Great thanks all.

@chrullrich THANK YOU! That did the trick. Indeed the response from "pkg info" was as you stated. Once I set the update branch back to "2.4.5 DEPRECATED", the package manager once again worked as expected. Will this need to be undone once I decide to upgrade to pfSense 2.5.0? And agreed, the upgrade planning was bad. :/

Ok 7 devices is sufficently few that you could conceivably add NICs and bridge them if you really wanted them all in the same subnet but still with filtering between them. I would still question if that is necessary though. Steve

Just to be clear you should run fsck at least 3 times as shown in our video if you hit this. Steve

@stephenw10 thanks, it should definitely work as I was envisioning. Yes, I'd still have the VIP answering to ARP requests on that IP, and it will use the mac address of the interface where it was created to do so, then the destination IP field on those packets will be rewritten, then the rules will be applied and packets routed accordingly to the routing table. I will then use tcpdump to identify all the hosts that are still using those IP I assigned as VIP and modify the config on the fly little by little. btw netmap is amazing, the BSD network stack and what you guys built on top of it it's absolutely stunning, I have some small feedback on the UI but overall pfsense is definitely comparable to the major players firewall solutions out there, for sure you beat sonicwall and fortinet in my mind and I'm pushing to buy the actual netgate hardware because of that.

Yeah if you have a spare interface - sure you could do that. But to be honest - might be better to just put any money you would spend on some cheap AP towards a real AP with big boy features ;) But sure if you have some old wifi router laying around - then sure you could do that..

Open a feature request if you want more notification options. Or add notes to one that's already open, there's is probably something similar there. https://redmine.pfsense.org/ Steve

For the vast majority of traffic you would see no difference. But as a general rule you should add only the rules that are required and since you know what subnet that traffic is coming from you can use that as the source IP there. There should never be traffic arriving there from a different subnet but if it did it should not be passed. Steve

@sparkyjf Can you share the JumpCloud config on pfsense would be really helpful. Thanks,

Yes, I'd go ahead and do that. That interface type is probably the least well used. Or maybe pptp! It's likely a display bug only. You can see the actual interface does not have an IPv6 address. Steve

Hi, You got your answer here :) @romor said in pfSense 2.5.0 release date?: Hi, i did upgrade one of test pfSense to 2.5.0 and then i tried pkg audit to check vulnerabilities. All was ok without vulnerabilities. That mean, release of 2.5.0 is important for us :-) pkg update/upgrade on version 2.4.5.p1 i tested, but there is only a few updates, not all security updates. After install upgrades is count of vulnerabilities same (16 in 10 packages). https://forum.netgate.com/topic/160456/pfsense-2-5-0-release-date?_=1613340248630

@jknott Ah - right - ive got a couple of EnGenius access points one wifi5 and the other one wifi6

Aha, well the simplest answer is usually the right one.

Yup. Case matters!

You can try starting it with debug mode by stopping the service then starting it at the command line with: /usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -d -P /var/run/miniupnpd.pid That should give you some more useful error output. But that error that is shown implies something is trying to open a port to/from an IP that either already has that assigned or no longer exists on the firewall. Steve

The best thing you can do it hook up a serial console and log it's output to something locally. If it is a drive or drive controller failure it may not be able to record that event but it will spew a load of errors to the console. The next best thing is set up log exporting via syslog: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html Steve