Playback restartallwan from developers shell might do what ya want

I'll leave it at it is. Thanks for the insights!

Yeah, I'm seeing it in all 2.5 snaps now. No idea what I was looking at earlier. Too many test boxes!

@Gertjan said in Cert expired on snapshots.pfsense.org: Anyway. Case closed. Mmm, not really since it should have been swapped out when it was created. We continue to investigate... Anyway thanks for reporting. Steve

@david-williams It has 256MB of RAM so even in late 2020 I would encourage you to try out OpenBSD, FreeBSD or NetBSD on it. A minimal install of Debian Linux would work also. I'm of course suggesting you build a router/firewall completely from scratch. Note this would only work if you can replace the 64MB flash card with something larger. At least 1GB but that's only if you perform a very minimal install. I would suggest installing the system in virtualbox first then convert the vdi to an img in order to copy it onto the asa's flash card. https://www.router-switch.com/pdf/asa5510-bun-k9-datasheet.pdf

You mean in the 'Alternate Hostnames' field in Sys > Adv > Admin Access? It has to be a hostname. So: firewall.mydomain.com for example. Steve

@EddyT Hi - I am trying to create graphs with ntopng and pfsense like yours - do you mind to share your json

Replacing the existing router with pfSense would be a much better plan unless there is a very good reason not to. Bridging can work OK but it's also easy to get wrong. Bridging VLAN interfaces even more so. Steve

Testing or recovering a device temporarily like this is about the only time I would use two subnets on one interface. I have done that numerous times in the past. (but it does always feel dirty! ) Steve

Hi all, Ok solved by myself. Strange was those "Permission denied" errors, so I've ended first trying a factory reset and restoring a backup, then, 'cause this didn't help, I've reinstalled the whole box and restored the configuration. After that, all went back to work. Hope that helps someone. Cheers, Simon

@kiokoman it's a production node so it's hard :( And to disable a VTI requires to unassign the interface, and so on, I cannot simply disable the P1. Meantime I've found a small workaround. I noticed in logs many events related to "change of dynamic IP address" related to my IPSEC tunnels (please note that I work only with static IPs). This triggered some kind of refresh of configuration, and php started to consume all CPU during that refresh. So I disable monitoring on all tunnels, and this mitigate the problem because it seems that pfSense does not reload configuration many times every day as before. Still the problem is on, so if I manually save changes and reload config it starts to eat CPU

@LakeWorthB I have since rebuild the pfsense box, so I can't confirmed what caused it.

I think this worked for me also. Is there a way to check? When I place the usb drive in a Windows box I can not see the file. Also how will I restore it after rebuilding the broken PfSense box? Thanks Joe

did you disable Hardware Checksum Offloading ? Wow, just straight to the point. This was it. Thank you so much!! btw, also interesting: This will take effect after a machine reboot or re-configure of each interface. the GUI says at this option, but it worked immediately when I hit save. Anyway, thanks for taking your time, I had already lost hope it would be so easy in the end

There are people here I have come to trust. I value their experience and their judgement. Taking their advice is sometimes not comforting or confirming. It's not like running off to your media bubble. The truth is they have, collectively, a few lifetimes of experience and the wisdom that comes from the scar tissue they have accumulated. Please also keep in mind you're getting this for free.

@sdh9 said in Can't get Thinkpad to connect: The only things I see blocked for this client's IP are: Nov 14 14:48:30 LAN Default deny rule IPv6 (1000000105) [fe80::31d1:ca81:6370:f0e4]:60943 [ff02::c]:3702 UDP Nov 14 14:48:30 LAN Default deny rule IPv6 (1000000105) [fe80::31d1:ca81:6370:f0e4]:64844 [fec0:0:0:ffff::1]:53 TCP:S Nov 14 14:48:30 LAN Default deny rule IPv6 (1000000105) [fe80::31d1:ca81:6370:f0e4]:56567 [fec0:0:0:ffff::1]:53 UDP Nov 14 14:48:30 LAN Default deny rule IPv6 (1000000105) [fe80::31d1:ca81:6370:f0e4]:59977 [ff02::c]:3702 UDP Nov 14 14:48:30 LAN Default deny rule IPv6 (1000000105) [fe80::31d1:ca81:6370:f0e4]:56567 [fec0:0:0:ffff::2]:53 UDP Nov 14 14:48:30 LAN Default deny rule IPv6 (1000000105) [fe80::31d1:ca81:6370:f0e4]:56567 [fec0:0:0:ffff::3]:53 UDP My provider does not give me an IPv6 address, so I'm not sure what is happening here. The fe80 addresses are link local. Every IPv6 capable device has one of those. The fec0 addresses are the deprecated site local addresses. I have no idea where they are coming from. Perhaps the MAC addresses will tell you.

Yeah thats the PPPoE issue, I saw it in the fixed issues list for 2.5.0 and that its targeting that release so I assumed it wasnt in yet? Thats the exact same behavior im seeing on 2.4.5-RELEASE-p1, if I make a change to any interface PPPoE goes down and theres no way to recover (reliably) without a reboot. I am also doing PPPoE over vlan. The NAS is not configured to route traffic as far as I can tell, I didnt set that up or at least not intentionally. It used to use just the gigabit ethernet connection but I got a 10gig card for it a few months ago and set that up. Rather than remove the old networking config I just unplugged the cable. I agree its probably bridge as a switch issue. Even after 2 hours combing through every config and every log, I still cant make heads or tails of it. The only thing I can think is that because Port 1 is the "main" bridge interface, maybe it didnt like having so many different machines connecting on it? Because aside from being the main interface, thats absolutely no difference in configs between it and Port 4 that I can see. The only difference physically is that Port 1 has a single, non-switched connection, where as Port 4 has 10 different machines across 2 switches on it. At some point I will get a 10gbe sfp+ capable switch so I can have just one each WAN/LAN interface in pfsense and really simplify the config, but theyre just too expensive to justify right now when this config works, at least when im not breaking it by being dumb :)

@kpa said in User Password Maximum Length/accepted characters?: I wonder what are you trying to accomplish with such long passwords  ::) Password length is irrelevant as the hash length should remain the same. In fact, there could be an infinite number of passwords that return the same hash. Your mission, should you decide to accept it, is to find all those passwords.

Yup I initially assumed this was spam but doesn't appear to be. And, yes, there are many good options here that don't require installing nano. However it is in our repo so it can be installed using pkg install nano. Steve