pfsense

Value is important, but not above reliability. SFF preferred

Thanks for your help

I'm trying to get my new Dreamtech L10s Ultra (robot vacuum) to be discovered by Home Assistant, but they're on different subnets and I found an explanation that there are sometimes problems discovering devices across subnets. This seems odd to me because the Xiaomi Miot Auto integration in Home Assistant saw my L10s and even knew it’s IP address - but perhaps that’s TCP and the problem is that UDP can’t cross subnets?

The article says there are 2 ways to possibly overcome the cross-subnet issue: put the devices on the same subnet (currently not an option for me), and “configure IP masquearding on the outgoing routing interface for the subnet where the MI device resides.” With GPT’s help, I tried to add IP Masquerading (which I guess is just NAT), but it’s not working. I’m pretty confident I did it wrong.

My networking knowledge is very basic. Can anyone help me configure my pfSense so that my L10s on one subnet can be discovered by Home Assistant (technically, by the Xiaomi Miot Auto integration in Home Assistant) on the other subnet?

Recently, Comcast did some "upgrades" which caused Pfsense to be unable to ping their gateway. Because of this, my gateway is showing that it is down all the time now, as it is not replying to ICMP requests.

I saw that as a work around to this, you can add a different IP address as the "Monitor IP" which will be pinged and give you an idea of whether or not your interface has a good connection. I chose to use Cloudflare (1.1.1.1) and my interface is showing available again as expected.

My question is regarding this bit of language in the documentation. I know this probably isn't the case, but I just want to be sure that all of my network traffic is not going through this new IP (I don't think that would be possible as this IP likely only listens to port 53 anyways).

My goal is just to use this IP as a canary of sorts to tell me if I have WAN access, I do not want any traffic actually going through it other than ICMP requests bouncing off of it.

Sorry for the noob question.

The CINS_army IPv4 feed for pfblocker seems to be blocking the lemmy.world IP address. I thought it was odd how much lemmy.world had been down this week, turns out it was just my firewall blocking it. Added the IP to a custom allow list and all is well again. Update: seems to be resolved now.

Ok kicking this whole subr... I mean community off here. I have have been digging around trying to figure out what the best way would be to offer a MFA solution for a client VPN solution that can be run on pfSense. Have found that OpenVPN on pfSense does NOT support SAML even though the AC version does ☹️. I know you can also point OpenVPN at RADIUS server which can then use SAML but was looking for a little more, direct solution. Open to any ideas really and interested to see what if anything has worked for others out there. Thanks!

Was checking for PfSense subs on Sunday and there were none. Checked today not expecting much and see someone created one 23h ago. 🙂

Glad to be here. Hope the community grows!

Have a Negate 4100 with PfSense+ v23.05 that replaced a UDMPro as a router/firewall.

My little home rack!

Edit: Picture is actually straight so not sure why it got flipped when uploaded. Still trying to figure out lemmy,