If you're actually hitting the max processes limit something is amiss. If you are though you should see it in Status > Monitoring. Do you see a slow rise in the processes number or a spike just before it crashes? Steve

You don't really have a choice there if the CA changes. You don't need to adjust the clients if the server cert changes (even the key) so long as it uses the same CA, perhaps that's what you were thinking of. There may be some song-and-dance you can do with an intermediate cert but if the root expires, clients still need to know about the new root. Browsers solve this by stuffing the new root CAs in various updates as they go, VPN clients have to do the same. Users should be conditioned to be periodically updating their VPN client software anyhow. OpenVPN frequently has updates for security and other issues. There won't be a real "fire and forget" setup where you can get away with never updating the client, especially with OpenVPN.

I suspect it would have. That's what has happened in the past during similar situations when I've tried it. Granted the last time I tried any time-based shenanigans with RRD was many many years ago. I don't think it's changed that much in its core though.

Thanks Kiokoman

Hi @stephenw10, Thank you! You're correct regarding using bridges with HA configuration. As sample, below is the scenario that I have tested. [image: 1623309908498-screen-shot-2021-06-10-at-15.46.59.png] As shown the switches SW3 and SW4 aren't interconnected to avoid loops. For redundancy I use a combination of LACP in failover mode and VRRP IP as default gateway instead of use pfSense CARP configuration. The reason to enable HA is to have the pfSense Sessions, Alias and Rules synchronized. For the servers behind, as shown WB1, there's two connectivity ways; Master to SW3 (SW4 as Backup) WB1 Master to SW4 (SW3 as Backup) * WB2 Image It means, both pfSense can handle traffic simultaneously. Although being configured as HA Master / Backup they work as Active / Active. Did you had some experience like that before? Regarding the hight CPU interrupt time % issue. After change the parameters below, the performance looks better then before. I still monitoring it. System Tunables net.link.bridge.pfil_bridge = 0 to 1 net.link.bridge.pfil_member = 1 to 0 MY

@godhead83 pfSense WAN interface needs to be configured as PPPoE VLAN ID 101 is default and assigned by the Modem. BT uses VLAN101 by default. When you configure the WAN interface do you see a IP Address ? Contact Vodaphone and ask them for a Username and Password if you haven't already.

@andyrh said in How to set PfSense to do auto re-reboot in 5 minutes or [any min] after power was auto restored.: That is a reboot loop. yes true ! thanks for the reminder ;) quick n dirty not always gonna work like a charm brNP

@steveits got ya. I’ll give it a shot later today. Thanks again

But did the device with MAC XYZ actually pull that IP? And do either of those MACs appear in the ARP table?

@kom Nope, that doesn't work either I'm afraid What DOES work is selecting option 2 from menu, then re-entering ip address for LAN, and hey presto it's enabled again :) Thanks for your help in this, much appreciated regards

@habitat said in Internet speeds throttled: which was originally for a very specialized immersive art installation Yeah, I guess you'd need CAT 6 for that.

@stephenw10 Yes i saw that at all website . i uncheck the following options in dns resolver configuration : Register DHCP leases in the DNS Resolver Register DHCP static mappings in the DNS Resolver and its working normaly now .THANKS for your suggestions

@thatguy Hello there, thanks for your help, although I do not understand where the code to be copy-pasted is, could you guide me please since I am still a noob at programming.

@stephenw10 I know where the Backup/Restore It does not respond The only way it responds if I ssh to pfsense And selects there the option of restore Which is actually the same thing but there it responds If I change a setting to something specific and it does not work So I return it to the same thing that was before It should work without doing a restore What's happening now When I change the settings of ipv6 And it does not fit (the Internet is disconnected) I change back to the same settings as before The settings change but the link to the Internet remains disconnected The internet link only comes back if I do a restore

Typically your LAN will actually be 1GbE capable and your WAN would be less. Often a lot less. So I was use the Realtek on the WAN where it probably won't be passing as much traffic. Of course the LAN will be passing the same speed unless you add VLANs etc but that would also be a reason to use the Intel NIC there. Steve

I'd be surprised if you can allow access from the WAN side of the wifi mesh somehow. They must offer some control there? This thing? https://consumer.huawei.com/uk/support/wireless-routers/ax3-quad-core/ And you have a number of them? Steve

@daddygo said in pfSense: online and pingable upstream gateway via PPPoE but no internet: I guess the DNS server override is checked Nope it isn't The DNS Resolution Behavior is also set to "Use remote DNS servers, Ignore local DNS" this will help you in many ways https://www.vikash.nl/setup-pfblockerng-python-mode-with-pfsense/ Will check it out tnx! I used Lawrence Systems on youtube's guide on configuring pfBlocker and other areas.

@cudgel Reach out to Netgate support. This is a known issue with some hardware in 2440. I've had two boxes replaced by Netgate under warranty, albeit this was 2-3 years ago. YMMV.