I think will start an ISP and call my packages.. .Ultimate Fiber 10ge, in the small print just put *fiber is used somewhere in the connection when you go to google.com - we promise that 100% ;) Your connection speed may vary..

That site comes up with tls 1.3.. [image: 1606053080061-site.png] So I don't think your setting had anything to do with fixing whatever issue you were having with the site. Maybe the cert was expired before.. With a 90 day cert age, and it being good til feb 13, would mean it was just recently renewed.. 11/15/2020, 4:03:38 PM (Central Standard Time) To be exact ;)

I think the idea is he doesn't want to go there ;) He just wants to go to the site, vs routing it through that site... Something like this is done on the browser.. Before you ever go anywhere. If I try and proxy that with proxy stripping out the shit and going to where you want to go.. https://shitsite.com/blahblah-https://realsite.tld You send connect to your proxy saying you want to go to shitsite.com, but it really goes to realsite.tld and tries to send that back you browser is going to say wtf is this.. That is not shitsite.com.. You do it at the browser level, so browser goes to realsite.tld Keep in mind - with links your going to click on, the addon might not change those... Which is why you use the copy and paste clean option on something you want to click on.. I was not all that worried about tracking stuff via browser called stuff in the site.. But wanted a simple way to clean up shit links before I sent them to friends, etc. Or posted them on forums without having to do it manually.. But what the addon on does in the background is removing tracking stuff in say scripts and other stuff called by a website your loading.. you can turn on local logging to see what its doing in the background.. But for stuff like an email your reading with some shit link like you posted, and you want to just go to where it ends up without routing you through some tracking that you clicked their link - the copy paste is the best option. Or the addon has a little tool you can load to copy paste stuff.. [image: 1606045953731-tool.png]

Thanks for the responses. I realized that I could use the TCP port of the pfSense OpenVPN service on the firewall to accommodate this request of mine. All is good now!

@Modesty Based on http://37.120.203.163 I am going to say it is a NordVPN server.

@guardian Click on the version number in the package screen. [image: 1605975063006-capture3.png]

You wouldn't be changing it on the "modem" you would be making sure that pfsense as it routes and nats that it doesn't drop the ttl.. This is common method of hiding a nat from some device that only wants directly attached device vs many.. This question has been around for ages and ages.. Here is a very very old thread where you edit the scrub value to set a min ttl https://forum.netgate.com/topic/4435/modify-ttl-value-for-security-reasons This will mangle your ttl to be a normal default value, 64, 128, 255 etc.. In your attempt that you have a router with more devices behind it..

@guardian Unbound restart: Status --> Services Find unbound , and press the "Circle arrow" [image: 1605947186296-067cb738-7c41-45df-8f8d-a52b5b6e621e-image.png]

@bingo600 said in Unifi controller on pfsense?: Right .. But in a multi floor building w. a Vlan for each floor. It's pretty cool to just be wandering around with your lappy , and a VoIP call wo. a drop. I don't like the price (WLC) , but love the feature. I first heard of such a system about 11 - 12 years ago. I don't recall the make, but they called it a "blanket". Each AP had to be connected directly back to the controller, without even a switch in between. Back in 2005 I was working at IBM (my 2nd time there) supporting a major U.S. telecom. One woman called in complaining that the Wifi didn't work in the parking garage, an area that specifically didn't have Wifi. She didn't want to accept that as an answer.

@johnpoz @stephenw10 @Gertjan @marvosa Thank you guys for your help. I am able to resolve the issue. Issue was on vmware side. I had to create new NIC for pfsense and new NIC for server. Everything is working fine now, Thanks again for your input. Kishan

@bingo600 i did not remove, I stoped service ntopng. On Monday I will try to enable ntopng again, weekend we watch a bit tv, and i will not run around and fix things.

@johnpoz Awesome! Thanks soooooooooo much!

If it's a supernet to include a number of subnets that's fine. As long as there is a reason for using it. You'd be surprised how many people believe there are only 3 private subnets available. Steve

Ah, never mind. Figured it out. Wasn't exactly my fault. One of the lists I had added had suddenly included a block for github which is the location for many of my other lists... so many that I thought all or almost all were suddenly failing. The whole SSL thing was a red herring. DNSBL was blocking DNSBL list updates. Once I figured out the offending list, I disabled it and redid the downloads and everything is happy again now.

In the shaping wizard there was an option for VoIP and has one enter the remote IPs. Otherwise there's not a great way for pfSense to know what is VoIP traffic. And since you don't know what IPs all of those use it becomes difficult to maintain. One option might be to prioritize all UDP traffic from your device using those services, but there is a caveat noted in the docs, that the shaper works on outgoing traffic and on the WAN (upload) that happens after NAT. So you can't use your private IPs in the rule that applies the outgoing shaping. What you can do is tag the packets from those IPs, and use that tag. https://docs.netgate.com/pfsense/en/latest/trafficshaper/advanced.html#shaper-rule-matching-tips rule with source of your PC IP: [image: 1605803792376-e59b8ab6-0347-4380-9573-63ff7acd758e-image.png] rule with source and dest of Any that only applies to the tag, and assigns the queue: [image: 1605803840620-08a4ee1e-f89e-4dc1-9782-b3858f424b2f-image.png]

Playback restartallwan from developers shell might do what ya want

I'll leave it at it is. Thanks for the insights!

Yeah, I'm seeing it in all 2.5 snaps now. No idea what I was looking at earlier. Too many test boxes!

@Gertjan said in Cert expired on snapshots.pfsense.org: Anyway. Case closed. Mmm, not really since it should have been swapped out when it was created. We continue to investigate... Anyway thanks for reporting. Steve