Well, it sounds like using this old router is going to be poor performance, and I'd be looking at $300+ for an appliance to do the job well. On top of that, it sounds like there are lots of reasons not to run the whole network through the VPN anyway.

So for now, I'll just use the VPN client when I'm putting up the periscope for P2P work.

Have you checked out this thread from Microsoft Support?

https://support.office.com/en-us/article/import-gmail-to-outlook-20fdb8f2-fed8-4b14-baf0-bf04b9c44bf7

It walks you through the steps. As @KOM mentioned, you must first configure your Gmail account to create an application password that Outlook will then use for access to Gmail. All the steps are in the link I posted.

I use my Gmail account with Outlook 365.

48 - yeah that would never be correct ;) I could see maybe setting /64 as default on ipv6 address

Over the years this discussion has come up a few times.. And while I kind of agree on the /24 default.. It is up to the user to set the correct mask..

I think it just defaults to one side of the list.. You could look if its been actually requested before in redmine.. But if I recall it never got any traction, and thought there was an actual reason other then just users should pay attention.. But don't recall off the top of my head the old discussions on this topic..

Other than nothing ever came of it, since it still defaults to /32 ;)

You should get windows to change their default from the old class standards while you at it when you put in a 10 for example it default to 255.0.0.0.. If you put in 172.16 it does 16

windowdefault.png

172.png

While its nice to "guess" to what the user might be thinking of doing - ultimately it comes down to the person setting the IP to make sure the mask is correct.

Maybe a note or something when setting it in the gui that if you use /32 dhcp is not going to be available ;) But users never seem to have issues with this sort of thing never seem to read the notes or manual anyway - hehehe

@chpalmer Sorry it took a bit to respond. But that was my problem. Thanks for the quick response and for nailing it. :)

You had 7 before this thread..
:)

There are some known issues with SG-1100 hardware. See this thread: https://forum.netgate.com/topic/144636/sg-1100-intermittent-reboots. Contact Netgate Support as described in that thread for assistance.

Just an update on what I ended up doing. I only want to know if the internet is down at my house because there are things that send email notifications and they wont work with no internet, that is all. I had a raspberry pi that wasnt busy so I added rclone and configured it along with a cron script to touch a specific empty file in my google drive every 2 min. I then wrote a google script to check the modified time on that file every 5 minutes and email me if it had not been updated within the past 5 min. A gmail filter can easily forward that to text my phone. Good enough! Although I could have just set the Nest Cam I have back up, I think they push a notification if they havent heard from the camera in 10 min, but I didnt want to use the camera anymore.

I really wanted something like SMSEagle but the ROI just wasnt there. I dont mind spending some time to learn something and this is just for home. The code was easy but the documentation for some of these things is not great so it's easy to get stuck trying to figure out why something isnt working and it's just "because Google".

Also, it would have been super easy to just have an open port to monitor with uptimerobot.com. I tend to remove those things if I dont use them however and right now I have no ports open.

Then you have to either enable NAT reflection or configure your DNS to resolve your web server's FQDN to its LAN IP address, as per the document I linked to. Try it from the WAN side. Does it work then?

No, you don't need to play with outbound rules for those NATs.

I've never seen a NAT with localhost used. If you still can't get it working from either side, I would put it back to WAN as ptt suggested.

Found an answer, took me long enough given it was right in front of me the whole time...

On Line 60 in the YAML, you can disable Stats - that probably cuts down 80% of the garbage data in EVE.

You can further disable logging (in EVE) under metadata for DNS, TLS, TCP, HTTP, etc. -- YMMV, but I feel keeping that stuff is fine since you can filter it out using something like Kibana or Splunk readily.

Today I got around to creating a collection of VMs to be my VPN Site to Site config. 2 pfSense instances with WAN, LAN, DMZ, 2 clients on each LAN, 2 servers on each DMZ. I followed the Netgate guides on creating an IPSec link for the LANs and an OpenVPN link for the DMZs. It all went pretty smoothly, with the one exception of me forgetting to add the WAN rule to allow udp/1194 in.

Configuring a Site-to-Site Static Key OpenVPN Instance

Configuring a Site-to-Site IPsec VPN

Apologies for posting incorrectly. I moved to the correct place via https://forum.netgate.com/topic/145662/unable-to-browse-internet

as long as you understand that there is no support for aes-ni
Raspberry has an ARMv8 processor, but without the cryptographic accelaration to keep costs down and/or to avoid legal restrictions on the import, export or use of cryptographic hardware and software.

Every ISP and device are different.

Get the details of how the IPv6 on that circuit is provisioned from the ISP.

Check the debug log box on that WAN's DHCP6 settings. After you save, look at the DHCP logs and filter on command dhcp6c. That will show you what is happening.

Please open a ticket at https://go.netgate.com/