Thanks,

I was able to resolve by reinstalling pfsense and restoring the config.

@gertjan Not in my case. Only one interface exists. WAN. And it's virtio.

I will see how 2.5.2 goes. Any day now. :)

Thanks for the more detailed explanation. Now I see what the problem is.

pfBlocker and Snort both beat the crap out of the configuration system writing to it on such a frequent basis that ACB becomes pretty much useless. I discussed ways to address this with the package maintainers some time ago but so far the problem still exists.

For this reason there is a filter in the ACB system that rejects backups if the "Reason" parameter contains "pfblocker", "snort" or "minicron".

pfSense is supposed to display an error message stating that the backup was rejected, but this seems to be broken. I'll try to get that fixed ASAP.

For now, please ensure you backup "Reason" does not include those terms.

@kom I defaulted the Admin Access TCP port line. It is working fine for now after I did the option 15 thing
on all the entries it had.

Thanks

I am with @KOM did the serial console ever work?

You should get something out of the console.. What are the lights on the box showing?

I would suggest contact support - they are helpful, even if you don't have a support contract for how to restore a device that has failed for some reason. Support contracts are really meant for configuration help, but they should help you restore functionality of the device, etc.

tyvm that was it.

It seems to be solved.
Found a topic saying that when a change from ldap to ldaps happens, a 16) Restart PHP-FPM is required..

In case it happens again I'll post here, thanks.

Yeah their job is to look for shrimp in my food.. There is no reason for them to look in food I am never going to eat ;) Only the food I am going to eat..

Not their job to tell me there is shrimp in the house - you could die.. No I am not going to eat that shrimp... But hey you can check all the meals I am going to eat.. Pretty pointless to tell me there is shrimp in the freezer out in the garage.. I can not get into the garage freezer its locked, only my wife can get in there - she likes shrimp, and she doesn't get sick from it ;)

But you know what - you can keep checking my meals (3 month scans, and scans after changes) you know in case my wife makes a mistake and cooks something with shrimp in it ;)

You can check that its locked.. To validate only my wife can get in there, maybe she left it unlocked. But me and my buddy pci can not get in there - so no reason to give you the key so you can look inside to validate yes there is shrimp in there.. Even if the shrimp might be bad - doesn't matter.. We don't eat it anyway, nor does my pci buddy..

ut-oh ;) we may have a future stratum 1 time server owner soon..

ntp is fascinating to me.. There are few around here as well that run their own.. It can be done fairly cheaply with pi and a gps hat for it.

Some interesting threads if you look for them.. Some have some really great setups, mine is bit older and not as accurate as it could be.. It sub 1ms, have seen like 20ns setups..

I have not gotten into the tinker with it mood in quite some time to play around with tweaking it to see if could get it to be more stable. Last thing I did with it really was switch it to running ntpsec... I should prob reset up my monitoring of it I guess ;) To better track how well its doing..

pi@ntp:~ $ ntpq ntpq> pe remote refid st t when poll reach delay offset jitter ======================================================================================================= *SHM(1) .PPS. 0 l - 8 377 0.0000 -0.0388 0.0088

Looks to be within 40ns - but should prob graph that to see how its drifting, etc.

@gertjan I figured it out with 'ps'

[2.5.1-RELEASE][admin@fw.my.lan]/root: ps -adux | grep php-fpm root 6327 0.0 0.0 11188 2688 1 S+ 23:37 0:00.00 | `-- grep php-fpm root 95835 0.0 0.4 104164 33660 - Ss 22:33 0:00.07 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) root 5848 0.0 0.5 106212 42872 - I 22:34 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 12543 0.0 0.5 106212 42876 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 15542 0.0 0.5 106212 42876 - I 22:34 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 23468 0.0 0.5 106212 42876 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 25149 0.0 0.5 106212 42880 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 31488 0.0 0.5 106212 42876 - I 22:35 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 95858 0.0 0.6 109108 45696 - I 22:33 0:00.73 | |-- php-fpm: pool nginx (php-fpm) root 96167 0.0 0.5 106488 44260 - I 22:33 0:00.28 | `-- php-fpm: pool nginx (php-fpm)

....and yeah - already tried 'option 11'....didn't help, sadly.

@fbmm said in WebConfigurator hands out expired certificate, but in Cert. Manager it seems up-to-date:

Maybe followed wrong tutorial

There is only one ......

Let's Encrypt on pfSense

and the guy who wrote the package is explaining it.
What do you want more ?

@johnpoz

I am using pfSense 2.5.1, the issue was already existent in 2.5.0, but not in 2.4.5 before.

I also tried with browsers Firefox 88 and MS Edge 90, both no effect.

@steveits said in Gui bug still exists from 2.4.4p3 - Rules extend outside of table:

should be in the table though so it's like it's truncating the row early.

On this SG4860, I have:

Backup bandwidthd iperf Lightsquid Netgate_Firmware_Upgrade ntopng openvpn-client-export pfBlockerNG-devel Service_Watchdog squid suricata

All show up-to-date in package manager.

@tomashk said in I gave Opn Sense another look, here are my thoughts:

@mikeisfly said in I gave Opn Sense another look, here are my thoughts:

Now the sad truth is pfSense GUI. On a mobile device like your phone it's unusable with half the menu options not working cause I can't navigate to them. I currently have a Samsung Galaxy note 20 Ultra and I can't make simple changes with my phone. Don't matter if my phone is in landscape or portrait mode. OpnSense's GUI on the other hand worked flawlessly on my phone.

I had the same problem with accessing some menu items on mobile. Please try this option in General Setup:

1ee5a33d-967c-48c7-9b17-f5bc27397941-image.png

Scrolls with page works for me. Fixed works only on Desktop... at least for me.

Ok I will try that, I keep the top navigation fixed because most of my work is done on my computer, I really only use the phone when I'm trying to do something quick and dirty and don't feel like getting up and getting my computer. For me its a nice to have but not a mandatory thing. I just think that it can be done better and I know the team will make it better I was just giving some observations. I been a supporter of the pfSense project, since almost the beginning as a convert from M0n0wall.

@jimp @eigrp Parallel discussion here, including one set of steps to reproduce.

https://forum.netgate.com/topic/161424/dhcp-lease-screen-not-loading/47?_=1618595728403

Fits with the idea that one or more iterations of failed DNS lookup, is causing a delayed page load or a timeout.

@lessmoore said in /system.php DNS Server Settings webGUI row element off by one:

I had a dozen or so listed DNS servers.

That damn curiosity cat meowing at me - why? Why would you have so many dns servers? Do you have like 6 wan connections? And your wanting to use specific isp dns? Just not sure why anyone would have anywhere close to that many..

@nprog said in How Access Web GUI over Wan through Strict Access?:

which one is easy

Again, this is 2021.
Setting up a remote OpenVPN access is what people do these days. Remember the terms like "lock down" etc ?
Setting uo a remote access is like buying that car and taking care of the licence to drive it. We all just do it. There is only THE way, dono of there are hard ways, or easy ways.

Go here : Youtube : Netgate : all the videos
and locate the two special OpenVPN video's, the basic one, and the advanced one.
Take also a look at the OpenVPN Export video.
There are many more pfSense OpenVPN video's on the net (thousands ?).

Now, just do it.

Remember : you control both sides : pfSense and your PC/MAC/phone so you have full control.
I'll call it easy ;)

@eduncan911 said in Certificates: Pickup my own from a directory?:

Again, I do not want to use pfSense to manage any LetsEncrypt certs. I'm looking for a way just to import/refresh a cert on boot or alike.
Essentially, this post has nothing to do with LetsEncrypt. It's asking how to auto-load a cert from a local directory say on boot.

It's that package (acme Letenscrypt) that contains a script file that shows how you can incorporate cert files- where ever they are - into the pfSense (== the pfSense config). See it as an example.

@eduncan911 said in Certificates: Pickup my own from a directory?:

And any changes gets overwritten on pfSense upgrades. Don't think that's a solution.
Doing it via CLI seems to be the only way.

The mentioned file was an example. Base your own script (won't get overwritten) on it.
Place it in your own /root/ directory - and keep a backup.
I've my own scripts living in /root/ for a decade or more, as from pfSense 1.0.

@eduncan911 said in Certificates: Pickup my own from a directory?:

I'll look at the script to see how things are being imported. That's a good start to setup in a cron

Exactly.

So I deleted those files completely, seemed to help for the moment.

@gertjan Can you help me ? A bit as well ? If possible ? on discord.... Maybe have a look at it.

@jimp thank you. That fixed it.

If I remove the ~38000 IPv6 kernel routes I did get installed via BGP, then I'm able to access general setup.

@teamits
Thanks for the reply. No to Snort. Home user, so it's just me. No torrents or anything, just my streamer box and the stuff I'm typing on. 6 Mbps is what I have calculated my streaming uses. I can watch a channel, the graph displays 3Mb, refresh displays 6Mb. No other changes. It's not like it's bursting. When I see a burst, like when changing channels, if it's currently showing 3Mb, it will burst to 15Mb. If it's showing 6Mb, it bursts to 30Mb. More of a curiosity than a fatal flaw.

Packages : Cron, Iperf, Mailreport, Notes, Nut, OpenVPN, pfBlockerNG-devel, RRD_Summary, Service Watchdog, System_Patches

Ps - No shaping. I used to use it when I was seeing if I could scrape by on a slower plan, but that's gone and a fresh install of 2.5 in it's place.

These clips taken back to back with a refresh in between.

1507192f-ce58-45a5-b36f-4aeccf9ebc9d-image.png
861a3d3e-1673-4b6c-b354-a4785710ba95-image.png

That seems to be a poorly functioning behavior. I like the fixed menu on the desktop browser, but I guess I have to turn in off if I ever have to adjust something remotely from my phone because it's unusable.

Its related to Suricata and Unbound...

Deleted the blocks and restarted Unbound.

Then the package updates showed as they should.

@nogbadthebad said in Logfile Filter:

[0-2][0-5][0-5]

That might miss stuff? Its not a mask.. so for example 167.x.x.x ?? Wouldn't it be easier to just do !: for say source IP, any IP with a : in it would be excluded - so all you would see it IPv4

@gertjan Here is the new certification in the new VM.
c3442ea5-d402-414c-a0a9-fadd3d4f4d4f-image.png

@stephenw10 said in After 2.5.0 update, Dashboard never receives update statue for version:

https://redmine.pfsense.org/issues/11443

The bug report title is: Disabling 'State Table Size' prevents other data being displayed
So don't do that. 😉

...or use the patch linked there is you really don't want the state table size displayed before p2.

Steve