pfSense® Software

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Messages from the pfSense Team

Announcements and information about pfSense software posted by the project team

184
Topics

1810
Posts

R

@rockyuk I don't know why you are at 100% cpu usage with pfBlocker. For me it was the downloading and installing of the UTI adult category. I watched the processes on TOP and they pretty well told the story. Dropping to the command line and running

top -aSH

helps to understand the processes that are using up the cycles.

Roy
General pfSense Questions

Discussions about pfSense software that do not fit into one of the more specific categories below.

22204
Topics

140464
Posts

Switching major base versions like that is not an insignificant task! But plans are well underway....
Installation and Upgrades

Discussions about installing or upgrading pfSense software

8651
Topics

53664
Posts

@jimp thanks.
Firewalling

Discussions about firewalling functionality in pfSense software

8575
Topics

50410
Posts

@nopfsense said in Cannot access AP web ui:

the default ip is 192.168.1.1

That is what is was in the past.
You've - as you've said - activated a DHCP-client on the LAN part.
Is that really so ? Normally, a DHCP-client is activated on a WAN type interface. Your setup is AP mode only, so no WAN usage.

I advise you to set it up with a static IP.
192.168.22.2 network 255.255.255.0 or /24
Gateway 1921.168.22.1 - DNS 192.168.22.1

@nopfsense said in Cannot access AP web ui:

It is setup so that pfsense handles the DHCP leases for the AP and

That is what you want.
Never ever stop there. Do some fact checking.

Check that "what you see" is what you want : Visit this page : pfSense :: Status > System Logs > DHCP
Now, remove the cable between the pfSense 192.168.22.1 and your AP., and put it back in place.
Refresh the pfSense page "Status > System Logs > DHCP".
Do you see a device with MAC == the MAC of the AP asking for IP 192.168.22.2 ??
If so, issue solved.
If not, you know your AP DHCP-client setup isn't right.

I'm using AP's (DDWRT) for the better part of this century, and I've always set them up using static settings. I can visit their GUI just fine.

This is typical for an AP :

f381bbd5-d824-4655-b930-d8b6037b9ccd-image.png

IP assigned + /24
Gateway.
DNS.
DHCP server ( ! ) shut down (pfSense does the DHCP attribution).
WAN interface shut down.

You can even ditch all firewall related stuf.
An most simple AP device transforms radio signals to electric signals. Nothing more, nothing less.
Later on, you can use VLAN's, separate SSIDs for each VLAN, AP-client-isolation etc etc
NAT

Discussions about Network Address Translation (NAT)

5070
Topics

27779
Posts

M

Update:
Speaking to Chelsio support, they suggested setting "hw.cxgbe.buffer_packing=0" in "loader.conf". This resolved my issue.
HA/CARP/VIPs

Discussions about High Availability, CARP, and utilizing additional IP addresses

2306
Topics

10552
Posts

P

@dara said in pfSense CARP + Cisco N5k vPC:

@philippe-richard Hi Philippe, Thanks a lot. This is more complete and interesting than our setup.

I wonder how you configured the connection between the routers and switches?

In my setup, each router has a single connection to a single switch configured as an Orphan port. For now it is working perfectly.

I am not sure however how it will handle different link and device failure scenarios but I will test it sometime soon and post my findings here.

Hello, have you made progress on your configuration?
Have a good day
L2/Switching/VLANs

Discussions about Layer 2 Networking, including switching and VLANs

774
Topics

6632
Posts

N

@stephenw10
19:54:15.069333 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:20.067967 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:25.067447 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:30.256858 dc:f5:05:3d:18:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 68: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, LLC, dsap Null (0x00) Individual, ssap Null (0x00) Response, ctrl 0xaf: Unnumbered, xid, Flags [Response], length 46: 01 02 19:54:32.205770 dc:f5:05:3d:18:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 358: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:f5:05:3d:18:2d (oui Unknown), length 308 19:54:36.198452 dc:f5:05:3d:18:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 358: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:f5:05:3d:18:2d (oui Unknown), length 308 19:54:44.184506 dc:f5:05:3d:18:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 358: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:f5:05:3d:18:2d (oui Unknown), length 308 19:54:45.079594 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:46.068199 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:47.067681 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:49.068646 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:49.743799 ac:1f:6b:45:fa:8a (oui Unknown) > 01:00:5e:00:00:fb (oui Unknown), ethertype 802.1Q (0x8100), length 86: vlan 20, p 0, ethertype IPv4, 192.168.10.1.mdns > 224.0.0.251.mdns: 0 PTR (QM)? _googlezone._tcp.local. (40) 19:54:49.743972 ac:1f:6b:45:fa:8a (oui Unknown) > 01:00:5e:00:00:fb (oui Unknown), ethertype 802.1Q (0x8100), length 123: vlan 20, p 0, ethertype IPv4, 192.168.10.1.mdns > 224.0.0.251.mdns: 0 SRV (QM)? ee41442d-2c14-cc09-fde8-2be16f84be32._googlezone._tcp.local. (77) 19:54:49.744264 ac:1f:6b:45:fa:8a (oui Unknown) > 01:00:5e:00:00:fb (oui Unknown), ethertype 802.1Q (0x8100), length 256: vlan 20, p 0, ethertype IPv4, 192.168.10.1.mdns > 224.0.0.251.mdns: 0*- [0q] 4/0/0 PTR ee41442d-2c14-cc09-fde8-2be16f84be32._googlezone._tcp.local., (Cache flush) A 172.18.0.14, (Cache flush) SRV ee41442d-2c14-cc09-fde8-2be16f84be32.local.:10001 1100 0, (Cache flush) TXT "id=3CABD325728E72997BA6735F95651E36" "UDS" (210) 19:54:52.068645 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:55.068665 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:54:59.070888 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:55:00.157354 dc:f5:05:3d:18:2d (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 358: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:f5:05:3d:18:2d (oui Unknown), length 308 19:55:03.070243 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:55:06.797226 dc:f5:05:4d:ec:1a (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 68: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, LLC, dsap Null (0x00) Individual, ssap Null (0x00) Response, ctrl 0xaf: Unnumbered, xid, Flags [Response], length 46: 01 02 19:55:08.072959 28:6d:97:7f:bb:0c (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 598: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 28:6d:97:7f:bb:0c (oui Unknown), length 548 19:55:08.751278 dc:f5:05:4d:ec:1a (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 358: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:f5:05:4d:ec:1a (oui Unknown), length 308 19:55:10.253923 cc:f4:11:c5:bc:81 (oui Unknown) > 33:33:00:0c:00:0c (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv6, fe80::cef4:11ff:fec5:bc81.10101 > ff02::c:c.10101: UDP, length 38 19:55:10.253930 cc:f4:11:c5:bc:81 (oui Unknown) > 33:33:00:00:0c:0c (oui Unknown), ethertype 802.1Q (0x8100), length 108: vlan 0, p 0, ethertype 802.1Q, vlan 20, p 0, ethertype IPv6, fe80::cef4:11ff:fec5:bc81.10101 > ff05::c0c.10101: UDP, length 38 ^C 29 packets captured 424 packets received by filter 0 packets dropped by kernel
Routing and Multi WAN

Discussions about routing and Multiple WAN uplinks (WAN Failover, WAN Load Balancing, etc.)

7706
Topics

36673
Posts

D

@dotdash Thanks a lot!
This PFSense is in production, so I need to schedulle the update task
Traffic Shaping

Discussions about traffic shaping and limiters

2835
Topics

15337
Posts

R

@jimp said in Old bug or new issue?:

Those are not the same rule you have failing in the error message.

The one in the error message has a different description.

Check all the other tabs and see where that specific rule is, labeled "Connections From Upstream SIP Server"

Rebooted today and the issue is gone.. bizarre
DHCP and DNS

Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues

5360
Topics

32926
Posts

@domnado said in Slow DNS after 22.05:

@bmeeks

Hope I'm not speaking too soon, I tried the halt and pull power cord for 30 seconds, system has been up for 10 minutes now with zero error messages.

Resetting the crypto chip hardware certainly won't hurt anything, and it may be the solution. I did a some quick scans through the unbound source code but was unable to locate that specific error message template text. I was hoping if I found the error message in the source code that it would help identify a possible cause.
IPv6

Discussions about IPv6 connectivity and services

1682
Topics

15587
Posts

S

Anyone having any oddities with IPv6 today? My wife mentioned today that "the internet started running like crap" around 11am-ish. I'm assuming around that time is when the IPv6 issue happened, and devices ran bad until they realized that IPv6 was dead and fell back to IPv4. I've had IPv6 for weeks now w/o issues, and no recent config changes so it's unexpected.

Nothing really jumps out at me in the log. I connected to my neighbor's Verizon-provided router, and they don't seem to have IPv6 connectivity either, when they also have previously had it like me. Looks like pfsense is keeping the prefix, and the WAN link-local address is showing as online as well, so that part of the connection is working...

Maybe locally (Newport News, VA) there's some sort of work, or IPv6 outage for some reason.

Verbose log below if anyone sees anything interesting!
Jun 30 20:24:28 dhcp6c 73904 got an expected reply, sleeping. Jun 30 20:24:28 dhcp6c 73904 removing server (ID: 00:02:00:00:05:83:66:34:3a:62:35:3a:32:66:3a:30:34:3a:65:30:3a:63:30:00:00:00) Jun 30 20:24:28 dhcp6c 73904 removing an event on igb0, state=REQUEST Jun 30 20:24:28 dhcp6c 73904 script "/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh" terminated Jun 30 20:24:28 dhcp6c 84659 dhcp6c REQUEST on igb0 - running rtsold Jun 30 20:24:26 dhcp6c 73904 executes /var/etc/dhcp6c_wan_dhcp6withoutra_script.sh Jun 30 20:24:26 dhcp6c 73904 add an address 2600:4040:13e5:1a35:21b:21ff:fe73:d35d/64 on igb3 Jun 30 20:24:26 dhcp6c 73904 add an address 2600:4040:13e5:1a20:21b:21ff:fe73:d35c/64 on igb2 Jun 30 20:24:26 dhcp6c 73904 add an address 2600:4040:13e5:1a10:21b:21ff:fe73:d359/64 on igb1 Jun 30 20:24:26 dhcp6c 73904 create a prefix 2600:4040:13e5:1a00::/56 pltime=7200, vltime=7200 Jun 30 20:24:26 dhcp6c 73904 make an IA: PD-0 Jun 30 20:24:26 dhcp6c 73904 dhcp6c Received REQUEST Jun 30 20:24:26 dhcp6c 73904 IA_PD prefix: 2600:4040:13e5:1a00::/56 pltime=7200 vltime=7200 Jun 30 20:24:26 dhcp6c 73904 get DHCP option IA_PD prefix, len 25 Jun 30 20:24:26 dhcp6c 73904 IA_PD: ID=0, T1=3600, T2=5760 Jun 30 20:24:26 dhcp6c 73904 get DHCP option IA_PD, len 41 Jun 30 20:24:26 dhcp6c 73904 DUID: 00:02:00:00:05:83:66:34:3a:62:35:3a:32:66:3a:30:34:3a:65:30:3a:63:30:00:00:00 Jun 30 20:24:26 dhcp6c 73904 get DHCP option server ID, len 26 Jun 30 20:24:26 dhcp6c 73904 DUID: 00:01:00:01:2a:47:f1:e8:00:1b:21:73:XX:XX Jun 30 20:24:26 dhcp6c 73904 get DHCP option client ID, len 14 Jun 30 20:24:26 dhcp6c 73904 receive reply from fe80::f6b5:2fff:fe04:d9da%igb0 on igb0 Jun 30 20:24:26 dhcp6c 73904 reset a timer on igb0, state=REQUEST, timeo=0, retrans=955 Jun 30 20:24:26 dhcp6c 73904 send request to ff02::1:2%igb0 Jun 30 20:24:26 dhcp6c 73904 set IA_PD Jun 30 20:24:26 dhcp6c 73904 set IA_PD prefix Jun 30 20:24:26 dhcp6c 73904 set option request (len 4) Jun 30 20:24:26 dhcp6c 73904 set elapsed time (len 2) Jun 30 20:24:26 dhcp6c 73904 set server ID (len 26) Jun 30 20:24:26 dhcp6c 73904 set client ID (len 14) Jun 30 20:24:26 dhcp6c 73904 a new XID (803dba) is generated Jun 30 20:24:26 dhcp6c 73904 Sending Request Jun 30 20:24:26 dhcp6c 73904 picked a server (ID: 00:02:00:00:05:83:66:34:3a:62:35:3a:32:66:3a:30:34:3a:65:30:3a:63:30:00:00:00) Jun 30 20:24:25 dhcp6c 73904 reset timer for igb0 to 0.995807 Jun 30 20:24:25 dhcp6c 73904 server ID: 00:02:00:00:05:83:66:34:3a:62:35:3a:32:66:3a:30:34:3a:65:30:3a:63:30:00:00:00, pref=-1 Jun 30 20:24:25 dhcp6c 73904 IA_PD prefix: 2600:4040:13e5:1a00::/56 pltime=7200 vltime=7200 Jun 30 20:24:25 dhcp6c 73904 get DHCP option IA_PD prefix, len 25 Jun 30 20:24:25 dhcp6c 73904 IA_PD: ID=0, T1=3600, T2=5760 Jun 30 20:24:25 dhcp6c 73904 get DHCP option IA_PD, len 41 Jun 30 20:24:25 dhcp6c 73904 DUID: 00:02:00:00:05:83:66:34:3a:62:35:3a:32:66:3a:30:34:3a:65:30:3a:63:30:00:00:00 Jun 30 20:24:25 dhcp6c 73904 get DHCP option server ID, len 26 Jun 30 20:24:25 dhcp6c 73904 DUID: 00:01:00:01:2a:47:f1:e8:00:1b:21:73:XX:XX Jun 30 20:24:25 dhcp6c 73904 get DHCP option client ID, len 14 Jun 30 20:24:25 dhcp6c 73904 receive advertise from fe80::f6b5:2fff:fe04:d9da%igb0 on igb0 Jun 30 20:24:25 dhcp6c 73904 reset a timer on igb0, state=SOLICIT, timeo=4, retrans=16326 Jun 30 20:24:25 dhcp6c 73904 send solicit to ff02::1:2%igb0 Jun 30 20:24:25 dhcp6c 73904 set IA_PD Jun 30 20:24:25 dhcp6c 73904 set IA_PD prefix Jun 30 20:24:25 dhcp6c 73904 set option request (len 4) Jun 30 20:24:25 dhcp6c 73904 set elapsed time (len 2) Jun 30 20:24:25 dhcp6c 73904 set client ID (len 14) Jun 30 20:24:25 dhcp6c 73904 Sending Solicit Jun 30 20:24:17 dhcp6c 73904 reset a timer on igb0, state=SOLICIT, timeo=3, retrans=8065 Jun 30 20:24:17 dhcp6c 73904 send solicit to ff02::1:2%igb0 Jun 30 20:24:17 dhcp6c 73904 set IA_PD Jun 30 20:24:17 dhcp6c 73904 set IA_PD prefix Jun 30 20:24:17 dhcp6c 73904 set option request (len 4) Jun 30 20:24:17 dhcp6c 73904 set elapsed time (len 2) Jun 30 20:24:17 dhcp6c 73904 set client ID (len 14) Jun 30 20:24:17 dhcp6c 73904 Sending Solicit Jun 30 20:24:13 dhcpleases 23855 Could not deliver signal HUP to process 69147: No such process. Jun 30 20:24:13 dhcpleases 23855 Sending HUP signal to dns daemon(69147) Jun 30 20:24:13 dhcp6c 73904 reset a timer on igb0, state=SOLICIT, timeo=2, retrans=3982 Jun 30 20:24:13 dhcp6c 73904 send solicit to ff02::1:2%igb0 Jun 30 20:24:13 dhcp6c 73904 set IA_PD Jun 30 20:24:13 dhcp6c 73904 set IA_PD prefix Jun 30 20:24:13 dhcp6c 73904 set option request (len 4) Jun 30 20:24:13 dhcp6c 73904 set elapsed time (len 2) Jun 30 20:24:13 dhcp6c 73904 set client ID (len 14) Jun 30 20:24:13 dhcp6c 73904 Sending Solicit Jun 30 20:24:11 dhcp6c 73904 reset a timer on igb0, state=SOLICIT, timeo=1, retrans=2083 Jun 30 20:24:11 dhcp6c 73904 send solicit to ff02::1:2%igb0 Jun 30 20:24:11 dhcp6c 73904 set IA_PD Jun 30 20:24:11 dhcp6c 73904 set IA_PD prefix Jun 30 20:24:11 dhcp6c 73904 set option request (len 4) Jun 30 20:24:11 dhcp6c 73904 set elapsed time (len 2) Jun 30 20:24:11 dhcp6c 73904 set client ID (len 14) Jun 30 20:24:11 dhcp6c 73904 Sending Solicit Jun 30 20:24:10 dhcp6c 73904 reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1091 Jun 30 20:24:10 dhcp6c 73904 send solicit to ff02::1:2%igb0 Jun 30 20:24:10 dhcp6c 73904 set IA_PD Jun 30 20:24:10 dhcp6c 73904 set IA_PD prefix Jun 30 20:24:10 dhcp6c 73904 set option request (len 4) Jun 30 20:24:10 dhcp6c 73904 set elapsed time (len 2) Jun 30 20:24:10 dhcp6c 73904 set client ID (len 14) Jun 30 20:24:10 dhcp6c 73904 a new XID (b8cbfb) is generated Jun 30 20:24:10 dhcp6c 73904 Sending Solicit Jun 30 20:24:09 dhcp6c 73904 reset a timer on igb0, state=INIT, timeo=0, retrans=891 Jun 30 20:24:09 dhcp6c 73792 called Jun 30 20:24:09 dhcp6c 73792 called Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of closure [}] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of closure [}] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[8] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[sla-len] (7) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[53] (2) Jun 30 20:24:09 dhcp6c 73792 <3>[sla-id] (6) Jun 30 20:24:09 dhcp6c 73792 <3>begin of closure [{] (1) Jun 30 20:24:09 dhcp6c 73792 <5>[igb3] (4) Jun 30 20:24:09 dhcp6c 73792 <3>[prefix-interface] (16) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of closure [}] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[8] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[sla-len] (7) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[32] (2) Jun 30 20:24:09 dhcp6c 73792 <3>[sla-id] (6) Jun 30 20:24:09 dhcp6c 73792 <3>begin of closure [{] (1) Jun 30 20:24:09 dhcp6c 73792 <5>[igb2] (4) Jun 30 20:24:09 dhcp6c 73792 <3>[prefix-interface] (16) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of closure [}] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[8] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[sla-len] (7) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[16] (2) Jun 30 20:24:09 dhcp6c 73792 <3>[sla-id] (6) Jun 30 20:24:09 dhcp6c 73792 <3>begin of closure [{] (1) Jun 30 20:24:09 dhcp6c 73792 <5>[igb1] (4) Jun 30 20:24:09 dhcp6c 73792 <3>[prefix-interface] (16) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[infinity] (8) Jun 30 20:24:09 dhcp6c 73792 <3>[56] (2) Jun 30 20:24:09 dhcp6c 73792 <3>[/] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[::] (2) Jun 30 20:24:09 dhcp6c 73792 <3>[prefix] (6) Jun 30 20:24:09 dhcp6c 73792 <13>begin of closure [{] (1) Jun 30 20:24:09 dhcp6c 73792 <13>[0] (1) Jun 30 20:24:09 dhcp6c 73792 <13>[pd] (2) Jun 30 20:24:09 dhcp6c 73792 <3>[id-assoc] (8) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>end of closure [}] (1) Jun 30 20:24:09 dhcp6c 73792 <3>comment [# we'd like nameservers and RTSOLD to do all the work] (53) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>["/var/etc/dhcp6c_wan_dhcp6withoutra_script.sh"] (46) Jun 30 20:24:09 dhcp6c 73792 <3>[script] (6) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[domain-name] (11) Jun 30 20:24:09 dhcp6c 73792 <3>[request] (7) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[domain-name-servers] (19) Jun 30 20:24:09 dhcp6c 73792 <3>[request] (7) Jun 30 20:24:09 dhcp6c 73792 <3>comment [# request prefix delegation] (27) Jun 30 20:24:09 dhcp6c 73792 <3>end of sentence [;] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[0] (1) Jun 30 20:24:09 dhcp6c 73792 <3>[ia-pd] (5) Jun 30 20:24:09 dhcp6c 73792 <3>[send] (4) Jun 30 20:24:09 dhcp6c 73792 <3>begin of closure [{] (1) Jun 30 20:24:09 dhcp6c 73792 <5>[igb0] (4) Jun 30 20:24:09 dhcp6c 73792 <3>[interface] (9) Jun 30 20:24:09 dhcp6c 73792 skip opening control port Jun 30 20:24:09 dhcp6c 73792 failed initialize control message authentication Jun 30 20:24:09 dhcp6c 73792 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory Jun 30 20:24:09 dhcp6c 73792 extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:2a:47:f1:e8:00:1b:21:73:XX:XX
IPsec

Discussions about IPsec VPNs

5217
Topics

21401
Posts

M

@gassyantelope @auroramus Please let me know how it went after upgrading to the version 2.7
OpenVPN

Discussions about OpenVPN

8497
Topics

46202
Posts

J

@vbianconi88 I'm not following what you're saying in number 1 so I'll skip that. Number 2, select "other" then enter your DDNS in the box it gives you.
WireGuard

Discussions about WireGuard

308
Topics

1937
Posts

D

I removed the WG package (not before I cleared the keep settings checkbox in the WG settings). After removal, I compared the pfSense config to the previous one and I can see in the installedpackages node the leftovers below
<wireguard> <config/> <peers/> <tunnels/> </wireguard> </installedpackages>
How can WG be removed completely from my config? I know this is not doing anything in the config but I like to keep my config as clean as possible
Captive Portal

Discussions about Captive Portal, vouchers, and related topics

3284
Topics

17004
Posts

J

Hello guys.

I work at a public school and I'm thinking of installing pfsense to run the captive portal and generate vouchers.

I would need to generate vouchers of up to 6 digits, does anyone know how to do it?
webGUI

Anything that does not fit in other categories related to the webGUI

1837
Topics

8782
Posts

E

@mcdiesel said in Colors for interfaces:

New pfSense 2.3 gui style is nice, easy to use, well done.

Colors on interfaces would be useful.

eg Red, Green, Blue. Colour wouldn't actually do anything, it's just a 'tag'.

Two tones for each colour - the dark color when used for text / primary / icon, and the light shade for background bands.

Abstracting further, colour is just a word, and words are tags, and tags can be represented already with aliases.

So if the existing alias feature can have a color attribute, that colour in it's two tones could be used where the alias is involved.

I think the light background colour would be the most often used - rules lines, log lines, dhcp lease lines would all be subtly banded with the interface colour, which improve understanding, without making the interface any busier by adding elements.

Taking it one step further, if an alias could have an icon attribute, we could have subtle pictures of desktops, printers, switches on the various lists.

Many humans think in colours & pictograms, so I think this would make pfSense more intuitive, and faster to use, while maintaining it's great look and feel.

Appologies if this suggestion is duplicated elsewhere, or belongs in another part of forum/tracker/suggestion box.

Good time of the day. I can't help but agree that colors on interfaces would be helpful. Only Vod would suggest using not red, green and blue (it's just banal), but pastel colors - Pink, Rose Gold, Plum from the palette https://create.vista.com/colors/color-names/rose-quartz/. As for me, this is a good idea :)
Wireless

Discussions about wireless networks, interfaces, and clients

1637
Topics

10128
Posts

Mmm, wifi losing link could be a number of causes.

Those logs were generated without you doing anything manually? It looks like it reconnects there but you say you have to reboot to actually use the connection?

If you have another device connected to the 4G router at the same time does that also lose link?

Steve
SNMP

Discussions about monitoring via SNMP

168
Topics

516
Posts

R

@viragomann I thought that initially but it would reflect it in the system, too.

@RedSock if you go to Diagnostics -> System Activity what's using all the RAM? If it is pcscd then that bug has patches that will fix it for 2.5.2, or you can upgrade to 2.6-RELEASE and it will be fixed there.
Documentation

Discussions about pfSense documentation, including the book

171
Topics

1208
Posts

C

@bdben
I recently upgraded from 2.4.4 to 2.6.0 and everything was fine, except for my LDAP config using Freeipa (Red Hat IDM actually).

So I walked through this config and that got my LDAP authenticating for my VPN server, and I can authenticate on the webconfigurator, BUT, I get the error "No pages assigned to this user".

So I figured it was something wonky with the way the groups were returning now. I followed your diagnostics and did a packet capture. I am seeing the PartialAttributeList for memberof come back with ALL my groups in my FreeIPA LDAP. in the pcap. See this screenshot:
https://share.getcloudapp.com/GGuKp8gl

alt text

But in the authentication diagnostics, it doesn't return any groups. See this screenshot:
https://share.getcloudapp.com/bLuBqrE4

alt text

I have also tried using ldapsearch but I am not sure what to use to test the filtering? Here is what I was poking away with:
ldapsearch -D "uid=binduser,cn=users,cn=accounts,dc=shadowman,dc=dev" -W -b "dc=shadowman,dc=dev" -u "uid=ldixon"
And that does return an entry for ldixon and it brings back all the attributes I'd expect to see. As a sampling of what it returns :
memberOf: cn=ssogroups,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=vcenter_admins,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=ipausers,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=editors,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=trust admins,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=service,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=tower_users,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=tower_admins,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=guacamoleusers,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=vpn_users,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=application,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=cloud,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=network,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=security,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=linux,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=windows,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=demondgroup,cn=groups,cn=accounts,dc=shadowman,dc=dev memberOf: cn=pfsense_admins,cn=groups,cn=accounts,dc=shadowman,dc=dev
This is what I have my extended query set to in pfsense:
memberOf=cn=pfsense_admins,cn=groups,cn=accounts,dc=shadowman,dc=dev

That group does exists in my pfsense settings as a remote group, and the names match exactly, and I have granted that group all of the webconfigurator pages for privileges.

I think my problem is that when I do the authentication diagnostics, for some reason pfsense doesn't seem to be parsing all the memberOf results correctly? Any ideas on what I can try?
Development

Topics related to developing pfSense: coding styles, skills, questions etc.

Plus 22.05 Development Snapshots
CE 2.7.0 Development Snapshots
Plus 22.01 Development Snapshots (Retired)
CE 2.6.0 Development Snapshots (Retired)
2.5.2 Release Candidate Snapshots (Retired)
2.5 Development Snapshots (Retired)
21.02.2/2.5.1 Snapshots (Retired)

1494
Topics

9073
Posts

C

@p1erre I did disable my limiters, but i missed pfblockerng rules. I think I will just deal with the spanning for the time being as it seems like a cosmetic issue
Gaming

Discussions about playing network-based games behind pfSense from consoles, PCs, etc.

377
Topics

2415
Posts

J

@jonathanlee

Per Roblox website for support for Educational networks provides the following information seen here.

Required URLS HTTP and HTTPS use

www.roblox.com
api.roblox.com
clientsettings.api.roblox.com
versioncompatibility.api.roblox.com
chat.roblox.com
chatsite.roblox.com
assetgame.roblox.com
setup.roblox.com
setup.rbxcdn.com
cdn.arkoselabs.com
roblox-api.arkoselabs.com
js.rbxcdn.com
static.rbxcdn.com
captcha.roblox.com

my additional to add to do not cache locally
rbxcdn.com
roblox.com

Required UDP ports that need to be open for the Xbox systems
UDP ports: 49152 - 65535

Per Roblox website for support for Educational networks provides the following information seen here.
Virtualization

Discussions about virtualizing pfSense in hypervisors such as AWS, VMware, Hyper-V, Xen, KVM, qemu, etc

1688
Topics

10365
Posts

You can connect from either but you have to use the correct IP address.

The Lubuntu VM is connected to LAN so it can access any IP address in pfSense.

The VBox host cannot access the internal network so if you are trying to access it from there you need to use the pfSense WAN IP.

Steve
Hardware

Discussions about pfSense hardware support

Vendors

6968
Topics

62381
Posts

@stephenw10 said in Networking testing tools:

For network testing it's hard to beat T-Rex.

Could You be so please to give me .yaml profiles & .pcap files, that You using for pfSense CE testing?

(Right now reading https://github.com/cisco-system-traffic-generator/trex-profiles, looks very interesting..)

Could You be so please to explain in more details how You testing pfSense by TRex?
Thank You!
Bounties

Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.

Completed Bounties
Expired/Withdrawn Bounties

452
Topics

6277
Posts

C

@deanfourie I got far enough that you could connect and bridge your LAN to ZT. I haven't had time to dedicate to working on it anymore. The biggest issue is during an upgrade the package is removed which will lead to mismatched interfaces requiring reassignment at the console level.

I was trying to get it to at least safely uninstall and remove the interfaces before an upgrade to avoid this.
Retired

Categories that are no longer active, but are present for reference

2.4 Development Snapshots
2.3.3 Development Snapshots
2.3.2 Development Snapshots
2.3.1 Snapshots Testing and Feedback - ARCHIVED
2.3-RC Snapshot Feedback and Issues - ARCHIVED
2.2.5 Snapshot Feedback and Issues
2.2.3 Snapshots Problems and Feedback - ARCHIVED
2.2 Snapshot Feedback and Problems - RETIRED
2.1.1 Snapshot Feedback and Problems - RETIRED
2.1 Snapshot Feedback and Problems - RETIRED

8644
Topics

54899
Posts

Set Debug in the DHCP6 Client Configuration on WAN as well, then check the logs (main system log, routing log, etc) to see what shows up.

1 / 1