Subcategories

• Messages from the pfSense Team

  Announcements and information about pfSense software posted by the project team

  150
  Topics
  1142
  Posts

  

  We are excited to announce the public availability of development snapshots for pfSense 2.5.0 are available now! Please read the blog post (including all of the warnings) first. Reminder: Take a backup before, and a snapshot if it's a VM. These are early development snapshots and are likely to be unstable. Don't expect a smooth ride. We've fixed a lot of obvious things but there is much more left to do.
• General pfSense Questions

  Discussions about pfSense software that do not fit into one of the more specific categories below.

  17037
  Topics
  93765
  Posts

  J

  @mhertzfeld Hi bro! I have the same error on virtualized pfsese what you hardware configuration? Any energy saving enabled? Any calcru kernel messages in logs?
• Installation and Upgrades

  Discussions about installing or upgrading pfSense software

  7639
  Topics
  46962
  Posts

  Q

  Hi again, I'm assuming we've exhausted trying to improve the cpu utilization with this but I just wanted to say thanks for the help/efforts with this. I am still open to try anything though. Cheers!
• Firewalling

  Discussions about firewalling functionality in pfSense software

  6855
  Topics
  38356
  Posts

  C

  @Derelict I have 1 more question if you might know.. the no_wan_egreess works as long as my vpn I don't check the box "Don't Pass Routes" if I enable it... The IP Address I have Tag NO WAN EGRESS is automatically blocked yet should be using the VPN but I notice I need to check Don't Pass Routes to get my XBOX to work bypass VPN do you know how to get get the rule to work for the VPN and TAG No Wan Egress when you check "Don't Pass Routes" and should I be using that check box or not... whats the difference I tried googling info but I didn't find info if you have a link that explains the 2 be good too but I figured I ask you about that since your very smart at this stuff
• NAT

  Discussions about Network Address Translation (NAT)

  4191
  Topics
  22559
  Posts

  B

  Hi everyone, I'm working with a pfsense for some time now. Recently I experienced a behavior of pfsense that I do not fully understand. I hope that some of you already had something similar and help me to understand - Maybe I just did something wrong To the point: my networks: untagged network is 192.168.0.0/22 vlan80 network is 192.168.80.0/23 host 192.168.80.2 (vlan 80) -> L3 SWITCH -> LAN | PFSENSE BOX (router, Internet) | LAN <- SWITCH untagged vlan 1 PFSENSE BOX configuration: System\Routing\Static Routes Network 192.168.80.0/23 Gateway L3 SWITCH Interface LAN Temporary I set firewall to allow all TCP/UDP communication between networks. Everything is working fine except one port. When I try to get from the 192.168.0.0/22 network to the vlan80 network on the port 5900 (vnc) I bounce off the PFSENSE BOX (from the WAN address) with the a message "destination is not recheable" when I delete this rule communication on port 5900 works: Firewall \ NAT \ Port Forward Interface WAN Protocol TCP Source Address * Source Ports * Dest. Address WAN Net Dest. Ports 5900 NAT IP 192.168.0.100 NAT Ports 5900 Why this rule affect LAN communication? Could someone explain to me why WAN IP Address responding me o LAN Internet?
• HA/CARP/VIPs

  Discussions about High Availability, CARP, and utilizing additional IP addresses

  1833
  Topics
  8299
  Posts

  V

  @akong77 As @Derelict already mentioned, if it is the WAN interfaces facing to your upstream gateway, you should state the gateway here (1.2.3.254). Yes the outbound NATs translation address has to be one of your public IPs like 1.2.3.4.
• L2/Switching/VLANs

  Discussions about Layer 2 Networking, including switching and VLANs

  141
  Topics
  1090
  Posts

  T

  The reasoning is as follows: The ISP is also the provider of set-top boxes (STB's) which are placed in several locations on the site. These STB's need to be connected to the WAN directly and not NAT-ed or routed in any way. However, we need their data to run over our internal trunks. As a result, a VLAN with the unrouted WAN on the trunk is what we need. But, at the same time we still need the firewall to provide NAT and routing for several internal networks also connected to the WAN. Normally I could achieve this by plugging the WAN into ports on the switch assigned to this VLAN directly and then connecting the WAN port of the firewall also to this VLAN, but that gives me no control over what is happening on the WAN within the facility. I want to have the ability to transparently firewall this VLAN as well, so it does have to go through the PFsense box. Is that more clear?
• Routing and Multi WAN

  Discussions about routing and Multiple WAN uplinks (WAN Failover, WAN Load Balancing, etc.)

  6355
  Topics
  29653
  Posts

  

  Yup. BGP in that case should be handled by a router that doesn't care what interface a packet arrives on because it is not maintaining firewall states. ISP1 ISP2 + + + + BGP ROUTER + | | + FIREWALL
• Traffic Shaping

  Discussions about traffic shaping and limiters

  2538
  Topics
  13720
  Posts

  

  Did you maybe accidentally set a gateway on the interface config page for those? For example on Interfaces > LAN you shouldn't have a gateway defined/chosen on that page. igb supports ALTQ, so it may just be how you have them setup.
• DHCP and DNS

  Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues

  3895
  Topics
  22343
  Posts

  J

  Hello, I use the pfsense 2.4.4 and pfBlockerNG-devel 2.2.5_22 I have a problem with a particular domain that is not resolving properly when using the pfsense resolver: The examples below are in the firewall but I have the same result when using a client. When I try to resolve www.ara.cat in the firewall forcing to use the local resolver it can't resolve the name. [2.4.4-RELEASE][admin@fw.xxxx.com]/var/log: nslookup www.ara.cat 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find www.ara.cat: SERVFAIL If I don't force the local resolver it fallsback to the second resolver 1.1.1.1 and it works: [2.4.4-RELEASE][admin@fw.xxxx.com]/var/log: nslookup www.ara.cat ;; Got SERVFAIL reply from 127.0.0.1, trying next server Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: www.ara.cat canonical name = www.ara.cat.cdn.bitban.net. www.ara.cat.cdn.bitban.net canonical name = caching.ara.edge2befaster.com. caching.ara.edge2befaster.com canonical name = cec01.euc.edgetcdn.com. Name: cec01.euc.edgetcdn.com Address: 51.255.81.138 on the other hand the if I use another subdomain forcing to use the local resolver it works fine 2.4.4-RELEASE][admin@fw.xxxx.com]/var/log: nslookup ara.cat 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: ara.cat Address: 176.34.179.218 Why is this happening and why it can't resolve that name? How can I fix this? Thanks
• IPv6

  Discussions about IPv6 connectivity and services

  1251
  Topics
  10542
  Posts

  

  Here is the thing I work in the space... I just came out of discussion with up and coming security/sdwan company... 42 Pops globally, etc.. Asked them about their ipv6 support, if on their roadmap, etc.. Nope ;) Their solution arch stated they kind of waiting to see if anyone actually uses it ;) hehehehe You guys can all dream about it all you want... I work in the biz... While there might be traffic... Its not a major player at all unless you count mobile devices... Which really account for most of the traffic to be honest.. .Yeah when you have a bajillion phones kind of hard to give the IPv4 ;) But once you move those all to IPv6 - the rest of its going to be slow to come to the plate..
• IPsec

  Discussions about IPsec VPNs

  4125
  Topics
  16828
  Posts

  

  Then post what you have because it most certainly does work.
• OpenVPN

  Discussions about OpenVPN

  6176
  Topics
  32407
  Posts

  L

  Will do, in the mean time I got something more stable using limiters on in and out at half our DSL capability. Seems like when the link is saturated, the copy get frozen and not when the limiters are reducing. Might very well be due to failover of our SDSL WAN to ADSL second link activates (automatically in suppose due to poor ping)
• Captive Portal

  Discussions about Captive Portal, vouchers, and related topics

  2897
  Topics
  14288
  Posts

  T

  You would probably be easier creating a system at another host, and using cURL commands to send data? On my firewalls, the captive portal page checks that it can see a second box on the network which is used to host most of the captive portal page, and Syslog-NG for logging. If it can't see this box, it uses cURL to talk to my website, (via https:// and to a password protected area) and set a flag, if the unit is online, offline etc. If it is offline, I get an e-mail, and a button shows on the Captive Portal, saying "We've been automatically informed of the problem, however, to send us an SMS, please click here." if someone clicks on that button, I get an SMS through (using bulksms.com) So, it is definitely possible. What you would probably have to do, is setup a database, setup vouchers in pfSense, import the voucher roll into your database, then when someone sends the number through to you, you can set your system to send an SMS back to their number, taking a voucher code from the roll in your DB.
• webGUI

  Anything that does not fit in other categories related to the webGUI

  1506
  Topics
  7131
  Posts

  

  FYI- I added search and sort to the CA and Cert list on 2.5.0 this week, works great: https://redmine.pfsense.org/issues/9412 The commits might apply cleanly against 2.4.4, but I haven't tried.
• Wireless

  Discussions about wireless networks, interfaces, and clients

  1501
  Topics
  8793
  Posts

  

  If you can sometimes reach your LAN and sometimes not, it's not likely a pfSense issue. When you lose connection, do you still have an IP address? Can you not ping something on the LAN? What's happening or not that makes you think it's failing? A little info here would help, as my crystal ball is busted.
• SNMP

  Discussions about monitoring via SNMP

  150
  Topics
  459
  Posts

  T

  thanks
• Documentation

  Discussions about pfSense documentation, including the book

  140
  Topics
  1082
  Posts

  

  @gwaitsi said in Rescue Shell with no documentation: "Mount the drive and edit/delete it." - saw the post, you would see the errors. i chose ufs with GPT partition. So then mount the correct partition, not the whole disk. Again, RTFM: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mount-unmount.html https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disk-organization.html
• Development

  Topics related to developing pfSense: coding styles, skills, questions etc.

  2.5 Development Snapshots
  836
  Topics
  4046
  Posts

  

  I used the 20190321 ISO to upgrade a 2.4.4 ZFS test instance running in VirtualBox to 2.5.0 ZFS by reinstalling and choosing to preserve the config, as this is how I'll probably upgrade my APU2C4 when the time comes. The process ran quickly. Packages were not reinstalled but I don't recall if they normally are when upgrading this way. Once I upgraded to 20190322 I was able to install the packages (System_Patches and ACME) via the UI.
• Gaming

  Discussions about playing network-based games behind pfSense from consoles, PCs, etc.

  315
  Topics
  1923
  Posts

  

  @darealdevil said in Games and Floating rules for better ping: Where can I find a good information about most games? Google? I'm not aware of any one-stop-shop for those kinds of details, but who knows? Usually the company in question has some technical specs on their website about what protocols & ports their particular games use.
• Virtualization

  Discussions about virtualizing pfSense in hypervisors such as AWS, VMware, Hyper-V, Xen, KVM, qemu, etc

  1374
  Topics
  8314
  Posts

  M

  what version of Windows/Hyper-V is it?
• Hardware

  Discussions about pfSense hardware support

  Vendors
  6230
  Topics
  53500
  Posts

  M

  Stephen, I appreciate you taking the time to reach out. I will have to check this out in the morning as I seem to have accidentally migrated the giant box of USB cables to my business' storage unit. However, in the event that the drive is bad, I wonder if Netgate has access to a replacement module that I can re-solder to the board. All-in-all, I'm quite impressed with the quality of the PCB that Netgate uses. Thank you, ~Morgan
• Bounties

  Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.

  Completed Bounties

  Expired/Withdrawn Bounties
  434
  Topics
  5816
  Posts

  C

  I actually created an issue for this, would be great to get some more people behind it. https://redmine.pfsense.org/issues/9238 This would be a real game changer IMHO.
• Retired

  Categories that are no longer active, but are present for reference

  2.4 Development Snapshots

  2.3.3 Development Snapshots

  2.3.2 Development Snapshots

  2.3.1 Snapshots Testing and Feedback - ARCHIVED

  2.3-RC Snapshot Feedback and Issues - ARCHIVED

  2.2.5 Snapshot Feedback and Issues

  2.2.3 Snapshots Problems and Feedback - ARCHIVED

  2.2 Snapshot Feedback and Problems - RETIRED

  2.1.1 Snapshot Feedback and Problems - RETIRED

  2.1 Snapshot Feedback and Problems - RETIRED

  2.0-RC Snapshot Feedback and Problems - RETIRED

  1.2.3-PRERELEASE-TESTING snapshots - RETIRED

  1.2.1-RC Snapshot Feedback and Problems-RETIRED
  8645
  Topics
  54903
  Posts

  

  Set Debug in the DHCP6 Client Configuration on WAN as well, then check the logs (main system log, routing log, etc) to see what shows up.