• Router advertisement not sending default gateway

    IPv6
    13
    0 Votes
    13 Posts
    139 Views
    E

    @patient0
    This is a linux vm running latest openSuSE doing DHCP:

    313127d4-3034-4d66-ac5f-be94c1114359-image.png

    Meanwhile, it seems some IP address leases were in fact working:
    They weren't last night but seems to have kicked in sometimes later.

    a0baca10-75c8-47f8-a590-16b44bccd439-image.png

    They are all for Windows Server VM's running on Virtual NIC's.
    Here they can be seen in the DNS server:
    31387948-d34e-4ff8-8d17-f1563be9a1fe-image.png

  • 0 Votes
    19 Posts
    1k Views
    E

    @dennypage Hasn't been a problem.

    loopstats.jpg

  • 0 Votes
    2 Posts
    23 Views
    S

    @JonathanLee We disable the stream alerts as I recall. Lots of false positives.

    Have seen the direction one, I suspect it’s a side effect of the legacy processing mode which looks at copies of the packets.

  • pimd

    General pfSense Questions
    1
    0 Votes
    1 Posts
    18 Views
    No one has replied
  • Gateway monitoring still not OK

    Plus 25.07 Develoment Snapshots
    1
    0 Votes
    1 Posts
    19 Views
    No one has replied
  • Nvidia NIC driver ^tx checksum and tso4 issues^

    Hardware
    1
    0 Votes
    1 Posts
    10 Views
    No one has replied
  • PIMD loosing multicast sources

    General pfSense Questions
    34
    1 Votes
    34 Posts
    2k Views
    L

    @maximushugus

    I tried to compile pimd for actual FreeBSD15 current, however I am facing issues which I can, given my limited knowledge of c, git and pimd internals, not solve.

    At least I did not manage that up to now despite significant effort.

    starting a tool like ^script^ and then compiling the source etc, you can see the warnings and some errors in the script generated file. In the file warnings and an error

    related to e.g. not longer supported macro's and and a fatal error related to ^man^ which should be an absolute path
    I tried to fix the ^man^ error using ^ConfigureOptions="--mandir=/usr/local/share/man",

    That does remove the error but not in such a way that there are man8 packages in the stage directory / distribution file or package.

    For that reason I did build a package without man files, and installed that pimd package on actual pfSense plus version.
    It does not work. Main problem it can not find the interfaces see pfsense systemlog

    I would have prefered to test on a fresh pfSense system, however netgate does not make an iso available :( I do not like that, however I do understand netgate!

    Troglobit has a significant newer pimd version ^pimd-dense^ which can perhaps been an pimd alternative.
    I do not know the difference in functionality!

    So ^we have a problem^ !!

    Some options:

    support from someone with higher c and git knowledge able to solve the actual warnings and man issue in the code try to compile pimdd which because more recent probably has less compile issues and perhaps even has a freebsd ports creating a couple of VM's with the media player. One for each VLAN which needs media files
  • crowdsec

    pfSense Packages
    30
    0 Votes
    30 Posts
    849 Views
    dennypageD

    @Zermus said in crowdsec:

    It's a shame Elastic took their stuff in house and ELK stacks are no longer free. Tom Lawrence's (https://www.youtube.com/@LAWRENCESYSTEMS) videos convinced me that I should go over to Graylog Open on my personal stuff when that happened and I'm happy with it.

    I always viewed ELK as overly complicated. Graylog is much more manageable, although the console isn't as nice. Work in progress.

  • 1 Votes
    60 Posts
    10k Views
    R

    pfSense CE is based on an open source project and thought that this would come come some moral obligations. I understand that it may not be a legal obligation to offer a stand-alone installer, and I assume that the source code is public tot he degree required. I no longer pay attention to this as the source has never been in a form where it could be compiled by a user.

  • Blocking of Discord

    pfBlockerNG
    1
    0 Votes
    1 Posts
    25 Views
    No one has replied
  • Kea DHCP stops working

    DHCP and DNS
    62
    0 Votes
    62 Posts
    12k Views
    C

    Netgate 3100, 24.11-RELEASE (arm)

    Hi,

    Networking newbie here. Wow, that was scary! The network access for all the members in our coworking space went down when KEA DHCP spontaneously died. This required a panicked emergency rush to figure out what caused this sudden network access meltdown smack in the middle of a business day. No error messages at all in the DHCP system log to provide any guidance.

    We transitioned from the old ISC to KEA because of a message encouraging us to do so due to ISC deprecation. "Kea DHCP is the newer, modern DHCP distribution from ISC that includes the most-requested features."

    Just goes to show that newer can be way worse, even when the vendor you trust is pushing you to do so. Rock-solid reliability, "No alarms and no surprises" should be the expectation in a business router. I have to say that my faith in Netgate/PfSense has been shaken.

    It occured to me that something like this could affect other subsystems. Eg, OpenVPN has to dynamically assign IPs to clients. It appears that OVPN handles this independently from DHCP via the "IPv4 Tunnel Network" setting, is that correct? If not, then if DHCP goes down that could jeapordize OVPN and any other services that might to require DHCP for assigning IP #s dynamically, no?

    If OVPN were to be dependent upon DHCP, then a downed DHCP would jeapordize remote access via OVPN, and consequentially remote troubleshooting. Which would argue for also keeping an SSH connection on to the outside world in addition to OVPN, so as to ensure remote access availability to the router, no?

    Are there other remote access services that one should be concerned could be affected by the abscence of DHCP?

    Gong back to ISC to avoid nightmares...

  • 0 Votes
    11 Posts
    197 Views
    johnpozJ

    @plicplic yeah when you block all IPv6 it creates those hidden block all IPv6 rules. And yeah most likely going to create a lot of noise in the logs.

    Those blocks your still seeing to to 224.0.0.22 are multicast with ip-option set but not allowed - you could change your rules to either create one that blocks but doesn't log, or your allow rule to allow ip-option being set

  • KEA DHCP error - Error 9502: Bad DNS packet.

    DHCP and DNS
    7
    0 Votes
    7 Posts
    110 Views
    johnpozJ

    @Gertjan those 3 name server might be just his isp dns.. that first on is fibreop and the others are aliant - which are the same isp - with the fibre one being for their FTTH.

    Yeah if you want to use those - you should have unbound forward to them - but I see little benefit to forwarding for dns, just let unbound resolve is better option imho.

  • DNSBL_Malicious not downloading

    pfBlockerNG
    6
    0 Votes
    6 Posts
    171 Views
    provelsP

    I see the same issue on my end in Pihole. I can load the list in a browser, but not by updating. I added your chosen list and fails. Really no idea why. Limiting connections at the far end to monthly? Dunno.

    090db581-7840-4519-8763-2c2907f40ed0-image.png

  • Snort VS Suricata

    IPv6
    1
    0 Votes
    1 Posts
    52 Views
    No one has replied
  • Squidproxy + SquidGuard (Configuración)

    Español
    5
    0 Votes
    5 Posts
    387 Views
    JonathanLeeJ

    @semara turn x forward mode off unless this is behind another router or something.
    If you want transparent no certificates turn off ssl intercept

  • Unbound Keeps restarting

    DHCP and DNS
    13
    0 Votes
    13 Posts
    505 Views
    E

    I too am seeing this exact issue across two fresh installs of 2.8.0 on different hardware. I think this is the root of a few issues that have been reported including this one:

    https://forum.netgate.com/topic/197613/pfsense-ce-2-8-0-kea2unbound-causes-high-cpu-load-even-when-dns-registration-is-disabled/2?_=1749683895535

    Is this not a clear bug if kea2unbound is being invoked when dns registration and early dns registration are deselected? or is this intended to always restart unbound at random? I'm seeing the same logs and same symptoms with /var/unbound/leases/leases4.conf empty. Happy to provide any information needed as this is very disruptive.

  • IP Blacklisted

    Forum Feedback
    2
    0 Votes
    2 Posts
    86 Views
    johnpozJ

    @microserfs and what IP was that - clearly your current IPv6 address is not block that I show you connected with.. And the only other IPv4 I see you using is not blocked.. You would have to let me know what IP you were coming from that was blocked.. Send it to me via PM if you don't want to make it public.

  • 1 Votes
    10 Posts
    2k Views
    JonathanLeeJ

    @JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system:

    ln -s -F /nvme/LOGS_Optane/snort /var/log/snort

    Also you can do this with suricata.

    /var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata
  • Snort and GIF0 for HE tunnel broker

    IDS/IPS
    9
    0 Votes
    9 Posts
    99 Views
    JonathanLeeJ

    @SteveITS It looks like it is detecting ipv6 better

    already is showing alerts

    Screenshot 2025-07-12 at 10.39.56.png

    It sees some ipv6 going to my interface. Again snort also would spot stuff every once a a while. My son got a bad bug on his tablet and it had a Russian email server running I checked it on virus total and it was spot on as malware known abuses so I reported it