@darren200701 No issues on latest Ventura developer beta. If you are still having issues, Stuffit Expander is available from the Mac App Store

Yeah, if you have a CPU that supports SpeedShift it probably will be running faster/hotter with the default values than when using SpeedStep tuned to reduce power consumption.

@Gomo said in pfSense inpath DPI / setup question: pfSense transparent bridge Didn't even entered my mind...thanks for sharing.

@menethoran said in setup new non-active (yet) pfsense machine on network with working pfsense: I WILL be replacing one with the other, but I want to have the new one as set up as possible before switching. The way to do that is to download the config file and use it to get started with the new system. However, you will likely have to reconfigure the interfaces to match the old system. You can do that from the console, using ssh.

@SteveITS said in pfBlockerNG - Blocking a domain: does your log show an error it's trying to update the empty source? No errors here when updating or reloading.

@stephenw10, Well I am using the TFTP server and PXE to boot iPXE. Once iPXE takes over I want to use it to "sanboot" an ISO, but that requires the ISO to be made available via HTTP. It seems like the best thing is going to be for me to just install an HTTP server on a VM or in a container for that purpose, I was trying to avoid that and let pfSense do it, but I see it probably just cannot be. I was hoping pfSense could serve it up, but no problem I'll just setup a container to do it. Stuart

That is pretty small. We have to do some odd tricks to parse the lease file since the format used by ISC isn't very friendly to parsers. It's possible there is something in the lease data that is making the parser fall into an infinite loop. Probably something in one of the uid or client-hostname lines, but uid is much more likely to contain something problematic.

@stephenw10 Thank you. I know I have eyes on it now... but every entry helps.

@jimp said in Modify a widget?: While there are no plans I'm aware of to add that, given the functionality that's already there, it may not be terribly hard for someone to add and make a PR to do. True, it looks quite nice, not been through the imports yet though. Will be something to figure for a rainy day perhaps. Thanks :)

@Jarei said in pfsense+ upgrade from 22.05 to 23.01 causes kernel panic: well the good news is changing that problem card solved the problem running 23.01 atm had zfs saved snapshot so could test it quickly now my license does not work anymore so can't upgrade to 23.05 like yay think i'll move my shit over to something else just by changing 1 network card license is void this just plain sucks :( Are you seriously complaining about a free license that didn't cost you a single dime? Feel free to "move your ****" to another firewall platform.

Yup, if anyone can tell you what the expected behaviour of the AT&T router is it's the guys in that thread.

Hi people, my NIC arrived and it's running so fine. Love it! Will buy a Netgate 2100 in the future for the low running cost of 5W only! [image: 1685519039547-fada4b50-67bd-45b0-9a3e-52815b36895e-image.png]

@SteveITS Yep it has I believe 3 modes and one of those is AP. I will do some testing and report back but could be a while as I am not at home due to personal circumstances but will report back. That option to place the AP there is a really great one as it also frees up a port on the Pfsense SG-1100 (I ordered one before I came to this forum, if I knew then what I know I would have ordered a 2100

@tjabas said in need some help assigning ports in new router: i was trying to do so by assigning igc2 as the same start ip as igc1(192.168.1.1) but it wasnt possible so i made it 192.168.2.1, but i cant get no internet connection in that port. Unlike the main LAN, you need to provide rules to allow the traffic. Here's what I have for my guest WiFi. It's on a VLAN, but it works the same way. It allows connecting only to the Internet and pinging the interfauce. [image: 1685478689945-b2263027-ed7b-4ba3-876d-a871ead6e324-image.png]

@Troutpocket So based on what I have recently done i think you will need a radius proxy. To add some color, I recently set up Cisco DUO 2FA. Logging into my pfsense using LDAP or OpenVPN using LDAP auth, admins and end-users will get a DUO Push notification. Works brilliantly. In order to get this accomplished I needed to have a working LDAP server that everyone initially can reach and auth to. Once that is working I set up a DUO Proxy server that also listens for LDAP requests. Now you point all your LDAP configuration to the DUO Ldap you set up and when any LDAP request get sent to this proxy server, the proxy talks to the LDAP server confirms that auth is good then talks to the DUO service to have a push notification sent to the end-users phone. I bring all that up to say i think you require a proxy as well. You need to have something talking radius and all radius requets get sent to it and the proxy will turn around and send it to Azure. I found this while searching. https://wiki.freeradius.org/config/Proxy

@vahidmoghadam You'd do it with a shell script. Here's one I wrote years ago on Linux: #! /bin/sh while [ 1 ] do ping 99.246.124.1 -c 1 || date >> ~/log;sleep 50 done The commands I run on failure are date and sleep for 50 seconds.

Apologies for the thread necro, but I figured I should give a final update. Was all ready with Wireshark, and waiting for the problem to happen again - but it didn't. And four months later, it still hasn't happened. Everyone seems to be working fine. And I still had no idea what the problem was, or why it suddenly vanished. It could be sunspots for all I know. Thanks for all the advice and suggestions.

Both of those crashes are different but appear to be in PPPoE and netgraph. They don't quite line up with other similar recent issues either. First panic backtrace: db:0:kdb.enter.default> bt Tracing pid 0 tid 100007 td 0xfffffe0012e2c720 kdb_enter() at kdb_enter+0x32/frame 0xfffffe001099f960 vpanic() at vpanic+0x183/frame 0xfffffe001099f9b0 panic() at panic+0x43/frame 0xfffffe001099fa10 pppoe_addsession() at pppoe_addsession+0xb1/frame 0xfffffe001099fa40 ng_pppoe_rcvdata_ether() at ng_pppoe_rcvdata_ether+0x8ba/frame 0xfffffe001099fad0 ng_apply_item() at ng_apply_item+0x2de/frame 0xfffffe001099fb70 ng_snd_item() at ng_snd_item+0x2e0/frame 0xfffffe001099fbb0 ether_demux() at ether_demux+0x1a4/frame 0xfffffe001099fbe0 ether_nh_input() at ether_nh_input+0x349/frame 0xfffffe001099fc30 netisr_dispatch_src() at netisr_dispatch_src+0xad/frame 0xfffffe001099fc90 ether_input() at ether_input+0x99/frame 0xfffffe001099fcf0 iflib_rxeof() at iflib_rxeof+0xe59/frame 0xfffffe001099fe00 _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfffffe001099fe40 gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame 0xfffffe001099fec0 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe001099fef0 fork_exit() at fork_exit+0x80/frame 0xfffffe001099ff30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe001099ff30 First panic message buffer: <5>ng_pppoe[15]: no matching session panic: Bad list head 0xfffffe0096ade060 first->prev != head cpuid = 0 time = 1685171251 KDB: enter: panic Second panic backtrace: Tracing pid 13 tid 100046 td 0xfffffe0012ec4020 kdb_enter() at kdb_enter+0x32/frame 0xfffffe00858c9cf0 vpanic() at vpanic+0x183/frame 0xfffffe00858c9d40 panic() at panic+0x43/frame 0xfffffe00858c9da0 ng_destroy_hook() at ng_destroy_hook+0x309/frame 0xfffffe00858c9de0 ng_apply_item() at ng_apply_item+0x97/frame 0xfffffe00858c9e80 ngthread() at ngthread+0x26b/frame 0xfffffe00858c9ef0 fork_exit() at fork_exit+0x80/frame 0xfffffe00858c9f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00858c9f30 Second panic message buffer: panic: refcount 0xfffff800188fd2a8 wraparound cpuid = 3 time = 1685245381 KDB: enter: panic

Ah, OK. Interesting. I'm not aware of anything specific that would have affected that but it could well have been an unintended effect of some other change. That would be unlikely to have been tested since it's considered an invalid setup. I would open bug report with the specific findings you have there. https://redmine.pfsense.org/ IMO it should be valid since PPP is point-to-point and can work in a setup like that. It may just need to be excluded from a check somewhere. Steve