It is possible to do that but using a type 2 hypervisor like hyper-v is not ideal because it relies on the host OS for it's own security. A small portable router would be better IMO but pfSense would really only fit that role for wired access. If you need to use it as a wifi client you would probably be better served by, for example, OpenWRT. Steve

@stephenw10 @Gertjan Successful restore from backup! Thanks, again, for your help.

@johnpoz said in pfSense and meraki z3: never understand why users do this. Not saying there might not be need to do such a thing. But seems most of the time its users following some "vpn" guide that says to do that - when there really is no r You are absolutely right, and that exacly what I did. I do not truly understand (hybrid) NAT or maybe most of the buttons I push in Pfsense, but I basically googled: "meraki x3 pfsense connection" and look what random people on the internet say :). I found the vendor documentation not very user friendly - then again my company does not want to deal with individual engineer that has some fancy Pfsense router. They;ll tell me to hook it up directly to my cable modem - and not use personal devices when working. If you have a suggestion, I would not mind trying a simpler better way.

@mcarson75 said in Unable to apply patch: I will flog myself accordingly. As well you should - hahahaha ;)

@lelefront What option do you have set as automatic? I'm not seeing that

Do you see the VPN connect? Do you see blocked traffic on the port the VPN is using? If that server is on LAN all traffic from it would be allowed out by default, including a VPN. If it's blocked it's because of some rules that have been added (or removed). Steve

@ahmetakkaya said in Cron seconds setting: how to set seconds Cronjob cannot seconds. Here is a possible solution: Cronjob seconds If you do a search you might find some more ...

Hm so it looks like none of the client isolation settings can be enabled when it is in AP mode. But I'll keep an eye on the AP if it happens again.

@stephenw10 said in Slow routing speeds: @hngaminguk said in Slow routing speeds: Only annoyance being that the 2100 states a max of 881Mbps for Firewall (10k ACLs) I am not well versed into knowing how many ACLs I am using but I assume my setup currently has less? So I could likely hit 1Gbps? No, using fewer firewall rules will not allow it to hit 1Gbps between two subnets. Enabling pf to set any number of rules will introduce that overhead. Steve Okay thanks for the confirmation, in that case I will have to go for a 3rd party option such as https://www.ebay.co.uk/itm/Intel-Atom-E3845-4-LAN-3G-4G-4G-RAM-64G-SSD-Fanless-pfSense-Firewall-AES-NI-/114644549859?mkcid=16&mkevt=1&_trksid=p2349624.m46890.l49286&mkrid=710-127635-2958-0

This would be just one tool of many. True, a smart hacker may try to distribute the transfer over time/destinations. Some aren't that diligent.

@stephenw10 I needed to add server into the nsCertType and serverAuth into extendedKeyUsage in the x509 extensions but need to add the x509 extensions as a command line arg to openssl, adding them into the config file dosent seem to work. Have to create it this way: openssl x509 -CAcreateserial -req -days 7300 -in $cert_dir/$cert_name.csr -CA $cert_dir/id_rsa.crt -CAkey $cert_dir/id_rsa -passin pass:$ca_pwd -sha256 -extfile <(printf "$extFile") -out $cert_dir/$cert_name.crt the -extfile get the contests of the x509 stuff.

@stephenw10 That got it - many thanks Stephen.

Ah, nice catch. Yeah I'm always suspicious with one bad port on a NIC. If it's physically damaged you're probably OK but if it took an electrical surge is the other port going to fail.... Steve

Is there a FreeBSD implementation? It would have to exist there before we could use it. I don't see it listed a congestion control algorithm there either. https://github.com/freebsd/freebsd-src/blob/main/sys/netinet/cc/cc.h Steve

@stephenw10 said in System Log Errors : send() failed (40: Message too long) !!: With a custom login page? Exactly. Previous reports of this were caused by a bad custom port page that was creating a forward incorrectly. Steve

Well, for example, traffic sourced from 'vlan_10' should never be leaving the VLAN10 interface. Assuming 'vlan_10' in the VLAN10 subnet. Traffic from the LAN subnet to other devices on the LAN subnet would never pass pfSense at all so the LAN rule there would also never catch anything. Steve

Yeah you shouldn't be using public space internally, unless its your space.. That space is the French telecom "orange" If your devices are connected to the same wifi network and same AP.. pfsense has nothing to do with them talking to each other. And nothing to do with their discovery of each other through some L2 protocol. Discovery of chromecast https://developers.google.com/cast/docs/discovery

@batrams good to hear ;) You might want to sign up https://www.netgate.com/resources/newsletters if your log into your pfsense every now and then ;) setup the little RSS widget, so then you should see stuff about new versions, etc. [image: 1638719395510-rssfeed.jpg] Or just hang out around here - there is normally quite a bit of whoha about new releases as they come out.

Thanks. I'll do that with one of the devices that allows the public address.