@fabiolanza I contacted the seller/company that confirmed the chipset was Intel made. I am waiting for them to list more so I can purchase.

Resolved by putting unbound into DNS forward mode, instead of resolver.

@carobell said in DDNS not updating, cert expired: The problem seems to have been solved on my side. Did a "save and force update" this morning with no change, tried again just now and it's updating! Yepp: http://freedns.afraid.org/news/

Because of this: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html Steve

The J3455 is not powerful CPU but I would expect it to push more then 100Mbps of OpenVPN given a reasonable connection to the server. You have to check top -aSH though to know what's limiting it. Steve

Hi PiBa, I disabled Cookie protection Set "secure" attribure on cookies (only used on "http" frontends) in the backend settings under HSTS / Cookie protection Under Advanced settings for the backend in Backend pass thru, I added this line you suggested http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc } This appears to be working fine, since the older setting rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc } was placed under the backend settings afterall. Thanks

I figured out how to accomplish my goal, and I did not need to create a gateway or static route. LAN is associated with 192.168.92.1 the switch ETH2 port, per the default setup for the XG-7100. Opt3 is assigned to igb3 (Expansion Card)with a static ip of 192.168.93.1 I enabled the DCHP server for Opt3. I added a rule that allows TCP traffic from Opt3 to LAN. I added a rule that allows ICMP traffic from Opt3 to LAN Now I can access the GUI from a machine connected to an ethernet port that is not part of the XG-7100 switch and pfsense response to pings from my PC with 192.168.93.10 to 192.168.92.1.

Doesn't matter which way you do it.. Be it your routed is native or a vlan.. Or if you change this one or add the routed space.

So easy, thanks :D

There is pretty much nothing different in 2.4.5 regarding the installation and configuration, Whether or not it has WAN access or not, etc. In fact, 2.4.4-p3 and 2.4.5 use the same configuration version, 19.1. You can generally use a 2.4.5 configuration on 2.4.4-p3 and vice-versa. Yes, the pfctl issue is a drag. 2.4.5-p1 will be released "soon." (When it's ready) and all indications are that problem has been solved.

@bmffsc said in redirect wan ip requests to lan ip address: reaching through http://212.252.119.3:8092/OurApp/ Horrible setup! Use a fqdn that resolves to this IP.. Now outside users can get to it via http://something.domain.tld:8092/ourapp where that resolves to 212.x.x.x. your public IP. And internally it resolves to 192.168.1.100 or whatever you local IP of that server is. So the same bookmark works be it they outside or inside.

I had this same issue with my Zyxel GS1900-24e managed switch. It did not appear in the DHCP leases list, yet it was working like a charm. But I did not know its IP and thus couldn't connect to its GUi for maintenance, and I did not like that. Just for the record, and it may help someone after me with the same issue, here's what I did: I unplugged the cable between the pfSense router (in my case, an SG-1100) and the switch. On my Mac I configured static IP 192.168.1.2 with subnet mask 255.255.255.0 and then connected to 192.168.1.1 and there it was: the html GUI page of the switch. If this does not work, reset the switch by pressing the tiny reset button at the front using a paperclip or something like it for some time. Then I configured the switch to use DHCP (in Maintenance > System > IP > Mode: DHCP). When that was done I configured the LAN on my Mac to use DHCP again and plugged the cable between router and switch back in. After restarting the switch its IP appeared in the DHCP leases list on the Netgate SG-1100.

@fishbone222 said in AddTrust External CA Root certificate has expired! Cannot update packages..: https://forum.netgate.com/topic/154033/unable-to-download-available-package-list-cert-expired That's useful thanks, worked for me! Seems problem is fixed now.

Sorry for the late post but wanted to close it out here in the rare case someone searches for the issue. I gave up on Dlink support and this device. It should have auto negotiated and been fine. My first solution was to use a tplink ac740 in wifi bridge mode, then connect the hub to the ac740 using an Ethernet cable. Since then I added a Ubiquiti 24 port poe switch and have zero issues with the Honeywell hub when going through a different switch. Isn't IOT wonderful!

@laynakail said in SYN_SENT:CLOSED & CLOSED:SYN_SENT: CLOSED:SYN_SENT That just means the syn was sent, but not reply was received.. I can send a syn anywhere, but if they don't answer the state will never be opened.. Sniff on your outbound traffic when you try and make a connection - you see the syn go out, do you ever see a syn,ack back? from closeds:syn_sent that would be a no.. example... I try and open connect to say 1.1.1.1 on port 666.. [image: 1590753260273-closedsyn.jpg] So pfsense sent the syn trying to connect to 1.1.1.1 on port 666.. But no answer.. So the states are closed:syn_sent Here is sniff showing syns being sent - but nothing coming back. [image: 1590753666420-synsent.jpg] Also vs posting some ascii art, how about a screenshot of what your trying show.. Are those suppose to be your wan rules? Show them in a simple screenshot.. .So much easier to decipher If those are you wan rules - they have nothing to do with talking to some website.. Those would only be port forwards to something inside your network or allowing traffic direct to pfsense wan IP, or allowing something through to a routed public network, etc. I assume its your wan because you look to have bogon on there..