Subcategories

• Messages from the pfSense Team

  Announcements and information about pfSense software posted by the project team

  177
  Topics
  1715
  Posts

  

  @gauthig It is taking a little longer than initially planned, but our goal is still to have it available this year.

• General pfSense Questions

  Discussions about pfSense software that do not fit into one of the more specific categories below.

  20530
  Topics
  123563
  Posts

  B

  contad admin icq : 683485306 gmail : bossgold63@gmail.com

• Installation and Upgrades

  Discussions about installing or upgrading pfSense software

  8502
  Topics
  52788
  Posts

  

  Ok, so you have both outbound policy routing and a port forward in the other direction.

  So the IPSec tunnel can establish in either direction. Which way does it actually establish? Both?

  Is it failing to establish at all in 2.5.2?

  I would not expect to require both those. Certainly the tunnel will only use one to create the states though it could use either if it's a site to site tunnel.

  If it's actually blocking traffic what do the firewall logs look like? What rule is blocking?

  Check the state table. Do you see states on the wrong interfaces?

  Steve

• Firewalling

  Discussions about firewalling functionality in pfSense software

  8093
  Topics
  46936
  Posts

  J

  @kom Thanks for the reply.

  I haven't touched the settings, so as of now all hardware offloading is occurring. I have a 100x5 comcast internet connection through a motorola modem, and i get about 100-115 down, 6Mb up. however my apps that i run ARE latency sensitive.. plus it says in the documentation (as i understand it) that the hardware offloading could be detrimental to performance.

  yeah, i'm kinda splitting hairs, but..

  Thanks!!

• NAT

  Discussions about Network Address Translation (NAT)

  4844
  Topics
  26336
  Posts

  

  @wifi-will said in /29 and /30 NAT Disable:

  LAN2 for public IP1, LAN3 for public IP2 etc...

  Sure you can put all your switch ports in your /29 network and then connect devices directly to the switch to be in the /29 network.

  Or you could use port 1 of the switch for some other network, and the other ports in the switch for your /29, etc.

  I personally like my interfaces discrete on my router, why I have a 4860 vs a model with a switch built in.. But some people like the switch in the router. But what you do with that switch is really no different than an external vlan capable switch. Be all the ports are in 1 vlan, or you break up the ports to be in other vlans.

• HA/CARP/VIPs

  Discussions about High Availability, CARP, and utilizing additional IP addresses

  2155
  Topics
  9920
  Posts

  

  This is the sort of thread that could be very useful for next guy.. I would assume a few people could run into such a problem... Wonder if might be useful to add note in the pfsense docs if running on proxmox on ovh.. Have to look to see what is in the offical docs if anything about running pfsense on proxmox, etc.

• L2/Switching/VLANs

  Discussions about Layer 2 Networking, including switching and VLANs

  578
  Topics
  4693
  Posts

  H

  @johnpoz OK, thanks I will give a try

• Routing and Multi WAN

  Discussions about routing and Multiple WAN uplinks (WAN Failover, WAN Load Balancing, etc.)

  7331
  Topics
  34698
  Posts

  Y

  Does anybody know if this is possible at all?

• Traffic Shaping

  Discussions about traffic shaping and limiters

  2758
  Topics
  15034
  Posts

  S

  how do I mark the ticket as closed, I created it and fixed it.

• DHCP and DNS

  Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues

  4941
  Topics
  30093
  Posts

  J

  @2lostkiwis said in (SOLVED) Dynamic DNS stop updating NO-IP but from pfsense status is updated:

  I came across this post as one of my clients stopped auto updating... from pure guesswork I found the following:

  The the one that stopped updating was running pfsense+ 21.05 while the others were using the community version. For some unknown reason the pfsense+ needs to log in with the username while the community version needs to log in with the email address.

  It used to work so it seems at some point when upgrading the pfsense+ version it changed and at that point stopped updating.

  I tried with your suggestion, log in with email address, but still no luck. It won't work. I tested on pfsense community edition, 2.5.1

• IPv6

  Discussions about IPv6 connectivity and services

  1565
  Topics
  14408
  Posts

  

  @jknott

  The essence of the issue, as I reported, is that pfSense DNS resolver refuses DNS queries via its IPv6 address, from boot until the DNS resolver is manually restarted.

  What I reported about Windows 10 is really just some background information that, in the end, means I'm uncertain about how long pfSense has exhibited the issue. I upgraded Windows 10 to 21H1 on June 15, and I upgraded pfSense from 2.4.5-p1 to 2.5.2-RC on June 16. So I'm not sure which of those is the reason I started seeing DNS look-up failures appear on the Windows PC.

• IPsec

  Discussions about IPsec VPNs

  4979
  Topics
  20513
  Posts

  B

  I figured out the last part: In the pfSense GUI for the DNS Resolver there are no entries in the Access List, however after I searched for and found the configuration files, I noticed that pfSense automatically creates allow entries only for IP ranges of the interfaces on pfSense. I assumed then ( I didn't look it up in online man pages for unbound) that by default unbound refuses DNS requests unless an allow access-control entry exists.
  I went back to the GUI and created an Access List entry to allow the IP of the pfSense in Site B.

  All is well.

• OpenVPN

  Discussions about OpenVPN

  7908
  Topics
  42921
  Posts

  

  @bafcharles

  what version of pfS ?
  maybe deprecheated version
  best guess go and update your box to 2.5.1

  brNP

• WireGuard

  Discussions about WireGuard

  116
  Topics
  1073
  Posts

  

  @theonemcdonald Sorted. Cheers man :)

• Captive Portal

  Discussions about Captive Portal, vouchers, and related topics

  3176
  Topics
  16467
  Posts

  K

  i solved this problem thanks.

• webGUI

  Anything that does not fit in other categories related to the webGUI

  1732
  Topics
  8269
  Posts

  

  Need a little more info to clarify what you are doing for me.

  So you go to Suricata under SERVICES in the pfSense menu.

  Then on the INTERFACES tab that opens you click the icon to edit a Suricata interface (you can also just double-click on the row to edit).

  Then you click the CATEGORIES tab. Is that when you get the Gateway error, or are you clicking something else on the tab?

• Wireless

  Discussions about wireless networks, interfaces, and clients

  1607
  Topics
  9826
  Posts

  V

  This is a Proxmox topic and i'm not an expert on it.

  @sujan-0 said in Wireless interface not visible:

  I have installed pfSence successfully with 2 network interface vmbr0 and vmbr1

  vmbr1 has no network adapter connected yet.
  If you install pfSense with to interfaces, it uses the first one for WAN, the second for LAN. However, it allows only access on LAN, but that might be connected to vmbr1 which is not connected to any network.

  If you only enable one interface, the GUI should be accessible on this.
  Or if you're running other VMs on Proxmox, you can connect to vmbr1 as well as pfSense and access the GUI from there.

  However, basically if your router provides DHCP, pfSense should pull an IP from it on WAN if it's connected to vmbr0.

  post-up iptables -t nat -A POSTROUTING -s '192.168.8.0/24' -o wlan0 -j MASQUERADE

  I think, there is no reason to have a masqerading rule on the wifi.

• SNMP

  Discussions about monitoring via SNMP

  161
  Topics
  496
  Posts

  Y

  Hello,
  We manage the hard disk cache by swapstat_check.php.
  It doesn't work sometimes. How can we monitor it by SNMP?
  (We are using PRTG.)

  Regards

• Documentation

  Discussions about pfSense documentation, including the book

  162
  Topics
  1180
  Posts

  

  It's a limitation of the platform used for the documentation. They did recently add case insensitive searching recently, but it may be a bit yet before it's in a stable version we use for the public docs.

• Development

  Topics related to developing pfSense: coding styles, skills, questions etc.

  2.6 Development Snapshots

  2.5 Development Snapshots (Retired)

  21.02.2/2.5.1 Snapshots (Retired)
  1309
  Topics
  7621
  Posts

  S

  Hi,

  After updating to Build 2.6.0.a.20210623.0644 there seems to be an issue with pfBlockerNG python module

  py_error.log

  2021-06-23 12:05:45,193|ERROR| [pfBlockerNG]: Failed to load python module 'maxminddb': No module named 'maxminddb' 2021-06-23 12:05:45,194|ERROR| [pfBlockerNG]: Failed to load python module 'sqlite3': No module named '_sqlite3'
• Gaming

  Discussions about playing network-based games behind pfSense from consoles, PCs, etc.

  346
  Topics
  2163
  Posts

  

  @stacyann33
  Nope, we 'play' pfSense.
  And you're the first one using the word 'HiRez' on this forum.
  pfSense it's a firewall that assures that there are no holes. Nobody want holes in a wall. If there were, there is no meaning of putting up the wall in the first place.
  pfSense can let you make 'holes', to devices that run programs on your LAN. It seems to me that Smite Hires doesn't have any public documentation - otherwise you were reading that doc instead of asking here , and do what they were asking you to do, like NATting a port(s) to the PC that runs the game.
  By default : do nothing.

  Btw : https://www.reddit.com/r/OutOfTheLoop/comments/2pvfen/why_is_smitehi_rez_studios_often_ridiculed_in_the/ make sme understand that, if your host your own 'server' version of the game, you should make that service accsible to the outside world == you have to "open ports" == NATting ports.

  Google doesn't know anything about it, so there is only the documentation that can help you.

• Virtualization

  Discussions about virtualizing pfSense in hypervisors such as AWS, VMware, Hyper-V, Xen, KVM, qemu, etc

  1584
  Topics
  9546
  Posts

  M

  @johnpoz i have installed 2.5.1-RELEASE (amd64).

• Hardware

  Discussions about pfSense hardware support

  Vendors
  6731
  Topics
  59510
  Posts

  

  There have been 3 releases since then. 21.05 is the current release for the SG-3100.

  You may have the update repo set to 2.4.X deprecated deliberately to remain on the 2.4 branch.

  Otherwise I would run at the command line: pkg-static -d update
  See what error that returns that's preventing you see the update.

  Steve

• Bounties

  Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.

  Completed Bounties

  Expired/Withdrawn Bounties
  450
  Topics
  6187
  Posts

  P

  The issue is already described here: https://redmine.pfsense.org/issues/7727

  I pay an extra $90 a month for /29 to work around this issue. I would be willing to pay $1,000 for this to be fixed so I can cancel needing the /29.

• Retired

  Categories that are no longer active, but are present for reference

  2.4 Development Snapshots

  2.3.3 Development Snapshots

  2.3.2 Development Snapshots

  2.3.1 Snapshots Testing and Feedback - ARCHIVED

  2.3-RC Snapshot Feedback and Issues - ARCHIVED

  2.2.5 Snapshot Feedback and Issues

  2.2.3 Snapshots Problems and Feedback - ARCHIVED

  2.2 Snapshot Feedback and Problems - RETIRED

  2.1.1 Snapshot Feedback and Problems - RETIRED

  2.1 Snapshot Feedback and Problems - RETIRED
  8644
  Topics
  54899
  Posts

  

  Set Debug in the DHCP6 Client Configuration on WAN as well, then check the logs (main system log, routing log, etc) to see what shows up.