Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • G

      Intervlan traffic being blocked

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling
      42
      0 Votes
      42 Posts
      341 Views
      johnpozJ

      @greatbush well you can ping other interfaces on pfsense, just not the 172.16.64 one.

      At a loss.. You have no floating rules.. And looks like your rule triggered and state are created there in that top rule you posted trying to talk to it.

      You have no floating rules - and no current vpn tunnels..

      Yeah at a loss to what would cause that.

      Can you talk to any of the other 172.16.x interfaces you have via the route table you sent..

    • Bob.DigB

      25.07.r.20250709.2036 First Boot WireGuard Service not running

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      37
      0 Votes
      37 Posts
      484 Views
      Bob.DigB

      @stephenw10 Today I rebooted the host (Hyper-V) and had no problem at all. Don't know if this points towards being a weird virtualization issue... But then, why would WireGuard be effected...

    • S

      Upgrade from 2.7.2 to 2.8.0 Failed and now /boot/efi/ empty

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      28
      0 Votes
      28 Posts
      335 Views
      S

      @stephenw10 Unfortunately I am going to have to wait till I can bring down the network to test. If I take it down now and it doesn't come back up I will be having some hell to pay from the family...lol. 😃

    • J

      Should my dhcpv6 clients also get a /64 address?

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      26
      0 Votes
      26 Posts
      204 Views
      J

      @JKnott said in Should my dhcpv6 clients also get a /64 address?:

      @Gertjan said in Should my dhcpv6 clients also get a /64 address?:

      In a pure SLAAC setup you could even disable the DHCPv6 server. (Never tried this, I hope I don't say stupid things here)

      I have never enabled it. Just enable RDNSS to provide the DNS server address. That's the Enable DNS setting, under DNS configuration, on the Router Advertisement page.

      That approach seems to work: just stopped dhcpv6 servers on all interfaces, and addressing and net functionality seems unchanged.

      Well, that is simple. Thanks!

    • 7

      Dynamic DNS (DDNS) fails to obtain public IP

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      39
      0 Votes
      39 Posts
      681 Views
      7

      @johnpoz Ok, well thank you anyway John
      Tas

    • M

      Netgate Documentation on DNS over TLS and NOT using DNSSEC

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      17
      0 Votes
      17 Posts
      241 Views
      johnpozJ

      @tinfoilmatt said in Netgate Documentation on DNS over TLS and NOT using DNSSEC:

      I've never encountered any problems

      And what have you gained by asking for something that has already been done.. You mention you leave 0x20 off for performance - but want to do a bunch of queries for dnssec that make no matter?

    • luckman212L

      New Tunable: kern.crypto.iimb.enable_aescbc on fresh install

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      14
      0 Votes
      14 Posts
      183 Views
      dennypageD

      I enabled my iimb by hand. Seems to work fine on my 6100.

      FWIW, the current documentation indicates that the default value of kern.crypto.iimb.enable_aescbc is 1 (enabled), although it has a warning that iimb can be slower than qat for cbc. I don't use cbc, so it doesn't matter in my case.

      I think the documentation is incorrect or outdated (at least for the 6100), as the code in /etc/inc/config.console.inc explicitly sets kern.crypto.iimb.enable_aescbc to 0.

      FWIW, there is also an interesting note on the qat/iimb trade-off earlier here. YMMV

    • G

      VPN Performance bei S2S

      Watching Ignoring Scheduled Pinned Locked Moved Deutsch
      14
      0 Votes
      14 Posts
      622 Views
      N

      Das kannst du nicht vergleichen da hier Protokolle im Einsatz sind die die MTU/MSS selbständig aushandeln.
      Das musst du bei VPN halt selber sauber umsetzten und die MSS von 1328 ist die die immer funktioniert, weil selbst PPPoE und DS-Lite groß genug ist das die Pakete sauber durch laufen ohne Fragmentierung.

    • J

      Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense

      Watching Ignoring Scheduled Pinned Locked Moved Hardware
      14
      0 Votes
      14 Posts
      267 Views
      GertjanG

      @johnytb said in Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense:

      can you explain to me what exactly is this interface that you show here ?

      That's pfSense most important interface 😊
      The one that works when even all your NICs don't work.

      Its called : the console, which could be a serial connection, or, if you have VGA/HDMI build in, it could be that and a (USB) keyboard.
      Or : If the LAN NIC is working, you 'ssh' into your pfSense using a SSH client like putty or classic 'ssh'.

      Keep in mind : what happens when you have a disk drive issue ?
      => pfSense can't boot.
      => Network interfaces will all by down ...
      You the the console (serial or VG/HDMI/Keyboard) access.

      For command line commands I use the ... command line = console (or SSH) access.

    • I

      NAT broken after Reboot

      Watching Ignoring Scheduled Pinned Locked Moved NAT
      14
      0 Votes
      14 Posts
      627 Views
      P

      @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself!

      Hopefully your setup will remain stable going forward.

    • T

      On beta 2.8.1 but update tab indicated that the current stable is 24.11

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      11
      0 Votes
      11 Posts
      218 Views
      T

      @stephenw10 Alright might have been dropped after i initially logged in and then appeared when i went to the update tab. thanks again really appreciate your reply and time as always.

    • R

      SG-1100 Recovery Help Needed

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      11
      0 Votes
      11 Posts
      61 Views
      stephenw10S

      Yes that's correct. The 1100 has only one NIC (mvneta0) and an internal switch with VLANs to separate the ports. But, as I said, you shouldn't need to make any changes there it's detected and set automatically for any Netgate device.

    • N

      [2.8.1.b] Multiple limiter issue

      Watching Ignoring Scheduled Pinned Locked Moved Development
      11
      0 Votes
      11 Posts
      511 Views
      stephenw10S

      Ah OK I see, the names threw me!

    • C

      FreeBSD apps to load behind pfSense?

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
      10
      0 Votes
      10 Posts
      261 Views
      C

      @bmeeks Thank you.

      Your points are excellent. I believe I will back off from adding more supplemental apps. Adguard Home works with OPNsense as a 3rd party add-on without complaint so I will leave that alone for now. But I will also keep an eye out for issues with that configuration.

      Worst case is a reinstall of pfSense and a restore of the backup configuration. My Windows Adguard Home servers are available if needed.

    • C

      Port Forwarding stopped working after upgrading to 2.8.0

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      52
      0 Votes
      52 Posts
      1k Views
      stephenw10S

      Cool. Yup there was a backend issue last night. It should be fixed now.

    • JonathanLeeJ

      pfsense-tools.git clang gcc

      Watching Ignoring Scheduled Pinned Locked Moved Development clang gcc pfsense-tools
      11
      0 Votes
      11 Posts
      157 Views
      JonathanLeeJ

      Screenshot 2025-07-18 at 15.25.50.png

      It works I had to adapt the make file again USES= tar:tgz for it to make install clean. I have to update the pr now

      it comes with ROCK too!!!!

    • P

      Wireguard site to site tunnel with GNAT

      Watching Ignoring Scheduled Pinned Locked Moved WireGuard
      9
      0 Votes
      9 Posts
      139 Views
      P

      @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

      I will try and do some packet capture to see if that reveals anything.

    • w0wW

      New PPPoE backend, some feedback

      Watching Ignoring Scheduled Pinned Locked Moved Development
      225
      0 Votes
      225 Posts
      32k Views
      L

      @RobbieTT

      Be aware that I am not at all saying that a user can directly access the ISP-node, but I am sure that PPOE interface can !!

      Whats ever I it helps, I am absolutely OK to activate PPOE debug logging for a short period!

      Note that my actual config is like this
      ISP => ISP-fiber-interface => one of my small switches => pfSense.

      Internet should arrive via VLAN 6, IPTV via VLAN4 and (Old) VoIP via VLAN7.
      Untagged routed to vlan1 and vlans (internet) are routed to pfSense.

      I did add vlan1 to be quite sure that even untagged messages are passing to pfSense. Normally I would simply have blocked untagged. However the PPPOE is assigned to VLAN6.

    • P

      pfSense® CE 2.8.1 Beta Now Available!

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      9
      6 Votes
      9 Posts
      663 Views
      S

      @SteveITS said in pfSense® CE 2.8.1 Beta Now Available!:

      Release notes?

      https://docs.netgate.com/pfsense/en/latest/releases/2-8-1.html

    • O

      pfsense-ce 2.7.4 SSH server: how to config ClientAliveCountMax and ClientAliveInterval

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sshd
      17
      0 Votes
      17 Posts
      828 Views
      stephenw10S

      It's not a bug because that's the expected behaviour. You could consider it a missing feature if you need to make changes there. Open a feature request: https://redmine.pfsense.org/

      This is the first time I've seen anyone ask about it in 10 years though so it's clearly not a huge problem.

      You could just patch the file to create the config with the values you need then carry that as a custom patch in the patches package.