Overclock.net - An Overclocking Community - Reply to Topic

Thread: The pfsense Club Reply to Thread
Title:
Message:

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
06-06-2019 08:13 PM
Prophet4NO1 I have mine running on adaptive with a 1Gig fiber connection and multiple vlans. Never noticed any issues. I have multiple servers running behind the firewall as well. Some for outside things like games and teamspeak. The CPU is an E3-1231 V3. Been running for a few years and never had an issue as described. Not sure why it would effect anyhting. It's not like the CPU gets much actual load unless you are doing a lot of scanning/inspecting of packets.

Do you have any more details on what seems to cause these issues in relation to the power settings? Maybe some decent writeups?
06-04-2019 05:13 AM
Simon10362 I've come across an example where someone brought up that powerd when not set to maximum was causing latency spikes in their network.

Do you lot use it on it's HiAdaptive or Normal mode?

I personally use it on Maximum right now for the full potential of the machine but I am wondering if I'm really just gimping myself in power cost.

I'm running the edge router/firewall on an old PC rig of mine.

i5-3570k
z77a-g45
16GB 1600Mhz DDR3
120GB SSD
4 Intel Gigabit Desktop Adapters for 3 seperate LANs, 1 with a VLAN for IPTV.

Machine is for a torrent server, webserver, gaming and general home computing useage, IPTV, Wifi etc.

300/300 network used with HFSC.

05-23-2019 07:01 PM
Prophet4NO1 2.4.4-p3 out!

Quote:
Highlights
Security / Errata

pfSense software release version 2.4.4-p3 addresses several critical security issues:

A privilege escalation issue where an authenticated user could have used a technique similar to directory traversal to gain access to pages for which they otherwise would not have privileges
A privilege escalation issue where an authenticated user granted access to the Dashboard or widgets could have gained access to pages for which they otherwise would not have privileges

A privilege escalation issue where an authenticated user granted access to edit OpenVPN servers, clients, or client-specific overrides could have executed shell scripts via OpenVPN advanced options to gain higher privileges

A new set of privileges has been created to delegate access to edit the advanced options fields on these pages. Existing users who are not administrators, but only have access to the stated pages, can no longer edit advanced option fields until the new privileges have been granted.
Potential cross-site scripting (XSS) vectors in 10 GUI pages

The sshguard daemon which protects the GUI and ssh against brute force attacks was changed to use a single table to block offenders from reaching the GUI and SSH, which corrects previous unexpected inconsistencies in behavior.

Several FreeBSD security advisories:
FreeBSD-SA-19:03.wpa
FreeBSD-SA-19:04.ntp
FreeBSD-SA-19:05.pf
FreeBSD-SA-19:06.pf
FreeBSD-SA-19:07.mds
FreeBSD-EN-19:08.tzdata
DNS over TLS host verification has been added, thanks to support from a recent Unbound version that made it possible on systems without OpenSSL 1.1.x.

For complete details about these issues, see the see the Release Notes.
Upgrade Notes

Due to the significant nature of the changes in 2.4.4 and later, warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2.

Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade.

Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.

The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view.
04-17-2019 07:29 PM
Prophet4NO1
Quote: Originally Posted by Blze001 View Post
Yeah, I was on the verge of getting the Intel I210s when I came across these 10Gtek ones where pretty much every review said "Works great with PFSense!" so I took it as a sign.

Unfortunately, the on-board network chipset is a Realtek one and I've heard those are very hit and miss. Leaving that one out, I'll have 4 ports and I'm thinking of having 1 for modem, 1 for the wireless access point (this is the port I'd want the VPN on), and 2 for hardline connections (PS4 and gaming rig, no VPN).
You can setup firewall rules to send spacific devises/clients into the VPN. It's pretty simple. You can go even more fine grain if you want. Some ports, for example, use the VPN, others do not.
04-15-2019 04:24 AM
Blze001
Quote: Originally Posted by Prophet4NO1 View Post
Congrats on taking the leap. Generally, you need to make sure you are using Intel NIC's. Some others work, but Intel ones are always a safe bet.

If you are doing VLAN setups you will need a switch that can handle VLAN. Meaning a managed switch. The other option is to just put in a multiport network card and making each port a different network. No need for VLAN then. You will then be able to setup firewall rules to block traffic from crossing from one VLAN/LAN to the other.
Yeah, I was on the verge of getting the Intel I210s when I came across these 10Gtek ones where pretty much every review said "Works great with PFSense!" so I took it as a sign.

Unfortunately, the on-board network chipset is a Realtek one and I've heard those are very hit and miss. Leaving that one out, I'll have 4 ports and I'm thinking of having 1 for modem, 1 for the wireless access point (this is the port I'd want the VPN on), and 2 for hardline connections (PS4 and gaming rig, no VPN).
04-13-2019 10:47 PM
Prophet4NO1 Congrats on taking the leap. Generally, you need to make sure you are using Intel NIC's. Some others work, but Intel ones are always a safe bet.

If you are doing VLAN setups you will need a switch that can handle VLAN. Meaning a managed switch. The other option is to just put in a multiport network card and making each port a different network. No need for VLAN then. You will then be able to setup firewall rules to block traffic from crossing from one VLAN/LAN to the other.
04-09-2019 05:08 AM
Blze001 Well, we started using NordVPN and it turns out our trusty old ASUS router can't quite handle VPN tasks on gigabit internet for 5 people, imagine that. So I'm building a PFSense box with my old i5-4670k that's currently in a dusty box doing nothing.

Specs will be:
- i5-4670k
- ASRock H81 PRO BTC. My old LGA1150 mobo died, and this was only $45. Plus it has 5 of PCI X1 slots, perfect for a supercharged router.
- 8GB
- Whatever the cheapest SSD is at MicroCenter.
- Two 10Gtek Intel 82576 cards.

I plan on setting up two VLANs: one will go through the VPN for most of our general traffic, the other VLAN will not use VPN for things like streaming and big downloads. ASUS router will become a basic WAP on the VPN VLAN. Since we want speed, I'm going to dedicate this box entirely to PFSense, rather than try to run VMs with PFSense and FreeNAS or something else.

Since this will be my first foray into the world of PFSense, anyone have any common pitfalls I can expect to run into?
02-10-2019 08:12 AM
parityboy @thread

I upgraded to VirtualBox 6.0.4 from 5.2.26 and a large number of networking issues seem to have been fixed. My pfSense instance seems to behave a lot more stably and reliably. I've narrowed it down to an issue with the host-only networking implementation, since traffic passing through a powerline adapter bridged into the very same instance behaves perfectly well. It would appear that the host-only networking has received some bug fixes, at least on the BSD side of things; Linux-based routers have never given me any trouble.

Just out of interest, has anyone here combined VirtualBox with OpenVSwitch?
01-25-2019 09:57 AM
huzzug A little update to my previous post: I still don't have access to the webconfig, I can ping google from shell and looking at my network adapters, the loopback adapter is not being identified. The device description still shows "Unidentified". I've tried to reset, reinstall PfSense, re-install my network adapter but nothing has helped.

Anyway I cna troubleshoot why this happens and to get the loopback adapter recognized by windows.
12-17-2018 03:40 PM
Prophet4NO1 Anyone have a good way to test and log WAN speeds over time? Something like the Ubiquiti gateways have? I thought about just making a simple script to run speedtest-cli and record the results, but I was hoping for an easier to read chart/graph rather than a wall of text.

Any thoughts?
This thread has more than 10 replies. Click here to review the whole thread.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off