@stephenw10 Found the problem. Somehow characters that don't show up got in there. Perhaps when I did a copy/past from the old config? Manually retyping fixed it. But unlike before, the entire path is required.

Resolved! @Gertjan said in All system logs empty: @MrSnuggles said in All system logs empty: pfSense should be on the newest version (v4.0.11). I advice you to ditch whatever you have and use the real pfSense : https://www.pfsense.org/download/ Oops I quoted the BIOS version (4.0.11) instead of the pfsense version (2.4.4). Should be as official as it gets. Otherwise I would be surprised @jimp said in All system logs empty: Go to the settings tab and click the button to reset all your log files. Thanks! I had the same idea after reading what Steve pointed out about the logs being from 2017. Ran rm -rf /var/log and now the system is logging happily. I don't understand though what the problem was since the permissions look exactly the same now. At least I have logging back Thanks again!

It's old but should work fine. I can only think there must be some rogue configuration going on, something left in the config file from previous settings. But if that was the case the clean install should have resolved it. The other thing is some low level conflict between the cards but I would expect that to follow the card not the assigned interface. Steve

What? Are you in the wrong lang section Vellin? No offense your terse response makes no sense at all with the context of this thread?

So I deleted the entire interface and recreated under opt2 different interface and it works fine now, strange.

thank you, it working. for archive this my custom rules: drop tcp $EXTERNAL_NET any -> 1.1.1.2/32 any (msg:"Ignore all traffic"; sid: 1;) drop udp $EXTERNAL_NET any -> 1.1.1.2/32 any (msg:"Ignore all traffic"; sid: 1;)

Yes, I'm not actually seeing an issue there besides the high RAM usage from Squid. It's not exhausting the RAM certainly. Are you seeing errors in the system log or Squid log? Steve

Ok, so I assume A to B is local traffic, not via VPN? And B to C is also not via the VPN? What speeds to you see from C to A compared with B to C? Is it the same A to C or C to B. I would try testing directly between the pfSense firewalls using iperf3 on each both inside and outside the VPN to see if you can pin down the throttle point. pkg install iperf3 rehash Steve

@Stewart said in Broken unit won't fully boot: pkg-static: Warning: Major OS version upgrade detected That implies it is either running 2.3.X and has pulled in 2.4.X packages or is set the dev channel and is trying to pull in 2.5.X packages. You can probably recover it by doing this: https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#upgrade-not-offered-library-errors But it will be quicker, and cleaner, to just reinstall at this point. The Suricata package had a bug in it at one point that meant log rotation was not working correctly. You had to go to the log management tab and save the default settings there to activate it. I imagine that's what you hit there. Steve

You haven't added the address range or server address to the PPPoE server config. I'm not sure I've ever tried running it on a numbered interface, certainly not WAN. You might need firewall rules to allow the traffic in. Though I don't see any required on my test box here to allow the PPPoE traffic you will need them on the PPPoE server interface to allow traffic inside the connections. Steve

Alright. We can do this :) On for example Forefront TMG you would have created a rule saying that anything going to external is allowed and drop the rest. PFSense however doesn't have an external object so instead we will need two rules per network instead instead First we need a Block rule that stops the unwanted traffic. Second we need an allow any rule that allows anything we haven't already blocked. In your case you need a block rule as rule nr2 on LAN: Source Any Destination 192.0.0.129/25 You will need a Block rule on OPT1 to (before the allow any-any rule) Source Any Destination 192.0.0.1/25

Okay I ran out of ideas so I grabbed a backup of the config file from before I installed HAProxy and ACME and restored it. Access is again granted to port 443. I will have to assume it was HAProxy but I only had set it up for port 80 and it was working. I was starting to work on 443 but everything for those backends and frontend was disabled. Also I completely disabled HAProxy and no difference. Oh well. I will just start again with ACME and HAProxy and see what happens

Can you add some network addresses and ranges to your diagram? For example - 192.168.0.1/24 or something similar? Jeff

Hi @PiBa After a good night sleep, and some coffee, I discovered a domain override for https://www.yourdomain.tld/ in my DNS resolver. False alarm. Thank you for your time.

@KOM In accordance to Aristotle - the first sign of real knowledge is ability to explain shortly the matter and teaching this matter. I wish you big money in your free time ... The information that I've got from @stephenw10 - all that I've been asking. For now all is working.

@Ozzmosis said in pfSense Crash: can not find the problem. Cut the problem in pieces. Like : remove the VM from the equitation.

@skullnobrains said in apply changes with pfSsh: how can i apply my changes without relying on rc.reload_all ? By "reading", rc.reload_all, see what it does, under what conditions, and do it yourself what rc.reload_all does. There is no documentation that states what a file or functions does.

ok thanks, now it is clear...

Just remove the spaces, so: !(wan|lan) Or (opt1|opt2) if those are the interfaces you want to see hits on. Steve

If you do not have a policy against it, then how do you think its ok to block him or throttle it? Step 1.. Create you use policy!