@gertjan This is a all in VMWare on my home PC. I do have a DHCP server at my house. This is where the 192.168.1.68 for my WAN interface is coming from. Thanks for the information on SSL/TSL. I picked 80 because it is just a internal VM and it was easy to setup by installing IIS on one of those VMs.

ClamAV only sees proxied traffic so, no, you can't do that. Steve

@draand28 Glad that you got it to work. Thank you for reporting back

Well I think that was it! I disabled 'Log packets blocked by Block Bogon Networks rules' at 14:05 today. I just checked the filter log file and the last RTALERT and PADN entry occurred exactly at 14:06:01. Nothing but valid firewall events after that... Up until that point it was logging about 230 of those offending messages per hour. The funny thing is, I've always had that Bogon logging option enabled and never had a problem until now.. My ISP is Comcast and like the mention in bug report #3494, Comcast appears to send ICMP6 Multicast Listener Report messages out on their system which get flagged as Bogon traffic by pfSense. I guess Comcast must have made some changes recently that increased the flow of this type of traffic... Anyway, glad we got to the bottom of it. Thanks again for all the help! No way I could have figured this out on my own...

@johnpoz hello I have 2 pfsense with bind connected via site to site openvpn :) I need my site 1 to be the master and site 2 to be the secondary I need site 1 to have all the zones on site 1 and site 2 as master zones The point is to add hosts only on site 1 witch is the master and those entry to be synced to site 2 so I don't have to enter them on site 2 also to be able to resolve them there as well. Like the build in resolver on pfsense (if I want to resolve host on site witch is actually host on site 2 I have to put entry into the resolver on site 1) Right. :) and ... the rules witch are confusing me What rules should I set so both sites can sync with this function or in any other way [image: 1611679402213-bind-xmlrpc-sync-resized.jpg]

@viktor_g @stephenw10 yup I got it working with 2.5 beta. If you click on #9155 : Hardware / Drivers Added bnxt driver for Broadcom NetXtreme interfaces #9155 https://redmine.pfsense.org/issues/9155 Added iOS/Android/Generic USB tethering driver #7467 on the 2.5 beta, you will see my name 'rich riv' user providing a solution. I guess I solved my own problem with if_bnxt.ko. Thanks everyone!

Ok, so the Ubuntu VM probably wasn't using DHCP before and didn't have any servers set so it couldn't resolve.

@stephenw10 I have now enabled Kaspersky Security Network and it seemed to have no issue login to pfsense Thanks again

On a Windows laptop you can indeed just use file explorer (smb) to connect to other Windows hosts and view their file shares. You may need to enter the remote IPs directly. If you are passing a dns search domain to clients and pSense as a DNS server they may be able to resolve LAN side hostnames if pfSense is a the DHCP server there. The hosts you are connecting to need to allow smb connections from the OpenVPN tunnel subnet of course. Anything you can do from the Android phone locally on WIFI should also work over OpenVPN. I don't know what you are trying there. I'm not sure I've ever tried to access smb fileshares on a phone. There may well be an app for that. Steve

Yeah, that seems likely.If the message reflect the actual connected hardware at that time it's probably a bad power component in that USB bus. You might find it has several USB buses and they may not share the same power supplies. Or try using a powered USB hub perhaps. Or serail console instead if it has a serial port. Steve

@viragomann Thanks!

@stephenw10 Ooh, I didn't know of this package! Thanks so much!!

@johnpoz We do not always have the same skill levels at everything we do. Some things we know less about and know more about other things. That is the beauty of forums, after struggling to learn and try on your own, you hope that someone that does have the knowledge will step up and explain and not chastise. I'm not saying you chastised me but that each step learned from using pfsense is one that gives me some extra knowledge to know how to look for the next problem. Anyhow, in my case, I just want pfsense and all of the internal servers to use the local DNS servers. The firewall itself doesn't need to resolve or forward anything, it can use the locals as well. The problem was that is was adding 127.0.0.1 as the first nameserver for all of the DHCP hosts.

You can bridge them all onto the LAN but.... don't! Just use a switch if you need more ports on LAN. You need a add firewall rules on the new OPT interfaces to allow out traffic from hosts on them. Only LAN has a rule there by default. Steve

Should prob add - why I have a list for statuscake.. The FREE version I am using does not allow you to set which locations check on your IP and port your monitoring.. I was seeing false positives on it being down... Because sometimes they would check from non US IPs.. Which were blocked. If you are having issues with access to plex remote - I would suggest looking into monitoring on your own.. Always nice when you know something is down before your users are calling or texting hey your plex is down ;) They have all been given status page url as well.. And I tell them - hey if its not working, check status. But if you notice the uptime is pretty freaking good ;) 50 some days on current uptime.. There has even been updates to plex during that. But updates only take couple of minutes - and it only checks every 15.. so you can quite often sneak in an update without taking a hit to your uptime monitor ;)

Ah, nice!

@stephenw10 Thank you, it removed them from the DNS server list.

@kesawi If NON PoE , there is a lot of 24/28 port 1Gb switches that are fanless & w. sensible power consumption ~16..20W For fanless PoE+ i use 8-port that is limited to 64W PoE in total. /Bingo

It creates a crash dump for a kernel panic but not for a process crashing out like that. It does create a coredump though which can use significant space. The coredump is not really useful for solving that. Unfortunately ntop-ng seems to like to do that regularly. Steve

Your trying to connect to your pfsense while your remote, or you setup pfsense to be a vpn client to some service. That error normally is you couldn't talk to the IP of the vpn server. Port is blocked? IP is wrong, etc. Lets assume your trying to setup pfsense as the vpn server, and your client - lets say phone is remote and your trying to connect to what IP.. If pfsense is behind a nat, you would have to forward the traffic from that nat router in front of pfsense, to pfsense wan IP.. And you would have to set your client to use your actual public IP of the nat device infront of pfsense.