Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - securedspace

Pages: [1]
I installed my PFSense box about a month ago, and the set up is:

Cable Modem (bridge mode) > PFSense (running DHCP server > Linksys Router running DD WRT as an Access Point > every device in my home, both wired and wireless.

The problem I'm having is that the internet connection on my Linksys DD WRT box will die for about 30 seconds, a few times a day randomly. I think the router is rebooting, since the WiFi signal stops. And on my laptop, I can't find the router for about 30 seconds, and then it reappears and everything is fine.

I'm not sure where to start looking for the cause of this, but I've owned the router for over a year and it's been solid until I disabled DHCP, converted it to be an AP only, and added the PFSense box between it and the cable modem. So I assume something about the PFSense box, or the configuration changes I made to the router are to blame.

It could also be the PFsense box itself is rebooting or dropping internet connection although I doubt it, because it seems like the router itself has the WiFi die during this time. If the PFsense box was to blame for the dropped connection, I'd expect WiFi to still be on, but lose access to internet.

Any thoughts?

General Questions / What is my PFSense FQDN and How to Change it?
« on: December 11, 2017, 09:26:35 pm »
To be honest, I never heard the term FQDN before an hour ago, but I'm learning as I go. My goal is to accomplish setting up my PFsense box slowly over the next few months and learn the underlying networking concepts for each configuration as I go.

Currently, I decided I didn't like that my Safari web browser makes me click through several warnings to access my PFSense box. Thus, I learned the basics of CAs and Certificates. I even found several incomplete guides on how to either create or self-sign a certificate and install it in my PFsense box, and I hit what must be the easiest question, because I can't find any documentation on it.

What is the FQDN of my PFsense box and how do I change it?

The closest my searching has found is that the FQDN is a combination of the Host name and Domain that I see on the System -> General Set up screen.

However, that's the most I found. I assume it's a concatenation with a period, but when I try that into Safari, it doesn't work. It just searches Google for that. So I added Http:// before the hostname.domain and still not working.

Also, while I'm changing it, what are best practices? I assume there's no benefit in obscuring it. Anyone attempting to hack me who is already on the network can use an arp -a command to find the PFsense box and access it via local IP.

I'm just getting into PFsense for the first time and am very excited for the possibilities. I'm still learning about networking principles and am having fun so far. What I'd like to do next is learn how to best isolate Sonos from phoning home, stop it from being a attack surface, or doing anything else dangerous.

My setup is: [Cable Modem in Bridge Mode] --> [Protectli PFSense Box running DCHP server] -->[DD WRT Wireless Router in AP mode, DCHP server off]

I can either plug the Sonos "base station" into the Protectli box directly, or into the DD WRT Wireless Router, and I think directly into the Protectli box is safer, but please correct me if I'm wrong. I also think giving the Sonos base station a static IP on my internal network is better than DHCP since I can likely make rules easier for a static IP device. But I'm not sure.

My concern is that Sonos might be phoning home, possibly with microphone data, since I think the pre-Echo Sonos units have some form of microphone in them to help calibrate sound in rooms. Sonos recently updated their TOS to make it less private, and I've avoided installing the new software because of it. The new TOS lets them send even more information back to their mothership.

I'm not using Sonos to connect to any 3rd party audio servers (such as Spotify), so as far as I'm concerned, Sonos does not need to talk to the outside world at all, unless I manually decide to allow a software update. However, I am concerned I can't segregate it from everything else, because I still want my iOS and OS X devices to be able to control the Sonos unit, which requires it be on the same WiFi network. So I think the best course here, using my non-technical understanding, is to keep Sonos on my primary network, but tell PFSense to disallow any outgoing connections through the Gateway (my cable modem).

Any thoughts on where to start?


First post - I bought a new Protectli box to install PFsense on for the first time. I installed the newest version, 2.4.2 and am setting it up. I wasn't able to get PIA's instructions to work properly since it seems that their screenshots were from an older version of PFsense.

Specifically of concern is their version of PFSense has an option to disable IPV6 from the OpenVPN configuration. That doesn't appear in v2.4.2, or if it does, the wording has changed and I don't see it.

I was able to connect to the VPN over PFsense, however when I went to an IPV6 site, whatismyip dot com, it was able to see my true home IP address. However IPV4-based sites did show my PIA VPN IP.

PIA discusses IPV6 leakage as a problem and claims that IPV6 is too expensive and too new to bother supporting. PIA is my first and only VPN I have used for the last few years and don't know if any other VPN providers are offering IPV6 or if PIA is being cheap. PIA does offer IPV6 leak protection if using their proprietary application however my goal with buying the Protectli box was to set up PFsense to be my VPN for all outbound traffic.

Please advise if there is a setting to block IPV6 - my search results of the forum here just showed several very old posts that were not helpful. Or is the recommendation that I either change VPN providers, downgrade PFsense software, or to return the Protecli box if it's just not possible to protect against IPV6 leaks.

Thanks so much in advance for any help.

Pages: [1]