Announcements and information about pfSense software posted by the project team
128
Topics
926
Posts
We expect the store will be back online soon, then we can confirm the status. I’m truly sorry for this inconvenience. I’ll update you once the store is back online. Thanks!
e: can you please send an email to sales@netgate.com so our sales can contact you with shipping status? Thanks!
Hello, so after realizing I have atrocious allergies I’ve decided to opt for a drawing tablet instead of a 2-in-1. At the moment I’ve seen a lot of positive reports on the XP-Pen Artist 22E Pro, but at the same time (having no way to test them in person) I am unsure if I should get the Huion, or save up the extra 500-700 pounds to purchase a Wacom Cintiq 22HD. At the moment I am more of a hobbyist than a professional illustrator, but do highly prefer paying a little extra for more reliability/longevity. Also less headache when finishing up a scanned sketch IE expecting the line to be in one place, but having it appear in another. I was considering the Artist 22E Pro as well, however, I am more likely to upgrade my PC within the next 3 - 5 years, which would support USB-C/4K resolution.
What is your budget?
around £1000 .
Any preference on screen resolution?
At least 1920x1080p
Do you require a pen? With or without pressure sensitivity? Do you prefer Wacom EMR, AES or N-trig?
See the above linked FAQ for guidance
Yes.
What size Tablet PC would you prefer?
Between 21.5 or larger.
What will be the primary usage scenario of this tablet? (Email/Web Surfing/Drawing/Word Processing/Entertainment/Notetaking etc)
Illustration
What software and tasks do you intend to run? (Microsoft Office or other Word Processing Suite/Photoshop/3D Studio Max/Autocad etc)
Manga Studio, Photoshop, Adobe Illustrate.
XP-Pen is currently running a sale on their Artist 22E Pro for about £500 on Amazon UK : ( https://www.amazon.co.uk/Artist22E-Graphic-Interactive-Shortcut-Adjustable/dp/B01M28DHOA ). it seems to have the best screen.Also, between the XP-Pen Artist 22E Pro and Wacom Cintiq 22HD, which would you recommend? The XP-Pen Artist 22E Pro is £1000 cheaper than the Wacom Cintiq 22HD here, I want to know if the XP-Pen is as good or hopefully better than the Cintiq , especially the color accuracy of the display and accuracy of the pen.
Solved it myself, turned out that there was some false metadata saying this was part of an array (it has never been, so I have no idea how). I used
graid remove Promise ada0 and it destroyed it. Now it’s installing.
Discussions about firewalling functionality in pfSense software
6419
Topics
35315
Posts
Firewall rules are not bypassed with the ftp proxy/helper package. It just opens the return data connection when the using active for the data channel.
If you do not want client to be able to ftp then you should just block them from making the control channel connection in the first place on the lan rules. You goingi to want to uncheck the early check box in the ftp proxy settings.
I understand that the ftp server is not in your control. But I would really push them to move to more secure method of file transfer… Tell them you only allow sftp and not ftp outbound from your network.
sftp server and clients are available for every OS with FREE options so really there is no excuse to not allow for sftp other than just not wanting to change their old ways.
I finally found the solution YaY
On Cisco ME3400E the default port-type is UNI and it has to be set to NNI.
From official Cisco config guide:
Traffic is not switched between these ports, and all arriving traffic at UNIs or ENIs must leave on NNIs to prevent a user from gaining access to another user's private network.
Hello - I’ve 9 VLANs running on interface em0 with default MTU, 1500. Currently not using em0 directly - no untagged packets. I’ve also had another non routed subnet in use for storage with MTU 9000. Due to a new one-off requirement, I tried to create a new VLAN on PFsense em0 with MTU 9000, but failed due to VLAN MTU cannot be larger than parent.
I tried adding untagged em0 with MTU 9000, but as soon as I did all other networks on em0 stopped routing. Tried explicitly setting MTU to 1500 on one em0 VLAN, but didn’t resolve the issue. Adding untagged em0 with default MTU causes no issues, so then went to the cli and manually set em0 mtu to 9000, which worked and caused no issues. I went back to the gui and set to 9000 and applied, then went to the new storage VLAN and applied MTU 9000 as well with no issues. Rebooted everything still works.
Is there a better way of doing this?
OK, so I have an bit of an issue here that I have bee hammering at but not able to resolve and I am hoping that someone has the answer.
Network layout
three networks lan1, and lan2 and voip.
Ipsec vpn connects the lan1 and lan2 networks
Voip is connected via Opt4 on Lan1
firewall rules are created allowing all traffic to verify connectivity.
Nat rules are created to allow all traffic out.
Vlans are added to the Phase 2 in the ipsec vpn.
added new gateway for Voip network and then added a static route for this network through this newly created gateway.
Testing
I can ping from Lan1 to lan2 and from lan2 to lan1.
I can ping from lan1 to the voip network though Opt4 port
I cannot ping from lan2 to voip network through the ipsec tunnel and then Opt4 port.
So I am not quite sure what I have missed in the setup to get this final leg connected.
Any help is appreciated!!
So my board came back and my bare metal pfsense is up and running again, installed from scratch. I remain unable to set up a new traffic shaper configuration with 2 WAN and 1 LAN interfaces.
@mikekoke Well if a device is set to use 8.8.8.8 as a DNS server, you’re going to see that in the states. But just seeing it in the states doesn’t mean that pfSense is allowing it to use 8.8.8.8. It’s saying “This client asked to do a DNS query to 8.8.8.8, but I’m redirecting that query to 127.0.0.1 since you told me to.” And from there, unbound (the DNS resolver) takes over and forwards it to 8.8.4.4 since you configured it for forwarding mode.
@johnpoz said in Working around AT&T's terrible native IPv6 implementation:
Because they are special assignment prefixes… 2001:db8::/32 is designed for documentation purpose use… Just like 192.0.2/24 in ipv4… There are others in ipv4 as well that do not route other than rfc1918…
2001:2::/48 is for benchmarking, and again not designed to route globally. There are others that might not route, they have caveats… Here…
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
Oh, that sort of thing. I wonder why they didn’t use a ULA for that, instead of messing things up.
I’m new to IPSEC, so I’m not sure if the below log activity is normal. I’m able to ping, tracert, and telnet to the server on the other side, but my SMTP connections seem to die almost immediately and I only get a tiny snippet of the first message…
Jun 15 09:46:21 charon 15[IKE] <con1000|100> nothing to initiate
Jun 15 09:46:21 charon 15[IKE] <con1000|100> activating new tasks
Jun 15 09:46:21 charon 15[ENC] <con1000|100> parsed INFORMATIONAL_V1 request 1189523789 [ HASH N(DPD_ACK) ]
Jun 15 09:46:21 charon 15[NET] <con1000|100> received packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (108 bytes)
Jun 15 09:46:21 charon 15[IKE] <con1000|100> nothing to initiate
Jun 15 09:46:21 charon 15[IKE] <con1000|100> activating new tasks
Jun 15 09:46:21 charon 15[NET] <con1000|100> sending packet: from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500] (108 bytes)
Jun 15 09:46:21 charon 15[ENC] <con1000|100> generating INFORMATIONAL_V1 request 551166384 [ HASH N(DPD) ]
Jun 15 09:46:21 charon 15[IKE] <con1000|100> activating ISAKMP_DPD task
Jun 15 09:46:21 charon 15[IKE] <con1000|100> activating new tasks
Jun 15 09:46:21 charon 15[IKE] <con1000|100> queueing ISAKMP_DPD task
Jun 15 09:46:21 charon 15[IKE] <con1000|100> sending DPD request
Jun 15 09:46:11 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:46:11 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:46:11 charon 12[ENC] <con1000|100> parsed INFORMATIONAL_V1 request 2503333259 [ HASH N(DPD_ACK) ]
Jun 15 09:46:11 charon 12[NET] <con1000|100> received packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (108 bytes)
Jun 15 09:46:11 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:46:11 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:46:11 charon 12[NET] <con1000|100> sending packet: from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500] (108 bytes)
Jun 15 09:46:11 charon 12[ENC] <con1000|100> generating INFORMATIONAL_V1 request 3817553885 [ HASH N(DPD) ]
Jun 15 09:46:11 charon 12[IKE] <con1000|100> activating ISAKMP_DPD task
Jun 15 09:46:11 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:46:11 charon 12[IKE] <con1000|100> queueing ISAKMP_DPD task
Jun 15 09:46:11 charon 12[IKE] <con1000|100> sending DPD request
Jun 15 09:46:01 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:46:01 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:46:01 charon 12[ENC] <con1000|100> parsed INFORMATIONAL_V1 request 1147009971 [ HASH N(DPD_ACK) ]
Jun 15 09:46:01 charon 12[NET] <con1000|100> received packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (108 bytes)
Jun 15 09:46:01 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:46:01 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:46:01 charon 12[NET] <con1000|100> sending packet: from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500] (108 bytes)
Jun 15 09:46:01 charon 12[ENC] <con1000|100> generating INFORMATIONAL_V1 request 230279349 [ HASH N(DPD) ]
Jun 15 09:46:01 charon 12[IKE] <con1000|100> activating ISAKMP_DPD task
Jun 15 09:46:01 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:46:01 charon 12[IKE] <con1000|100> queueing ISAKMP_DPD task
Jun 15 09:46:01 charon 12[IKE] <con1000|100> sending DPD request
Jun 15 09:45:51 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:45:51 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:45:51 charon 12[ENC] <con1000|100> parsed INFORMATIONAL_V1 request 1786490073 [ HASH N(DPD_ACK) ]
Jun 15 09:45:51 charon 12[NET] <con1000|100> received packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (108 bytes)
Jun 15 09:45:51 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:45:51 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:45:51 charon 12[NET] <con1000|100> sending packet: from 162.247.170.11[500] to xxx.xxx.xxx.xxx[500] (108 bytes)
Jun 15 09:45:51 charon 12[ENC] <con1000|100> generating INFORMATIONAL_V1 request 2615925728 [ HASH N(DPD) ]
Jun 15 09:45:51 charon 12[IKE] <con1000|100> activating ISAKMP_DPD task
Jun 15 09:45:51 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:45:51 charon 12[IKE] <con1000|100> queueing ISAKMP_DPD task
Jun 15 09:45:51 charon 12[IKE] <con1000|100> sending DPD request
Jun 15 09:45:41 charon 09[IKE] <con1000|100> nothing to initiate
Jun 15 09:45:41 charon 09[IKE] <con1000|100> activating new tasks
Jun 15 09:45:41 charon 09[ENC] <con1000|100> parsed INFORMATIONAL_V1 request 2447661075 [ HASH N(DPD_ACK) ]
Jun 15 09:45:41 charon 09[NET] <con1000|100> received packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (108 bytes)
Jun 15 09:45:41 charon 09[IKE] <con1000|100> nothing to initiate
Jun 15 09:45:41 charon 09[IKE] <con1000|100> activating new tasks
Jun 15 09:45:41 charon 09[NET] <con1000|100> sending packet: from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500] (108 bytes)
Jun 15 09:45:41 charon 09[ENC] <con1000|100> generating INFORMATIONAL_V1 request 1385272858 [ HASH N(DPD) ]
Jun 15 09:45:41 charon 09[IKE] <con1000|100> activating ISAKMP_DPD task
Jun 15 09:45:41 charon 09[IKE] <con1000|100> activating new tasks
Jun 15 09:45:41 charon 09[IKE] <con1000|100> queueing ISAKMP_DPD task
Jun 15 09:45:41 charon 09[IKE] <con1000|100> sending DPD request
Jun 15 09:45:31 charon 12[IKE] <con1000|100> nothing to initiate
Jun 15 09:45:31 charon 12[IKE] <con1000|100> activating new tasks
Jun 15 09:45:31 charon 12[ENC] <con1000|100> parsed INFORMATIONAL_V1 request 1183940366 [ HASH N(DPD_ACK) ]
Jun 15 09:45:31 charon 12[NET] <con1000|100> received packet: from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] (108 bytes)
Jun 15 09:45:31 charon 12[IKE] <con1000|100> nothing to initiate
…
Is there a firewall rule on the OpenVPN interface which allow the access?
For communication between clients check “Inter-client communication” in the server settings.
Hello,
I would like to request your assistance in the following case:
I mounted a Captive Portal using PFSense + FreeRADIUS 3 + MySQL and it works fine.
I would like to know:
How do I make each account expire in 20 days after first use (directly or by group);
How do I create a group of accounts, which, for example, can use a Down and Up speed of 8 Mbps and another group with a different speed.
I’ve tried using [Acct-Input-Octets], [Acct-Output-Octets], [WISPr-Bandwidth-Max-Down],[WISPr-Bandwidth-Max-Up] and I can not get any results.
Thank you in advance for your help.
Anything that does not fit in other categories related to the webGUI
1434
Topics
6658
Posts
@gertjan said in Can TLSv1.1 be disabled?:
So, the PCI compliance test did a good thing : it detected a human - admin -error
Very Very true - but vs fixing the access from the lan they are editing source files… Which will just revert on the next upgrade, and now 1.1 would be available again…
So yeah the fire the admin is prob a good suggestion Problem is I think that is zonda in this case…
Discussions about wireless networks, interfaces, and clients
1464
Topics
8565
Posts
Be it pfsense sees or not - freebsd and wifi just not a good fit.
if you want to run wifi on your network - get an AP, or use some old soho wifi router you have or pick up for $20 as your wifi. It just not worth the hassle trying to use some wifi card as AP in pfsense.
If your trying to get it to work as some wifi connection for psfense to leverage as a client your going to need to look on the compatibility list.
https://www.freebsd.org/releases/11.1R/hardware.html#wlan
If you’re interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios – CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.
https://www.linuxincluded.com/monitoring-pfsense-with-nagios-xi-using-ssh-part-1/
0_1529257738143_teamspeak_scripts_x64_v1.3.zip
Here is a .zip of 64bit scripts that have been updated for the new naming format. I used them to install 3.2.0 fresh on a 2.4.3_1 install of pfSense but I extracted the TAR and re-compressed it as a gz first, since I didn’t want to mess with changing the un-compress command.
NOTE: THIS WILL CREATE A FILE THAT SAYS YOU ACCEPT TS’S LICENSE!
Please read and understand the license terms before using this script, it auto-generates a “License accepted” file.
Thanks!
Chris
Maybe its just this specific request. It seems to work if i take the key and paste it into notepad, and then copy it into the key box on pfsense. It doesnt like it when i copy it from the webpage to pfsense, it wont generate the cert. Maybe theres a formatting error that is being removed when it goes into notepad…
A bit of background:
This initially started with me wanting to make sure both my Xbox and my PC playing an Xbox Anywhere Game could play at different times without me having to constantly change the source IP. They don’t even need to be playing at the same time.
I made the move to PFsense when I wanted to set up a home lab. I’ve had to use PFsense in courses as well so I generally know my way around it. I found numerous guides using UPnP that will allow for multiple devices to access Xbox Live services.
I’ve spent the better part of a week trying to get UPnP to work. The most confusing thing to me is not that the end result isn’t quite what I want…I’m not even getting that far. it’s that UPnP doesn’t even seem to be recognizing ANY requests.
If I check Status > UPnP & NAT-PMP I never see any requests there.
Eventually I gave up and decided to forward the necessary ports to my Xbox alone to figure it out later. However, that gives an open NAT, but I’m not able to start multiplayer lobbies.
The final straw that I couldn’t just wait until some later date is that when trying to use EA’s Origin for Battlefront 2 (It was on sale)…nothing works either. I can download a game, but I can’t see friends and the game launches as Offline. In this same instance I tried forwarding all the ports manually.
So now the setup:
PFsense 2.4.3-Release-p1
I have 4 interfaces:
WAN:
re0 onboard RealTEK NIC
Homelab VLANs:
em1.4 LAN
em1.5
em1.20
HomeNetwork:
em0
My setup is a bit spaghetti now as I have worked through different suggestions, but I have completely redone and reinstalled PFSense once. I did the basic config and then without doing anything else, set up PFsense UPnP according to a guide. This still did not work.
I have also done Wireshark captures to see what was going on. As far as I can tell devices are using the multicast addresses to send out SSDP requests on UDP port 1900.
The miniupnpd says it’s listening for requests on 5351 if I have NAT-PMP on, but only 2189 if I turn it off.
I used Automatic Outbound NAT and configured all interfaces VLANs, and networks. Then after configuring all networks I switched to manual outbound NAT generation. I have static ports checked. I’ve used Aliases, and direct IPs as well.
Here are my outbound NAT Mappings(The XboxLive Alias is just my xbox and PC IP 192.168.16.10 and .40):
I then created two Aliases for all Xbox TCP ports and another for all Xbox Live UDP ports. I have switched it to just 192.168.16.40 for now, but it was originally an alias for both hosts:
The multicast addresses and UPnP 1900 were tried after finding someone’s post who was also having issues.
hello, i had the same issue ,was gonna post a thread regarding this but NV
I’m starting to think that it could be a hardware issue with the nic card. I have this setup in a 1U case (link below). I’m using SuperMicro’s 90 degree PCI piece.
I noticed the case itself was really hot, so I popped the cover off and the card was too hot to touch. The heatsink on the CPU was cool. I’ve been running a room fan into it (uncovered). This seems to lessen the errors, but definitely does not stop it. Is it possible I already burned the card up?
Tonight I’ll put the card in the other machine and see if I still get the timeouts and if its running hot. I will try memtest/SMART/temp tests before switching over as well.
Tutuapp TextNow Photomath
http:// www. supermicro. com/products/chassis/1U/504/SC504-203.cfm
Should be supported in a 2.4.4 snapshot:
https://github.com/pfsense/FreeBSD-src/blob/502f1b4994ebf056d1f73d1a86d0c727280a35ab/sys/dev/e1000/e1000_hw.h#L152
Steve
Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.
@webdawg said in Dpinger multiple targets - aka gwmond $2,500:
Guys,
I admin a pretty decent size network and I have yet to test this plugin. Does this replace what is installed? Is it additional functionality? Can I roll back? I have a box I would like to try it on.
It also seems that luckman212 has not replied. I am going to try and secure some funds from my company to donate to this, how do I donate?
The big question I have now is: Is this compatible w/ 2.4.3_1 or the latest and greatest, and how do we get this rolled into official pfSense packages?
Guys,
Does this replace what is installed, is it easy to remove?
