@albgen:

Checking the gui of nginx you will find that is NOT compressed. I dont know where did you see this but the standard is compressing only css (period).

I was comparing this part of the nginx setup with your finding :

...                 gzip on;                 gzip_types text/plain text/css text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json; ....

Then I found https://stackoverflow.com/questions/23939722/nginx-gzip-not-compressing-javascript-files : this explains what you are seeing - and what needs to be done  ?

Hello,
reistalled pfBlockerNG and I'm having issues with aggregate process, it just sucks one core al 100% for MANY minutes (I killed it after 7:54 at 100%) with just ONE blocklist.
I tried downloading it in P2P format and CIDR format, no change: agregate process seemes totally stuck.
List is I-Blocklist level1.
I know it's big, but in CIDR format it's just 4.2 MB and pfBlockerNG should be able to handle it.
Any help?
Thanks

Alberto Tarantino

It means you did a search (ctrl-F) in your browser and it is highlighting the results. You must have searched for 192.168.40

Still work in progress.

As I am a little bit OCD there are a few continuity issues with the current dark theme that need a little tweaking so thanks to your help (InQuize) I have now been able it scratch that itch!

What I needed to do was convert the colours I wanted to decimal from hex and then substitute them in the already formatted colour scale in the file d3.min.js,

so,
Al=[2062260,16744206,2924588,14034728,9725885,9197131,14907330,8355711,12369186,1556175].map(xn),

became,
Al=[38536,16777215,2924588,14034728,9725885,9197131,14907330,8355711,12369186,1556175].map(xn),

ChEeSy

i noticed if i change the global.inc file update the name it will update the login text too but still the same issue with open vpn so i will see what i can find in that package

The dynamic view is completely generated by javascript so it doesn't have access to all of the same information.

It may be possible to bring it into parity with the main system log, but it's not currently an open feature request that I'm aware of. You can make a feature request ticket (target=Future) at https://redmine.pfsense.org/

Yes, so long as you disable the GUI redirect that occupies port 80 by default: System > Advanced, check "Disable webConfigurator redirect rule" and save

And remember that running OpenVPN on TCP can be problematic and slower than UDP, any loss outside the tunnel is compounded by the inner and outer TCP connections attempting to resend, etc, etc.

In some cases it's necessary though, to get around restrictions in other remote networks.

You might still run into some issues if anyone remotely does protocol enforcement. With non-HTTP traffic on port 80, it might be dropped by a filter or proxy in between the client and your firewall.

root and admin cannot be separated, it's the same account but with two different names.

Like johnpoz said, if you want someone to use a different GUI password, then create them a different user with their own username, and don't use 'admin'.

as a workaround to this, less than ideal but works :)

i want to have HAproxy listen on port 80 and 443 which is why this request came about so i disabled https for the webgui and set the http port to a random port

i then used HAproxy to terminate the SSL for the firewall admin interface and then pass back to the admin interface port for the firewall hostname

now i can also add other listeners to create an SSL terminating reverse proxy gateway to internal resources as i wanted to do in the first place.

not keen on the webgui either being HTTP only or requiring HAproxy to be working to access but its not a huge trainsmash for me in either case

It turns out the problem was you MUST authenticate to do an extended search.  There is no indication of denied access as anonymous user in a normal 389DS setup.  So, of course I assumed the search was permitted.  :-[

I posted revised instructions in the documentation sub-forum.

Same here, all ipv6 shown as remote.

I updated to Sierra 10.12.6 & Safari 10.1.2 today and gave 2.3.4-RELEASE-p1 (i386) another test.  Sure enough the graph rendering problem went away.  Thanks for the tip NogBadTheBad.

here you find a german blog entry. maybe the screenshots do help somebody else.

https://www.hagen-bauer.de/2017/07/pfsense-radius.html

And sure you can open from lan you wan IP and the gui, unless you create rules to prevent that.. As stated already post up your lan rules.

Can i know what command that you use to install mysql on pfsense

This ended up being a few things, but mostly a failed Authentication Server (and resolution of the actual Auth Server, and route to the relevant Auth Server, and then certificates).

A clue was the periodic 25s latency, which also corresponds to the Auth Server Timeout (and occurs when the Auth server is queried in Round Robin via DNS).

Or that this was only affecting Remote auth'ed users, instead of those using the Local Database.

@kschmidta:

When firewall is functioning normally, when I input my user creds, I am directed to the menus.

With ssh? Whenever I create a user (in the admin group) and ssh in, I drop to a : shell, not the menu.