@NogBadTheBad

I just did that and it stopped, and i think I know why. Those cams use L2 for discovery.

Thank you very much!

@darkcorner

You said in the other thread :

@darkcorner said in Network access blocked after update:

that I now have to configure from scratch..

That's a 'noop' ;)

When you remove all ('big') packages before upgrading, the upgrade process goes much faster.
When you have a copy of that config.xml file, right after the upgrade and reboot, you should import config.
All packages that are marked as "installed and configured" in the config file will get downloaded, installed and configured.
A final reboot and you're ok.
Nothing to reconfigure - with the exception : if there are new options, you should check these packages and make your config choices.

@abuttino said in radtest not found / Problems with FreeRadius:

grr, was using the wrong pfSense server.

not sure why that should matter running the pkg command, I could see it not having freerad installed as to why radtest not there. But the pkg command? Maybe that just generic sort of error since that pfsense didn't actually have the radtest file because freerad was not installed.

@elvisimprsntr said in LCDProc (/dev/cua1) failed (No such file or directory):

@sebr

Looks like the Peplink Balance series LCD displays have the ST7066U (or compatible) LCD controller.

http://lcdproc.omnipotent.net/hardware.php3

Screenshot 2023-05-27 at 10.55.49 AM.png

Is there a /dev/lpt0 port listed?

If so, you might try the following:

Com port: (/dev/lpt0) Driver: HD44780 and compatible Connection type: Likely 4bit or 8bit, but try each until you find one that works.

If not, then it might be connected to a serializer chip, thus /dev/cua*

Thanks for your help, I'll go back and test this.

@Gertjan said in FreeRadius with Windows Active Directory:

You are using "PAP authentication" ?

Should FreeRadius work with Active Direcroty throught NPS Radius or as LDAP autorization? i think it work as LDAP, as there are Base DN Filter and Base Filter attributes. i have configured in pfsense LDAP authentification to web page and there are also Base DN attributes thats why i think it works not throught NPS.
Here is my LDAP web authentification

Spoiler

e1799302-4e6d-427f-8032-f2001e496b0f-image.png

Find the rule that is false-positive triggering on your Gmail downloads and disable it. To do that you will need to cross-reference IP addresses in your alerts shown on the ALERTS tab.

None of the alerts you are showing in your screenshot appear relevant to Gmail.

Sorry, i have the same issue. Any fresh ideas?

Any further questions about the change in 2.2.6 should go over in the new thread:

https://forum.netgate.com/topic/182725/system-patches-package-version-2-2-6

I know this is an old thread, but it is the only one that matches the issues I have had over past 2 days.

I have latest version fully updated pfsense and packages.

I was running HAProxy Devel. Again fully up to date (as of 06/09/2023), given dates as I am unsure what versions.

All of a sudden our RDS users were not able to open applications. In our setup we have a RDS Gateway, people log into the HTML5 interface for RDS, then they open an app in browser. Accessing and loggining into the HTML5 interface worked fine and always worked, even with fully updated.

But when you tried to open an app, it would fail to open. After messing about for a bit, I accidently forwarded 443 to the RDS gateway, and everything was working. Once I learnt this, I had to put 443 back to HAProxy as our intranet was no longer working. WIth this information, I knew it was something to do with HAProxy not handling the connection correctly.

So I uninstalled HAProxy Devel, and installed HAProxy package 0.63_1.

Now everything is working perfectly as it has been for years.

I know its been some time since this thread was made, but what ever that problem ended up being, its happening again. Something is wrong with HAProxy Devel.

@pV5 those are the extra packages that pfsense + gets.. Yeah they would be there by default

i had this issue, solved it after changing "httpforclose" to "httpclose" as the new version doesn't support that old config var, perhaps dev can do some some parsing magic? lucky the error code lead me to this

@Gertjan

For some reason, I wrongly assumed that cron would only read the crontab file when the service re/started.
Thanks for the explanation, and the tips for how I could check this myself next time.
+1

A package update containing the fix for this bug is building and should show up for users shortly.

The new Snort package containing this bug fix is 4.1.6_9.

@BlueCoffee said in Snort fails to install.:

got the new box and all is well guess the other one was bad. Ive installed Suricata (looks alot like snort) Would you set this up on lan also? Do you know where I can read more about the setup? don't want to not have it set correct this time around.

You can find several Sticky Posts at the top of the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.

As with Snort, I recommend putting Suricata only on internal interfaces (LAN, DMZ, etc.). The only time I would veer from this approach is on a box with very limited RAM and/or CPU horsepower and I had a fairly large rule set enabled. That might be a point where you conserve RAM and CPU by just putting a single instance on the WAN instead of several instances on internal interfaces. But you will have the limitations I mentioned in my earlier post. Best practice would dictate that the different interfaces on a firewall likely will need different IDS/IPS rules enabled. Rules should be tailored to the unique vulnerabilities and threats present on the protected network. So, in that scenario, individual IDS/IPS instances on internal interfaces works better (if you have the necessary RAM and CPU power).

As you noticed, Suricata and Snort have an almost identical GUI. That's because a ton of the Suricata PHP GUI code was a copy and paste from the Snort GUI.

Any basic set up instructions you find for Snort on pfSense will also apply to Suricata on pfSense. One key difference is that Suricata does not use Preprocessors in the way that Snort does. Suricata just works differently internally. The preprocessors were a way for Snort to add new features over the years. Suricata accomplishes that a bit differently internally, so no need for specific preprocessors. There are settings similar to the Snort preprocessor settings under the FLOW/STREAM and APP PARSERS tabs in Suricata.

A big difference in the packages is the rich EVE.JSON logging system in Suricata. Initially EVE.JSON logging is disabled causing Suricata to log essentially the same way as Snort did. But if you enable EVE.JSON logging for an interface, you can capture a lot of data about network traffic and of course any alerts. Suricata can log a lot of data with EVE.JSON logging and many of the options underneath that feature enabled. Just be sure you go to the LOGS MGMT tab and enable automatic log management. The defaults you find there should be fine for an initial install.

Here is a link to the official documentation: https://docs.suricata.io/en/suricata-6.0.13/.

@romulo-reuwsaat I also would love to see this as a package.

Thanks to all involved in creating this.

I am now able to cast to 'Google Home device/speaker groups' across VLANs, which wasn't previously possible.