Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • A

      Vodafone UK - IPv6

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      4
      0 Votes
      4 Posts
      105 Views
      patient0P

      @ashleygavin said in Vodafone UK - IPv6:

      What error do you get if you wget -6 a website?
      And you have the two default LAN firewall rules, one for IPv4 and one for IPv6, and only the LAN net? On WAN you won't need any rules for accessing internet. And do you see open states for the (web) connection?

      NAT would not be a topic for IPv6 in the default config.

    • G

      Traffic flows to wan not other subnet

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      9
      0 Votes
      9 Posts
      179 Views
      chpalmerC

      @greatbush while I have about 3 minutes here
      do you realize that windows machines by default will not allow pings and such from outside their own subnet to come in? Just trying to rule out any issues that you might have with Windows firewall on those machines..

    • A

      Can't receive GeoIP databases updates anymore, banned

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      4
      0 Votes
      4 Posts
      144 Views
      GertjanG

      @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

      Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

      You've found a reason to use a VPN.

    • luckman212L

      6100 Firmware 03.00.00.03t-uc-126

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgate® Hardware
      4
      0 Votes
      4 Posts
      131 Views
      stephenw10S

      Nice. Weird though. 😕

    • N

      HAProxy configuration for roundcube

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      4
      0 Votes
      4 Posts
      40 Views
      V

      @NickJH
      Not clear, what you intend to achieve with this, but the Directory container in Apache is meant to be used for local paths. "/" might not be correct here.

      If you need to describe a virtual path use "Location".

    • M

      Another failed 2.8.0CE installation due to repo connectivity issues.

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      4
      0 Votes
      4 Posts
      135 Views
      stephenw10S

      There was a backend issue that's now fixed.

    • R

      Dynamic dns don't work with carp ip

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      8
      0 Votes
      8 Posts
      201 Views
      M

      @lbeard said in Dynamic dns don't work with carp ip:

      Done => https://redmine.pfsense.org/issues/16326

      Great, thanks 👍 👍

    • T

      Does not have a public address and is behind NAT

      Watching Ignoring Scheduled Pinned Locked Moved IPsec
      4
      0 Votes
      4 Posts
      31 Views
      T

      @Gertjan said in Does not have a public address and is behind NAT:

      Managed to solve the problem.

      You need to enter any fictitious name and your external IP in DNS Resolver. I entered both my pfsense on one and the second pfsense.Снимок экрана 2025-07-21 в 15.38.01.png In phase 1 you need to register.
      Снимок экрана 2025-07-21 в 15.39.32.png
      After which everything started working.
    • J

      Firewall gateway address in ipv6

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      4
      0 Votes
      4 Posts
      78 Views
      J

      Hi @SteveITS.

      That was an excellent tip, I had missed the "self" target completely. This allowed me to get rid of all of my firewall aliases I needed earlier.

      Thanks!

    • P

      "Failed to fetch the pfSense pkg repositories"

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      4
      0 Votes
      4 Posts
      130 Views
      stephenw10S

      Yup, there was a backend issue. Should be good now.

    • R

      Not understanding Boot Environments

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      4
      0 Votes
      4 Posts
      139 Views
      stephenw10S

      Mmm that^.

      However what you will see is that after booting back into the 24.11 BE the update branch will still be set to 25.07-RC because that was the last thing that was done before the upgrade took the snapshot. So if you plan to run 24.11 for some time after reverting you would need to set the update branch back to 24.11 in that BE before doing any package operations.

    • G

      CE v2.8.0 issues

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      4
      1 Votes
      4 Posts
      311 Views
      stephenw10S

      Hmm, but they are policy based tunnels? And 300 Phase 1 configs not a total of 300 Phase 2 configs for example?

      I'm not aware of any issue in 2.8 that might present like that for IPSec.

    • dennypageD

      Nexus re-installing

      Watching Ignoring Scheduled Pinned Locked Moved Development
      4
      1 Votes
      4 Posts
      257 Views
      stephenw10S

      Currently nothing I'm aware of but going forward some functions will likely be written in go and hence in the Nexus package. Obviously that assumes the Nexus package is always present so it is automatically re-installed at upgrade.

    • P

      SG-1100 as VPN client only (no dhcp) adding to existing network

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN
      6
      0 Votes
      6 Posts
      102 Views
      V

      @phthatcher said in SG-1100 as VPN client only (no dhcp) adding to existing network:

      just assure that when the server reaches out to the web it is behind the vpn

      So all you need is to configure pfSense as default gateway on the server.

      The pfSense only needs a single interface (LAN, router-on-a-stick), connected to your LAN.
      On the VPN interface you have to add an outbound NAT rule, as mentioned in the ExpressVPN tutorial.

    • C

      if_pppoe problems with php-fpm causing loops. (resolved)

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      44
      0 Votes
      44 Posts
      1k Views
      C

      @w0w I had a device that had issues with small tcp packets, it still fails on the legacy code but now passes on the new code. I didnt really consider it an issue pppoe side before, but the issue is gone on if_pppoe.

    • C

      Doubts on CARP/HA/DUALWAN

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      3
      0 Votes
      3 Posts
      25 Views
      w0wW

      @chano76
      What is the pfSense version?
      How did you configure the failover group?

    • S

      rename boot environments

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      3
      0 Votes
      3 Posts
      138 Views
      S

      @Gertjan shame on me! Didn't see that ... thanks a lot!

    • T

      Upgrading Unbound version for latest pfSense Plus release?

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      3
      1 Votes
      3 Posts
      90 Views
      GertjanG

      @tman222 said in Upgrading Unbound version for latest pfSense Plus release?:

      (I didn't see it listed in the 25.07 release notes when I looked earlier).

      A couple of days (weeks ?) one of the latest pfSense Plus Beta or RC already included 1.23. That's the version I use right now.
      Since February 2025, 1.22.x was used, that's according my own release notes (I always log the upgrade process, executed form console, option 13, to a file. I don't use the GUI upgrader as that one tend to hide the obfuscate the interesting stuff.)

      If the newest unbound version, 1.23.1, concerns the 'pfSense' version of unbound, then 1.23.1 will probably be included soon.

      edit :
      @w0w => 👍

      We can actually check :

      [25.07-RC][root@pfSense.bhf.tld]/root: unbound -V Version 1.23.0 Configure line: --with-libexpat=/usr/local --with-libnghttp2 --with-ssl=/usr --enable-dnscrypt --disable-dnstap --with-dynlibmodule --enable-ecdsa --enable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd15.0 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 3.0.16 11 Feb 2025 Linked modules: dns64 python dynlib respip validator iterator DNSCrypt feature available BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

      so the CVE deosn't apply.

    • W

      Packages config is retained in upgrade?

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      3
      0 Votes
      3 Posts
      61 Views
      S

      @Wolfgangthegreat For example (this is checked by default):
      8544523b-d69b-4088-b221-d2532912455c-image.png

    • N

      pfSense on Watchguard M370

      Watching Ignoring Scheduled Pinned Locked Moved Hardware
      314
      1 Votes
      314 Posts
      149k Views
      D

      @stephenw10 I don't have enough points to upvote, so I'll just say thank you Stephen 👍 !

      Now, if the seller agrees to selling me that M570, I should be good to tackle this thanks to all the good info supplied by the community in this thread :)