I changed OpenVPN tunnel nework to another subnet, and this resolved the issue. Thank you for the help!

Put this in custom settings and see if you get what you are looking for in the log. server: log-queries: yes

thank you for the reply. this for example.. [image: 1603657318941-screen-shot-2020-10-25-at-4.22.27-pm.png] and then also, the pfblocker logs include a DNS name despite there being none in the system firewall logs (despite enabling the option including pbblocker statistics in the system firewall log). The latter is not a big deal since I could run a cron to port them. [image: 1603657457132-screen-shot-2020-10-25-at-4.23.38-pm.png]

@stephenw10 Yeah, the Roon client is uh, "interesting". I'm assuming they're calling setsockopt(SO_BROADCAST) and not checking the return code, but it also might be just some stupid .NET thing. Unfortunately, I get nothing. No logs, no crash report, no core dump, nothing on console. Just hangs and I have to reboot manually. When it comes back up, the UI doesn't indicate there is a crash report like the docs indicate it should notify me. Anyways, RAM shows up in a few days and until then I put in my old EdgeRouter firewall back into service.

Hmm, well if it clones a running VM to a powered off VM that sounds far more like it just clones the drive and, presumably, the VM config. Not like a snapshot. In which case shut it down before cloning it. I won't pretend to be a VMWare expert though! Steve

@Helmut101 said in Could you help me analyze these crashdumps?: This is totally within an acceptable range, but below 50°C would be preferrable I think Yeah lower is always preferable but that is within the expected temperature range. You should not expect it to fail unreasonably early at that. Steve

ok, I connected a Cable directly from the ground lug Coaxial connector from the cable company directly to my modem. BINGO! Turns out it was a bad splitter in the crawlspace. I dont think I would have found this without it costing a service call without your guys help. Very grateful!

Thank you very much. I'll test it in dark night. Thank you again.

It is all working now. Like many I guess, I am new to pfsense. In learning the software I had the system bridged, took it apart and had individual subnets; put the bridge together again etc and generally messed with it a lot. So I reloaded from scratch, set everything up and bridged the ports. Now all is working including share access. Maybe from all the playing there was a remnant of something(s) in config somewhere? The shares still don't show it the neighborhood but I don't think Windows plays nice with samba anyway. I have the shares mapped and that works for me! Thanks

Ok, so figured it out... It was DNS port 53 requires TCP & UDP. Without UDP the LAN would lose internet every 2 hours from Verizon... but now its fixxed!

@Orlie said in arpresolve: can't allocate llinfo for 192.168.100.1: send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 24.xxx.xxx.161 bind_addr 24.xxx.xxx.185 identifier "WAN_DHCP " That is dpinger logging the values it's using when it starts. So usually that is when the WAN comes back up or you get a new WAN for some reason. Steve

you also need mountd port under ubuntu it's sudo nano /etc/default/nfs-kernel-server RPCMOUNTDOPTS="--port 12345" sudo systemctl restart nfs-kernel-server rpcinfo -p | grep "tcp.*mountd" open port 12345 on pfsense

@periko , love your idea. That would be possible in the near future, no one needs a powerful pc and an it support/person anymore all will be done with VM and AI.

I just found the answer in the blog pages. "The new log size will not take effect until a log is cleared or reinitialized. This may be done individually from each log tab or it can be done for all logs using the [Trash-button] Reset Log Files button on this page. See Adjusting the Size of Log Files for more."

@KpuCko said in How I can assign same vlan to multiple interfaces: My thoughts are I expect to be able to do switching and routing with one device You can - just get a box that has switch ports in it, that does routing.. SG3100 has switch ports, the new sg2100 has switch ports. The 5100 for example does not.. My sg4860 does not.. I didn't want switch ports on it, because switching should be done on your "switch" ;) Not your router.. Keep in mind that with routers with switches, the uplink into the routing is going to be limited.. Look at the above block diagrams for example.. Notice the 1gbps and 2.5gbps uplinks from the switches.. The proper tool for the job.. Do you go buy the hammer at the store, when you need to hammer in a nail? Or do you pound on nails with your screwdriver? Switches are not expensive these days... You could pick up a 8 port gig smart switch for like $40.. Or get a 16.. Or 24 if what you are after are switch ports. I would always suggest if you think you need a 5 port switch, get an 8 or 16.. That way when your needing another port - you don't start eyeing your router interfaces thinking you can use them as switch port ;)

@kiokoman Thank you for the reply. I will try and use a log parser before sending them to papertrail then (until we have a native way to do it). I think it may be worth my time to setup a cron job to ftp the pfblocker-ng logs rather than the system logs. I need to look at those logs to see if they containt the DNS name.

I forgot to include both of these servers are esxi's. Multiple vms that sit on each network. I used LAN as a generic term. LAN in this case is a segregated VM network for devices that need access to the lan but are not accessible by the internet. As for 10gig need, I really only need 10gig for the dmz on server1, which could free up one port on the firewall for server 2 dmz, except I currently have another hardware device that sits in the dmz.

@bmeeks said in Division by zero in /usr/local/www/widgets/widgets/system_information.widget.php on line 373: running the pfSense-2.5 Snapshot release Ahhh. I was mislead (mis read). "2.5" messages are ment to be posted here [Home > pfSense Software > Development](Home pfSense Software Development) - that's where the bleeding edge battle is taken place. This is the general pfSense section, 2.4.5-p1. Anyway .... living on this edge means : updating ..... and wait if something fails. And re update.

@mogarchy said in LDAP auth via SSH: @jimp Thanks for the info, do you have the power/ability to make it happen? If so what's your price? (not a joke) Otherwise, can I use any external authentication server like RADIUS or am I stuck with local authentication for SSH sessions? RADIUS shell authentication is implemented in 2.5: https://redmine.pfsense.org/issues/10545

@bingo600 I'm not advocating that as the only method, just a small table lookup for existing MAC addresses with a failover to the current way of working if not in the table. A clone would therefore work as before since none of the MAC addresses would exist.