I have a HA pair of NetGate 8100s running in an HA configuration. I have PFBlocker installed on both. Sync via XMLRPC is configured and working as expected. When the DNSBL virtual IP address is configured as IP Alias, the client browsers display the expected PFBlocker block-page. The floating rules are in place and allow the IP Alias (accessed via localhost) to be pinged successfully. When I switch to CARP for the DNSBL type, the changes are reflected correctly on the slave unit but after the forced updates, I lose connectivity with the VIP (still accessed via localhost). The floating rules ar ..read more

i just had several storms that made the power flicker on and off several times last night. Here’s the basic layout: pfsense → arista switch → server rm switch → living room switch, then all other switches are downstream from there. The ones specifically mentioned above are connecting to the controller, which is on a proxmox ct connected to the living room switch (used a tteck script that afaik pulls the official linux controller software). Also, these 2 unifi switches (server rm and living rm) were on UPS’s. The downstream switches are not connecting to the controller. Also, there are 2 WAPs t ..read more

if you had to move from a 3rd part hosted unifi controller to your own internal controller what would you use? cKG2 or build something yourself(such as)? 6 switches and 18 APs 3 posts - 3 participants Read full topic ..read more

Thinking about this article here where there is a an recommendation by Norway to replace all SSL VPNs if possible BleepingComputer Norway recommends replacing SSL VPN to prevent breaches The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. Although OpenVPN has been touted as a secure SSL VPNs, when deploying a pfSense especially, is it better to run IPsec or OVPN? They seem to have the same feature set and integrat ..read more

Over 1 year ago, I setup Wireguard between 2 pfSense boxes and everything was great. The transfer speed between 2 Synology at each location was about 100 Mbps and the ping was 30 ms. A couple weeks ago, my apartment changed internet providers and the Wireguard stopped working. I decided it was time to setup Tailscale and it’s working but the transfer speeds are around 10 Mbps and the ping varies from 100 to over 1000 ms. When I do a speed test, I get 600 Mbps up/down. The IP my apartment pfSense WAN shows (100.something) is different from an online check (204.something). Does that mean it’s us ..read more

Hi. I’m running TrueNAS scale dragonfish. The TrueNAS box has two interfaces on different LANs. If relevant, one of the interfaces has a statically configured IP address, and the other gets its address from DHCP, but according to a fixed table, based on MAC address. I installed MinIO as an application (from the “charts” train in the default registry). It seems to be accessible from one LAN, but not from the other. The LAN from which it’s reachable is the one with a static IP, which is also the first one that was configured. I don’t know if the static vs DHCP issue is related at all, but I woul ..read more

I have a server that needs to reach the open internet, from a VLAN on my home network. The setup is as follows: Home Xfinity router in Bridge mode OpenWRT TP-Link router for home network, LAN1 port tagged to VLAN 3 Managed Cisco switch running a VLAN (VLAN 3) on Gi0/17 - 24. Gi0/1 is the uplink port. All ports in TRUNK mode. Servers connected to the Cisco switch via the VLAN ports, and other ports Nothing on the switch can reach the open internet, and I have no idea why. I was looking into firewall rules, different switchport modes, different modes for connections on OpenWRT, and nothing wor ..read more

I’m hopeful someone can make sense of these logs as im completely stumped now . We have replaced all our networking equipment from Netgear to Unifi . 3/4 times per day our network drops for 15-20 seconds . We have recently replaced the firewall and i was hoping that would solve the issue but the issue still persists I have pasted in the logs from the ProAggreation switch that is being used as the Top Level Top of rack switch , closest to firewall and servers etc . If anyone can spot anything in the logs i will be eternally grateful May 14 14:09:13 ITCabinet4-ProAggregation1 user.info syslog: l ..read more

TL;DR When somebody on the internal network starts streaming video, pfSense reports 10-40% gateway packet loss. Anybody seen this issue before? This is a very strange fault. Our hardware router died last week, so I replaced it temporarily with an Intel NUC running Proxmox Virtual Environment (v8.2.2) running the latest pfSense CE. Long story short, everything works fine until somebody on the network starts streaming video (e.g. Zoom, Teams etc). At that exact time: A continuous ping starts to time out 10-40% of the time. Large file downloads start-stop, start-stop etc. The Gateway (Dashboard ..read more

I’m looking for some advise, guidance, etc on a project I have coming up. The fiber portion is totally new to me. I am going to be adding network connectivity and Sec. cameras to a storage unit (there are 3 buildings). There’s a telephone pole near the road and that pole is going to serve the host for 2 cameras, flex switch. Here’s the layout: Telephone Pole It hosts the coax DMARC box, outdoor electrical panel and an outlet From here a direct bury coax will be ran in ground to Storage Unit 1 and go inside It is going to have a Extreme Broadband Heavy Duty Weather Proof Multi Purpose Enclos ..read more