I was able figure the issue. I didnt realized that I set dns manually and point to my pihole docker when using my one of wireless.

Thanks. Not sure when I'm going to be able to get back to actively troubleshooting this. I'll stick with the DMZ setup for now and continue to research. Once I have some answers, or more likely new questions, I will start a new thread.

Yeah, you shouldn't have to do anything at all. If the modem goes down pfSense will see the WAN interface lose link and triggers a bunch of scripts. When it comes back up it triggers a different bunch of scripts which should pull a new dhcp lease and get a WAN IP. If you have a switch in between that can be an issue as the pfSense interface then never loses link. The gateway would still go down though. Steve

Do you mean users or clients? Or you mean you are actually trying to issue two IP addresses to a user who is logging into both networks via radius? I don't believe that is possible via the pfSense package at least. What error do you see when you try this? Steve

Most logs are sync'd to permenant storage at shutdown and restored at boot. Everything you can see in the gui at least. You only lose anything there if it powers off unexpectedly. If you have your local logs set large enough to store 90 days or filter logs you would need a huge /var ramdisk. Probably impractically huge. Yes, exporting the logs via syslog is the correct way to do this. Steve

Hmm, weird. Without seeing the crash report or at least the backtrace and panic it's hard to say what might be happening there. You might try installing ZFS if you're not already. Steve

@stephenw10 said in How do I drop black listed incoming traffic without rebooting the entire unit?: pfBlocker just adds firewall rules and aliases. If a firewall state already exists it won't remove it. So you can search the state table for the open states and remove them or clear the state table entirely. Both are better than rebooting. Steve Alright, that must be it then, once it hooks up I've seen that ip on the open state of the firewall but forgot how to get there, will have a look and try dropping it manually next time another offending address jumps in. thank you

@jpns : Throw this one ine Google : LCP: rec'd Terminate Request The first one says : https://forum.netgate.com/topic/30028/pppoe-connection-terminated-every-10-minutes

Got my hands on these dashboards and thought I would share them for anyone else that wanted to play with them. I tried to fix everything that looked broken but there may be more stuff broken, I'm no expert with Sumo Logic. pfSense Sumo Logic.zip

sudo is not installed by default. But, yes, it will be the patched version in 2.5: [2.5.0-DEVELOPMENT][admin@25dev.stevew.lan]/root: pkg search sudo pfSense-pkg-sudo-0.3_6 pfSense package sudo sudo-1.9.5p2 Allow others to run commands as root Steve

Yes, you can so that if the switch supports it. Better to use LACP if you can though. Steve

Good day ando1, Much appreciated. Can it apply to pfsense version 2.4.5?

A Meraki switch is cloud managed and needs to be able to see the internet for it to work. Here is what the lights mean: https://documentation.meraki.com/Go/Meraki_Go_-_Decoding_the_LED_Light I would reset the Meraki switch to default and then connect to pfsense box. See restore button: https://documentation.meraki.com/MS/MS_Installation_Guides/MS_End_of_Sale/MS220-24%2F%2F48_Series_(EOS)_Installation_Guide I have number Meraki switches and if they cannot see the internet they do not boot.

@zer0systems said in Suricata Signature Group Header MPM Context Definition: @bmeeks I completely agree, and I've seen the documentation you linked, thank you. I've actually had great success with tuning Suricata thus far, there's just always that setting or two you wonder about (or would like to grasp a bit more). 32GB?, via Suricata alone? - perhaps with 1000 clients. On a 16GB box with all of Suricata's settings X4, including the available firewall states being increased by 400% your only using about 20% of that 16GB if provisioned properly - that's why they offer the adjustments. I also mean no disrespect, but offering the old "if you don't know" answer is disappointing. When you don't understand something, you try to understand it. If we didn't, no one would truly understand the marrow of anything, in this case being the MPM library. If I would be using Suricata's "defaults", or all of pfSense's for that matter, I would be wasting RAM, as in your 32GB explanation. Yet again, no disrespect, I really do appreciate any help or assistance, but "defaults"? I have seen a number of folks posting here who have crashed Suricata by tinkering with the settings, so just offering the advice in case you were not aware. Some users like to tweak things just because an adjustment is there. Same for Snort. Its MPM is especially sensitive to tweaking. The defaults are the best in pretty much every circumstance. If you want to experiment with different settings, you certainly are free to do so. And if you find one that works better, post back and share with the community. But the defaults are chosen by the creators of Suricata and Snort for a good reason -- they generally work best unless there is some peculiar extenuating circumstance in a given environment. I am the creator of the Suricata package on pfSense (and the maintainer of the Snort package). I put the various adjustments in the GUI because they are available as choices in the underlying binary's configuration file (suricata.yaml for Suricata and snort.conf for Snort). The documentation from upstream for both pieces of software is a bit lacking in terms of a full explanation for some of the configurable options. But the developers of the binary choose their defaults to yield optimal performance in most cases. I don't know in any detail what the various selections in the MPM do. I don't think anyone truly does except the guy who wrote that code in the binary.

I have no lack of understanding what the issues could be but that wasn't the question :). Either way, I appreciate all that input and I'm sure it will help the next person that finds this. In the meantime, I'm going to use it. Thanks.

I guess it has to match the format required by those services? There's nothing like that built into pfSense but I could imagine something that run on an internal host just to query the WAN IP and then serve it up as those services expect. UPnP should be able to pull the external IP from pfSense if it's enabled. Or maybe and SSH command. Steve

It may or may not be but the important thing is if your package repo was still set to 'latest stable' and not '2.4.4 deprecated' it will have pulled in incompatible libraries causing the errors you're now seeing. To be sure I would probably backup the config and install 2.4.5p1 clean. Or wait for 2.5 at this point and then install that clean. Steve

If the server is configured as SSL/TLS with a tunnel subnet larger than /30 then all values are passed from the server to the client when it connects. As long as the client in pfSense is not configured with 'do not pull routes' then it should get a route to 10.0.0.0/24 when it connects. You can check the system routing table to make sure though. Steve

Is this just a dupe of your other ticket? https://forum.netgate.com/topic/160507/pfsense-and-openvpn