OK, weirder... According to the Plug-in programmer it's a simple TCP socket connection to port 50000 on the reciever. So then I really don't undrestand why I can't connect!

@SarahBrown13 Actually after a few days of discussions and examinations on TAC and here in the forum, my IP was unblocked. The guys were great. Only the technician who first responded to TAC cut short immediately, showing no desire to go into detail nor help me, which annoyed me quite a bit.

@ramup said in pfSense 2.8.1 no packages updates - reason?: Hello Netgate Team, I have pfSense 2.8.1 in use. Is there a certain reason why installed packages do not receive an update? I noticed that on the GitHub pages there are newer package versions, e.g. Backup latest 0.6.3 but 0.6.4 available Lightsquid latest 3.0.7_5 but 3.0.9 available pfBlockerNG-devel latest 3.2.10 but 3.2.12_4 available squid latest 0.5.3 but 0.5.8 available WireGuard latest 0.2.9_5 but 0.2.11 available Package versions on GitHub don’t always match what’s available through the pfSense repo. Netgate usually holds back newer package releases until they’ve been tested specifically against the current pfSense branch. So even if upstream or GitHub shows a newer tag, it won’t appear in the GUI until it’s validated for 2.8.1.

Same behavior here. Presumably it's the result of some permissions hardending. A user not privileged to modify an elevated service should not be able to determine the status of said service.

@akochetkov said in fe80::1:1 for ipv6 track interface causes a problem with Apple TV box: I cannot use "Managed" configuration as some my devices do not support DHCPv6 (SLAAC only). That's why I use SLAAC. Android devices don't work with DHCPv6.

@JKnott tldr; Own network. AFAIK they are only available in certain select areas (Aurora, Newmarket, Stouffville, and parts of Markham/Richmond Hill) where they have their own Fibre network. So far I have been very happy. When I was getting set up, I found their customer service team a refreshing change from Bhell and Robbers. Teksavvy also had decent customer support as well. It was so refreshing to find support people that know enough to have a meaningful technical conversation. A big plus is that I get an ONT in bridge mode and I don't have to deal with the pathetic consumer crap that Bhell and Robbers slop out. Robbers has the audacity to force a hidden WiFi that supports services to other customers that can't be turned off-went as far as the office of the President to get it turned off, and when they said NO, I ditched them and never looked back. This hidden WiFi not only adds to WiFi congestion, but it is likely a long term health hazard because the modem is under the desk and within 2 feet of where I sit for hours on end. From what I can telMAX is great, latency about 4ms jitter 1-1.5ms, speed saturates my 1G network gear (although the connection is supposed to be 2G bidirectional (measured with speedtest.net) -hence I'm thinking about some hardware upgrades. The reason for my post is that I am wondering if there is a slight difference in the "first hop" after pfSense. I do have some delays/slow response that I'm pretty sure is caused by improper configuration or possibly hardware issues. I had similar (but slightly different) issues with Rogers/Teksavvy. So far haven't had the time to troubleshoot. I saw a Youtube on Wireshark a while back that gave me hope that I might be able to determine if the issue is inside or outside the firewall, but I need to take some time to go over it. May also be that I have IPv6 disabled as well. That's why I was hoping to find someone who may have looked into the finer points. </EndRamble>

If it's actually a DNS list and not IPs/subnets then it doesn't create an alias like that. If it is IPs you should add it via the IPv4 feeds not DNSBL

@Xantra said in Short hangs happening randomly a few times a day: I do have pfblockerng .... Depending on the number of DNSBL files you use, and the 'mode' you use, and the frequency of updating, pfblockerng can 'spike'. All the DNSBL have to be synced, and re downloaded if updates are avaible. Then they are all added together in on big file. Then this file is parsed, one line at the time, for white listing. Then this file is parsed, one line at the time, to check for double (or more) identical lines. Normally, this mode should be used : [image: 1764317053862-c14745f2-d037-4bba-81c5-5057cb30cd06-image.png] as the old Unbound mode used a lot of resources, and unbound had a hard time to restart (it has to read in the main DNSBL file into memory).

@Omission0832 who said anyone has to know everything? Your question is not what my point about is - my point is the numbers are insignificant to be concerned about. For all we know they happened when a device was shutting down or booting up, or you had a spike in traffic that caused some errors. you might want to look at netstat -s or netstat -sI interface for more detailed breakdown of errors. But unless you see constant increase in errors or a high percentage of errors compared to total packets I wouldn't worry about see a few errors on an interface. something this is 0.000X of your total packets is nothing to be worried about

Ah, nice! Yeah in retrospect those 5K byte packets in the pcap should have been a clue. I missed that.

@marcosm Hi - Just an update on this. It turned out it was the ena cleanup job that's what causing the CPU spike. CPU 0: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle C PID LWP C PRI STAT %CPU TIME COMMAND 0 100154 0 -64 RLs 100.0 11:22.91 kernel/ena0 queue 0 cleanu -- So basically - ena drops out, and then the cpu gets in a deadlock kind of situation where the ena cleanup job is stuck on one CPU. Has anyone experienced this random ena failures on AWS - When it happens, there's not a lot of traffic pressure nor the CPU was under load etc...it just happens randomly

Try using multiple parallel streams. I've never managed to get full speed over 10G interfaces on any hardware. -P, --parallel # number of parallel client streams to run

@alnico said in SG6100 SWAP full and high CPU - tweak suggestions?: Interesting, I will start to disable WAN interface and then turn off/on each one as you have suggested and see how it goes Given that your original post shows ntopng at 39 hours of cpu, I think everything else is probably minor in comparison. As a starter, I would suggest disabling ntopng completely while you evaluate the rest of the system. Btw, when you get around to re-enabling ntopng, it might be easier to simply reset ntopng as a starting point rather than going through the ntopng UI to find everything that has been turned on.

Sounds like something is linked at 1G. The ISP equipment might be trying to link at 2.5G and the NIC doesn't support it. Try running at the command line: ifconfig -vma to see how the NICs are linked now and what they are capable of. Run pciconf -lv to see the actual device and vendor IDs for the NICs.

@stephenw10 Had a brief ISP outage and if_pppoe auto recovered. :)

@beerguzzle as I mentioned before and luckman mentioned above Serial2 just works without any tweaking.

Yup that. But basically make sure you're using python mode.