Hi commander, your use case sounds like a no-brainer for pfSense. The hardware choice depends on your WAN bandwidth / VPN bandwidth needs. -Rico

@peter_apiit Run them either as VMs or in containers. I have both Grafana and Graylog in containers on Debian, but you can use any OS you like that supports docker or your chosen containerization system, if you're not comfortable with containers, use VMs, again choose the OS you like or use Turnkey prebuilt systems

Up and running now, thanks guys. It seems the complication were specific to my configurations so once a few settings were changed it all clicked into place and started working. Happy Holidays!

@jwj Can but hope that the home IOT/Router vendors up their game a bit so we don't need these "security" work arounds. "Work from Home" is going to be moving up the ladder as a security attack vector.

@sjp770 Found this via Google:- https://github.com/eihag/pfsense-stats

I agree that would/will be better. It was not possible to do that in pf when that code was added originally which is why it's like that. Steve

@heathy65 said in Unable to access pfsense via serial cable: MNHO-073 That device has an hdmi output, does that work as a console? It may have been installed without a serial console enabled, who installed it? What image was used? Steve

Can you explain that differently? You are trying to bypass a 100Mb connection to the facebook CDN? You have two WANs? You are trying to limit the speed of connections to facebook? Steve

It's hard to imagine anything in pfSense causing this, it looks like some upstream issue to me. Have you tried using a vpn and connecting over that? Does that also fail? Steve

You need to open a feature request here: https://redmine.pfsense.org/projects/pfsense Unless you find something there already of course in which case add your comments to it. Steve

@pppd hello, No process are currently there agains bruteforce... You could possibly submit a feature request?

@nogbadthebad said in Is this a good network architecture/configuration that makes good/secure sense?: Also if you need to extend your coverage you can just add another AP. Hoping to avoid buying another AP. I will try it with all 3 SSIDs on my Unifi.

Doesn't matter if the time is correct with the correct timezone... But if your time is OFF based on the timezone it thinks its in - then yeah that is going to be problematic.. As long as the time is correct for what timezone your in, or the OS thinks its in that would not be a problem.. But if your in say central timezone, and time should be 10:03 in that tz.. but your system thinks its 1403 then yeah that is going to be problem.

@vbman213 https://github.com/pfsense/FreeBSD-ports/pull/1011

If dpd is enabled then the P1 will not stay up if the route between the end points is interrupted. However if your tunnels are not using NAT-T then the P2 traffic will be ESP dircetly and it is possible for that to be blocked resulting in the tunnel establishing (over UDP port 500) but not passing traffic. Steve

@alexmercer I did this recently. Followed the guide referenced above. No issues at all, worked first time.

Assigning an IP from the /29 to an interface means I can ping that IP from an external address. That shows, at least, the block is being routed to the main firewall. Couldn't get any internet access, 1:1 NAT etc working though. Have now run out of time trying to diagnose, but ISP has swapped my /29 for a /28, which is more than enough for what I need for now even considering the 4 lost addresses (3+1 interface) - so have just put it on an interface on the L2TP instance and gone the easy way. Thanks so much for your help though - absolute legend!

@stephenw10 ah ok always learning something new everyday.. figure realtek made the driver for pfsense or the freebsd and u just use it the way they made it.. didnt know about compiling etc... and then read there is no likly the drivers be released in next version of pfsense... probably because its not a high priority kinda thing.. but always learning.. i just glad its not motherboard... as with this damn pandemic its making harder to get certain parts i appreciate the info learn something new every day