I have created and submitted a pull request for the Netgate developer team to review and merge. The request is posted here: https://github.com/pfsense/FreeBSD-ports/pull/1221. Once this is merged into the pfSense snapshot branches, a new Snort GUI package version will appear (version 4.1.6_5). It may take a bit to get merged and built because the team is quite busy prepping the upcoming new pfSense releases.

And that worked? If not then check for blocked traffic. Check the state table at both sites make sure traffic is going where you think it should. Steve

@dominikhoffmann said in Gateway has 100% WAN packet loss but is online: I can ssh into the WAN address the gateway reports, from outside of the LAN. I don't think that really answers the question. [Also, it seem strange that you would be able to ssh into the gateway?] When you look in VPN > OpenVPN > Servers, what are the Tunnel Networks? When you look in Status > Gateways, what are the addresses being monitored?

Boooo!

I mean.... I'm pretty sure that's what they are trying to do. But that doesn't rule out ineptitude! Hanlon's razor may apply.

@stephenw10 I think I either fixed this or its not my main issue...going to open a new post for my main issue

ok run into same thing ... gonna have a look into this 2.6CE brNP

You can execute commands directly using ssh if you have key based authentication setup. Like: steve@steve-NUC9i9QNX:~$ ssh root@apu "sysctl dev.amdtemp.0.core0.sensor0" dev.amdtemp.0.core0.sensor0: 54.1C You have to use root to avoid the menu. Steve

VLAN10 only needs to have ports 1 and 8 as members if you don't need to have DMZ hosts anywhere except as VMs. Otherwise that will work for the switch config. The VBox config is probably going to be more complex. I'm not sure I've ever tried it, I moved away from VBox a while back.

@stephenw10 All working now. Thank you all.

@stephenw10 Ok then, I will use the email option to remind our users to change passwords when they are about to expire.

Stunnel listens on localhost and forwards requests to dap.google.com so I would expect to point Freeradius at localhost on the appropriate port. As you do for LDAP auth directly: https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsuite.html#configure-ldap-authentication-on-pfsense-software

That appears to be the same crash report file. Do you have a different one?

0.5.1 has been released with support for nat forwarding of non-TCP/UDP protocols. https://galaxy.ansible.com/pfsensible/core

Actually, a simple reboot cleared up this problem (I was afraid to reboot before going to bed). It was odd. I suspect it was nginx problem but I was not able to fix it Thx all!

DynDNS works fine in everything I've tested. There have been some glitches with some services in the past and there maybe in the furture, usually when services change their API etc. Right now I'm not aware of anything that isn't working though. You can check the redmine for open dynamic DNS issues. Steve

@eeebbune Install the System Patches package, and then under System/Patches apply that patch I mentioned.

@nogbadthebad, @Cool_Corona , @stephenw10 Thank you all for responding. I have discovered OpenStack's Neutron network and Open vSwitch possibility and have installed OpenStack on VirtualBox to play with over the weekend. However, You all are correct that using home via VPN would be the best option for the iPad pro.

If your ISP has massive buffer-bloat you're going to see large latency increases when traffic increases however powerful your router is. To actually address that you need to use some traffic shaping on the firewall. If you only have one gateway defined it will always be the default route and pfSense will always try to use it. However it will still trigger a bunch of scripts that aren't required if you only have one. So I'd recommend editing the gateway and setting 'Disable Gateway Monitoring Action' to prevent that. However if you move the load-balancing over to it you will need to re-enable it. Where do you lose internet access from when you connect the 192.168.88.0/23 devices? What are you actually doing to connect them? Steve

Personally I use the default setup for NTP. You don't ever want to expose that to the WAN but the default firewall rules prevent that.