Thank you. Now I can log in again.

Yes, and knowing how to do that and what it looks like if you're in that situation is a useful skill that may well save your ass! They other situation I see it in commonly is when a network is switching subnets, because the previous one was too small and couldn't enlarged or it conflicts with a remote subnet over a VPN say. Both subnets may be run for some time during the switch over because there are always some systems that have some issue. Still better to avoid it if you can. Steve

There is a bug in pkg that you may be hitting in 2.4.5p1 where the pkg process never closes preventing subsequent packages installing after a restore. Only some packages hit it, notably Squid and FRR may. You can get past it by either killing and package process that has frozen or making a change in the package settings. It should then continue to install other packages. https://redmine.pfsense.org/issues/10610 It's fixed in 2.5. I restore stuff all the time and only occasionally hit that though. If you want complete filesystem backups consider installing ZFS and using snapshots. https://www.freebsd.org/doc/handbook/zfs-zfs.html#zfs-zfs-snapshot Not a GUI option, yet. Steve

@kiokoman I tried that editing directly. It worked, but did not survive a reboot. But this did work: at the very end of "/etc/skel/dot.tcshrc" I added: ... if ( id -u != 0 ) then /etc/rc.initial endif thanks for your help, done!

@johnpoz said in Losing internet since this morning, packet loss and gateway offline: To access your modem, you may need to create a vip on your modems network, say 192.168.100.2 and use that vip via outbound nat to access the modem status page. [image: 1602852028639-vip.png] That source in mine is my local lan 192.168.9/24... So when client on my lan wants to connect to the modem status page pfsense nats that traffic to the vip IP set.. So modem sees traffic from 192.168.100.2 You may or may not need to do that.. Really depends on the modem, etc. Didn't know about this setting. In my case, I had to add an Alias IPV4 address under the interface to access my 4G LTE modem GUI. [image: 1602860010506-cfd5e601-d2c9-4131-8883-494e7da82aa3-image.png]

Same here

Hi, did you find solution for it ? Or I just have to use tcp_outgoing_address directive in the custom options and manually rewrite IP in case of primary wan fail ?

Pfsense and wireless not a good fit, not so much because of anything in pfsense. But freebsd have never really be good fit. If what you want is speed, you want something designed to be a bridge.. There are options to that unifi building to building I linked too. I would never suggest you do anything with a wireless card in pfsense, other than maybe a link to be used as failover wan, or as some sort of out of band access. BTW - you didn't cause anything really, me and @JKnott love to tangle words all the time.. Just friendly button pushing ;)

[image: 1602793762710-1a3034a0-a3b0-4adf-be66-231891d71266-image.png]

@ashima said in OpenVPN tun mode with LAN IP: Are there any security caveats in doing so ? The rule as suggested above led the server believe that the access is coming from within its subnet, exactly from pfSense and it works only if the the source is one of your vpn clients and if you additionally specified the destination port, only for that one application. So if you say, your vpn clients should have access to it anyway, there are no security drawbacks. You also may further restrict access by a firewall rule.

When you add a domain override to some internal NS, that is going to return rfc1918 space - you will need to either turn off rebind protection completely or setup whatever domain you overrid as a private domain.. Or you not going to get any responses because of rebind protection. https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html As to your host override.. It would need to be fully qualified.. If you put in www.example.com where www is the host and example.com is the domain, and then an alias for mail.example.com if you resolve ftp.example.com it wouldn't resolve to your override. You can not do wildcards in the gui, if you want a wildcard you need to do it in the options box on the resolver gui.. server: local-zone: "example.com" redirect local-data: "example.com 86400 IN A 192.168.1.54" https://docs.netgate.com/pfsense/en/latest/services/dns/wildcards.html

@bmeeks im with you, i think the IP spam and the reboot are not related and there may have been a temporary misconfiguration. The M.2 drive I installed two weeks ago could have faulted and it's just a coincidences both of these anomalies occurred at the same time. I'm not sure there's much that can be done at this point unless the issue returns in the same facet.

@sr10977 said in Automatic VLAN assignment: Where do I start? i guess by redesigning your network ? unless i'm misunderstanding something ofcourse

I would like to get the practice with the Cisco switch, in a kind of enterprise environment. I do want the lab to be able to reach the internet for updates and downloads and such but don’t want the lab to be able to reach any other networks. I currently have 4 VLANS on the PfSense, through the Ubiquity switch, one VLAN for my stuff, one for IoT stuff, one for the kids and one other. I may set up VLANS on the Cisco switch as I will have some VMs on the servers in the home lab...one kali machine, one metasploitable machine, one for a SIEM, and probably a Windows server and Ubuntu server. I will want to set up one for active directory as well. I basically want the lab to be its own network, with internet access through the PfSense box.

You could try running that cronjob manually without the '&' and see what output it gives you.

you should test from one device on the wan to one device to the Lan (and vice versa) and not to pfSense. pfSense is a firewall/route and not optimized to work as a client system/advanced/networking Disable hardware checksum offload Disable hardware TCP segmentation offload Disable Hardware Large Receive Offloading reboot and try again any additional package like ntopng / darkstat / suricata / snort ?