Book Recommendation for pfSense

Hi everyone,

I’ve been using pfSense for my home network for a couple years, mostly learning from videos like Toms and a few others. I still struggle with a few rules, running multiple SSIDs and directing one to not using the VPN on PIA.

Can anyone recommend a textbook that helps with this? Below are three that I’ve seen on Amazon but do they address this issue are they worth buying?

  1. Pfsense A Complete Guide - 2020 Edition by Gerardus Blokdyk (released SEP 2019)

  2. Learn pfSense 2.4: Get up and running with Pfsense and all the core concepts to build firewall and routing solutions by David Zientara (released July 2018)

  3. pfSense 2.x Cookbook: Manage and maintain your network using pfSense, 2nd Edition by David Zientara (released DEC 2018)
    Others?

Any advice would be greatly welcomed.

Thank you,

JT

I’d say Netgates documentation is pretty good https://docs.netgate.com/pfsense/en/latest/index.html, just download the pdf.

There are also old pfsense Youtube videos from netgate that I found useful.

Or ask some more specific questions here and people might be able to help you work it out.

Thank you neogrid I’ll check it out.

Hi garethw

Thank you.

I watched one of Tom’s video’s (Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsense).

I’m running pfSense on 6 Port Protectli Vault, have a Gen2 cloud key, a UniFi 8 port managed switch, a UniFi WAP and I’m running a LAN along with 3 VLANs with SSIDs for each.

I set up one VLAN for my iOT devices but when my VPN runs all traffic gets passed through the VPN and I get connection errors from Netflix, and others when trying to stream video.

It worked on the legacy PIA network but once upgraded everything gets blocked. I’ve followed the video several times and rebuilt the network at least three times but I assume I’m not writing the rule properly.

Any thoughts?

Everything works fine on the IoT VLAN when the VPN is down but fails when the VPN is up?
Are devices on other VLANs working as expected?

Yes, everything works fine on the IoT VLAN when the VPN is down. When it’s up I’m blocked on streaming devices (FireTV, Netflix, Hulu, etc). All the devices on the other VLANS work great.

I change networks on my Mac and iPhone and to the other VLANs and everything works. I check my VPN status and yes, I’m in another state behind the VPN. All the devices work as intended and don’t reveal my real IP address.

I even changed my DNS from Quad 9 (9.9.9.9 and backup 1.1.1.1) to the PIA recommended address for streaming (10.0.0.243 — forwards streaming domains to the parent proxy for potential access to some streaming services) however; I’m still blocked from streaming until I shut down the VPN on the router.

Ok, so two things to check / confirm…

Do other things work on the IoT VLAN with the VPN up (general browsing, downloads, ssh, ftp)
Do the IoT streaming devices work if you move them to a “normal” VLAN?

I do believe that is what’s called a DNS leak ! Google DNS leak test to check your setup is doing what you think it should be doing.

I would check your rules have the correct gateways and the outbound NAT rules are correct.

The real question is : What is your networking background? Are you a working professional IT guy sysadmin/netadmin or is this somethinig new to you and more like a hobby?

Books are good if you already understand networking fundamentals and have real world experience, else they will be a waste of money for you.

If you need a book to solve a network issue, it is because some fundamental knowledge isn’t mastered yet. Better make a network diagram of your current setup and exlain to others what you want to do. You might get a reply from a network pro that could explain what you should do and how. Else, well, you will have to experiment by yourself (by reading books and building labs) and then try it on your network.

As a network engineer myself, I would buy all of them. I have read so many Cisco Press books over the years I should have bought stock in the company, lol.

If you read and lab like @pjdouillard mentioned you will learn pretty quickly.

Hi neogrid,

Sorry been away from the computer for a couple days. Thank you. That’s along the lines I was thinking but was looking for external references (e.g. book recommendations).

Hi aretha,

Yes, other things wok on the IoT VLAN with the VPN up and running. Just not streaming due to restrictions from the providers (netflix, hulu, prime, etc…).

Hi pjdoullard,

This is for my home network. I work with regulatory requirements and ISO standards but worked for a VAR (value added reseller) and networking company 20+ years ago so I had some basic skills.

I’ll upload a diagram tomorrow when I have access to my files. Yes, it’s a lack of the fundamentals… My home network is an experiment in process but almost everything works…

The IoT streaming devices work on the other VLANs when the VPN is off system wide. However; the do not work on any of the VLANs when the VPN is running.

It “should” allow any traffic on the IoT VLAN but when I test it, it shows up behind the VPN. I know I failed to configure one of the settings properly but haven’t figured it out yet.

I’ll try setting the VPN one VLAN at a time tomorrow when I have time again. Thank you for pointing that out… :slight_smile:

Sometimes I can’t see the trees through the forrest.

This situation of all traffic going through the VPN only, with all other traffic being blocked from the ISP seems to be a common situation, you might want to look at some old posts for a solution.

You might want to check how you’ve setup your DNS, it strikes me if you are using a DNS to resolve a hostname then you have a DNS leak when connecting to their servers. Might be wrong but you can do an online test to be sure.

Do you think the streaming services are blocking you because you are going through the VPN?

Are the IOT devices supposed to be going through the VPN?

Are the other devices supposed to be going through the VPN?

Hi garethw,

Yes, I thought they were blocking me because I was coming from a PIA VPN.

However; I did resolve the issue today.

neogrid suggested looking at a possible DNS leak. That was it… I was using the PIA suggested DNS. When I changed it last night to 9.9.9.9 and 1.1.1.1 everything was resolved.

Thank you for your insight!!!

neogrid, THANK YOU!!!

Your suggestion at looking at the NAT and DNS was a great help. I confirmed the NAT settings were fine.

The DNS setting though were set to use the following:
dhcp-option DNS 10.0.0.241
dhcp-option DNS 10.0.0.243

I didn’t have the dhcp-option DNS exactly as it appears above. I had it lightly different based on the prior PIA syntax.

This was the problem for me.

When I changed it to 9.9.9.9 and 1.1.1.1. everything resolved.

I’ve backed-up my pfSense settings, and rebooted everything and the SSIDs behind the VPN are working and the SSID for the IoT network allows me to stream from Netflix, Hulu and Amazon.

THANK YOU!!! Have an amazing day!