@netblues I have done other tests: I plug a mikrotik or a linux netbook and I get immediate pppoe working connection. With PFSense some days I get immediate connection even if I restart the box several times. Other days starts again in an infinite loop but after several hours it "repairs" itself. In this cases if I put a mikrotik/linux I get immediate connection so it is not a pppoe server fault. I will try a pcap but I need some hints.

@gertjan system has already been reinstalled.. I think I have things working well now. I will not make any changes till I know it is rock solid. New to all of this and just learning about the features. I lots of options in the package manager.. Just making sure my network is secure (more than it was)

@slu said in Cannot Access Local servers After update 2.5.1: https://redmine.pfsense.org/issues/11805 Yes, multi WAN setup. I'll check the link, Thank you.

@tgimagine the queue is full / too many connections, check with netstat -Lan try without ntopng

well i given up so much a headache. i learned about conf/config. on usb it install config so i did that internet partially works.. some websites work most dont.. webpages work on firefox but not Edge Packages will not install at all.. if i manaully install it from the config file it just hang and sits there that its being initialized.. how long does it take 30 min being initialized is long enough "Please wait while the update system initializes" .. Nord VPN is down but Site to Site Open VPN is connected but. and there is a BUT only the other pfsense box. nothong on the network is accessable i locked out.. on 2.5.1 i going crazy i fed up and i got a migrain 4 days and i cant get this to work and the only reponse is its not a bug and what not from the comment above.. i not crazy.. how can it worked for 2.4.5 but soon i upgrade to 2.5.1 its totally broken and its not a bug? ugh for now i give up so fed up and dont know how to get it.. ill just wait till a real stable version out there.. sorry venting too much i just cant figure this out deleted this and that changed WAN interfance to DHCP that i got it to dhcp ... you think it would work .no still broken.. so ill just wait and use 2.4.5 as long as it works till bugs are fixed i appreciate the help and input so far.. i give up for now as no one else really put in input how do i fix this and i searched forum and couldnt find similiar issues i do a usb of 2.4.5 and config file and installs everything ok.. i sitll have some websites not working but i back up and working though ill just wait

That depends a lot, you can play with kali linux attacking from inside.. You could attack the dhcp server, like a dhcp starvation attack.. In case you have Cisco, you could attack the CDP.. You could attack the wifi network, especially those using WEP.. These are just some examples of attacks in case you are already inside the network.. ARP poisining and etc.. Rogue DHCP server, the list goes on... In case you are from outside the network, there is a block all rule in WAN. This block rule means that the firewall won't be accepting anything from outside. In the other hand, you may have a port forward in which your server could be vulnerable, and not pfsense. Also, as pfsense is a stateful firewall, it will allow the clients to go to the internet, and allow the packets to return automatically. Based on that there is a possibility that you have a host that has a malware, botnet, or this host has a CPU vulnerability (MDS, TAA, Spectre/Meltdown) and thus is vulnerable to code execution, which, according to Arch linux security wiki, this host could be remotely exploited just by accessing a website running JAVA..

@coder said in Lets Encrypt certificate files in /conf/acme - What is what here?: But it doesn't work Install Google. Type nginx fullchain and Enter. Use any of the 984255865 supplied links to guide you. Example, the official one is here. The "ssl_certificate" settings needs the fullchain.pem ( V2_my-pfsense.fullchain ) file. The "ssl_certificate_key" setting needs the privkey.pem;(my V2_my-pfsense.net.key) file. You could also have a look at this file : /var/etc/nginx-webConfigurator.conf It's the web configuartion file of pfSense. Guess what : pfSnse uses nginx. ... ssl_certificate /var/etc/cert.crt; ssl_certificate_key /var/etc/cert.key; ... and compare these two file with what you found in /cf/conf/acme/ (that is, if you obtain your certs using the pfSense acme package).

@westlos said in PFSense and Mac Addresses.: What about using apps like Facebook Why would you care if they are? If your that worried, if a real os and not some tablet or phone.. You could change your mac address.. Maybe whatever OS your running on your phone or tablet allows you do it as well? In windows its as simple as this. You can view your mac in windows with ipconfig /all [image: 1619005194139-mac.png] Pretty much any OS, and nic driver should allow you to do this. Be careful with what you set it to.. It needs to be valid, and not a multicast mac, etc. But again - why would you care if some app can see your mac address? Again as mentioned this mac is used on the local L2 only, it not use with traffic to the internet for example, only for your PC to talk to devices on your network, ie your router lan side interface, etc. Its a non identifying number, the 1st show you the maker of the device. 00133B for example is https://www.macvendorlookup.com/ [image: 1619005618450-lookup.png] The last 3 numbers would be just the numbers they put on the specific device when they manufactured it.. There is no way to track that to you.. Other than if got with the maker, and said who did you sell this too, hey store who bought this item with serial# (that is if the store actually tracked purchases based on serial# of some nic sold).. Oh F they paid cash - lets go to the camera's, oh there he is buying it with that hoodie.. ENHANCE VIDEO.. Oh its Bob! ;) Or if that nic was sold to say DELL, then have to get with DELL - hey where did this computer go that you put nic with mac abc in? I think maybe you been watching too many h@ck3r movies ;)

Hi, I have some news. After replacing the Intel 10GBE network card with an Intel X722-DA2 (ixL Interface), my performance problems are gone. But there is a new problem. When testing the 10GB performance I only get a speed of 2.7Gigabit. Here is an excerpt from iPerf3: [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 276 MBytes 2.31 Gbits/sec 0 687 KBytes [ 5] 1.00-2.00 sec 273 MBytes 2.29 Gbits/sec 0 687 KBytes [ 5] 2.00-3.00 sec 276 MBytes 2.32 Gbits/sec 0 687 KBytes [ 5] 3.00-4.00 sec 281 MBytes 2.35 Gbits/sec 0 687 KBytes [ 5] 4.00-5.00 sec 279 MBytes 2.34 Gbits/sec 0 687 KBytes 5] 5.00-6.00 sec 280 MBytes 2.35 Gbits/sec 0 689 KBytes [ 5] 6.00-7.00 sec 276 MBytes 2.32 Gbits/sec 0 689 KBytes 5] 7.00-8.00 sec 276 MBytes 2.32 Gbits/sec 0 689 KBytes 5] 8.00-9.00 sec 275 MBytes 2.30 Gbits/sec 0 689 KBytes [ 5] 9.00-10.00 sec 277 MBytes 2.32 Gbits/sec 0 689 KBytes [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 2.70 GBytes 2.32 Gbits/sec 0 sender [ 5] 0.00-10.00 sec 2.70 GBytes 2.32 Gbits/sec receiver With the command "top -p CC" I see that the test uses only one CPU Core to 100%. However, this only happens when testing the 10GB connection. 1GB tests are distributed over all cores. As it should be. Is there a command or a way to set the pfSense to multicore for 10GBE connections? Thanks in advance. Kind regards, Kotty

@kiokoman said in Send log to syslog server RFC5424: there is some problem with 2.5.1 with nat tho Running 2.5.1 CE here, and it's just fine. I've just one WAN ..... some NAT rules and all is well. But a working Client OpenVPN - does that count as a second WAN ? Also a second WAN created to 'host' a tunnel to ipv6.he.net for my IPv6 access. edit : I'm logging to a LAN based syslogger since day one, somewhere in 2005 : [image: 1618987844205-b2199d95-dac0-4785-a503-d7755c9ecac7-image.png]

thanks a lot @noplan

@biggsy My Qotom computer has the Ethernet ports built into the mom board, so no chance of a fake card.

@vwgti Looks as if this is a problem with PPPOe per here also: https://forum.netgate.com/topic/163074/2-5-1-upgrade-have-no-internet-now-yet-reports-i-do/16