From Dashboard-

But try again.

It worked this way on all my installs except one which worked the first time.

General Questions / NTP server 4 seconds slow
« on: April 19, 2018, 08:05:46 pm »
2.4.3 release  multiple boxes

My widget and connected devices that look to my pfsense for NTP are running 4 seconds slow..

Anyone else seeing this?

Code: [Select]
19 Apr 17:32:39 ntpdate[77666]: ntpdate 4.2.8p11@1.3728-o Wed Feb 28 13:29:07 UTC 2018 (1)
server, port 123
stratum 2, precision -23, leap 00, trust 000
refid [], delay 0.09145, dispersion 0.00540
transmitted 4, in filter 4
reference time:    de83b39f.2d240c4e  Thu, Apr 19 2018 17:32:31.176
originate timestamp: de83b3ad.e5347f63  Thu, Apr 19 2018 17:32:45.895
transmit timestamp:  de83b3ad.d0048775  Thu, Apr 19 2018 17:32:45.812
filter delay:  0.09506  0.09908  0.09145  0.15143
         0.00000  0.00000  0.00000  0.00000
filter offset: -0.00904 -0.00642 -0.01035 0.019849
         0.000000 0.000000 0.000000 0.000000
delay 0.09145, dispersion 0.00540
offset -0.010352

19 Apr 17:32:45 ntpdate[77666]: adjust time server offset -0.010352 sec

Ive got several (customer) boxes out in an area on the same ISP.   Some running 2.4.3  and two others 2.3.5p1

ISP changed local subnet overnight from 24.113.x.x  to 172.92.x.x on all the affected boxes.

The boxes all reach out to my system here via VPN connections so I was able to see them this morning just fine.

But all the boxes had problems on their end due to their WAN firewall rules becoming invalid and not working.  I.E.  cameras, VPN from other sites into them  (dynamic DNS which updated fine)

VOIP rules inbound also became invalid.

Firewall logs show all attempts hit the firewall but were blocked.  I rebooted one of them and all was good.  Others were rebooted locally by staff on site. 

It seems that possibly a Filter Reload did not happen with the address change..  ??    I have a single DSL pppoe box there that seems to change weekly and we never have issues with the inbound rules for the cameras when it changes..  And I do not recall changes in the same subnet for these cable system customers ever having issues before.. Just the change to a completely different subnet seems to have caused the issue.

All modems are bridge only devices with public IP on pfsense WAN.

This is what you get though when you choose a residential grade service labeled "commercial" over true commercial offerings..  Are you listening WaveBroadband??  At least our fiber people keep us in the loop for such changes..

/rant    >:(

Getting this on one box since upgrade to 2.4.3-RELEASE several times daily-

There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table negate_networks: Cannot allocate memory - The line in question reads [21]: table <negate_networks> { }

These addresses are all associated with a couple of OpenVPN connections into this box..

Any ideas?   :o     This box has 4GB RAM.  And plenty of swap space..

Official pfSense Hardware / Small Rant- Copyright Screen
« on: April 01, 2018, 08:40:40 pm »

I get it..  Really.   Copyright screen on the Community Edition that you have to accept at least every day if you sign in to the GUI.

But can we somehow get this screen off the boxes we and or our customers buy directly from Netgate?  Im taking heat from a couple of customers.

IPsec / Paloalto
« on: November 30, 2017, 11:26:46 am »

Anyone recently able to make a vpn connection (psk) between a pfSense box and a Paloalto box?

CARP/VIPs / WAN takes VIP as address after outage.
« on: November 20, 2017, 10:31:10 pm »

I have a box running 2.4.1 (this has happened for a while since at least 2.3 and maybe longer)

The box acquires its primary WAN address from the cable co. via DHCP..

I have one static IP address which I assigned as a VIP (IP Alias).

I had the WAN set to ignore DHCP from the modem address.  (Ive changed this as of two days ago so the WAN will get a 192.168.100.x address but hopefully correct after the lease runs out)

Intermittently if the cable goes down and has to restart the WAN will take on the VIP address causing the box to go offline.  It won't correct without manual intervention.   Im watching closely to see if my change above changes this.



Feedback / Survey
« on: November 15, 2017, 12:58:07 pm »
Guys:   I tried to do your survey but sorry its a PIA.   ;)

Well..  not really but 2.4.1 did install on every box just fine and is working as designed.   ;D

2.4 Development Snapshots / (Solved) IPv6 Kernel Panic
« on: August 05, 2017, 01:55:07 am »
 2.4.0.b.20170804.1136Looks like a recent change to IPv6 caused a kernel panic

Latest 2.4 snaps

OpenVPN logs during startup-

Code: [Select]
Syncing OpenVPN settings...done.
route: writing to routing socket: Invalid argument
route: writing to routing socket: Invalid argument
route: writing to routing socket: Invalid argument
route: writing to routing socket: Invalid argument

Continues for each openvpn session I have set up minus one..   VPN tunnels still work so just noise?

Seems to have started somewhat recently. No changes to my config from my end

General Discussion / LAN across routers
« on: June 15, 2017, 03:22:45 am »
I have a set of devices that will only work (communicate with each other) on a local LAN.  I want to place one device out on a remote site (behind router A) which crosses a few networks (all VPN and private) to get to the device on the other end (behind router Z) on the same subnet..

Possible scenario?

General Questions / Cable Modem Ethernet Cable Bonding
« on: May 27, 2017, 10:45:48 pm »

Has anybody made use of their "bondable" ethernet ports on their so equipped cable modem to a LAGG'd pair on their pfSense box?

What flavor a LAGG did you use?    My Motorola MB8600 is supposed to arrive tomorrow and Im just getting ready.

General Discussion / If you have one of these cable modems..
« on: February 25, 2017, 02:55:44 pm »
Arris SB6190
Arris TG1672G
Arris TM1602
Super Hub 3 (Arris TG2492LG)  (commonly - virgin media)
Hitron CGN3 / CDA / CGNV series modems:
Hitron CDA-32372
Hitron CDE-32372
Hitron CDA3-35
Hitron CGNV4
Hitron CGNM-3552 (commonly - Rogers)
Hitron CGN3 (eg CGN3-ACSMR) 2013 link
Hitron CGNM-2250 (commonly - Shaw)
Linksys CM3024
Linksys CM3016
TP-Link CR7000
Netgear AC1750 C6300 AC1900
Netgear CM700
Telstra Gateway Max (Netgear AC1900 / C6300) (Australia) 2014 link.
Cisco DPC3848V (eg High latency/ping to Shaw router? )
Cisco DPC3941B / DPC3941T  (commonly - Comcast Xfinity XB3)
Cisco DPC3939
Compal CH7465-LG / Arris TG2492LG (commonly - Virgin Media Hub 3)
Samsung "Home Media Server"

Read This-     Before you blame anything else on your network for erratic pings and lost packets..

