• Bricked (and recovered) 4200

    Plus 25.07 Develoment Snapshots
    6
    0 Votes
    6 Posts
    430 Views
    J

    I would agree. 18 hours in and everything continues to run smoothly. The issue related to image availability I believe is the valid answer and we can close this out as solved. Thanks everyone. -JD

  • 1 Votes
    64 Posts
    12k Views
    P

    Recently done four of them. Two upgrades from 2.7.2 and two net installed. All went ok & reinstalled packages after.

    I agree an iso would be useful but I’ve managed without.

    Next one will be an ESXI vm, so will try both methods on that.

  • NAT broken after Reboot

    NAT
    14
    0 Votes
    14 Posts
    611 Views
    P

    @iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself!

    Hopefully your setup will remain stable going forward.

  • 0 Votes
    15 Posts
    294 Views
    JonathanLeeJ

    @johnpoz This even does this with the newest CE edition inside of UTM virtualized environment outside of the 2100s

    Screenshot 2025-07-17 at 10.15.51.png

    It is not just the 2100s this is set up for standard stuff everything else works with it just the status page

  • Pfsense - OpenVpn

    Español
    2
    0 Votes
    2 Posts
    159 Views
    L

    @Belcebu-Gdl

    Hola.
    Cuando ocurra el problema, yo revisaría desde el ordenador con cliente openvpn (en este caso desde el ordenador con openvpn connect) si hay conectividad al servidor openvpn (pfsense).
    Aunque no es lo más común, yo tengo el servidor openvpn escuchando en tcp en lugar de udp. Si está en tcp, puedes desde el ordenador cliente comprobar si hay conectividad con el comando telnet a la ip y puerto del servidor openvpn. De esta manera puedes ir acotando el problema y ver si el problema es de servidor, de red o del cliente.
    Un saludo.

  • Problema con ping (icmp) cuando hay nat.

    Español
    1
    0 Votes
    1 Posts
    17 Views
    No one has replied
  • 0 Votes
    12 Posts
    135 Views
    M

    @mav3rick said in OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances:

    So setting openvpn to bind only to the CARP VIP works fine for me

    Multi-WAN with HA there?
    If so, it would be a better idea to run openVPN server on localhost instead.
    This would allow it to receive connections from all WANs.

    No need to select a VIP, just forward packets from the WANs VIPs to localhost.
    You can use DNS, thus the client would connect to the WAN that is UP.
    Or
    You can use two remote entries in the .ovpn, with timeout lets say, 2 seconds.

    Then, just create the NAT rule to access the firewall-2, using the SYNC address as previously mentioned.

  • What actions are triggered by gateway going down?

    Routing and Multi WAN
    2
    0 Votes
    2 Posts
    58 Views
    J

    It would seem the answer to my question is "/etc/rc.gateway_alarm" is run.

    Nothing in there for DHCP leases from what I see. More about restarting VPN sessions and flushing states.

  • [solved] English language "question"

    Off-Topic & Non-Support Discussion
    3
    0 Votes
    3 Posts
    215 Views
    stephenw10S

    Mmm indeed, I would expect that to be they or it depending on whether 'peer' refers to the user or the device. More likely it's a device in that reference.

  • 0 Votes
    124 Posts
    12k Views
    stephenw10S

    Good to hear.

  • Data Encryption Algorithms sumiu de um dos servidores

    Portuguese
    3
    0 Votes
    3 Posts
    279 Views
    L

    Reverti o servidor para outra versão e atualizei, não funcionou a parte de Data Encryption Algorithms, ela não voltou.

    Decidi parar de procurar solução, já que não obtive ajuda aqui e na internet, e resolvi colocar o wirguard no local. Mas estou ainda com algumas questões. Funcionou, estou acessando o fileserver do outro lado, mas alguns serviços como Impressora que usa SMB para fazer scaner, não envia via túnel.

  • pfblockeer 3.2.8 + pfsense 2.8.0: top1m db download fail

    pfBlockerNG
    4
    0 Votes
    4 Posts
    394 Views
    sretallaS

    You can download it here now:

    https://raw.githubusercontent.com/ianb/alexa-sites/refs/heads/master/top-1m.csv

  • Netgate 6100 LAN crashes

    Official Netgate® Hardware
    13
    0 Votes
    13 Posts
    867 Views
    N

    The problem is solved; it was indeed the network cable that had a loose connection.
    It's in the trash!
    Thank you all for your help.

  • 0 Votes
    11 Posts
    156 Views
    S

    @viragomann I lost oversight. The customer edited stuff on his own ... and wrote he succeeded by adding fw rules and policy-based-routing. Sounds like overkill a bit, but ok if he's happy.
    I have to accept that this box is out of my control somehow now ;-)

    thanks for your help. I might report back if I get access again and see things.

  • 0 Votes
    62 Posts
    9k Views
    T

    Yesterday we built a new pfSense 2.7.2 cluster, master firewall was running for over a week without problems, but about half an hour after setting up CARP and pfSync to the new slave it died with known hvevent problem. It then died several times, again and again.. Not sure but maybe it has something to do with either CARP/ConfigSync/pfSync or multicast traffic (because we know dying pfsense setups without carp configured, so might be multicast traffic in the network which triggers something).

    We have had the same experience with our only OPNsense setup, of which the master is running smoothly since we removed the slave firewall.

  • SG-1100 as VPN client only (no dhcp) adding to existing network

    OpenVPN
    6
    0 Votes
    6 Posts
    97 Views
    V

    @phthatcher said in SG-1100 as VPN client only (no dhcp) adding to existing network:

    just assure that when the server reaches out to the web it is behind the vpn

    So all you need is to configure pfSense as default gateway on the server.

    The pfSense only needs a single interface (LAN, router-on-a-stick), connected to your LAN.
    On the VPN interface you have to add an outbound NAT rule, as mentioned in the ExpressVPN tutorial.

  • Blocking of Discord

    pfBlockerNG
    5
    0 Votes
    5 Posts
    296 Views
    M

    @The-Party-of-Hell-No excellent. I’m glad some experimentation proved successful.

  • 0 Votes
    3 Posts
    134 Views
    W

    @dennypage said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

    @wolffire said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

    I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

    Is it possible to block package processes from doing so?

    You can't block individual packages. The closest you could get is to find the domain or addresses the package is accessing and block those.

    With specific regard to ntopng, I haven't examined all the callouts but I don't recall it doing much unless you were using the licensed version (activation check), or had one of ntopng's "active" modes enabled.

    Make sure you have Active Network Discovery disabled in ntopng. It's in Settings / Preferences / Network Discovery / Active Network Discovery. This option should never be enabled on pfSense. Ditto for Active Monitoring.

    Thanks for the quick answer.

    I'm a little surprised about not being able to lockdown individual processes for those 'who watches the watcher?' types of situations. Finding a dynamic workaround will be painful.

    As far as ntopng, I just don't want it to be able do anything online unless I've configured it to do so; I loath the idea of telemetry being sent off to various companies.
    Not that I've found anything (I haven't taken a serious look yet); I'm just a bit weary.

    Speaking of the settings, after reading that post about inadvertently scanning the Internet, I definitely ensured active monitoring and network discovery was turned off. 😆

  • 0 Votes
    2 Posts
    98 Views
    P

    @pst said in 25.07.r.20250709.2036: still issues with limiters:

    I have yet to test limiters in combination with floating firewall rule for buffer boat mitigation, which was an issue in earlier betas.

    Still an issue in the RC. UL/DL limiters on LAN work as long as I haven't configured UL/DL limiters for WAN. Once there are WAN limiters no limits on LAN are adhered to (which I think is a regression from the beta where at least one direction worked as configured). Time to shelve those ideas of using limiters I guess.

  • pfSense and Squid going forward?

    General pfSense Questions
    9
    0 Votes
    9 Posts
    317 Views
    JonathanLeeJ

    https://github.com/pfsense/FreeBSD-ports/pull/1420

    Merged I could not test it but it is in there with the make file now and the distinfo file

    @stephenw10

    Let me know if you can test that out

    Dont use this I am having issues with the MASTER SITES and patches folder it wont make clean install all the way