@gertjan Not in my case. Only one interface exists. WAN. And it's virtio. I will see how 2.5.2 goes. Any day now. :)

Thanks for the more detailed explanation. Now I see what the problem is. pfBlocker and Snort both beat the crap out of the configuration system writing to it on such a frequent basis that ACB becomes pretty much useless. I discussed ways to address this with the package maintainers some time ago but so far the problem still exists. For this reason there is a filter in the ACB system that rejects backups if the "Reason" parameter contains "pfblocker", "snort" or "minicron". pfSense is supposed to display an error message stating that the backup was rejected, but this seems to be broken. I'll try to get that fixed ASAP. For now, please ensure you backup "Reason" does not include those terms.

@kom I defaulted the Admin Access TCP port line. It is working fine for now after I did the option 15 thing on all the entries it had. Thanks

I am with @KOM did the serial console ever work? You should get something out of the console.. What are the lights on the box showing? I would suggest contact support - they are helpful, even if you don't have a support contract for how to restore a device that has failed for some reason. Support contracts are really meant for configuration help, but they should help you restore functionality of the device, etc.

tyvm that was it.

It seems to be solved. Found a topic saying that when a change from ldap to ldaps happens, a 16) Restart PHP-FPM is required.. In case it happens again I'll post here, thanks.

Yeah their job is to look for shrimp in my food.. There is no reason for them to look in food I am never going to eat ;) Only the food I am going to eat.. Not their job to tell me there is shrimp in the house - you could die.. No I am not going to eat that shrimp... But hey you can check all the meals I am going to eat.. Pretty pointless to tell me there is shrimp in the freezer out in the garage.. I can not get into the garage freezer its locked, only my wife can get in there - she likes shrimp, and she doesn't get sick from it ;) But you know what - you can keep checking my meals (3 month scans, and scans after changes) you know in case my wife makes a mistake and cooks something with shrimp in it ;) You can check that its locked.. To validate only my wife can get in there, maybe she left it unlocked. But me and my buddy pci can not get in there - so no reason to give you the key so you can look inside to validate yes there is shrimp in there.. Even if the shrimp might be bad - doesn't matter.. We don't eat it anyway, nor does my pci buddy..

ut-oh ;) we may have a future stratum 1 time server owner soon.. ntp is fascinating to me.. There are few around here as well that run their own.. It can be done fairly cheaply with pi and a gps hat for it. Some interesting threads if you look for them.. Some have some really great setups, mine is bit older and not as accurate as it could be.. It sub 1ms, have seen like 20ns setups.. I have not gotten into the tinker with it mood in quite some time to play around with tweaking it to see if could get it to be more stable. Last thing I did with it really was switch it to running ntpsec... I should prob reset up my monitoring of it I guess ;) To better track how well its doing.. pi@ntp:~ $ ntpq ntpq> pe remote refid st t when poll reach delay offset jitter ======================================================================================================= *SHM(1) .PPS. 0 l - 8 377 0.0000 -0.0388 0.0088 Looks to be within 40ns - but should prob graph that to see how its drifting, etc.

@gertjan I figured it out with 'ps' [2.5.1-RELEASE][admin@fw.my.lan]/root: ps -adux | grep php-fpm root 6327 0.0 0.0 11188 2688 1 S+ 23:37 0:00.00 | `-- grep php-fpm root 95835 0.0 0.4 104164 33660 - Ss 22:33 0:00.07 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) root 5848 0.0 0.5 106212 42872 - I 22:34 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 12543 0.0 0.5 106212 42876 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 15542 0.0 0.5 106212 42876 - I 22:34 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 23468 0.0 0.5 106212 42876 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 25149 0.0 0.5 106212 42880 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 31488 0.0 0.5 106212 42876 - I 22:35 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 95858 0.0 0.6 109108 45696 - I 22:33 0:00.73 | |-- php-fpm: pool nginx (php-fpm) root 96167 0.0 0.5 106488 44260 - I 22:33 0:00.28 | `-- php-fpm: pool nginx (php-fpm) ....and yeah - already tried 'option 11'....didn't help, sadly.

@fbmm said in WebConfigurator hands out expired certificate, but in Cert. Manager it seems up-to-date: Maybe followed wrong tutorial There is only one ...... Let's Encrypt on pfSense and the guy who wrote the package is explaining it. What do you want more ?

@johnpoz I am using pfSense 2.5.1, the issue was already existent in 2.5.0, but not in 2.4.5 before. I also tried with browsers Firefox 88 and MS Edge 90, both no effect.

@steveits said in Gui bug still exists from 2.4.4p3 - Rules extend outside of table: should be in the table though so it's like it's truncating the row early. On this SG4860, I have: Backup bandwidthd iperf Lightsquid Netgate_Firmware_Upgrade ntopng openvpn-client-export pfBlockerNG-devel Service_Watchdog squid suricata All show up-to-date in package manager.

@tomashk said in I gave Opn Sense another look, here are my thoughts: @mikeisfly said in I gave Opn Sense another look, here are my thoughts: Now the sad truth is pfSense GUI. On a mobile device like your phone it's unusable with half the menu options not working cause I can't navigate to them. I currently have a Samsung Galaxy note 20 Ultra and I can't make simple changes with my phone. Don't matter if my phone is in landscape or portrait mode. OpnSense's GUI on the other hand worked flawlessly on my phone. I had the same problem with accessing some menu items on mobile. Please try this option in General Setup: [image: 1619086128690-1ee5a33d-967c-48c7-9b17-f5bc27397941-image.png] Scrolls with page works for me. Fixed works only on Desktop... at least for me. Ok I will try that, I keep the top navigation fixed because most of my work is done on my computer, I really only use the phone when I'm trying to do something quick and dirty and don't feel like getting up and getting my computer. For me its a nice to have but not a mandatory thing. I just think that it can be done better and I know the team will make it better I was just giving some observations. I been a supporter of the pfSense project, since almost the beginning as a convert from M0n0wall.

@lessmoore said in /system.php DNS Server Settings webGUI row element off by one: I had a dozen or so listed DNS servers. That damn curiosity cat meowing at me - why? Why would you have so many dns servers? Do you have like 6 wan connections? And your wanting to use specific isp dns? Just not sure why anyone would have anywhere close to that many..

@eduncan911 said in Certificates: Pickup my own from a directory?: Again, I do not want to use pfSense to manage any LetsEncrypt certs. I'm looking for a way just to import/refresh a cert on boot or alike. Essentially, this post has nothing to do with LetsEncrypt. It's asking how to auto-load a cert from a local directory say on boot. It's that package (acme Letenscrypt) that contains a script file that shows how you can incorporate cert files- where ever they are - into the pfSense (== the pfSense config). See it as an example. @eduncan911 said in Certificates: Pickup my own from a directory?: And any changes gets overwritten on pfSense upgrades. Don't think that's a solution. Doing it via CLI seems to be the only way. The mentioned file was an example. Base your own script (won't get overwritten) on it. Place it in your own /root/ directory - and keep a backup. I've my own scripts living in /root/ for a decade or more, as from pfSense 1.0. @eduncan911 said in Certificates: Pickup my own from a directory?: I'll look at the script to see how things are being imported. That's a good start to setup in a cron Exactly.