@kiokoman said in Here we go again.:

uhm i knew it was coming neverthless it was somehow funny 😂

Exactly what she said yesterday....

You have to declare each level of the hash/array as you go. Like this:

$config['vlans'] = array(); $config['vlans']['vlan'] = array(); $config['vlans']['vlan'][] = $newvlan;

There is a convenience function that can help:

init_config_arr(array('vlans', 'vlan')); $config['vlans']['vlan'][] = $newvlan;

That function only initializes the arrays if they are unset/don't exist/are not arrays so it's safe to run unconditionally.

@Gertjan Updated OpenvpnClientExport package and checkbox works fine now. Dumb me.

On a cert, it's the refid of the CA that signed the cert. So it's copied from the CA refid.

I'm runing pfsense at a Intel(R) Core(TM) i5-5250U CPU. CPU load is low, RAM usage 23% out of 8GB. Google DNS is blocked. I use igb1. As I told, no problems without WG and full speed. WG natively runing on a Linux Mint 19.3 PC throttles the speed. Imho there is nothing wrong with Mode "Inline IPS"
Edit
Your requested results are in Snort.zip

@jimp said in Upgrade to 2.4.5 > 2.4.4-p3 SG-3100 ipv6 bogon list issue:

It's reporting the size as it was when the page was loaded, apparently, and not what the calculated default for the system would be. That may be a bug, though it should probably report both.

Well, it technically does report both in that it appropriately shows the value that was set when the page was loaded in the field where you can change the value. The bug would be that the display for the "default value" stated under the field is actually showing the currently set value.

@virgiliomi ok thank you ill check it out.... I appreciate it...
due to no work.. I cant afford anything,... and people hoarding food and the damn toilet paper...

I appreciate it and ill check it out (:

There aren't any plans to migrate from one to the other since they operate in much different ways.

@johnpoz said in Cert Manager Export Password:

See the popup I showed where it says to look in profiles - did you miss that?

It is a very valid point. It is easy to miss. But I haven't. Going back to the two things I have tried.

If using the unencrypted p12 (which I know it is not meant to work): when I click on it, I see the pop up at the bottom saying that I have to go to my profiles to add it. If I go to general-->profiles I can see it there, I can click to install it, enter the pin code, and then I get stuck waiting for the password. But the p12 does get sent to profiles and an install can be attempted. when using the encrypted version, nothing happens when I click on the p12 file. When I say "nothing", I mean as if I had not touched the screen at all. No error, no "open with" menu, nothing.

UPDATE: I have noticed that you used the Windows version of openssl. So just for the sake of it, I decided to install it and give it a shot. Surprisingly, it worked this time. Thinking that there can't be a difference between the two openssl, my head pointed towards the transfer between my raspbian and my Windows computer. Per default winscp transfers text file, and apparently doing this messed up the base64 and made it unusable for the encrypted version. After repeating the process with a binary transfer mode, I could import that encrypted p12 as well.

So in the end, I could solve the problem and I hope this can help someone else. Thanks a lot @johnpoz for pointing me in the right direction. Without your screenshot I wouldn't have thought about looking into that and find the root-cause.

Of course ☺

You already did. When you visit the console, you activated that script.
( maybe without knowing it )

I split this off into its own thread so it doesn't take over the other one.

i replied in my other thread about the alias is fixed by reinstalling the firewall on my SG 3100 back to stable and not restoring ANYthing previously. entirely rebuilt from scratch

i am now running sg 3100 on 2.4.4-RELEASE-p3 (arm) but have the same issue as i originally posted in this thread.

on the stable release, i have spent hours on trying to figure this out. in reading on redmine https://redmine.pfsense.org/issues/6028 if i am reading this correctly this affects ALL versions of Pfense? i have been using Pfsense for the past 3-4 years and never experienced this.

leads me to two things. is the image file for the sg 3100 contain issues my SG 4220 and SG 2220 did not have?

because i have been using these same rules, and yesterday they were built from scratch not restored from a previous firewall..

if this is the bug i just need to know that so i understand its being worked on

thank you Sir

So a good example would be something like this:

pfctrl -sr currently prints out the rule set and userrules anchor (anchor "userrules/*" all) is empty. I have confirmed with a pfctrl -a userrules -sr which returns nothing. I then added the following:

echo "pass in quick on em0 inet proto tcp from 192.168.1.7 to any port = 32400 flags S/SA keep state" | pfctl -a userrules -f -

when I run pfctrl -a userrules -sr after this I get:
pass in quick on em0 inet proto tcp from 192.168.1.7 to any port = 32400 flags S/SA keep state

The rule doesn't work though and it doesn't display with a pfctrl -sr either. I can't see what I am specifying wrong, I have tried calling the anchor with and with out the /* in quotes a few times and it places the new rule under the userrules anchor as displayed with pfctl -a userrules -sr each time. I can clear it with pfctl -a userrules -Fr as well. Given this example can you see where I have gone astray? Thank you for your help.

Thank you, I'll keep that in mind for future. I understand why I had confusion and the replies have helped clear it up for me.

Again thank you Jim and everyone that helped.

@jimp Thank you!