Figured it out after you suggested the ping test, turns out i had not specified the gateway in the Windows dhcp scope.... So rookie mistake. Thanks

You mean specify a MAC address the voucher will be valid against in advance or just have the voucher locked to whichever MAC it is first activated against? Steve

post up your pcap of the dhcp conversation, discover, offer, request and ack. If your saying the dhcpd is sending out the correct mask, and others are using it correctly - then you got something wacked on those clients! Options shows that there was an option 1 of type Text with a blank value. Option 1 is - tada - subnet mask. So yeah that would F it up big time!! But you would of seen that in the offer, or lack of the offer containing mask.

Upgrade. Use sudo.

I'd really like to see Zerotier support added to the core product, or a supported package. https://forum.netgate.com/topic/91683/zerotier-one-as-a-package-100usd/67 https://redmine.pfsense.org/issues/9238 It would be pretty cool if "pledges" could be made towards issues in Redmine.

sorry because replying this old post.. so for the oposite operation to import certificate or maybe overwrite a specific certificate it is possible or exist some solution scripting?? at today i'm looking for a solution to automate the copy to anothers pfsense and import these certificate previously generated by acme, i will ask for help to a developer on another department to make a search of the encodec certificate and remplace by the new if it has not be changed or expired over php on xml config, based on anothers scripts like this https://forum.netgate.com/topic/95774/automating-certificate-imports-with-letencrypt-script/12

When you say "Two other devices that need full LAN and Internet access", are these wifi devices, or are they wired devices with cables plugged into your distant network switch? Jeff

@viragomann said in pfsense disabling firewall for one specific ip: If you want to keep it behind pfSense why don't you want to go with NAT? If the machine should get a public IP and bypass the firewall, why don't you connect it to WAN? Do you have multiple public IPs or a public subnet? Thanks

Seems like it was not a pfSense issue at all. It should have worked in any of the suggested configurations but there was no response from the Comcast gateway. Steve

Well you don't actually have to sniff on the client... Sniffing on lan side and wan side should help you find the problem... You really want to capture a few full stream or conversations. So you see the syn and syn,ack of the start all the data moving ack, ack ack, etc.. Then the close with fin,ack from both sides and acks.. its quite possible the echo send fin,ack - but amazon never sends back ack to that - so it causes a burst of noise like.. I don't log default block rule.. Unless I am troubleshooting something... I have 3 echo devices.. So I could turn on logging to see if notice any such burst of FA and RA being logged. Do you have pfsense set to reset states on loss of wan? That could cause lots of bursts of this on little blip on your wan connection.. system, advanced, misc [image: 1556099923198-killstates.png]

Issue solved main cause was in mikrotik router placed at other side on mblink where src-masq nat entry was giving issue after disabling that entry now everything works fine

@Stewart Found it. The amdtemp.ko file needs to be copied to /boot/modules/. Copied it over and rebooted. I'm not sure why this would be removed in upgrading from 2.3.x to 2.4.x.

It definitely would need to be a new validation function just for certificates. It's possible in the past there was no validation on that field, and when it was added, it excluded that syntax. Feel free to open an issue on https://redmine.pfsense.org with what you have found.

Fixed it, but I don't know what I did. Maybe it was the Hendrick's martini... Unplugged it, let it sit, plugged it in, walked away, had a second martini, opened the GUI, voila!

@BigSnicker Pretty sure it's the lightweight SG-1100 calculating and updating the Traffic Graphs. Even on my VM on a quad-core, it pulls around 30% with the Traffic Graph widget updating every second. But low CPU numbers when monitored via SSH with the Dashboard closed.

Correct. It's a Mikrotik CRS328-24P-4S+. I can add the tag using /interface ethernet switch rule add vlan-id=2 ports=<ports> new-vlan-priority=3 As soon as I add that to the corresponding physical ports (on the switch) the VMs are on top of, it all magically starts working again.

@stephenw10 said in APCUPSD - No UPS page: Could be. My guess would be that the FreeBSD port supports some subset of the data only. But testing against FreeBSD is the only way to know that. Or reading the code... Steve I just plugged in an older model APC UPS and it now works. The old model is a " Back-UPS ES 500". So, there is something different in the protocol between old and new that keeps apcupsd and NUT from working with the new UPS. BTW, I had previously used NUT with this old model and it worked fine. As I mentioned, the new UPS works fine with Linux.

thanks! I appreciate your input/help.