@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

maybe my specific board might be slightly different that the ones mentioned in the thread

That's be a possibility of course but on the other hand I would expect that the BIO chip on such an old device is supported by flashrom.

Maybe you can have a look at the board and see if you can find the SPI chip.

@paulvanduijn

Misschien is het al opgelost? Zo ja, post dan hier de oorzaak/oplossing.

Zo nee,

Wat doet een reguliere speedtest met internet vanaf een lokale computer? Er is ook een speedtest package voor pfSense. Heb je een jumbo frames ingesteld op je NAS? Uitschakelen! Is er een "Traffic shaper" ingesteld? Zo ja, verwijderen... heeft praktisch geen positief effect in thuisnetwerken.

@stephenw10 wondering if I can again upload a status up to you? I'm still experiencing some crashing. Thank you

@bmeeks

[ Internet ] | | [ FritzBox Router ] Guest Wi-Fi: 192.168.179.1 | | (WAN port) [ pfSense Firewall ] WAN: 192.168.178.40 LAN: 192.168.1.1 | | [ Access Point / Wi-Fi ] | | [ Phone Device ] IP: 192.168.1.73

As you can see my Fritzbox guest network is on 192.168.179.1. My WAN is on .178.
My pfsense is on 192.168.1.1

I don't know how 179 could reach 178 because the guest wifi in a Fritzbox is completely isolated and I disabled that devices in that network can even communicate with each other.

Which pfSense version? As far as know (since I don't run hyper-v) the issue affects anything built on FReeBSD 14 or newer. So that means you'd ned to go back to 2.6 to be unaffected.

Those warnings are expected after installing pkgs which is what happens at upgrade or a clean install with the net installer. They are unrelated to the connection issues.

@IT_Luke
Is your Enter key broken? The text is pretty hard to read.

@IT_Luke said in IPSec with multiple subnets and BiNAT not NATing a specific network (non local):

So my questions are: Is it not possible to enable BiNAT for a different subnet other than the one the relevant interface is bound to?

No. How should this be natted?
If traffic from the remote site is natted to 172.20.2.0/24 it cannot be natted to 172.20.48.0/24 at the same time.
You would need a second subnet in the phase 2 for this.

However, if you only need access from 172.20.48.0/24 to the remote site, but no incoming from remote, which is the case, I think, you should be able to nat the traffic to a single unused address within the 172.20.2.0/24 subnet.
You have to put this p2 to the top then, so that it is applied before the other one.

@Gertjan The self-generated certificate is there (in "Certificates"). It says: "CA: No" & "Server: Yes" & "In Use: webConfigurator"

The same certificate is also in the dropdown menu in Systems->Advanced and the HTTPS box is selected. I am still not able to access the webGUI via https though...

@crosstheroad said in IPSec problem with one-way traffic flow:

On the 172.16.136.14 VM I have added a static route in the OS for traffic destined for 10.12.105.0/24 to route through 172.16.136.20 (instead of the default gateway 172.16.136.1)
I have also added a static route on the 10.12.105.10 VM since it is connected to multiple networks, but can still only reach the site B pfSense LAN IP address and nothing else on that subnet.

You should at least be able to reach 172.16.136.14, which has the static route set.
If the machine doesn't respond though, it probably blocks access from outside of its local subnet by its own firewall.

@michmoor it is part of the base install, this lets us update it outside of a release

@Gokulapandi said in Not detcting LAN Card:

Thanks , Its worked.

Perfect, thanks for reporting back.

Yeah, same problem here, I was hitting the wall for days, messing with certificates, and it was this exact bug. april 2025 recent pfsense/haproxy devel install, and still nothing.

I set that up on the server site pfSense.

For the peer to peer VPN there is no Client Export, so I assume I have to set up a Server on the other site as well, also in Peer2Peer-Mode? For sure I browse the docs in a minute.

looking forward to solve this ;-)

EDIT: I see, seems I can follow this for example. So not a 2nd server but a specific client config. Will try monday or so.

On 11/04/25 03:47, Jonathan Lee wrote:
Hello fellow Squid users,
Does anyone use pfSense squid package that knows a possible solution to this issue ? I have went as far as to remove all custom config and go to complete splice all and it still occurs with or without cache enabled and or squid guard enabled. It is something I just don’t know how to correct it. I worked on testing it in command line a while back but could not find a way to get the status page working again.
Show Quoted Content
On 11/04/25 03:47, Jonathan Lee wrote:
Hello fellow Squid users,
Does anyone use pfSense squid package that knows a possible solution to this issue ? I have went as far as to remove all custom config and go to complete splice all and it still occurs with or without cache enabled and or squid guard enabled. It is something I just don’t know how to correct it. I worked on testing it in command line a while back but could not find a way to get the status page working again.

Bug #15410: cache_object://URL Scheme is removed in Squid-6 - pfSense Packages - pfSense bugtracker https://redmine.pfsense.org/issues/15410

As discussed in that bug report the "cache_object://" scheme has been replaced by "http://(visible_hostname):3128/squid-internal-mgr/"

The scheme can be "https://" so long as the proxy listening port is configured with the https_port directive.

visible_hostname should be replaced by the contents of the visible_hostname directive, or listening IP address. This is just one of the many reasons that directive needs to be a DNS resolvable domain name.

The port 3128 can be another forward-proxy or an 'accel' mode port if you wish. Cannot be an 'intercept' or 'tproxy' *_port, nor an https_port with SSL-Bump enabled.

FTR; What we are familiar with as an "index page" is not provided by the Squid cache manager by default. I provide a basic UI at https://github.com/yadij/cachemgr.js that makes accessing the reports a bit easier for humans.

HTH
Amos

squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users