@johnpoz Thank you!!

@AndyM-TB said in Using restic with pfSense AWS virtual appliance:

https://restic.readthedocs.io/en/latest/080_examples.html#setting-up-restic-with-amazon-s3

You might be able to make that work. I'd look at the methods described here first though:
https://docs.netgate.com/pfsense/en/latest/backup/remote-backup.html

Steve

Not uncommon if you have VLANs, for example, for each tennant in a building.

@johnpoz No joke. I started using pfSense when 2.6 was current, pretty soon after its release, and I was getting concerned that no updates came out for like a year. It was a relief when 2.7 arrived and the two point releases that followed.

@Gblenn said in WAN not getting IP address from 192.168.0.x:

Why would you not be "allowed" to change things on the LAN side of your router?? That is "your zone" and not something the ISP should have a say about. Are they claiming they will not support you if you do?

If I was an ISP, I would consider doing just that !
No more need to support (financially) an expensive help desk !

They could post a web site with just a one line help text :

When you received our router, after connecting it, it worked fine.
So : here is the help : don't change anything anymore.

😊

edit : the real question is : why would you even call these guys to subscribe with them ^^

@stephenw10 said in WAN Link Down causes pfSense to stop responding on LAN?:

@jhg said in WAN Link Down causes pfSense to stop responding on LAN?:

OK, I installed the most recent kmod driver for FreeBSD 14

You have to use a module built against the actual kernel in pfSense. The realtek-kmod pkg is in our repo to provide that. So remove that pkg from FreeBSD and just 'pkg install' it from our repo.

Got it (finally :-) I should have realized pfSense would have its own repos in the list. kldstat now shows the module loaded. We'll see if the problem goes away.
Thanks

Ah, yup almost certainly that bug then.

@murdof said in Restart WAN PPPoE interface:

Thanks - that worked!

You're welcome!

@PixieDust

No

@jrey said in pfblocker not downloading ASN list:

All I can say is that at 01:20:13 Eastern it was working fine

Ah, OK - thanks!

@johnpoz If ssh does complain about the ssh key cd to the .ssh folder and remove the known_hosts file.

@tecno-guac symlinks to the rescue 🤠

[23.09.1-RELEASE][root@fw]/root: ls -l /usr/local/www/apple-touch* lrwxr-xr-x 1 root wheel 55 Nov 10 12:33 /usr/local/www/apple-touch-icon-ipad-76x76-precomposed.png -> apple-touch/apple-touch-icon-ipad-76x76-precomposed.png lrwxr-xr-x 1 root wheel 43 Nov 10 12:41 /usr/local/www/apple-touch-icon-ipad-76x76.png -> apple-touch-icon-ipad-76x76-precomposed.png lrwxr-xr-x 1 root wheel 64 Nov 10 12:33 /usr/local/www/apple-touch-icon-ipad-retina-152x152-precomposed.png -> apple-touch/apple-touch-icon-ipad-retina-152x152-precomposed.png lrwxr-xr-x 1 root wheel 52 Nov 10 12:41 /usr/local/www/apple-touch-icon-ipad-retina-152x152.png -> apple-touch-icon-ipad-retina-152x152-precomposed.png lrwxr-xr-x 1 root wheel 57 Nov 10 12:33 /usr/local/www/apple-touch-icon-iphone-60x60-precomposed.png -> apple-touch/apple-touch-icon-iphone-60x60-precomposed.png lrwxr-xr-x 1 root wheel 45 Nov 10 12:41 /usr/local/www/apple-touch-icon-iphone-60x60.png -> apple-touch-icon-iphone-60x60-precomposed.png lrwxr-xr-x 1 root wheel 66 Nov 10 12:33 /usr/local/www/apple-touch-icon-iphone-retina-120x120-precomposed.png -> apple-touch/apple-touch-icon-iphone-retina-120x120-precomposed.png lrwxr-xr-x 1 root wheel 54 Nov 10 12:41 /usr/local/www/apple-touch-icon-iphone-retina-120x120.png -> apple-touch-icon-iphone-retina-120x120-precomposed.png lrwxr-xr-x 1 root wheel 44 Nov 10 12:33 /usr/local/www/apple-touch-icon-precomposed.png -> apple-touch/apple-touch-icon-precomposed.png lrwxr-xr-x 1 root wheel 32 Nov 10 12:41 /usr/local/www/apple-touch-icon.png -> apple-touch-icon-precomposed.png /usr/local/www/apple-touch: total 35 -rw-r--r-- 1 root wheel 3669 Dec 6 12:10 apple-touch-icon-ipad-76x76-precomposed.png -rw-r--r-- 1 root wheel 7260 Dec 6 12:10 apple-touch-icon-ipad-retina-152x152-precomposed.png -rw-r--r-- 1 root wheel 2965 Dec 6 12:10 apple-touch-icon-iphone-60x60-precomposed.png -rw-r--r-- 1 root wheel 5640 Dec 6 12:10 apple-touch-icon-iphone-retina-120x120-precomposed.png -rw-r--r-- 1 root wheel 5640 Jun 27 2023 apple-touch-icon-precomposed.png [23.09.1-RELEASE][root@fw]/root:

@jrey
👻 I know this an old thread....But, it appears that your statement, "Cable/DOCSIS Modem under load, and you've got a VPN on top of that", is spot on. I recently updated my Netgear DOCSIS 3.0 to a used/like new Motorola DOCSIS 3.1 from eBay for a few coins 😊 And thus far, I haven't received the frequent error messages, listed above in my first post, after ten days. It appears that this issues has been resolved, albeit it only has been 10 days with this new modem. I used to experience the error messages frequently almost daily and at least every couple days. My suspicion was always the cable modem since that particular Netgear cable modem uses the controversial Intel chipset instead of the Broadcom chipset, but the pfSense log confused the matter because it showed both the cable modem and my VPN were potential culprits. I pulled the trigger because the Motorola cable modem was such a good deal to pass up. Thanks for pointing out the cable modem was the most likely the culprit!👻

0

@Prokleon said in Submitted ticket to Netgate for access to Beta installer - 403 forbidden after refreshing portal page?:

@rtorres Your ticket was forwarded to the engineering team, it could take time to send you a download link.

Thank you kindly!

No rush, just wanted to see if all was well with my request.

Have an awesome day!

It will create a new cert if you run that command. It will be the same type of cert as the initial one but not actually the same so you would need to agree to allow it again as you do when you first connect.

@MakOwner said in CE 2.7.2 to CE 2.7.2 routing issue:

@Stewart
pfBlockerNG MaxMind - MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information. @ 2024-02-29 16:15:40

Once an hour.
I have turned off everything I can find about IP.

I think it now also requires an Account ID in addition to the License Key be provided to download updates. I think this new requirement took effect in January of this year.

I had to make a recent change in the Suricata IDS/IPS package because of the MaxMind authentication API change.

@Jhosin running some 10.x network on the same L2 network as your 192.168 network not really isolating them.. You need to physically isolate these networks.. Or you need to vlan them..

While you can run multiple IP ranges on the same L2 - this does not provide for actual isolation.. If you are worried about device X accessing device Y, they really need to be actually on different L2 network.. Not just different IP ranges.

There isn't really anything specific to that.

On the 2100 you would need to add the VLAN interface in pfSense. Then add that VLAN ID as tagged in the switch setup so it's passed through to the AP.

And of course add the VLAN to the AP but that's in the Unifi config.

Steve

Mmm, might not be possible then. If you had enabled Auto Config Backup that would have it.