@SteveITS

Thank you, I will re-examine the logs and see if for any reason it appears I was in one of the two cases. I will test as well again entering and exiting the maintenance mode.

Andrea

@kiokoman Thank you

@remlei @EveningStarNM
Scoured the interwebs and could not get my home lab working . Same symptoms as you and this fixed it !! Only signed up for the forum to thank you haha

@jeff3820 See Notes on remote access to NUT in the second post of the NUT support thread, and the section Notes on Synology at the end of the post.

@stephenw10 @jrey

Ok, I ordered a USB-serial cable and did a reinstall from scratch this morning.

It was easier than I thought and everything seems to be fine again.

I also saw that the router had (from factory) still UFS as file system before and that might be the reason why I had such strange file system corruptions. Hopefully ZFS is more robust now against power failures. And I will try to change the configuration so that my router is also powered by my UPS

Thanks to all,
Michael

@stephenw10 Back to pfSense from Sophos. Glad to be back. That is all I will say. Fresh install of 2.7.2 CE and upgraded to 23.09.1 plus on a new NVME drive. No other hardware changes. All is working perfectly out of the box. I have purchased TAC Lite. I didn't realize before I was on home/lab license so I didn't get any kind of support except for community. All is right in the pfSense world now.

@sloopbun Hmm, that does sound strange. I have no suggestions for how to troubleshoot that. It could be that the NIC PCIe card needs different drivers or some optimisations are needed for the current driver.
But it could also be that the SFP does not play nice with that NIC.

Had one incorrect CIDR included. Solved

@kdmiller61 For one web server, a NAT port forward. For multiple, a oroxy as noted.

They should use them when they try to pull a new lease. So if the client is rebooted it should pull the new static lease.

@Jarhead said in Travel Netgate Box:

Although FreeBSD 14 has started to support wifi6,

It supports some wifi6 hardware but not at 802.11ax speeds. And as far as I know none of it supports hostap mode so they are client only.

OMG!! Just checked the date stamps! That came through about 5 minutes after I submitted the original request. Now the stupidity and blunder rests upon me. I will have to add +.@netgate.com to my whitelist.
Thanks for gentle reminder.

-d

Check in sysctl dev.igc.0 for example

well spoke too soon...... may be a hardware issue.

Got around this morning to contacting support about the change in NDI from the "repair".

Essentially told to pound sand with the Plus upgrade.. So I guess grandfathering in the Plus for homelab is not a thing anymore. :(

That's too bad.

@kdmiller61 said in Hosting websites from Germany:

my internet provider will charge a huge amount of money for a static IP like I had in the states

So you checked on that already? Or your assuming?

Is your IP actually changing? I have a dynamic IP, and its only changed once in years. And that was when the isp merged with another isp and redid all their address space.

Normally the way dhcp is suppose to work, is as long as you are renewing the IP it shouldn't change.. Only when you have not renewed and the lease expires could the lease be given to someone else.

@stephenw10 I still have more questions. I access pfSense through a browser that is on my network. To secure the connection between my browser on my PC and pfSense's webGUI I need to configure a certificate issued by my CA inside pfSense? My browser still has (Error code: SEC_ERROR_UNKNOWN_ISSUER) when I access pfSense's webGUI. This is not a globally recognized CA this is a private CA running within my local network.

https://smallstep.com/certificates/

My current understanding of setting up certificate authentication is as follows:

Certificate Authority generates the root certificate Root certificate or Root fingerprint needs to be upload and installed on each individual server that trusts the CA Each server then needs to be issued a certificate from the CA. Each service within the server needs to be configured to use that certificate issued by the CA. After this if you have the root fingerprint or root certificate installed on your client you will trust all certificates issued by the CA.

I'm still looking for specific advice on configuration.

What is the difference between a root certificate and a root fingerprint? Can I paste my CA's root fingerprint directly into the 'certificate data' field? Then just upload a certificate that my CA issues into pfSense.

How should I handle Certificate Signing Requests in pfSense? After generating a CSR in pfSense, what is the correct process to get it signed by my private CA and correctly installed?

Is having a certificate signed equivalent to being issued a certificate by the CA?

@stephenw10
yes that's true, we try to buy one to donate (don´t need support), but we need an NDI.

That's why the idea comes up to offer the "TAC Donation Only" or maybe an "pfsense CE Donation" item in the shop...

Edit: Or can we have a donation NDI?

Probably hitting this if that's an authenticated upstream proxy:
https://redmine.pfsense.org/issues/15094

Steve