• 1gbe throttling

    2
    0 Votes
    2 Posts
    424 Views
    S

    @shawnmichalski see if this thread helps (as much as it can). I thought I remembered another but found this one. https://forum.netgate.com/topic/179884/hoping-for-10gbps-getting-sub-1gbps-speed-xeon-e3-1270-v5-3-6ghz/

  • Strange DNS behaviour

    14
    0 Votes
    14 Posts
    2k Views
    bmeeksB

    @johnpoz said in Strange DNS behaviour:

    @bmeeks I for sure wouldn't be a fan of that - when I sniff I should be be seeing whats actually going on the wire, or what is coming in on the wire - before any "filtering" of it could happen.

    I'm not 100% positive that is the case in this instance, but I can see how theoretically it could happen. Depends on exactly how the packet path is altered when both PCAP and netmap are in use at the same time.

  • Reroot exposes SSH, Telnet, Web UI to WAN

    29
    0 Votes
    29 Posts
    4k Views
    U

    @jimp I gave up, the download speed was around 2Mbps with TOE enabled.

  • WAN under 200 megs

    4
    0 Votes
    4 Posts
    525 Views
    T

    Thanks SteveITS and Dobby_. It appears to be an ISP issue. I plugged my laptop in and was only getting 300 Mbps. Guess I should have really tried the basic stuff first. Thank you for your time and assistance!

  • Frequency of security updates

    16
    1 Votes
    16 Posts
    2k Views
    Dobby_D

    For the system (OS) FreeBSD

    it comes from the FreeBSD team
    fixes and updates or upgrades

    For the pfSense itself there will be more options;

    pfSense-upgrade or option (13) in console pkg update or upgrade
    for the entire pkg`s such snort, suricata,.... Patch system inside of pfSense
    Recommended or custom patches option Package maintainers can fix something
    Available over the pkg system (updates)

    What more is needed or flat Who is offering
    more options? Or otherwise wich options are
    beloved to see or have here on top?

    pfSense 23.05 release (latest)
    123-23.05 release vuln. latest.jpg

    pfSense 2.7 Devel (latest)
    123-2.7 devel vuln. latest.jpg

    You see in 2.6 CE much patches are available and also recommended, but in 2.7 not anymore, because they are fleeting in that code of the
    new 2.7 CE version.

    In 23.05 Release where things also solved out
    and during the installation it was also updating / upgrading the squid & SquidGuard package I
    was reading something about, automatically!

    And by side it is not really a point to find a vuln.
    anywhere inside, it must be also able to use in the
    used or installed software and does then also affect things or functions where it can be used.
    This is not even present and able to use for others
    and the software. For sure it may be also a thing
    how things will be implemented, but if I personally trust not the coder of my firewall software, who should I trust then? And this is
    the other point on the other end of the line.

  • 2.6 to 23.05 - vlans and openvpn won't route to the internet

    Moved
    4
    0 Votes
    4 Posts
    453 Views
    jimpJ

    If you followed all those tests and checked everything is asked you to check, something must not have matched up along the way. Something had to be missing or different vs the expected behavior.

  • Performance / Hardware

    11
    0 Votes
    11 Posts
    1k Views
    RobbieTTR

    I added a System Tunable via the GUI via System/Advanced/System Tunables/Edit

    Edit Tunable Tunable: net.isr.dispatch Value: deferred Description: PPPoE single core tuning [default value=direct]

    Although I resorted to the CLI just to check the setting had changed:

    [23.05-RELEASE][admin@Router-8.*******.me]/root: sysctl net.isr.dispatch net.isr.dispatch: deferred [23.05-RELEASE][admin@Router-8.*******.me]/root:

    I'll monitor the cpu load and any impact elsewhere.

    ☕️

  • Opnevpn client to site and change password domain user

    7
    0 Votes
    7 Posts
    780 Views
    stephenw10S

    Hmm, well that still sounds like a Windows problem. Nothing pfSense can do about that. I do recall some discussion of running the OpenVPN client as a service so it's connected before login. That should be here on the forum somewhere.

    Edit: https://forum.netgate.com/post/969315

  • Black List Sorunu Hk.

    1
    0 Votes
    1 Posts
    108 Views
    No one has replied
  • prompt on new device to network.

    9
    0 Votes
    9 Posts
    999 Views
    M

    @keyser the authenticator application is called authelia. All incoming traffic passes through PfSense then the majority goes to my NAS that runs several applets. One of them is traefik which acts as the networks proxy server. All apps are resolved internally via PfSense (so, when internally I go to audiobooks.mywebsite.org it doesn't leave the network. Anyway, that's separate from this.

    A captive portal is just a webpage that requires authentication of some kind to proceed to connection. I'm just creating an airlock system in my network that also notifies me of new connections. It's essentially nothing fancier than what is effectively 2 captive portals wherein you can't reach the second without passing through the first.
    All of this was pretty well explained above. And repeatedly.

  • how to make /etc/file stick?

    1
    0 Votes
    1 Posts
    147 Views
    No one has replied
  • LCP no reply to echo requests

    23
    0 Votes
    23 Posts
    6k Views
    T

    @stephenw10 Guess I need to prove it - assuming I get a few more days without incident, there are some settings to disable EEE which I'll try with the old wiring setup and see if that's stable.

    Problem is that I've had many months of stability in the past - so unless it shows an incident pretty quick I may not know.

    FYI - seems that this site may describe the innards of the ONTs - it's in a BT Openreach branded box but otherwise all the lights and sockets match.

    Nokia ONT chipsets

    Paul

  • ldap group allow ovpn

    1
    0 Votes
    1 Posts
    130 Views
    No one has replied
  • Unable to access webconfigurator

    1
    0 Votes
    1 Posts
    149 Views
    No one has replied
  • Routing forwarded packets back through OpenVPN connection

    10
    0 Votes
    10 Posts
    553 Views
    D

    @viragomann

    You were right my friend, thank you thank you thank you. I was nearing giving up on this project lol. Was about to plug the broken router back in for now.

    My OpenVPN config was 'tap' mode, which mainly was because of the previous system requiring me to use it. I didnt think it would cause to much problems but behind the scenes what needed to happen was not happening. I had no gateway interface being configured (thats why i had added one a couple times for testing).

    I've set it to a /30 and 'tun' mode and it seems to be working without further input now.

  • dropping connections between subnets

    1
    0 Votes
    1 Posts
    240 Views
    No one has replied
  • [Solved] What about patches when upgrading to 23.05?

    5
    0 Votes
    5 Posts
    564 Views
    F

    @jimp Thanks! Will make a note of that :)

  • SQLite databases are very large

    8
    0 Votes
    8 Posts
    945 Views
    S

    Resolved issue in Sunny Valley Forum.

    Now back under control, and have new script to see how large these files are in compressed and uncompressed size

    find . -type f -iname "*all.sqlite" -exec sh -c "echo -n ' de-compressed: '; du -Ah '{}'; echo -n 'compressed (used): '; du -h '{}'; echo ' '" \; de-compressed: 44K ./usr/local/datastore/sqlite/alert_all.sqlite compressed (used): 4.5K ./usr/local/datastore/sqlite/alert_all.sqlite de-compressed: 8.0K ./usr/local/datastore/sqlite/sip_all.sqlite compressed (used): 4.5K ./usr/local/datastore/sqlite/sip_all.sqlite de-compressed: 73M ./usr/local/datastore/sqlite/tls_all.sqlite compressed (used): 30M ./usr/local/datastore/sqlite/tls_all.sqlite de-compressed: 443M ./usr/local/datastore/sqlite/conn_all.sqlite compressed (used): 187M ./usr/local/datastore/sqlite/conn_all.sqlite de-compressed: 184M ./usr/local/datastore/sqlite/dns_all.sqlite compressed (used): 78M ./usr/local/datastore/sqlite/dns_all.sqlite de-compressed: 58M ./usr/local/datastore/sqlite/http_all.sqlite compressed (used): 12M ./usr/local/datastore/sqlite/http_all.sqlite
  • How to hack built-in DHCP Client pfrule?

    18
    0 Votes
    18 Posts
    2k Views
    keyserK

    @stephenw10 Yep, that’s what my testing shows.

  • User based policies on pfSsene

    2
    0 Votes
    2 Posts
    368 Views
    NollipfSenseN

    @ali_jobia I take it you looked at this: https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html
    and this: https://docs.netgate.com/pfsense/en/latest/captiveportal/index.html
    https://forum.netgate.com/topic/83082/pfsense-squid-squidguard-for-captive-portal-with-ldap-auth-title-edited

    Then see whether this applies to you case: https://redmine.pfsense.org/issues/10749

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.