@matrix2113 You could use a VLAN and managed switch to separate WAN & LAN interfaces.

@shaw222 I don’t have a link but forward the ports to your VPN server running on your LAN. I was just brainstorming.

@stephenw10 i got it, thank you so much!. if any doubts will let you know.

@johnpoz said in Cisco vs. pfSense: Throw ddwrt or openwrt on that 20$ box and he would have cool stuff to play with for days and days.. Vs trying to get 15 year old hardware trying to do something actually productive. I know both DD-WRT and OpenWRT very well and I also use them. But even then, the differences lie in the hardware. Just as I wouldn't buy a PC with water cooling if I only use it for writing programs and the Internet, I don't have to invest expensive hardware for an AP if I don't use it in a productive environment. As @stephenw10 said so beautifully..... @stephenw10 said in Cisco vs. pfSense: It's all relative.

@stewart said in Can't get notifications on 1 firewall to work with Office365: @bmeeks We have 60 units in production. They are about 75% static / 25% DCHP. That could work for some but not for others. Did you try using an app password? It's been several months back, but I am pretty sure I tried the app password route and it would not work with the new Office 365 security settings. Microsoft's goal is to completely shut down simple password authentication for SMTP including app passwords. You can postpone the inevitable for a short time by not turning on multifactor authentication, but eventually you will get forced over to MFA and lose simple password login.

Thanks Gertjan! I have turned it off.

Yes, that's what I meant. If you're using the CLI and have not recently opened the dashboard you might need to run pfSense-upgrade to pull a current cert before running pkg update. Steve

Do you have a crash report? We can usually see what's happening just from the backtrace and panic string contained in it. Neither of those have anything you shouldn't post publicly. Steve

Reading between the lines I expect to see no IP address on vmbr1. IP B should be assigned to the pfSense WAN directly. I assume IP A and IP B are in the same public /24. Steve

@stephenw10 Seems to be working fine so far. As you said, just making sure that specific devices have their gateway set to the correct firewall for I/O to Internet. Devices are able to communicate internally so it's kind of a nice simple setup for adding bandwidth in an environment with a number of limitations.

Exactly the same php error? Undefined function errors like that are more often issues with the upgrade itself.

@rcoleman-netgate I'm not too worried about getting into the device. Usually there's a sticker on the bottom with the password; or the default password can be found online somewhere. At this point, that location is back online, and the IPsec tunnel is working. While I "could" use the IPsec tunnel to access the modem, I'm not willing to risk it while remote. I'll switch it next time I'm onsite.

@stephenw10 SORTED, THANK YOU!

@murdof said in pfsense plus crash: Maybe there is a filter or technical term to acknowledge that this is fine (apparently it isn't) or should I just remove this AP from my network? If it's something known and expected you can disable logging ARP movements. See: https://docs.netgate.com/pfsense/en/latest/troubleshooting/logs-arp-moved.html

Big thanks' to all for useful tips!

Still no router to host so either there is no route somehow or it's resolving to some IP that's incorrect. Make sure it's actually resolving as expected: [23.01-RELEASE][root@6100.stevew.lan]/root: host pfsense-plus-pkg00.atx.netgate.com pfsense-plus-pkg00.atx.netgate.com has address 208.123.73.207 pfsense-plus-pkg00.atx.netgate.com has IPv6 address 2610:160:11:18::207 [23.01-RELEASE][root@6100.stevew.lan]/root: host pfsense-plus-pkg01.atx.netgate.com pfsense-plus-pkg01.atx.netgate.com has address 208.123.73.209 pfsense-plus-pkg01.atx.netgate.com has IPv6 address 2610:160:11:18::209 Then run it with -d4 to get debug output and test over IPv4. Steve

@johnpoz That drawing is still valid for when I was testing the bridge. I just mentioned (off-topic) that I also tried to migrate the APs to wired backhaul, but that didn’t go well either. I decided to give up on those and redo my network completely (except Netgate).

@steveits @stephenw10 Actually, it turned out not pfSense's fault but a Mikrotik that's my LAN boss...in an attempt to mitigate a triple NAT situation from using the T-Mobile's gateway, I turned off NAT on the Mikrotik losing established routing; so, rather than messing with setting routing manually, I enabled it and smile with my triple NAT.

Thanks Steve! This appears to be definitely related. Setting all dev.hwpstate_intel.%d.epp=95 seems to have affected temp readings and brought them within more reasonable levels. I will educate myself more on this. I am in the lab today and will explore bios settings. Warm regards, Mark

I've just encountered this issue setting up my remote logging for the first time. Using Syslog-NG, I had to include 'create_dirs(yes)' in my syslog-ng.conf file. Example: destination d_remote { file("/var/log/remote/$HOST/$YEAR/$MONTH/$DAY/syslog.log" create_dirs(yes)); }; Cheers!