For the next guy/gal: to retain (the illusion of) bash as the login shell across reboots, I did the following: I installed the shellcmd package via the webui. I added the following "command line" as a "shellcmd": test -x /usr/local/bin/bash && for u in root nu; do chsh -s /usr/local/bin/bash $u; done I don't touch the default shells /bin/sh and /bin/tcsh. I think the one-liner above is executed by /bin/sh which is very similar to bash (except for differences, which I've never memorized). The one-liner is tested (I did a reboot). According to the documentation, I could have created something like /usr/local/etc/rc.d/bash-again.sh, made it executable and it would execute on boot. I'm pretty sure I'll go there next, since I want to re-establish other things on boot. In particular, I dislike that ~{root,nu}/.profile seems to be overwritten on startup. I'll be reverting my changes back, ty very much. If this reads a little hacky to you, well, yes, yes it is. Being new to pfsense, I guess there are some good reasons (control, repeatability) to change the login scripts. I realize this a "router appliance" first and a FreeBSD box second, regardless of my insistence to make it more like the later. But it also surprised the heck out of me. So indulge the noob for talking out of school and bloviating about his hopes and dreams.

Thanks will check

@kiokoman said in Error message in System log: ip address of network ? is it a public ip? there is no reason to hide a private address anyway Ignore it as it's harmless. it's basically saying "I can't remove that address from the ARP table because it isn't in the ARP table". It’s a private ip address, was just being careful If the error message means nothing bad I can live with seeing it in the logs

@johnpoz Ha, that took a while.

@johnpoz 2.4.5 sp1. Thank you

Thanks, @stephenw10 Yes, we are planning the upgrade to 2.4.5 but will take some more days as we need to get a downtime approved from our users.

i've tested again, here are my stats. 1GB down @ Comcrap. I'm happy with this throughput considering suricata/extensive pfblocker lists. [image: 1602482981356-52a984fe-fe15-4ae7-8d16-05117685f590-image.png] [image: 1602483010084-0af8c970-3f1f-4b94-99cf-deaeb7ef953a-image.png] [image: 1602483070869-2f696e8a-bd99-4b0f-b419-d60bbc2a9695-image.png]

yeah its disabled and I redacted my new account name above. enabling the admin and generating a new key for it works normally as you explained. no restrictions [image: 1602452278450-e0479304-a6b3-463a-b5a9-e7ed4d5a194b-image.png] bolded text9

@LesF In TCP mode (where traffic passes through unchanged) Haproxy can read the SNI 'hostname' requested.. But it cannot send a HTTP-reply. (a website-redirect is a Layer 7 HTTP action not a SSL Layer6 one..) It can choose a different backend server with a acl checks for a specific requested hostname. But it doesn't sound like that's what your after.. I think what you currently want is impossible.

@Bob-Dig No worries! I did check, with a specific server trying to use UPnP. If I don't manually set the WAN IP, it flags "Router WAN IP: Unknown". But if I set it ... it's happy, and uses it. I also have no issue writing a script to get my WAN IP, but not sure how to then set the variable in pfSense Thanks!

Yup, if you must do it then use the correct pkg versions. Just be aware of the risks before doing so. Steve

I have found the bottleneck to be ntop. Once disabled my throughput was better but not perfect. It seems ntop needs to be fine tuned for connections greater than 1GB otherwise it cannot process the data fast enough.

I know this is old but it was a top search result. The good news, there are 3 methods: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365 The bad news: the purple note in section 1 (info on using a login and password) on that page: "This option is not compatible with Microsoft Security Defaults or multi-factor authentication (MFA). If your environment uses Microsoft Security Defaults or MFA, we recommend using Option 2 or 3 below. You must also verify that SMTP AUTH is enabled for the mailbox being used. See Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online for more information."

Hi Well, it can be rebuilt, and a backup from 2019 is that, did unfortunate not help this time. this is the only error I manage to find: [image: 1602307967870-2966d30d-3a18-4c9d-87af-51cdf84078e6-image.png] the big question is why my computer reach mail server when on OFFICE LAN and not on HOME LAN? Same internet provider (get.no) and same mail provider. Only difference is router config: HOME pfSense + bridged get.no router WORK only get.no router. Reason I mention SSL certificate is that it is information you forum useres may understand and connect to my mail issue. Mail provider write on his home page: "Use of encryption (SSL) If you wish, you can use encrypted connection to the mail server. Note, however, that your e-mail server does not have its own so-called SSL certificate, but shares this with other customers. You will thus get a warning in your e-mail reader the first time you activate SSL which says that the certificate does not match your domain name. You must accept the certificate then presented before you can use SSL."

You uncommented the diag lines and checked the log file like it says? What does it show?

Try running: /etc/rc.newwanip That will run more things then you actually need but does restart dpinger. Oct 9 18:03:12 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 172.21.16.1 bind_addr 172.21.16.226 identifier "WAN_DHCP " Oct 9 18:03:12 php-cgi rc.newwanip: rc.newwanip: Info: starting on . Oct 9 18:03:12 php-cgi rc.newwanip: rc.newwanip: on (IP address: 172.21.16.226) (interface: WAN[wan]) (real interface: igb0). Oct 9 18:03:13 php-cgi rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. '' Oct 9 18:03:16 php-cgi rc.newwanip: Resyncing OpenVPN instances for interface WAN. Oct 9 18:03:16 php-cgi rc.newwanip: Creating rrd update script Oct 9 18:03:19 php-cgi rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 172.21.16.226 -> 172.21.16.226 - Restarting packages. Oct 9 18:03:19 check_reload_status Starting packages Oct 9 18:03:20 php-fpm 2184 /rc.start_packages: Restarting/Starting all packages. You can specify which interface it is too so it only restarts your 4G WAN. Steve

Or even a second router seems better than days of effort, and one will have continuous uptime during pfSense updates also: https://docs.netgate.com/pfsense/en/latest/highavailability/index.html https://docs.netgate.com/pfsense/en/latest/recipes/high-availability-multi-wan.html Note the interface names have to be the same in order to sync states. https://docs.netgate.com/pfsense/en/latest/highavailability/pfsync.html#pfsync-and-physical-interfaces

Thank you both for your replies. @bingo600 , my existing home LAN in not in the default and I plan to install the default for him, so I should be OK. @JKnott yeah, that makes sense...that way there wouldn't even be any need to explicitly change the WAN IP during deployment. glad to know that it's just as easy :)

FYI, this has not re-occurred yet so I am going to assume this was a one off.