0 RC to RELEASE Unsuable!

    4
    0 Votes
    4 Posts
    641 Views
    stephenw10S

    Hmm, so mostly stuff in Tailscale. Except the Ubuntu updates, which is hard to explain. Nothing should have changed there.

  • Plug SG-1100 being updated into LAN switch for Internet access?

    19
    0 Votes
    19 Posts
    743 Views
    stephenw10S

    The beta is pretty stable. I'm running it as my edge here without issue. If you are running ZFS so you can roll back then I would try it.

  • Internet Passthrough

    3
    0 Votes
    3 Posts
    262 Views
    S

    @stephenw10

    I've managed to get this to work. Thank you for the pointer.

  • Interface and Rules

    11
    0 Votes
    11 Posts
    648 Views
    G

    @SteveITS said in Interface and Rules:

    https://docs.netgate.com/pfsense/en/latest/firewall/fundamentals.html#stateful-filtering

    "Using this mechanism, traffic need only be permitted on the interface where it enters the firewall. When a connection matches a pass rule the firewall creates an entry in the state table. Reply traffic to connections is automatically allowed back through the firewall by matching it against the state table rather than having to check it against rules in both directions. This includes any related traffic using a different protocol, such as ICMP control messages that may be provided in response to a TCP, UDP, or other connection."

    You are right. Thanks a lot!

  • Which domains for pfSense update only?

    7
    0 Votes
    7 Posts
    402 Views
    S

    Thanks @stephenw10 I give feedback a soon I can test it.

  • Connect Another Firewall with its own LAN into Pfsense

    8
    0 Votes
    8 Posts
    425 Views
    stephenw10S

    Then it will probably be NATing by default. You'll need to disable it if you want pfSense to see traffic from the subnet behind it.

  • How do I discover ISP's PPPoE credentials and connection settings?

    7
    0 Votes
    7 Posts
    450 Views
    S

    @stephenw10 said in How do I discover ISP's PPPoE credentials and connection settings?:

    I assume you have no access to the ISP device config interface? What device is that exactly?

    The site is in another city, but I guess it's a ZTE. It allows access on the LAN, but you cannot configure WAN, or view configuration.

    @stephenw10 said in How do I discover ISP's PPPoE credentials and connection settings?:

    The ISP doesn't actually have to use individual credentials at all. BT in the UK for example use the same login for all devices. They know who you are by what line you're connecting on.

    This one does use credentials. But they probably know who you are by the line.

    @stephenw10 said in How do I discover ISP's PPPoE credentials and connection settings?:

    You could probably also bridge some ports in pfSense and use that instead of the switch mirror port to pcap on.

    That was my thinking exactly. I'll try that the next time. I cannot call and ask them to undo what they've just done.

  • Unable to configure notifications using port 587

    4
    0 Votes
    4 Posts
    276 Views
    GertjanG

    @wineguy said in Unable to configure notifications using port 587:

    I expected that it would default to the 'From email address', which would make a nice enhancemen

    Noop.
    The "From" is the mail address from which you send the mail.
    This can be different one as the USER login credential, needed for submission over port 587 (smtp with authentication) to work. These two can be identical, true.

    @wineguy said in Unable to configure notifications using port 587:

    So, another nice enhancement would be to require a username and password when port 587 is selected.

    '587' or submission means (imho - check with RFC ?) : must authenticate.

    You could go one step beyond :
    Set up your mail server to use plain TLS, or SMTPS, normally over port 465. Most FAI's - look how gmail does things - don't use - or should I say : don't enforce the use of 587 anymore. It's TLS all the way = port 465, which means : from byte zero all is TLS.
    You can pick any port actually, as it would be used by your mail clients, the ones you control.

  • NTP set to time.google.com not working after reboot

    40
    0 Votes
    40 Posts
    2k Views
    R

    @johnpoz ~ I also added filter-AAAA to the DNS forwarder's Options so I think I've now killed IPv6 in every way possible on my firewalls! :o)

    Roy...

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.