• 23.01 upgrade no longer sees ada1

    Moved
    10
    0 Votes
    10 Posts
    2k Views
    stephenw10S

    Yes that same fix is in the current 23.05 code.

  • pfsense as a client not a firewall.

    9
    0 Votes
    9 Posts
    966 Views
    stephenw10S

    In a virtual install like that I'd usually expect to see the LAN assigned to an interface connected to an internal only bridge. Such that other VMs on that bridge use pfSense as their gateway and traffic to/from them can be filtered.

    Steve

  • PFSense Release 2.5 + OpenVPN 2.5 broken? Any fixes?

    118
    0 Votes
    118 Posts
    33k Views
    N8LBVN

    @stephenw10 Hi,
    Upgrading fails in all cases I have tried if upgrading from 2.6.0
    Hyper-V and 4 different PC hardware routers I have tried it on.
    I have two separate threads I started on that yesterday.
    in the dev section for 2.7.0 CE
    It used to work awhile back but at some point along the way it no longer works.
    You can't upgrade from 2.6.0 to 2.7.0 dev latest
    Well- you can but it results in an unbootable kernel or driver immediate failure when it goes
    to reboot.
    But works fine if you install the 2.7.0 CE memstick and then update from that.
    That is my work-around and I'm very happy that at least works.
    2.7 openvpns setups stay up like they're supposed to :)

  • not sure if i configured Host Overrides correctly

    2
    0 Votes
    2 Posts
    346 Views
    stephenw10S

    That should work. Easy to test from a client using pfSense for DNS though. Just see if they resolve to 192.168.0.32.

    Steve

  • How can I troubleshot these log messages

    9
    0 Votes
    9 Posts
    824 Views
    stephenw10S

    @guardian said in How can I troubleshot these log messages:

    Is there any reliable way to tell if unbound is really hung, or if it's just busy reloading?

    Not really. Since if it takes that long to load the config Unbound really isn't running during that time.

    You should not use the Service Watchdog for Unbound.

  • frequent outages

    3
    0 Votes
    3 Posts
    406 Views
    J

    @cappie thank you for the reply. i have updated the drivers and rebooted, appears the interfaces were updated successfully. i'll continue to monitor the status over the weekend

  • PHP Error in 23.01 at Status Interfaces

    3
    0 Votes
    3 Posts
    424 Views
    F

    @stephenw10 Thanks! That did indeed solve my issue.

  • Xiaomi phones trying to acces port 80 of the firewall

    2
    0 Votes
    2 Posts
    462 Views
    stephenw10S

    Almost certainly just poorly configured by default rather than anything malicious. Any real attack or scan would be across a range of ports/services and wouldn't waste time hitting the same port repeatedly.

    If you change the rule to reject instead of block they might get the message and stop trying.

    Steve

  • GNUPG install on PFSense

    Moved
    6
    0 Votes
    6 Posts
    753 Views
    johnpozJ

    @mephmanx said in GNUPG install on PFSense:

    organization background tasks that are backed by git repos for config and update purposes.

    Why would you do this on the "firewall" wouldn't those make more sense to do on some resource inside the org? What part of the firewalls role do these tasks help with?

    Problem I have seen over the years is people think oh well this "box" I have is only using like 3% of its cpu doing its current thing, why not just leverage these unused cycles for doing other than firewall things..

    Is that the case here? Do you not have some other resource on your network that could perform these background tasks?

  • How to block a specific MAC address using pfSense

    7
    0 Votes
    7 Posts
    2k Views
    M

    @johnpoz thank you for your reply and suggestions.
    thank you to all of you, guys.

    I really appreciated your help.

    Regards,
    Mauro

  • Upgrade to 23.01 resulted in no internet access

    Moved
    19
    2 Votes
    19 Posts
    3k Views
    stephenw10S

    You can spoof the MAC address on the VLAN parent interface. So assign/enable that, if it is not already, and apply the MAC there.

  • How to restore config from 5100 to 2100?

    5
    0 Votes
    5 Posts
    538 Views
    R

    @rloeb Instant turnaround from Netgate support!!! Got it running. Now need to update system version.

  • 0 Votes
    17 Posts
    5k Views
    E

    @getcom dang man! i feel for you. keep up the good work and keep those ruzzkies out !!!

  • 0 Votes
    8 Posts
    831 Views
    GertjanG

    @cniles said in Need hlep with Captive Portal. I had it working but I changed somthing and can't get it to work:

    but I changed a setting, and the captive portal will not show up

    Like what ?
    Disable the captive portal network interface ? (sorry, had to ask that)
    No info can not generate useful info.

    The sited "captive-portal-does-not-redirect" link above is not some kind of optional step : you have to follow it.

    Added to these steps, I'll add :

    Take note of the interface on which the portal runs :

    942cfca3-0303-4f25-9fe8-cef146119f31-image.png

    and then de activate the portal :

    70cc5b63-b108-4050-97a3-8d26748331b5-image.png

    and save.

    Get the network settings of the interface on pfSense :

    b417c976-ba99-427d-8536-c9e9633f9123-image.png

    and that it has a /24 mask/size (to the right of the IP)

    and also check that the DHCP server is activated on that interface.

    Check that the resolver has the 'good' settings :

    939c028f-e592-4828-8fd8-f1232d078f52-image.png

    Note : the SSL/TLS Certificate is a "don't care" here.

    Now locate (physical) on pfSense and test this interface.

    When you connect to it, lookup up the IP you received. It must be an IP in the portal network you've found above.
    Also, what was the gateway you received ? And the DNS. These two must be identical the the pfSense IP for your portal network.

    What are the firewall rules for the portal interface ?

    For testing purposes, you should use this rule :

    f70d6727-8d9e-4b69-8042-ea9c4c364def-image.png

    Later on, you can change - or remove - this rule for more, restricting rules.

    On the device your using to test, preferably a PC type device, test DNS.
    It has to work.

    The above steps tell you that the interface works fine.

    If you have any questions, tell us.

    Btw : up until here, everything I've mentioned and showed is pretty 'default', no special settings are needed.
    You've probably figured out that my example is using a dedicated Network for the captive portal. That's because a captive portal is a special case network : it should host devices that you don't 'trust', as it is meant to be an access for visiting devices. Your own devices should be on the default LAN interface.
    This makes things easier to implement and understand. Its not mandatory.

  • Failover LAGG of LACP LAGGs (Nested LAGG)

    16
    0 Votes
    16 Posts
    3k Views
    P

    @stephenw10 Yeah, I also noticed the error messages while trying to establish the bond on the command line.

    All my other devices are Linux based and there it is absolutely not problem to have two LACP bonds in another active-backup bond. This has been working reliably for years. I've been tinkering with OpenWRT in the recent hours, and there it's also possible.

  • Netgate 1100 high memory utilization

    3
    0 Votes
    3 Posts
    470 Views
    A

    @steveits said in Netgate 1100 high memory utilization:

    ZFS ARC

    Thank you, did it and now it looks more "normal".
    0177cdce-1b2a-42a0-a947-6a7ec19f28ea-imagen.png

  • Odd dns replies from ARIN and now another server

    11
    0 Votes
    11 Posts
    1k Views
    johnpozJ

    @phlmike said in Odd dns replies from ARIN and now another server:

    I only use pfBlockerNG

    A quick google for pfblocker and PTR seems to point to it doing them.. I don't use most of pfblocker functionality - I only use to mange some aliases via geoip and other lists for native aliases.

    Nor have I noticed any sort of blocks from dns root or gltd or in-appr servers.. But if I had to guess it prob related to that.. flagging @BBcan177 as he would be the guy to when and how pfblocker might do ptrs.. But even if was doing them the responses shouldn't be blocked unless issue with states or the answer coming in on on some interface pfsense doesn't expect the answer to come on

  • Unable to register token

    23
    0 Votes
    23 Posts
    3k Views
    B

    @bavcon22 Solution is to order another home Licence for pfsense+. It Would Be Nice if the licence will not be lost when the hardware changed.

  • 0 Votes
    6 Posts
    654 Views
    I

    @stephenw10 No issues found. :/

  • Unable to carry traffic back and forth between WAN and LAN

    Moved
    3
    0 Votes
    3 Posts
    357 Views
    stephenw10S

    That ^.

    It sounds like you may be confusing the WAN and LAN addresses. The webgui will be accessible on both the WAN and LAN IP addresses from a client on the LAN side.
    All traffic inbound on the WAN side is blocked by default.

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.