@jimp said in OpenSSH User Enumeration: We pulled in patches for that to 2.4.4 a few days ago ( See https://www.netgate.com/docs/pfsense/releases/2-4-4-new-features-and-changes.html#security )> But your port 22 shouldn't be open to the world anyhow, especially not with Yep- Just for the naysayers our there.. I opened 22 on my test firewall this morning before I left for the field. As I sit here having lunch I checked in with it. Did an update (daily on this box) to the latest snap. Within seconds of it being back up IP's started connecting to port 22 trying to guess user/pass combos. 16 different IP's in five minutes. I can't imagine what that would be like if it had been open for days..

@clcporto said in Forced upgrade? 2.3 pkg repository disabled?: pkg-static install -f pkg Thanks for the response, it helped me a lot. my system worked after I gave this command via putty, and then System> Update> Update Settings Legacy stable version (Security / Errata only 2.3.x)

Hi Everyone. I tried the shell change , rebooted and all is well.

I seem to have gotten it working. Not sure, but it was the gateways for the OpenVPN was messed up. Between fiddling, with settings in OpenVPN and restarting the service, it seems to have fixed itself. As far as I can tell, I didn't change any settings, but what seem to fix it, was switching the vpn subnet addresses, then switching them back, seemed to fix itself. ?? Regardless it is working properly now.

@oddussiben-3161 said in Time to remove Growl ?: i might be out of bound, but can we consider having push notification maybe using telegram bot or pushbullet? That's a topic for a new thread, but if there is a notification method that has a lightweight client available for FreeBSD (read: few or no dependencies) then we can explore adding it in. I'm sure people would like to see things like Slack or other push notification services. I have not looked at what is out there to know what might make a good candidate. Start a new thread and perhaps others will chime in.

Exactly.. Many times users says they did X when they really did Y.. Maybe you are blocking rfc1918 on your guest interface? So you setup plexserverip as an alias? maybe that is not working - view your alias in the table section under diag. Does it list the correct IP? Simple sniff is always good - since on your lan.. Do you see the traffic going to your plex server.

Thanks, I'm glad to hear there is a good reason for not respecting the redirect.

yes. I hope so. the complete ssh command works too, like: #ssh -A -p22 root@gateway pfSsh.php playback gatewaystatus Name Monitor Source Delay StdDev Loss Status WAN_PPPOE 9.9.9.9 79.227.208.185 24.827ms 0.337ms 0.0% none

It seems that the problem was in the PfSense version. I made an update and everything is working correctly

Jim Pingle did a very great Hangout for OpenVPN as a WAN, you can check it out on Youtube: https://www.youtube.com/embed/lp3mtR4j3Lw -Rico

Able to fix this by changing syslog-ng.inc $conf .= "{\n"; $conf .= "\tmaxsize 1024M\n"; $conf .= "\trotate $max_archives\n"; $conf .= "\t$archive_frequency\n";

Spoke too soon, had to power down to add a blanking plate (couldn't find enough when I initially built the box) and it still doesn't start up at boot or clicking start on the dashboard. It only starts if I go into the configuration and save it. I don't have to make any changes, just click Save.

The copy jobs will be between nas to vsphere and external. Probably it will be smb3, i did not decide yet. After removing the whole lagg config on pfsense and switch it works! I can work with that but i'm still interested why it did not work with lag...

I have been running unbound since before it was part of pfsense and an just an addon package - have never seen a hit from it.. It is rock solid in its performance - then again as I mentioned I would never "forward" my dns request I use it as intended which as a caching resolver.. If your concerned with your isp listening in on your dns - then send your dns requests through a vpn would be my suggestion. Trying to run dns over tcp so you can put it in a ssl tunnel is yeah going to be a performance hit on your typical dns udp query.

Very nice. It's waited this long, I'm sure it can wait a couple more weeks.

OK, so now go to the client PC or whatever it is and check its network settings to confirm that it is using pfSense DNS. If it is getting its network details from a DHCP server , then you need to ensure that this DHCP server is giving out pfSense LAN IP as the DNS for DHCP clients.

Hello! I had the same issue with my router and as it was said virtual interfaces solved the issue. VPN software was shown to be the most effective one. Though there's always a catch because some of them provide dynamic IP as well. Nord-VPN works for me but you might want to check reviews and compare different providers here's the source