pfsense.md

pfSense

Increase swap

Netgate SG-3100 can run out of memory when updating Suricata or pfBlocker-NG rules. This can cause pfSense to hang until the kernel kills the offending process.

• Netgate forum

1. Add this line to the file /etc/fstab md99 none swap sw,file=/swapfile.bin 0 0
2. Create a blank file of size 1 GB: dd if=/dev/zero of=/swapfile.bin bs=4096 count=262144
3. Enable swap (or just reboot as a test): swapon -a
4. Verify swap is enabled: swapinfo

Domain Overrides over OpenVPN

• OPN Sense forums

Set "Outgoing Network Interfaces" to "LAN"

The problem ist that unbound will by default send all replies out on all interfaces. We set the outbound interface to the LAN interface (while still listening on ALL). This routes the domain-overrides through the Tunnels and all others out the WAN interface.

VPN

• OpenVPN Site-to-Site Configuration Example with SSL/TLS

How to configure remote access on a client Linux device

• OpenVPN Client Export

On the pfSense server:

1. Navigate to VPN -> OpenVPN -> Client Export
2. Scroll down to the "OpenVPN Clients" section
3. Click on the following button to download an *.ovpn file: Inline Configurations -> Most Clients

On the client Linux device:

1. Click on the nm-applet icon in the application tray
2. Navigate to VPN Connections -> Configure VPN
3. In the "Choose a Connection Type" prompt, select "Import a saved VPN configuration..."
4. Select the previously exported *.ovpn file

Fix boot loop

1. Connect via serial console
2. Press SPACE key during kernel boot to drop to loader> prompt
3. Run boot -s to boot into single user mode
4. Run /sbin/fsck_ufs -fy / multiple times until the root partition reports as "clean"
5. Run reboot