@steveits admin password reset procedure worked. In addition to leaving the password as a default, it also restores the admin's access. THANKS

pfSense users and groups is not what FreeBSD users and groups are. They have some common grounds, true.

@frederickjones I trust you have a switch on the LAN side of pfsense. Just disconnect the switch from the LAN interface and replace it with a PC.

Mind the automaic default gateway under the routing settings. When it is being changed to OPT1_L2TP for the first time, the L2TP session is already established. Network behind the LAN interface becomes connected to internet. After the first reboot the specific route to L2TP server is needed.

@akegec Excuse me? I want a reliable setup. If I had money to burn I'd purchase a few more APU2 boards and have a sandbox environment with the same site-to-site vpn setup to test new versions on. Unfortunately it just doesn't make sense and right now the 'latest version' does not seem reliable. I had immediate negative performance issues that caused me to drive to both sites and flash the old version just to get things working consistently again. Although this may have nothing to do with any of the issues I experienced it's concerning enough to upgrade to the new version right now: https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

@coldfire7 , I had the same probs with Snort. You could try to lower your IPS policies and see if that help.

@ghost-0 said in Amazon Firestick 4k broken post pfSense 2.5 upgrade with NordVPN: NordVPN fixed it? Oh, I thought it was Amazon that updated its server after, perhaps, receiving many complaints from fellow users like me. I'm not sold on your reason that NordVPN fixed it due to "regional restriction" because I'm in the good ol' USA. I'm not trying to access Amazon from abroad. Anyway, thanks for the reply, mate! Australia seems to have some fine ladies...I met so many fine ladies from Australia in college. Good that you enjoy it. Btw ghost-0 what "0" stand for?

@dlogan , there is also a possibility of some hardware probs that could make a change on the settings, eg if there is some power shortage or outage in the hardware components. Was there a smb relay attack? If so try to enable smb signin on all devices, disable ntlm authentication on network.

@gertjan Its exactly my own error : I map port 25 to 161. I modified it to 25 and now it works. PS : my server is host in a datacenter. Not at home :) ( Merci beaucoup mon cher ami. Quelle erreur de debutant de ma part ohlala :D )

@gertjan Nothing but what I sent. In front of this is only the 500 lines you have already seen. PFSense is almost on by default. I made only minor adjustments. If necessary, I will send an xml here. However, I would have to cover private data from xml, e.g. pppoe etc.

Thanks very much! The ISP switch is over a week away, and at least I know to avoid using the Wizard again.

@davynelis-it-nl said in Upgrading failed: The install is on a VM . ;) It doesn’t change the thing, now you can easily add anything or replace

Hi :) @viragomann Its works after I enabled "NAT Reflection" @johnpoz I have removed the public access to my NAS server and made it only available from LAN and openVPN.. @Gertjan Thanks for explaining this to me.. :) It all works now :) Thanks

@ibbetsion You must have something stuck in there somewhere. I just looked on a spare pfsense box I've got, with no traffic shaping setup at all, and this is the result I see in Diagnostics->Limiter Info Limiters: No limiters were found on this system.

Old topic, I know, but I have a similar need that I don't think is handled by the GUI. In my case, I want to create a VM to mirror my production firewall (hardware), down to the interface names. While I can manually change the interface names via ifconfig (e.g. ifconfig em0 name igb0), how do I make this persistent? Surely some script must run at startup that could do this, right? My use case is so I can test big config changes and updates before deploying for reals, and not have to mentally map things between the two, likely screwing something up along the way. Thanks...

@xplozia The problem persist, but less often

Hi @jimp I have encountred another problem. I am doing these tests in pfSense 2.5.1.r.20210322.0300 version. When I export the OpenVPN User Configuration file from "VPN > OpenVPN > Client Export Utility > OpenVPN Clients > "USER" > Bundled Configurations > Archive" It generates a .zip file that contains three files: xxxxxx.ovpn file xxxxxx.p12 file xxxxxx.key file Are the xxxxxx.p12 file and the xxxxxx.key file the same that I can generate from "System > Certificate Manager > Certificates > "USER" > Export Key / Export P12"? I think that not are the same because this: I have generated a .zip OpenVPN User Config file. I have created a OpenVPN connection in a client with this file and works fine. I have changed the date of the pfSense to a date after the expiration date of the certificates of the CA, the OpenVPN Server and the User. I have changed the date of the Client to the same date of the pfSense. Evidently, the VPN Connection in the Client doesn't work because the Certificates have expired. I have renewed the certificates of the CA, the OpenVPN Server and the User. I have exported the .p12 and the .key files from "System > Certificate Manager > Certificates > "USER" > Export Key / Export P12" I have replaced the old .p12 file by the new .p12 file in the Client and the VPN Connection works well again. Then, I have replaced the old .key file by the new .key file in the Client and the VPN Connection doesn't work, not connects. That is, if I replace only the .p12 file the VPN Connection works but if I replace both files the VPN Connection doesn't works. I have exported a new OpenVPN User Configuration file with this new date from "VPN > OpenVPN > Client Export Utility > OpenVPN Clients > "USER" > Bundled Configurations > Archive". I have create a new OpenVPN Connection in the Client with this file and works fine. I have verified that the .key file that contains the .zip file and the .key file exported from Certification Manager have diferent sizes. If I replace the .p12 and the .key files of the old VPN Connection with the .p12 and the .key files contained in the new .zip file, the VPN Connection connects without problems. Best regards