Announcements and information about pfSense software posted by the project team
134
Topics
964
Posts
Would you like a chance to win one of four Limited Edition Minnowboard Dual-Ethernet systems from Netgate valued at $249.00? How about four chances? We’re giving one away each week for the next four (4) weeks.
How to enter
Netgate has published a pfSense User survey and we’d like your feedback. The more we know about you and how you use our products, the better we can help solve the issues you face, now and in the future. The information you provide will also help determine what kind of information you receive from us. We promise that we will never share or sell your information!
When you take the survey, you will be entered into the drawing(s). If you take the survey this week, you will automatically be entered into all four (4) weekly drawings. If you take the survey next week, you will be entered into the remaining three (3) weekly drawings, and so on.
CLICK HERE FOR SURVEY
Now, onto the legal stuff
Odds of winning depend on the total number of entries received.
Drawings will occur on the Wednesday of the following week.
You can only take the survey once. If you win, you can only win once.
Drawings will be held in accordance with Sec. 621.106 of the Texas Business and Commerce code.
Complete rules for the drawings are available to review.
Thank you and good luck!
Hmm I see.
I noticed that I can store the file list as .txt inside pfSense itself, but it's visible from outside. Can I block external access to the file? I want to allow only localhost (pfSense machine).
Any other suggestions?
If it helps, this is the exact problem i'm having - https://survivetheark.com/index.php?/forums/topic/99424-server-cluster-transfer-in-lan-not-working/
As far as i know, the root of the issue is - You can connect to a server locally on LAN and play fine, but it only searches over WAN when looking for servers to transfer too ingame. This is my problem because my other two servers are also on my LAN.
Is there some network wizardry that could be done to resolve this?
Only option i can think of currently is using a VPN, which i don't really want to do.
Greetings,
We are having an issue with Intermediate certificate and HAproxy, hope someone could give some light on it.
Our current set is Pfsense-HAproxy-Cert-Manager using external CA. The external CA is using three chain certificates - one for server platforms verification and two for client verification of two different applications. One of the applications is using HAproxy for SSL offloading. We have imported Root Certificate and two Intermediate certificates - for client verification and for server verification, also the server client certificate was added with the key to Certificates. So far everything looks good - all have automatically added their chains, so the Root is chaining with the two intermediate certificates and the server intermediate is chaining with the application server client certificate. And here is the problem when we set the users to be verified by the Client-Intermediate-certificate their browser returns ERR_BAD_SSL_CLIENT_AUTH_CERT. A workaround is to verify the clients directly by the Root certificate, but here is the second issue, as the client is using two client certificates for different applications and they are both accepted by the Root, which is unwanted. Any ideas are welcome.
Kind Regards,
@tumble said in OpenVPN site-2-site - VLAN host cannot receive response from the other end:
I mean, why isn't traffic to the remote net (which I configured on the pfSense side in the OpenVPN config) routed through the VPN?
Why do you think, it isn't?
Try a packet capture on the pfSense or the Edge routers VPN interface to be shure.
I guess, the routing problem is on the Edge. So check the routes there.
Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues
3603
Topics
20230
Posts
@kitdavis said in DHCP from wrong interface:
Aug 20 15:38:19 dhcpd DHCPDISCOVER from 3c:97:0e:bb:27:8e via igb1
Aug 20 15:38:19 dhcpd DHCPDISCOVER from 3c:97:0e:bb:27:8e via igb3
Clearly that is WRONG... you are seeing discover on both interfaces.. This points to a cross connections between your physical networks.
I have sort of bypassed my problem by downgrading my mikrotik routeros version, but of course that opens me up to possible exploits with may have been fixed since. I have not considered that client connecting/disconnecting could be causing this though, so I will careful note what happens next time I have a disconnect.
Hi,
I have connected my OpenVPN Sites to the IPSec Site (where I can't have pfsense). For simplicity purposes, I have the following:
1 Main Ipsec Site: 10.55.16.0/24
2 Main OpenVPN Site: 10.55.96.0/24 (tunnel 10.55.240.0/24)
3 Remote OpenVPN Site 1: 10.82.16.0/24 (tunnel 10.55.240.0/24)
4 Remote OpenVPN Site 2: 10.82.24.0/24 (tunnel 10.55.240.0/24)
5 OpenVPN Mobile Clients: tunnel 10.55.248.0/24
So 1 through 4 everything is well connected. Can ping and do everything between them. The weirdness is on 5. I can access 1 (Ipsec Site) and 2 (Main OpenVPN Site), but can't reach at all 3 and 4 (the remote OpenVPN Sites).
So I am looking for a shed of light that can let me know what I need to do on 5 so that I can access the Remote OpenVPN Sites?
I appreciate any ideas.
Thanks,
Carlos
Hi
Let me explain what i am trying to achieve.
I have a number of Draytek 2862Ln model firewall routers in various shops up and down the country. I want to configure a guest wifi on all those routers. the Draytek Routers has an option for "captive portal" and "MAC authentication". The idea is if a customer goes to 1st shop and connects to the guest wifi on the draytek they will see a splash screen asking them to login using facebook or google and then they will have internet access.
If they then went to another shop they would simply connect to the guest wifi and have internet access they would not need to enter their facebook or google details again as their MAC address of their wireless client will have been captured by the radius server on a database when they previously connected at the other shop.
I have serched for various MAC auth radius servers but i cant seem to find one that will do what i want. I am looking for a open source free radius server, i have looked at "packetfence" "wifi dog" and "Zeroshell" but they dont seem to do what i have explained.
I have attached screenshots of the Draytek Web GUI. CAn anyone advise what free server is out that that will allow me to achieve what i have explained. will pfsense allow me to do ths?
Thanks in advance.
Hiran]
Anything that does not fit in other categories related to the webGUI
1453
Topics
6729
Posts
What version are you running? If it was referencing PHP 7 then it must be a snapshot, or else maybe you somehow pointed 2.4.3 at the development repo and managed to mangle the packages.
Best thing to do from your position is reinstall.
so if you have problem in wireless in general, deal with it or buy a separate AP.
So, you are saying that FreeBSD, altough is well suited for embeded applications, it is not suited for building a custom AP using pfSense ?
There is no single 802.11n card to make it work ? I didn't even mention 802.11ac ...
What does this have to do with pfsense?
"-L/export/local/../solaris/Debug/lib/ -lnsl -lrt"
You should not be updating anything on pfsense directly. current net-snmp package is net-snmp-5.7.3_17..
If you need help compiling snmp on your solaris box - you should be on their forums..
I think you are trying to do too many things at once. I'd break it down and try to figure out a thing at a time and get it working.
If you remove the VPN from the picture, are you able to get the XBox to open? NordVPN does not forward ports so you'll never get an open NAT using them. There are a few providers from my searching that do support port forwarding. I personally use TorGuard as they support port forwarding and seemed a fair price point.
To get a single IP to go through the VPN, I made an alias for my traffic group and set a rule so it goes through my VPN gateway.
Here is an example of what my rules look like.
Hello,
I'm new to pfSense and have been doing a lot of searching to see if my setup is suitable to take advantage of my Gigabit internet connection.
When speedtesting with a direct Modem to PC connection I receive 850 to 950Mbps
however with pFsense in-between I have never tested over 600Mbps
Here is my setup.
pfSense 2.4.3 virtualized with HyperV
CPU: AMD Phenom II X6 1090T Processor (6 Cores assigned to VM)
Memory: 8GB Total (2GB assigned to VM)
NIC: HP NC364T PCIe 4Pt Gigabit Server Adptr
NIC Config:
1 Port dedicated as External Network Virtual Switch in Hyper-V for WAN
1 Port dedicated as External Network Virtual Switch in Hyper-V for LAN
Originally I was maxing out my speedtests at 500Mbps but after unchecking
Hardware Checksum Offloading, Hardware TCP Segmentation Offloading, Hardware Large Receive Offloading
I was able to achieve 600Mbps
Also running iperf with pfSense as the server mimics the speedtest results.
I feel like my hardware should be sufficient to achieve gigabit speeds and I am just missing some simple configuration.
Any help would be greatly appreciated, Thanks!
Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.
Has anyone worked on a solution (other than the dumb switch method) for OpenBSD, by chance? I was thinking PF could just redirect EAPOL traffic to the RG but it looks like it can only filter on layer 2 on bridge interfaces (and even then, only by MAC address).
