This was sorted out. I found out my issue. On my RADIUS server I was was trying to use the same network policy but just add in different ip address of my pfsense in the network policy Conditions Removing the other IP address and adding its own network policy seems to fix that  ;D 8)

Why don't you simply whitelist "fncstatic.com" ?

You were close.  You were missing the proper subnet mask. Leave IPv4 Local Networks(s) blank and add your custom stuff under IPv4 Tunnel Network like this: a.b.c.d/30 For example, one of my users is set to 192.168.2.4/30 which means (I think) .4 for the network address, .5 for the gateway address, .6 for the actual IP address and .7 for the broadcast address.  My next user is 192.168.2.8/30 which gives him an IP address of 192.168.2.10.  Separate each user by 4.

Hi, What about asking your drive, or more precis : the file systems ? Enter console - go option 8 and type the max word : df If you can't understand the output of df, post it here, like : [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: df Filesystem                  1K-blocks    Used    Avail Capacity  Mounted on /dev/ufsid/54ca20c41b3d50b0 298695208 1143932 273655660    0%    / devfs                              1      1        0  100%    /dev /dev/md0                        3484    180      3028    6%    /var/run /usr/local/lib/python2.7    298695208 1143932 273655660    0%    /var/unbound/usr/local/lib/python2.7 devfs                              1      1        0  100%    /var/dhcpd/dev procfs                              4      4        0  100%    /proc procfs                              4      4        0  100%    /proc In my case : close to 0% and 6 % - the 100 % lines are special cases. Btw : log files are circular and can't fill up the file system. And a pfSense which a huge set op parameters (config) won't use more then a couple of Mega …. So, no, if the dashboard isn't showing up, it must be something else.

@V3lcr0: How would I do a "…host time.apple.com does it come back with 17.253.24.253 ?" where do I go for this? Would a port forward as you provided: https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense enhance my DNS security? On the pfSense router, connect via ssh or via Diagnostics -> Command Prompt Some devices could be hard coded for google, my Panasonic TV is, if I wanted to force my TV to use my pfSense box this would be the only method.

Got it working.. Thnx..

Well clearly from your output pfsense ntpd which is not ntpdate is not able to talk outbound.. Did you mess with outbound nat?  Do you have any floating rules..

If you configure a hardware RAID mirror ZFS will see that as a single logical drive. Also with a hardware RAID controller ZFS won't be able to monitor the SMART status of the drives attached to it. With ZFS your choices for vdev's (virtual device) are mirrors, RAIDz (stripe - no redundency), RAIDZ1 (single drive redundency), RAIDZ2 (2 drive redundency) or RAIDZ3 (3 drive redundency). Your vdev's make up your pool. A pool can be a single drive or a combination of vdevs. ZFS is pretty amazing but you need to do some research before you dive in.

Okay, I found the answer and it's working (/usr is been stored on newdisk)…it's just needs to be at 4GB to show up on the dashboard...see pic. I am still working on why I don't have permission to access it (newdisk) at the command line and I am the sole root user.  

@ kpa I do not want to run inetd, but xiinetd and I need it for check_mk. @Gertjan @Gertjan: Hi, What is your pfSense version ? My version is: 2.4.2-RELEASE-p1 (amd64) built on Tue Dec 12 13:45:26 CST 2017 FreeBSD 11.1-RELEASE-p6 @Gertjan: Btw : [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep xinetd 16284  -  Is      0:00.08 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xi 78340  0  S+      0:00.00 grep xinetd [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep xinetd 16284  -  Is      0:00.08 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid 78733  0  S+      0:00.00 grep xinetd [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: cat /var/etc/xinetd.conf service 6969-udp {         type = unlisted         bind = 127.0.0.1         port = 6969         socket_type = dgram         protocol = udp         wait = yes         user = root         server = /usr/libexec/tftp-proxy         server_args = -v } This xinetd service is only listening to localhost, not LAN. Note : as far as I know, I never installed a package that includes "xinetd" - actually, I don't know what it is - what it does. I know it is there by default. From the output of your ps-command I can see, that your config is in /var/etc. I too have a file there, but it is empty and has size 0. I agree with you, that xinetd seems to be installed by default, but on my box it is not running. :-(( Can you please tell me how xinetd can be started, which config files are needed and where these need to be? TIA, Karl

As an update I've tested removing the 192 address from the reject list and I've also switched to the "FreeBSD" preset for DHCP options, so far this appears to have resolved my original issue of not switching the wan IP from a 192 to public IP on a cold boot of both, i'll have to wait and see if a power blip occurs again to test the true results. thanks

No traffic shaping set yet. A few weeks back I did try using CODEL for the second time but ran into problems after trying to disable it for testing. Caused the router and pfsense to become unresponsive. I had to reboot the router to get things up and running again. The first time I tried CODEL and then disabled it, it caused a lockup so bad that my pfsense router would not fully reboot and keyboard would not even work. The only solution was to reinstall pfsense and set everything back up again as I didn't save a recovery backup beforehand.

If anyone is interested (Or Searches for this in the future….) Yes, it works. However, a few things I noted. 1. I couldn't get the PPPoE Server on pfSense to work as a VLAN interface. Instead, I had to set my management LAN to be a VLAN interface, and set the PPPoE Server as the untagged interface. 2. When you plug the router into the Mesh point, the Mesh point first sees if it can use the LAN to connect back to the controller, so will actually drop off the network temporarily. (So don't expect your router to make the PPPoE connection instantly) 3. When testing... use the aerials on the mesh points! I had them running without the aerials to begin with, and throughput was next to non existent! So my setup is as follows - System Lan - VLAN on Interface 1 (CloudKey lives here) Mesh Lan - Untagged on Interface 1 (TCP Port 8080 - Inform & UDP Port 3478 - STUN open to CloudKey IP - No other rules. I.E. No internet access) PPPoE set to run on the Mesh Lan. With the later firmware(s) running on the CloudKey, you can cache firmware updates to the CloudKey, so the Mesh points don't need to see the internet directly. Ad

I don't know. I assumed maybe PfBlocker put it in the BlockList Alias that I have, but I really don't know how fast I was hit or really when exactly it happened or really how it was put in the BlockList. That's kind of the idea behind having a notification. I never knew how or when it happened. No I didn't mess with the cron job regarding sshlockouts, and never have. I've added cron jobs, like checking SMART and initiating a scrub, but that's it. According to the IP description listed in the BlackList Alias they were added on 11-16. That's all I know, because I had no other notification. On a side note!!! A resolution has been submitted by loonylion and has been submitted to an OP for submission to give a notification on the notification pop up and email (if applicable) upon a failed login. As a side note, this will NOT create any additional noise if there isn't a problem and if no one is trying to log into your firewall. So, No Noise (no login failures) = No notification Failed Login = Notification of event Solved: https://forum.pfsense.org/index.php?topic=144593.0

That's the frustrating part. Nothing, as the connection "freezes" briefly but doesn't close the session. I'm running pfSense (and Neorouter) in VMs. Hardware is kind of old by 2018 standards so I wonder if that has anything to do with it. I have a spare Hyper-V host with SSD storage that I should migrate the VMs to just to see if it makes a difference. I've considered OpenVPN too, which I might roll out for kicks, but I have like 40 hosts set up in NR and it worked so well up until October or so. I've been procrastinating doing anything about it as it's more of an irritant rather than a total loss of functionality. Maybe I should deploy a hardware pfsense install in the lab and see what happens. It's always nice to hope for a "change this value to X" and have a magical fix. I had a similar success rate with NR for quite a while and would do the same kind of thing as you describe!

really hacky: https://forum.pfsense.org/index.php?topic=65092.msg354840#msg354840 You should be able to change the tcpdump arguments for it to look for the frames you're interested in.

Same issue here. VM with 2.4.2-release-p1. No indication of shortage of RAM or HD space…

Or even a different IP on the same subnet ;)