Subcategories

• Messages from the pfSense Team

  Announcements and information about pfSense software posted by the project team

  165
  Topics
  1264
  Posts

  P

  Might as well capture my results here upgrading pfSense from 2.4.4p3 to 2.4.5... SG-5100 - Primary Firewall - No issues with upgrade. SG-2440 - Backup Firewall - On first boot after upgrade, no LAN or serial console access. Subsequent reboots no change. Ended up doing a memstick image install and then restoring configs from Primary. All good now. Both systems use same trivial configuration and the packages are the same (apcupsd, arpwatch, sudo) except SG-2440 also has coreboot. Peter
• General pfSense Questions

  Discussions about pfSense software that do not fit into one of the more specific categories below.

  18750
  Topics
  109156
  Posts

  

  Do you see the interface going in and out of promiscuous mode when you are pcaping? You may need to set it in promiscuous mode permanently. Unfortunately my Norwegian is not the greatest! Steve
• Installation and Upgrades

  Discussions about installing or upgrading pfSense software

  8098
  Topics
  50225
  Posts

  J

  Setup: Current Base System - 2.5.0.a.20200527.1410. System, Advanced, Networking - I do not have "allow IPV6" checked. Network interface for both LAN/WAN, I have IPV6 set as none. The issue I have, when a device (both PC & smartphone) connects to the network, it doesn't work for about a minute or two. When I look into the firewall logs, I see entries similar to the following: So I did some experimenting, setup as follows: W10 machine. LAN = 192.168.1.0/24 LAN interface on pfSense 192.168.1.1 DHPCPV6 server - disabled. Running DNS resolver, with the LAN interface as the first DNS server. Power on the PC - it appears offline. At the command prompt: nslookup google.com - times out, entries in log file as displayed above. nslookup google.com 192.168.1.1 - replies! after which computer works normally with no issues. Any thoughts / ideas?
• Firewalling

  Discussions about firewalling functionality in pfSense software

  7521
  Topics
  43040
  Posts

  

  @MG85 said in mDNS traffic from WAN to 224.0.0.251:5353, but why? Please help.: be astonished if they had an identical setup just like me at home And why is that - I have seen many a user with sonos speakers and bridged L2 networks.. It a very common issue with sonos.
• NAT

  Discussions about Network Address Translation (NAT)

  4537
  Topics
  24627
  Posts

  Z

  Hello, I think I am having a similar issue (at least with just 1 computer), I have a pfsense setup with 2 vlans I am using, 1 vlan is for the rest of my house and the 2nd is basically for all of my devices. I was able to open NAT for my PS4 and Xbox One without issues following instructions I have found. However (following the same steps I did for my consoles) on my Gaming PC when I go to open multiplayer in Modern Warfare it keeps saying my NAT is strict. I have not tried other games though.
• HA/CARP/VIPs

  Discussions about High Availability, CARP, and utilizing additional IP addresses

  2017
  Topics
  9299
  Posts

  T

  @minesh-patel said in PfSense in Azure: recommend not using the VIP to access the GUI. Is this true and why? I have been unable to use the VIP to access the GUI I think it's based on not knowing for sure which router you're accessing. Most of the time of course it would be the primary. It should work though, do you have a firewall rule allowing it? @minesh-patel said in PfSense in Azure: what the VIP is particularly used for In general, on the LAN side it would be so all PCs can use the VIP as their gateway. On the WAN side it could be to maintain one public IP, so the data center can route a second public subnet to one IP, also so traffic would continue to flow when failover happens (so the WAN IP doesn't change, from the perspective of external routers/server). @minesh-patel said in PfSense in Azure: How do we perform a failover On the primary, Status->CARP, click Enter Persistent CARP Maintenance Mode.
• L2/Switching/VLANs

  Discussions about Layer 2 Networking, including switching and VLANs

  365
  Topics
  3171
  Posts

  O

  I'm trying to figure out how to set lagghash on a lagg in pfsense.
• Routing and Multi WAN

  Discussions about routing and Multiple WAN uplinks (WAN Failover, WAN Load Balancing, etc.)

  6846
  Topics
  32073
  Posts

  M

  Hello, we have a new ISP and want to make it the preferred one and in short time close the connection with the old ISP; we have 2 pfsense vm with VIP and CARP configured, with one as master and the second as slave; I already configured another OPT card on both firewalls, configured their IP and VIP and CARP; on these boxes I have configured some ipsec vpn, some that has the default wan gateway has endpoint; I also have NAT rules and NAT outbound. What is your suggestion to make the new wan the default route? Simply changing the default gateway? I have issues with old nat and rules configured with the old wan vip address? They continue to work, is it true? Thanks for suggestion. Marco
• Traffic Shaping

  Discussions about traffic shaping and limiters

  2645
  Topics
  14310
  Posts

  D

  Thanks a lot @johnpoz! I used one of these servers which was sufficient for now to pinpoint the issue!
• DHCP and DNS

  Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues

  4455
  Topics
  26498
  Posts

  

  Just do yourself a favor and stay away from the tplink switches... Whole thing that went on for 2 years or so them not actually understanding how vlans are suppose to work, and didn't allow you to remove vlan 1 from ports you wanted to put in a different vlan.. While they suppose to have fixed it in their later models and firmware.. I would just get some other brand - the netgear and dlink ones work.. I have both of those low end models never saw any problems with them actually isolating vlans. If your budget is higher than cheapest you can do this, there there are some much better switches you could get ;) If you have like 200 to spend - yeah some really nice switches ;)
• IPv6

  Discussions about IPv6 connectivity and services

  1410
  Topics
  12372
  Posts

  

  @DonZalmrol DIsconnect the WAN cable and reboot pfSense. Run Packet Capture on the WAN interface, filtering on DHCPv6 and then reconnect the WAN cable. Post the capture packets here.
• IPsec

  Discussions about IPsec VPNs

  4591
  Topics
  18827
  Posts

  

  Hello pfSense-experts, Me and my friend have established a IPSec Site-to-Site tunnel between our home networks. We have configured Phase 1 "Remote Gateway" with the other sides dynamic DNS-name and we have configured "My Identifier" as our public IP addresses (because behind router), the problem is that we would like to use our dynamic dns names (so the site-to-site dont stop working when the IP changes). But neither one of My Identifier values "Distinguished Name" or "Dynamic DNS" works, only IP Address. Because our addresses are dynamic we would like to supply our dynamic names like we are using for Remote Gateway. Any one that knows why this dont seem to work? Regards Me and my friend :)
• OpenVPN

  Discussions about OpenVPN

  7149
  Topics
  38215
  Posts

  Q

  @JKnott because I've been struggling with this too, can you explain how to do this. I'd love to remove user error as a source of my inability to make this work.
• Captive Portal

  Discussions about Captive Portal, vouchers, and related topics

  3076
  Topics
  15785
  Posts

  N

  @Gertjan Hey man, thanks for your infos and quick reply, I checked it out and the portal page is there. Based on the fact Gwifi AP "is" a down stream router (where everything is natted) i yesterday tried adding the device in "Allowed IP addresses" tab, without any success. So it seems Google Wifi AP change this general behaviour, taking control over connection (I know it is a closed system for the most). Then, if there are not any way to force redirection to portal page with my configuration, i would rely to a common AP in a new vlan. Thank you
• webGUI

  Anything that does not fit in other categories related to the webGUI

  1616
  Topics
  7713
  Posts

  D

  Additional Googling reveals this bug. Is this my problem? https://redmine.pfsense.org/issues/8987 I'm not quite sure how to parse that page but it looks like it's resolved in "2.4.5-p1". I'm running "2.4.5" - is that the same version? It claims there are currently no updates available.
• Wireless

  Discussions about wireless networks, interfaces, and clients

  1552
  Topics
  9288
  Posts

  W

  I know the thread is old, but this is still a relevant issue, so I wanted to suggest Eero for those who might be looking for a good solution. I have found that multiple wired Eeros in Bridge mode work fantastic as a mesh access point. I've never set them up in a building small enough to warrant only two, but using three or four has worked out beautifully for my clients.
• SNMP

  Discussions about monitoring via SNMP

  157
  Topics
  490
  Posts

  A

  I am trying to monitor my PFSENSE but I am very new to using a monitoring tool called PRTG and what I want is to be able to monitor the networks that are being monitored by PFSENSE as I can get to their interfaces or some way to better monitor my PFSENSE? help
• Documentation

  Discussions about pfSense documentation, including the book

  155
  Topics
  1153
  Posts
  No new posts.
• Development

  Topics related to developing pfSense: coding styles, skills, questions etc.

  2.5 Development Snapshots
  1087
  Topics
  6073
  Posts

  

  not anymore, I have virtualized everything on ESXi and added a Ubiquiti ap-ac-pro, for me it was too unstable. but I have modules compiled for FreeBSD 12.1 if you want to try https://drive.google.com/drive/folders/1fM-Jlmf8BY21kIEGueSxFWmrISZqcDj3 there is a folder athp-12.1
• Gaming

  Discussions about playing network-based games behind pfSense from consoles, PCs, etc.

  332
  Topics
  2003
  Posts

  L

  Hi, I don't know why pfBlocker do not let me log into Origin. Disable DNSBL and TLD seems not help. Disable pfblocker it is back to normal and games start to connect to the server as normal. Could someone help me please!
• Virtualization

  Discussions about virtualizing pfSense in hypervisors such as AWS, VMware, Hyper-V, Xen, KVM, qemu, etc

  1507
  Topics
  9179
  Posts

  T

  The WAN port from the VM needs to connect to the ISP router. The WAN port from the 3100 needs to connect to the ISP router. If the ISP router has only one port you'll need a switch. The LAN ports from both connect to your LAN switch. Once you have the configuration sync set up any change on the master will copy everything to the backup.
• Hardware

  Discussions about pfSense hardware support

  Vendors
  6501
  Topics
  56489
  Posts

  N

  @bmeeks By pfSense driver I've meant the default driver, and to point out I did nothing to change it. You are correct it comes from FreeBSD not from pfSense. I will change the term. For the rest, what is to be said. I like your diplomacy
• Bounties

  Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.

  Completed Bounties

  Expired/Withdrawn Bounties
  445
  Topics
  6033
  Posts

  S

  Bumping this to let devs know a fix would be very much appreciated.
• Retired

  Categories that are no longer active, but are present for reference

  2.4 Development Snapshots

  2.3.3 Development Snapshots

  2.3.2 Development Snapshots

  2.3.1 Snapshots Testing and Feedback - ARCHIVED

  2.3-RC Snapshot Feedback and Issues - ARCHIVED

  2.2.5 Snapshot Feedback and Issues

  2.2.3 Snapshots Problems and Feedback - ARCHIVED

  2.2 Snapshot Feedback and Problems - RETIRED

  2.1.1 Snapshot Feedback and Problems - RETIRED

  2.1 Snapshot Feedback and Problems - RETIRED

  2.0-RC Snapshot Feedback and Problems - RETIRED

  1.2.3-PRERELEASE-TESTING snapshots - RETIRED

  1.2.1-RC Snapshot Feedback and Problems-RETIRED
  8645
  Topics
  54903
  Posts

  

  Set Debug in the DHCP6 Client Configuration on WAN as well, then check the logs (main system log, routing log, etc) to see what shows up.