@johnpoz Sorry for my rather not so helpful answere. It is connected via a gigabit inteface normal rj45. There are not any packages installed.

Yes you can use a shaper with in a double NAT setup. As long as the shaping on the pfSense interface is more restrictive than anything upstream it should work fine. You should be bale to use PPPoE without it dropping out though. I use that here without issues. Steve

But you are still able to ping pfSense from the client in that situation. Both the LAN and WAN IP? And presumably you can connect to the webgui also? Can you ping our from pfSense itself in Diag > Ping? Is there anything in the system log when this happens? Do you see attempted ping in the firewall log? Steve

Hmm, I guess good to know at least, but....

@mhertzfeld said in Ransomeware infected machine: not failover to one of the other ports on the board. It can failover to another port for IPMI? That doesn't seem like all that smart of an idea from a security point of view ;)

Ouch! Nice catch though.

So your OpenVPN configuration is causing it to wait for a password before it starts. Maybe you have it set to user auth but didn't enter a password. You might try adding auth-retry nointeract; to the custom options, too

KOM.... Sometimes bitter enemies can eventually become best of friends.......stranger things happen.....just a thought Peace

i noticed, sorry i can not update my configs yet since the i am facing the issue described in here So i need to wait until i can modify or downgrade the system to safely remove the transparent-client-ip feature. I was going to use this feature for internal smtp server to forward the original IP.

I would not suggest you open a port to the public internet for your cameras.. Not a good idea! Use a vpn.. But https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html

@guardian said in Please tell me what this error message is likely serious?: Any idea how many "bad attempts" are necessary to trigger the message? It depends on a few factors, but that's all decided by sshguard and could be found in their docs. @guardian said in Please tell me what this error message is likely serious?: How long sshguard has been part of pfSense Since 2.4.4. @guardian said in Please tell me what this error message is likely serious?: Is the "user id" of the attempted login available in a log somewhere? The main system log.

@JKnott said in WiFi calling and VLAN 1: @NogBadTheBad said in WiFi calling and VLAN 1: I still work on an account that uses DecNET What would use that these days? It would have to be ancient. An old Dec server running a legacy application, due to be retired soon.

Excellent! Thanks so much! I will have a look. Regards, --Mokey

....unless of course you don't mean the actual CARP traffic (which must be multicast) and are referring to pfsync or config sync, which is a common misconception. Steve

Very old topic, but we use salt to manage our pfsense ;) Thanks to https://github.com/ndejong/pfsense_fauxapi Some links : https://github.com/ndejong/pfsense_fauxapi_client_python https://github.com/alkivi-sas/salt-pfsense

Where is "someone else’s firewall", directly connected to yours ? If so a VIP + 1:1 NAT and a static default route on "someone else’s firewall" pointing to your router should do it. https://docs.netgate.com/pfsense/en/latest/book/nat/1-1-nat.html

@mod said in key based auth ssh issue: 3 . password +public key login works That is not really an option.. If you set password and public key your just using password to auth.. 2: I use linux version of putty and we don't get keygen/ don't need to convert. Pretty sure you do.. https://www.ssh.com/ssh/putty/linux/puttygen 4 Yeah no idea why your bringing that up at all - yeah no shit everyone uses 2 ;) BTW, current stable version of putty is .71

I have to say I would swap out that rl NIC if you possibly can. It will almost certainly cause you headaches in the future. https://github.com/freebsd/freebsd/blob/master/sys/dev/rl/if_rl.c#L48 Steve

well just add it to both groups on tier 3, it's that simple. if tier 1 (high packets loss or high latency) it will switch to tier 2. and if both 1,2 dropped 3 will kick in. you control which one are primary and secondary with tier numbers. believe me every day you will find a new reason to love pfsense more. i love it so much i just installed it on a VPS and configured openvpn on it. so now i have a personal vpn for 5$/moth.