Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Popular
    Log in to post
    • All categories
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All Time
    • Day
    • Week
    • Month
    • R

      Huawei AR161FG-L + PfSense 2.6.0 - ipsec s2s
      Russian • • rnduser

      94
      0
      Votes
      94
      Posts
      503
      Views

      R

      @konstanti уважаемый товарищ!
      Искренне благодарю за помощь. Всё починилось.
      Решение : использовать NAT-T c обеих сторон туннеля.
      Политики трафик перехватывают как нужно.
      TCP-MSS = 1300 с обеих сторон.

      00d31061-93df-435d-a9e4-21514a52afab-изображение.png

      e8e44ad9-0891-4fbf-8689-e85d678fb0c9-изображение.png

      а вот почему на upd / 500 не работало - вопрос.

    • A

      Not pinging Netgate Vlan's
      Official Netgate® Hardware • • afcarvalho

      72
      0
      Votes
      72
      Posts
      293
      Views

      A

      @afcarvalho Many thanks to @jarhead and @stephenw10 for their infinite patience with me.

      A

    • J

      Web GUI crashes after upgrade from 22.05 to 23.01
      Plus 23.01 Development Snapshots • • jjstecchino

      59
      1
      Votes
      59
      Posts
      1128
      Views

      jimp

      It's possible, though hard to say for sure. It seems similar at least.

    • C

      unable to access ips on vlan after changing Gateway/dns
      General pfSense Questions • • comet424

      58
      0
      Votes
      58
      Posts
      588
      Views

      johnpoz

      @comet424 said in unable to access ips on vlan after changing Gateway/dns:

      i did try looking up the unif but didnt see where you can do multiple vlans

      Did you look at the summary page for say the U6-lite, one of their popular models currently

      https://store.ui.com/collections/unifi-network-wireless/products/u6-lite-us

      BSSID 8 per radio
      VLAN 802.1Q

      I am not aware of any of their models that don't support vlans.. I have 3 different models of their older wifi 5 models, the pro, the lite and the LR.. And before that I had one of their first models that all supported multiple vlans. I currently have 4 different SSIDs running on mine, all on different vlans.

      As to what is better dd-wrt, I would say the unifi are true APs.. the dd-wrt is 3rd party firmware to run on soho wifi routers. While it can vastly improve the feature set over native firmware. Your still at the mercy of the hardware, not saying some soho hardware is not fine. But unifi AP are designed to be actual AP.. they are all powered by poe, so you can proper mount them where a AP belongs, etc.. I would never ever go back to running soho wifi routers as my wifi APs..

    • K

      pfSense Blocking Roborock app
      Firewalling • • kahodges1721

      55
      0
      Votes
      55
      Posts
      489
      Views

      K

      @bmeeks ok so I came home today to begin testing of the changing of the NIC port. Lo and behold it just started working. So I think that solves it. Something on the integration was causing a flood of traffic and ended up getting something banned. The good news is it seems it was temporary. I feel like an idiot spending so much time and effort trying to solve it but in the end I got to really deep dive into various settings. I Learned a lot more about DNS and how it should be set up properly and other various items that I can’t say I knew anything about before so it isn’t all bad! I want to thank you specifically for sure and everyone else that helped support this! We might not of figured out the root cause but man you all helped me learn a lot!

    • BBcan177

      pfBlockerNG-devel v3.1.0_19/10
      pfBlockerNG • • BBcan177

      52
      10
      Votes
      52
      Posts
      1403
      Views

      Y

      @bbcan177

      I figure out why i was getting those errors some package/feature on pfsense needed to be update (ie unbound and about 4 others ) once I ran the update and reboot and reinstall
      PfblockerNG work, no more errors.
      Thanks BBcan177

    • N

      No WAN access from inside LANs...
      General pfSense Questions • • njaimo

      48
      0
      Votes
      48
      Posts
      384
      Views

      N

      @njaimo ...I get it I misunderstood the "score" bit, it is not login attempts... :)
      Cheers

    • msa1878

      PFSENSE WIFI CALLING
      General pfSense Questions • • msa1878

      46
      0
      Votes
      46
      Posts
      718
      Views

      Gertjan

      @michmoor said in PFSENSE WIFI CALLING:

      lots of CP changes in the new releases i see

      You mean 22.05 as you talk about a 6100 ?

      22.05 doesn't use the good old second firewall 'ipfw', as 2.6.0, but uses a new, modified 'pf' so it can also handle MAC ( ! ). It was Netgate that changed 'pf' upstream for the entire FreeBSD community 👍
      22.05 native has issues : the "one queue for all connected users" is one of them. There is a patch.
      Look quickly over the last 10, 20 (skip the please help posts) captive portal forum posts, you find them all.

      If you are a heavy (hundreds of connected users) portal consumer, then watch your memory as there is a small memory leak in the new pf code. This can't be patched, as it needs binary changes, and the upcoming 23.0x will solve that.

    • E

      Poor wifi performance after upgrade of mesh system
      Off-Topic & Non-Support Discussion • • Elmojo

      45
      2
      Votes
      45
      Posts
      665
      Views

      R

      @elmojo It would be an additional network... you can have them that way but they're on different broadcast domains -- so things that require broadcast calls (like streaming devices, or backup solutions) don't work and require other tools to work like avahi.

      I use VLANs and single interfaces and APs that support VLANs.

    • M

      Paypal being blocked
      General pfSense Questions • • manilx

      33
      0
      Votes
      33
      Posts
      446
      Views

      M

      @nollipfsense actually this also stopped working and I’m back at the issue.

    • D

      Plugging SFP transceiver from AT&T box directly into SG-2100
      Official Netgate® Hardware • • DominikHoffmann

      33
      0
      Votes
      33
      Posts
      429
      Views

      DefenderLLC

      I haven't read through all of the replies, but you cannot eliminate the AT&T gateway. First off, the newer models like the one shown have the ONT built-in. Secondly, the fiber service requires certificate-based authentication, so even if you clone the AT&T gateway's MAC address on your pfSense it will not work.

      The previous workarounds also do not work like they did with previous AT&T gateways and separate ONT module. If you want any fiber plan over 1 gig, then you will be issued the same gateway as in the original post. Also note the LAN ports are all 1 gig with the exception of first port which is blue and will support 5 gig, 2.5 gig, or 1 gig.

    • S

      1 Gig Fios and PFSense
      Firewalling • • sstatjm

      32
      0
      Votes
      32
      Posts
      505
      Views

      M

      @jbeez I worked at the other Blue cable company. VZ tech guys had some Fked up stories. Both company employees eventually shared the same employment multiple times back and forth. It's like the Philly cheese steak cooks immigrated to NYC and then back to Philly and then told stories. No, the grass is not greener! Don't ever call tech and tip them off is all that I'll say. "Their job is to collect more revenue on the quota chain you just don't know it." One can go months straight under the radar...until someone does their admin network monitoring job. Watch this Video and you'll laugh

      Stay low my friends and never call in for anything if you don't have to. Just open up that ONT yourself on the side of your house. Unplug that black box for a few minutes then plug it back in and close the ONT unit. P.S. this is not good tech advice at all... I ate too many lead paint chips!

      For the entrepreneur, you certainly can use a dual wan but the primary should be business static and one of them can be a residential DHCP but not both. Plus, google will index higher-ranking static IPs over ever-changing residential IPs. A simple way to check is to go to Business Static IP check Type = business or residential?

      I just want to hear a few stories of customers winning on DHCP leases. Meaning maybe it changes once per year. The problem is just when you think you won they change the IP address more than normal. Now back to paint chips.

    • V

      Latest pfsense+ 23.01 beta freezes on Hyper-v
      Plus 23.01 Development Snapshots • • vbjp

      30
      0
      Votes
      30
      Posts
      759
      Views

      jimp

      Might be a long shot, but do your configurations on those VMs have the serial console enabled even though they don't have COM ports mapped in Hyper-V?

      There is a known issue in that area with FreeBSD on Azure Gen2 VMs but I wouldn't think it would manifest on local Hyper-V setups since even though the VM contains COM port configurations it doesn't actually have any uart controllers or serial ports visible to the guest.

    • M

      Blog suricata-vs-snort - Snort 3.0?
      IDS/IPS • • musicwizard

      30
      0
      Votes
      30
      Posts
      337
      Views

      bmeeks

      @michmoor said in Blog suricata-vs-snort - Snort 3.0?:

      @bmeeks This is extremely insightful here. Thanks for the added detail that im glad i know about now.

      So the way i see it, the IPS is only 'useless' on pf from the standpoint of lack of integration with any MITM process. In a perfect world with unlimited resources if there can be some integration then the IPS component would be of more value.
      As it stands, its pretty useless (no disrespect to you of course), and this is more in line with what you have been saying for quite some time about its usefulness.

      Correct. But it's not just pf. The same is true with many other operating system configurations.

      My point in my other postings about the "usefulness" of IPS is that on the perimeter it is becoming less and less effective due to the encryption. Thus having it on the firewall inspecting traffic flowing between hosts is not really doing a whole lot unless the payload data is cleartext.

    • L

      Problems with pfSense IPV6 DNS function (does it exist!?)
      CE 2.7.0 Development Snapshots • • louis2

      30
      0
      Votes
      30
      Posts
      219
      Views

      C

      I did a factory reset of my config and set my WAN and LAN interfaces (dev 2.7 1/9). Never even logged in and I'm still getting query refused with ipv6. I just wanted to rule out any of my config changes as the issue.

      Then I loaded a clean install of stable 2.6 and it seems to be working as expected

    • P

      Problem with DNS over TLS
      DHCP and DNS • • pietsnot56

      28
      0
      Votes
      28
      Posts
      375
      Views

      P

      Thanks everybody,
      I founded my error : a typo in the Dnsname!
      This case can be closed.

    • K

      PPPoE with vlan
      General pfSense Questions • • Kristian_m

      28
      0
      Votes
      28
      Posts
      587
      Views

      stephenw10

      Ah, then try capturing on em0 directly so you can see the VLAN tagged packets.

      Capturing on the VLAN won't show that. And it also won't show any replies that aren't using that VLAN tag.

    • F

      Aplicativo do Serpro
      Portuguese • • fcosta

      28
      1
      Votes
      28
      Posts
      638
      Views

      F

      @ricardo-rocha maravilha meu nobre, aqui funcionou, no firewall eu já tinha feito as liberações, agora ao colocar todos os endereços na regras do proxy e as exceções dentro de opções de internet ele funcionou perfeitamente, obrigado pela ajuda.

    • B

      Australian NBN connection stops after random time
      General pfSense Questions • • bleve

      27
      0
      Votes
      27
      Posts
      256
      Views

      B

      @bleve said in Australian NBN connection stops after random time:

      @stephenw10 thank you, that worked a treat!

      I popped a USB powered case fan on top of this little box, and the newly reported 52 degrees is now 35 (Celcius). Win!

      Thank you again for your advice and assistance.

    • L

      1:1Nat, two public IPs for one server with one nic
      NAT • • leonidas-o

      26
      0
      Votes
      26
      Posts
      212
      Views

      L

      Couldn't make BigBlueButton work behind pfsense/opnsense with 1:1 NAT + Reflection etc., so I gave up on that approach. I still found a solution assigning the second public IP directly to the BBB VM, which I documented here: https://serverfault.com/questions/1121061/assigned-second-public-ip-to-vm-from-outside-not-reachable/1121266#1121266

    • D

      Whack-a-mole with DigitalOcean "ET COMPROMISED Known Compromised or Hostile Host Traffic group"
      IDS/IPS • • drewsaur

      25
      0
      Votes
      25
      Posts
      103
      Views

      D

      @bmeeks Thank you so much. I did send you the full log separately. Please let me know if I can get you anything else. And you needn’t do any more. I’m more than happy with what I’ve learned. Cheers!

    • A

      Keine DNS-Auflösung in der DMZ
      Deutsch • • Alcamar

      25
      0
      Votes
      25
      Posts
      130
      Views

      N

      Ah ja ok stimmt, die DNS Regel auf Localhost mache ja Sinn, aber nur wenn das Ziel !This Firewall ist.

    • H

      half network speed after upgrading
      Plus 23.01 Development Snapshots • • High_bounce

      25
      0
      Votes
      25
      Posts
      617
      Views

      H

      no worries i just switch to an old intel x540-t2 should be fine until i upgrade the rest of my network to multi-gig thank you for all your help. i hope it gets fixed at some point i have always herd that Chelsio nics were the best with bsd maybe that is changing now

    • H

      7100 1u vlan addition question
      Official Netgate® Hardware • • hescominsoon

      25
      0
      Votes
      25
      Posts
      225
      Views

      H

      @rcoleman-netgate said in 7100 1u vlan addition question:

      @hescominsoon You're welcome. That one took me a bit to grasp when I first bought a device with a Marvell switch.

      yeah..i won't be doing that again..i know its a cost point thing and it's valid..i just do not like the gymnastics you ahve to do..<G>

    • D

      need help setting up!!!
      General pfSense Questions • • darktech311

      25
      0
      Votes
      25
      Posts
      246
      Views

      D

      @johnpoz ok understood thank you so much for the help!!

    • C

      Anyone seeing more memory usage with 23.01?
      Plus 23.01 Development Snapshots • • chickendog

      25
      0
      Votes
      25
      Posts
      661
      Views

      R

      @jimp ok thanks for the explanation.
      Understood and makes sense, but it is hard to see if there is ram left for eg plug-ins or not.

    • D

      How stable is OpenVPN?
      OpenVPN • • DominikHoffmann

      25
      0
      Votes
      25
      Posts
      479
      Views

      stephenw10

      Except that we've seen in the other thread that doing so is triggering, at least, dpinger to restart. So it could be doing more than you think.

    • D

      Снижение скорости
      Russian • • dekor238

      24
      0
      Votes
      24
      Posts
      164
      Views

      D

      @werter said in Снижение скорости:

      @dekor238
      Тут есть цикл заметок по нему )
      Сперва попробуйте pve в виде вирт. машины развернуть на esxi , включив nested-виртул-цию предварительно на ней.

      :))))
      не... это уже сложно для меня... я не так силен в этих виртуализациях...
      проще сразу перейти на проксмокс и поставить pfSense с бекапом данных, чтобы не перенастраивать...

    • A

      WG peers won't connect
      WireGuard • • arjay

      23
      0
      Votes
      23
      Posts
      201
      Views

      J

      @arjay Not NAT, but outbound NAT.
      Did you add that?

    • T

      23.01.b.20230106.0600 IGMP proxy stops TV stream
      Plus 23.01 Development Snapshots • • thebear

      23
      0
      Votes
      23
      Posts
      593
      Views

      stephenw10

      The nomap capability should be easy to disable but it appears ifconfig may not have caught up yet. I can't find a syntax that works. But I doubt that would make any difference here.

      I also compared the options between 22.05 and 23.01 from the same config in the 8200 and saw the same.

      If it's a ZFS install you should be ble to roll back the BE snapshot.

    • T

      Static IP WAN block, devices not connecting
      General pfSense Questions • • tcw

      23
      0
      Votes
      23
      Posts
      209
      Views

      P

      Well it caused me to go ahead and clean up the v6 configuration on mine. I was not having this issue but I did have some things running that likely did not need to be as well as the outside and inside picking up v6 addresses. May as well keep it simple.

    • Y

      Error launching monitoring using UI
      CE 2.7.0 Development Snapshots • • yuryk

      22
      0
      Votes
      22
      Posts
      177
      Views

      Y

      That worked. For some reason, when I initially told the setup to create a new certificate, it just created a private key and not the certificate. Jan 24 build however worked!

    • R

      URL for WebGUI doesnt work....
      webGUI • • RobinH

      21
      0
      Votes
      21
      Posts
      83
      Views

      johnpoz

      @robinh but that is not your webgui port, so that you ha proxy... Restart your web gui, most likely it didn't restart..

    • G

      Connection to xBox 360 isn't working
      General pfSense Questions • • Gamienator 0

      21
      0
      Votes
      21
      Posts
      162
      Views

      G

      I get even more and more the feeling that either:

      a) my ISP is doing something weird or
      b) my VDSL Modem is doing weird stuff.

      I just noticed that even Playing CS:GO is not working anymore. After a couple of seconds I get the Message not possible to official Servers with following log:

      Refreshing ping measurements SDR RelayNetworkStatus: avail=OK config=OK anyrelay=OK (Refreshing ping measurements) SteamNetworkingSockets lock held for 5.6ms. (Performance warning.) ServiceThread,SteamDatagramClientThinker::Think,EnsureDataCenterRoutesValid,ThinkPingProbes,CreateServerDataForCluster(x10),SendUDPacket(x10) This is usually a symptom of a general performance problem such as thread starvation. Host_WriteConfiguration: Wrote cfg/config.cfg Ping measurement completed Ping location: mlx1=14+1,mst1=19+1/20+1,fra=/22+1,ams=/25+1,lhr=/32+1,vie=/33+1,par=/37+1,mad=/40+1,waw=/42+1,mny1=85+8/86+8,iad=/91+8,mmi1=124+12/119+8 SDR RelayNetworkStatus: avail=OK config=OK anyrelay=OK (Refreshing ping measurements) Ping measurement complete after 5.0s. Sending sample to GC ams: 25ms via mlx1 (front=14ms, back=11ms) can: 185ms via tsnu (front=149ms, back=36ms) canm: 193ms via tsnu (front=149ms, back=44ms) cant: 184ms via tsnu (front=149ms, back=35ms) canu: 183ms via tsnu (front=149ms, back=34ms) dfw: 132ms via mny1 (front=85ms, back=47ms) lhr: 32ms via mlx1 (front=14ms, back=18ms) mam1: 25ms via mlx1 (front=14ms, back=11ms) mas1: 93ms via mny1 (front=85ms, back=8ms) mat1: 104ms via mny1 (front=85ms, back=19ms) mch1: 105ms via mny1 (front=85ms, back=20ms) mdc1: 92ms via mny1 (front=85ms, back=7ms) mdf1: 122ms via mny1 (front=85ms, back=37ms) mfr1: 22ms via mst1 (front=19ms, back=3ms) mla1: 149ms via mny1 (front=85ms, back=64ms) mln1: 32ms via mlx1 (front=14ms, back=18ms) mlx1: 14ms via direct route mmi1: 119ms via mny1 (front=85ms, back=34ms) mny1: 86ms via direct route mpx1: 157ms via mny1 (front=85ms, back=72ms) msa1: 139ms via mny1 (front=85ms, back=54ms) msj1: 150ms via mny1 (front=85ms, back=65ms) msl1: 110ms via mny1 (front=85ms, back=25ms) mst1: 20ms via direct route par: 37ms via mst1 (front=19ms, back=18ms) pwg: 183ms via tsnu (front=149ms, back=34ms) pwj: 150ms via tsnu (front=149ms, back=1ms) pwu: 158ms via tsnu (front=149ms, back=9ms) pww: 170ms via tsnu (front=149ms, back=21ms) pwz: 177ms via tsnu (front=149ms, back=28ms) sea: 150ms via mny1 (front=85ms, back=65ms) sha: 175ms via tsnu (front=149ms, back=26ms) sham: 174ms via tsnu (front=149ms, back=25ms) shat: 174ms via tsnu (front=149ms, back=25ms) shau: 169ms via tsnu (front=149ms, back=20ms) shb: 174ms via tsnu (front=149ms, back=25ms) sto2: 49ms via mlx1 (front=14ms, back=35ms) tsn: 150ms via tsnu (front=149ms, back=1ms) tsnm: 149ms via tsnu (front=149ms, back=0ms) tsnt: 149ms via tsnu (front=149ms, back=0ms) tsnu: 149ms via direct route tyo1: 267ms via msj1 (front=160ms, back=107ms) Host_WriteConfiguration: Wrote cfg/config.cfg Started tracking Steam Net Connection to =[A:1:2737553413:22553]:0, handle ceb4929 [#216746281 SDR server steamid:90168859682390021 vport 0] Requesting session from mlx1#71 (188.42.190.100:27047). Ping = 414 = 14+400 (front+back). [#216746281 SDR server steamid:90168859682390021 vport 0] Requesting session from mst1#57 (151.106.18.227:27041). Ping = 419 = 19+400 (front+back). [#216746281 SDR server steamid:90168859682390021 vport 0] Selecting mlx1#71 (188.42.190.100:27047) as primary. (Ping = 414 = 14+400+0 (front+interior+remote).) [#216746281 SDR server steamid:90168859682390021 vport 0] Selecting mst1#57 (151.106.18.227:27041) as backup #1 (Ping = 419 = 19+400+0 (front+interior+remote).) Already have a ticket for server 'steamid:90168859682390021' with older expiry 1675206188. Discarding and replacing with new ticket expiring at 1675206254 Received Steam datagram ticket for server steamid:90168859682390021 vport 0. Host_WriteConfiguration: Wrote cfg/config.cfg [#216746281 SDR server steamid:90168859682390021 vport 0] problem detected locally (4001): Timeout; remote problem. Rx age server (never) relay 0.4s Steam Net connection #216746281 SDR server steamid:90168859682390021 vport 0 problem detected locally, reason 4001: Timeout; remote problem. Rx age server (never) relay 0.4s **** Unable to localize '#GenericConfirmText_Label' on panel descendant of 'PopupManager' Closing Steam Net Connection to (unknown), handle ceb4929 (2001 Matchmaking failed. We never heard from gameserver) Summary of connection to #216746281 SDR server steamid:90168859682390021 vport 0: End-to-end connection: closed due to problem detected locally, reason code 4001. (Timeout; remote problem. Rx age server (never) relay 0.4s) Remote host is in data center 'fra' Current rates: Sent: 0.0 pkts/sec 0.0 K/sec Recv: 0.0 pkts/sec 0.0 K/sec Ping:414ms Max latency variance: ???ms Est avail bandwidth: 1024.0KB/s Bytes buffered: 0 Lifetime stats: Totals Sent: 21 pkts 6,597 bytes Recv: 0 pkts 0 bytes No ping distribution available. (1 samples) No connection quality distribution available. (0 measurement intervals) Latency variance histogram not available No rate stats received from remote host No lifetime stats received from remote host Primary router: mlx1#71 (188.42.190.100:27047) Ping to relay = -1 Current rates: Sent: 2.0 pkts/sec 0.6 K/sec Recv: 2.2 pkts/sec 0.0 K/sec Quality: 100% (Dropped:0.00% WeirdSeq:0.00%) Bytes buffered: 0 Lifetime stats: Totals Sent: 21 pkts 6,597 bytes Recv: 21 pkts 204 bytes Recv w seq: 21 pkts Dropped : 0 pkts 0.00% OutOfOrder: 0 pkts 0.00% Duplicate : 0 pkts 0.00% SeqLurch : 0 pkts 0.00% No ping distribution available. (0 samples) No connection quality distribution available. (1 measurement intervals) Latency variance histogram not available No rate stats received from remote host No lifetime stats received from remote host Backup router: mst1#57 (151.106.18.227:27041) Ping = -1+-1=-2 (front+back=total) Removing Steam Net Connection for =[A:1:2737553413:22553]:0, handle ceb4929 [#216746281 SDR server steamid:90168859682390021 vport 0] Discarding inactive session mst1#57 (151.106.18.227:27041). ConnectionShutdown [#216746281 SDR server steamid:90168859682390021 vport 0] Discarding inactive session mlx1#71 (188.42.190.100:27047). ConnectionShutdown

      While die PCAP ( CSGO.zip ) shows incoming and outgoing Traffic ... To be 100% sure I just ordered a new VDSL Modem...

    • I

      Perplexing Problem with PFSense
      General pfSense Questions • • ITWorxNZ

      21
      0
      Votes
      21
      Posts
      230
      Views

      stephenw10

      @stephenw10 said in Perplexing Problem with PFSense:

      @itworxnz said in Perplexing Problem with PFSense:

      It's always the same two blocks out of seven that seem to cause it, but everyone is affected.

      If the router/gateway went down everyone would be affected but the different hosts in the same subnet would still be able to connect to each other. Can we assume that isn't case?

      Still need that questions answering to determine what sort of problem you are dealing with. And I would still do this:

      When this happens if you run a pcap somewhere do you see anything incoming?

      This doesn't seem like a bad cable to me or a bad switch port. Those would only effect devices connected to them. For something to take down the entire subnet across multiple switches such that no traffic can move across the network at all it pretty much has to be a flood of some sort.

      But if things can still ping other local hosts just not the local gateway I'd be looking for a rogue dhcp server or something doing ARP poisoning perhaps.

      You should really be using VLANs to separate these user groups out. That would prevent something like a rogue dhcp server affecting everyone.

      Steve

    • F

      radius and wpa3 with client wpa2 ?
      Wireless • • furom

      21
      0
      Votes
      21
      Posts
      197
      Views

      F

      @johnpoz Agreed, I too hope IoT catch up soon on security related stuff. Many nice gadgets only have wifi, and as is, I don't feel entirely comfortable using that for IoT. Of course it can and imho should, be zoned in contained vlans, but just the fact your wifi is offering your network to anyone who (can) listen, is not comforting, but very convenient.
      I've learned a lot on this exercize, enough to wanting to read more - WPA2 to WPA3 was indeed a big leap, and perhaps time for me to re-evaluate wifi for my purposes... :) (for now still excluding IoT)

    • D

      Connecting to CloudFlare, surely its possible.
      General pfSense Questions • • deanfourie

      21
      0
      Votes
      21
      Posts
      455
      Views

      D

      @stephenw10 it certainly does look more like a proxy.

    • R

      Site to Site OpenVPN Partially Working
      OpenVPN • • Ryu945

      21
      0
      Votes
      21
      Posts
      226
      Views

      R

      @viragomann I was saying that if I want to use the main site like a VPN to access the internet, just like a commercial VPN provider, I would have a rule on the remote site that says LAN to any using VPN as gateway. This rule will be placed in NAT -> outbound. What I found with doing this with the VPN made from the main site is that it messed up the site to site VPN for the remote side. Somehow that outbound rule messes up the working remote site to main site connection.

    • CaptainHook

      Help - My firewall keeps crashing and I don't know why
      Hardware • • CaptainHook

      21
      0
      Votes
      21
      Posts
      322
      Views

      CaptainHook

      Hello Sir @stephenw10 After working with my boss at our office we were able to get in the commands to get the driver updated and I have not had a problem since. I will let you know if it fails again but for now the issues is resolved.

      Thank you!

    • H

      I'm sick of neer-do-wells hitting my WAN with TCP:SYN
      Firewalling • • henderbc

      20
      0
      Votes
      20
      Posts
      327
      Views

      NogBadTheBad

      @johnpoz said in I'm sick of neer-do-wells hitting my WAN with TCP:SYN:

      If your phone ringer is off, does it really matter if a spammer calls you - you don't answer the phone anyway because the phone doesn't ring.. But you might not like picking up your phone and see missed calls.

      My ringer is on as I have an IPSec VPN & SFTP server local 😁