If you're using PPPoE you should be able to use the process in the doc pretty much exactly. By default I expect the Draytek to be in bridge mode so you only need to create a PPP interface using that as parent and it will work. Then assign the parent interface, re0 unless you have other re NICs, additionally and use that to access the modem management. There should be no need to add a bridge. And I would use hybrid OBN mode as I said. Steve

@mikeinnyc I'll get a trusty Intel The em(4) driver supports Gigabit Ethernet adapters based on the Intel 82540, 82541ER, 82541PI, 82542, 82543, 82544, 82545, 82546, 82546EB, 82546GB, 82547, 82571, 82572, 82573, 82574, 82575, 82576, and 82580 controller chips: Intel Gigabit ET Dual Port Server Adapter (82576) Intel Gigabit VT Quad Port Server Adapter (82575) Intel Single, Dual and Quad Gigabit Ethernet Controller (82580) Intel i210 and i211 Gigabit Ethernet Controller Intel i350 and i354 Gigabit Ethernet Controller Intel PRO/1000 CT Network Connection (82547) Intel PRO/1000 F Server Adapter (82543) Intel PRO/1000 Gigabit Server Adapter (82542) Intel PRO/1000 GT Desktop Adapter (82541PI) Intel PRO/1000 MF Dual Port Server Adapter (82546) Intel PRO/1000 MF Server Adapter (82545) Intel PRO/1000 MF Server Adapter (LX) (82545) Intel PRO/1000 MT Desktop Adapter (82540) Intel PRO/1000 MT Desktop Adapter (82541) Intel PRO/1000 MT Dual Port Server Adapter (82546) Intel PRO/1000 MT Quad Port Server Adapter (82546EB) Intel PRO/1000 MT Server Adapter (82545) Intel PRO/1000 PF Dual Port Server Adapter (82571) Intel PRO/1000 PF Quad Port Server Adapter (82571) Intel PRO/1000 PF Server Adapter (82572) Intel PRO/1000 PT Desktop Adapter (82572) Intel PRO/1000 PT Dual Port Server Adapter (82571) Intel PRO/1000 PT Quad Port Server Adapter (82571) Intel PRO/1000 PT Server Adapter (82572) Intel PRO/1000 T Desktop Adapter (82544) Intel PRO/1000 T Server Adapter (82543) Intel PRO/1000 XF Server Adapter (82544) Intel PRO/1000 XT Server Adapter (82544)

@starcodesystems said in Envoy Proxy: Envoy Proxy I'm not aware of anything at this time. Is there a feature request open for it? I'm not seeing one here. You can open one with reasons for including it etc. Steve

This install is now working again after re-running the initial setup wizard. Quite how a reboot can get the system into a state where nothing works is quite the question....

@noplan said in PFsense 2.5 RC OpenVPN/ExpressVPN problem: @trikki69 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem: so your problem is now solved with this added this to my advanced custom options within the OpenVPN client setup: ;pull-filter ignore redirect-gateway; brNP Yep - works great now, no thanks to ExpressVPN support.

What are you looking for exactly? If all you want to know is the source IP, log is fine - if you actually want to look at the payload of what is sent and received you would want a packet capture... Long term storage of packet captures is not all that simple..

@daddygo said in help with centralized control: Hello, Well, there is only "HA conf." that can stay in sync, but it's a good question anyway(!), because there is no such thing like "pfS cluster with central MGMT" I would say ,at every point, every FW (firewall) is unique, but there really can be a situation where you need to clone a system - pfs to pfs to pfs, etc. BTW: this could be a smart question, don't know :) Hello, thank you, I agree with the point that each point must be unique, however, there are common policies when the company has distributed branches that all must comply with. Let's have the idea or the example that suddenly we are going to give permission so that they can use a ZOOM for a webinar and only for one day 50 branches should be given permission ... that's what I want to get to.

HAProxy can pass FTP using TCP mode but not with host-header matching like that. You can only do that with http, ftp doesn't send that information. Steve

Update: issue resolved. Found that it was my anti-virus causing the issue. Once I put an exception for the IP of the SG-1100 I was able to get to the page and log in. Probably due to the cert that is automatically generated by pfsense that my anti-virus didn't like.

@pfnow I have a Phillips AndroidTV and dug into the network traffic a bit. With the above setup the multicast and unicast traffic passes fine through the networks. But when the Youtube app on my pixel phone tries to open the Youtube app on the TV a 403 Error is returned which is I think the cause why the TV is not being shown in the list. I think like @wrightsonm said, the Chromecast possibly only allows casting from the local subnet. I'm thinking if it may be possible to bypass that with NAT, but I haven't tried that yet and I'm a bit reluctant since I want to avoid NAT as much as possible and find a better solution. Unfortunately I haven't yet found if my TV has this src ip restriction and since @JacobS successfully casted with this setup that restriction may not be a standard chromecast thing.

@stephenw10 said in Settings clean up ?: You only have to upload a config file manually without checking the xml was valid one time. The pain will teach you not to do that again. Oh I know about the pain to make errors in XML That's why I asked initial question :) What's interesting that I don't see interface dead entry in this XML, so maybe unrelated Thx

@jimp Well what do you know... I restarted it and ran the built in memtest and it's memory error city. Thanks for the tip! I'll chunk it.

You can: pfSsh.php playback changepassword <username> Though I'm not sure it would be easy to automate that since it expects user input for the password. We don't allow entering the password in the command line parameters in that script since it's not secure. You could look at /etc/phpshellsessions/changepassword and make your own copy that does what you want in a more script-friendly way.

@stephenw10 Thanks. I changed it to ip4 only as you suggested. I may be limiting only one main LAN ip to access it. I can't do anything else on my 2nd AP because it has limited setting options. Thanks again.

You can disable the http referer check from the console using the php shell. It's one the available playback scripts there. You can't set the gateway or default route as you were because pfSense does not use the FreeBSD RC system. Anything you set there is ignored. Steve

@steve_b PHP Response .:/etc/inc:/etc/inc/web:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear:/usr/local/share/openssl_x509_crl/ The path was indeed missing. A reboot fixed the problem. Thank you all for your time!