Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • Bob.DigB

      25.07.r.20250709.2036 First Boot WireGuard Service not running

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      34
      0 Votes
      34 Posts
      354 Views
      stephenw10S

      Hmm, so in that log after 'Bootup complete' none of the WG tunnels or gateways were up?

    • J

      Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense

      Watching Ignoring Scheduled Pinned Locked Moved Hardware
      14
      0 Votes
      14 Posts
      169 Views
      GertjanG

      @johnytb said in Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense:

      can you explain to me what exactly is this interface that you show here ?

      That's pfSense most important interface 😊
      The one that works when even all your NICs don't work.

      Its called : the console, which could be a serial connection, or, if you have VGA/HDMI build in, it could be that and a (USB) keyboard.
      Or : If the LAN NIC is working, you 'ssh' into your pfSense using a SSH client like putty or classic 'ssh'.

      Keep in mind : what happens when you have a disk drive issue ?
      => pfSense can't boot.
      => Network interfaces will all by down ...
      You the the console (serial or VG/HDMI/Keyboard) access.

      For command line commands I use the ... command line = console (or SSH) access.

    • S

      Upgrade from 2.7.2 to 2.8.0 Failed and now /boot/efi/ empty

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      28
      0 Votes
      28 Posts
      273 Views
      S

      @stephenw10 Unfortunately I am going to have to wait till I can bring down the network to test. If I take it down now and it doesn't come back up I will be having some hell to pay from the family...lol. 😃

    • R

      SG-1100 Recovery Help Needed

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      10
      0 Votes
      10 Posts
      35 Views
      R

      @stephenw10
      Does this makes sense? Both ports showing as same mvneta0 and both of them are active?

      Even when I change LAN cable from middle port to Opt, it is still showing the same (even after reconnecting the putty)

      a6e2868a-e473-4bb7-b45d-bcc217661915-image.png

    • J

      Should my dhcpv6 clients also get a /64 address?

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      11
      0 Votes
      11 Posts
      65 Views
      johnpozJ

      @jarmo said in Should my dhcpv6 clients also get a /64 address?:

      [jarmo ~]$ ip -6 a
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
      inet6 ::1/128 scope host noprefixroute
      valid_lft forever preferred_lft forever

      That is your loopback - that isn't handed out by dhcp ;)

      that is just ::1

      Example - here is my lo interface

      lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0x0 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

      Oh you have it on your wlp0s20f3 as well - that makes no sense.. What OS is that on? But should be your actual prefix.. It clearly is a wireless interface since it starts with wl

    • M

      Netgate Documentation on DNS over TLS and NOT using DNSSEC

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      17
      0 Votes
      17 Posts
      200 Views
      johnpozJ

      @tinfoilmatt said in Netgate Documentation on DNS over TLS and NOT using DNSSEC:

      I've never encountered any problems

      And what have you gained by asking for something that has already been done.. You mention you leave 0x20 off for performance - but want to do a bunch of queries for dnssec that make no matter?

    • luckman212L

      New Tunable: kern.crypto.iimb.enable_aescbc on fresh install

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      8
      0 Votes
      8 Posts
      75 Views
      provelsP

      @luckman212 No idea, just spitballing, but is it dependent on the type of VPN you choose? I use OpenVPN, not IPSec.

    • Z

      VPN Client Not Using pfSense DNS Server (10.60.0.252) After Connecting via OpenVPN

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      59 Views
      stephenw10S

      Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

      Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.

    • N

      HAProxy configuration for roundcube

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      4
      0 Votes
      4 Posts
      31 Views
      V

      @NickJH
      Not clear, what you intend to achieve with this, but the Directory container in Apache is meant to be used for local paths. "/" might not be correct here.

      If you need to describe a virtual path use "Location".

    • R

      Dynamic dns don't work with carp ip

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      8
      0 Votes
      8 Posts
      188 Views
      M

      @lbeard said in Dynamic dns don't work with carp ip:

      Done => https://redmine.pfsense.org/issues/16326

      Great, thanks 👍 👍

    • T

      Does not have a public address and is behind NAT

      Watching Ignoring Scheduled Pinned Locked Moved IPsec
      4
      0 Votes
      4 Posts
      27 Views
      T

      @Gertjan said in Does not have a public address and is behind NAT:

      Managed to solve the problem.

      You need to enter any fictitious name and your external IP in DNS Resolver. I entered both my pfsense on one and the second pfsense.Снимок экрана 2025-07-21 в 15.38.01.png In phase 1 you need to register.
      Снимок экрана 2025-07-21 в 15.39.32.png
      After which everything started working.
    • B

      2.8.0 config.xml wont apply with /etc/rc.reload_all

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      3
      0 Votes
      3 Posts
      40 Views
      B

      @stephenw10

      Hello,

      we add some client target routes (custom option "push route <ip> <mask>") to modify the VPN "content".

      In 2.7.2
      The /etc/rc.reload_all was triggering the update of /var/etc/openvpn/server1/config.ovpn with the changes from /conf/config.xml)
      Afterwards the OpenVPN service was restarted

      same like the "save" button in the WebGUI/OpenVPN menu.

      in 2.8.0 the config.ovpn stays unchanged if I execute /etc/rc.reload_all

      If I do a "reboot" the changes in config.xml will be applied to config.ovpn and OpenVPN service.

      Hope this is clearer now.

      BR

    • luckman212L

      6100 Firmware 03.00.00.03t-uc-126

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgate® Hardware
      4
      0 Votes
      4 Posts
      92 Views
      stephenw10S

      Nice. Weird though. 😕

    • W

      Teams Issues

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      2
      0 Votes
      2 Posts
      52 Views
      S

      @wc2l Whst makes you think it’s pfSense related? (Serious question)

      Is IPv6 working?

    • T

      NAT Reflection Issue with Dual WAN Setup in pfSense 2.7.2

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      3
      0 Votes
      3 Posts
      33 Views
      T

      @viragomann

      The LAN rule already has the source set to all and all ports going out are open.

    • S

      pfSense as Firewall/Router/Switch all in one - Layer 3 virtual interface?

      Watching Ignoring Scheduled Pinned Locked Moved L2/Switching/VLANs switch svi virtual layer2 layer3
      4
      0 Votes
      4 Posts
      120 Views
      M

      @spickles Thanks for the explanation. I think I understand now.

      Yes, the example I gave is router on a stick.

      I didn't dig deeply, but it appears that while pfSense supports VLAN traffic segregation, it does not support tagging inbound traffic onto a VLAN, i.e., no concept of a PVID that can be set per port (excluding the few Netgate devices with built-in switches). Tagging has to be done downstream: a host that tags its own traffic, a switch or an AP.

      You might be able to get something similar to what you describe with bridge groups (haven't played with them myself on pfSense) rather than VLANs. IIUC, each bridge group can be configured with its own router config. That way, all ports in the bridge group would share a gateway/routing/firewall configuration. For individual hosts, their port on the pfSense would be assigned to the relevant bridge group. For the multi-VLAN AP, each VLAN that also support hosts directly attached to the pfSense would be assigned to the bridge group containing those hosts/ports. I've never tested whether VLAN subinterfaces can be assigned to bridge groups, but the GUI seems to support it. The downside of bridge groups is that the bridging is done on the CPU; there's a performance hit.

    • C

      Doubts on CARP/HA/DUALWAN

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs
      2
      0 Votes
      2 Posts
      12 Views
      S

      @chano76 Define "disconnects"? As in, unplugged, or the gateway is marked down?

    • W

      Packages config is retained in upgrade?

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      3
      0 Votes
      3 Posts
      47 Views
      S

      @Wolfgangthegreat For example (this is checked by default):
      8544523b-d69b-4088-b221-d2532912455c-image.png

    • M

      Another failed 2.8.0CE installation due to repo connectivity issues.

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      4
      0 Votes
      4 Posts
      119 Views
      stephenw10S

      There was a backend issue that's now fixed.

    • BankDBSB

      Layanan WhatsApp Resmi Bank DBS CS Kartu Kredit

      Watching Ignoring Scheduled Pinned Locked Moved TNSR Feedback whatsapp bank dbs
      1
      0 Votes
      1 Posts
      8 Views
      No one has replied