Nothing immediately familiar: db:0:kdb.enter.default> bt Tracing pid 12 tid 100094 td 0xfffff800057c7740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe00005fc6f0 vpanic() at vpanic+0x197/frame 0xfffffe00005fc740 panic() at panic+0x43/frame 0xfffffe00005fc7a0 trap_fatal() at trap_fatal+0x391/frame 0xfffffe00005fc800 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00005fc850 trap() at trap+0x286/frame 0xfffffe00005fc960 calltrap() at calltrap+0x8/frame 0xfffffe00005fc960 --- trap 0xc, rip = 0xffffffff810a6486, rsp = 0xfffffe00005fca30, rbp = 0xfffffe00005fca50 --- pfsync_state_export() at pfsync_state_export+0x26/frame 0xfffffe00005fca50 pfsync_sendout() at pfsync_sendout+0x280/frame 0xfffffe00005fcb00 pfsyncintr() at pfsyncintr+0xd1/frame 0xfffffe00005fcb50 ithread_loop() at ithread_loop+0x23c/frame 0xfffffe00005fcbb0 fork_exit() at fork_exit+0x7e/frame 0xfffffe00005fcbf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00005fcbf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- Looks exactly like this though: https://forum.netgate.com/topic/146256/regular-crash-dumps And this: https://forum.netgate.com/topic/136195/bugs-report Not much help there either.

I do this on my work network: pfsense SG-8860, a combination of Netgear and Cisco managed switches, and finally 6 UniFi AP's and 1 onsite UniFi controller. The network is setup with 2 networks - LAN and GUEST. The AP's are setup to run 1 VLAN, the GUEST VLAN. The LAN network is also on these access points, but not VLAN'ed. Both of these networks run on the same physical port on pfsense. It took some reading and research, but I got it all working just fine. Firewall rules keep both of these networks from talking to each other. If you want to do something similar, and from reading your post it looks like you are pretty close, you're gonna need a smart/managed switch. Some 5 to 8 port switch models run about $40 to $45 USD, check out Amazon. The OPT network that runs over to the tenant's apartment is fine on it's own pfsense port, run it directly into there and give it the proper settings. It doesn't need to go thru any of your switches. The other stuff that's "in your own place" should run thru the smart/managed switch, then into a single pfsense port, with VLAN's. Jeff

But not sending .118 down the vpn, shouldn't send it to your gateway.. Try splitting the whole local network 192.168.80.0/24 Also when you do that - take a look at the route table route print from a cmd line

@kurisuchan Okay never mind I solved it. Apparently when i created the CA I did not fill out all the optional fields. So I created a new CA with all fields filled in, also created a new server certificate and also filled in all the fields and now it works.

@gertjan This is a all in VMWare on my home PC. I do have a DHCP server at my house. This is where the 192.168.1.68 for my WAN interface is coming from. Thanks for the information on SSL/TSL. I picked 80 because it is just a internal VM and it was easy to setup by installing IIS on one of those VMs.

ClamAV only sees proxied traffic so, no, you can't do that. Steve

@draand28 Glad that you got it to work. Thank you for reporting back

Well I think that was it! I disabled 'Log packets blocked by Block Bogon Networks rules' at 14:05 today. I just checked the filter log file and the last RTALERT and PADN entry occurred exactly at 14:06:01. Nothing but valid firewall events after that... Up until that point it was logging about 230 of those offending messages per hour. The funny thing is, I've always had that Bogon logging option enabled and never had a problem until now.. My ISP is Comcast and like the mention in bug report #3494, Comcast appears to send ICMP6 Multicast Listener Report messages out on their system which get flagged as Bogon traffic by pfSense. I guess Comcast must have made some changes recently that increased the flow of this type of traffic... Anyway, glad we got to the bottom of it. Thanks again for all the help! No way I could have figured this out on my own...

@johnpoz hello I have 2 pfsense with bind connected via site to site openvpn :) I need my site 1 to be the master and site 2 to be the secondary I need site 1 to have all the zones on site 1 and site 2 as master zones The point is to add hosts only on site 1 witch is the master and those entry to be synced to site 2 so I don't have to enter them on site 2 also to be able to resolve them there as well. Like the build in resolver on pfsense (if I want to resolve host on site witch is actually host on site 2 I have to put entry into the resolver on site 1) Right. :) and ... the rules witch are confusing me What rules should I set so both sites can sync with this function or in any other way [image: 1611679402213-bind-xmlrpc-sync-resized.jpg]

@viktor_g @stephenw10 yup I got it working with 2.5 beta. If you click on #9155 : Hardware / Drivers Added bnxt driver for Broadcom NetXtreme interfaces #9155 https://redmine.pfsense.org/issues/9155 Added iOS/Android/Generic USB tethering driver #7467 on the 2.5 beta, you will see my name 'rich riv' user providing a solution. I guess I solved my own problem with if_bnxt.ko. Thanks everyone!

Ok, so the Ubuntu VM probably wasn't using DHCP before and didn't have any servers set so it couldn't resolve.

@stephenw10 I have now enabled Kaspersky Security Network and it seemed to have no issue login to pfsense Thanks again

On a Windows laptop you can indeed just use file explorer (smb) to connect to other Windows hosts and view their file shares. You may need to enter the remote IPs directly. If you are passing a dns search domain to clients and pSense as a DNS server they may be able to resolve LAN side hostnames if pfSense is a the DHCP server there. The hosts you are connecting to need to allow smb connections from the OpenVPN tunnel subnet of course. Anything you can do from the Android phone locally on WIFI should also work over OpenVPN. I don't know what you are trying there. I'm not sure I've ever tried to access smb fileshares on a phone. There may well be an app for that. Steve

Yeah, that seems likely.If the message reflect the actual connected hardware at that time it's probably a bad power component in that USB bus. You might find it has several USB buses and they may not share the same power supplies. Or try using a powered USB hub perhaps. Or serail console instead if it has a serial port. Steve

@viragomann Thanks!

@stephenw10 Ooh, I didn't know of this package! Thanks so much!!

@johnpoz We do not always have the same skill levels at everything we do. Some things we know less about and know more about other things. That is the beauty of forums, after struggling to learn and try on your own, you hope that someone that does have the knowledge will step up and explain and not chastise. I'm not saying you chastised me but that each step learned from using pfsense is one that gives me some extra knowledge to know how to look for the next problem. Anyhow, in my case, I just want pfsense and all of the internal servers to use the local DNS servers. The firewall itself doesn't need to resolve or forward anything, it can use the locals as well. The problem was that is was adding 127.0.0.1 as the first nameserver for all of the DHCP hosts.

You can bridge them all onto the LAN but.... don't! Just use a switch if you need more ports on LAN. You need a add firewall rules on the new OPT interfaces to allow out traffic from hosts on them. Only LAN has a rule there by default. Steve

Should prob add - why I have a list for statuscake.. The FREE version I am using does not allow you to set which locations check on your IP and port your monitoring.. I was seeing false positives on it being down... Because sometimes they would check from non US IPs.. Which were blocked. If you are having issues with access to plex remote - I would suggest looking into monitoring on your own.. Always nice when you know something is down before your users are calling or texting hey your plex is down ;) They have all been given status page url as well.. And I tell them - hey if its not working, check status. But if you notice the uptime is pretty freaking good ;) 50 some days on current uptime.. There has even been updates to plex during that. But updates only take couple of minutes - and it only checks every 15.. so you can quite often sneak in an update without taking a hit to your uptime monitor ;)