pfSense - iperf package.

That is pretty good to have a tiny linux box on remote location to perform bandwidth test and pfSense does provide that possibility. There’s a package called “Iperf” is available for pfSense - Based on this info it’s fully supportable by pfSense support team, but not sure. Anyways it does work from the box on pfSense 2.2.4-RELEASE (amd64).

[2.2.4-RELEASE][root@pfSense.localdomain]/root: perf -v
iperf version 2.0.5 (08 Jul 2010) pthreads

One thing needs to be done if you’d like to connect to WAN interface - Firewall Rule to allow incoming TCP/5001 traffic (default port for iperf).

pfSense - WebGUI stopped working after applying “wrong” SSL certificate. [SOLVED]

This day I got stuck AGAIN with pfSense after applying SSL certificate for WebGUI. It stopped working AGAIN. Boot logs collected via Console connection looked like this:

Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...failed!
Configuring CRON...done.
Starting DNS Resolver...done.
Starting NTP time client...done.

SSH connection worked, so it’s possible to see what’s wrong wit webConfigurator:

clog -f /var/log/system.log

Aug 25 12:25:27 pfSense-01 php-fpm[40798]: /system_advanced_admin.php: webConfigurator configuration has changed. Restarting webConfigurator.
Aug 25 12:25:27 pfSense-01 check_reload_status: webConfigurator restart in progress
Aug 25 12:25:29 pfSense-01 php-fpm[41498]: /rc.restart_webgui: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2015-08-25 12:25:29: (network.c.609) SSL: Private key does not match the certificate public key, reason: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch /var/etc/cert.pem'

To solve the problem remotely you have to change (change to the same) IP address on LAN interface using “Set interface(s) IP address” menu option AND enable HTTP when wizard will ask you. Then temporarily disable firewall on WAN interface (if you connected via WAN interface):

pfctl -d

Then log in to WebGUI using HTTP, delete bad certificate, switch pfSense back to HTTPS.

pfSense - Potential DNS Rebind attack detected. [SOLVED]

I tried to get access to WebGUI of pfSense using hostname in URL like this The system response was:

Potential DNS Rebind attack detected, see
Try accessing the router by IP address instead of by hostname.

That’s fine to use IP address, but I was needed to test SSL certificate, so it wasn’t an option. I had no choice, but disable “DNS Rebind Check” feature under “System” > “Advanced” menu.

After that system response changed to:

An HTTP_REFERER was detected other than what is defined in System -> Advanced ( You can disable this check if needed in System -> Advanced -> Admin.

To skip that you have to Disable “HTTP_REFERER enforcement check” under “System” > “Advanced”.

After that WebGUI should work.

How to add a new contract to Cisco profile (CSCO).

If you bought a new bunch of new Cisco devices with SmartNet from Cisco hardware retailer they will provide you contract number (I assume it would be 8 digits number). The next step is to add this contract to your existing Cisco profile:

• “Account” > “Profile Manager” > “Access” tab > “Services & Support” > “Add Access” > “Full Support” > “Contract Number(s)” > put contract here > Submit.

The system will reply the following:

Pending Cisco Review
Cisco will review the following contract and send you an email within 2 hours.

Then you will get at least two emails and should be fine.

pfSense ESXi VM lost connectivity after reconfiguring Hypervisor’s vSwitch.

This is something new to me. I was needed to reconfigure VM Network in ESXi 6.0 using vSphere client and pfSense VM lost connectivity after I made changes. I checked the status of interface from Shell and got “no carrier”:

em0: flags=8843 metric 0 mtu 1500
        ether 00:0c:29:b9:e9:8a
        inet6 fe80::20c:29ff:feb9:e98a%em0 prefixlen 64 scopeid 0x1
        inet netmask 0xffffff00 broadcast
        nd6 options=21
        media: Ethernet autoselect (1000baseT )
        status: no carrier

After rebooting the VM connectivity restored. Oh boy...

Admin area