You can using openssl, though I've never tried it in Windows:
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files

Steve

It's more "clean" (as in unaltered) to leave the records as they are from the builder than to delete data for the sake of hiding it. I'd rather a system have an audit trail from the time it was built, not just when it was installed/instantiated.

Thanks Stephen

@cdsJerry those look like retries to me 1-2 seconds apart with the same source IP.. So very well could be cloudflare attempting to use an old session, that pfsense no longer had a state for..

If happens again make sure to grab or note what the protocol was if anything other than Syn, then it is an out of state block.

@paoloposo oh my bad - yeah read that the wrong way. Yeah I don't see pfsense maintaining lists of stuff you might want in an alias..

@johnpoz,
I guess I may have screwed something up during the initial installation. I just did a complete reinstall from scratch and now both interfaces are coming up correctly.
Thanks for your help.

OK, I agree looks like a problem with the two dhcpv6 clients. That should be easy enough to test at least. Remove one or both of those see if it stays up.

Run fsck on the root partition and run it at least 5 times.

See: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check

Hmm, odd. I wouldn't expect that. I have openvpn tunnels that have been up without issue for weeks.

@johnpoz Yep, right... forgot that.

@stephenw10

OK, I found a way to send emails from pfSense via SendGrid, using the current pfSense configuration (version 2.7.0)

(SendGrid, as noted above, has a free plan that enables you to send 100 email per day, via its service, for free, which should be, I think, more than enough to get email notifications from your pfSense device).

The delivery is done via SendGrid's SMTP server, but the security advantaged of services like SendGrid is kept – as the actual delivery does not include the IP address of the sending pfSense device (like when sending via web API); but it DOES INCLUDE the name of the pfSense device, like pfsense.home.arpa, so notice to change the device's name if you wish to avoid identification by the recipients of the notification emails.
You can change the device name at System > General Setup.

First, some preparations at SendGrid:

Create a SendGrid user account at https://signup.SendGrid.com/; or login if you already have an account there - https://app.SendGrid.com/login/ Create an API key, how to - https://docs.SendGrid.com/ui/account-and-settings/api-keys
2.1. It is better, for both security reasons and for operational reasons – to have a unique API key for pfSense, even for each pfSense device
2.2. Grant the API key the minimal permissions needed to send email – Settings > API Keys. For "API Key Permissions" select "Restricted Access". For "Access Details" open the "Mail Send" section and only enable "Mail Send". Save the change.
2.3. Save the API key value at your records offline, you will need to use it as the SendGrid account "password" at pfSense. Once the API key is generated and saved, you will not be able to see the key's value! If you enabled " IP Access Management" (limit delivery only from allowed IP address(es)), then Go to Settings > IP Access Management. Add the IP address of the pfSense device, the IP that is facing the Internet and will be the one to communicate with the SendGrid email server

Generally follow the instructions on the following post by SendGrid, "Integrating with the SMTP API" (although I think it is better to use port 465, as it uses a more secure method than the one of port 587)
https://docs.SendGrid.com/for-developers/sending-email/integrating-with-the-smtp-api

DO NOT do what is written in the following post, titled "How to Send an SMTP Email", it is for sending via SendGrid emails using Telnet to SendGrid's SMTP server, which needs the input to be formatted as Base64.
Base64 format will NOT be accepted by SendGrid when sending emails via pfSense, and you will get an error message like
"
Could not send the message to <email address> -- Error: PLAIN authentication failure [SMTP: Invalid response code received from server (code: 535, response: Authentication failed: Bad username / password)]
"
https://docs.SendGrid.com/for-developers/sending-email/getting-started-smtp

At pfSense:

Go to System > Advanced > Notifications Of course Uncheck "Disable SMTP" Add to "E-Mail server" the value of smtp.SendGrid.net For "SMTP Port of E-Mail server" I used 465 (SMTP with TLS, most secure) (Connection timeout to E-Mail server – whatever you wish) Secure SMTP Connection – Enable-Checked Validate SSL/TLS – Enabled-Checked (From e-mail address – whatever you wish) (Notification E-Mail address – whatever you wish) Notification E-Mail auth username (optional) – this is NOT optional; you have to insert here exactly the system word of "apikey" (without the quotations). This tells SendGrid that you are not authenticating as a specific regular user, but as an API key Notification E-Mail auth password – insert here the exact relevant API key value that you recorded when your created it. It is acting as your "password" Notification E-Mail auth mechanism – Select the fixed value of "PLAIN" Scroll down to the bottom of the page and click "Save" Once the page reloaded – Click the "Test SMTP Settings" button to see if you receive a test email to the target email address

If you get a warning about network issues, like "Error: Failed to connect to ssl://smtp.SendGrid.net:465 [SMTP: Failed to connect socket: Operation timed out (code: -1, response: )]":

Test the general ability to reach the target server at the target port, using pfSense's port test at Diagnostics > Test Port If the above port test also fails (but generally you have network admin access to pfSense from the Internet, or even pfSense can perform a check to see if it has a new version (at Status > Dashboard > System Information widget > Versions section > click the arrows circle icon)), I suggest approaching the support of the ISP/Cloud host firm. Many of these firms block by default access to SMTP ports on the Internet, to prevent spam delivery from their systems by their customers

Notice that you do not need to create any Firewall rule for the notification emails to communicate with the target SMTP server, it will be allowed internally by pfSense, based you the notifications configuration you enabled and adjusted.

Good luck!

Thanks!!!

That explain other things I did not understand ;-)
I also try to stop some traffic between other device in the same VLAN (and of course it does not works)!

So only explaination is on the Raspberry... (Or maybe on the Wifi access point that is definitively between the computer A and the Raspberry ;-)

@stephenw10

Ah nice one thanks.

Good to learn how to apply these custom patches too.

Seems stable now.

@stephenw10
I will be able to live with the missing space, I only like things to be tidy and efficient and it looks like a kind of storage glitch and waste here. I hope someone at Netgate will have a look into this.

Anyway, thank you for discussing this with me, I will not waste your time anymore on this.

@nullcure said in WyzeCam and Pfsense:

so it don't have to go to wyze servers just to see if it would work lol.

"the cloud" 🙄

Thanks Steve. I opened a TAC case & they were able to help. As it turns out somehow under the DHCP server settings, under restrictions "all clients" got disabled.

-Rick

First try going to System > Update > Update Settings and re-saving the current branch. Then retest.

Steve

@stephenw10 As ever, many thanks!

Yup this would be trivial via SSH and much more complex via any other method.

Try to determine if you actually need to reboot though. It may be sufficient to just renew the DHCP lease or to logically DOWN/UP the WAN interface.