Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Recent
    Log in to post
    • All categories
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • D

      PMP-NAT on Carp interface
      NAT • • dsmith10

      2
      0
      Votes
      2
      Posts
      256
      Views

      I

      @dsmith10 Has anyone ever found the solution to this? I'm running into the same issue. Tailscale can't port translate automatically because we have a CARP IP for our LAN's gateway.

    • H

      Remote Access / TLS + User Auth - Connection up but no LAN
      OpenVPN • • hispeed

      12
      0
      Votes
      12
      Posts
      106
      Views

      J

      @hispeed What rules do you have on the OpenVPN interface?

    • J

      pfSense on vm for remote acccess using vpn
      General pfSense Questions • • jolu_itsme

      6
      0
      Votes
      6
      Posts
      26
      Views

      stephenw10

      Yup, can be a VLAN. pfSense treats a VLAN the same as any other interface.
      It can even be something obscure like PPPoE. Though I would not recommend that unless you have no other choice. 😉

      Steve

    • S

      pfSense email flood issue
      General pfSense Questions • • Samlink

      19
      0
      Votes
      19
      Posts
      364
      Views

      stephenw10

      Check the file: /var/db/notices_lastmsg.txt

      That file should store the last message sent and prevent sending the same message twice.

      Steve

    • R

      iperf3 on pfsense server (slower) different to client (faster) - Why?
      General pfSense Questions • • rwillett

      4
      0
      Votes
      4
      Posts
      35
      Views

      johnpoz

      @rwillett said in iperf3 on pfsense server (slower) different to client (faster) - Why?:

      Interestingly I didn't get much better throughput on the Macbook client with 5 threads.

      Well this is pretty maxed out for gig connection already.

      7] 4.00-5.00 sec 111 MBytes 935 Mbits/sec [ 7] 5.00-6.00 sec 112 MBytes 935 Mbits/sec

      So no you prob wouldn't see much better than that ;)

    • C

      CREATE RULE NAT OVER OPEN VPN SITE TO SITE TUNNEL
      OpenVPN • • charneval

      5
      0
      Votes
      5
      Posts
      97
      Views

      V

      @charneval said in CREATE RULE NAT OVER OPEN VPN SITE TO SITE TUNNEL:

      The public ip address of the site A is : 92.245.173.212 and I create a nat rule from any to the port 8080 of the nas 172.16.9.240 connected in the site B.

      So at site A you have a port forwarding rule for destination WAN address 8080 to 172.16.9.240 8080, correct?

      If you don't need any information about the origin source address, you can simply masquerade the packets at site A.

      Are both VPN endpoints pfSense and are both the default gateway in their respective local network?

    • B

      WAN_DHCP6 pending / unknown and dhcpv6 server not working
      CE 2.7.0 Development Snapshots • • bimmerdriver

      17
      0
      Votes
      17
      Posts
      864
      Views

      B

      @nedyah700 said in WAN_DHCP6 pending / unknown and dhcpv6 server not working:

      @nedyah700 said in WAN_DHCP6 pending / unknown and dhcpv6 server not working:

      @bimmerdriver I tried a past development release of 22.05 and had the exact same issue you are experiencing. Traffic flows without any issue but the gateway shows pending. I rolled back when I noticed the issue and haven't tried since.

      I also have "Do not wait for a RA" and "Request only an IPv6 prefix" selected.

      @bimmerdriver and @jimp I would also add that my Gateway / Monitor IP is an fe80, link-local, address. I swear I remember having this issue a year or so ago and it was resolved with an update.

      In my situation, it has always been the case the gateway address is a link-local address. That does not cause a problem on 2.6.0 and it didn't cause a problem on 2.7.0 up to the point where this regression was introduced. As I pointed out above, I think this problem is related to the missing file /tmp/hn0_defaultgwv6.

    • L

      "Google 1e100 addresses" & Google invaled certificates "Common Name invalid2.invalid"
      General pfSense Questions • • louis2

      2
      0
      Votes
      2
      Posts
      13
      Views

      stephenw10

      Certificate errors have nothing to do with blocked traffic entries in the firewall log, which is what I assume you are referring to.
      TCP ack flagged traffic like that is blocked when the state that initially allowed it has been closed. You would expect to see some blocked traffic like that in a normal firewall.

      https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

      Are you running Squid?

      Steve

    • H

      Incorrect bandwidth monitor values
      General pfSense Questions • • hvr-lust

      21
      0
      Votes
      21
      Posts
      180
      Views

      stephenw10

      Hmm, do you see an outbound state for the openvpn traffic on vmx1?

    • D

      Firewall Rules Creation
      Documentation • • daboomer

      1
      0
      Votes
      1
      Posts
      8
      Views

      No one has replied

    • B

      Issue with throughput with X710-DA2 and PFsense 2.6
      Hardware • • bawoodruff

      1
      0
      Votes
      1
      Posts
      5
      Views

      No one has replied

    • F

      Connessione persa
      Italiano • • Falassion

      2
      0
      Votes
      2
      Posts
      63
      Views

      kiokoman

      @falassion
      potrebbe essere che il modem /router perde la connessione, rilascia il dhcp e poi o non lo rinnova o pfsense non riesca più a rinnovare, bisognerebbe vedere i log ma se non hai niente tra il modem e pfsense ti conviene impostare un ip statico nella wan di pfsense anzichè usare dhcp e vedere se la situazione si ripresenta

    • S

      Problema OpenVPN con MFA
      Italiano • • Saint 0

      2
      0
      Votes
      2
      Posts
      59
      Views

      kiokoman

      @saint-0
      io in ufficio ho la 2.5 con freeradius e mfa con google e funziona da un anno a questa parte, c'e' un solo utente che ogni tanto fa fatica e deve riprovare più volte prima di riuscire ad autenticarsi ma sinceramente non ho avuto ancora tempo di indagare sul perchè. volevo aggiornare alla 2.6 quindi se scopri qualcosa o che è un bug facci sapere !

    • C

      openvpn .. nesusn collegamento
      Italiano • • claudiove

      7
      0
      Votes
      7
      Posts
      338
      Views

      kiokoman

      @claudiove
      non sei riuscito a fartelo sistemare dal tecnico fastweb ? la cosa è strana perchè uso fastweb + vpn da anni
      l'unica differenza è che non uso il modem che mi hanno fornito loro ma ho l'ip statico direttamente su pfsense. potrebbe essere un bug o qualche servizio attivo nei loro modem?

    • stefano1856

      Configurare gli Indicatori di Compromissione (IoC)
      Italiano • • stefano1856

      2
      0
      Votes
      2
      Posts
      63
      Views

      kiokoman

      @stefano1856
      non mi risulta, pfsense ha strumenti per prevenire ma non per indagare su data breach già avvenuti, liste di spammer aggiornate probabilmente sono già presenti in snort / suricata o nelle liste di pfBlockerng

    • F

      Configurazione nuovo Netgate con 2 WAN, inizialmente ok, poco dopo ko
      Italiano • • fisch88

      2
      0
      Votes
      2
      Posts
      88
      Views

      kiokoman

      a me sembra tutto giusto dalla configurazione postata,
      in entrata hai le porte del centralino che nattano verso 172.16.0.160
      la 443 sulle 2 wan nattano verso nextcloud
      in uscita nella lan hai tutto aperto alla fine e finchè non funziona tutto va bene così
      come sono configurate le interfacce? forse c'e' qualcosa li o sulla tabella di routing
      non c'e' niente nei log?

    • W

      HAPROXY: backend change has no effect
      Cache/Proxy • • wickeren

      4
      1
      Votes
      4
      Posts
      295
      Views

      W

      Still present in HaProxy-devel 0.62_10. While workaround is simple indeed (disable backend, save and enable backend, save) it’s still annoying and I don’t understand what’s exactly happening here.

    • R

      Issue accessing certain websites
      Routing and Multi WAN • • russm

      20
      0
      Votes
      20
      Posts
      38
      Views

      R

      Initial tests are good. I'll reconfigure the VLANs this way tonight.

    • E

      Unable to connect to different networks with OpenVPN!
      OpenVPN • • enesas

      6
      0
      Votes
      6
      Posts
      44
      Views

      V

      @enesas
      Is pfSense which is running the OpenVPN server the default gateway in the local network or is there another default gateway?

    • E

      pfsense IPv6 (Netcom Kassel) - bekomme IPv6 Adresse aber nicht am Client
      Deutsch • • enJOyIT

      15
      0
      Votes
      15
      Posts
      759
      Views

      E

      @exponentialverteilt

      Vielen Dank für deine Rückmeldung! :-)

      Wäre es möglich, dass du deine WAN-Konfiguration postest (nur um sicher zu gehen, dass ich nicht irgendwo einen Haken vergessen habe)? Vielleicht wage ich nochmal den Versuch, bevor hier Glasfaser liegt :)

      Danke!

    • N

      Some websites don't load, but all get through the ISP router
      General pfSense Questions • • nhsep

      5
      0
      Votes
      5
      Posts
      83
      Views

      stephenw10

      @nhsep said in Some websites don't load, but all get through the ISP router:

      if I switch over one of my computer's interfaces to point directly at the ISP router not only can I get out, but I get a real response.

      As @johnpoz said this statement raises questions!
      What exactly are you doing to 'switch over'?

      It implies you might be simply re-configuring it to use the pfSense IP as it's gateway rather then the ISP router. If that is the case and they are on the same subnet then you almost certainly have an asymmetric route which would explain the failure you're seeing entirely.

      https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html

      Steve

    • L

      Website Unable to Connect Error
      DHCP and DNS • • LPD7

      4
      0
      Votes
      4
      Posts
      155
      Views

      L

      @steveits Not sure if I resolved yet as had mem issues that had to be fixed, I did start adding sites manually to a white list which seems to solve some problems but not yet all. Am going to swing back around and see if I can get more info to share and hopefully resolve.

    • F

      Virtual Address Pool in Pre-Shared Keys is not used for IPSec
      IPsec • • flobernd

      8
      0
      Votes
      8
      Posts
      512
      Views

      K

      @keyser Just bumping this thread out of Interest.

      Does anyone know if making IPsec Road warrior “usable” in larger corporations is actually on the roadmap from Netgate, or will it just be stranded at “one pool, one ruleset for all VPN users” going forward?

      The Framed-IP-Address is not a solution in larger networks due to the massive maintenance issues it brings.

    • J

      Custom Options (SSL/MITM) best settings for local cache ?
      Cache/Proxy • • JonathanLee

      1
      0
      Votes
      1
      Posts
      8
      Views

      No one has replied

    • M

      IGMP Proxy for IP-TV
      General pfSense Questions • • MisterDeeds 0

      4
      0
      Votes
      4
      Posts
      79
      Views

      stephenw10

      Those firewall logs are all blocked ACK traffic to connections that have already closed. Not a problem:
      https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html#troubleshooting-blocked-log-entries-for-legitimate-connection-packets

      So did you have pfSense in place when you were using the USG-Pro?

      Either way I'm not really sure how you can pass multicast through the UXG-Pro with or without pfSense.

      Steve

    • M

      PPPoE Verbindung, Ping geht aber kein Internet
      Deutsch • • muetom

      7
      0
      Votes
      7
      Posts
      49
      Views

      M

      @viragomann

      Es war ein DNS Problem.
      Habe ich zum Glück lösen können.

      Vielen Dank für die Kommentare

    • B

      Traffic is not re-routed over secondary internet connection (PPPOE), once it returns from being down.
      Plus 22.05 Development Snapshots • • BNetworker

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • S

      Unable to upgrade from 22.05.b.20220523.0600
      Plus 22.05 Development Snapshots • • swampkracker

      7
      0
      Votes
      7
      Posts
      31
      Views

      S

      Yes. System has 8GB of RAM with only 4% in use.

    • S

      100% CPU unreachable router - squealing fans and burning hot case (randomly)
      General pfSense Questions • • sdok

      5
      0
      Votes
      5
      Posts
      68
      Views

      S

      @stephenw10 log compression off and higher log size seems to have stabilized it.

      Theres about 12 computers in that closet. There is cooling and venting into the closet and the alarm never went off but the case was pretty hot to the touch. Will keep an eye on it. thank you.

    • W

      Erro ao ativar o Squid
      Portuguese • • Wildson Botelho

      1
      0
      Votes
      1
      Posts
      7
      Views

      No one has replied

    • B

      Traffic Shaping / Limiters do not work on 22.05 after upgrade
      Plus 22.05 Development Snapshots • • BNetworker

      4
      0
      Votes
      4
      Posts
      17
      Views

      B

      Oh nice! I didn't see that available, do now! Thanks all!

    • JeGr

      Random crashes "Fatal trap 12: page fault while in kernel mode"
      General pfSense Questions • • JeGr

      11
      0
      Votes
      11
      Posts
      313
      Views

      stephenw10

      One of our developers is looking at this. I have opened a bug report for it:
      https://redmine.pfsense.org/issues/13210

      Steve

    • J

      squidGuard only allow access to whitelist
      Cache/Proxy • • jhaeu90

      2
      0
      Votes
      2
      Posts
      61
      Views

      M

      Hi ,
      after creating the whitelist, create a "myAllowlist" Group ACL
      Within this group in the "Target Rules List" area configure your Target Categories as a "whitelist".

      908e8c6f-bf69-4e8b-befd-9bea2260ae96-image.png

      At the bottom under "Default access [all]" configure as "Deny".

      5f58ee89-7da0-4805-9945-9ff930e81f90-image.png

      Save the configuration and after saving, to make the changes operational, go to "General settings" and press the "Apply" button

      This blocks all traffic except the whitelist.

      I hope it is useful
      Greetings and good work

    • B

      DHCP 169x IP until i reconnect LAN cable or Turn WIFI on or OFF
      DHCP and DNS • • Brian Smit

      4
      0
      Votes
      4
      Posts
      37
      Views

      johnpoz

      @brian-smit said in DHCP 169x IP until i reconnect LAN cable or Turn WIFI on or OFF:

      reuse_lease: lease age 1217 (secs) under 25% threshold, reply with unaltered, existing lease "

      Those are common - leases normally don't start to renew until 50% done. But as the client gets closer and closer to lease expire, it should start screaming for a renew.. Sending them more and more often.

      Once a renew fails - it should send a discover..

      I would watch your logs the next time it happens and look right away, set your log to keep more in the gu.. I think it defaults to only the last 50 entries. I have mine set at 2000.. This should allow you to see more entries.

    • T

      Squidguard Regular Expression
      Cache/Proxy • • TTGest

      5
      0
      Votes
      5
      Posts
      247
      Views

      J

      @ttgest you can also try a regular expression tester online. I found a good one. I was having issues with t.co I wanted it blocked however it would block microsoft.com I had to adjust and test with the regular expression tester. Some basic examples below.

      Screenshot_20220524-072731.png !

      Screenshot_20220524-072641.png!

    • E

      can't update rules suricata
      IDS/IPS • • ezvink

      7
      0
      Votes
      7
      Posts
      163
      Views

      NollipfSense

      @ezvink Why are you using pfSense 2.5 and not 2.6version?

    • S

      Where to submit need feed for pfBlockerNG
      pfBlockerNG • • shoulders

      15
      0
      Votes
      15
      Posts
      388
      Views

      NollipfSense

      @shoulders Cool, thanks.

    • J

      pfSense as initial network filter
      General pfSense Questions • • jarweb

      17
      0
      Votes
      17
      Posts
      219
      Views

      NollipfSense

      @johnpoz said in pfSense as initial network filter:

      https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html

      Thank you John for sharing.

    • X

      Route Wireguard Mobile Client Traffic out Nord(OpenVPN) client instead of Primary WAN
      Routing and Multi WAN • • xxnumbxx

      2
      0
      Votes
      2
      Posts
      45
      Views

      X

      Here is How I configured the Firewall/NAT rules. This even breaks local connectivity other than the pfsense GUI.

      https://i.imgur.com/XYXnC8x.pnglinks.expanse.com

      I have also tried setting the gateway on the firewall rule to NORDVPN and it still fails.

      https://i.imgur.com/TWDi6G7.png

    • T

      PFsense auf ZBOX CI625 nano?
      Deutsch • • toddehb

      3
      0
      Votes
      3
      Posts
      9
      Views

      the other

      Moinsen,
      habe eben auch mal kurz nachgeschaut.
      Wenn die als barebone schon knapp 370 Euro kostet, dann noch RAM und SSD dazu...plus die oft angesprochene Problematik mit den Realtek NICs...
      Ohne jetzt Werbung machen zu wollen:
      du nutzt ja (wie in deinem anderen Beitrag angemerkt) bisher APU2x4 Boards (die haben Intel NICs!)...wenn du unbedingt mehr Leistung haben willst, dann vielleicht zum "Original" greifen, ein 4100er von Netgate ist zwar nochmal etwas teurer, hat aber 4 GB RAM und 16 GB Speicher schon dabei UND ist etwas zukunftssicherer mit 4 x 2,5 GB LAN Anschlussmöglichkeiten...
      Nur als Idee...