@xaad I finally found a way to make it working by also changing the Switch VLAN that was originally 4090 (0t,3) to 35 (0t, 3t). [image: 1615363635900-99237664-298b-4985-bdd9-2b19f8f89a90-image.png] I really don't know if this is the right way since I could not find any other post describing this as necessary.

@hacesoft Good day, so I've figured it out. I had here: SystemRoutingGateways incorrectly set rule. It's a rule of the OpenVPN tunnel not working yet ... Good evening.

@immo1689 said in Mutli wan interface, LAN virtual ip traffic managment: how can i make the user on my LAN choose wich vpn there traffic goes from. You want that the users are able to choose the VPN from their computer dynamically?

Thank you both for your suggestions, I've been away so I didn't have time to test. I'll try both approaches (believe the one suggested by @fireodo will do the trick).

@bhjitsense It's just flow control it can be turned off if you want.

@ramses-sevilla Ok, you asked for it. This could be used on another system, with shell access and the wget command : https://forum.netgate.com/topic/123405/get-certificates-from-pfsense-cert-manager-using-linux-commandline/4?_=1615276186290 pfSense doesn't have 'wget', but has curl. You should be able get the (html) page, using sed and awk to filter our the certificates, and text like "Valid Until:" etc. pfSense is a GUI firewall. There is no straightforward command command do what you want. If the certs where stored some where in the file system, you could use the openssl command and option to get the all the date info from a cert.

I updated to the Development 2.6 version which seemed to have resolved the issue and I was able to delete the certificate in the GUI.

@gertjan Yep restarts solved the issue.

@gwaitsi as I had to do this again, and completely forgot how I did this last time, here are the instructions for 2021. Save the device cert & key generated in pfsense locally rename the device.crt to root.pem convert the private key to rsa private key openssl rsa -in device.key -out device_rsa.key create a file called ssl_key.pem a) copy the contents of device.crt into this file from -----BEGIN CERTIFICATE----- MIIE2jCCA8KgAwIBAgIBHjAN....... i1M5xmyTK0cyhwQ== -----END CERTIFICATE----- b) copy the contents of device_rsa.key into this file below the certificate from -----BEGIN RSA PRIVATE KEY----- MIIE..... ZBjv7j74PS4P7I= -----END RSA PRIVATE KEY----- From the netgear switch "Maintenance", "Update", "HTTP Firmware/File Update" select "X.509 Public Certificate PEM" and load the root.pem "X.509 Certificate Private Key PEM" and load the ssl_key.pem From the netgear switch "Security", "Access", "HTTPS", "Admin Mode" - Enable.

@teamits I'm pretty familiar with the network principles and static routes :) I was just puzzled about the way pfSense web interface present (or hide) them. Probably it's because I'm not used to user interface to manage my networks ;) I was expecting a UI which directly represent the host configuration whereas it looks like the spirit is more to manage the config behind the scene and only present the high level functionalities ^^. Anyway, thanks for your insights !

For information: the LDAP authentication for administrators, is configured in The pfSense firewall and is working

Seems like pfSense or the service watchdog was confused by the install. I kept getting mails , that service watchdog was starting the Zabbix agent , and it was not running if showing status --> services. System log seemed to indicate that it was installed ok. I went to the Services --> Zabbix Agent , and disabled the service Waited 10 sec , and enabled the service Problem gone , service is running Maybe disable the service , before packet uninstall And enable the service after installing the new version of the package /Bingo

Fatal data abort, captured on the log. I'll post the pertinent sections when I can. I'm going to put in a support ticket and request that they send me a replacement device. I'll send this one back to them.

Excellent, thanks for the confirmation. Yes I'm looking at decent hardware, I've had so many problems with high end consumer type devices in the past that always seem to fail on what I would consider fairly basic stuff. So looking at one of the Ubiquity UniFi 16 Port PoE (or higher ports) versions. I've not used the UniFi platform before but I've been doing a lot of research on it, it looks awesome. Particularly when I compare that to a bunch of older (+8 yrs) managed switches of varying brands that I've had donated - both in terms of features/functionality and user interface. The UniFi platform seems awesome with the automatic propagation of configuration changes, plus the CloudKey too. Seems more powerful than many enterprise platforms (albeit, I've only really seen/been in discussion about these at arms length) - and without the costs of things like Cisco.