On Wednesday, September 29th 2021 a widely used Certificate Authority (CA) from Let’s Encrypt expired and brought the world to its knees. Well, at least my homelab, anyways. The exact message would be something like “The following CA/Certificate entries are expiring: Certificate Authority: Acmecert: O=Let’s Encrypt, CN=Let’s Encrypt Authority R3, C=US” The fix is quite…
While I was writing a post on how to route specific WEB traffic through VPN, I’ve got inspired and decided to write another post on how to route specific DEVICES (your NAS server, laptop, iPhone, etc) through VPN while the rest of your house still uses the default ISP gateway. This kind of approach might…
For those who followed my previous post on how to configure a VPN client on pfSense, one cool application for it is to route only specific websites through the VPN while the rest of the traffic goes through the default ISP gateway, as usual. That is interesting when you want to use an IP from…
If you recently upgraded to pfSense 2.5, you may have received notifications about some CA/Certificate entries close to expiring. The exact message would be something like “The following CA/Certificate entries are expiring: Certificate Authority: Acmecert: O=Let’s Encrypt, CN=Let’s Encrypt Authority X3, C=US” The fix is quite simple, just visit System >> Cert Manager >> CAs…
Recently I have added a Supermicro X10DRi-T4+ to my homelab and a natural idea was to install a Let’s Encrypt SSL certificate and replace the original self-signed one. For such, I had to adapt a couple python scripts [1] [2] first published by Jari Turkia. None of them worked for Supermicro X10DRi-T4+, but it wasn’t…
As bufferbloat.net defines it, “Bufferbloat is the undesirable latency that comes from a router or other network equipment buffering too much data. It is a huge drag on Internet performance created, ironically, by previous attempts to make it work better. The one-sentence summary is “Bloated buffers lead to network-crippling latency spikes. The bad news is…
Yeah, I know, I need to work on shorter titles 😀 By reading a previous post, you may have created an IPSec tunnel to connect your home and office (or something like that). That is useful on its own, but it can be the case that you also want that all internet traffic to go…
This is another topic that I have referenced so many times that I decided to dedicate a post just for it and save some typing. The goal is to configure a VLAN subnet that has DHCP server and basic firewall rules to allow any traffic on your pfSense. This VLAN will be created from the…
Many of us have more than one pfSense (maybe connecting our home and office, our home and our parents, etc) which would benefit with a direct connection between them. In this post I will describe how to create a routed tunnel that connects both ends, in a way that Site A can directly access Site…
From time to time, I need to reference the use of a IP alias called RFC1918 to separate traffic from local network from other (aka “Internet”) traffic. RFC 1918 was published to “Address Allocation for Private Internets”, which is our local network. There is nobody on internet using any IP in the range described by…