• NAT not working in Multi-WAN environment

    17
    0 Votes
    17 Posts
    3k Views
    M

    Just upgraded from 2.3.3 to 2.4.0, bug is fixed, Problem solved! :D

  • Sysctl boot message: empty numeric value

    6
    0 Votes
    6 Posts
    1k Views
    w0wW

    No, if you are restoring from older version to new or upgrading, then this section is just moved, but it would be good if pfsense cleans unmodified/unused values and leaves or merges only user modified entries.

  • Suricata inline mode hides outbound traffic graphs

    5
    0 Votes
    5 Posts
    1k Views
    E

    Too quick, my bad…
    First dashboard viewing after the update, showed outbound traffic graphs but after a refresh, it stopped working.
    So still an issue for me.

  • MOVED: This is why I wont be reporting any more bugs.

    Locked
    1
    0 Votes
    1 Posts
    710 Views
    No one has replied
  • ALTQ broken on igb

    9
    0 Votes
    9 Posts
    2k Views
    jimpJ

    https://redmine.pfsense.org/issues/7102#note-9

  • Unbound issues on boot

    23
    0 Votes
    23 Posts
    4k Views
    C

    yeah I know, but its still shrewd to have it not listening as one should never rely on just one security layer.

  • 2.4.0-BETA and Minnowboard Max; installation got stuck

    1
    0 Votes
    1 Posts
    579 Views
    No one has replied
  • 0 Votes
    3 Posts
    869 Views
    B

    yeah anytime you change the file structure your going to have to reinstall stuff.

  • RAM Disk Management PR Discuss

    7
    0 Votes
    7 Posts
    3k Views
    N

    Here's a procedure that may be better for testing this without the VM/hard reset induced gap.  Basically run the backups manually from command prompt.  Then after applying the patch, halt to stop cleanly.  Using halt should be more UFS friendly than doing a dirty/hostile hard reset.  Whereas ZFS doesn't seem to mind the hard reset.

    Enable RAM Disk

    Percolate some monitoring data for a few minutes.

    Run the backups manually from console command prompt.
    /etc/rc.backup_aliastables.sh
    /etc/rc.backup_dhcpleases.sh
    /etc/rc.backup_rrd.sh

    Apply the patch.
    playback gitsync –minimal --diff --show-files git://github.com/NOYB/pfsense.git RAM_Disk_Management

    Stop and restart so the system upgrades.
    halt

    Check upgrade result.
    a) Verify monitoring graphs and RAM disk backup files.
    b) Reboot
    c) Verify monitoring graphs and RAM disk backup files.

  • Openvpn 2.4 and pia

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Another crash after vpn crash…

    3
    0 Votes
    3 Posts
    800 Views
    S

    Ok thanks Chrys.  I have tried a new ssd but it still crashed after that.  I will test the ram if I get any more , latest snapshot so far so good…

  • Dhcp6c client no release option and user configurable DUID.

    6
    0 Votes
    6 Posts
    1k Views
    C

    is there lag between commit and code on updates?

    I updated this morning but no DUID box in WAN settings.

    Apologies I just read marjohn's post and it is there, I was looking in wrong place.

  • OpenVPN 2.4 & OpenVPN Manager

    6
    0 Votes
    6 Posts
    2k Views
    jimpJ

    OK, so I apparently misread things in one place or another and was wrong here. OpenVPN docs can be quite detailed but they lacked some detail here that could have made things much more clear.

    The OpenVPN 2.4 client installs a service, OpenVPNServiceInteractive ("OpenVPN Interactive Service") and sets it to run.
    As long as that service is running, the OpenVPN 2.4 GUI will talk to the service and it does not require Admin privileges.

    So the manager is no longer needed, it seems. More testing would be appreciated.

    While I am updating it for OpenVPN 2.4, I'm going to remove the manager from the OpenVPN client export package as it is no longer necessary.

  • Crash with report (Wan Link issues again)

    5
    0 Votes
    5 Posts
    1k Views
    D

    Just wanted to update for closures sakes

    After a few weeks of trying to fix it i think i finally have my zotac box stable, no "watchdog timeout" and loss of WAN IP under heavy load in about 8 days. Longest run ever.

    Need to test for a longer period of time for stability , but what i did was compile the latest realtek freeBSD driver (1.92) and load it on start up using kldload. Seems ok for now.

    Before all this NOTHING was working stable. Always crashed on the WAN ip (watchdog timeout) no matter what interface it was assigned to (re0 - re1)

  • AES-NI not selectable and graph weirdness

    5
    0 Votes
    5 Posts
    1k Views
    A

    Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine.

    Source: https://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported#OpenVPN

    Not sure where "OpenVPN should be set for AES-128-CBC and have cryptodev enabled for hardware acceleration" comes from, I think it might be valid for ALIX boards with "Geode LX Security Block" selected.

  • Crash report after latest snapshot today

    4
    0 Votes
    4 Posts
    869 Views
    S

    Thanks  for sorting. Seems all good now.

  • Issues with Cloudflare Dynamic DNS

    12
    0 Votes
    12 Posts
    3k Views
    4

    @PiBa:

    Yes that is the general idea behind it, get the headers just before they are 'required', and quite a bit 'cleaner' than my previous solution :D. its even including some cleanup and a bugfix for another provider. If you could verify that it works properly for you as i don't use CloudFlare which seems to be the most curl involved option in that location.. Ill send a pullrequest to get it integrated.

    Sorry I didn't test this sooner but this worked!  I'll have to make a new thread requesting to add a checkbox or something to only use the domain part of the update. I did fix it myself by adding a condition that if there is only an underscore in the hostname, then only use the domain part.

  • Really weird case

    4
    0 Votes
    4 Posts
    1k Views
    M

    Yeah confirmed…
    Disabled Ipsec, rebooted only one box and all works as expected...

  • Snapshot changelogs

    3
    0 Votes
    3 Posts
    857 Views
    C

    great thanks :)

  • 2.4 ZFS on a SSD

    20
    0 Votes
    20 Posts
    5k Views
    C

    @amiskell:

    Simple solution is to create a dataset for those types of applications (ntop/squid/etc) and put a quota on them so they can't exceed a certain capacity with their outputted data.

    you beat me to it, if there is concern on here about zfs filling up then it may be a good idea to have the installer set a quota for the data filsets to 95% or so of capacity making the deadlock situation impossible.

    I have a lo of experience with both zfs and ufs on FreeBSD tho and I am very confident in saying zfs is by far the safer filesystem.

    My pfsense box has a 60gig ssd of which 3.3gig is used, I think I will be ok. :)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.