Before u get excited, is there a BSD driver that will talk to your particular UPS? Am not sure there is a universal UPS driver.

@kpa:

The Hitron will have two or more network interfaces and the one in the sticker might be the MAC address of the internet facing "WAN" interface.

The -b0 MAC address seems to be listed as the HFC (Hybrid fibre-coax) MAC address.


I eBay my SSD and splurged on a used 16G Sandisk for usd$7.  S.M.A.R.T. says is been used for less than 2 days.  Am happy.  Even if u buy new, a 16G SSD shouldn't be that much and you will still be using 1/4 of its storage.  Not a big decision.

What is your down speed and what brand of NIC?

It is a bug, when something other than the first entry in the list is selected:

Bug reported: https://redmine.pfsense.org/issues/8338
Proposed fix: https://github.com/pfsense/pfsense/pull/3907

actually it is just reporting the wrong host name/IP in the testing messages. Actually the code seems to be testing the correct entry.

Can not find it where?  The gui log is only going to show the last X number of entries.. No matter how big you make the file..

Also when you adjusted your log size from the default 500 did you read the NOTE.. Where you have to clear for the new size to take effect..

NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, first save the options to set the size, then clear all logs using the "Reset Log Files" option farther down this page.

Setting log files to 10G would be ALL log files, not just the filter.log so you could run out of space setting them too big..

Here I just modified mine to be 5MB in size each… After reset you can see in the dir they are all set to 5MB

[2.4.2-RELEASE][root@sg4860.local.lan]/var/log: ls -lah
total 88816
drwxr-xr-x  6 root        wheel        1.0K Feb  7 14:00 .
drwxr-xr-x  29 root        wheel        512B Jan 23 21:52 ..
-rw-r–r--  1 root        wheel        42K Sep 17 20:05 bsdinstall_log
-rw-------  1 root        wheel        4.8M Feb 16 13:30 dhcpd.log
-rw-r–r--  1 root        wheel        9.7K Jan 11 14:45 dmesg.boot
-rw-------  1 root        wheel        4.8M Feb 16 13:31 filter.log
-rw–-----  1 root        wheel        4.8M Feb 16 13:29 gateways.log
-rw-r–r--  1 root        wheel        10K Jan 23 13:06 haproxy.log
-rw-------  1 root        wheel        4.8M Feb 16 13:29 ipsec.log
-rw–-----  1 root        wheel        4.8M Feb 16 13:29 l2tps.log

<snipped>In your system log settings what does it show you for space of your log files… Here is mine after I adjusted to 5MB size

Disk space currently used by log files is: 94M Remaining disk space for log files: 20G</snipped>

Found something in the logs about the ICMP Pinger in Squid and then the service restarting.  Not sure how I didn't see this before.  Anyway, I have disabled that in the Squid settings and so far it hasn't restarted after 24 hours so, will keep an eye on it, check in a few more days and advise if that has resolved it.

I have static public IPs, that's not the problem. The problem is that OpenVPN doesn't find the route "back" when the failover happened and the first OpenVPN server is down.

Looks like buffer bloat. I would recommend the Traffic Shaping forum. You could try enabling FairQ on your WAN interface and check the box on the child queue to enable Codel. This works well enough for most people. For now it gets more complicated quickly beyond this, but soon™ it may be as easy as a few check boxes to fix buffer bloat.

i would at least unplug the cable modem for a few minutes or so.  You might need to call your ISP to make sure it is in bridge mode, sometimes they need to flag your account that it is in bridge mode.  You have to make sure your internet is working correctly before you go any further or you are just wasting your time.

You can just save (backup) the config. Then you can play/test changes and restore the saved config afterwards if your changes do not work out/are not required. The rules (and all other settings) are stored there.

What are you wanting to achieve?

I reset your last name to "99" (sans quotes). Try it now.

Yeah I do not think there is a RFC stating you can not sign certs long - there are scenarios when you would for sure need to be able to do that..

Lets say you need to issue certs for 3 years, but your CA expires in 2.. so now you have to redo your CA 2 years before it expires.. That would suck ;)  So you just make sure that you create your NEW ca with the same private key before the 2 year expires.

Thanks, I appreciate it. If I get time to dig into it further, I'll do so.

I actually solved it!

I did plenty of steps, but in the end it worked out, I order them by relevance to this topic:

Added a static routing into my TP LINK archer c7, for others http://forum.tp-link.com/showthread.php?79872-Can-t-ping-access-TL-WDR4300-from-other-subnet

Changed the Proxmox bridges to be Intel E1000 instead of Virtio

Changed the start up order of the pfSense VM

Passed the CPU as host to the pfSense VM

Now I will start playing around with the Firewalls  :)