Hello,
I'd like to know if there is some date floating about the 2.9 release of CE .
Currently the bug tracker is moving slowly and still at 86%.
I really don't understand why the plus release and CE cannot be aligned and released at the same time.
Have them misaligned created double effort, inconsistency in code.
thanks.
Hello all,
I work at a small business servicing local customers hosted in our Datacenter, we migrated recently from a Fortigate 3000D in 7.2.13 to a Fortigate 1000F in 7.4.11, we use a VDOM per clients.
Now the issue, we have customer with a pfsense/fortigate firewall on which we build the IPSEC connectivity to their VM in the DC.
We have report of some customers since the migration (around 2 months now), behind pfsense that are getting disconnected everyday, all at once for 30/40 minutes and then all goes back to normal.
What has been tested:
- disabling npu offload on phase1-interface
- Aligning Key lifetimes + DPD values
- Lowering encryption (It was fine on the other firewall)
- No logs on the Fortigate indicating the tunnel is going down, monitoring doesn't show p1 or p2 going down either
- Running a ping shows latency spike matching customer timestamp
- Running a bandwidth check on the internet link, 20% used, no saturation and no packet loss
- No logs on the Windows machine (It's RDP)
- No CPU/Ram spike on either pfsense/Fortigate
- Updating the pfsense to the latest possible version (2.7.0)
We have opened a ticket to Fortigate as well but they aren't really helpful since the other end isn't Fortigate.
Any ideas are welcome
A few weeks ago Spectrum upgraded their infrastructure coming into our facility.
In addition to receiving a new dynamic IP address, I also realized there was a new problem.
On the dashboard after logging in, I have a widget called gateways, which measures packet loss. Previous to these upgrades the packet loss measured consistently, whether it be 100% or a certain percentage thereof.
Now even though the internet is working reliably, the gateway is registering 100% loss for both the DHCP4 and DHCP6, showing 100% packet loss.
Any ideas on how to solve this or should I just assume that gateways can no longer be measured? Using pfSense current stable version 2.8.1
I'm aware that PFsense is BSD based, but I'm still curious whether it's still effected by th Copy Fail or Dirty Frag vulnerabilities?
Setup:
ONT (Ezee Fiber) > pfSense on sfpc > Omada Switch > Lan
pfSense is connected directly to the ONT. Been on Ezee Fiber with this pfSense setup for almost 2 months.
In the middle of the night all my clients lost connection to the internet.
I've made no changes to pfSense settings. I restored a known good backup just in case, still the same problem.
So all this tells me the internet connection is live, sounds like a LAN DNS issue right?
Under Systems > General Setup > DNS Server Settings:
I tried switching to Google's defaul DNS, didn't work
Services >
On my Windows 11 desktop I ran the "network troubleshooter" and it reports I'm connected to the internet.
So at this point I'm a complete loss of what to do. Trying to make sure I'm good on my end before I call my ISP and tell them there something messed up. Ezee Fiber says they don't do DNS sinkholes and they are fine with me using my own router and not theirs... to be fare it has been working for 2 months.
Help please???
I've been tearing my hair out for a couple of hours trying to get a specific pfSense VLAN to go out through a ProtonVPN tunnel. I was using their instructions here
https://protonvpn.com/support/pfsense-wireguard
In step 5 (5. Create a WireGuard interface) They neglected to mention to set the ipv4 upstream gateway to the proton_gw which they tell you to make in step 6.
I'm not crazy, right? They should have mentioned that there?
So i'm having port forwarding issues and I really don't understand what the issue is here. As a starter, I know the concept, i've done it in the past many times, but my pfsense making me think I'm crazy.
Here's my setup:
My WAN goes to a fiber optic modem. Connected to ISP through PPPOE. My local machine is under OPT2, which is a subnet that use VLAN tagging. I try to forward port 22552 to my machine at 192.168.10.200
PfSense auto setup a rule :
On my machine, I start socat :
On a VPS in the cloud, I connect to my public IP (validated with whatismyip.com and also my router interface status).
Nothing reaches my machine
Looking at the firwall logs, I see this:
The source address matches my VPS. The target address matches my public IP.
What's wrong here? I read the troubleshooting guide, read forums, asked an AI; nothing. Any help would be greatly appreciated.
Here's my system :
I'm on my second go-around with pfSense and I am being plagued with this problem on my iPhone (and my wife's). I found this post from a couple of years ago with the same problem. The solution was to forget the network and rejoin. That worked for me, for about 5 minutes and then the problem returned.
As far as I can tell, this only affects the iPhone devices. My laptop seems to be working ok. There is no problem connecting to other devices on the network.
I am using pfSense 2.7.2 with the standard firewall settings. The only rules I added were for my IP phones (I'm running FreePBX). I have Wireguard installed and that works as advertised.
Some background - The first time around I was on ATT fiber. I put the modem in passthrough mode. I started seeing this issue with the iPhones and thought it might be my Velop mesh system that was screwing things up. Eventually, I went back to using the ATT modem. I replaced the Velop system with a Unifi AP system and that has been rock solid. I do not have any DHCP servers running on the Unifi system. I just switched over to Spectrum fiber (1 gig symmetrical). Their modem is plugged directly into in the pfSense box (actually, a Proxmox server running pfSense as a VM). There is no Spectrum router or wifi involved. All my other (mostly wired) devices are running without any issues.
Any ideas where I should be looking to fix the problem?
Looking for a VPN that’s affordable but still reliable for daily use and streaming movies from different regions
Mainly care about decent speeds and not getting spammed with captchas every hour
Any solid recommendations right now?
So I'm running srcds on a Windows VM (Guest) on a Linux machine (Host) using VirtualBox. Networking is set to NAT mode. I have forwarded the relevant port in VirtualBox's settings (27015) for both TCP and UDP to be sure.
IP of my Linux enviro: 192.168.20.2
IP of my Windows VM enviro running srcds: 10.0.2.15
If it matters: I can ping Linux (192.168.20.2) from Windows VM, but not the other way around.
I can also ping Linux from another machine on the network (on an entirely different VLAN at 192.168.10.2).
Furthermore, I can connect to the server using my machine running the game client, using my local IP (192.168.20.2), which indicates to me that the link between the Linux networking and the Windows VM networking is fine.
The problem is: no one outside of my network (WAN) can connect to my server.
They are using the standard command in the Source console:
connect myWANip:port
example:
connect 12.34.56.78:27015
The command itself is, syntactically, fine, so that's not the issue.
Anyway, to troubleshoot, I have entirely disabled Windows Firewall in the VM for both Public and Private networks. Furthermore, here are my pfsense settings:
However, no matter what I try, I can't seem to get it to work for anyone but myself (i.e. from within the LAN).
Any ideas what I'm doing wrong? I assume it's a pfsense things (probably).
After switching providers, the new one cannot see the MAC on my WAN port. The lights go green, provider can see link, but cannot see MAC, so i cannot get DHCP IP. They tried manually entering my MAC but it still does not work. when I hook up a laptop with the same MAC (cloned) it works.
Please advise!
I'm using starlink as a failover WAN. I can get some statistics of starlink via the app (which I believe uses the starlink network to go back to the unit, without requiring a LAN->WAN connection) but the home assistant integration appears to require access from LAN to starlink 192.168.100.1.
u/diverdown976 had a nice write-up of the pfsense config for starlink in failover WAN config, but says you don't need to NAT to 192.168.100.1 since the web interface of starlink is off in bypass mode.
Does anyone have the home assistant integration working when starlink is in bypass and PFSense has it as a failover WAN?
Hello! I'm relatively new to PF sense but I feel like I have a decent understanding of it at this point with how much troubleshooting I've done, but I really had a wall and nothing I have tried seems to fix it. So here's my situation:
I modified a thinkcentre m73 ( tiny form factor) to have an additional Ethernet port by using one of the built in mini pcie ports so it now has two ethernet ports. When I connect directly to the modem on my laptop I get 600 plus megabits per second and I should be getting 1 gig speeds but that's outside the point. When I plug in my router to my modem, no matter which Port I use, I cannot seem to get more than 100 Mbps when I do a speed test online. I've tried adding a USB ethernet port and for whatever reason that's still also doesn't get more than $100 and I have tried manually changing the speed in the console to 1000 versus 100. I still am not getting good speeds. I've done factory resets in PF. Sense to try and fix it but it feels like no matter what configuration I do with my ethernet ports. My internet speeds are through. My router are just really slow. I would really appreciate any more advice on things I could try or if anyone else's can run into this issue and has a fix. It feels like it is just something related to my router, but my CPU usage doesn't seem to be going more than 2% even when running speed tests.
Edit: I also ordered two different gbps USB ethernet nics and still have the same problem
Things I ruled out: the speed from spectrum because I'm definitely getting more than 100 megabits per second through the modem The ethernet cables My laptops ethernet port I think the ethernet ports themselves are fine since even with a USB port it's still not hitting more than 100mbps at best.
Something strange about the speed tests is it doesn't even hit 100, but it'll hit 60 and build up to generally around 80ish.
Hi everyone,
I just noticed these messages. I used OpenVPN to access the pfSense web GUI remotely.
I have two internal networks:
LAN: 192.168.10.1/24
ServerNet: 192.168.20.1/24
Neither network was allowed to access the pfSense web GUI directly. Access to the GUI on port 8530 was restricted only to clients connected through OpenVPN with specific assigned VPN IP addresses (basically only 3 allowed IPs).
I had firewall rules configured to block all other access to the pfSense web GUI.
Now it seems something went wrong and I can no longer access the GUI at all.
Also, the OpenVPN port 1143 appears completely closed when I test it with an external port checker, so the VPN server may not even be listening/reachable anymore.
At the moment I only have physical access to the machine through monitor and keyboard.
Does anyone have suggestions on how to recover access to the pfSense web GUI and OpenVPN service from the console/shell?
03:01:00 The following CA/Certificate entries are expiring:
Certificate: GUI default (67f116920511c) (67f116920511c): Expiring soon, in 0 days
Certificate: ServerOVPN (67f1410b3afab): Expiring soon, in 0 days
Certificate: testvpn (6963d4317e001): Expired 26 days ago
I just got a Centauri Carbon 2 today and after setting it up I am unable to get my computer to communicate to it. I am running a PFSense Router. I am using Orca Slicer and when I keep getting communication error I downloaded Elegoo slicer and that has not proved to be any better. It is connected to my wifi and I am able to use the Matrix app on my phone and can communicate with it that way. The error I get with Orca is such.
I'm still learning so I need some clarification. I have DNS resolver enabled on my pfSense in forwarding mode (upstream servers 9.9.9.9 and 149.112.112.112 ). I also have "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers".
At this point should I redirect client dns requests so that all my local client devices that might query on port 53 are forced to reroute back to my localhost (127.0.0.1) which then forwards the query via TLS through port 853 to quad9 as my upstream server?
Hi all.
Currently running pfsense ce and have noted that if i have to reboot my syslog server, pfsense stops sending data to it until i go back into syslog settings and disable/re-enable the "send to syslog" setting and hit "apply".,
In the system logs, i can see a "udp send rejected" message when the syslog server gets shut down.
What i want to do is get pfsense to retry every 30 seconds to see if the server is still down, which feels a "sensible" way to do this.
I can't find anywhere to set this behaviour though - any ideas/pointers would be most appreciated!
ta
What could explain this strange connectivity matrix:
| Ping from/to | 1.1.1.1 | 8.8.8.8 |
|---|---|---|
| Lan A (vlan 48) | Works | Unreachable |
| Lan B (vlan 49) | Works | Works |
| Firewall | Works | Works |
| Lan A host 1 | Lan A host 2 | |
| Firewall | Unreachable | Works |
| Firewall | ||
| Lan A host 1 | Works | |
| Lan A host 2 | Works |
A reboot of the router solves it... but I still think this kind of strange state is something unique I haven't ever seen before. What could this be?
I see a one-way ping to (some of) the hosts on one network. There's multiple LANs, all with configurations that only block traffic to each other. Yet for some reason one of these LANs cannot communicate with the outside world.
It can't be google DNS blocking this location, as it all works just fine from the other VLAN.
Most of what I see with partial internet is DNS issues, but here it's even pinging specific IPs where you see some are reachable and others are not. It's also not the internet provider, as the problem is also contained to one specific VLAN.
Hello Guys,
We are looking for a pfSense expert here in the Philippines who can conduct onsite training for our team.
The goal is to make our guys knowledgeable in pfSense administration, deployment, troubleshooting, and best practices. We also want them to clearly understand the capability differences and gaps between the open-source/community edition and the subscription/commercial features.
Training can be basic to advanced as long as it is hands-on and practical for enterprise environments.
If you are offering this service or can recommend someone, please send me a message. Thanks.
I have recently virtualized PFsense on proxmox and it has opened up my other machine for additional uses. So I now have 2 proxmox machines each with 10gb sfp+ ports. However I noticed when I backed up my config and moved to the virtual instance and restored there the naming of the interfaces and available ports made the restore not so smooth. I got it all running as normal but it got me thinking. If one proxmox machine goes down and I have to shift over to using the backup on my other proxmox server il run through the same interface mapping issue again. So how does everyone do this to keep moving PFsense VMs between machines without issues?
