Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • N

      [RESOLVED] IPSec tunnel OK but routers can't ping each others

      Watching Ignoring Scheduled Pinned Locked Moved IPsec
      6
      0 Votes
      6 Posts
      15k Views
      A

      @nicolasfo said in [RESOLVED] IPSec tunnel OK but routers can't ping each others:

      You can know everything about everything thanks to Google. But if you don't know what to search, it is useless.

      The problem is resolved, by adding a bogus route, by hand.

      Here's the explanation :

      https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

      Thanks for help

      Oh my god this worked! Created an account just to say THANK YOU for this. I have a pfSense<->Unifi connected via IPSec. Applying it on the pfSense side makes pfSense->Unifi direct gateway/FW connection possible. Applying it on the Unifi side made my IPSec work perfectly.

      Again, thank you!

    • G

      Vodafone UK IPv6 Configuration

      Watching Ignoring Scheduled Pinned Locked Moved IPv6
      18
      0 Votes
      18 Posts
      3k Views
      A

      @drodgers Hey. I'm going through this exact thing now with Vodafone and pfSense and struggling. I've replicated your settings but it seems very intermittent.

      My clients get ipv6 addresses and can ping out fine however browsing this forums dies because it responds with and ipv6 address.

      For some reason as soon as I enable ipv6 netflix and paramount also stop streaming 🤦 They browse fine but as soon as you try to play a video it's a no go.

      Any ideas or pointers please or could you post your most recent working config please?

    • I

      check_upgrade: "Updating repositories metadata" returned error code 1

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      84
      0 Votes
      84 Posts
      12k Views
      H

      I had same issue for a long time.

      Then I tried pkg update -f and got an error for SunnyVally repository
      I figured that I had a old version of zenarmor installed that matches the FreeBSD 14 and not 15.
      Upgraded the zenarmor to the latest version.

      Haven't had any of the error messages for some time now. hopefully that was it.

      Maybe this can be helpfull to someone.

    • A

      Port Forwarding Not Forwarding Traffic To Destination Of VOIP PBX.

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling
      1
      0 Votes
      1 Posts
      24 Views
      No one has replied
    • A

      Tailscale Package Stuck in "Offline" State - GUI Broken After Reinstall

      Watching Ignoring Scheduled Pinned Locked Moved Tailscale
      1
      0 Votes
      1 Posts
      51 Views
      No one has replied
    • M

      How to update to the latest Tailscale version?

      Watching Ignoring Scheduled Pinned Locked Moved Tailscale
      163
      1 Votes
      163 Posts
      47k Views
      luckman212L

      For 25.07 RC, this worked for me (run sh first)

      [25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4
    • N

      HaProxy ip alias dropdown ?

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy
      1
      0 Votes
      1 Posts
      40 Views
      No one has replied
    • P

      new PPPoE kernel - Suricata not working

      Watching Ignoring Scheduled Pinned Locked Moved IDS/IPS
      2
      0 Votes
      2 Posts
      71 Views
      bmeeksB

      I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

      Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

    • C

      Introduce openvpn-auth-oauth2 as pfSense package

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages
      2
      0 Votes
      2 Posts
      78 Views
      A

      @cdal

      This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)

    • R

      How to update to the latest Telegraf version

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages
      9
      0 Votes
      9 Posts
      1k Views
      R

      @rocket

      Updated July 20-2025

      pfsense 24.11 - Telegraf freebsd-15

      pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg

      pfsense 2.7.2 - Telegraf freebsd-14

      pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg

      https://www.freshports.org/net-mgmt/telegraf/#history

    • L

      Updated PIMD package (beta)

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages
      1
      0 Votes
      1 Posts
      82 Views
      No one has replied
    • M

      New pfblockerNG install Database Sanity check Failed

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      39
      0 Votes
      39 Posts
      4k Views
      M

      @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

      Therefore:

      Addition for anyone struggling to find where to edit files on your pfsense system.

      Go to Diagnostics --> Edit File --> insert the location of the file:

      /usr/local/pkg/pfblockerng/pfblockerng.sh

      Go to line number 1232 by filling it in the Go to line field.

      That line should read:

      s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

      replace only (leave the rest intact):

      masterfile

      to

      mastercat

      Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

    • D

      Load balancing not actually balanced?

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      3
      0 Votes
      3 Posts
      114 Views
      D

      @Nicholas97 Sticky connections are not enabled. Gateway status is fine. Weights for each LAN are set to 1 which should be fine for 2x gigabit connections and total bandwidth used of less than 1gbps. Will look at the logs but will have to figure out what I'm looking for ... will report back.

      I have read the multiwan load balancing docs pretty well and searched the forums here before posting this originally. Unless there are other pfsense forums you're referring to?

    • G

      CE v2.8.0 issues

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      4
      1 Votes
      4 Posts
      326 Views
      stephenw10S

      Hmm, but they are policy based tunnels? And 300 Phase 1 configs not a total of 300 Phase 2 configs for example?

      I'm not aware of any issue in 2.8 that might present like that for IPSec.

    • A

      Amcrest Camera Function Direct VPN vs Site to Site

      Watching Ignoring Scheduled Pinned Locked Moved WireGuard
      1
      0 Votes
      1 Posts
      44 Views
      No one has replied
    • R

      v2.7.2: Dynamic DNS not working with Cloudflare

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      11
      0 Votes
      11 Posts
      387 Views
      R

      @70tas Indeed the global token does not work anymore, you must use the API token. And then for the login, do not use your email address. As I wrote before: "One must use the Zone ID when using the API token."

      I have this working using the DDNS GUI. I only needed the script for debugging.