pfSense Support Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - AndrewZ

Pages: [1] 2 3 4 5 ... 18
OpenVPN / Re: Failed to Config OpenVPN on Android
« on: January 15, 2018, 08:35:42 am »
Use openvpn-client-export package to export configuration ("Android" type) on pfSense.
Install this client on your Android device and import configuration your exported earlier.

DHCP and DNS / Re: Dynamic DNS,
« on: January 15, 2018, 08:22:57 am »
They have 2 methods, pfSense is aware of the old method only.
Old method - use "freeDNS" in pfSense GUI
New method - version 2 as they call it - use "Custom" in pfSense GUI and put something like this in Update URL:
Code: [Select]

DHCP and DNS / Re: Split DNS with Resolver
« on: January 11, 2018, 01:09:00 pm »
Many thanks for that, johnpoz!
Actually the rule was configured initially but with mistake. Once I figured that out this split dns idea came to my mind. In a mean time I just manually configured NTP server IP (from the same subnet) instead of the hostname for a few devices. Will do something nicer later on.
Thanks again!

DHCP and DNS / Split DNS with Resolver
« on: January 11, 2018, 11:55:56 am »
I have multiple subnets like,, etc
For NTP server I have a hostname assigned in DNS which points to
What I want to do is to respond with the different IP depending on who is asking, i.e. for request from 192.168.2.X DNS should respond with instead of
Is that possible?

OpenVPN / Re: Using MS cert on Linux
« on: January 06, 2018, 04:35:29 pm »
cryptoapicert is purely Windows thing
For Linux I believe you can generate a new config (.tar) or manually remove cryptoapicert reference, then import, then manually select a cert (.p12) from the GUI.

Wireless / Re: Using ASUS AC66U as Wireless AP - Add guest network(s)?
« on: January 02, 2018, 02:57:01 pm »
VLANs are supported by Merlin firmware. One of the guides is here.

Hardware / Re: Huawei ME909S-120 setup help needed
« on: December 11, 2017, 09:51:33 am »
Code: [Select]
/root: cu -l /dev/cuaU0.0

^RSSI: 6

^HCSQ: "LTE",20,18,106,12

- looks like you're on the right port. Unfortunately I do not have the same modem and cannot check myself.
You can try to blindly enter ATE followed by Enter, then type AT (with Enter again) - you should be able to see both AT and OK as a response.

^SETPORT may not be available in your modem.
"cu" is a terminal emulation program, usually called just a terminal
Z (ATZ) is a reset command, please search for Hayes AT command set.

How do I know for sure what the APN and phone number settings should be?
Ask your provider, then test on your computer, without pfSense.

General Questions / Re: VoIP degradation of quality
« on: December 07, 2017, 02:54:03 pm »
Any suggestion on how I could troubleshoot this?

Better to ask at Asterisk forum as there is no evidence that pfSense is guilty.
General advise - forget about generic Asterisk log and check your SIP signalling.

General Questions / Re: VoIP degradation of quality
« on: December 03, 2017, 11:45:38 am »
First of all make a clean test, without Asterisk & pfSense, with ATA or softphone on PC directly connected to ISP.
Make sure g729 is not used.
Then put pfSense back in line and test again, then add Asterisk and test again.

Official pfSense Hardware / Re: SG-3100 - which cellular module
« on: November 22, 2017, 12:34:32 pm »
have ordered a Sierra Wireless EM7455

Not a good idea IMHO, because
MBIM interface which pfSense/FreeBSAD cannot talk to

Without MBIM or QMI we have only [speed limited] PPP option left, but for that you can use a cheap USB stick, probably half of the price of EM7455.
That's why I'm using EM7455 with another router, not pfSense.
Same story with most Huawei modems - there is no support for NCM (Network Card) in pfSense, those modems are again limited to RAS (PPP) mode.

Official pfSense Hardware / Re: SG-3100 - which cellular module
« on: November 21, 2017, 03:57:34 pm »
Potentially something like Sierra Wireless EM7455, not tested it on pfSense though.

DHCP and DNS / Re: ClouDNS Dynamic DNS Support
« on: November 21, 2017, 03:24:14 pm »
Updated to 2.4.2 and tried to add ClouDNS as DynDNS provider. GUI requires to fill multiple fields like hostname, username, password while the only needed parameter should be an API token, IMHO.
OK, even with all the fields populated there is no update and authentication error in the log:
/services_dyndns_edit.php: Failed(Invalid authentication, incorrect auth-id or auth-password.)
I've used my regular username (e-mail) and password but that seems to be wrong. I have a feeling that I will need separate API username and password, but I see no API menu on my free account.

BTW, works like a charm as Custom with a single URL like
Quote{my token here}

OpenVPN / Re: CRL not saved for a client connection (2.4.1)
« on: November 13, 2017, 11:04:12 am »
Thank you for the quick reaction, Jim

OpenVPN / CRL not saved for a client connection (2.4.1)
« on: November 13, 2017, 04:56:07 am »
Just noticed that the CRL is empty for an OpenVPN client connection I have.
The CRL itself was imported into Cert.Manager some time ago and it was selected in a drop-down for that connection earlier.
I've re-selected the CRL in the connection settings again and saved - the field in question is still empty when I'm checking back.

Pages: [1] 2 3 4 5 ... 18