@gertjan said in Ver 22.05 - Unable to check for updates, pkg info reports invalid url: Does this implies that, ones a bad /usr/local/etc/pkg/repos/pfSense.conf ( /usr/local/share/pfSEnse/pkg/repos/pfSense.conf) has been pulled in, update requests are impossible as long as admin doesn't correct things ? Yes, though that file is only a sym-link to the repo files in /usr/local/share/pfSense/pkg/repos/. Those files are provided by the repo pkg and that's what was broken for a short time. Steve

There is an open feature request for it here you can add comments to: https://redmine.pfsense.org/issues/8694 Steve

Hello together, What version is shown here.... (picture below) [image: 1664893171641-5.jpg] ... should be matching to the chosen "branch"; In the dashboard shown version and the current chosen Branch should be matching together (Shown in the picture below) [image: 1664893207298-4.jpg] Show the installed packets in thew dashboard and scroll down until you reach the point "System patches", be sure there is a small hook shown and not a small plus (+) sign (Last position on the picture shown below) [image: 1664893353924-1.jpg] If there is a plus sign (+) you could click on the name of the shown patch and you will be directed to the to the pfSense section "Recommended System Patches" (As shown in the picture below, as an example) [image: 1664893498344-2.jpg] If you have applied this patch (or not, like you need it) you will be able to go back to the dashboard and click on the two bowed arrows to have a look again over the available updates. Now all should be fine there.

Yup, the DNS for that site is broken. <insert it was dns meme> But at least now you know it's broken and how so you can use any of the 3 workarounds to allow access again until it's fixed. Steve

At work, will run memory checker tonight. Thanks for the suggestion!

@periko According the manual @ https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html : [image: 1664870490371-d4adca7b-310a-4413-8d64-b4e8273fc301-image.png] But, it was a no go as I can't access : https://core.telegram.org/bots#creating-a-new-bot so, I guess Telegram has some temporary issues.

That particular CVE does not affect pfSense because it only applies to strongswan when acting as an EAP client which pfSense cannot be configured to do. That is often the case, FreeBSD vulnerabilities do not necessarily apply to pfSense. If it was affected we would either make a point release to address it or build an updated pkg in our repo which you could 'pkg upgrade' to depending on the level of assessed risk. Steve

I use FreeBSD as a daily driver on one of my machines and im falling in love with it. [image: 1664806629239-a6063969-adb0-44cd-9b82-b11765f66b47-image.png] Its so robust and unbreakable. Native ZFS support is just a cherry on top of all that. And yes. It has nothing to to with broken and bloated Linux kernel. Not only its not Linux based, you actually need to emulate Linux with projects like Linuxlator to be able to run Linux applications. Not that i recommend it, just want to point out how different it is compared to billions of Linux distros out there.

@stephenw10 I leave the dash board web page open on my desktop. Thank you for the reply.

@stephenw10 hello! thanks for the response, usb ethernet wont work long term, seen that when i looked at the netgate pfsense manual. that was the issue. i ran through the laptop with a vlan on single nic. works now, just having trouble figuring out a second vlan. i posted a request for help under L2/Switching/VLANs. thanks again! Terry

Ciao, @stephenw10 I did some test as suggested. With pfblocker enabled worked well for 2 days, then it begun to had some random crashes. These crashes usually happens during video stream (netflix) or watching youtube. Also, the router crashes even after pressing the "save" button to disable the plugin. But I have no issue when I do the same procedure but to enable it.. very strange. Unfortunately I haven't any log of these situations, usually on the home screen I have a yellow bar with a link, but now after the router reboot, it is like nothing happened. Now I removed pfblocker and eneble the traffic shaper again and I will do some new test with this settings

@stephenw10 Thanks for the offer, I had already decided to just open a case as I was about to call it a night. I removed the 2 SSDs and replaced with an NVMe drive. This time I installed 2.5.0 -> 2.6.0 and amazingly I got a super quick reply to my case, they offered to remote access the system to see what was going on. I did the upgrade to 22.01 and uname -a showed correctly and this time no issues with temperature sensors and AES-NI was showing as active. Did the upgrade to 22.05 and again uname shows correct and everything works as expected. I really appreciate the help, I am not sure what the issue was, either some problem with the ZFS mirroring and it was reading conflicting data from the disks or somehow the 2.5.0 starting point helped. Interestingly this time, I noticed that the wall of text during the upgrade was much much shorter and faster, not just the result of the faster NVMe drive, it just had less text, this time I recorded the upgrade incase it was showing errors, so I can only assume during the previous upgrade there were lots of errors reported but wasn't paying attention to what they said as I didn't expect any errors, I really don't know. I am happy that it's working and again thanks for your help.

I was in contact with my ISP and we managed to solve the problem by changing the ip 185.113.141.145 to the ip 185.113.143.xx inside the /24 of my /28. Thank you for help.

Yes, you would think. If it got stuck in a loop compressing the logs it could have high CPU usage for a long while though.

@skilledinept said in Automount ZFS volumes/datasets: could it be that it's not loading some service that mounts the ZFS pools? That is a good possibility. On a normal FreeBSD system /etc/rc.conf has "zfs_enable=YES" to enable/start the zfs service. I don't have a pfSense with ZFS in front of me, but in the Web GUI, look under services and see if there is a ZFS somewhere to enable.

@bob-dig @stephenw10 You guys were 100% right... lol. I ended up having it configured through my wireless router (which I had setup as ap mode only). In AP only mode, it hides the ddns configuration... (smh). So when I checked it as a possibility it didn't show up. But after monitoring tcpdump I saw it reach out and try to update, so changed it back to router mode and was able to disable it. Thank you all for your help!

@matthew_beck You setup a traffic shaper (also called a limiter), or multiple traffic shapers, and apply that to an interface or one specific machine, or an alias of machines (hosts) on an interface. https://docs.netgate.com/pfsense/en/latest/trafficshaper/index.html Here'a a good video on the process: https://www.youtube.com/watch?v=gIvc1qZn5dc

@hlrobert said in Local Password policy: My PCI/SOC2 auditor would like to talk to you. I known you're joking ;) When handling private data like credit card stuff, medical data, or worse, army stuff, all bets are off. Even simple systems that handle the power grid should be seriously protected, because it's the blood of our society. I only need one training when I have to deal with "PCI/SOC2" : and that is wrting clear and correct huge payment checks, as I would eject myself out of the "I know that" position. I would pay some one. And sue the hell out of him when thing go wrong.

Thanks, everyone. You're all correct. The count did include the replies. hahaha, I need more coffee. But, I also would like to reduce the noise. These answers are exactly what I was looking for. Really appreciate the quick responses. Thank you again!!