Subcategories

  • Announcements and information about pfSense software posted by the project team

    215 Topics
    3k Posts
    brezlordB

    UI Update output.

    >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching data.pkg: . done Processing entries: . done pfSense-core repository update completed. 5 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching data.pkg: .......... done Processing entries: .......... done pfSense repository update completed. 733 packages processed. All repositories are up to date. >>> Setting vital flag on pkg...done. >>> Setting vital flag on pfSense...done. >>> Renaming current boot environment from 25.03 to 25.03_20250719205419...done. >>> Cloning current boot environment 25.03_20250719205419...done. >>> Removing vital flag from php83...done. >>> Upgrading packages in cloned boot environment 25.03... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (10 candidates): .......... done Processing candidates (10 candidates): .......... done The following 10 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: if_pppoe-kmod: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense-base: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-boot: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-default-config-serial: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-kernel-pfSense: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-pkg-Nexus: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-pkg-System_Patches: 2.2.21_1 -> 2.2.21_2 [pfSense] pfSense-repoc: 20250419 -> 20250520 [pfSense] unbound: 1.22.0_1 -> 1.23.0 [pfSense] Number of packages to be upgraded: 10 The operation will free 12 MiB. 214 MiB to be downloaded. [1/10] Fetching unbound-1.23.0.pkg: .......... done [2/10] Fetching pfSense-pkg-System_Patches-2.2.21_2.pkg: ......... done [3/10] Fetching if_pppoe-kmod-25.07.r.20250715.1733.1500029.pkg: ... done [4/10] Fetching pfSense-pkg-Nexus-25.07.r.20250715.1733.pkg: .......... done [5/10] Fetching pfSense-kernel-pfSense-25.07.r.20250715.1733.pkg: .......... done [6/10] Fetching pfSense-base-25.07.r.20250715.1733.pkg: .......... done [7/10] Fetching pfSense-25.07.r.20250715.1733.1500029.pkg: .......... done [8/10] Fetching pfSense-boot-25.07.r.20250715.1733.pkg: .......... done [9/10] Fetching pfSense-default-config-serial-25.07.r.20250715.1733.pkg: . done [10/10] Fetching pfSense-repoc-20250520.pkg: .......... done Checking integrity... done (0 conflicting) [1/10] Upgrading unbound from 1.22.0_1 to 1.23.0... ===> Creating groups Using existing group 'unbound' ===> Creating users Using existing user 'unbound' [1/10] Extracting unbound-1.23.0: .......... done [2/10] Upgrading pfSense-repoc from 20250419 to 20250520... [2/10] Extracting pfSense-repoc-20250520: .. done [3/10] Upgrading if_pppoe-kmod from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [3/10] Extracting if_pppoe-kmod-25.07.r.20250715.1733.1500029: .. done [4/10] Upgrading pfSense-boot from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [4/10] Extracting pfSense-boot-25.07.r.20250715.1733: .......... done [5/10] Upgrading pfSense-pkg-System_Patches from 2.2.21_1 to 2.2.21_2... [5/10] Extracting pfSense-pkg-System_Patches-2.2.21_2: .......... done [6/10] Upgrading pfSense-pkg-Nexus from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [6/10] Extracting pfSense-pkg-Nexus-25.07.r.20250715.1733: .......... done [7/10] Upgrading pfSense-kernel-pfSense from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [7/10] Extracting pfSense-kernel-pfSense-25.07.r.20250715.1733: .......... done [8/10] Upgrading pfSense-base from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [8/10] Extracting pfSense-base-25.07.r.20250715.1733: ... done ===> Keeping a copy of current version mtree ===> Removing schg flag from base files ===> Extracting new base tarball ===> Removing static obsoleted files [9/10] Upgrading pfSense from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [9/10] Extracting pfSense-25.07.r.20250715.1733.1500029: .......... done [10/10] Upgrading pfSense-default-config-serial from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733: [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733... done Failed
  • Discussions about pfSense software that do not fit into one of the more specific categories below.

    27k Topics
    189k Posts
    stephenw10S

    Cool. Yup there was a backend issue last night. It should be fixed now.

  • Discussions about Multi-Instance Management.

    12 Topics
    100 Posts
    M

    You're right, that will work on the upcoming pfSense+ 25.07 release.

  • Discussions about installing or upgrading pfSense software

    10k Topics
    62k Posts
    S

    @Patch Thanks, I am kind of hoping if I can figure out exactly where it needs to be mounted I can use the steps that were provided in other threads to fix the EFI. The steps used before clearly work and even help with the size of the EFI partition. My problem is figuring out where exactly /boot/efi should be mounted to create the backup of the files and the perform the rest of the steps. In what I have been finding, there possibly could be a few places to mount /boot/efi. I ran a geom -t just a bit ago and it pointed me to likely needing to mount it at /dev/ada0p1. The output of geom -t was:

    Geom Class Provider ada0 DISK ada0 ada0 DEV ada0 PART ada0p1 ada0p1 DEV msdosfs.ada0p1 VFS ada0 PART ada0p2 ada0p2 DEV ada0p2 LABEL gptid/ac11fbb1-5651-11e8-b5a2-00907fd0950c gptid/ac11fbb1-5651-11e8-b5a2-00907fd0950c DEV ffs.gptid/ac11fbb1-5651-11e8-b5a2-00907fd0950c VFS ada0 PART ada0p3 ada0p3 DEV ada0p3 LABEL gptid/ac128803-5651-11e8-b5a2-00907fd0950c gptid/ac128803-5651-11e8-b5a2-00907fd0950c DEV swap SWAP

    I see in that output in shows msdosfs.ada0p1, and the rest lines up with what is in /dev/gptid and /etc/fstab. It also lines up with the output of gpart list showing ada0p1 as type efi:

    Geom name: ada0 modified: false state: OK fwheads: 16 fwsectors: 63 last: 488397127 first: 40 entries: 128 scheme: GPT Providers: 1. Name: ada0p1 Mediasize: 209715200 (200M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 20480 Mode: r1w1e2 efimedia: HD(1,GPT,ac1172b7-5651-11e8-b5a2-00907fd0950c,0x28,0x64000) rawuuid: ac1172b7-5651-11e8-b5a2-00907fd0950c rawtype: c12a7328-f81f-11d2-ba4b-00a0c93ec93b label: (null) length: 209715200 offset: 20480 type: efi index: 1 end: 409639 start: 40 2. Name: ada0p2 Mediasize: 245677162496 (229G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 209735680 Mode: r1w1e2 efimedia: HD(2,GPT,ac11fbb1-5651-11e8-b5a2-00907fd0950c,0x64028,0x1c99c000) rawuuid: ac11fbb1-5651-11e8-b5a2-00907fd0950c rawtype: 516e7cb6-6ecf-11d6-8ff8-00022d09712b label: (null) length: 245677162496 offset: 209735680 type: freebsd-ufs index: 2 end: 480247847 start: 409640 3. Name: ada0p3 Mediasize: 4172430848 (3.9G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 245886898176 Mode: r1w1e1 efimedia: HD(3,GPT,ac128803-5651-11e8-b5a2-00907fd0950c,0x1ca00028,0x7c591f) rawuuid: ac128803-5651-11e8-b5a2-00907fd0950c rawtype: 516e7cb5-6ecf-11d6-8ff8-00022d09712b label: (null) length: 4172430848 offset: 245886898176 type: freebsd-swap index: 3 end: 488397126 start: 480247848 Consumers: 1. Name: ada0 Mediasize: 250059350016 (233G) Sectorsize: 512 Mode: r3w3e8
  • Discussions about firewalling functionality in pfSense software

    10k Topics
    59k Posts
    johnpozJ

    @rasputinthegreatest well blocking and not log would just be any any udp to that ff0e::c address or port 1900 anything, etc. And don't have it log.

    As to the scanners - that is a pfblocker alias I have.. And put that in a floating rule.

    scandeny.jpg

  • Discussions about Network Address Translation (NAT)

    6k Topics
    31k Posts
    P

    @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself!

    Hopefully your setup will remain stable going forward.

  • Discussions about High Availability, CARP, and utilizing additional IP addresses

    3k Topics
    12k Posts
    I

    Hello! Same thing here using Dyndns. 2.8 and 2.7.2 side by side, and it doesn't work in 2.8, it's getting the interface address, it doesn't seem to obey the Virtual IP instruction. The virtual IP field selects which (virtual) IP should be used when this group applies to a local Dynamic DNS, IPsec or OpenVPN endpoint.

  • Discussions about Layer 2 Networking, including switching and VLANs

    1k Topics
    10k Posts
    M

    @spickles Not following your entire note. Hopefully this is helpful.

    First, barring hosts that can tag their own traffic, in general every host that you want to place on a VLAN requires either a switch port somewhere to tag traffic onto the desired VLAN or, for WiFi, an AP that can tag hosts on an SSID onto the desired VLAN. (There are some exceptions to this like using a VLAN-aware switch to tag all traffic from a downstream dumb switch and Ubiquiti's Virtual Network Override, but let's not go there ...)

    Second, if the question is whether you can create a port on a pfSense box that can process multiple VLANs as separate subnets, the answer is yes. For example, I have a physical port, igc1, carrying 4 tagged VLANs and an untagged one between pfSense and the downstream switch fabric. pfSense routes for all of them.

    The four tagged VLANs are all tied to igc1 (so, igc1.15, igc1.20, etc.) under Interfaces>VLANs as shown in the first pic. A pfSense Network Port is created for each. Once created, each can be assigned to an Interface and configured with subnets and addresses under Interfaces/Interface Assignments, have DNS, DHCP, Firewall, etc., just like a physical interface. That's the second pic (black boxes to reduce the distraction of the box's other interfaces). So, 4 tagged VLANs plus 1 untagged on a single port. The untagged interface is igc1.

    dd20f6e5-e51c-4a46-9694-99dbf38bb5a0-image.png
    bd53a7c6-22b9-4f41-b89e-c9838a44781c-image.png

  • Discussions about routing and Multiple WAN uplinks (WAN Failover, WAN Load Balancing, etc.)

    9k Topics
    41k Posts
    T

    Hello pfSense users,

    I have 3 WANS. I setup aliases to route different IPs of my LAN subnet to different WANS. The device that is using a VPN (OpenVPN) to connect to the pfsense box is using 10.11.83.0/24 and is assigned 10.11.83.2, I can access the device on the computers that are using the same WAN as the VPN is on. The other computers that are using the other 2 WANS can not access or ping the device.

    Is there a way to set pfSense to route the 10.11.83.0/24 subnet to all the WANS so all the computers can access the device?

    Thanks for any help to this question.

  • Discussions about traffic shaping and limiters

    3k Topics
    16k Posts
    K

    @gemg83 I see what you're saying - it could be the jump from 12.3 to 14 on the BSD side.

    It really hampers the use of limiters in multi-WAN setups so it feels like an important bug (I call it a bug as it doesn't behave at all how the UI or documentation suggests, it's more like using them on a floating rule).

  • Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues

    7k Topics
    42k Posts
    7

    @johnpoz Exactly. You have hit the proverbial nail on the head. I just can't figure out where it is coming from. It doesn't make much sense does it. But like you said earlier, I don't need to spend more time on it. I've modified the script, or rather Google Gemini provided the script for me. ;)

    Hey thanks for all of the help sir. I really appreciate it. If there is any way I can help in future, please let me know.
    Tas

  • Discussions about IPv6 connectivity and services

    2k Topics
    20k Posts
    S

    e.g. https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/opt-lan.html#reject-other-firewall-bound-traffic

  • Discussions about IPsec VPNs

    6k Topics
    24k Posts
    stephenw10S

    @jvangent100 said in Upgrade from 2.7.2 to 2.8.0 ipsec:

    Is this a known issue ?

    No.

    Do you see blocked traffic in the firewall logs?

    Do you see the packet counters on the tunnels increasing still? In either direction?

  • Discussions about OpenVPN

    10k Topics
    53k Posts
    M

    @mav3rick said in OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances:

    So setting openvpn to bind only to the CARP VIP works fine for me

    Multi-WAN with HA there?
    If so, it would be a better idea to run openVPN server on localhost instead.
    This would allow it to receive connections from all WANs.

    No need to select a VIP, just forward packets from the WANs VIPs to localhost.
    You can use DNS, thus the client would connect to the WAN that is UP.
    Or
    You can use two remote entries in the .ovpn, with timeout lets say, 2 seconds.

    Then, just create the NAT rule to access the firewall-2, using the SYNC address as previously mentioned.

  • Discussions about Captive Portal, vouchers, and related topics

    4k Topics
    19k Posts
    stephenw10S

    Maybe you have 'https login' set?

  • Anything that does not fit in other categories related to the webGUI

    2k Topics
    10k Posts
    N

    @Gertjan said in Modifying Login Screen looks / logo.svg:

    so no documented way of doing things.

    Until now :)

    I have tweaked a bit and found out how to clean up the login screen, with the end result like so

    pfsense_simple.png

    This was fairly easily achieved. But remember, I am just a guy, i like to play around with stuff for fun to see how it works and what i can mod, so dont blame me if stuff breaks. Do this at your own risk, and always make sure you can roll back. But really we are just editing some css values and its likely fine, or easily fixed. Because pfSense is built beautifully. So to be more exact, this is how i did it:

    in system > advanced > Admin Access, check 'Enable Secure Shell' , so we can SSH into the pfSense box.

    in System > User Manager > Users, enable the 'admin' user, to enable root access to the SSH server *(It is considered good practice to disable this account afterwards again, to create a separate account from 'admin' and elevate it to the adminstrators group. But in pfsense 'admin' seems to be bound to the Linux 'root' account, so enabling this will allow us to SSH in using the 'root' user and modify the login page.

    In System > General Setup, enable the pfSense-dark theme. *(This is the theme I worked from. The results for other themes may vary)

    and also in System > General setup, select a background colour for the middle part of the login screen. You can add custom colors to this list, by editing /usr/local/www/system.php, near the end of that file is an item called 'Login page color'. You can add one or more items to this comma separated list like: ' "00ff00;" => gettext("newcolorname"), ' and your new color will be selectable.
    But you will have to modify 'login.css' by hand to include your new color if you want a uniform login screen. Since the banner at the top, and the footer at the bottom of the login screen are defined in this file, seperate from the 'login page background' color option you choose here.

    Then, SSH into the pfSense box as user 'root' and the password for the pfSense 'admin' user

    choose option '8) Shell'. (notice the prompt ending in '/root:', indicating you now have root access.

    type 'cd /usr/local/www/css'

    type 'vi login.new', and the VI editor will open a new file.

    press 'i' to start inserting text, then paste the following (right click in putty/kitty will paste the clipboard)

    @import url("/css/logo.css"); body, html { height: 100%; padding: 0; margin: 0; background-color: #000000; } body { width: 100%; } header { } #headerrow { position: fixed; height: 90px; top: 0; width: 100%; background-color: #000000; } .pagebody { position: absolute; top:90px; bottom:25px; width: 100%; color: #2a8c8e; overflow: hidden; } .pagebodywarn { position: absolute; top:140px; bottom:25px; width: 100%; color: #2a8c8e; } .nowarning { height: 80px; padding-top: 10px; } #hostspan { text-align: right; font-weight: bold; color: #ff0000; text-shadow: 2px 2px 2px #0000ff; } .msgbox { padding-right: 60px; padding-top: 25px; } @media only screen and (max-width : 768px) { /* only size 'xs' and below */ #headerrow { height: 100px; } .pagebody { top: 100px; } .pagebody2 { top: 250px; } .nowarning { height: 60px; } .msgbox { padding-right: 0px; padding-top: 0px; } #hostspan { text-align: center; } } #footertext { position: fixed; height: 1px; bottom: 0; width: 1%; background-color: #000000; color: #000000; text-align: center; } .loginCont { position: absolute; top: 50%; left: 50%; transform: translate(-50%,-50%); height: 55%; width: 80%; } .error-panel a { color: #2a8c8e; } p.form-title { font-family: 'Open Sans' , sans-serif; font-size: 25px; font-weight: 999; text-align: center; color: #ff0000; margin-top: 5%; text-transform: uppercase; letter-spacing: 12px; } form.login { max-width: 270px; margin: 0 auto 20px auto; } form.login input[type="text"], form.login input[type="password"] { width: 100%; margin: 0; padding: 10px 10px; background: 0; border: 0; border-bottom: 1px solid #FFFFFF; outline: 0; font-style: italic; font-size: 18px; font-weight: 600; letter-spacing: 1px; margin-bottom: 5px; color: #FF0000; outline: 0; } form.login input[type="submit"] { width: 60%; font-size: 14px; text-transform: uppercase; font-weight: 700; border: 4; border-color: #ff0000; color: #ff0000; margin-top: 36px; outline: 0; cursor: pointer; letter-spacing: 1px; display: block; margin : 0 auto; margin-top: 36px; background-color: #000000; } form.login input[type="submit"]:hover { transition: background-color 0.5s ease; color: #ffffff; } form.login label, form.login a { font-size: 12px; font-weight: 400; color: #00ff00; } form.login a { transition: color 0.5s ease; } form.login a:hover { color: #2a8e8c; } .logoCol { height: 100%; } #logodiv svg#logo { width: 1px; height: 1%; background-color: #ff0000; } /** Re-style web-kit browser autocomplete boxes (Fixes Chrome's ugly yellow background) **/ @-webkit-keyframes autofill { to { color: #00ced2; background: transparent; } } input:-webkit-autofill { -webkit-animation-name: autofill; -webkit-animation-fill-mode: both; }

    then press 'Escape' to exit editing mode

    write ':wq' to write the text to file and quit the VI editor.

    then write 'mv login.css login.old'

    and 'mv login.new login.css'

    then type 'exit'.

    Then, after you opened your browser and enjoyed your new clean login screen, you can disable the 'admin' user and Secure Shell again :)

    Some notes:

    These modifications will presumably be reset by every update. this is mainly why i made this write up ;)

    The fix for the original question about removing the logo.svg, and the footer, was to make the logo and the footer 1px high by 1% width in the login.css file.

    With minor modifications it is easy to make any 2 color setup with this, by adding a custom color for the background to system.php, and modifying login.css and pfSense.css/pfSense-dark.css to include the new background and foreground color.

    Where it says 'Login to pfSense' is also where the hostname would be if you select the option to display the hostname on the login page. It is possible to remove this text, as well as the 'SIGN IN' text above the user field, by editing the login.css and making the text the same color as the background and 1px high.

    The 'Sign In' button will always fade to the default green button once you press it. I have not yet found how to fix that behavior.

    I have not yet found how to edit the grey color of the 'Username' and 'Password' that are pre-filled in the input boxes. I think that is a default behavior like the green Sign in button on-press, and since it is not defined it is hard to find. The text filled into those boxes do correspond with the red in this theme, and are defined in login.css as well.

    The CSS for pfSense is highly customisable, it will allow for text decorations and some shadow effects up to a limit. above the limit the effect will disable itself.

    If you also edit pfSense.css or pfSense-dark.css, you can edit some colors from the pfSense interface as well, to match the login screen. Mainly the pfsense logo color and the highlighted text color are nice to get in line with the color scheme chosen for the login screen.

  • Discussions about wireless networks, interfaces, and clients

    2k Topics
    11k Posts
    N

    @elvisimprsntr thanks for the chart! Getting rid of the ISP's Bridge Mode router and plugging the ethernet cable from the wall directly in Vault's WAN port has solved it...hopefully permanently.

  • Discussions about monitoring via SNMP

    197 Topics
    609 Posts
    C

    I figured it out 🤦. My firewalls had an old unused OpenVPN client connection on it that was unstable and every time it reconnected, it got a new IP address causing pfsense to restart all packages, and since it took down SNMP, we wouldn't get alerted about the interface going down either...
    So this issue is solved now

  • Discussions about pfSense documentation, including the book

    186 Topics
    1k Posts
    opnwallO

    As a volunteer translator, I suggest that the official website update the template files of the online translation (https://zanata.netgate.com/) in a timely manner, or open the function of uploading po or mo files to replace the translation templates that are still in pfsense 2.50.

  • Topics related to developing pfSense: coding styles, skills, questions etc.
    1k Topics
    7k Posts
    N

    @stephenw10
    I have a nearly step-by-step, from a fresh install, how I duplicated the issue in my original post. I wiped out my lab, I recreated from that post (hopefully accurately). The testing & results should be pretty close. LMK if you're looking for something different.

    2.7.2
    Rules:

    # User-defined rules follow anchor "userrules/*" pass out quick on { vtnet0 } $GWWAN_DHCP inet from <WAN IP> to any ridentifier 1752945005 keep state dnqueue( 1,2) label "USER_RULE: Bufferbloat" label "id:1752945005" label "gw:WAN_DHCP" pass in quick on $LAN inet from $LAN__NETWORK to any ridentifier 0100000101 keep state dnpipe ( 3,4) label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" #

    Limiter Info:

    Limiters: 00001: 20.000 Mbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN sched 65537 type FIFO flags 0x0 0 buckets 0 active 00002: 100.000 Mbit/s 0 ms burst 0 q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN sched 65538 type FIFO flags 0x0 0 buckets 0 active 00003: 2.000 Mbit/s 0 ms burst 0 q131075 50 sl. 0 flows (1 buckets) sched 65539 weight 0 lmax 0 pri 0 droptail sched 65539 type FIFO flags 0x0 0 buckets 0 active 00004: 5.000 Mbit/s 0 ms burst 0 q131076 50 sl. 0 flows (1 buckets) sched 65540 weight 0 lmax 0 pri 0 droptail sched 65540 type FIFO flags 0x0 0 buckets 0 active Schedulers: 00001: 20.000 Mbit/s 0 ms burst 0 q65537 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 droptail sched 1 type FQ_CODEL flags 0x0 0 buckets 0 active FQ_CODEL target 1us interval 1us quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 1 00002: 100.000 Mbit/s 0 ms burst 0 q65538 50 sl. 0 flows (1 buckets) sched 2 weight 0 lmax 0 pri 0 droptail sched 2 type FQ_CODEL flags 0x0 0 buckets 0 active FQ_CODEL target 1us interval 1us quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 2 00003: 2.000 Mbit/s 0 ms burst 0 q65539 50 sl. 0 flows (1 buckets) sched 3 weight 0 lmax 0 pri 0 droptail sched 3 type FIFO flags 0x0 0 buckets 0 active 00004: 5.000 Mbit/s 0 ms burst 0 q65540 50 sl. 0 flows (1 buckets) sched 4 weight 0 lmax 0 pri 0 droptail sched 4 type FIFO flags 0x0 0 buckets 0 active Queues: q00001 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN q00002 50 sl. 0 flows (1 buckets) sched 2 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN

    Interpreted Rules:

    @84 anchor "userrules/*" all [ Evaluations: 73 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 9606 State Creations: 0 ] [ Last Active Time: N/A ] @85 pass out quick on vtnet0 route-to (vtnet0 <WAN Gateway>) inet from <WAN IP> to any flags S/SA keep state label "USER_RULE: Bufferbloat" label "id:1752945005" label "gw:WAN_DHCP" ridentifier 1752945005 dnqueue(1, 2) [ Evaluations: 73 Packets: 14677 Bytes: 15410930 States: 20 ] [ Inserted: uid 0 pid 9606 State Creations: 51 ] [ Last Active Time: Sat Jul 19 18:14:14 2025 ] @86 pass in quick on vtnet1 inet from <LAN__NETWORK:1> to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" ridentifier 100000101 dnpipe(3, 4) [ Evaluations: 22 Packets: 14738 Bytes: 15555983 States: 15 ] [ Inserted: uid 0 pid 9606 State Creations: 22 ] [ Last Active Time: Sat Jul 19 18:14:14 2025 ]

    Example states:

    all tcp 23.239.29.5:443 <- 192.168.1.100:41090 ESTABLISHED:ESTABLISHED [3531538492 + 2147156224] wscale 7 [440337916 + 2147025152] wscale 7 age 00:00:34, expires in 23:59:27, 15:18 pkts, 2254:10378 bytes, rule 86, dummynet pipe (3 4), log id: 09f07b6800000000 creatorid: ae2f1b15 origif: vtnet1 all tcp <WAN IP>:1291 (192.168.1.100:41090) -> 23.239.29.5:443 ESTABLISHED:ESTABLISHED [440337916 + 2147025152] wscale 7 [3531538492 + 2147156224] wscale 7 age 00:00:34, expires in 23:59:27, 15:18 pkts, 2254:10378 bytes, rule 85, log id: 0af07b6800000000 creatorid: ae2f1b15 route-to: <WAN Gateway>@vtnet0 origif: vtnet0

    2.8.0
    Rules:

    # User-defined rules follow anchor "userrules/*" pass out quick on { vtnet0 } $GWWAN_DHCP inet from <WAN IP> to any ridentifier 1752945012 keep state dnqueue( 1,2) label "USER_RULE: Bufferbloat" label "id:1752945012" label "gw:WAN_DHCP" pass in quick on $LAN inet from $LAN__NETWORK to any ridentifier 0100000101 keep state dnpipe ( 3,4) label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" #

    Limiter Info:

    Limiters: 00001: 20.000 Mbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN sched 65537 type FIFO flags 0x0 0 buckets 0 active 00002: 100.000 Mbit/s 0 ms burst 0 q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN sched 65538 type FIFO flags 0x0 0 buckets 0 active 00003: 2.000 Mbit/s 0 ms burst 0 q131075 50 sl. 0 flows (1 buckets) sched 65539 weight 0 lmax 0 pri 0 droptail sched 65539 type FIFO flags 0x0 0 buckets 0 active 00004: 5.000 Mbit/s 0 ms burst 0 q131076 50 sl. 0 flows (1 buckets) sched 65540 weight 0 lmax 0 pri 0 droptail sched 65540 type FIFO flags 0x0 0 buckets 0 active Schedulers: 00001: 20.000 Mbit/s 0 ms burst 0 q65537 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 droptail sched 1 type FQ_CODEL flags 0x0 0 buckets 0 active FQ_CODEL target 1us interval 1us quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 1 00002: 100.000 Mbit/s 0 ms burst 0 q65538 50 sl. 0 flows (1 buckets) sched 2 weight 0 lmax 0 pri 0 droptail sched 2 type FQ_CODEL flags 0x0 0 buckets 0 active FQ_CODEL target 1us interval 1us quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 2 00003: 2.000 Mbit/s 0 ms burst 0 q65539 50 sl. 0 flows (1 buckets) sched 3 weight 0 lmax 0 pri 0 droptail sched 3 type FIFO flags 0x0 0 buckets 0 active 00004: 5.000 Mbit/s 0 ms burst 0 q65540 50 sl. 0 flows (1 buckets) sched 4 weight 0 lmax 0 pri 0 droptail sched 4 type FIFO flags 0x0 0 buckets 0 active Queues: q00001 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN q00002 50 sl. 0 flows (1 buckets) sched 2 weight 0 lmax 0 pri 0 AQM CoDel target 1us interval 1us ECN

    Interpreted Rules:

    @85 anchor "userrules/*" all [ Evaluations: 66 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 0 State Creations: 0 ] [ Last Active Time: N/A ] @86 pass out quick on vtnet0 route-to (vtnet0 <WAN Gateway>) inet from <WAN IP> to any flags S/SA keep state (if-bound) label "USER_RULE: Bufferbloat" label "id:1752945012" label "gw:WAN_DHCP" ridentifier 1752945012 dnqueue(1, 2) [ Evaluations: 66 Packets: 163790 Bytes: 206160499 States: 21 ] [ Inserted: uid 0 pid 0 State Creations: 41 ] [ Last Active Time: Sat Jul 19 18:15:26 2025 ] @87 pass in quick on vtnet1 inet from <LAN__NETWORK:1> to any flags S/SA keep state (if-bound) label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" ridentifier 100000101 dnpipe(3, 4) [ Evaluations: 25 Packets: 154598 Bytes: 192395490 States: 14 ] [ Inserted: uid 0 pid 0 State Creations: 23 ] [ Last Active Time: Sat Jul 19 18:15:26 2025 ]

    Example states:

    vtnet1 tcp 23.239.29.5:443 <- 192.168.1.100:41256 ESTABLISHED:ESTABLISHED [4281932605 + 64128] wscale 7 [3565815079 + 63872] wscale 7 age 00:00:34, expires in 23:59:27, 15:18 pkts, 2255:10378 bytes, rule 87, dummynet pipe (3 4) id: d9f57b6800000000 creatorid: 9d03805d vtnet0 tcp <WAN IP>:42673 (192.168.1.100:41256) -> 23.239.29.5:443 ESTABLISHED:ESTABLISHED [3565815079 + 63872] wscale 7 [4281932605 + 64128] wscale 7 age 00:00:34, expires in 23:59:27, 15:18 pkts, 2255:10378 bytes, rule 86 id: daf57b6800000000 creatorid: 9d03805d route-to: <WAN Gateway>@vtnet0
  • Discussions about playing network-based games behind pfSense from consoles, PCs, etc.

    427 Topics
    3k Posts
    jimpJ

    Updated with Switch 2 info at the end of the first post. tl;dr same as Switch 1 for IPv4, but the console itself appears to support IPv6 (likely depends heavily on the game and peers).

  • Discussions about virtualizing pfSense in hypervisors such as AWS, VMware, Hyper-V, Xen, KVM, qemu, etc

    2k Topics
    12k Posts
    T

    Yesterday we built a new pfSense 2.7.2 cluster, master firewall was running for over a week without problems, but about half an hour after setting up CARP and pfSync to the new slave it died with known hvevent problem. It then died several times, again and again.. Not sure but maybe it has something to do with either CARP/ConfigSync/pfSync or multicast traffic (because we know dying pfsense setups without carp configured, so might be multicast traffic in the network which triggers something).

    We have had the same experience with our only OPNsense setup, of which the master is running smoothly since we removed the slave firewall.

  • Discussions about pfSense hardware support

    8k Topics
    69k Posts
    B

    For anyone interested in the exciting conclusions... it worked fine in the 16x slot for 2 weeks and is still in there now
    I put an I340-T4 in the 1x slot at the same time and left that running and that has been perfectly fine as well

    It seems to be an incompatibility between the 1x slot and the I350 specifically but i'm not sure why. In either case, the issue seems to be resolved

    It may be something specific to AM5 and the I350 in the 1x, or just the I350 and the 1x alone but if anyone else for some reason tries the same, at least you know what symptoms manifest and what the cause was

    Thanks again for those that helped and commented

  • Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.

    457 Topics
    6k Posts
    S

    @winkmichael Thanks so much. I'll look into it some more, but you were a great help. What I meant by a 0 point release is that is it basically an alpha or beta version until it reaches version 1.x This to me has historically been an indication that it shouldn't be deployed in mission critical spaces or commercial spaces, but good to hear it is very active and very reliable. thanks again

  • 10k Topics
    63k Posts
    M

    @Patch Yes, I have just confirmed that it is related to early DNS registration

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.