@revengineer starting to use GPT4All for help in scripting. The only problem is it spits out code as long and Structured as COBOL. ;)
It is all good I guess.

@patient0 said in pfsense-ce 2.7.4 SSH server: how to config ClientAliveCountMax and ClientAliveInterval:

"Unless noted otherwise, for each keyword, the first obtained value will be used."

Nice catch :
Thanks - that made me remember : just adding parameters hoping that "the last one is taken in account", which is something I did presume - doesn't work.
So, this is a "sshd" issue.

Editing "https://github.com/pfsense/pfsense/blob/master/src/etc/sshd" (make a patch for it so it auto applies) after an pfSense upgrade/update) will do the job.
The match trick is also a good idea and worth testing.

@stephenw10
ah ok i read that link i not sure how you disable what in the bios

ill give it a try tommorow
create a file
/boot/loader.conf.local

and place in it
hint.iwm.0.disabled="1"

and thats all i need to do ?
not sure how you interupt the boot proccess
and then you type
set hint.iwm.0.disabled="1"
boot

right now it locks up the comp when it boots so i ended up saying i had enough of it today and had a drink lol...

so is it a freebsd issue or is it a pfsense issue?

and i never got the routing to not stop crapping out desktop was locked out again. makes you wanna drink too lol

and is there a time frame when they fix it.. i guess the next release of pfsense 6 months down the road? but like 2.8.1 probablly

@stephenw10 2.8 also has the issue fresh install none of my settings clean out of box install not on the 2100

Screenshot 2025-07-17 at 10.15.51.png

@dennypage said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

@wolffire said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

Is it possible to block package processes from doing so?

You can't block individual packages. The closest you could get is to find the domain or addresses the package is accessing and block those.

With specific regard to ntopng, I haven't examined all the callouts but I don't recall it doing much unless you were using the licensed version (activation check), or had one of ntopng's "active" modes enabled.

Make sure you have Active Network Discovery disabled in ntopng. It's in Settings / Preferences / Network Discovery / Active Network Discovery. This option should never be enabled on pfSense. Ditto for Active Monitoring.

Thanks for the quick answer.

I'm a little surprised about not being able to lockdown individual processes for those 'who watches the watcher?' types of situations. Finding a dynamic workaround will be painful.

As far as ntopng, I just don't want it to be able do anything online unless I've configured it to do so; I loath the idea of telemetry being sent off to various companies.
Not that I've found anything (I haven't taken a serious look yet); I'm just a bit weary.

Speaking of the settings, after reading that post about inadvertently scanning the Internet, I definitely ensured active monitoring and network discovery was turned off. 😆

https://github.com/pfsense/FreeBSD-ports/pull/1420

Merged I could not test it but it is in there with the make file now and the distinfo file

@stephenw10

Let me know if you can test that out

@stephenw10 Correct. Way longer than the tunnel rekey times, so something must prompt a configuration reload outside of that.
Or maybe the tunnel went down at some point and the config was reloaded when a reconnect was attempted.

@patient0 OK, that helped. I'm fairly certain I had tried clicking Add time before and it hadn't worked - with the error I previously reported. In any case, it worked for me now. Thank you!

@stephenw10 I believe that is mpt attempting to talk to the RAID card as if it was in IT mode, trying to count the individual drives ("REPORT LUNS"), and the card replying "No, this is RAID, you can't talk to the drives directly" ("ILLEGAL REQUEST").

I'll run a fs check next time it's convenient to take down the entire network. Probably this evening.

@ameinild said in Kea client logs:

I get no logging from the kea-dhcp4 service for client DCHP logs, only from the dhclient for the WAN interface.

Well ... this is FreeBSD/( and Linux) classic log behavior : no news is good news.

Does it reconnect as expected using the old mpd5/netgraph?

Is it failing at both IPv4 and IPv6?

If you disable IPv6 does it then reconnect correctly?

We have seen one other report from an A&A user but that failed to connect after reboot.
https://forum.netgate.com/topic/198027/if_pppoe-problems-with-php-fpm-causing-loops-resolved

@stephenw10

Thanks for the response.

In reviewing your response and looking through my configurations, this one firewall did NOT have a valid Client name set and was missed from my template configuration when the firewall went into service.

I apologize for taking up yours and anyone else's time. I feel like a Newby today.

Does it report the memory usage in both Proxmox and pfSense?

Can you see what's using it in the output of top or ps?

@stephenw10

Thank you, that was what I was not doing and really appreciate the guidance and support here. Thanks

@stephenw10 Eventually I was able to read the a cloned disk from a side FreeBSD I setup, then I edited the config.xml to include the correct source IP, replaced the original disk with the cloned-now-edited disk and that how I got my access back and then I enabled the console. Thank you.

@dennypage, @maximushugus, @louis2, @jeffscott

Good news!

I have the PIMD version I did compile yesterday working !!
Including the related pfSense gui.

Not I think I can make it running the way it should in the coming week(??).

Note that at this moment I still have the following issues:

The warnings at compile time. Surely NOT OK!
=> I do not have the knowledge to fix this. but it does not be blocking. The man directory issue.
=> I have no idea how to solve that. My actual work around is removing the manual files from package definitions (NOT OK) Pimd does not run using the GUI.
=> At this moment I have to start pimd from the command line in debug mode and restart pimd after each config change. However pimd is running and I can access my media server.
pimd -n -f /var/etc/pimd/pimd.conf --disable-vifs -l debug=all the firewall rules are not yet as they should be, for the test I just opened too much.

So I have to sort out things in the coming week/weeks. But I have good hope that I can solve points 3 and 4.

If someone can solve points 1 and 2, it would be highly appreciated!!