@gertjan pfBlockerNG, by default, right after installing, does contain an 'example' DNSBL feed DNSBL isn’t enabled by default. There are plenty of DNSBL feeds that appear on the Feeds tab, but none of those are enabled either.

Hello all, Thank you for replying back to my post. I'm only trying having one server connected to my pfsense router that is all. I was looking for the minimum requirements to run a pfsense router. I have found a few. Sense I only have one server and no need of more I have a small computer with 2gb of memory and 32gb of hard drive on a computer I have should be perfect for it. Joseph

@steveits Thanks a lot!! it worked!! I wish i could buy you a cup of coffee.

@deanfourie Normally MITM is achieved by installing a CA cert on each device and then creating "certificates" on the fly. Can be done on a PC but you can't really install your cert on an IoT device. Easier to just block DoH per the above and then if you need to, allow a device to use it.

@patryan I like the simple ones! Ted Quade

@pf-sense-help here is a quick walk thru I did years ago, that still valid https://forum.netgate.com/post/831783 This is how you would create a CA, sign a cert and have your browser trust it. You can use whatever sections of it you need if parts have already been accomplished.

@rcoleman-netgate Am I correct that the i915 kmod video driver would not help with this as it not loaded at the time boot menu shows? Btw I tested booting 2.7CE (feb 15th build) from usb-drive and it had the visually correct boot menu. For proper testing, I would need to swap in another ssd and make a test install with 2.7CE, but I don't think I'll waste time at that...

@johnpoz Thanks! That worked just fine. I am not knowledgable about certificates and was nervous about changing anything that might break web access.

@stephenw10 Yeah, it's recurring, still nothing in a Zpool scrub.

@stephenw10 LOL me 2 ill have to reload the old settings on the old hardware and load the patches 1 by 1 and see what fixed it i guess.

pfSense itself must already have a static IP address on that interface. The DHCP server would not be able to run there if it didn't. The 'Copy my MAC' function there is the MAC for client you're accessing the gui from, not the pfSense MAC. Steve

I work for IPinfo. If we are not providing accurate IP geolocation data for you, consider submitting an IP correction request: https://ipinfo.io/corrections The request goes through the verification process. If the correction is verified within 24-48 hours the geolocation data gets updated.

@johnpoz @dobby_ Thank you I will explore

@rcoleman-netgate Sorry, can not reproduce now this error to make screenshots. Did fresh reinstall of Windows 11 and for this moment no any warnings. That was standard error warning "your connection is not secure and site can steeling your sensitive data."))) Took a look on certificate of this site and was intercept with additional certificate from my ISP! No any idea , how it possible during using of VPN. My laptop was connected with VPN client (ExpressVPN) throw home router ((Router not from ISP and firmware is OpenWRT ) to pfSense box (pfSense plus 23.01 is installed on old laptop). But this warning start coming not immediately on fresh copy of Windows but a few days later. Now after reinstalling will watching out this situation again(((

@ffuentes said in Logs Settings and OpenVPN: After upgrading from the latest 22 branch to 23.01 I lost my logs settings page Also OpenVPN no longer wants to start for nether client or server. I fixed the OpenVPN issue with the patch: https://redmine.pfsense.org/issues/13963

@Stugots open a ticket at https://go.netgate.com and include your current Netgate ID and the order number from your original CE->Plus upgrade token.

I agree, it should almost always be bridged if you're running VBox in any sort of permanent way. 400Mbps between VMs is pretty slow though. That seems like it must be a problem in the VBox config somehow. Though it's been many years since I ran in Windows.

Ok. I can see it now. Thanks for your help.

@viragomann Yeah I did before you replied and that's actually what told me how it works haha. I thought "it can't be that".