@cmos_battery One thing to bear in mind is there's nothing magic about VPNs. They're just one way to establish an IP connection between sites. Once they're set up, you use then as you would any other connection. Years ago, things like frame relay and fractional T1s were used. These days, out in the real world, you might come across MPLS or QinQ VLANs, As for setting up VPNs, you have to know which one and the specifics depend on the brand. For example pfsense supports OpenVPN, IPSec and Wireguard VPNs. But the details of configuring IPSec, for example, on Cisco would differ from pfsense. I don't know that a class such as your is the place to learn more than general principles, though you may get into setting up one. But when you get out into the real world, you could easily find yourself working with another. The principles will remain the same, the but details may differ and you'd be expected to work those out on your own. One thing I complained about years ago was the schools teaching Windows and Microsoft Office, rather than operating systems and office apps, so that a person would have portable skills. It's sort of like a auto mechanic class teaching only one make of vehicle, as though the others didn't exist.

@keyser @bingo600 After some additional digging it seems it’s not related to Zabbix but rather unbound resolver in combination with pfblockerNG-devel 3.0.16 I started suspecting unbound because “top -SH” in I/O mode (press m) showed that unbound constantly was doing disk I/O I’m investigating further for now, but stopping pfblockerNG (which stops and reconfigures unbound) releases the allocated diskspace which then returns to the 25% it should be. Maybe it’s something related to the new python integration i pfblockerNG and Unbound. The Issue must have arisen when I upgraded to 21.05 from 21.02 I’ll close this thread and create a new one under the pfBlockerNG forum.

@steveits Yup. Unfortunately RealTek holds a huge market share for NIC chips, including in embedded devices and IT appliances, and in my case, the integrated NICs on the motherboard I'm using. Hard to avoid, therefore perhaps should be better supported in FreeBSD. I'm no stranger to FreeBSD and they are notorious for seemingly arbitrary and sudden driver breakages after updates and I'm not entirely convinced the problem wouldn't happen to Intel one day either. Unless they've decided that's the only card they test - which would be short sighted. Too bad this has to run on FreeBSD and not Linux but I do understand why.

@dlogan said in No traffic on WAN, gateway status down, errors "arpresolve: can't allocate llinfo for <WAN IP> on igb1: I have a WAN configured on IGB1 of an SG5100. How? PPP, DHCP, etc? Some hints on this in the logs?

Hmm, not sure why the ix NIC doesn't see it then.

That's a firewall rule and the destination is a public IP. You need a NAT rule too and that changes the destination to the internal target IP for the firewall rule. https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#adding-port-forwards Steve

@cza There is the ifconfig command to shut and open an interface, which might help. However, i also suspect it's a hardware issue.

@dilligaf said in Pfsense 2.5 stacks at boot with dots: I also fully understand already that ClamAV isn't going to see encrypted traffic. What I've should have mention where I wanted to go : ClamAV will see the traffic that all the process read and write to disk. What if : some key word(s) in this traffic (the config file to be written) doesn't please ClamAV ? Is there a way, as any (many) anti virus can do : exclude this file from being scanned ? Does the issue exists with ClaAV running and not with ClamAV stopped ?

@mrjoli021 if you plan on inspecting https traffic using squid that's not possible without doing a MITM unencryption of the traffic and even then your users are going to see warnings in their browsers even if you install your own certificates. This will just alarm your users and flood you with complaints. If you want to reduce the chances of your users connecting to malicious sites configure DNS to use the Quad9 servers.

@stephenw10 said in samba server: Nope. Is the short answer. Technically yes, but you shouldn't is the longer one. Steve thanx steve

@nogbadthebad Thanks Nog. I am thinking of testing moving an Apple TV to the IoT.

Thanks for your answers

@jcasale said in Issue with pfSense and having to restart constantly: Where should I look as to the cause of the problem? I looked at the systems logs and have not seen anything that stuck out. Was the Liva PC a wise hardware decision? If not, what hardware would you recommend? It seems that your backup is also corrupted and often it's caused by power failure. Its time for a clean install and clean configuration. No one can comment on your new hardware when you haven't stated what you bought.

@macusers First of all, again check your internet-facing IP on the LTE router. If this is not a real public IP, your ISP provides only a private subnet to you and there is nothing you can do. You will not get any traffic from the internet to your router, cause this is controlled by the ISP. In this case you can only use it for upstream connections.

@ducati0927 What turned out to be the problem? I have the same thing going on with a Spectrum modem right now.

Less important, but I am reducing cable usage on my switch by using 1 10GbE link instead of four 1 Gb links.

The only antivirus you might have on pfSense, clamav, only scans traffic that is cached by Squid. It is probably not doing anything for traffic coming over a VPN. But even if it is it's no substitute for AV on hosts where it can have far more visibility. Steve

That should work. We're going to need to see some data to find out why it isn't. Can we see the ifconfig output with the new card and the interfaces assigned? Steve

@akuma1x said in Block personal wireless devices at work: It is in a safe spot, just in case they need it Sticky note on the monitor?