You're OK. So inbound would likely be 1:1 NAT then. Our setup is old, but for Outbound probably either Hybrid or Manual with a manual entry for each server: Source: 10.1.1.1/32 Destination: any (the Internet) NAT Address: 2.2.2.2

@ddave said in GUI and SSH not available: What can I do with it other than to reboot? First things first : put your mouse in a mask, and send it on a holiday. Keyboard now : Use option 8 : "god mode" ;) Enter : cd /var/log ls -al Where "cd"is exacly the same "cd" on the PC you are using right now. "ls" is what Bill (Gates) renamed in "dir". Show the logs, like system.log, with cat system.log or cat system.log | more ( use space bar to scroll through, or q to quit ).

@johnpoz said in GUI is only showing last 2000 log entries. Where can I see the rest?: The ! can be used Cooool ! A simple !:: works for me : now I see only portal traffic

@johnpoz said in Received used SG-1100 - can it hold malware?: edit: Oh guess you can't change that.. @johnpoz said in Received used SG-1100 - can it hold malware?: Some looking and yeah username is monuser and password is secret.. Just like shown above.. Not sure why you would be worried about that?? Right. It's hard coded in the UPS script settings in the NAS. You can edit them of course. But the next update of your NAS (DSM) will reset them. Here it is : /usr/syno/etc/ups/upsd.users (SSH into your Diskstation) edit : Keep in mind that in this cas eit's the NAS connecting to the pfSense IP 192.168.1.1, the NAS is thus the client. You can protect NTP access of your pfSense as you wish, using firewall rules.

@rigidconduit said in Issue with pfsense taking a nose dive until reboot: http://www.dslreports.com/speedtest/67867354 To get full A's, see this forum biggest thread here Home pfSense Software Traffic Shaping Stay away from 're' NIC drivers

From further investigations, it seems that LCP Config Request is sent by pfsense to client before authentication. Is there a way to make pfsense send LCP Config Request at autentication (when user/password form is validated) ?

@ghost-0 said in DHCP, sometimes, confuses VLAN/LAN interfaces...: The switch this occurs on is a non-managed switch, thus port mirroring is not an option. How are you separating the VLAN then? Perhaps you could provide a diagram of your network.

Yep. It's wol edit : The Shellcmd package. cron (install the Cron package) In your own scripts Etc.

@gertjan Hey, good news, it just started to work, maybe my ISP did something [2.5.0-RELEASE][root@pfSense.home.lan]/root: dig +trace www.tauron.pl ; <<>> DiG 9.16.12 <<>> +trace www.tauron.pl ;; global options: +cmd . 86400 IN NS e.root-servers.net. . 86400 IN NS f.root-servers.net. . 86400 IN NS g.root-servers.net. . 86400 IN NS h.root-servers.net. . 86400 IN NS i.root-servers.net. . 86400 IN NS j.root-servers.net. . 86400 IN NS k.root-servers.net. . 86400 IN NS l.root-servers.net. . 86400 IN NS m.root-servers.net. . 86400 IN NS a.root-servers.net. . 86400 IN NS b.root-servers.net. . 86400 IN NS c.root-servers.net. . 86400 IN NS d.root-servers.net. . 86400 IN RRSIG NS 8 0 518400 20210412050000 20210330040000 42351 . AtIn+4etW9M7KKvpaCmY4J8CPb2Xq5rOEadJ1EX3xnRH6qNWYLsIf4uT ycDTS2Pnp7VhRM+SAveXq6eDWlbWZzDk4+TI2laJMjpXF5/N2PlETU0E rGSWAAGjbjqDfdyNw8/QZr0Y5hiJ+xchtR4whqmtek5GeiU28t+BKmEI fsPKAv1+AbRS36ct+9AYxsjQYD6oYI7HoA82PoieGkHT/W7jstyBPL// tGyDpiM3FiNdFU3NtXtg42jLNSzwG7VXMOIDxBrFjoUxYQhpMRA0uFOV iPAus2+uK6pIH7lwKrUHCAhZmyUebwcC89I/pum9hB887HENQLmbTHdl 0N88Ew== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 31 ms pl. 172800 IN NS g-dns.pl. pl. 172800 IN NS b-dns.pl. pl. 172800 IN NS i-dns.pl. pl. 172800 IN NS f-dns.pl. pl. 172800 IN NS h-dns.pl. pl. 172800 IN NS c-dns.pl. pl. 172800 IN NS e-dns.pl. pl. 172800 IN NS a-dns.pl. pl. 172800 IN NS d-dns.pl. pl. 86400 IN DS 51352 8 2 C4282918DE616A9E3BFFEC1F0652A41CF73DB7EF7F5785DB7359E9E5 9D40048C pl. 86400 IN RRSIG DS 8 1 86400 20210412050000 20210330040000 42351 . DIchlYu3Osw8Uqtf9HCPoa4IDlxqXjVmfHLJKQRk2vci8BQRYcK8dcYa iWpheC+1jzulHQPJpQFYf9Hd1vyZbZycZYwJzlnwYmFetTPa5C2wb/s6 YttnG7JHj8jxkd0xXPMfP8cVwjBaN6ZbX3kFZhbCd6eHloVTeEk5Wifq GLgy06Conk6uj59+n0cP32U1MDtMONNNt4D6YAA0EBFuSam06Uh6xQQr Jf0FCJ4ZGOS5YXLw7XiaOkTVZtdbi/7UtYR3BVvm+xR7HhJIu3uyHSqA 34wk7p/hOxJLjZB3UcwL+7or8DuH4Qrv4j2XAZrRZljBk/qOyNosLbjV fErSpQ== ;; Received 953 bytes from 192.33.4.12#53(c.root-servers.net) in 23 ms tauron.pl. 86400 IN NS dns1.tauron.pl. tauron.pl. 86400 IN NS dns2.tauron.pl. tauron.pl. 86400 IN NS dns3.tauron.pl. 2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 2GLNUCH8GO3NFPDL68PCN7H39LGSLTQB NS SOA TXT RRSIG DNSKEY NSEC3PARAM lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 LT0QBJO6CEND7LU0M4PHSKTMO7RGQ0TL NS DS RRSIG 2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. zVsuFs5A8wdbwem1k94S8S546aGiv+vdAowJn8IRKnkMgZ6hYksRMEln WxEbMerW2tnFLgzfDOYT/V61BOSK7M8uNL3Cu1hqX5O4aXlzXvVmZIV5 sj6jPfSRt1Z2WCQWsa2/ZWy22TPqh2aJ9fhdUY0mO1/nx/j+vWXt6E0a FEv/2UzUBsef8XvIP/9/fJMJ/cdqL+gg8FjjKW+TmxaRRHbm6fpiOyPX rG1pA8ncnakm10VcdxGDXFPu6GyYBxdwAgdwkCUODtH5dZjv0L2HQ0aH 3q4sPZ1tB/GM/Afwo8+a6ydf7zX9tMHiUVZ4y4THPkV8VWbM1YQ9Wr6k R2NEYA== lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. hf4ENqemQVztdI/t16cKMnU32fYH3wpJWDasSy54TxVCgSms9W2i64OT oHTI5s/FdEj0ZkYKNB+6lfQZQWdAej4Wnh8N+cI+6wWxny+8UiqQg0oR c3IAkfiaGPnhR6Jx9O82ALlviBxS3jR0EJrIuxAPN0lnnfXl7eF1ObU7 CsxObsTQjh2dxxW0pOegHuJwOt3ZozAdxTWKF/2etJ2BS2VMtjHHP5tV lAOZ6SzYUrbhSdUzrfFetqgbxpSIWYps6pqQU51ER099dRGI4ooOTb1R YnUqNVRQ4kmjhjva7aGVk11C3XYzamqPA18qpP/anh4ipZC+4IUaMnu9 1hSgHg== ;; Received 902 bytes from 185.159.197.48#53(d-dns.pl) in 37 ms www.tauron.pl. 3600 IN A 195.245.224.52 tauron.pl. 3600 IN NS dns3.tauron.pl. tauron.pl. 3600 IN NS dns2.tauron.pl. tauron.pl. 3600 IN NS dns1.tauron.pl. ;; Received 163 bytes from 91.220.73.15#53(dns1.tauron.pl) in 32 ms Thank you for your support. It was really helpful!!

@steveits Thats what I was looking for, thanks!

@steveits admin password reset procedure worked. In addition to leaving the password as a default, it also restores the admin's access. THANKS

pfSense users and groups is not what FreeBSD users and groups are. They have some common grounds, true.

@frederickjones I trust you have a switch on the LAN side of pfsense. Just disconnect the switch from the LAN interface and replace it with a PC.

Mind the automaic default gateway under the routing settings. When it is being changed to OPT1_L2TP for the first time, the L2TP session is already established. Network behind the LAN interface becomes connected to internet. After the first reboot the specific route to L2TP server is needed.

@akegec Excuse me? I want a reliable setup. If I had money to burn I'd purchase a few more APU2 boards and have a sandbox environment with the same site-to-site vpn setup to test new versions on. Unfortunately it just doesn't make sense and right now the 'latest version' does not seem reliable. I had immediate negative performance issues that caused me to drive to both sites and flash the old version just to get things working consistently again. Although this may have nothing to do with any of the issues I experienced it's concerning enough to upgrade to the new version right now: https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

@coldfire7 , I had the same probs with Snort. You could try to lower your IPS policies and see if that help.