I would first try copying it from FreeBSD 12.2. A lot of modules will load like that.

SG-2100 (2 days out of box) on latest - 21.05-RELEASE (arm64) VPN OpenVPN Clients Pencil Edit User Authentication Settings Area/block Load the empty password box - just tested it - with the box below unchecked (default) - Do not retry connection when authentication fails That was not it. the box being checked - it was the empty password box. Have a screenshot picture but getting that into this underpowered forum tool is not worth the effort. 1 min exact boot to the OpenVPN fowl up - then about 2:30 to the finished console screen due mainly to what appears to the be GeoIP files being reloaded and placed?

@leemajors said in cant log into webgui: how do i set up console access nothing serious happened https://docs.netgate.com/pfsense/en/latest/hardware/connect-to-console.html miniUSB cable to PC or MAC, etc -Putty or MobaXterm or what you like https://www.putty.org/ https://mobaxterm.mobatek.net/ [image: 1627229868642-969e7547-6ec8-4268-9a9a-2058ce5c18dd-image.png]

@kiekar Well, you need to get some more skills, before we continue... Obviously, you are using Wireshark, which is fine, but you did not capture any VoIP stuff. There's actually a menu for all of that. This is basically a filter for the packets you captured plus something that shows you an outline of a call. Just play with this. Once you have monitored a bad call convert the packets to text and edit your IPs etc, such that nobody can figure out who you are.

@jimp I wasn't asking for help because I didn't collect logs or take screenshots of the errors. I work in support so I know how the game goes especially with no logs; I was just pointing out that weird thinks have been happening in the last few releases that did not happen before like this PHP error that made my filter rules with aliases disappear and so that I could not edit any filter rules at all. Not sure how or why a factory would resolve the issue; regarding DHCP, Unifi is to blame here as they had several DHCP issues when the DHCP server used was non UDM..I'd hold off from upgrading any AP's until at-least the next release comes out. Now that I've signed up for the forums I'll be sure to collect screenshots ands logs to document any issues I experience..sorry I didnt think to do so this time.

@stefanl Same here. Went smoothly.

@jknott The traffic goes through the IPSec tunnel because the networks are defined in IPSec phase 2.

@stephenw10 Answer, hopefully in order... Version is 2.5.2 on the Azure VM and 21.05-RELEASE (amd64) on the 5100s OVPN is site-to-site, pre-shared key, UDP on IPV4 only, Layer 3. On the remote server there is a point-to-site server (for use as a remote internet gateway). It's for travel use but nobody's travelling so there are no connections. Latency is 27-32 ms, WAN Azure to WAN local; 100-130 ms to the other sites from WAN local. I only have one local device so I haven't tried to replicate here. I could spin up a Hyper-V guest but not now, I am currently working on alternative method, most likely a Linux server on the local LAN, running OpenVPN as a server and NAT port forward Linux server. We are up interactively but backups through the tunnels are an issue. Not an expert regarding state tables so I wouldn't know what to look for. I can try clearing the state tables after the trouble begins to see if that reset avoids a reboot to restore WAN performance. Would that provide useful information? We're not running IPSEC now. We were, but IPSEC failed after a recent upgrade. We switched to OpenVPN. I have read that the IPSEC issue has been resolved but haven't switched back. One more observation. We do have a point-to-site server running locally. There is one user, a Synology raid device that phones home and stays connected 24x7. It is used as an off-site backup device accepting snapshot replication and file share backups. It's been running without issues. It seems to be the site-to-site tunnels that are tripping us up, on the client-side.

When you run Squid in transparent mode on pfSense it adds port forwards to the listening interfaces to redirect traffic on ports 80 and 443 to localhost. You can just as easily add those manually and point them at some other IP where the proxy is. If it's on the same subnet things get complex to avoid asymmetric routes. But, yeah, it depends what the clients are and why they 'need' to use the proxy. The cleanest way to do it is configure the clients to use the proxy. pfSense doesn't have to do anything then beyond routing the traffic. Steve

@jimp said in Troubleshooting what caused pfsense to hang: Since that device has a serial console, you should leave a serial client open and connected to the serial console at all times, with the client set to log the output and/or have a large (100k+ line) scrollback buffer while you're looking into the problem. If there is some kind of crash or other error condition it would be printed on that console. When it's locked up, check what is in the console output and see if the device responds to input over the serial console. Try things like using a menu option or hitting ctrl-t to see if it prints any output. If the output just stops and it is unresponsive at the console and across the network, then it's likely hardware related, though that isn't always definite. That's what I thought I should do. I only ever had to use the serial console during pfsense installation but it would be a good idea to keep connected to it at all times and use it when this kind of issues happen.

Yes, do that. Or just paste the diff text into the patch directly. Steve

@marvosa Thank you for the info. EDIT: I think you were right, it was the traffic shaper. I deleted the existing shaper, re-ran the wizard and traffic speeds appear as fast as they should be and relatively stable! Thank you for your help... I'll post an update should anything change, but for tonight, it looks good!

I have ZFS on a gen 1 i3 with 8gb ram. When I switched I did not see any CPU or RAM difference.

DHCP Static Mapping is how pfSense refers to that. But we knew what you meant.

@jgq85 It wouldn't be a WAN port. The WAN port connects to the Internet, though you could consider the port on the UDM as "WAN" as it's the one that's closest to the Internet. You can connect it to pfsense with either a separate LAN port on pfsense or VLAN.

@gm192 said in Automated exfiltration advice: Thanks for all the advice. After reading the replies it looks like I'm going about things the wrong way. Using a firewall is set, but I get to choose the data exfiltration techniques and I've clearly tried the wrong one. I'll have a look at transferring large amounts of data and see if I have any success. I was thinking of trying DNS exfiltration, but I imagine I'd run into the same issues as before. Again, thanks for all the help and if you have anymore advice it would be welcomed :) Here is a link to some Gartner data on Data Loss Prevention software (DLP): https://www.gartner.com/reviews/market/enterprise-data-loss-prevention. As I mentioned previously, this kind of software tends to start getting pretty expensive pretty fast. But it can be quite effective. The company I retired from ran a product on all user PCs, and also a few servers (might have been the Symantec one, now that I think about it). Any data copied from any network drive or local hard drive to portable media (i.e., CD/DVD-ROM or USB stick or hard drive) was logged. It recorded the logged-in user, the filenames copied, where they were copied from (source) and where they were copied to (destination). I believe remote alerts from this activity could also be generated. Even though I worked in network security, I was not directly responsible for managing the DLP product, so I don't know all of its features. It also goes without saying, that having the proper permissions on file folders containing sensitive or proprietary data is paramount! You probably don't want to give the group everyone read access ... .