Hi @Gertjan Thank you sharing your configuration and suggestions. I'll review my config and carry out more testing with debugging on this weekend. Can I ask, are you authenticating users or devices using username and password in the 'Users' tab, and/or devices with MAC address in the MAC's tab ? Thanks, Stuart

So checking those boxes, adds these lines to the generated config acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^edge\.117pd\.xxx\.us(:([0-9]){1,5})?$ acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^bbc-911\.xxx\.us(:([0-9]){1,5})?$ acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^bbc-revere\.xxx\.us(:([0-9]){1,5})?$ acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^flasktestapp\.xxx\.us(:([0-9]){1,5})?$ http-request set-var(txn.txnhost) hdr(host) use_backend flasktestapp_ipvANY if aclcrt_https-edge This line use_backend flasktestapp_ipvANY if aclcrt_https-edge Is only added if a default backend is selected. If I have a backend for each of these hostnames, it seems that I still need to create an ACL for each to use for backend selection. So I guess I still don't see the point of checking those boxes and creating the aclcrt_https-edge acl .

@bmeeks @bmeeks said in Are there any default packages?: @TangoOversway said in Are there any default packages?: I'm trying to eliminate as many variables as I can to narrow things down. It won't hurt anything to remove those packages if you desire for troubleshooting. If you don't use them, then you won't create any new problem by removing them. I was just saying that in the normal case (that is, when not trying to eliminate possible problems), leaving them installed should be fine. Got it. Thank you!

@smokers Browsing on the pfSense host is not supported by the package. The package is designed for managing mDNS advertisements only. Configure Avahi like this: Check the box that says "Enable the Avahi daemon" Select "Allow Interfaces" as the "Interface Action" Select your LAN and IOT networks in "Interfaces" Do not check the box that says "Disable IPv4" Check the box that says "Enable reflection" Do not check the box that says "Enable publishing" Do not put anything in "Advanced settings" You are done. If you want to know if the service is running, look at Status / Services. Avahi will allow you to discover mDNS services across the LAN and IOT segments. You will need nDNS publishers and mDNS subscribers in these networks to confirm operation. If you are a iPhone or Mac user, Discovery.app is a good tool to see what is being advertised. I can't speak to Windows or Android.

@viktor_g said in Suppress arpwatch flip flop emails for Bonjour Sleep Proxy: Please see https://redmine.pfsense.org/issues/10474 Thank YOU SO MUCH ! ;) In office we have a lot of appleTV and w/o this suppressing mail/pushover would be filled in a day… Good luck in coding!

This is in Diagnostics → Crash Reporter: Crash report begins. Anonymous machine information: arm64 14.0-CURRENT FreeBSD 14.0-CURRENT aarch64 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec 6 20:59:18 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/obj/aarch64/8ra4gn87/var/jenkins/workspace/pfSense-Plus-snapshots-23_ Crash report details: PHP Errors: [14-Feb-2024 23:41:45 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:41:45 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:42:24 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:42:24 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:03 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:03 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:59 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:59 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:52:39 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:52:39 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 No FreeBSD crash data found.

@nambi Sure, any DNS filtering option that you are comfortable with, and find easy to use would do. But you still need to make sure you are doing your best to block “alternative DNS options” for clients which gets somewhat more difficult if you do not use pfBlockerNG. Don’t let clients use OpenDNS servers directly. Set up DNS Resolver in pfSense and forward it OpenDNS. Then you can still create a NAT destination rule that catches all rogue DNS client requests and forwards it to the built in resolver (using OpenDNS). Then all you have to do is figure out how to easily block most/wellknown DNS over HTTPS/TLS servers - that will get a little hard without pfBlockerNG (where it’s quite easy)

@CZvacko said in Squidguard + Whitelist + regex: use regex since 2.7.2 above regex stopped work, now I use below (.*office365\.com.*)|(.*office\.com.*) It can also match a url like below, it doesn't bother me too much, someone can improve my regex... HACKoffice365.com office365.comHACK

@christopherbradski Just following up that I figured this out and that the CLI doesn't behave exactly like the UI when adding packages. Anyways, you can check the results of my effort here: https://github.com/christopherbradski/pfsense-addons

@Gertjan thanks for all the work done above. You are absolutely right this was an oversight on our side and yes we've decided, as per the same analytical process you went through, to use SQL as a back end instead of files and ditching pfsense altogether. The appeal of pfsense was that it is almost he only decent GUI to manage freeradius which help with the adoption internally. Thanks a lot for the reply.

@jecker it’s probably this: https://docs.netgate.com/pfsense/en/latest/backup/zfsbe/space.html Just ignore the size shown and delete a few old ones.

same problem here with flip flop notifications for a server that uses a bridge on its interface. MAC are all lower case here, as reported in the notification. package version 0.2.1

I switched back to using the ISC DHCP server. Now arpwatch is working properly again. It seems the new DHCP server was the problem.

@izanatos It seems as if /cf/conf/config.xml refers to files like: /usr/local/pkg/freeradiussettings.xml and /usr/local/pkg/freeradiusclients.xml As far as I can tell, those files do not contain configuration and are merely a template for the web GUI. So the question is/remains where can we find the configuration? I've been searching for known values but I could not find any. I'm sure I still have to learn a lot about how pfSense works and interacts with installed packages. Suggestions are welcome. :-D

@SteveITS said in Package Manager is down on my end, it is the same for others?: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors Thanks again, this fixed it!

There are number instructions posts, but none about how to get rid of the "permission denied" line

Hey, I have a free radius server that support eap tls 1.3. I send an eap tls authentication using Windows 11 and see by wireshark that packet are really eap tls 1.3. but then when i do it using MacOS / iphone / android that support eap tls 1.3 by default (as wrote in apple and android forums) i see an Client hello of 1.2 without the extension of support version and the authentication is by eap tls 1.2. Anyone saw this issue/ know if they are really support authentication of eap tls 1.3 ? I use same certificates for all of the clients and install them. Thanks, Nir.