@gertjan Hey, good news, it just started to work, maybe my ISP did something [2.5.0-RELEASE][root@pfSense.home.lan]/root: dig +trace www.tauron.pl ; <<>> DiG 9.16.12 <<>> +trace www.tauron.pl ;; global options: +cmd . 86400 IN NS e.root-servers.net. . 86400 IN NS f.root-servers.net. . 86400 IN NS g.root-servers.net. . 86400 IN NS h.root-servers.net. . 86400 IN NS i.root-servers.net. . 86400 IN NS j.root-servers.net. . 86400 IN NS k.root-servers.net. . 86400 IN NS l.root-servers.net. . 86400 IN NS m.root-servers.net. . 86400 IN NS a.root-servers.net. . 86400 IN NS b.root-servers.net. . 86400 IN NS c.root-servers.net. . 86400 IN NS d.root-servers.net. . 86400 IN RRSIG NS 8 0 518400 20210412050000 20210330040000 42351 . AtIn+4etW9M7KKvpaCmY4J8CPb2Xq5rOEadJ1EX3xnRH6qNWYLsIf4uT ycDTS2Pnp7VhRM+SAveXq6eDWlbWZzDk4+TI2laJMjpXF5/N2PlETU0E rGSWAAGjbjqDfdyNw8/QZr0Y5hiJ+xchtR4whqmtek5GeiU28t+BKmEI fsPKAv1+AbRS36ct+9AYxsjQYD6oYI7HoA82PoieGkHT/W7jstyBPL// tGyDpiM3FiNdFU3NtXtg42jLNSzwG7VXMOIDxBrFjoUxYQhpMRA0uFOV iPAus2+uK6pIH7lwKrUHCAhZmyUebwcC89I/pum9hB887HENQLmbTHdl 0N88Ew== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 31 ms pl. 172800 IN NS g-dns.pl. pl. 172800 IN NS b-dns.pl. pl. 172800 IN NS i-dns.pl. pl. 172800 IN NS f-dns.pl. pl. 172800 IN NS h-dns.pl. pl. 172800 IN NS c-dns.pl. pl. 172800 IN NS e-dns.pl. pl. 172800 IN NS a-dns.pl. pl. 172800 IN NS d-dns.pl. pl. 86400 IN DS 51352 8 2 C4282918DE616A9E3BFFEC1F0652A41CF73DB7EF7F5785DB7359E9E5 9D40048C pl. 86400 IN RRSIG DS 8 1 86400 20210412050000 20210330040000 42351 . DIchlYu3Osw8Uqtf9HCPoa4IDlxqXjVmfHLJKQRk2vci8BQRYcK8dcYa iWpheC+1jzulHQPJpQFYf9Hd1vyZbZycZYwJzlnwYmFetTPa5C2wb/s6 YttnG7JHj8jxkd0xXPMfP8cVwjBaN6ZbX3kFZhbCd6eHloVTeEk5Wifq GLgy06Conk6uj59+n0cP32U1MDtMONNNt4D6YAA0EBFuSam06Uh6xQQr Jf0FCJ4ZGOS5YXLw7XiaOkTVZtdbi/7UtYR3BVvm+xR7HhJIu3uyHSqA 34wk7p/hOxJLjZB3UcwL+7or8DuH4Qrv4j2XAZrRZljBk/qOyNosLbjV fErSpQ== ;; Received 953 bytes from 192.33.4.12#53(c.root-servers.net) in 23 ms tauron.pl. 86400 IN NS dns1.tauron.pl. tauron.pl. 86400 IN NS dns2.tauron.pl. tauron.pl. 86400 IN NS dns3.tauron.pl. 2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 2GLNUCH8GO3NFPDL68PCN7H39LGSLTQB NS SOA TXT RRSIG DNSKEY NSEC3PARAM lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 LT0QBJO6CEND7LU0M4PHSKTMO7RGQ0TL NS DS RRSIG 2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. zVsuFs5A8wdbwem1k94S8S546aGiv+vdAowJn8IRKnkMgZ6hYksRMEln WxEbMerW2tnFLgzfDOYT/V61BOSK7M8uNL3Cu1hqX5O4aXlzXvVmZIV5 sj6jPfSRt1Z2WCQWsa2/ZWy22TPqh2aJ9fhdUY0mO1/nx/j+vWXt6E0a FEv/2UzUBsef8XvIP/9/fJMJ/cdqL+gg8FjjKW+TmxaRRHbm6fpiOyPX rG1pA8ncnakm10VcdxGDXFPu6GyYBxdwAgdwkCUODtH5dZjv0L2HQ0aH 3q4sPZ1tB/GM/Afwo8+a6ydf7zX9tMHiUVZ4y4THPkV8VWbM1YQ9Wr6k R2NEYA== lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. hf4ENqemQVztdI/t16cKMnU32fYH3wpJWDasSy54TxVCgSms9W2i64OT oHTI5s/FdEj0ZkYKNB+6lfQZQWdAej4Wnh8N+cI+6wWxny+8UiqQg0oR c3IAkfiaGPnhR6Jx9O82ALlviBxS3jR0EJrIuxAPN0lnnfXl7eF1ObU7 CsxObsTQjh2dxxW0pOegHuJwOt3ZozAdxTWKF/2etJ2BS2VMtjHHP5tV lAOZ6SzYUrbhSdUzrfFetqgbxpSIWYps6pqQU51ER099dRGI4ooOTb1R YnUqNVRQ4kmjhjva7aGVk11C3XYzamqPA18qpP/anh4ipZC+4IUaMnu9 1hSgHg== ;; Received 902 bytes from 185.159.197.48#53(d-dns.pl) in 37 ms www.tauron.pl. 3600 IN A 195.245.224.52 tauron.pl. 3600 IN NS dns3.tauron.pl. tauron.pl. 3600 IN NS dns2.tauron.pl. tauron.pl. 3600 IN NS dns1.tauron.pl. ;; Received 163 bytes from 91.220.73.15#53(dns1.tauron.pl) in 32 ms Thank you for your support. It was really helpful!!

@steveits Thats what I was looking for, thanks!

@steveits admin password reset procedure worked. In addition to leaving the password as a default, it also restores the admin's access. THANKS

pfSense users and groups is not what FreeBSD users and groups are. They have some common grounds, true.

@frederickjones I trust you have a switch on the LAN side of pfsense. Just disconnect the switch from the LAN interface and replace it with a PC.

Mind the automaic default gateway under the routing settings. When it is being changed to OPT1_L2TP for the first time, the L2TP session is already established. Network behind the LAN interface becomes connected to internet. After the first reboot the specific route to L2TP server is needed.

@akegec Excuse me? I want a reliable setup. If I had money to burn I'd purchase a few more APU2 boards and have a sandbox environment with the same site-to-site vpn setup to test new versions on. Unfortunately it just doesn't make sense and right now the 'latest version' does not seem reliable. I had immediate negative performance issues that caused me to drive to both sites and flash the old version just to get things working consistently again. Although this may have nothing to do with any of the issues I experienced it's concerning enough to upgrade to the new version right now: https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

@coldfire7 , I had the same probs with Snort. You could try to lower your IPS policies and see if that help.

@ghost-0 said in Amazon Firestick 4k broken post pfSense 2.5 upgrade with NordVPN: NordVPN fixed it? Oh, I thought it was Amazon that updated its server after, perhaps, receiving many complaints from fellow users like me. I'm not sold on your reason that NordVPN fixed it due to "regional restriction" because I'm in the good ol' USA. I'm not trying to access Amazon from abroad. Anyway, thanks for the reply, mate! Australia seems to have some fine ladies...I met so many fine ladies from Australia in college. Good that you enjoy it. Btw ghost-0 what "0" stand for?

@dlogan , there is also a possibility of some hardware probs that could make a change on the settings, eg if there is some power shortage or outage in the hardware components. Was there a smb relay attack? If so try to enable smb signin on all devices, disable ntlm authentication on network.

@gertjan Its exactly my own error : I map port 25 to 161. I modified it to 25 and now it works. PS : my server is host in a datacenter. Not at home :) ( Merci beaucoup mon cher ami. Quelle erreur de debutant de ma part ohlala :D )

@gertjan Nothing but what I sent. In front of this is only the 500 lines you have already seen. PFSense is almost on by default. I made only minor adjustments. If necessary, I will send an xml here. However, I would have to cover private data from xml, e.g. pppoe etc.

Thanks very much! The ISP switch is over a week away, and at least I know to avoid using the Wizard again.

@davynelis-it-nl said in Upgrading failed: The install is on a VM . ;) It doesn’t change the thing, now you can easily add anything or replace

Hi :) @viragomann Its works after I enabled "NAT Reflection" @johnpoz I have removed the public access to my NAS server and made it only available from LAN and openVPN.. @Gertjan Thanks for explaining this to me.. :) It all works now :) Thanks

@ibbetsion You must have something stuck in there somewhere. I just looked on a spare pfsense box I've got, with no traffic shaping setup at all, and this is the result I see in Diagnostics->Limiter Info Limiters: No limiters were found on this system.

Old topic, I know, but I have a similar need that I don't think is handled by the GUI. In my case, I want to create a VM to mirror my production firewall (hardware), down to the interface names. While I can manually change the interface names via ifconfig (e.g. ifconfig em0 name igb0), how do I make this persistent? Surely some script must run at startup that could do this, right? My use case is so I can test big config changes and updates before deploying for reals, and not have to mentally map things between the two, likely screwing something up along the way. Thanks...