@dennypage said in Chrony, PTP, Network Time Security (NTS, NTPsec) to replace unsecure/old NTP (ntpd):

here: https://fc-ntp-100.toimii.fi.

Cool...thank you for sharing.

@Neosmith20

Did you check the file you've imported ?
I mean : open it, and 'read' it. Is very readable.

What happens when you install a clean pfSense, do minimal setups, just make it work with a WAN and LAN, and a new admin password, and then export the config.xml file (Diagnostics Backup & Restore Backup & Restore ).
Then import that file back in.

If that works fine, things start to point really to a faulty, 'wrong syntax' config file. You took the file from a crippled file system .. so .....

If that doesn't work neither, ditch the entire 'system', as issues are probably on a lower level, like file system ko etc..

Do you have access to Services > Auto Configuration Backup > Restore ? == backed up config files ?

@johnpoz said in why doesn't the "Firewall Maximum Table Entries" get set based on Ram of system:

alias

@rebootnz if you use Alias Native pfB just creates the alias, and you can create your own rules or use it as a source for NAT rules.

Ah, interesting! That's good to know. 👍

Yup try that. If you're on 2.7.0 also try running: certctl rehash

https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html?highlight=certctl#debug-pkg-metadata-update

Steve

@KOM The other record types make it resolve able but the record type is wrong for automatic KMS activation. So i did add the custom option as well to get the correct record type.

So i did the following:

server:
local-data: "_VLMCS._TCP 3600 IN SRV 0 0 1688 kms.dmz.ls.lan"
local-data: "_VLMCS._TCP.ls.lan 3600 IN SRV 0 0 1688 kms.dmz.ls.lan"
local-data: "_VLMCS._TCP.dmz.ls.lan 3600 IN SRV 0 0 1688 kms.dmz.ls.lan"

The first line is to make sure custom lines don't break the DNS resolver. I have 2 networks one (LAN) with the domain name ls.lan and the other (DMZ) with the name dmz.ls.lan i want machines to be able to activate from both networks. Firewall between both networks is oneway traffic only from LAN to DMZ not the other way around.

So the first local-data line is to make sure machine can activate when they are not aware in which network they are in. The other 2 are for the machines that do know that.

On windows machines you can test with nslookup if everything is setup correctly.
In my case all 3 return a service record.
nslookup -type=srv _vlmcs._tcp
nslookup -type=srv _vlmcs._tcp.ls.lan
nslookup -type=srv _vlmcs._tcp.dmz.ls.lan

@NollipfSense

Excellent advise my friend and very well appreciated. I bought the first one. Fingers crossed it will work Ok :-) I checked the feedback earlier today and other buyers have reported that it works Ok with Pfsense.

Again, many many thanks.

@stephenw10 Thank you very much, it works perfect!!!
I don't know why I didn't think before at such simple solution 😊

@stephenw10

Thank you very much, It works great .. however LACP had some issue with Firmware 23.05 once I upgraded to 23.09.1 that resolved too.

0f4eb7f0-c82f-4934-8523-9ca214bf311f-image.png

Also as for record spoofing MAC Address in LACP breaks the connection so spoofing must be disabled.

@stephenw10 thank you very much. i will look into all this

@SteveITS Thats perfect!

Thank you.

Nice 👍

@SteveITS Thanks for the link. I saw similar references in the ICS CERT RSS feed. Interesting world we have.

Ted

The package system switched to using .pkg some time ago. The pkg binary should check for both files but may only show the error unless if you run it verbose.

@stephenw10

Lucky Netgate ;), no you did a great job so I will probably buy an Netgate 8200. I just need a confirmation concerning the SFP Module i need from my provider then I will ask here if it's compatible in a new thread.
This thread can be closed.

@stephenw10 I was one version behind so I updated to the latest Intel firmware. It is still interesting that the system was running almost a year before I ran into the panics with the latest FfSense image.

For those running Debian 11, the instructions on Debian site have not be updated. The Intel firmware is located in non-free-firmware so you need to add the following:

deb http://deb.debian.org/debian bookworm main contrib non-free-firmware

Thanks for leads and I hope this stabilizes everything

@gabeqc said in Random monitoring data loss on Netgate 1537:

My monitoring graphs will randomly stop working

May I kindly ask (just for my curiosity) if you use the english GUI on your pfsense or a translated one?

Thanks

@stephenw10
I figured it out, (I figured out what fixed it, not sure what caused it. I have been dealing with this for 2 days ugh)

I have debug window in browser open, disabled cache and the pages loaded. removed the check mark and they load fine. Not sure why the problem started on those two pages.
3bc3be4a-0fe1-442a-932a-ce736a6f49b2-image.png