Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • W

      Teams Issues

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      8
      0 Votes
      8 Posts
      238 Views
      GertjanG

      @wc2l said in Teams Issues:

      teams.microsoft.com works just fine.
      Host "msg.teams.microsoft.com" could not be resolved.

      Same for me.

      edit : while waiting, read also C:\Program Files (x86)\Microsoft Teams Network Assessment Tool\Usage.docx - this is a Microsoft tool with a manual / notice .... ( ๐Ÿ˜Š )

    • G

      failed to fetch the repo data. Unable to perform update from 2.7.2 to 2.8.0 after restoring crashed 2.8.0 pfSense.

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      8
      0 Votes
      8 Posts
      219 Views
      G

      @Wolfgangthegreat
      ...and to @comet424

      I wasn't able to perform the 2.8.0 update this weekend, but when I got to the school this morning, it worked perfectly!

      I appreciate the support from both of you, and from Netgate.

      The backup/standby pfSense instance is back in place and ready in case I have a hardware failure, or a failure of the gray matter between my ears!

      My best to all of you.

    • T

      I have 3 WAN, 1 LAN, and 1 device VPN'ed into WAN1. Computers using WAN2 or WAN3 cannot see the VPN device

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      8
      0 Votes
      8 Posts
      98 Views
      V

      @ThePowerPig
      So add an additional rule to allow access to internal subnets (best to create an RFC 1918 alias for this purpose), but at least for the IPs you want to access from the device in question, and move this rule up above of the policy routing rule.

    • T

      On beta 2.8.1 but update tab indicated that the current stable is 24.11

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      8
      0 Votes
      8 Posts
      185 Views
      T

      @stephenw10 Confirmed fixed ty kindly sir.

    • R

      v2.7.2: Dynamic DNS not working with Cloudflare

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      11
      0 Votes
      11 Posts
      358 Views
      R

      @70tas Indeed the global token does not work anymore, you must use the API token. And then for the login, do not use your email address. As I wrote before: "One must use the Zone ID when using the API token."

      I have this working using the DDNS GUI. I only needed the script for debugging.

    • T

      NAT Reflection Issue with Dual WAN Setup in pfSense 2.7.2

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      83 Views
      stephenw10S

      The default LAN to any rule should pass that traffic.

      What rule did you add exactly?

    • B

      2.8.0 config.xml wont apply with /etc/rc.reload_all

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      124 Views
      stephenw10S

      What gets logged when you run that in 2.8?

    • Z

      VPN Client Not Using pfSense DNS Server (10.60.0.252) After Connecting via OpenVPN

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      70 Views
      stephenw10S

      Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

      Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.

    • T

      Reboot gets stuck at "Installing Nvme Lens"

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgateยฎ Hardware
      13
      0 Votes
      13 Posts
      330 Views
      T

      @stephenw10 Thanks for letting me know there were backend issue, I think it would be helpful if Netgate posted an announcement when there are issues, maybe some details, and an ETA to restore service.

      It would save a little headache for some of us.

    • R

      Sudden appearance of SSDP through port 1900 from a public ip

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling
      6
      0 Votes
      6 Posts
      100 Views
      johnpozJ

      @rasputinthegreatest well blocking and not log would just be any any udp to that ff0e::c address or port 1900 anything, etc. And don't have it log.

      As to the scanners - that is a pfblocker alias I have.. And put that in a floating rule.

      scandeny.jpg

    • 7

      Squid on 2.8

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      10
      0 Votes
      10 Posts
      357 Views
      GertjanG

      @jc1976 said in Squid on 2.8:

      upgrade an issue developed between suricata, pfblocker, and unbound. when i disable the two packages, all works fine

      Let's consider :
      If you leave the 'unbound' (the resolver) settings to "all default", the way you found them when you first installed pfSense.
      You remove / don't install the extra stuff = suricata and pfblocker.
      Then : no issues what so ever.
      Right ?

      This means your issue isn't "pfSense 2.8.0" or the upgrade. Its an 'ordinary' package settings issue - call the admin ๐Ÿ˜Š

      Tell you boss that suricata can only filter non TLS traffic **, something that doesn't exist anymore. Check for yourself : who visits http (port 80) sites these day ? Who collects mail using port 110 ? Who sends mail using port 25 ?
      Imho : suricata, for what it's worth, can't do much these days, it can 'see' the data payload in the packets. Everything is TLS these days.

      ** It is possible to do TLS filtering, but that demands a 'proxy' setup, making you a real expert.

      pfBlockerng is blocking you, DNS or something else ? That's any easy one, and rather simple do debug.

    • K

      Can't access port-forwarded/natted services from another local network

      Watching Ignoring Scheduled Pinned Locked Moved NAT
      5
      0 Votes
      5 Posts
      14 Views
      K

      @johnpoz I see, thanks for explaining and the help!

    • M

      System daemon waagent on Alpine Linux with s6

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
      5
      0 Votes
      5 Posts
      85 Views
      M

      I have already solved the problem by using the Python library. You can delete my post. Thank you for your help)

    • R

      Dynamic dns don't work with carp ip

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      8
      0 Votes
      8 Posts
      198 Views
      M

      @lbeard said in Dynamic dns don't work with carp ip:

      Done => https://redmine.pfsense.org/issues/16326

      Great, thanks ๐Ÿ‘ ๐Ÿ‘

    • R

      25.03-BETA won't install in SG-2100 (SG-1100 ok)

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      13
      0 Votes
      13 Posts
      819 Views
      R

      @stephenw10
      Thanks again.
      Well it is full of passwords and pre-shared keys and very detailed stuff but I guess we should find the culprit of it somehow.

      I did find leftovers of lcdproc before, which I cleaned at some point.
      That means that part of the config I am using was migrated from a modified WatchGuard I have used in the past.

      Let me have a look tomorrow.
      It's kind of late now in my timezone.
      Thanks!

    • M

      System - Package Manager - Available Packages

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      5
      0 Votes
      5 Posts
      121 Views
      M

      @SteveITS

      Thank you for the clarification. You're right โ€” better to be safe. Iโ€™ll update FW2 when I'm on site, and then FW1, which is my usual one.

    • P

      pfSense Plus 25.07 Beta Now Available

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      28
      4 Votes
      28 Posts
      2k Views
      brezlordB

      UI Update output.

      >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching data.pkg: . done Processing entries: . done pfSense-core repository update completed. 5 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching data.pkg: .......... done Processing entries: .......... done pfSense repository update completed. 733 packages processed. All repositories are up to date. >>> Setting vital flag on pkg...done. >>> Setting vital flag on pfSense...done. >>> Renaming current boot environment from 25.03 to 25.03_20250719205419...done. >>> Cloning current boot environment 25.03_20250719205419...done. >>> Removing vital flag from php83...done. >>> Upgrading packages in cloned boot environment 25.03... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (10 candidates): .......... done Processing candidates (10 candidates): .......... done The following 10 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: if_pppoe-kmod: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense-base: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-boot: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-default-config-serial: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-kernel-pfSense: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-pkg-Nexus: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-pkg-System_Patches: 2.2.21_1 -> 2.2.21_2 [pfSense] pfSense-repoc: 20250419 -> 20250520 [pfSense] unbound: 1.22.0_1 -> 1.23.0 [pfSense] Number of packages to be upgraded: 10 The operation will free 12 MiB. 214 MiB to be downloaded. [1/10] Fetching unbound-1.23.0.pkg: .......... done [2/10] Fetching pfSense-pkg-System_Patches-2.2.21_2.pkg: ......... done [3/10] Fetching if_pppoe-kmod-25.07.r.20250715.1733.1500029.pkg: ... done [4/10] Fetching pfSense-pkg-Nexus-25.07.r.20250715.1733.pkg: .......... done [5/10] Fetching pfSense-kernel-pfSense-25.07.r.20250715.1733.pkg: .......... done [6/10] Fetching pfSense-base-25.07.r.20250715.1733.pkg: .......... done [7/10] Fetching pfSense-25.07.r.20250715.1733.1500029.pkg: .......... done [8/10] Fetching pfSense-boot-25.07.r.20250715.1733.pkg: .......... done [9/10] Fetching pfSense-default-config-serial-25.07.r.20250715.1733.pkg: . done [10/10] Fetching pfSense-repoc-20250520.pkg: .......... done Checking integrity... done (0 conflicting) [1/10] Upgrading unbound from 1.22.0_1 to 1.23.0... ===> Creating groups Using existing group 'unbound' ===> Creating users Using existing user 'unbound' [1/10] Extracting unbound-1.23.0: .......... done [2/10] Upgrading pfSense-repoc from 20250419 to 20250520... [2/10] Extracting pfSense-repoc-20250520: .. done [3/10] Upgrading if_pppoe-kmod from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [3/10] Extracting if_pppoe-kmod-25.07.r.20250715.1733.1500029: .. done [4/10] Upgrading pfSense-boot from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [4/10] Extracting pfSense-boot-25.07.r.20250715.1733: .......... done [5/10] Upgrading pfSense-pkg-System_Patches from 2.2.21_1 to 2.2.21_2... [5/10] Extracting pfSense-pkg-System_Patches-2.2.21_2: .......... done [6/10] Upgrading pfSense-pkg-Nexus from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [6/10] Extracting pfSense-pkg-Nexus-25.07.r.20250715.1733: .......... done [7/10] Upgrading pfSense-kernel-pfSense from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [7/10] Extracting pfSense-kernel-pfSense-25.07.r.20250715.1733: .......... done [8/10] Upgrading pfSense-base from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [8/10] Extracting pfSense-base-25.07.r.20250715.1733: ... done ===> Keeping a copy of current version mtree ===> Removing schg flag from base files ===> Extracting new base tarball ===> Removing static obsoleted files [9/10] Upgrading pfSense from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [9/10] Extracting pfSense-25.07.r.20250715.1733.1500029: .......... done [10/10] Upgrading pfSense-default-config-serial from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733: [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733... done Failed
    • K

      PHP memory error

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      5
      0 Votes
      5 Posts
      380 Views
      K

      Thanks everyone. That did it. No more errors!!

    • J

      Bricked (and recovered) 4200

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      6
      0 Votes
      6 Posts
      438 Views
      J

      I would agree. 18 hours in and everything continues to run smoothly. The issue related to image availability I believe is the valid answer and we can close this out as solved. Thanks everyone. -JD

    • A

      Vodafone UK - IPv6

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      4
      0 Votes
      4 Posts
      102 Views
      patient0P

      @ashleygavin said in Vodafone UK - IPv6:

      What error do you get if you wget -6 a website?
      And you have the two default LAN firewall rules, one for IPv4 and one for IPv6, and only the LAN net? On WAN you won't need any rules for accessing internet. And do you see open states for the (web) connection?

      NAT would not be a topic for IPv6 in the default config.