@shocko if you go to https://www.pfsense.org/download/ and do Not select an architecture, and click Download, you’ll see the last couple versions. Which will get you the same file. :)

@stephenw10 Thanks，i've already solved the problem. Forget to lanuch the gateway opposite my local net caused this error.

@stephenw10 When following DoT procedure base on netgate. All alliases having dynamic name to resolve, get an response from dnsfilter « failed to resolve host - will retry again later ». Some of them does resolve bost most part failed completly ans then, at a point failed all. When chanching aliases to url ip table , no problem occur. If i remove all DoT everything work as expected Note : i have arround 140 dynamic name to resolve. Hope help Behavior apper on sg-3100, sg-8200 pro max. And all other device Version 22.05 not affected Version 23.01 affected Thank’s Hope helps

stephen, your last message prompted me to look at my BIOS boot priorities again. The 1st Boot Device Priority was UEFI OS as expected. 2nd - 6th Boot Device Priorities were disabled. However, under Network Device BBS Priorities, there were 4 entries for Intel Boot Agent (IBA) ports. I had these disabled at some point but some how that reappeared. I disabled all 4 entries and the IBA (CTRL+S) setup messages disappeared during boot up. I did briefly remove the Quad port NIC while doing some other activities. I suspect that the Network Device BBS Priorities were enabled when the card was reinserted into the slot. In any event, many thanks for helping solve this issue!

@stephenw10 said in Cable modem, pfSense and switches on UPS but still issues with power bumps: The modem might lose sync even if it doesn't lose power. Very true. Since he said Arris 32 channel which would be a DOCSIS 3 model.. https://approvedmodems.org/bad-modems/

@creationguy bump There are at least two things wrong with this package Time is off and there is no way to fix it making the timeseries charts unusable. Minute Interface Top Talkers field no longer reports IPs. This version of ntopng Community is worse than the one that comes with 22.05 for those main reasons. I have opened a RedMine on this to see if the earlier package can be made available but of course thats a black hole.....

Thanks for the confirmation stephen!

Thanks ! i will try that !

Yes, that seems more likely something in the base TCP stack since forwarding still passed pf but does not terminate TCP sessions. A lot changed between 2.6 and 23.01 (or 2.7) because of the rebase to FreeBSD 14. I'll see if any of our developers are aware of anything that might have caused this. Steve

Hi, the problem was our fault, nothing wrong with PfSense. The OpenVPN client stop working with 2.6.2 udpate. It starts working again with the one that PfSense have in bundle with the config.

@stephenw10 Looks like that did the trick. Thank you!

@fsc830 Yeah. I came across it after I had posted. It seems like the new FreeBSD 14.0 kernel used by pfSense Plus 23.01 is based on a pre-release version. So basically, I'm SOL for now. I don't want to mess with the system too much so I just went ahead and reverted all the changes I had made. No biggie but thanks for the heads up.

Well for some reason traffic from the firewall itself is failing. Maybe you have a rule blocking it? Something incorrectly NATing? Check the states while trying to download lists.

Those logs are expected if you open the webgui to random connection attempts. It's not an indication of any sort of compromise. You can test it yourself, just try to access some page before you login and you will see those logs: Apr 5 22:02:16 nginx 2023/04/05 22:02:16 [error] 47504#100318: *72304 open() "/usr/local/www/somenonexistentpage.htm" failed (2: No such file or directory), client: 172.21.16.8, server: , request: "GET /somenonexistentpage.htm HTTP/2.0", host: "4100.stevew.lan"

@johnpoz said in how to set up split-dns to access internal server via external ip and port from inside the network??: @hsssslaa said in how to set up split-dns to access internal server via external ip and port from inside the network??: it will get handed over to the dns configured under General Setup. only if you setup forwarding.. By default unbound resolves, it doesn't forward - if you want your dns to come from say 1.1.1.1 you have to setup that up in general and then turn on forwarding in unbound. Thanks for your explanation, it all makes sense. Yes, I do have the forwaring turned on so all is working as it should.

@stephenw10 You were correct, mistaken identity :)

Backtrace: db:0:kdb.enter.default> bt Tracing pid 11 tid 100005 td 0xfffff80004325000 kdb_enter() at kdb_enter+0x37/frame 0xfffffe003f174490 vpanic() at vpanic+0x197/frame 0xfffffe003f1744e0 panic() at panic+0x43/frame 0xfffffe003f174540 trap_fatal() at trap_fatal+0x391/frame 0xfffffe003f1745a0 trap() at trap+0x67/frame 0xfffffe003f1746b0 calltrap() at calltrap+0x8/frame 0xfffffe003f1746b0 --- trap 0x9, rip = 0xffffffff80da98f4, rsp = 0xfffffe003f174780, rbp = 0xfffffe003f1747e0 --- callout_process() at callout_process+0x184/frame 0xfffffe003f1747e0 handleevents() at handleevents+0x188/frame 0xfffffe003f174820 timercb() at timercb+0x25f/frame 0xfffffe003f174870 lapic_handle_timer() at lapic_handle_timer+0x9b/frame 0xfffffe003f1748a0 Xtimerint() at Xtimerint+0xb1/frame 0xfffffe003f1748a0 --- interrupt, rip = 0xffffffff81531986, rsp = 0xfffffe003f174970, rbp = 0xfffffe003f174970 --- acpi_cpu_c1() at acpi_cpu_c1+0x6/frame 0xfffffe003f174970 acpi_cpu_idle() at acpi_cpu_idle+0x2e0/frame 0xfffffe003f1749b0 cpu_idle_acpi() at cpu_idle_acpi+0x3e/frame 0xfffffe003f1749d0 cpu_idle() at cpu_idle+0x9f/frame 0xfffffe003f1749f0 sched_idletd() at sched_idletd+0x326/frame 0xfffffe003f174ab0 fork_exit() at fork_exit+0x7e/frame 0xfffffe003f174af0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe003f174af0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- Panic: kernel trap 9 with interrupts disabled Fatal trap 9: general protection fault while in kernel mode cpuid = 2; apic id = 04 instruction pointer = 0x20:0xffffffff80da98f4 stack pointer = 0x28:0xfffffe003f174780 frame pointer = 0x28:0xfffffe003f1747e0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 11 (idle: cpu2) trap number = 9 panic: general protection fault cpuid = 2 time = 1680623985 KDB: enter: panic Nothing significant in the message buffer It looks like something in the idle process so maybe some unsupported power saving function? Has it always done this? Steve

You need to use REGEX there so something like: Apr .4 1[2-5] Though I'm sure anyone with REGEX skilz could do better.

It could be either but I would set it up as 'split tunneling'. So OpenVPN on pfSense on your LAN will only route traffic to the OpenVPN tunnel subnet or other remote subnets. The server sends the subnets to route to the clients when it connects. So, yes, you can keep a PIA client separately and route traffic across that without causing a conflict.

Better to add comments to the bug so all developers can see them.