1827
pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.
La versión 2.7.2 no me permite activar los servicios
Squid ni squid guard
really? THAT'S AMAZING. I'm gonna boot you now
Читать полностью…
Yeah, you don’t need that fast of ram to handle 1g routing and basic segmentation.
Adding surricatta will eat ram a bit, but unless you load it up with a bunch of heavy rules, or have to route larger than 1g of throughput at a moments notice, you may want to have a stronger cpu and maybe even more ram for something like 100gbe
I just found it, it's in system > certificates
Is this correct?
I ask because I always exported my Remote Access type VPNs in vpn > openvpn > client export
Please introduce me to a training resource for sending pfsense and suricata logs in the new version to splunk.
Читать полностью…
Yes, thank you and sorry for the question 🫡👊🏼
Читать полностью…
DNS servers are almost the most light services you can have, I doubt the fault's in the pihole if you have decent hardware running it.
If you need adblocking, you can try out adguard as local dns, but I remind you that this channel is for pfsense, not adjacent networking :)
@loos on a similar subject: re: pfsense it is not possible or so it seem to download the iso archive installer unless you are in a listed country or state found in the drop down box. Since I am in canada I would have to lie about my origin because canada is not listed in the countries found therein. The system would not accept my canada address. For what it's worth.
Читать полностью…
If anyone has TNSR, can you please send me the file checksum for the latest iso? (or alternatively, send the latest version iso), im having problems with my version.
Читать полностью…
Hello, colleagues!
I’m struggling to solve a task, please guide me.
There’s a central office and 8 branches.
The office has pfSense running an OpenVPN server.
Each branch has routers on OpenWRT with an OpenVPN client.
We use TUN and a /30 subnet for each client.
Requirement: One computer in the office should be able to access the internet using the IP addresses of the branches.
I tried setting it up via routing, but it only works with TAP, which isn’t suitable.
Please advise on possible solutions.
The above traceroute result is from pfsense and destination is windows
Читать полностью…
https://www.netgate.com/blog/important-security-updates-for-pfsense-plus-24.11-and-ce-2.7.2
Читать полностью…
My pfsense and tnsr phy appliances have 10g cards, xeons, and 16gb each, so they aren’t exactly light duty. These are full server-class systems
Читать полностью…
hello, I would like to start using pfsense to segment the network into 2 or 3 VLANs and enable IDS/IPS ...I had identified some mini PC with n100 CPU in which to install 8gb RAM ddr5 4800mhz and a 256 nvme SSD. Do you think it is enough to run a network with 1gbs internet bandwidth ?
Читать полностью…
Good morning everyone, how do I export files from a peer to peer VPN?
Читать полностью…
Hi everybody, I have a pfsense with multiple virtual interfaces in my WAN, there is any way to remove it through the cli ?
Читать полностью…
I have just been using pfBlockerNG for several years now on a old dell r410 ( 1u )
Читать полностью…
Hi guys, I have worke with pihole, for DNS blocking and traffic control, but in big infrastructures with too many queries, the service has crashed often and it’s not working very well in enterprise level, I would like to know alternatives of pihole, if any of you have some recommendations, please let me know
Читать полностью…
Hairpin and TUN equals !FUN! just like on dwarf fortress.
TAP works on L2 but TUN is L3 so manual routing it is
Thanks found the issue. There was a virtual IP conflict. After migrating the cluster from one Datacenter to another, I forgot to remove old Virtual IP Addresses of the cluster used like CARP IP
Читать полностью…
That ret=-1 output usually means ICMP or UDP packets are being blocked or dropped along the path — not necessarily a routing issue.
Check these:
Firewall on pfSense and destination – allow ICMP or UDP (depending on traceroute mode).
Traceroute type – Linux default is UDP, try traceroute -I for ICMP.
Check intermediate hops – some devices silently drop TTL-expired packets (e.g., some switches or routers).
Try from another source device to compare.
Routing might be fine, but firewalls or devices in the path can break visibility.
Hello Everyone,
I am trying to traceroute but it’s giving this output, not expected result to show the path, while I already have the required static routing.
1 * * *
2 * *traceroute: wrote 192.168.11.67 48 chars, ret=-1
*
3 traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*
4 traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*
5 traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*
6 traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*
7 traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*
8 traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*traceroute: wrote 192.168.11.67 48 chars, ret=-1
*