Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • R

      SG-1100 Recovery Help Needed

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      10
      0 Votes
      10 Posts
      36 Views
      R

      @stephenw10
      Does this makes sense? Both ports showing as same mvneta0 and both of them are active?

      Even when I change LAN cable from middle port to Opt, it is still showing the same (even after reconnecting the putty)

      a6e2868a-e473-4bb7-b45d-bcc217661915-image.png

    • C

      FreeBSD apps to load behind pfSense?

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
      10
      0 Votes
      10 Posts
      235 Views
      C

      @bmeeks Thank you.

      Your points are excellent. I believe I will back off from adding more supplemental apps. Adguard Home works with OPNsense as a 3rd party add-on without complaint so I will leave that alone for now. But I will also keep an eye out for issues with that configuration.

      Worst case is a reinstall of pfSense and a restore of the backup configuration. My Windows Adguard Home servers are available if needed.

    • J

      Should my dhcpv6 clients also get a /64 address?

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      11
      0 Votes
      11 Posts
      66 Views
      johnpozJ

      @jarmo said in Should my dhcpv6 clients also get a /64 address?:

      [jarmo ~]$ ip -6 a
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
      inet6 ::1/128 scope host noprefixroute
      valid_lft forever preferred_lft forever

      That is your loopback - that isn't handed out by dhcp ;)

      that is just ::1

      Example - here is my lo interface

      lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0x0 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

      Oh you have it on your wlp0s20f3 as well - that makes no sense.. What OS is that on? But should be your actual prefix.. It clearly is a wireless interface since it starts with wl

    • JonathanLeeJ

      pfsense-tools.git clang gcc

      Watching Ignoring Scheduled Pinned Locked Moved Development clang gcc pfsense-tools
      11
      0 Votes
      11 Posts
      146 Views
      JonathanLeeJ

      Screenshot 2025-07-18 at 15.25.50.png

      It works I had to adapt the make file again USES= tar:tgz for it to make install clean. I have to update the pr now

      it comes with ROCK too!!!!

    • P

      Bug or undocumented? Floating rule on out ditection not properly applying on final interface unless it is also applied to originating interface

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling
      27
      0 Votes
      27 Posts
      732 Views
      P

      Wel, really strange
      I disabled the Allo VPN floating rule and restarted pfsense
      Now, VPN works even with the block rule and without pass rule, as expected
      Really strange that it needed a reboot and the logs I posted above

    • P

      Wireguard site to site tunnel with GNAT

      Watching Ignoring Scheduled Pinned Locked Moved WireGuard
      9
      0 Votes
      9 Posts
      109 Views
      P

      @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

      I will try and do some packet capture to see if that reveals anything.

    • w0wW

      New PPPoE backend, some feedback

      Watching Ignoring Scheduled Pinned Locked Moved Development
      225
      0 Votes
      225 Posts
      32k Views
      L

      @RobbieTT

      Be aware that I am not at all saying that a user can directly access the ISP-node, but I am sure that PPOE interface can !!

      Whats ever I it helps, I am absolutely OK to activate PPOE debug logging for a short period!

      Note that my actual config is like this
      ISP => ISP-fiber-interface => one of my small switches => pfSense.

      Internet should arrive via VLAN 6, IPTV via VLAN4 and (Old) VoIP via VLAN7.
      Untagged routed to vlan1 and vlans (internet) are routed to pfSense.

      I did add vlan1 to be quite sure that even untagged messages are passing to pfSense. Normally I would simply have blocked untagged. However the PPPOE is assigned to VLAN6.

    • P

      pfSense® CE 2.8.1 Beta Now Available!

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      9
      6 Votes
      9 Posts
      617 Views
      S

      @SteveITS said in pfSense® CE 2.8.1 Beta Now Available!:

      Release notes?

      https://docs.netgate.com/pfsense/en/latest/releases/2-8-1.html

    • O

      pfsense-ce 2.7.4 SSH server: how to config ClientAliveCountMax and ClientAliveInterval

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sshd
      17
      0 Votes
      17 Posts
      820 Views
      stephenw10S

      It's not a bug because that's the expected behaviour. You could consider it a missing feature if you need to make changes there. Open a feature request: https://redmine.pfsense.org/

      This is the first time I've seen anyone ask about it in 10 years though so it's clearly not a huge problem.

      You could just patch the file to create the config with the values you need then carry that as a custom patch in the patches package.

    • maverickwsM

      Kea DHCP stops working

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      70
      0 Votes
      70 Posts
      13k Views
      GertjanG

      @MacUsers said in Kea DHCP stops working:

      all of pfSense are v24.11-RELEASE (amd64); as far as I can see now, KEA actually never worked for me since I migrated from ISC, regardless of the pfSense version.

      There is a 99,99 % solution avaible now.
      Right now, this one :

      05190dbc-0f5c-445e-ba66-8104c93aae78-image.png

      is available.
      An RC version is identical to the final Release.
      It stays RC so very minor issues let GUI text can get corrected.
      Major changes, like 'kea not working' won't be corrected anymore.

      I'm pretty sure (tens of thousands) use "25.07"(RC) right now, and they 'all' use kea.
      No issues afaik.
      So .... even if 25.07 won't solve your issue, you'll be sure for 99,99 % that the issue is ... on your side.
      Or, you are using pfSense (hea DHCP) in a very special way, and no one else is using it that way so we can't know what your issue is ?
      Do you have any details about why your 'pfSense' (DHCP kea settings) are so different that it 'break's ?
      Do use an edge case scenario where things were possible with ISC DHCP, but not anymore with kea ?

      Btw : we all have iMac, IPads iPhone and other iStuff in our networks, they all behave fine with kea, using classic DHCP leases, or static MAC leases.

    • W

      DNSBL_Malicious not downloading

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      9
      0 Votes
      9 Posts
      430 Views
      W

      @Qinn Thank you, I just turned it back on and it is working!

    • N

      IPSECD VPN Phase-2 configuration disappearing

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      39
      0 Votes
      39 Posts
      3k Views
      T

      @stephenw10 Correct. Way longer than the tunnel rekey times, so something must prompt a configuration reload outside of that.
      Or maybe the tunnel went down at some point and the config was reloaded when a reconnect was attempted.

    • D

      cannot block cross traffic on sg-2100

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling solved
      9
      0 Votes
      9 Posts
      175 Views
      johnpozJ

      @detox you should be able to edit your first post and edit title with [solved] in the title, add tag.. If you can not - let me know and can do it for you. There might be some restrictions on rep ports or something - but you have 6, I would think that enough?

    • JonathanLeeJ

      Snort and GIF0 for HE tunnel broker

      Watching Ignoring Scheduled Pinned Locked Moved IDS/IPS ipv6 snort he.net gif ips
      9
      0 Votes
      9 Posts
      162 Views
      JonathanLeeJ

      @SteveITS It looks like it is detecting ipv6 better

      already is showing alerts

      Screenshot 2025-07-12 at 10.39.56.png

      It sees some ipv6 going to my interface. Again snort also would spot stuff every once a a while. My son got a bad bug on his tablet and it had a Russian email server running I checked it on virus total and it was spot on as malware known abuses so I reported it

    • luckman212L

      New Tunable: kern.crypto.iimb.enable_aescbc on fresh install

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      8
      0 Votes
      8 Posts
      76 Views
      provelsP

      @luckman212 No idea, just spitballing, but is it dependent on the type of VPN you choose? I use OpenVPN, not IPSec.

    • G

      failed to fetch the repo data. Unable to perform update from 2.7.2 to 2.8.0 after restoring crashed 2.8.0 pfSense.

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      8
      0 Votes
      8 Posts
      206 Views
      G

      @Wolfgangthegreat
      ...and to @comet424

      I wasn't able to perform the 2.8.0 update this weekend, but when I got to the school this morning, it worked perfectly!

      I appreciate the support from both of you, and from Netgate.

      The backup/standby pfSense instance is back in place and ready in case I have a hardware failure, or a failure of the gray matter between my ears!

      My best to all of you.

    • T

      I have 3 WAN, 1 LAN, and 1 device VPN'ed into WAN1. Computers using WAN2 or WAN3 cannot see the VPN device

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      8
      0 Votes
      8 Posts
      86 Views
      V

      @ThePowerPig
      So add an additional rule to allow access to internal subnets (best to create an RFC 1918 alias for this purpose), but at least for the IPs you want to access from the device in question, and move this rule up above of the policy routing rule.

    • T

      On beta 2.8.1 but update tab indicated that the current stable is 24.11

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      8
      0 Votes
      8 Posts
      173 Views
      T

      @stephenw10 Confirmed fixed ty kindly sir.

    • S

      pfSense and Squid going forward?

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      9
      0 Votes
      9 Posts
      315 Views
      JonathanLeeJ

      https://github.com/pfsense/FreeBSD-ports/pull/1420

      Merged I could not test it but it is in there with the make file now and the distinfo file

      @stephenw10

      Let me know if you can test that out

      Dont use this I am having issues with the MASTER SITES and patches folder it wont make clean install all the way

    • K

      pfSense NUT Client-Mode

      Watching Ignoring Scheduled Pinned Locked Moved UPS Tools
      8
      0 Votes
      8 Posts
      159 Views
      K

      @elvisimprsntr thanks for your suggestion. I will give it a try.