Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pfsense]

pfsense is a customized FreeBSD+pf distribution designed for use as a firewall. It wraps many of the features of the pf firewall code in an easy-to-use web interface.

pfSense is an open-source firewall product built on top of FreeBSD and the OpenBSD pf firewall.
It provides a graphical (web-based) interface for configuring and managing firewall rules, as well as viewing traffic and firewall decisions (accept/reject).

pfsense is available as a pre-built applicance (such as OPNSense or StrongBochs) or as installable software directly from the pfSense project's site.

pfsense is similar in concept to m0n0wall, however as of this writing m0n0wall uses the ipfilter packet filter.

811 questions
0
votes
1 answer

Where are the logs for pfSense's dynamic DNS client?

In the pfSense web interface, under Services -> Dynamic DNS -> Dynamic DNS Clients -> Edit, there is a checkbox labeled "Enable verbose logging", which the pfSense docs claims to "increase the logging for the Dynamic DNS update process"; however I…
Ajedi32
  • 167
  • 11
0
votes
1 answer

OPNsense WAN failover causes disruption when non-active WAN is down

I have the latest version of OPNsense set up in a VM on ESXi 7. OPNsense is very similar to pfSense, and I suspect the solution would apply to both. All the NICs are PCI passthrough devices: A management interface WAN 1, my preferred WAN to be used…
user3466413
  • 69
  • 1
  • 5
0
votes
1 answer

pfSense view allowed/permitted log

I've just installed pfSense and noticed that it only log "blocked" traffic. *Image taken from https://docs.netgate.com/pfsense/en/latest/monitoring/logs/firewall.html How do I enable "allowed/permitted" traffic as well?
Wolf
  • 191
  • 3
  • 9
0
votes
1 answer

HAProxy send-proxy to Nginx

I am trying to reverse proxy clients to a web server through HAProxy and Nginx with SSL traffic using SNI. With the standard configuration, the web server sees the HAProxy IP and connects. When applying "send-proxy" to the appropriate backend in…
Brailyn
  • 1
0
votes
2 answers

Isolate high risk terminals from the rest of a subnet

I have a secure subnet 172.20.40.0/24 but I have terminals where security can't be guaranteed and I have no control over protocol (Exam rooms, external user access). I'd like to set these up on a separate subnet to minimize attack vector however…
bumble_bee_tuna
  • 443
  • 10
  • 25
0
votes
0 answers

How to implement firewall to grant network access for VPN users as-needed (per-user principle of least privilege, OpenVPN)

How can I setup OpenVPN in conjunction with my firewall in such a way that my VPN users' traffic is DROPed by default to all network resources, and only ACCEPTed through the firewall if that user requires access to the specific resource? I have an…
Michael Altfield
  • 525
  • 6
  • 18
0
votes
1 answer

pfSense OpenVPN on AWS VPC

We are in the process of migrating our office servers to AWS to finally decommission. Since we are familiar with pfSense, we are using a mix of AWS services but want to use pfSense as a the OpenVPC server. Our VPC has two subnets: Public:…
pgb
  • 445
  • 1
  • 6
  • 18
0
votes
1 answer

Is IP Forwarding possible for OpenVPN using pfSense on Google Cloud Platform?

I have a scenario with a pfSense machine (subnet x.x.0.0) on GCP, IPSEC vpn with 10 Site-to-Site is working normal but OpenVPN is not, the struggle resides in routing the packets through OpenVPN network (x.x.10.0) and accessing the LAN on GCP…
DR. Congo
  • 3
  • 2
0
votes
1 answer

Pfsense OpenVPN : Why is a client IP used as a gateway?

I am wondering why a client IP (172.21.0.2) is used as a Gateway for the OpenVPN subnet (172.21.0.0/20) ? This IP is attributed to the first client connected. Note that I did not encounter any issue with the clients and their connections. Please…
cyberhippo
  • 3
  • 3
0
votes
1 answer

deploy a vpn from an appliance

I have a client (for our SOC) whos home is protected by a PAN 200 firewall (palto alto) but doesnt have a static ip address. The issue Im facing is how to send all the logs to our vps without having to open up all IP addresses. From what I…
David
  • 11
  • 1
0
votes
1 answer

xinetd doesn't read "included directory"

I want to monitor my pfSense-Box with check_mk. Therefore I need access to a certain port via xinetd. I found a descripton for that in: https://forum.netgate.com/topic/99612/pfsense-2-3-check_mk-working-with-xinetd/2 After reloading filters, I get…
karls0
  • 1
0
votes
0 answers

bbb behind pfsense/firewall/nat

I have a virtualized server with 5 vm, and I have one domain and only 2 public IP (can not buy more IP). vm1: pfsense, eth1: public IP x.x.x.x, eth2: local IP: 10.0.0.1 vm2, vm3, vm4, vm5 (is empty) If I can setup at least 3 or 4 bbb vm (behind…
m.Azadi
  • 1
0
votes
1 answer

Pfsense open port to internet connection

I switched from Ubuntu to pfsense. Which ports and how to open the internet to work? If I do any (the last rule works) but that's not what I want. i just want to open (53,80,443) Pfsense Ubuntu iptables I had these ports open on ubuntu and the…
Mantykora 7
  • 59
  • 1
  • 12
0
votes
0 answers

IPSec Phase 2 Configuration For Translated Subnets?

I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used is running pfSense. There are two primary cases…
CoryG
  • 101
  • 3
0
votes
1 answer

Openvpn site-to-site: cannot access remote network, remote network can access local

I have poured over so many suggestions and spent so many hours (upon hours) on this and simply cannot come up with why a specific vpn connection is only one-sided. I have a centos aws ec2 server (remote network) and a pfsense in a local network. I…
scape
  • 365
  • 1
  • 3
  • 17
1 2 3
54 55