Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • 7

      Dynamic DNS (DDNS) fails to obtain public IP

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      39
      0 Votes
      39 Posts
      568 Views
      7

      @johnpoz Ok, well thank you anyway John
      Tas

    • C

      Port Forwarding stopped working after upgrading to 2.8.0

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      52
      0 Votes
      52 Posts
      1k Views
      stephenw10S

      Cool. Yup there was a backend issue last night. It should be fixed now.

    • Bob.DigB

      25.07.r.20250709.2036 First Boot WireGuard Service not running

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      22
      0 Votes
      22 Posts
      281 Views
      stephenw10S

      Hmm, so can you see in the logs that dpinger is failing to start during that reboot? And can you see if that's before WG tries to start?

    • A

      DNS Block and Redirect for IPv6

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS
      21
      0 Votes
      21 Posts
      241 Views
      johnpozJ

      @Gertjan oh I missed that - my bad.

    • S

      Upgrade from 2.7.2 to 2.8.0 Failed and now /boot/efi/ empty

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      18
      0 Votes
      18 Posts
      203 Views
      stephenw10S

      It looks to be mounted correctly since you have the EFI dircetory structure there. As long as you also have the actual efi file(s) there:

      [25.07-RC][admin@6100.stevew.lan]/root: du -ha /boot/efi 656K /boot/efi/efi/freebsd/loader.efi 656K /boot/efi/efi/freebsd/loader-old.efi 1.3M /boot/efi/efi/freebsd 656K /boot/efi/efi/boot/bootx64.efi 656K /boot/efi/efi/boot/bootx64-old.efi 1.3M /boot/efi/efi/boot 2.6M /boot/efi/efi 2.6M /boot/efi
    • J

      Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense

      Watching Ignoring Scheduled Pinned Locked Moved Hardware
      14
      0 Votes
      14 Posts
      114 Views
      GertjanG

      @johnytb said in Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense:

      can you explain to me what exactly is this interface that you show here ?

      That's pfSense most important interface 😊
      The one that works when even all your NICs don't work.

      Its called : the console, which could be a serial connection, or, if you have VGA/HDMI build in, it could be that and a (USB) keyboard.
      Or : If the LAN NIC is working, you 'ssh' into your pfSense using a SSH client like putty or classic 'ssh'.

      Keep in mind : what happens when you have a disk drive issue ?
      => pfSense can't boot.
      => Network interfaces will all by down ...
      You the the console (serial or VG/HDMI/Keyboard) access.

      For command line commands I use the ... command line = console (or SSH) access.

    • P

      pfSense Plus 25.07 Beta Now Available

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      28
      4 Votes
      28 Posts
      2k Views
      brezlordB

      UI Update output.

      >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching data.pkg: . done Processing entries: . done pfSense-core repository update completed. 5 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching data.pkg: .......... done Processing entries: .......... done pfSense repository update completed. 733 packages processed. All repositories are up to date. >>> Setting vital flag on pkg...done. >>> Setting vital flag on pfSense...done. >>> Renaming current boot environment from 25.03 to 25.03_20250719205419...done. >>> Cloning current boot environment 25.03_20250719205419...done. >>> Removing vital flag from php83...done. >>> Upgrading packages in cloned boot environment 25.03... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (10 candidates): .......... done Processing candidates (10 candidates): .......... done The following 10 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: if_pppoe-kmod: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense: 25.03.b.20250515.1415.1500029 -> 25.07.r.20250715.1733.1500029 [pfSense] pfSense-base: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-boot: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-default-config-serial: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-kernel-pfSense: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense-core] pfSense-pkg-Nexus: 25.03.b.20250515.1415 -> 25.07.r.20250715.1733 [pfSense] pfSense-pkg-System_Patches: 2.2.21_1 -> 2.2.21_2 [pfSense] pfSense-repoc: 20250419 -> 20250520 [pfSense] unbound: 1.22.0_1 -> 1.23.0 [pfSense] Number of packages to be upgraded: 10 The operation will free 12 MiB. 214 MiB to be downloaded. [1/10] Fetching unbound-1.23.0.pkg: .......... done [2/10] Fetching pfSense-pkg-System_Patches-2.2.21_2.pkg: ......... done [3/10] Fetching if_pppoe-kmod-25.07.r.20250715.1733.1500029.pkg: ... done [4/10] Fetching pfSense-pkg-Nexus-25.07.r.20250715.1733.pkg: .......... done [5/10] Fetching pfSense-kernel-pfSense-25.07.r.20250715.1733.pkg: .......... done [6/10] Fetching pfSense-base-25.07.r.20250715.1733.pkg: .......... done [7/10] Fetching pfSense-25.07.r.20250715.1733.1500029.pkg: .......... done [8/10] Fetching pfSense-boot-25.07.r.20250715.1733.pkg: .......... done [9/10] Fetching pfSense-default-config-serial-25.07.r.20250715.1733.pkg: . done [10/10] Fetching pfSense-repoc-20250520.pkg: .......... done Checking integrity... done (0 conflicting) [1/10] Upgrading unbound from 1.22.0_1 to 1.23.0... ===> Creating groups Using existing group 'unbound' ===> Creating users Using existing user 'unbound' [1/10] Extracting unbound-1.23.0: .......... done [2/10] Upgrading pfSense-repoc from 20250419 to 20250520... [2/10] Extracting pfSense-repoc-20250520: .. done [3/10] Upgrading if_pppoe-kmod from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [3/10] Extracting if_pppoe-kmod-25.07.r.20250715.1733.1500029: .. done [4/10] Upgrading pfSense-boot from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [4/10] Extracting pfSense-boot-25.07.r.20250715.1733: .......... done [5/10] Upgrading pfSense-pkg-System_Patches from 2.2.21_1 to 2.2.21_2... [5/10] Extracting pfSense-pkg-System_Patches-2.2.21_2: .......... done [6/10] Upgrading pfSense-pkg-Nexus from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [6/10] Extracting pfSense-pkg-Nexus-25.07.r.20250715.1733: .......... done [7/10] Upgrading pfSense-kernel-pfSense from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [7/10] Extracting pfSense-kernel-pfSense-25.07.r.20250715.1733: .......... done [8/10] Upgrading pfSense-base from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [8/10] Extracting pfSense-base-25.07.r.20250715.1733: ... done ===> Keeping a copy of current version mtree ===> Removing schg flag from base files ===> Extracting new base tarball ===> Removing static obsoleted files [9/10] Upgrading pfSense from 25.03.b.20250515.1415.1500029 to 25.07.r.20250715.1733.1500029... [9/10] Extracting pfSense-25.07.r.20250715.1733.1500029: .......... done [10/10] Upgrading pfSense-default-config-serial from 25.03.b.20250515.1415 to 25.07.r.20250715.1733... [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733: [10/10] Extracting pfSense-default-config-serial-25.07.r.20250715.1733... done Failed
    • I

      NAT broken after Reboot

      Watching Ignoring Scheduled Pinned Locked Moved NAT
      14
      0 Votes
      14 Posts
      596 Views
      P

      @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself!

      Hopefully your setup will remain stable going forward.

    • JonathanLeeJ

      Port 0 and IPv4 Great... but hey what about IPv6 or inet6?

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling port 0 pfctl -sr inet6 ipv6 acl
      15
      0 Votes
      15 Posts
      284 Views
      JonathanLeeJ

      @johnpoz This even does this with the newest CE edition inside of UTM virtualized environment outside of the 2100s

      Screenshot 2025-07-17 at 10.15.51.png

      It is not just the 2100s this is set up for standard stuff everything else works with it just the status page

    • L

      Gateway monitoring still not OK

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      22
      0 Votes
      22 Posts
      495 Views
      dennypageD

      @stephenw10 said in Gateway monitoring still not OK:

      I would still expect to have seen dpinger try to ping and show loss rather than pending.

      /etc/inc/gwlb.inc:

      // dpinger returns '<gwname> 0 0 0' when queried directly after it starts. // while a latency of 0 and a loss of 0 would be perfect, in a real world it doesnt happen. // or does it, anyone? if so we must 'detect' the initialization period differently..
    • N

      [2.8.1.b] Multiple limiter issue

      Watching Ignoring Scheduled Pinned Locked Moved Development
      11
      0 Votes
      11 Posts
      447 Views
      stephenw10S

      Ah OK I see, the names threw me!

    • T

      Reboot gets stuck at "Installing Nvme Lens"

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgate® Hardware
      13
      0 Votes
      13 Posts
      295 Views
      T

      @stephenw10 Thanks for letting me know there were backend issue, I think it would be helpful if Netgate posted an announcement when there are issues, maybe some details, and an ETA to restore service.

      It would save a little headache for some of us.

    • mav3rickM

      OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN
      12
      0 Votes
      12 Posts
      134 Views
      M

      @mav3rick said in OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances:

      So setting openvpn to bind only to the CARP VIP works fine for me

      Multi-WAN with HA there?
      If so, it would be a better idea to run openVPN server on localhost instead.
      This would allow it to receive connections from all WANs.

      No need to select a VIP, just forward packets from the WANs VIPs to localhost.
      You can use DNS, thus the client would connect to the WAN that is UP.
      Or
      You can use two remote entries in the .ovpn, with timeout lets say, 2 seconds.

      Then, just create the NAT rule to access the firewall-2, using the SYNC address as previously mentioned.

    • S

      route everything through openvpn connection: issues with interface active

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN
      11
      0 Votes
      11 Posts
      155 Views
      S

      @viragomann I lost oversight. The customer edited stuff on his own ... and wrote he succeeded by adding fw rules and policy-based-routing. Sounds like overkill a bit, but ok if he's happy.
      I have to accept that this box is out of my control somehow now ;-)

      thanks for your help. I might report back if I get access again and see things.

    • JonathanLeeJ

      pfsense-tools.git clang gcc

      Watching Ignoring Scheduled Pinned Locked Moved Development clang gcc pfsense-tools
      11
      0 Votes
      11 Posts
      127 Views
      JonathanLeeJ

      Screenshot 2025-07-18 at 15.25.50.png

      It works I had to adapt the make file again USES= tar:tgz for it to make install clean. I have to update the pr now

      it comes with ROCK too!!!!

    • P

      Wireguard site to site tunnel with GNAT

      Watching Ignoring Scheduled Pinned Locked Moved WireGuard
      9
      0 Votes
      9 Posts
      102 Views
      P

      @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

      I will try and do some packet capture to see if that reveals anything.

    • C

      FreeBSD apps to load behind pfSense?

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
      9
      0 Votes
      9 Posts
      193 Views
      S

      There also may be other approaches such as redirecting DNS to a VM on LAN, similar to:
      https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

    • w0wW

      New PPPoE backend, some feedback

      Watching Ignoring Scheduled Pinned Locked Moved Development
      225
      0 Votes
      225 Posts
      32k Views
      L

      @RobbieTT

      Be aware that I am not at all saying that a user can directly access the ISP-node, but I am sure that PPOE interface can !!

      Whats ever I it helps, I am absolutely OK to activate PPOE debug logging for a short period!

      Note that my actual config is like this
      ISP => ISP-fiber-interface => one of my small switches => pfSense.

      Internet should arrive via VLAN 6, IPTV via VLAN4 and (Old) VoIP via VLAN7.
      Untagged routed to vlan1 and vlans (internet) are routed to pfSense.

      I did add vlan1 to be quite sure that even untagged messages are passing to pfSense. Normally I would simply have blocked untagged. However the PPPOE is assigned to VLAN6.

    • P

      pfSense® CE 2.8.1 Beta Now Available!

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      9
      6 Votes
      9 Posts
      597 Views
      S

      @SteveITS said in pfSense® CE 2.8.1 Beta Now Available!:

      Release notes?

      https://docs.netgate.com/pfsense/en/latest/releases/2-8-1.html

    • O

      pfsense-ce 2.7.4 SSH server: how to config ClientAliveCountMax and ClientAliveInterval

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sshd
      17
      0 Votes
      17 Posts
      793 Views
      stephenw10S

      It's not a bug because that's the expected behaviour. You could consider it a missing feature if you need to make changes there. Open a feature request: https://redmine.pfsense.org/

      This is the first time I've seen anyone ask about it in 10 years though so it's clearly not a huge problem.

      You could just patch the file to create the config with the values you need then carry that as a custom patch in the patches package.