@Sergei-0 said in What is VLAN, why and how:

What do I risk? Do I manage firewall to each VLAN? Perhaps I need some links to good introduction materials.

Like all other things you may be false configurating.

If you have enough LAN port you may be connect devices there directly, if not you may be connect
a switch to one or more ports, but if it comes to
something like WiFi let us say you may be able to
set up multiple SSIDs and on top each in its own VLAN, so they are running all over one LAN port
but being separated each from another.

I would say if enough port are there you should go buy routing and firewall rules, if not or it comes to WiFi with several SSIDs you should
take VLANs for it.

VLAN Configuration

@viragomann Greatly appreciate the fast response! Will give it a go per your suggestion/recommendations. I also thought about setting up with dhcp then analyze it. Will keep on truckin!

@youngy Just to round off this thread, I contacted Draytek again and they supplied two alternative firmware for the Vigor 166. One of them (r15597_791_9cf83135b_beta) has been running for > 2 days without a dropped connection. Fingers crossed, that's given me a usable modem. Thanks for all your contributions.

I got rid of some multiples in CURL and Strongswan by installing and uninstalling the package NUT again. NUT had some left over files from the last pfSense version.

Screenshot 2023-05-23 at 7.23.13 AM.png

@johnpoz said in Convert .crt to .pem TLS 1.3 helppp:

Looking in my acme folder I see pem files

hmmm, weird.. these are the files I copied from /tmp folder in pfsense once the certs were generated:

~/certs$ ls -lah total 44K drwxr-xr-x 3 root root 4.0K Apr 5 20:09 . drwxr-xr-x 8 pi pi 4.0K May 19 21:23 .. -rw-r--r-- 1 root root 3.7K Apr 5 20:07 ca.cer -rw-r--r-- 1 root root 5.6K Apr 5 20:07 fullchain.cer -rw-r--r-- 1 root root 1.9K Apr 5 20:07 mycert.cer -rw-r--r-- 1 root root 826 Apr 5 20:07 mycert.conf -rw-r--r-- 1 root root 1.1K Apr 5 20:07 mycert.csr -rw-r--r-- 1 root root 220 Apr 5 20:07 mycert.csr.conf -rw------- 1 root root 1.7K Apr 5 20:07 mykey.key

Edit:
Did you tick that option "Write Certificates" ?
0649101d-a57e-4f69-bd83-f184917541cd-image.png

@rcoleman-netgate Thanks. What I'm referring to is how they communicate. I have shut off DHCP and turned the firewall off on the Dream Machine since it's also a router and firewall. However, I'm unable to get out to the internet. I have LAN1 on the Netgate plugged into port 1 on the Dream Machine. I have LAN2 on the Netgate connected directly to the WAN port on the Dream Machine. Both LAN ports are on a different network but I still get reach the internet.

@dobby_ Thank you for the information. It looks like I've been using the term Mesh in place of what I actually needed: efficient roaming. The unifi u6 Pros seem to allow for that to happen and from the looks of it I could change the RSSI settings myself.

The Unifi U6 Pros, Unifi 8 POE switch, and pi4 + network controller is exactly what I needed. It was super easy to remove the 5x Netgear devices and drop in the Unifi devices with the same SSIDs and VLAN tagging.

Thanks everyone!

This way it does not matter what requests it sends out the firewall responds

19c8170c-fbb0-4529-aeee-02638e2ded94-image.png

Devices get requests sent to the firewall transparently, no more 1980s NTP protocol issues this way.

@stephenw10 I was also checking out the arm instruction set and it shows there is a 128bit sysp mnemonic. We have learned a ton of assembly code this semester and I fell down a rabbit hole with the AVX-512 stuff, so I purchased books about it to learn more. The best ones I could find are by an author named Kusswurm Modern x86 Assembly Language Programming, and Modern Parallel Programming with C++ and assembly language. They have all the AVX-512 stuff.

1606da2c-9b08-4143-9c31-782b65bb7347-image.png
Again, arm doesn't really show AVX-512 instructions but it does show SMID

98c13ad6-32b4-44f2-8b6b-acc2ae5948ee-image.png
(Instruction set shows sysp 128-bit mnemonic)

f0dfce4b-d12b-42e5-89cb-912bf9979c00-image.png
(SMID mnemonics)

55147622-c861-4ddd-9eee-11b139f873eb-image.png
(I just learned that the ARM Cortex -A53 shows it has SMID engine)

Ref:
https://developer.arm.com/documentation/ddi0602/2022-09/SIMD-FP-Instructions?lang=en

@jonathanlee said in Anyone remember Cyrix ??:

Anyone remember Cyrix?

The combination of these events led Cyrix to begin losing money, and the company merged with National Semiconductor on 11 November 1997.[5][6] National released Cyrix's latest designs under the MediaGX name and then an updated version as Geode in 1999. National sold the line to AMD in August 2003 where it was known as Geode. The line was discontinued in 2019.[7]

Well, the Geode CPU is what is/was in the ALIX boards...

@jpozzoli I would recommend installing the eMMC Utilities package, running the command, and posting the details here.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html#checking-disk-health-lifetime

@jpozzoli I would suggest here.

Ah, nice! Ok the result from pfSense itself will always be lower but that's the sort of values I would expect. 207Mbps vs 228Mbps.

Local host is a single special purpose address.

But, like any IP address, it can listen on multiple ports for different services. Port 5000 would not interfere with DNS.

It doesn't apply to a VLAN though. Localhost is only valid on that specific host. Anything else would be unable to connect to it without some forwarding in place; on the host itself.

Steve

@nollipfsense not for me 😁