Thanks for the more detailed explanation. Now I see what the problem is.
pfBlocker and Snort both beat the crap out of the configuration system writing to it on such a frequent basis that ACB becomes pretty much useless. I discussed ways to address this with the package maintainers some time ago but so far the problem still exists.
For this reason there is a filter in the ACB system that rejects backups if the "Reason" parameter contains "pfblocker", "snort" or "minicron".
pfSense is supposed to display an error message stating that the backup was rejected, but this seems to be broken. I'll try to get that fixed ASAP.
For now, please ensure you backup "Reason" does not include those terms.
You should get something out of the console.. What are the lights on the box showing?
I would suggest contact support - they are helpful, even if you don't have a support contract for how to restore a device that has failed for some reason. Support contracts are really meant for configuration help, but they should help you restore functionality of the device, etc.
Yeah their job is to look for shrimp in my food.. There is no reason for them to look in food I am never going to eat ;) Only the food I am going to eat..
Not their job to tell me there is shrimp in the house - you could die.. No I am not going to eat that shrimp... But hey you can check all the meals I am going to eat.. Pretty pointless to tell me there is shrimp in the freezer out in the garage.. I can not get into the garage freezer its locked, only my wife can get in there - she likes shrimp, and she doesn't get sick from it ;)
But you know what - you can keep checking my meals (3 month scans, and scans after changes) you know in case my wife makes a mistake and cooks something with shrimp in it ;)
You can check that its locked.. To validate only my wife can get in there, maybe she left it unlocked. But me and my buddy pci can not get in there - so no reason to give you the key so you can look inside to validate yes there is shrimp in there.. Even if the shrimp might be bad - doesn't matter.. We don't eat it anyway, nor does my pci buddy..
ut-oh ;) we may have a future stratum 1 time server owner soon..
ntp is fascinating to me.. There are few around here as well that run their own.. It can be done fairly cheaply with pi and a gps hat for it.
Some interesting threads if you look for them.. Some have some really great setups, mine is bit older and not as accurate as it could be.. It sub 1ms, have seen like 20ns setups..
I have not gotten into the tinker with it mood in quite some time to play around with tweaking it to see if could get it to be more stable. Last thing I did with it really was switch it to running ntpsec... I should prob reset up my monitoring of it I guess ;) To better track how well its doing..
pi@ntp:~ $ ntpq
remote refid st t when poll reach delay offset jitter
*SHM(1) .PPS. 0 l - 8 377 0.0000 -0.0388 0.0088
Looks to be within 40ns - but should prob graph that to see how its drifting, etc.
Now the sad truth is pfSense GUI. On a mobile device like your phone it's unusable with half the menu options not working cause I can't navigate to them. I currently have a Samsung Galaxy note 20 Ultra and I can't make simple changes with my phone. Don't matter if my phone is in landscape or portrait mode. OpnSense's GUI on the other hand worked flawlessly on my phone.
I had the same problem with accessing some menu items on mobile. Please try this option in General Setup:
Scrolls with page works for me. Fixed works only on Desktop... at least for me.
Ok I will try that, I keep the top navigation fixed because most of my work is done on my computer, I really only use the phone when I'm trying to do something quick and dirty and don't feel like getting up and getting my computer. For me its a nice to have but not a mandatory thing. I just think that it can be done better and I know the team will make it better I was just giving some observations. I been a supporter of the pfSense project, since almost the beginning as a convert from M0n0wall.
That damn curiosity cat meowing at me - why? Why would you have so many dns servers? Do you have like 6 wan connections? And your wanting to use specific isp dns? Just not sure why anyone would have anywhere close to that many..
Again, this is 2021.
Setting up a remote OpenVPN access is what people do these days. Remember the terms like "lock down" etc ?
Setting uo a remote access is like buying that car and taking care of the licence to drive it. We all just do it. There is only THE way, dono of there are hard ways, or easy ways.
Go here : Youtube : Netgate : all the videos
and locate the two special OpenVPN video's, the basic one, and the advanced one.
Take also a look at the OpenVPN Export video.
There are many more pfSense OpenVPN video's on the net (thousands ?).
Now, just do it.
Remember : you control both sides : pfSense and your PC/MAC/phone so you have full control.
I'll call it easy ;)
Again, I do not want to use pfSense to manage any LetsEncrypt certs. I'm looking for a way just to import/refresh a cert on boot or alike.
Essentially, this post has nothing to do with LetsEncrypt. It's asking how to auto-load a cert from a local directory say on boot.
It's that package (acme Letenscrypt) that contains a script file that shows how you can incorporate cert files- where ever they are - into the pfSense (== the pfSense config). See it as an example.
And any changes gets overwritten on pfSense upgrades. Don't think that's a solution.
Doing it via CLI seems to be the only way.
The mentioned file was an example. Base your own script (won't get overwritten) on it.
Place it in your own /root/ directory - and keep a backup.
I've my own scripts living in /root/ for a decade or more, as from pfSense 1.0.
Thanks for the reply. No to Snort. Home user, so it's just me. No torrents or anything, just my streamer box and the stuff I'm typing on. 6 Mbps is what I have calculated my streaming uses. I can watch a channel, the graph displays 3Mb, refresh displays 6Mb. No other changes. It's not like it's bursting. When I see a burst, like when changing channels, if it's currently showing 3Mb, it will burst to 15Mb. If it's showing 6Mb, it bursts to 30Mb. More of a curiosity than a fatal flaw.
That seems to be a poorly functioning behavior. I like the fixed menu on the desktop browser, but I guess I have to turn in off if I ever have to adjust something remotely from my phone because it's unusable.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.