@zoltrix You might also get an IPv6 address, as IPv6 is a mandatory part of 4G & later. However, this depends on your carrier. Mine, Rogers, does it properly and tethered devices get an address. Another company (work phone) does a lousy job. However, since the phone doesn't provide prefix delegation, pfsense can't pass IPv6 on to the LAN.

@stephenw10 ... ah I see. Thanks everyone, BRgds/Alan

@stephenw10 sent you the IP address in a PM/chat. Thank you for trying this.

You shouldn't have to. And even if you did it would probably just exhaust the new limit in a case like that. You need to locate the process that is running incorrectly if this is an ongoing problem. Steve

Nope. All is good. Thank you "all" for the assistance and quick response.

Not in the webgui other than filtering the system logs. Steve

If you ping 1.1.1.1 from a client on LAN and then look for that in the state table you should see something like this: [image: 1642770844568-screenshot-from-2022-01-21-13-12-52.png] So a state allowing it in on LAN and another state allowing it out on WAN and also NATing the source to the WAN IP (also a private IP in my example). Steve

@stephenw10 I never noticed any network interruption. I will check the link you sent, thanks.

@nollipfsense thanks! It seems better now. Comparing some traceroutes it looks like it was an issue after my ISP but before Netgates servers.

@stephenw10 It's a little confusing. I looked up the non V2 and the V2. Mine are 2.20Ghz at 95W. BX80621E52660.

You cannot yet view backups except via the pfSense webgui. However you can use ACB on another pfSense instance to fetch a backup as long as you have the acb key and encryption pass phrase. Steve

Nice find.

Ah, well similar deal if the VPN client is routing all your traffic over the VPN.

Do you mean outgoing connections? You can allow only the ports you need. You will find there are a lot of ports you didn't realise you needed for most environments. Steve

Yeah, DNS override or NAT reflection: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html Steve

Yes, the AWS AMI deploys with mobile IPSec configured but disabled. It has that VIP set to allow mobile IPSec clients to use it for DNS. Steve

It's always by an interface perspective. How else could it be?

@johnpoz LOl, correct :). Thanks very much for all of your input. Even if I am not able to commit it all to memory, I have these threads to come back to when I'm stuck.

Clear those alerts and reload the filter in Status > Filter Reload to make sure the current ruleset is loading. Those pfBlocker errors are quite common at boot though and not usually a problem. Steve

@skilledinept said in Do the OpenSSH 7.9 CVEs apply to pfSense?: -to see how readily is info like this available to scanner. you could turn off the banner, Not sure if pfsense allows for that in the gui? But if your allowed to talk to the ssh and try and negotiate a connection to "auth" you would still be able to get info like what algos and ciphers are possible. You could edit the sshd conf directly, but that would just get reverted on update, etc. Security scanners can be very useful - and fun even. But a lot of what they report really needs to be taken with a grain of salt, if not a whole freaking tablespoon of it ;) But it did do its job - it got you curious, and looking into, and now you prob make for a more secure setup even if what it had reported wasn't really valid ;)