Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Popular
    Log in to post
    • All categories
    • TNSR
    •      TNSR Announcements
    •      Feedback
    •      Installation and Upgrades
    • pfSense® Software
    •      Messages from the pfSense Team
    •      General pfSense Questions
    •      Installation and Upgrades
    •      Firewalling
    •      NAT
    •      HA/CARP/VIPs
    •      L2/Switching/VLANs
    •      Routing and Multi WAN
    •      Traffic Shaping
    •      DHCP and DNS
    •      IPv6
    •      IPsec
    •      OpenVPN
    •      WireGuard
    •      Captive Portal
    •      webGUI
    •      Wireless
    •      SNMP
    •      Documentation
    •      Development
    •          2.5 Development Snapshots
    •      Gaming
    •      Virtualization
    •      Hardware
    •          Vendors
    •      Bounties
    •          Completed Bounties
    •          Expired/Withdrawn Bounties
    •      Retired
    •          2.4 Development Snapshots
    •          2.3.3 Development Snapshots
    •          2.3.2 Development Snapshots
    •          2.3.1 Snapshots Testing and Feedback - ARCHIVED
    •          2.3-RC Snapshot Feedback and Issues - ARCHIVED
    •          2.2.5 Snapshot Feedback and Issues
    •          2.2.3 Snapshots Problems and Feedback - ARCHIVED
    •          2.2 Snapshot Feedback and Problems - RETIRED
    •          2.1.1 Snapshot Feedback and Problems - RETIRED
    •          2.1 Snapshot Feedback and Problems - RETIRED
    •          2.0-RC Snapshot Feedback and Problems - RETIRED
    •          1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    •          1.2.1-RC Snapshot Feedback and Problems-RETIRED
    • pfSense Packages
    •      Cache/Proxy
    •      IDS/IPS
    •      Traffic Monitoring
    •      pfBlockerNG
    •      ACME
    •      FRR
    • pfSense International Support
    •      Chinese
    •      Deutsch
    •          Allgemeine Themen
    •          pfSense German User Group
    •      Español
    •      Français
    •      Indonesian
    •      Italiano
    •      Russian
    •      Nederlands
    •      Norwegian
    •      Portuguese
    •      Polish
    •      Romanian
    •      Swedish
    •      Turkish
    • Official Netgate® Hardware
    • Netgate Announcements
    • Off-Topic & Non-Support Discussion
    •      Forum Feedback
    •      Community Job Board
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All Time
    • Day
    • Week
    • Month
    • N

      Trying to figure out why redirect host is showing up in my ping
      General pfSense Questions • • nosenseatall

      25
      0
      Votes
      25
      Posts
      61
      Views

      johnpoz

      But not sending .118 down the vpn, shouldn't send it to your gateway.. Try splitting the whole local network 192.168.80.0/24

      Also when you do that - take a look at the route table

      route print

      from a cmd line

    • M

      OpenVPN + Keenetic не видно сеть за клиентом
      Russian • open vpn keenetic • • Mahad

      23
      0
      Votes
      23
      Posts
      23
      Views

      M

      @werter
      Спасибо большое за помощь!
      Наслаждаюсь результатом.

      Для тех, кто столкнётся с подобной проблемой - надо прописывать Outbound NAT с локальной сети на удалённую на интерфейсе OpenVPN.

    • C

      Can you repurpose an old Thin client for pfsense duties?
      Hardware • • Comfy

      7
      0
      Votes
      7
      Posts
      18
      Views

      C

      @stephenw10 Yeah - i know (usb dongle isnt good) but its all ive got at the moment...trying to keep the power down if i can....thin client being even better....ive got an 8gb dimm spare so i can stick that in there...as its a thin client if i were to reboot - does everything "have to load back up" or should it be nice and quick..?

      I must confess with the dongle running on the internal lan on a 350 meg connection its running very well. When i had it the other way round that was crap...i was getting max 5meg down from my isp. The only thing i can see at the moment is that i cant get the traffic shaping working (i dont think the wizard likes the usb dongle) but ive heard you can force it...

    • R

      Squid+SquidGuard не работает фильтрация
      Russian • • randreevich

      6
      0
      Votes
      6
      Posts
      19
      Views

      R

      @werter
      Место есть.

      Как почистить?
      После переустановки и чистки правила не сохраняются?

    • T

      Hardware für pfSense alte Sophos Hardware
      Allgemeine Themen • • tweng

      5
      0
      Votes
      5
      Posts
      17
      Views

      T

      @m0nji gibt es bei sophos eine Liste was in der Home Version von SG bzw XG zur Zeit inklusive ist, finde gerade nur alte Listen und da sind bei UTM Home noch viele Dinge drin, die heute nicht mehr drin sind

    • E

      LAN Connection Drops when OPENVPN(client) connected
      OpenVPN • • enjawd

      4
      0
      Votes
      4
      Posts
      22
      Views

      johnpoz

      @enjawd said in LAN Connection Drops when OPENVPN(client) connected:

      I saw guide for VPN configuration seems like they only did NAT outbound to manual and set firewall rules to VPN gateway for OpenVPN interface

      And those guides suck in my profession and personal opinion ;)

      There is no reason to use manual, just setup a hybrid to nat traffic you want to go out your vpn connection.

      Forcing traffic via a firewall, ie policy routing without mentioning any thing about rules above that to allow access to say pfsense or other local networks.

      I would suggest you read over the policy routing part of the docs.

      https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

      Pay attention to the bypass policy route section
      https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

    • A

      SG-2100 WAN speed problem
      Official Netgate® Hardware • • alleykat

      4
      0
      Votes
      4
      Posts
      12
      Views

      T

      The 2100 has a similar CPU to the 1100 but has a separate WAN port (the 1100 has a 2 port switch configured with VLANs to separate the traffic).

      Is the Arris bridging, passthrough, or NAT to the 2100?

      I'd be tempted to reset to factory defaults just to rule out any configuration issue? (diagnostics->factory default)

      You could also open a ticket with Netgate support to take a look.

    • A

      pfblocker problema con ip italiano
      Italiano • • axel910

      4
      0
      Votes
      4
      Posts
      15
      Views

      Antonio Briguglio

      @axel910 Ciao, invia screenshot di come hai configurato gli ip su pfblocker e l'ip che non blocca cosi si ha un idea più chiare per poterti aiutare

    • A

      vpn selective routing - tracetcp shows only one hop
      General pfSense Questions • • andresmorago

      4
      0
      Votes
      4
      Posts
      8
      Views

      JKnott

      @andresmorago

      No matter how you connect, the transport packets, that is UDP port 1194, will see the hops. Anything carried within the VPN will not. Think of mailing an envelope. The envelope may have multiple post marks, as it makes it's trip. An envelope within it will only have a post mark from the point where it was put into the outer envelope.

    • ta2oo

      Can ping and resolve DNS queries but no web access through a browser
      Virtualization • • ta2oo

      3
      0
      Votes
      3
      Posts
      21
      Views

      ta2oo

      @viragomann

      Hi.

      I hadn't followed that guide, I had completed everything but disable the hardware checksum offload, once disabled it did the trick, all working fine now.

      Does that mean the connection was just simply timing out?

      Thank you for the hint, much appreciated.

      Phill

    • C

      Can't change admin password
      webGUI • • Cloudfacilesrl

      3
      0
      Votes
      3
      Posts
      10
      Views

      C

      @teamits Hello Steve, yes I tried with Chrome, Safari, Edge and Firefox and was the same.
      Then I tried from another computer without Dashlane password manager extensions and works fine, then the problem is the Dashlane extension.
      Thanks for the support.
      Enjoy

    • Z

      question sur certificat dans PfSense
      Français • • zeverybest

      3
      0
      Votes
      3
      Posts
      14
      Views

      Z

      @jdh
      pour le moment, je n'ai rien essayé.
      Je pense ne pas maitriser assez lz sujet pour me lancer comme ça dans des essais
      c'est pour ceci que je commence par des questions, pour en savoir plus.

      mon but serai de pouvoir acceder, localement, en HTTPS a mon serveur web (mais pas avec un certificat auto signé afin de ne pas obtenir la page de mise en garde du navigateur disant que le site est potentiellement dangereux)

    • A

      Site to Site openVPN tcp Problem
      Deutsch • • apietsch

      3
      0
      Votes
      3
      Posts
      12
      Views

      T

      @apietsch
      Moinsen,
      obwohl die openVPN Macher auch TCP ermöglichen, raten sie afaik doch weiter eher zu udp.
      Vielleicht ist die Verzögerung hier zu begründen?

      https://openvpn.net/faq/what-is-tcp-meltdown/

    • cmcqueen

      Firewall rules need reload after two LANs go up
      General pfSense Questions • • cmcqueen

      3
      0
      Votes
      3
      Posts
      27
      Views

      stephenw10

      It shouldn't really make much difference.

      You can see it trying to restart Unbound faster than it can start though.

      What symptoms do you see after this happens? What's not working that makes you reload the ruleset?

      Steve

    • M

      Firewall rules for VLANs
      Firewalling • • MM 0

      2
      0
      Votes
      2
      Posts
      16
      Views

      jwj

      This will be helpful. Read through the entire firewall section. There are also practical examples in the documentation.

      https://docs.netgate.com/pfsense/en/latest/firewall/index.html

      We'll be here to answer specific questions when you're ready. Screen shots of your rules are almost always needed to help debug.

      pfSense does ingress filtering by default. On the LAN network any rules are evaluated as packets enter the network from clients on that network, for example.

    • K

      Freeradius and Android 11
      General pfSense Questions • • kurisuchan

      2
      0
      Votes
      2
      Posts
      9
      Views

      K

      @kurisuchan
      Okay never mind I solved it. Apparently when i created the CA I did not fill out all the optional fields.
      So I created a new CA with all fields filled in, also created a new server certificate and also filled in all the fields and now it works.

    • Antonio Briguglio

      GeoIP Blocking
      pfBlockerNG • • Antonio Briguglio

      2
      0
      Votes
      2
      Posts
      9
      Views

      T

      You can sign up at https://www.maxmind.com/en/geolite2/signup. It's free. ("Visit the following [Link to Register] for a free MaxMind user account. Utilize the GeoIP Update version 3.1.1 or newer registration option.")

      pfBlockerNG is programmed to download from MaxMind. There wasn't a signup process until about a year ago when MaxMind instituted it. You can manually create your own feeds on Firewall/pfBlockerNG/IP/IPv4 but I've not bothered reinventing the wheel.

    • N

      NETGEAR GS108Ev3 Verständnisfrage nur mit LAN IP auf Tagged Port
      L2/Switching/VLANs • • Nosense 0

      2
      0
      Votes
      2
      Posts
      14
      Views

      V

      @nosense-0
      Hallo und willkommen im Forum!
      Hier ist dein Post allerdings im falschen Bereich oder in der falschen Sprache. Die allgemeine Forumssprache ist Englisch. Deutsche Artikel solltest du nur im dafür vorgesehenen Bereich posten: https://forum.netgate.com/category/7/deutsch
      Vielleicht kann ein Moderator deinen Beitrag verschieben, vielleicht kann auch @JeGr das machen, der für den deutschen Bereich zuständig ist.

      Zu deinem Problem, soweit ich da was beitragen kann.
      @nosense-0 said in NETGEAR GS108Ev3 Verständnisfrage nur mit LAN IP auf Tagged Port:

      Wenn man bei einem GS108Ev3 im 802.1Q ein VLAN ID 10 erstellt, unter VLAN Membership alle Ports zu dieser ID 10 mit der Option T hinzufügt, sowie unter Port PVID alle Ports die PVID 10 zuteilt und zum Schluss alle Ports aus der VLAN ID 1 löscht (das heißt es steht weder ein "T" noch "U" drin, die Ports sind "leer":

      Was du da gemacht hast, passt ganz gut zu deinem Usernamen. Sorry, musste sein, lag auf der Hand.
      Es bewirkt, dass ausgehende Pakete auf allen Ports mit VLAN 10 getaggt werden und alle eingehenden Pakete auf allen Ports ebenso mit VLAN 10 getaggt werden. Nein, das macht null Sinn.
      Du solltest dir erstmal die VLAN-Basics und die Funktionen des Switches aneignen. Dafür ist das hier aber wirklich nicht das richtige Forum.

      Ich versuch aber mal ein wenig Aufklärung (soweit ich es kenne, diesen Switch verwende ich nicht):
      PVID: der Switch tagged auf dem jeweiligen Port Pakete, die von einem angeschlossenen Gerät reinkommen mit der entsprechenden VLAN-ID. D.h. an dem Port ist ein Gerät angeschossen, das nicht VLAN "spricht".
      T: der Switch verbindet den jeweiligen Port mit dem entsprechenden VLAN und schickt die Pakete für dieses VLAN tagged hinaus. Üblicherweise kommen auf diesem Port auch mit der entsprechenden VLAN-ID getaggte Pakete rein. D.h., an dem Port ist ein Gerät angeschlossen, das VLAN "spricht". Über einen solchen Port gehen üblicherweise mehrere VLANs drüber.
      U: der Switch verbindet den jeweiligen Port mit dem entsprechenden VLAN, schickt die Pakete aber ungetaggt hinaus. D.h. an dem Port ist ein Gerät angeschossen, das nicht VLAN "spricht".

      Beispielhafter Anwendungsfall:
      2 VLANs: ID 10, 20. Am Port 1 hängt die pfSense.
      Auf der pfSense konfigurierst du auf dem mit dem Switch Port 1 verbundenen Interface beide VLANs.
      Am Switch setzt du den Port 1 T für beide VLANs, 10, 20.
      Am Port 2 schließt du ein Gerät an, das VLAN 10 angehören soll. Also setzt du ihn für VLAN10 U und PVID 10.
      Am Port 3 hängt ein Gerät, das mit dem VLAN 20 verbunden werden soll. Also VLAN20 U und PVID 20.

      Nun könnte man meinen, wozu PVID und U gesondert setzen, wird eh immer zusammen auf einem Port benötigt. Nicht immer, es gibt auch Anwendungsfälle, wo das nicht der Fall ist.

      @nosense-0 said in NETGEAR GS108Ev3 Verständnisfrage nur mit LAN IP auf Tagged Port:

      Warum kann ich bitte dann noch immer auf den GS108Ev3 z.B. auf den Port 2 von meinem Computer, welcher kein VLAN hat, auf das Web Interface des GS108Ev3 zugreifen?

      Der Rechner gehört mit deiner Einstellung dem VLAN 10 an, wenn auch nicht sauber. Warum er Zugriff auf das Webinterface des Switches hat, hängt von weiteren Konfigurationen ab. Bspw. ist für das Webinterface ein VLAN gesetzt? Oder kann der Rechner über die Firewall darauf zugreifen? (> FW-Regeln: wenn auf VLAN 10 alles erlaubt ist, darf und kann er das natürlich)
      Wie sieht die gesamte Netzwerkkonfiguration aus?

    • G

      automatically boot install
      Installation and Upgrades • • ganivoro

      2
      0
      Votes
      2
      Posts
      20
      Views

      stephenw10

      The external config locator will check attached fat32 devices for a config.xml file and automatically pull it in at boot:
      https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl

      But that is only after installing. There is no way to install pfSense entirely headless.

      What are you installing onto?

      Steve

    • P

      Design PFSense +400 Devices | Hardware | Anschluss...
      Deutsch • • Prof Hase

      2
      0
      Votes
      2
      Posts
      19
      Views

      N

      Was ist das denn genau für ein Modem, also Modell und Firmware?

      Was zeigt die pfSense denn beim Monitoring von System und Quality WAN?
      Also Latenz, Paketloss usw.

    • dennis_s

      pfSense Plus and pfSense CE: Dev Insights and Direction
      Messages from the pfSense Team • • dennis_s

      2
      0
      Votes
      2
      Posts
      62
      Views

      S

      @dennis_s

      thank you Dennis.

      To support the CE Edition, is it possible to see a "Gold Sponsoring" again?

    • T

      Bypass some IP from squid but not Antivirus
      General pfSense Questions • • talhasaleem

      2
      0
      Votes
      2
      Posts
      15
      Views

      stephenw10

      ClamAV only sees proxied traffic so, no, you can't do that.

      Steve

    • G

      How to prioritize one client specific
      Traffic Shaping • • Gamienator 0

      2
      0
      Votes
      2
      Posts
      10
      Views

      T

      Per https://docs.netgate.com/pfsense/en/latest/trafficshaper/advanced.html#shaper-rule-matching-tips you have to use tagging to prioritize based on the LAN IP of the NAS.

      If you know the IPs of the cloud service you could lower the priority based on those, but I would expect those to change over time.

    • M

      Crash Report
      General pfSense Questions • • moto

      2
      0
      Votes
      2
      Posts
      16
      Views

      JKnott

      @moto

      I'd suspect hardware. One thing you can do is run memtest for a while, to see if any errors turn up.

    • B

      Lan tarafından tüm trafiği kapatıp sadece belirli ip veya mac'e izin verme
      Turkish • • baymikro

      2
      0
      Votes
      2
      Posts
      6
      Views

      P

      Firewall>Rules>Lan bölümünden yapabilirsiniz.

      Kurallar satır sırasına göre çalışır. O yüzden "Block" kuralının en altta olması lazım.

      MAC kilidini, Dhcp Server'den Mac-Ip eşleştirmesi ile yapabilirsiniz.

      Forumda arama yaparsanız, sorunuzla alakalı birçok konuya ulaşabilirsiniz.

    • D

      OpenVPN point-to-point: connection up but remote access eventually fails from LAN
      OpenVPN • • darrenavid

      1
      0
      Votes
      1
      Posts
      16
      Views

      No one has replied

    • F

      Crash report - Fatal trap 12: page fault while in kernel mode (on VMWARE)
      General pfSense Questions • • fresnoboy

      1
      0
      Votes
      1
      Posts
      4
      Views

      No one has replied

    • G

      SqStat log
      Cache/Proxy • • gtrovato

      1
      0
      Votes
      1
      Posts
      4
      Views

      No one has replied

    • S

      Open VPN Remote Access Client as IP Forwarder (Gateway)
      OpenVPN • • sokosko

      1
      0
      Votes
      1
      Posts
      13
      Views

      No one has replied

    • A

      Mudar IP e Gateway dhcp serve
      Portuguese • • alessandro.araujo

      1
      0
      Votes
      1
      Posts
      6
      Views

      No one has replied

    • n3xus_x3

      VPN users are not filtered by pfBlockerNG
      pfBlockerNG • • n3xus_x3

      1
      0
      Votes
      1
      Posts
      14
      Views

      No one has replied

    • Autourdupc

      BandwithD : Yearly lower then Montly
      Traffic Monitoring • • Autourdupc

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • P

      HA-Proxy, HTTPS-Offload, Optionen?
      HA/CARP/VIPs • • pixel24

      1
      0
      Votes
      1
      Posts
      5
      Views

      No one has replied

    • W

      Crash Report
      General pfSense Questions • • wlp94611

      1
      0
      Votes
      1
      Posts
      17
      Views

      No one has replied

    • P

      OpenVPN Site-to-Site and UnPNP Issues
      OpenVPN • • powerextreme

      1
      0
      Votes
      1
      Posts
      11
      Views

      No one has replied

    • SipriusPT

      Import only local user directory and certs in pfsense
      General pfSense Questions • • SipriusPT

      1
      0
      Votes
      1
      Posts
      11
      Views

      No one has replied

    • K

      DSCP leak from comcast Business class on Netgate SG5100
      Traffic Shaping • • Kerat

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • T

      Running comunnity edition on Netgate hardware
      Off-Topic & Non-Support Discussion • • TheTechQ

      1
      0
      Votes
      1
      Posts
      21
      Views

      No one has replied

    • S

      2.5.0.a.20210126.2350 unbound keeps stopping after upgrade
      Installation and Upgrades • • SpeeDj

      1
      0
      Votes
      1
      Posts
      7
      Views

      No one has replied

    • dennis_s

      WireGuard in pfSense 2.5 Performance
      WireGuard • • dennis_s

      1
      2
      Votes
      1
      Posts
      17
      Views

      No one has replied