@bimmerdriver said in ipv6 disable on Pfsense: Microsoft, as much as everyone likes to bash them, has embraced IPv6 since the Windows 7 Actually, XP SP3 almost fully supported it. There was some minor thing that didn't work, but it didn't have much effect overall. I know it worked fine for me. My first Android phone, a Google Nexus 1 also supported IPv6 and my current Pixel 2 even has IPv6 tethering, with a full /64 prefix.

The quality value shown in brackets denotes the accuracy of the timecounter source which is why HPET was chosen by default. That can be a problem when all the hardware is virtual, some may be virtualised better than others for whatever reason. I can't really advice you on KVM settings directly. I would think anything that is different to the host CPU is going to require more processing from the hypervisor. Passing CPU cores directly to the VM is probably better. But as I say I don't use KVM so that's speculation. I'm sure there are others here who can give better advice there. Steve

Yeah my guess but can not seem to find it in the conf is this ssl.dh-file="{path to dhparams.pem}" So not sure what its using if not called out? To be honest this isn't really that big of deal - other than people doing such scans and thinking the problem is pfsense ;) hehehe I set up pfSense and I was checking for general vulnerabilities. No where did he mention installed "optional" packages xyz, and abc, etc..

Yeah, I called them 10 minutes before you did and straightened them out for you.

Then just change your wan from dhcp to static and put in the info.. You will have to create the gateway then, etc.

Thanks, this seems to be a good assistance. :-) Will try to adapt this to my issue in the next couple of days. As i said, im not into web/Http/html and so one. Maybe, i will ask for help one more time .

@Jawhead said in MTU Settings: @JKnott Hi It's not working, the MTU I set on port 3 is 1400, but when I check on Status-->Interfaces It's still 1500. Take note I rebooted the firewall after changing the MTU. I expect that's due to the MTU being set on the NIC, not in FreeBSD. If so, you're trying to set the same hardware to different MTU. I don't know enough about the network stack to say for certain.

@Lumberjack said in DNS Resolver (unbound) not updating ?: ...whut ?! thats not even enabled? Hummm. This rings a bell to me. An issue that was solved a couple of updates ago ... emptying the dhcp leases file when dhcpleases process is shut down. You 'missed' that upgrade I guess ^^

https://www.freebsdfoundation.org/donate/

@koko_adams said in Best rules to best protection in WAN and LAN Interface: @NogBadTheBad By default Internet -> WAN would be blocked by the default deny rules. What is the default deny rules ? Block everything, by default, the rule isn't visible.

@viragomann said in NAS nicht erreichbar bei aktivierter VPN Verbindung: Was mir hier Sorgen bereitet, ist, dass das NAS so sämtlichen Upstream Traffic über den VPN-Server schickt. Das sollte nicht sein. Daher "–route-nopull" setzen, die Kommunikation zwischen den beiden NAS wird dennoch funktionieren. Ok, Danke Dir.

Figured as much - thanks for clarification... Prob not a top priority item ;)

Thank you for the inputs guys really appreciate it, for the meantime, I just disable the public access and push to use OpenVPN instead.

no i dont thing so i could update and install just fine from cli!!!it was just after the pfbkocker-devel update before that it was working just fine i dont know that is what actually caused the problem because i updated pfblocker and left then came the next day ours apart and tried to install another package but couldnt. Tried the same package from cli and it installed just fine. i could pkg update no errors and pkg upgrade no errors only on the webgui it was not working.

@19Giugno said in Outbounding traffic from LAN: adding the pfsense as DNS to the machines make the job! Not adding - ONLY!! You can not point multiple dns that do not resolve the same stuff or your going to have a bad day.

Le sujet était : mettre en place un portail captif [...} envoyer les voucher par Mail/SMS [...] récupérer l'adresse mail, le nom ou le numéro de téléphone [...] en cas de fraude Question super complexe : Si vous faites saisir le mail, et que l'utilisateur récupère le code envoyé à l'adresse mail et accède au réseau puis fraude, avez vous authentifié l'utilisateur ? Réponse encore et toujours plus complexe : NON, BIEN EVIDEMMENT ! Vous avez juste et au mieux récupéré une adresse mail ! (vous pouvez remplacer mail et adresse mail par téléphone et SMS, c'est pareil. Quand au nom qui sera saisi par le 'fraudeur', je peux le donner par avance, ce sera 'dugland' !) Vous n'avez jamais entendu le mot "pseudo" ? l'adresse mail jetable ? On croit rêver ! Cette question, parfaitement simple, qui part juste de l'énoncé, et que j'ai pu imaginer car j'ai fait Polytechnique, montre que la question est assez STUPIDE ! Alors cessez de prendre les autres pour des imbéciles et fermez un peu vos gueules ... C'est fini, pour moi, de parler aux cons ...

So odd - yup see this on recent.. have it blocked specific in that section, and then overall all set to ignored.. Hmm? Oh wait that is not watching... But I have the parent set to ignored... Will go through all of them again and make sure ignored. Oh that was that specific thread, yeah have set to ignored... hmmmm?

Thanks for your help. After a couple of calls with the ISP they found the problem on there site :)

Just gone through the logs and can't see anything around the time where I received the swap errors

Wir haben das ganze bei verschiedenen Kunden ja auch im Einsatz, in dieser oder ähnlicher Konfiguration und nirgends mit der Telekom Probleme außer Packet Loss etc. aber keine Hohe Latenz bei so gut wie keiner Last. Und dabei ist es egal ob wir hinter Routern, FritzBoxen oder Modems stehen. Daher irritiert mich das Problem sehr und schon allein weil die Konfiguration nicht unüblich ist würde das IMHO viel häufiger hier aufschlagen, wenn es ein generelles Problem wäre. Deshalb habe ich da eher die Verkabelung (ggf. auch Verkabelung der Dose oder des DSLs) in Verdacht als die Software Seite. Ansonsten wäre eigentlich nur noch Hardware der pfSense (also Interfaces o.ä.) denkbar, was aber auch seltsam wäre. Gruß

@Rico none of these units are in a corp environment. Nothing wrong with USB nics other than learning experience. Also would never use anything less than USB 3.0 on USB3.0 ports. Just another path.

Just an update here for anyone who's interested/following I seem too have fixed all my issues now the only thing i need too do too finish setup is move the the xboxs from a strict nat to a open nat What was the problem with the local upnp? Quote from Wikipedia "IGMP snooping and reliability If IGMP snooping is enabled on a switch, or more commonly a wireless router/switch, it will interfere with UPnP/DLNA device discovery (SSDP) if incorrectly or incompletely configured (e.g. without an active querier or IGMP proxy), making UPnP appear unreliable. Typical scenarios observed include a server or client (e.g. smart TV) appearing after power on, and then disappearing after a few minutes (often 30 by default configuration) due to IGMP group membership expiring." What was wrong with Network Discovery? im sorry i cant confirm what actually fixed this its been a combination of enabling different thigs and trial and error reading the net and watching videos it mainly seemed too be services stopped and features disabled (possibly from an windows update) What was wrong with xbox upnp? This was solved as soon as i fixed the upnp locally Thanks everyone for the replys and tips it might not have seemed like it but they helped alot

None of these warrant individual threads. I merged them all. None of these are specific to pfSense. They are between your hardware and FreeBSD. Take this to FreeBSD.

Success! Tried it out live now. Shutdown machine #1. Branch Office lost its connection to the Main Office for about 10 seconds. This is OpenVPN reconnecting. After OpenVPN peer-to-peer reconnected. Resolving from AD DNS works! TIL: So, multiple domain overrides is the way to go for internal name resolution in this scenario with AD DNSs. Goal achieved with HA, AD DNS and OpenVPN peer-to-peer. Branch Office is not a sitting duck when Main Office is not available. Normal DNS function maintained. Branch Office AD DNSs reach-ability is kept when HA is failed over. Kudos to all! Brgs,

There are some features that want it to run all the time for yes.. The big one for me is information!!! Easy to see who is on, what AP they are connected too, how much bandwidth they are using.. History of such info, etc. etc I blocked out part of my ssid names... It is possible to look up location based upon war driving db on where a specific SSID is, etc. I just updated the AP to current beta firmware, which is why the connected times are no longer than a day, etc. The controller provides a wealth of information, which can just be interesting or can be invaluable in troubleshooting an issue, etc. etc. But sure the captive portal stuff could just be run on pfsense..

Mostly likely it lost power and hence whatever was in the RAM disks at that time. Yes the data is written to permanent storage when it is shutdown gracefully. Steve

@Taz79 said in Can SG-1100 running on 12V battery supply?: It would be fun to know what voltage tolerances the SG-1100 board could handle though (due to design). 13V The Z-Diode at the input limits it. Then there's the 470µF/16V capacitor in parallel. See page 6 in the schematics (this is a v5 schematic, SG-1100 is v7, though) I'd use something like a 1N5400 diode in front of the device. That can handle 3A and has a forward voltage (drop) of 1,0V to 1,2V. The board itself has "Less than 1W thermal dissipation at 1 GHz". That's as much as you'll have on the 1N5400 alone... or damn effective.

I suppose its a possibility. This is a Atom C2758 board thats been on constantly for several years. Maybe..

i had this issue as well. i ended unchecking allow dns server list to be overridden by dhcp checking. do not use dns forwarder/ dns resolver as a dns server. then under services > resolver. i turned OFF DNSSEC support. no issues ever since

@dotdash said in Dual WAN Failover with 1 WAN port, is it possible?: @pfrickroll said in Dual WAN Failover with 1 WAN port, is it possible?: I even tried plugging it in in WAN port on pfsense with and turn on DHCP but nothing says "unknown". When i connect laptop into LAN port on hotspot everything works fine. If it doesn't work on the physical WAN port then there's something wrong besides the vlan configuration. Not sure why it would work on a laptop but not on the firewall. Maybe try setting wan to dhcp, connecting wan to the hotspot, and rebooting pfsense. If you can get that to work, then try it on the vlan'd switch port. The router just died today. Power LED keeps blinking and all LAN ports don't respond. I didn't even use it yet, going to return it.

for all 4 of those IPs?

@jimp said in NICs not detected on Watchguard XCS (Call This Solved): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235147 Done. Thanks Jimp! https://redmine.pfsense.org/issues/9414

I'd be tempted not to use a celeron mother board. If your looking at building your own tot up the total cost against a SG-3100 pre building one if you cant get a SG-1100. I've dealt with Amica in the UK when I purchased my SG-4860 and they were great to deal with.

It still should work be default in 2.3.5 but, yeah, if you've found some edge case that somehow doesn't it's not going to be fixed there ever. Steve

OK, so that's not too unusual. The transition for 2.4.4->2.5.0 users will be a lot smoother. We wanted to make 2.4.5 users manually opt in because we didn't want someone who was relatively stable on 2.4.5 to click the auto-update to 2.5.0 and break. I split off individual threads from the 2.5.0 announcement thread, so others can see them easier, which is why this is its own topic now.

Then post what you have because it most certainly does work.

I too would see the "Looks like your connection to Netgate Forum was lost, please wait while we try to reconnect." message, but only if I let the browser window fall to the background (while doing something else). As soon as I came back to the forum, the message would stay briefly, and then disappear! (I would never have to log in again though) Was using Firefox/Windows 7, but since switching to Linux Mint 19.1/Firefox, have not seen the message.

Awesome, have just raised https://go.netgate.com/support/tickets/24064 We just bought 6 x XG-7100 1U - so yes, keen to see if we can get the units working.

Bonjour, Voici les dernières infos J'ai fait un test, j'ai remis les paramètres WAN d'origine de ma PFSENSE principale. Ce coup-ci je ping bien vers l'extérieur depuis l'outil Ping mais pas d'accès au net. Et si je remets les autres paramètres WAN, j'ai de suite accès au net. Vraiment bizarre...

@stephenw10 Well I was thinking of it but now I realize I can't. My MB does not have a x4 port and I cannot use the x16 for anything other than video (older MB). So I need to find a good x1 NIC and from what I can tell those only come with 1 port.