Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Gertjan

Pages: [1] 2 3 4 5 ... 180
Never used vlan's.
Portal has a dedicated NIC.

can u like test it ? if you have some time
Well, I'm using the captive portal for the last 10 years or so.
I guess tests are over for me  ;)

Packages / Re: Letsencrypt cert did not renew after 60 days
« on: May 18, 2018, 05:00:12 pm »
[Fri May 18 03:16:05 EDT 2018] errordetail='Invalid response from '

.well-known/acme-challenge/my_token at did not give back the token.

The web server (GUI pfsense or some other web server on your LAN) was not replying with the file ".well-known/acme-challenge/my_token" which should contain the "check" token.

For example :
web root file not present
NAT rule not ok
or was resloving to the correct IP.

Captive Portal / Re: Captive Portal https Problem (works with Http)
« on: May 18, 2018, 04:27:34 pm »
No clues from me.
Witrhout further details, I'll go for a VLAN issue.

Firewalling / Re: How to Access Modem behind pfSense
« on: May 18, 2018, 09:53:04 am »
Code: [Select]
LAN(Me) -> EXSi(pfSense(PPPoE Pass-through)) -> DrayTek Vigor 130 -> INTERNET

DrayTek = (Factory Default settings)
pfSense =
EXSi =
pfSense (LAN IP) is and LAN is ...... Ok.
WAN is ? (On the WAN  interface, "Block private networks and loopback addresses" is not checked, right ?

Captive Portal / Re: Captive Portal https Problem (works with Http)
« on: May 18, 2018, 09:47:06 am »
When you connected your device to the captive portal interface, could you resolve : ?
It should return ""

And your cert contains "" ?

And what do you mean by "problems" ?
Any portal and captive webs server logs ?

You use the default captive portal login page, right ?

Captive Portal / Re: Captive Portal https Problem (works with Http)
« on: May 18, 2018, 09:07:14 am »

A common name of one word ?
Normally, it should be "".

At least, true (trusted) certificates should be "" and/or "".

I'm using a certificate from the ACME package. Just plain rocks.

For the DNS, the Resolverw as activated by default, never touched it. I added a host override like
where is my captive portal NIC and the common name of the cert (I own of course).

Oh no! There are too many glitches in pfSense to reinstall it on each :)
Maybe I'm lucky every time then, but for the last several years now, pfSense never** let me down after an update.

Btw : when the dashboard shows "Unable to check for updates" it tells you it's not able to visit the Internet as it should be.
That would be a "call Houston right now" error for me. Upgrade and update problems are right ahead - worse is scheduled.
Repair this first (this is a 99 % case of a : "DNS setup is not ok" issue).

** and if something did pops up, this forum always knew about it already, and what to do right away to make it work again.
I'm not using pfSense at home - but at my work, a hotel, using the captive portal (and FreeRadius now) so if things go bad, I have a boatload of non-happy clients (and that's NO good for moral and $(€)).
Normally, I upgrade after a week or so, and consulting the forum (and redmine - major github chances, etc).

DHCP and DNS / Re: dns resovler
« on: May 17, 2018, 08:15:04 am »
Goto Services => DNS Resolver => General Settings => bottom of the page and add :

DHCP and DNS / Re: I dont understand!
« on: May 17, 2018, 08:11:18 am »

Add this info to the equation : is a huge DNS cache with some additional functionalities **.
If "" doesn't know the answer, it will behave exactly like the pfSense Resolver : it will ask the 13 root server, and drill downwards.

The Resolver can only work. If it doesn't, two things might happen :
- Resolver can't connect to at least one root DNS server => bad connection ? Your ISP (or VPN) is playing tricks on you ?
- You mentioned "well known sites" so I can rule out faulty DNS name servers I guess.
(third option : your "well known sites" do not like your VPN IP, sites like Netflix blacklisted most of them already.)

If asking the root servers (directly) doesn't work well, consider the Internet as broken .... and that did not happens up until today.

** like Google knowing what your are doing, where, with who and when.

DHCP and DNS / Re: dns resovler
« on: May 17, 2018, 07:35:03 am »
example :
 i cannot undestand how to do  in dns resolver..
Be carefull.
"" is not ""

Keep the Resolver, let it resolve. Do not touch any DNS related setting, and you'll be fine.

The actual main version is 2.3.5 in that "32 only"  branch.

Btw : 2.3.5 if you decided to stay on the "dead end path" - forced to stay there because your hardware is 32 bits.

pkg-static: wrong architecture: FreeBSD:11:amd64 instead of freebsd:11:x86:64

Never saw this "x86:64" before. If its a 64 bits system, FreeBSD is using "amd64 " for ages already. These are 64 bits versions, and can not be installed as an upgrade on a 32 bit system.
Where are you upgrading from ?
Chose the other branch ? Visit System => Update => Update Settings and make sure you have the correct one.

Another fast solution would be : make a config copy.
Get he latest and greatest from
Import config.

Go do other things ^^

Captive Portal / Re: Freeradius3 accounting bugs
« on: May 16, 2018, 01:18:06 pm »
If you edited the first user on the Radius list, you should have this when you inspect the "users" file :
see image.

I limit users to 2.

edit : I also limit every user to 200 Mbytes a day.

DHCP and DNS / Re: DNS not resolving some sites
« on: May 16, 2018, 06:31:55 am »

Code: [Select]
Serveur :
Address:  2001:470:1f13:5c0:2::1

Réponse ne faisant pas autorité :
Nom :

Who is "" ? make your DNS work on that device, because the PC where you are running nslookup was told to use it.

Note : it's ok to move from the default Resolver, and set up something different - using "8..8.8.8" or Cloudfare or whatever. But : finish the setup  ;)


I understand your question..
This is what I saw yesterday - the upgrade went just fine - it rebooted, and was up after a minute or so. It's like this the last several (10 ?) years. Can't remember it broke something (except for bad SAT drives - bad DDRAM ....).

Two advises :
Before upgrading, restart your pfSense.
After restating, check dmesg log (go god mode, option 8 and type dmesg - check for errors, document yourself about the errors ans warnings).
Make a config copy.
Then upgrade.

Btw : an upgrade log exists. If new pfSense "core files" can't be written (overwritten) I would for sure want to know why they didn't copy.

The only difference between your pfSense setup, and mine is :
NOT pfSEnse, the code is identical.
Your are probably using other FreeBSD drivers, because your hardware is different.
Your config is different, our are using probably other packages as I do.

Pages: [1] 2 3 4 5 ... 180