@viragomann said in SSH: Got it. thank Thank both Griffo and viragomann so much! george

@stephenw10 thanks so much for your feedback and information. i would stick with ufs from now on, due to my basic setup not needing much

@johnpoz thanks so much!

Nice catch. Thanks for digging.

He never mentions local console login - but sure that is more likely the problem than anything at all to do with pfsense.. Pfsense has no skin in this game at all.. In his first post he does mention local logins.. But this clearly states rdp from his laptop on the same lan When testing I use a Windows laptop to connect with RDP to the server in the same vlan No matter his problem - pfsense is not in this fight.. His fight is with his duo configuration and possible rdp client issues.

As an update - thanks to everybody for the answers. Now I am reading on VLANs - useful knowledge for future tinkering. The culprit turned out to be IKEA Trader hub. I replaced it with Philips Hue hub and it works as it should. IKEA hub was also flawless for a couple of years, just decided to go crazy lately. So problem solved, for now.

Not sure why, but it works now lol.

@stewart That's something you should be able to do with any managed switch.

@michaelcropper You do realize that what you do has no effiect on your performance, so long as your network is capable of handling what you get from the Internet. For example, my home network is capable of 1 Gb, but I only get 500 Mb from my ISP.

@stephenw10 thanks for your help.

@morbo Haha, smile, i had the same idea a few minutes ago and it works with our Office365 mailer! Thanks for your answer and have a nice day! Regards, Norbert

I've never generated data like that but I pretty always see 140Mbps when I run a test against, for example, fast.com. I've never seen it below 130Mbps. Steve

@it_ib You need the private CA key to sign the CSR see https://docs.netgate.com/pfsense/en/latest/certificates/certificate.html#sign-a-certificate-signing-request: Sign a Certificate Signing Request Signing a certificate signing request (CSR) is a special process which uses an internal CA on the firewall to sign a CSR and turn it into a full-fledged certificate. The following options are available when signing a CSR: CA to sign with The CA on the firewall which will sign this CSR. This must be an internal CA (private key present).

I was able figure the issue. I didnt realized that I set dns manually and point to my pihole docker when using my one of wireless.

Thanks. Not sure when I'm going to be able to get back to actively troubleshooting this. I'll stick with the DMZ setup for now and continue to research. Once I have some answers, or more likely new questions, I will start a new thread.

Yeah, you shouldn't have to do anything at all. If the modem goes down pfSense will see the WAN interface lose link and triggers a bunch of scripts. When it comes back up it triggers a different bunch of scripts which should pull a new dhcp lease and get a WAN IP. If you have a switch in between that can be an issue as the pfSense interface then never loses link. The gateway would still go down though. Steve

Do you mean users or clients? Or you mean you are actually trying to issue two IP addresses to a user who is logging into both networks via radius? I don't believe that is possible via the pfSense package at least. What error do you see when you try this? Steve

Most logs are sync'd to permenant storage at shutdown and restored at boot. Everything you can see in the gui at least. You only lose anything there if it powers off unexpectedly. If you have your local logs set large enough to store 90 days or filter logs you would need a huge /var ramdisk. Probably impractically huge. Yes, exporting the logs via syslog is the correct way to do this. Steve