Search the Community

I’m planning on building a DIY router with 2-3 APs. I haven’t decided if I should use OpenWRT or pfSense or something else (would love to hear your inputs on that). If I want it to have mesh roaming capabilites, what are the things I need to keep in mind? Would I be able to use any APs, or would I need to use one from the same brand/model?

Hi Community, I´m getting some issues recently while trying to play Dayz again. While trying to connect i´ll get the error 0x00010001 which means that the host is not reachable, but with VPN connection everything works. So it has to be a problem with my settings. I tried to set up another DNS 8.8.8.8 & 1.1.1.1 instead of my pihole. I tried to open ports (set up a wildcard) for testing in my pfsense. I have uninstalled my surfshark vpn (sometimes they do cause the issue) and now I don´t have any idea left to check. Mostly I run an proxy to cloudflare for my whole network, but I disabled it for the testing. Has anyboby an idea what I could do next? Thx a lot

Hi all, I am having issues with setting up routing between 2 pfsense firewalls. Main firewall has the following networks: 192.168.1.0/24 WAN (IP address 192.168.1.250) 10.1.70.0/24 - Server LAN (IP address 10.1.70.254) 10.1.20.0/24 - IT LAN (IP address 10.1.20.254) Firewall has the following networks: 192.168.1.0/24 WAN (IP Address 192.168.1.2) 10.1.10.0/24 HomeGuest LAN (IP address 10.1.10.254) The issue I am facing is that when I try to create a Gateway on the secondary pfsense, it shows 100% packet loss Main pfsense showing it's working. No idea why it's not working, I have tried factory resetting it, even tried deferent versions and the same problems is occurring. Could someone help.

I'm having an issue with pfsense. Whenever I download some bigger files the DNS stops responding and I need to restart the macine. It's running the latest pfsense build. I had a similar issue in 2.6 when downloading but it dns would start responding again after a heavy download finished. Machine is an AM1 5150, 12Gb DDR3, two nics (1x dual port 1x quad port) I'm considering doing a fresh install if I messed up any setting.

Hello, I'm in the process of setting up a pfSense router for my 1Gbps/2.5Gbps home network. I'm looking for recommendations on suitable hardware components or pre-built mini PC systems that are known to work well with pfSense. My primary requirements include achieving reliable throughput, using energy-efficient components, ensuring compatibility with pfSense, having the option for expansion, and selecting hardware known for its durability. If you have specific models or brands in mind that have worked for you. Thank you in advance for your insights. Best regards,

hello i have some doubs about pfsense, i have a 10gb connection in my house and i want to host a game server with at least 300 people online in peaks, and i want to protect the server with a firewall pfsense, i was thinking in buy a low end desktop only to install pfsense that should stop like 90% of kiddos that want to attack the server and my doub is that idk what extension of pfsense i should use... ofcourse i accept any idea that you all can give me UwU

Hello, I have installed Pfsense firewall on a cloud VM in proxmox and my pfsense have a public wan IP, but i cant access its web configuration on wan IP, i have tried to allow all outside network and all protocol on its wan address after than i can ping and ssh into console but still cant open the web gui, I have tried the fixes on the internet and it work when i get my wan public ip from dhcp then i can do some changes and i can get access to web gui from wan ip like pfctl -d but this wont work when i put my static public ip Any help please Thank you

So I'm setting up a new home network soon. I have my pfSense router, 1 16 port gigabit unmanaged switch and a 5 port unmanaged switch (will not need all ports, its just what I have), and 3 Engenius EAP1300 WAPs. I want to setup my network so that there are 2 networks. 1 for all home devices and 1 for IoT/guest but the IoT/guest will be WiFi only on a seperate SSID. The WAPs I have, have an option for it to be a guest network and setup its own DHCP server for the guest network but I want to have the pfSense router controlling everything and not the WAPs. I want the DHCP server and firewall rules going through the pfSense router. I was wondering how I could create a second subnet for the IoT/guest network and how to manage it all through the router. I would usually just do vlans but these are unmanaged switches. Am I asking too much and should I just go with the WAPs to do all the work?

Hello. I'm wondering if anyone can help me with with any troubleshooting on latency from my home network. I've been noticing a small lag spike when watching videos on my pc and later when I was playing games with a buddy, I was getting a more noticeable effect. Playing Halo MCC and Infinite specifically I would see a message saying "packet loss" and when we would try and load a new level on MCC he would desync and then no longer be on the same game as me but on the same level. Just a few moments ago I decided to do some troubleshooting and well... Problem; I have bad packet loss while keeping very good ping. Troubleshooting Done So Far; As my system was newly built I checked my drivers by installing Armoury Crate and let them update it to keep it hassle free. No improvements when running ping tests. My router was using PFSense, checking and applying the update from 2.6.0 to 2.7.0. No improvement. Ran ping tests from PC to Router, no issue. PC to Google and Router to Google, same issue. Image Below. Is there anything else on my side to help find out, if not fix, the issue or do I need to talk to my ISP to go any further? Thank You in advance.

Hello fellow LTT forum members, I am in the process of setting up my network and could use your expert advice on the optimal order of my networking gear. My current setup is as follows: ISP > PFSense router > 24 Port managed switch > wifi + 1G dummy switch for all LAN connected devices The hardware I am working with is: PFSense router: 1U Dell Poweredge 1950 24 Port managed switch: Nortel 5520-24T-PWR Wifi: Linksys Archer C4 (or C9 i can't remember I know its an ax router for my VR) 1G dummy switch: TP-Link 8-port 1G My main question is regarding the PFSense router and the managed switch. Currently, the router is set up immediately after the ISP, followed by the managed switch. I am unsure if this is the best arrangement, or if it would be better to swap the positions of the PFSense router and the managed switch. I understand that the PFSense router serves as a firewall, securing my network from potential threats, while the managed switch helps distribute network connections to various devices. I am looking to optimize both security and distribution efficiency in my network. If anyone could lend their expertise or experiences with similar setups, I'd greatly appreciate it. Any other advice or suggestions on my current network setup would also be very welcome. Thank you in advance for your time and assistance! Best regards.

Hello. I'm using pfsense to set up a personal router for my own home network. I have Cox ISP to a Netgear Nighthawk CM1000v2 to a mini pc that contains a Celeron J4125 with 8gbs of ram and has 4 2.5gb ports. I've set up the 1 LAN and WAN ports. LAN leads to a switch that everything, including the access point (which isn't setup yet), is connected to. My computer is plugged into the switch. I have tested by plugging directly into the router. When setting up I followed both networkchuck's and Lawerence Systems's videos on it. Pfsense is running 2.6.0 on amd64. I see the WAN with my public ip and my LAN with my local ip. DNS server of 1.1.1.1 and 9.9.9.9. If there is more info needed please let my know.

So, I have an old PC and a lousy router. A good combo for potentially better internet speeds I hear. PC specs: i5-9600k ASRock Z390M Pro4 LGA 1151 (300 series) Intel Z390 Lots of extra DDR4 RAM around A few extra SSDs While I would still need a router for at least an access point, I may just use my existing router until I buy something new for a WiFi signal. The main question then is whether this hardware would be sufficient enough to run pfsense. Not necessarily spec wise but whether it is compatible or not. I would plan on getting some sort of Intel networking card for more ethernet ports but until then, I'd really just like a connection that doesn't give out as much. Any thoughts? I am open to literally all options.

So I'm working on setting up pfSense and just got on the web interface and it's asking for a primary and secondary DNS server. What does that mean? What do I put? Does it do anything?

Hello and good day... im thinking of implementing "due to my fathers request" an upgrade to our small family business network. now i an new to networking outside of basic ISP to switch to PC networking and would like more experienced users to look at what im thinking of implementing if its viable. please take note that this is a small family business and buying expensive network gear might be a little stretch to our budget. this is the said network layout. Now for my explanation on why i would like to set it up this way. first is the price... with this im only looking at around $500 - 600 worth of equipment 2nd is using pfsense. ive been looking for a way to make it so that we have guess wifi and employee wifi. basically making the guess wifi a timed connection and also having vouchers later on if needed. 3rd is later on im also thinking of using the 1u as a sort of database for our business. Tracking item stock and stuff maybe even using it as a CCTV video storage just to save money. not sure how i would implement that but im sure ill find a way to jank it up. now im asking if this setup is viable and OR any better alternative for my use case. Feedback is much appreciated. Thank you. edit: reason why im using 2 switch on different floors is because there are still some area in our building that isnt being used. but im just thinking ahead just incase we do need wifi/lan connection in those area... or should i just trow the 2 switch idea and just run lines from first floor to all the different areas of our building... XD

Okay, I don't know if this is a network issue, a pfsense issue, an unraid issue or something different. If this is not the place for this topic feel free to move/delete it. Here is my problem that I can't seem to fix and that has me doubting everything for the last two days. Whenever I try to download a torrent on my Unraid machine it brings down the speed of the network wide VPN to a crawl. Even when I stop the download the speeds don't increase and I have to reconnect the VPN connection entirely. I. Dont. Get. It Here is my setup: Modem 192.168.0.1/24 (1000/50 Mbits) ---------> pfsense (wan: (exposed Host) 192.168.0.2/24, lan: 192.168.1.1/24) with OPT1 as an outgoing connection on NordVPN for network wide VPN--------------->Rest of the internal network with the Unraid Server (192.168.1.7) So, here is the deal: Everything works fine as long as I don't have any torrent started on the Unraid Server. Regular downloads work just fine. Also, when I use the NordVpn client on any machine I can download the Ubuntu Torrent that I use as a test file without any loss in speed anywhere in my home. HOWEVER... The second I start the torrent on delugevpn (or any other docker on that server) the VPN connection from pfsense to the outside world comes to a crawl network wide. None of my machines that are connected to that are affected. We are talking 8Mbits down instead of 500 and a tripple digit ping. Even if I stop the download, close the docker and stop everything the speed wont increase. The only way to get the speed back is to reboot the whole vpn connection in pfsense manually. Here's what I've tried on pfsense: Changed NIC Switched CPU Switched SSD Tried it on a complete other system, one more and one LESS powerfull in case I'm going crazy Factory reset BIOS update Manual config from the ground up played around with the NIC options like Hardware Checksum Offloading and so on tried many different VPN servers all around Europe Changed Hardware Crypto engines And on Unraid: uninstalled and reinstalled delugevpn (Download Client) tried three different docker for downloading switched NICs BIOS update Tried an entirely different Unraid server As you can see I tried a lot of things and I am sure I am missing something. Please LTT community, I am going crazy

Hey there, noobie here asking few questions hope I'm on the right sub =) Is the snort package the same as having snort running on an other machine on the same network as pfsense (duh) or there are few things missing in the package? Is this package ONLY using predefined rules based on snort's knowledge or can I add my own rules? and if so what are the differences from those rules and pfsense's fw rules? and finally a less pfsense related question but I'll throw it in here, how can I test my snort (see more of the possible alerts produced)? I've tried visiting some known malicious websites so I'd get " Potentially Bad Traffic" and " Unknown Traffic" alerts, so what are other attacks I can do? thanks in advance =).

I have FTTH 1 Gig down/up connection. Currently on a consumer Asus AC88u router, have several devices set up to use the (slow) VPN through the router. I'd like some recommendation to get better Wireguard (or OpenVPN) speeds preferably as close to 1gbps as possible? , solid reliability, and some ad blocking. Newbie, but not afraid to tinker with stuff, would like some room to add features as I learn more about Pfsense. Have been looking at used Dell optiplex, HP ProDesk G4 400 and qotom boxes, but feeling overwhelmed with options. So any help appreciated.

So currently I have it set up to send certain clients over a VPN and others not. Basically the dhcp range is 192.168.2.11 - 192.168.2.254 which are all sent over a VPN, 192.168.2.2-192.168.2.10 are not sent over the VPN. This has worked fine because all of my devices can connect directly and be sent over the VPN while everyone else uses our old router (which has it's own network) and is seen by pfSense as one client. (192.168.2.2). The problem is I'm planning on setting it to bridge mode (because it's a group of mesh nodes that provide better wifi coverage but keeps randomly not connecting to the internet requiring it to be rebooted (idk why it does this, no other devices on the pfSense router have any issues)) and have pfSense handle all the routing. Ideally I want to be given an option through something like captive portal for if I want this device to connect over a VPN or not when joining the network & depending on the response chose the dhcp range accordingly (for example I could make 192.168.2.11 - 192.168.2.100 no VPN and 192.168.2.101 - 192.168.2.200 with the VPN) if anyone has any input on how this could be done that would be awesome. I'm trying to avoid just having to manually specify and IP from all of my devices that I want to connect over a VPN.

To set the stage, back in November 2021 spectrum replaced our modem because our existing unit was not going to be compatible with their docsis 3.1 network they were upgrading too. From the start they had issues. The modem showed a link with the pfsense box, but it would not get any DHCP data from it. After a month of trying things with charter and trying 2 different modems we got the network to work. Fast forward 1 1/2 months to mid-January, we lost internet one day for some reason. I restarted the modem and router and as expected it started working again. A week later it happened again, and this time it took 4 restart cycles to get it working right. After this I hoped it would be the last time, I had to do this again about 5 days later. I am a curious person and before restarting anything i tried connecting a computer directly to the modem and it had no issues getting internet. I was puzzled and followed my restart procedure to get our internet working. Again, it went but I could get internet by directly connecting. So, I decided to try my spare Wi-Fi routers from 2014 to 2018. 3 different units reported no connection on the wan from the modem, but in-between changeovers before restarting the modems I plugged a computer directly into the modem and got a working connection. I decided to reach out to spectrum, and they say that the hardware may be faulty, so I took it to a different location and it worked fine including my pfsense box. I then reached out to spectrum again and they claimed that our router is probably not docsis 3.1 compatible and will no longer work. To my understanding once the internet leaves the rj45 port on the modem it is not using the docsis protocol but using ipv4. The cable representative eventually was willing to send a tech out after 3 multiple hour-long phone calls with them, but requested I validate that a pfsense dedicated PC is compatible with a doksas 3.1 cable modem. So, my question is, is pfsense docsis 3.1 compatible (as requested by spectrum) and does anyone have any other troubleshooting things I can try if they cannot get anything working in the near future? Thanks! Modem: hitron en2251 PFSense box info pc engines pc: apu4c4 (4Gb ram, AMD GX-412TC CPU) PFsense community edition version 2.4.4-release-p3 other devices tested to check for modem internet connection AMD fx desktop (successful internet connection) HP ProBook laptop (successful internet connection) ASUS rt-acrh13 (no network cable attached error) ASUS rt-ac86u (no network cable attached error) Netgear prosafe VPN firewall fvs338 (no network cable attached error)

Good evening everyone, I've got an issue with a new pfsense router I'm setting up in my apartment and I'm wondering if you might be able to and interested in giving me a hand with an issue I'm having. I have ESXi running on one of my servers, and a vm of pfsense on that. My ISP locks each apartment down to one MAC address per apartment, so this evening I gave them a call and changed the MAC address to the one on the dedicated NIC I'll be using for my WAN interface. I set up pfsense so it's all up and running and visible on the LAN, however for some reason I can't figure out, It won't connect to the WAN. If you have any ideas, it would be greatly appreciated! Here's the breakdown of the setup: My isp jack is plugged into a dedicated single port 1gig NIC with the MAC ending in 63:e3. I have ESXi set with only pfsense using that NIC. In the virtual switch, I made sure the mac address is the same one that ends in 63:e3 In pfsense, I set it up to be the gateway with the wan port being the NIC that ends in 63:e3, and made sure to set the MAC address in pfsense to 63:e3. On a completely different NIC, I set up the lan. Pfsense boots, acts normal, can manage everything on the lan, but can't connect to the WAN. I can see pfsense receives one packet from my isp, as pfsense keeps sending more and more. I have tried everything I can think of however it still won't connect, and my isp is absolute that it's not on their end. Thank you so much for you time! Samuel

So I have 4 VMs that friends use to host game servers and other stuff on but I am trying to find a way to still allow the VMs internet access without allowing them to access devices on the same LAN as the server (i.e. everything else in my house). I assume the best way to do this is with VLANs but I can not figure out how to set that up, right now the router is running pfSense and I'm using an external vSwitch in Hyper-V so the VMs all show up on the same LAN as the server and that works but it has access to everything on that LAN. If I create a VLAN for the LAN interface on pfSense and assign it the same tag as the virtual switch on a VM the VM can't reach the router at all (I can't ping 192.168.4.1 (which should be the router)). pfSense Interface: pfSense VLANs: VM network adapter settings: If anyone has any ideas or a different way of doing this that would be awesome...

Hello guys! I have an old laptop and I want to turn it into a powerful Firewall (pfsense). I have a GPON router, issued by my ISP. It doesn't have an Ethernet port for the WAN, only LAN ports. Question: Do I still need to buy a USB 3.0 Gigabit Ethernet Adapter that will act as my router's WAN port? Hardware: - Old laptop with one LAN port - GPON Fiber Router with four LAN ports Thanks guys!

I have install pfsense on an old dell Computer that I used as a server. I added a dual pot NIC, and it is running just fine. I would like to cannibalize the GPU and use it for another build; however, I am newer to pc building. Has anyone done this? can you run pfsense without a GPU after you have it configured and set up? Second question, where do YOU order your parts from? What sales site do you use primarily to order from? Thanks guys!

I want to build or buy a server to host pfsense on what hardware wold you recommend. The thing is I was thinking of buying a epyc 7601 and building a server with it and make a bunch of vms (lxc containers) with proxmox to host other things such as a minecraft server (up to 15 players max), jellyfin, nextclound, host vpn to access things within the network, torrent server, pi hole or blocking ads with pfsense, and some times other game server for a few days to play with friends. (The max amount of people there is going to be on the network is 10 but for most of the time it's going to be me and only me ) I not sure if it would be better to split the server or not what would you recommend and I also have no experience with server hardware just to note.

I run a local Minecraft bedrock server for just my wife and I at the moment. We play from many devices (iPod, iPad, Xbox, PC). I have no problem with auto discovering the world in Minecraft when the client and server are on the same vlan (shows up under the friend’s tab). However, when I put the server on a different vlan, I'm unable to discover it automatically in Minecraft’s friends tab using dicovery. I can still join the world if i specify the IP or DNS name of the server, so my firewall is not blocking access, as far as i can tell. I think, it may have to do with nat reflection, udp retransmission, I use pfsense as my router. My relevant vlans are: Servers (where I would like to host the server), Trusted (where we are connected on wifi, so the clients).