pfSense Gold Subscription

Recent Posts

Pages: [1] 2 3 4 5 ... 10
Got multiwan set up with two WAN interfaces. Sometimes the machine is booted with one WAN interface only and the other is physically removed. In such a boot pfsense prompts to be set up.

1. How do you disable the prompt and proceed with a pre-determined setup?

2. How do you make it automatically choose the multiwan setup if 2 WAN interfaces are detected, or a regular setup if 1 WAN  interface is detected?
Cache/Proxy / Re: Unofficial E2guardian package for pfSense
« Last post by pfsensation on Today at 05:35:07 pm »
Hello dear users of this forum. I have a question about this package. As much as I'm not trying to set up "Phrase Lists", it allways skips to sites with these words. Perhaps this is due to the fact that I use phrases from my language (Russian, I have not tried English words). I set up the mitm, it blocks everything well, "serach engines" works also only on English words, but it's not surprising. Simply Russian characters are encoded in some% as% dc% 5g ... and so on. The only way for me to block using "Phrase lists", as I read on a Russian-language forum that the predecessor of Dansguardian knew how to do it, but there were difficulties with encodings. In general, it may be necessary to include some parameter in the configuration about which I do not know.
Sorry for my english, I used an interpreter.

For this matter you may be better off bringing it up in the E2 Guardian GitHub page. I believe there was an issue raised for Russian character encoding.
OpenVPN / Re: OPENVPN between hardware and Virtual
« Last post by viragomann on Today at 05:33:56 pm »
Obviously the client can't reach the server.
Have you opened up the port on the server pfSense?

Since the Vigor will do NAT and you have a private WAN subnet you have the remove the check in the WAN interface settings at "Block private networks". Have you done that?

To check if the connection packets arrive at the servers WAN interface run a packet capture on pfSense, filtering for UDP protocol and the destination port 10449.
Cache/Proxy / Re: Unofficial E2guardian package for pfSense
« Last post by pfsensation on Today at 05:31:16 pm »
Thanks to some brilliant help from the Pfsense community, I think my crashes are finally resolved with some bootloader.conf.local addons.

It'll be nice to see this package kept up to date, especially as V5 is coming out soon!
No known way for me fix this failed upgrade! FreeBSD showing 11.1 but still showing 2.3.4-Release-P1 as the current version/"up-to-date". I later noticed that all F/W logging had stopped so at that point the only solution was to just reinstall. I had 2.4.0 ready to go on a thumb-drive and then upgraded to 2.4.2 through the console and restored my configuration from backup. All looks fine now and happy with what appears to be a noticeably faster VPN.
General Questions / arp fails?
« Last post by kmhuntly on Today at 05:02:12 pm »
hi everyone,

iím new. i just put pfsense in front of a cisco 2811 router, which is in front of a 3750 switch. i can access the internet but devices on the internal network donít seem to be arping to the router (except 1). iíve tried arping from some devices and they donít work. pfsense is dhcp on the wan side, on the lan side. the router fa0/0 (wan) is plugged into the lan side of the fw with an address of, and fa0/1 (lan) is configured with i have a route on the router with quad zeroes to, which is probably part of the problem. i have route on the fw for through

iím on a mobile so i canít attach my switch/router config but if itís needed i will when i get back to my desk.

update: added router/switch config
Cache/Proxy / Squid proxy with parent cache and authentication
« Last post by lorby on Today at 04:54:41 pm »
Hi everyone, newbie here :). I'm hoping someone might be able to help me out with a rather awkward setup.

Basically I'm trying to setup a caching proxy to speed up our crappy internet connection that directs everything to an offsite parent proxy that uses negotiate authentication (required) on a different domain. I want users to be prompted for their username/password as normal and to login to the parent proxy but to have local caching available as well. After tons of research with squid and a lot of trial and error it does seem possible in certain scenarios, but seeing as I have no control over the parent proxy that may be the issue.

Pfsense is configured with parent proxy details, no icp. Login=PASSTHRU, I have added the custom squid line "never direct always all"

The clients are prompting for authentication and will process content through the proxy server that doesn't require auth (e.g windows updates) so it's working at a basic level but no matter what it will not accept credentials. username@domain, domain\username etc. No format seems to be working. I've checked the logging and it's just constant miss/407 results. So it looks like it's not accepting the login.

I've tried playing with the header values in the general proxy settings but nothing seems to be working. I'm guessing that the parent proxy believes it isn't getting a connection directly from the client, but I thought that's what the PASSTHRU option was supposed to fudge?

Any help would be greatly appreciated,

Thank you
General Questions / Re: STP and network
« Last post by fireix on Today at 04:43:16 pm »
Could I do a kind of realistic test out of this before the actual going live?

Let's say I setup a pfSense in a closed environment, not connected to anything. I have one computer directly connected to the WAN-port with the computer having the IP (/29-net) and no gateway-setting. This will kind of simulate my ISPs transit-network. I will then set the WAN interface on pfsense to be (also /29-net), with that computer connected on WAN as GW.

On the LAN-side, I specify my current network, let's set it to be (on /24) - I also create a VIP that will serve as local gateway... I connect another computer, with IP and specify as default gateway. Now, I should only have to manage the outgoing NAT - Choose "WAN"-interface and choose the local VIP/GW under Address (and allow any on firewall) in order to ping I understand that cluster requires a bit more, but baby steps are the way to go to understand this. Then I can test and basically do all the mistakes on my own ;) I'm very ready to test this, so please let me know as soon as possible if this could work!
Hardware / Re: Unofficial QOTOM Hardware Topic
« Last post by johnkeates on Today at 04:39:32 pm »
The Intel ME bug is local exploitation only, the AMT bug is remote and locally exploitable. Both allow persistent PCH non-removable malware. Basically stored inside the PCH, not  even in the SPI flash (well, it can be).

In practise, both issues allow an attacker to write some code to the PCH, and then disable the update mechanism from the inside. This means you can't ever write to the PCH and it's basically broken forever. Only options are to replace the PCH or the whole board.
General Questions / Re: Cannot upload
« Last post by ssaulinn on Today at 04:35:53 pm »
Does your ADSL modem include a router?  If so, have you placed it in bridge mode, to bypass that router?
thanks for answer, but router have disabled this option, any other option?
Pages: [1] 2 3 4 5 ... 10