@stephenw10 @andyrh Yes, you are right. I need to set things up so that I can get in when/if something like this happens again. Thanks for you help.

@jarhead thanks - deleted it, but you can just click the little 3 dots in the bottom right corner and flag the post next time.

@stephenw10 thank you Steve, that was the problem! Simply decode under Linux: cat certb64 | base64 -d > cert cat keyb64 | base64 -d > key

What CPU is that? You are testing directly to iperf running on pfSense? That will always be worse than testing through it. You can see in that video he's testing through the firewall and a completely different NIC type. Steve

2.4.5? Any reason you're not running 2.52 or 2.6? What crash are you actually seeing? supervisor read instruction, page not present could be any number of things. Steve

Yeah, that's.... interesting. Good to find though! Also I'd argue it's Chelsio that hates Wireguard. Though I'm not sure if that's more unexpected. Steve

@stephenw10 Yep i figured out how the scheduling works. GUI isnt clear (at least to me) how to do a daily schedule or a monthly scedule. Months are presented so it feels like its implied that if you want to have a rule active only on the weekends, you need to select every weekend on every month but you actually dont. Documentation is not clear on this front either but nevertheless reviewing the xml stanza made everything make sense. Thanks Steve !

@morgion thank you. Still some issues pending

@stephenw10 said in [solved] Will pfSense support VRF?: Which is fun. Thanks god I already run virtual... one has to know his limits.

Hmm, I expect to be able to do that (at least until encrypted SNI is more widespread) using pass-through SSL. Though it's not something I've ever tried myself in pfSense, HAProxy appears to be able to do it. Old example. Steve

Currently you can only do that using Snort with OpenAppID. In in-line mode that can work OK since it blocks connections rather than hosts. https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html#application-id-detection-with-openapp-id Steve

System >Certificate Manager >CAs There you should be able to delete your Cert

Thanks all for replies; I'm planning to do a test setting up another PFSense 2.5.2 in same VMWare environment. With same packages and same configurations (importing them). Then I uninistall packages like Snort and NtopNG, and I'll do upgrade to 2.6 version to verify the behavior. As my actual PFSense manages 6 public IPs (set as Virtual IPs on WAN interface) it's not so quick "move" them from a PFSense to another one.

@jarhead That worked perfect! Thank you very much!

@stephenw10 I guess there is VLAN configured because I didn't need to set it on the pfsense

@stephenw10 said in SG 6100 Lan Ports Intermittent connection: So you have not seen that issue again in 22.05? Yes. If it does happen again check the logs. If you can still access the pfSense webgui it's not an issue with the LAN ports specifically but probably either DNS or something with multiwan. Ok noted. Thanks much steve for this insight of yours.

Not in pfSense. You would need to do that at the switch with 802.1x. Steve

It will work with DCO if you're able to try that. That using the kernel crypto framework and the QAT driver is available there. Steve

The only way to address that is using very low TTL values and there is no way to set that in pfSense. Even with that it's not difficult to workaround it at the client by simply setting the TTL values there. Steve

@stephenw10 Just glad this has been sorted out :) So for future me when i forget how I did this... "add 0.0.0.0/0 to the allowedIP" section to have dynamic routing, route traffic over the tunnel.