Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • Bob.DigB

      25.07.r.20250709.2036 First Boot WireGuard Service not running

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      36
      0 Votes
      36 Posts
      393 Views
      Bob.DigB

      @stephenw10 I made some further changes. I removed the gateway for that problematic tunnel and also removed keep alive etc so that it is not expected to be running at start.
      That didn't changed anything for me. At next reboot, gateways are down as is WireGuard. So it seems more of a general problem, although no one else is reporting it...

    • S

      Upgrade from 2.7.2 to 2.8.0 Failed and now /boot/efi/ empty

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      28
      0 Votes
      28 Posts
      289 Views
      S

      @stephenw10 Unfortunately I am going to have to wait till I can bring down the network to test. If I take it down now and it doesn't come back up I will be having some hell to pay from the family...lol. 😃

    • 7

      Dynamic DNS (DDNS) fails to obtain public IP

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      39
      0 Votes
      39 Posts
      627 Views
      7

      @johnpoz Ok, well thank you anyway John
      Tas

    • A

      DNS Block and Redirect for IPv6

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      21
      0 Votes
      21 Posts
      244 Views
      johnpozJ

      @Gertjan oh I missed that - my bad.

    • J

      Should my dhcpv6 clients also get a /64 address?

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      19
      0 Votes
      19 Posts
      128 Views
      JKnottJ

      @jarmo said in Should my dhcpv6 clients also get a /64 address?:

      clients get one /64 address from a correct subnetwork.

      Initially, there should be 2. A consistent address and a privacy address. You get another privacy address each day, up to 7, when the oldest one falls off the list.

    • M

      Netgate Documentation on DNS over TLS and NOT using DNSSEC

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      17
      0 Votes
      17 Posts
      219 Views
      johnpozJ

      @tinfoilmatt said in Netgate Documentation on DNS over TLS and NOT using DNSSEC:

      I've never encountered any problems

      And what have you gained by asking for something that has already been done.. You mention you leave 0x20 off for performance - but want to do a bunch of queries for dnssec that make no matter?

    • J

      Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense

      Watching Ignoring Scheduled Pinned Locked Moved Hardware
      14
      0 Votes
      14 Posts
      213 Views
      GertjanG

      @johnytb said in Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense:

      can you explain to me what exactly is this interface that you show here ?

      That's pfSense most important interface 😊
      The one that works when even all your NICs don't work.

      Its called : the console, which could be a serial connection, or, if you have VGA/HDMI build in, it could be that and a (USB) keyboard.
      Or : If the LAN NIC is working, you 'ssh' into your pfSense using a SSH client like putty or classic 'ssh'.

      Keep in mind : what happens when you have a disk drive issue ?
      => pfSense can't boot.
      => Network interfaces will all by down ...
      You the the console (serial or VG/HDMI/Keyboard) access.

      For command line commands I use the ... command line = console (or SSH) access.

    • I

      NAT broken after Reboot

      Watching Ignoring Scheduled Pinned Locked Moved NAT
      14
      0 Votes
      14 Posts
      612 Views
      P

      @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself!

      Hopefully your setup will remain stable going forward.

    • luckman212L

      New Tunable: kern.crypto.iimb.enable_aescbc on fresh install

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      11
      0 Votes
      11 Posts
      111 Views
      M

      @dennypage said in New Tunable: kern.crypto.iimb.enable_aescbc on fresh install:

      So in summary, to answer your question, I don't think it matters at all. 🤠

      Well, according to the documentation, ChaCha20-Poly1305 is accelerated by iimb, so if you are running only wireguard, you would benefit by enabling it.
      If that is the case, kern.crypto.iimb.enable_aescbc will be 0.

      Not sure if QAT enabled or disabled, will influence in that value.

    • R

      SG-1100 Recovery Help Needed

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      11
      0 Votes
      11 Posts
      50 Views
      stephenw10S

      Yes that's correct. The 1100 has only one NIC (mvneta0) and an internal switch with VLANs to separate the ports. But, as I said, you shouldn't need to make any changes there it's detected and set automatically for any Netgate device.

    • N

      [2.8.1.b] Multiple limiter issue

      Watching Ignoring Scheduled Pinned Locked Moved Development
      11
      0 Votes
      11 Posts
      492 Views
      stephenw10S

      Ah OK I see, the names threw me!

    • C

      Port Forwarding stopped working after upgrading to 2.8.0

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      52
      0 Votes
      52 Posts
      1k Views
      stephenw10S

      Cool. Yup there was a backend issue last night. It should be fixed now.

    • mav3rickM

      OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN
      12
      0 Votes
      12 Posts
      136 Views
      M

      @mav3rick said in OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances:

      So setting openvpn to bind only to the CARP VIP works fine for me

      Multi-WAN with HA there?
      If so, it would be a better idea to run openVPN server on localhost instead.
      This would allow it to receive connections from all WANs.

      No need to select a VIP, just forward packets from the WANs VIPs to localhost.
      You can use DNS, thus the client would connect to the WAN that is UP.
      Or
      You can use two remote entries in the .ovpn, with timeout lets say, 2 seconds.

      Then, just create the NAT rule to access the firewall-2, using the SYNC address as previously mentioned.

    • C

      FreeBSD apps to load behind pfSense?

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
      10
      0 Votes
      10 Posts
      247 Views
      C

      @bmeeks Thank you.

      Your points are excellent. I believe I will back off from adding more supplemental apps. Adguard Home works with OPNsense as a 3rd party add-on without complaint so I will leave that alone for now. But I will also keep an eye out for issues with that configuration.

      Worst case is a reinstall of pfSense and a restore of the backup configuration. My Windows Adguard Home servers are available if needed.

    • JonathanLeeJ

      pfsense-tools.git clang gcc

      Watching Ignoring Scheduled Pinned Locked Moved Development clang gcc pfsense-tools
      11
      0 Votes
      11 Posts
      153 Views
      JonathanLeeJ

      Screenshot 2025-07-18 at 15.25.50.png

      It works I had to adapt the make file again USES= tar:tgz for it to make install clean. I have to update the pr now

      it comes with ROCK too!!!!

    • G

      VPN Performance bei S2S

      Watching Ignoring Scheduled Pinned Locked Moved Deutsch
      9
      0 Votes
      9 Posts
      201 Views
      V

      @NOCling
      Setzt aber voraus, dass man die Formel kennt.

    • P

      Wireguard site to site tunnel with GNAT

      Watching Ignoring Scheduled Pinned Locked Moved WireGuard
      9
      0 Votes
      9 Posts
      117 Views
      P

      @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

      I will try and do some packet capture to see if that reveals anything.

    • w0wW

      New PPPoE backend, some feedback

      Watching Ignoring Scheduled Pinned Locked Moved Development
      225
      0 Votes
      225 Posts
      32k Views
      L

      @RobbieTT

      Be aware that I am not at all saying that a user can directly access the ISP-node, but I am sure that PPOE interface can !!

      Whats ever I it helps, I am absolutely OK to activate PPOE debug logging for a short period!

      Note that my actual config is like this
      ISP => ISP-fiber-interface => one of my small switches => pfSense.

      Internet should arrive via VLAN 6, IPTV via VLAN4 and (Old) VoIP via VLAN7.
      Untagged routed to vlan1 and vlans (internet) are routed to pfSense.

      I did add vlan1 to be quite sure that even untagged messages are passing to pfSense. Normally I would simply have blocked untagged. However the PPPOE is assigned to VLAN6.

    • P

      pfSense® CE 2.8.1 Beta Now Available!

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      9
      6 Votes
      9 Posts
      634 Views
      S

      @SteveITS said in pfSense® CE 2.8.1 Beta Now Available!:

      Release notes?

      https://docs.netgate.com/pfsense/en/latest/releases/2-8-1.html

    • O

      pfsense-ce 2.7.4 SSH server: how to config ClientAliveCountMax and ClientAliveInterval

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sshd
      17
      0 Votes
      17 Posts
      823 Views
      stephenw10S

      It's not a bug because that's the expected behaviour. You could consider it a missing feature if you need to make changes there. Open a feature request: https://redmine.pfsense.org/

      This is the first time I've seen anyone ask about it in 10 years though so it's clearly not a huge problem.

      You could just patch the file to create the config with the values you need then carry that as a custom patch in the patches package.