@coder said in Lets Encrypt certificate files in /conf/acme - What is what here?: But it doesn't work Install Google. Type nginx fullchain and Enter. Use any of the 984255865 supplied links to guide you. Example, the official one is here. The "ssl_certificate" settings needs the fullchain.pem ( V2_my-pfsense.fullchain ) file. The "ssl_certificate_key" setting needs the privkey.pem;(my V2_my-pfsense.net.key) file. You could also have a look at this file : /var/etc/nginx-webConfigurator.conf It's the web configuartion file of pfSense. Guess what : pfSnse uses nginx. ... ssl_certificate /var/etc/cert.crt; ssl_certificate_key /var/etc/cert.key; ... and compare these two file with what you found in /cf/conf/acme/ (that is, if you obtain your certs using the pfSense acme package).

@westlos said in PFSense and Mac Addresses.: What about using apps like Facebook Why would you care if they are? If your that worried, if a real os and not some tablet or phone.. You could change your mac address.. Maybe whatever OS your running on your phone or tablet allows you do it as well? In windows its as simple as this. You can view your mac in windows with ipconfig /all [image: 1619005194139-mac.png] Pretty much any OS, and nic driver should allow you to do this. Be careful with what you set it to.. It needs to be valid, and not a multicast mac, etc. But again - why would you care if some app can see your mac address? Again as mentioned this mac is used on the local L2 only, it not use with traffic to the internet for example, only for your PC to talk to devices on your network, ie your router lan side interface, etc. Its a non identifying number, the 1st show you the maker of the device. 00133B for example is https://www.macvendorlookup.com/ [image: 1619005618450-lookup.png] The last 3 numbers would be just the numbers they put on the specific device when they manufactured it.. There is no way to track that to you.. Other than if got with the maker, and said who did you sell this too, hey store who bought this item with serial# (that is if the store actually tracked purchases based on serial# of some nic sold).. Oh F they paid cash - lets go to the camera's, oh there he is buying it with that hoodie.. ENHANCE VIDEO.. Oh its Bob! ;) Or if that nic was sold to say DELL, then have to get with DELL - hey where did this computer go that you put nic with mac abc in? I think maybe you been watching too many h@ck3r movies ;)

Hi, I have some news. After replacing the Intel 10GBE network card with an Intel X722-DA2 (ixL Interface), my performance problems are gone. But there is a new problem. When testing the 10GB performance I only get a speed of 2.7Gigabit. Here is an excerpt from iPerf3: [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 276 MBytes 2.31 Gbits/sec 0 687 KBytes [ 5] 1.00-2.00 sec 273 MBytes 2.29 Gbits/sec 0 687 KBytes [ 5] 2.00-3.00 sec 276 MBytes 2.32 Gbits/sec 0 687 KBytes [ 5] 3.00-4.00 sec 281 MBytes 2.35 Gbits/sec 0 687 KBytes [ 5] 4.00-5.00 sec 279 MBytes 2.34 Gbits/sec 0 687 KBytes 5] 5.00-6.00 sec 280 MBytes 2.35 Gbits/sec 0 689 KBytes [ 5] 6.00-7.00 sec 276 MBytes 2.32 Gbits/sec 0 689 KBytes 5] 7.00-8.00 sec 276 MBytes 2.32 Gbits/sec 0 689 KBytes 5] 8.00-9.00 sec 275 MBytes 2.30 Gbits/sec 0 689 KBytes [ 5] 9.00-10.00 sec 277 MBytes 2.32 Gbits/sec 0 689 KBytes [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 2.70 GBytes 2.32 Gbits/sec 0 sender [ 5] 0.00-10.00 sec 2.70 GBytes 2.32 Gbits/sec receiver With the command "top -p CC" I see that the test uses only one CPU Core to 100%. However, this only happens when testing the 10GB connection. 1GB tests are distributed over all cores. As it should be. Is there a command or a way to set the pfSense to multicore for 10GBE connections? Thanks in advance. Kind regards, Kotty

@kiokoman said in Send log to syslog server RFC5424: there is some problem with 2.5.1 with nat tho Running 2.5.1 CE here, and it's just fine. I've just one WAN ..... some NAT rules and all is well. But a working Client OpenVPN - does that count as a second WAN ? Also a second WAN created to 'host' a tunnel to ipv6.he.net for my IPv6 access. edit : I'm logging to a LAN based syslogger since day one, somewhere in 2005 : [image: 1618987844205-b2199d95-dac0-4785-a503-d7755c9ecac7-image.png]

thanks a lot @noplan

@biggsy My Qotom computer has the Ethernet ports built into the mom board, so no chance of a fake card.

@vwgti Looks as if this is a problem with PPPOe per here also: https://forum.netgate.com/topic/163074/2-5-1-upgrade-have-no-internet-now-yet-reports-i-do/16

@jgq85 said in "Add Tag" button missing on Interfaces > Switches > VLANs?: It was configured that way before it was shipped by a provider. No freaking clue why anyone would set it up like that ;)

@jdarmstrong It's a syslog Priority value (facility+severity). See RFC 5424.

@leoescarpellin Stop thinking of IPSec vs OpenVPN. Both are just methods to provide an IP connection between 2 points. As such, when the VPNs are up, it's just a matter of routing and rules as to whether traffic can pass between them, just like any other IP connection. Of course, you'll have to ensure network addresses don't collide (the NAT curse strikes again).

@newberger It could be corrupted partition or boot method error. Just fresh install pfsense. A lot user upgraded to 2.5.1 pfsense without rebooting the device first.

@JKnott Sorry pfsense is on the same LAN. I built the whole lab on google cloud to test pfsense api.

@gertjan it says Filesystems are clean, continuing... i have used zfs, so i dont know if still applies? thanks p.s. this is unrelated to the first crashes, those were related to the igb driver i think they are resolved now, i just used the same thread

By selecting the check-box in front of the rule, and click dragging. As usual. Just tested it : works : [image: 1618815731829-64f71557-a257-4efd-a563-08ec4509848b-image.png] Don't know if it was "2.5.0" as it is old by now, but I guess : you would have seen others mentioning your question. The usual solutions will help your : a) Use another browser. b) Hit Ctrl-F5. as this kind of functionality is being handled by your browser. Open the web dev windows of your browser and check if it hasn't troubles loading any javascript - or other files. I'm running the latest - not 2.5.0 : [image: 1618815798587-534166b0-1464-42a0-a261-5ac75f2c229e-image.png]

@joshhboss Most of these questions can be checked, just look at the system in place right now ;) As networks like "10k" don't fall out of the sky, are not created from scratch today. Or are you really implementing a "hotspot Wifi network" on a "new aero port" or very big school or company, with nothing in place at the moment ? You probably want to double the system to make a HA set-up,and both really to be identical from a hardware perspective. Use you current system as a test-bed for updates and spare. The system you propose shouldn't be the first bottleneck you'll find ;)

@stephenw10 I will try it if it happens again. Last night I found that when I upgraded firmware on the 5548p switch the LAG which connects it to my 2428 switch was no longer a LAG. I redesignated those ports and reloaded the router. Maybe there was a network loop? I will know more of it happens again as I won't need the internet back up immediately and can investigate more.

pfSense also can't check for updates for system or packages. Internet still functions.

@jknott said in Pfsense with rj45 to USB: @nollipfsense said in Pfsense with rj45 to USB: If I were you, I would get a managed switch to use VLAN with that tiny one Ethernet port. The problem with that is it effectively limits him to 500 Mb and he's got a 900 Mb connection. When you use a VLAN over a single port, a packet has to pass through the same port twice, so a Gb port effectively becomes 500 Mb. I see ... good to know. Seems that OP might need to get the Lenovo SFF.