@viragomann Ok, that makes sense. For testing I tried the following: pfSense SMTP Port: 25 pfSense Enable SMTP over SSL/TLS: off Postfix on mail server: smtpd_tls_security_level=encrypt (my understanding: this forces the use of STARTTLS) Error message from pfSense: Could not send the message to chris@mail.ws3 -- Error: Failed to set sender: root@pfsense.ws3 [SMTP: Invalid response code received from server (code: 530, response: 5.7.0 Must issue a STARTTLS command first)] --> my conclusion: pfSense does not use STARTTLS Changing the Postfix setting to smtpd_tls_security_level=may solves the issue but leads to a unsecured connection (not a real problem in my environment, but would be interesting to understand the circumstances)

@caymann said in pfsense haproxy LAN side issues: Host Overrides: I cannot use host overrides as i have multiple docker containers on the same host. HAproxy is your frontend server. So point the host overrides to the LAN IP of pfSense, not to the backend.

@bob-dig said in Different Interfaces/Gateways Using Same IP Address: And there are other providers like Mullvad, where every tunnel gets a different IP. IVPN is like that as well. I've used them for years. It's been pretty much rock solid, set it and forget it. Good speeds, and I've found their tech support to be very good. I really have no reason to move away from them other than my Proton email account includes 10 VPN connections. So possibly saving $100/yr.

If you set a hint we can search for that. The ACB key is based on SSH not the NDI. Since 2.6/22.01 SSH keys are backed up in the config so if you restore a back taken since then it should also restore access to ACB for that system. Steve

Persistence FTW!

@michmoor said in Duplicate tracking ID: Help me understand why igc0 or igc1 comes up in the logs but its called 'LAN' in the or IOT in the config. Why is it using the physical name of the interface instead of the description? Maybe because you don't have igc1 assigned as an interface dircetly? Only VLANs on it? Because the rule is for 'not igc0' that includes all interfaces that pf can see including untagged on igc1. The switch is leaking it there. I still would not expect the same rules ID there though.

Ok, 550 x 2Mbps pipes is greater than the total available bandwidth. So it's possible you're simply seeing an upstream limitation dropping packets at which point pfSense has no control over it. You might be better off setting a bandwith sharing dynamic Limiter on the interface rather than a hard 2Mb limit per user.

You mean the cron pfSense package? You can install that from the CLI like: [23.01-BETA][root@plusdev-3.stevew.lan]/root: pkg install pfSense-pkg-Cron Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-Cron: 0.3.8_3 [pfSense] Number of packages to be installed: 1 8 KiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching pfSense-pkg-Cron-0.3.8_3.pkg: 100% 8 KiB 8.4kB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Installing pfSense-pkg-Cron-0.3.8_3... [1/1] Extracting pfSense-pkg-Cron-0.3.8_3: 100% Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_resync_config_command()...done. Menu items... done. Writing configuration... done. Steve

@stephenw10 Oke great. It is in the pipeline so to speak Thank you!

thank you for everyone's support

OpenVPN with DCO can use QAT if the hardware is supported.

@jdeloach http://web.archive.org/web/20210502020725/http://www.shallalist.de/Downloads/shallalist.tar.gz Use the wayback machine for the website before the shut it off, the last list they had is available in a historical context

Hello @Gertjan, I did test the memory with memtest86+ and it did find issues with the existing RAM. I have installed new RAM in the system and tested it with a "PASS" result. I will keep monitoring the system to see if the crashes will stop. Thank you for your help,

@operations said in WhatsApp videocalls on same network, connection really bad: I have bought a subnet /29 from a different company. So i setup a GRE tunnel and use IP Alias for the /29. Do you understand what i mean? I do. I would check the routing though, make sure the GRE tunnel has no become the default gateway for anything unexpected. Your description of the problem indicates to me that the calls are forced to fall back to some sort of relay mode rather then clients connecting directly. It's unclear what causes that though. It could be they require static outbound source ports since you didn't have any set. That would be a significant drawback for WhatsApp working behind many firewalls though. Steve

@mc-amz Just in case anyone stumbles upon this issue. We were able to fix it by adding the setting "ldap server require strong auth = no" to our smb.conf file.

@bmeeks Good to know!

@nicesub said in Pfsense refuses to boot on Hyper-V: Few more things left to be fixed on it if possible: It does not know what kernel is installed and when I go to "System update page" it does not know which version is installed. Also I get message there "Unable to check for updates". In the package manager I cannot see the list of installed packaged as well and I cannot retrieve list of "Available packages". That's fixed years ago You need the 2.6.0, not the ancient 2.5.2.

@chrisan I wasn't responding to you nor was I referencing your issue but rather responding to @JKnott's comments.

@optimus-prime If he has an wifi AP you could connect it to your switch and configure a separate subnet for the guest wifi.