So, after a few days I (in desperation!) reached out to the great people at Protectli who sold me the router hardware in the first place. Their support was awesome. Thanks protectli!

Someone there set up a working example and then exported the xml description (diagnostics > backup & restore) so that I had something to compare against, line-by-line. After an hour or so combing through mine and theirs, I discovered I had wrongly configured a static route early in my experimenting with pfsense, which was disrupting access on the WAN interface to the gui. Once removed (and after a reboot) access via WAN was restored. "Problem" resolved.

Many thanks @Bob-Dig and @johnpoz for helping me through the initial stages patiently; much appreciated.

@jimp I am so grateful for your response and now I know where to dig :D

https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#flow-control
I see that by default, flow control is enabled?

I went into my ubiquiti switch, flow control was off.

While everything was running, I went ahead and enabled it on the switch. so now they are talking the same language.

If something on my LAN acts funny, ill look at shutting it off on both sides

Thank you for taking the time to direct me, very much appreciated

@larrym04 To avoid all of this, IMO the best (and most secure) option is to download the Acme package and get yourself a free LetsEncrypt cert so you can have that tasty green padlock. It's not too difficult, and you won't need to keep hitting that Advanced button.

@gianpaoloracca UPDATE:
you can scroll dragging the column header.
So it's clunky but it works.

I know this topic is old but I experienced the same behavior...

Like you I'm also forced to use double nat as my primary WAN come from an openMPTCProuter which aggregates my WANs in front of pfSense and I also have failover to the same WANs (but in load balancing) in case of MPTCP failure so I'm also dependent on the checkIP service to update my DNS when the MPTCP gateway is the active one.

I update 4 DDNS with the same IP for this gateway and the 4 cached IPs continuously turn Red for some second, sometimes one at a time, sometimes 2 of them at the same time.

After found your post I changed the checkIP service from the default "http://checkip.dyndns.org" to the other one "https://ipinfo.io/ip" and the problem is gone.

So it's definitely a dyndns service problem, maybe that the frequency of the requests from the same IP to update 4 DNS causes the dyndns service to refuse to respond to each one.

Thanks for sharing your solution.

@bingo600 still not working. I even forwarded port 80 and 443 on OPT1 interface but still not working

Same issue here. WAN is on em1 - no other VLANs on that interface. The dashboard traffic widget:

Screen Shot 2022-05-09 at 11.51.21.png

Screen Shot 2022-05-09 at 11.51.26.png

Half the actual throughput. Settings same as yours.

The Traffic Graph graph shows this (/status_graph.php):

Screen Shot 2022-05-09 at 11.51.44.png

which is correct (I have a symmetrical line - upload was 897Mbps during this test)

@rcoleman-netgate Thanks for your quick response!
Indeed it works now! Thanks!

@jimp Thanks. I will dig deeper into Brave.

@nogbadthebad thanks for your reply. (I work with @emasi on the project.) We are aware that the scenario is not ideal and we have already taken the necessary precautions (change management) so we don't trigger the issue anymore.
The fact remains that this issue is easily triggered. We have tested many scenarios. The conflict handling when creating rules alone is pretty neat really. But as soon as we add separators to the scenarios not only the new changes are conflicting - but the actions delete existing firewall rules. And that's dangerous, worth to mention and worth to fix. (At least we think it is.)
So we are following the pfSense bug report guide and are documenting our observations here to discuss first. Maybe you folks can confirm this is an issue so we can report it to pfSense Redmine. (We have never done that, so sorry if our procedure seems a bit wonky:)

@worlddrknss Sounds like you can reproduce it so I suggest opening a report at http://redmine.pfsense.org/

Has no one successfully done this yet?

I'd like to tag the thread as [SOLVED], but I can't edit my initial post any more.

What should I do?

Same problem here. We have about 100 users deployed across 10 openVPN server instances on our core pfsense VM using tap/bridge mode. There are a number of reasons we prefer this arrangement over a routed tunnel when VPNing into a cooperate windows domain network.

I'm tempted to roll back to 2.5.2 because we can't see connected users on either the openVPN status page or the dashboard widget. Are there any plans to make these interfaces display connected users again with a future update (soon?)

@xanaro said in Full screen theme for 2.3:

full width really improves a lot of the pages as well, traffic graph, squid real time, etc...

Thats correct!

Ah .. System_Patches
Thanks a lot !

@johnpoz said in Rearranging interface order?:

Or you could change the names on them so the alphabetical ordering is how you want them to be ;)

I set the sorting to alphabetical and prefixed all of my interface names with numbers. Much easier than trying to use the actually alphabetical names.

I run everything in VM's so I got to a point where I ran a clone on the sister VM and got it working.

I have absolutely no clue to why the dropdown was empty....

the .conf file was as it should be and everything was running as it should and it was showing packages as it should.

Only thing was the system -> update.

To update this post, I apparently posted it again later on and received a answer found in this thread...
https://forum.netgate.com/topic/169870/dnsbl-reputation-404-error-solved/4?_=1647182583544

@shupiluliuma said in WebGUI no longer works; login page never displayed:

The mask on the interface was set to /32 instead of /24. I either missed the setting or messed up the selection and didn't notice.

nothing serious has happened, you just ran over it, it happens, by default the GUI offers /32 and if you don't watch it well, this could be the problem.... :)

Yep i did it. thanks.

But another question. I gave the Modem IP to the Wan ip of Netgate without brigde mode. There is no Internet connection.

I dont understand the problem.

@jackyaz login via ssh and run radsniff -x you may see something there.

I could work around by having the fw's hostname in my local hosts-file and access that instead of localhost.

@gertjan how to deploy this in pfsense

map $status $loggable { ~^[23] 0; default 1; } access_log /path/to/access.log combined if=$loggable;

There is a bug when fetching patches, I'll have a fix in shortly. In the meantime, visit the URL for that patch and copy/paste the text into the patch entry manually rather than using the URL.

Updating to the latest version solved the issue. Now I can have multiple LDAPS sources checked with each attempt and also use very long usernames. 2 birds with 1 stone.

My mistake.

Yes. I had my phone on the same LAN.

No it is disable

Thank you !

@jdeloach I don't normally use the logout button either. The problem is I keep doing it accidently when I mean to be doing something else.

@plfinch said in 22.01/2.6.0 Missing Roboto-Italic.ttf Font?:

Reproducible with ipados Safari

Oh I saw that ;) my bad - that was someone else saying they could reproduce it..

@areckethennu said in 22.01/2.6.0 Missing Roboto-Italic.ttf Font?:

the issue's gone away since clearing cache.

Yeah it would have to be the browser asking for that - because I can not find anywhere in current css where ttf is listed..

@lizznl Looks like the author of pfsense-api just released a patched version (1.3.4) that adds support for 2.6.0. Here he mentioned that he tends to aim for adding the new API version within a few weeks of a release.

@gertjan Thank you for your reply. Between going to bed last night and now. The webgui suddenly is working. Very odd. I will look at the log and see what i can see.