PPPoE cannot be DHCP. I assume you just mean it's dynamic? You are suggesting using those subnets? I would avoid 192.168.1.X as it's very common. It's the default LAN subnet.

Anything that is just a modem will not be addressable outside it's own segment. It might have a management interface but it will be using a non-routable private IP address. What sort of DSL service are you connecting to? Steve

@carl123 said in Problem with packages: What confused me was that when I loaded my copy of pfsense, it returned the problem Most probably : When you install pfSense, updates/upgrades work, as default DNS settings work. When you import your own settings, with your config.xml, "breaks" DNS. pfSense itself can't resolve any more, and thus can't contact the Netgate update-upgrade server : the Package lists stays empty - and you're not notified any more when updates are avaible. Solution : 'repair' your DNS.

The matching thread on reddit for this says he already started the rma process.

@bingo600 said in MINIX NGC-3: His Minix book is worth a read I haven't read that book, but I do have his (with David J. Wetherall) Computer Networks book.

The client export by default will use the WAN IP as the server IP in the conf file. But in Azure the WAN is a NAT'd private IP so clients will fail to connect. You need to set the Host Name Resolution field to other and enter the public IP there. Or use an FQDN is you have a public host name for that. Steve

@stephenw10 Yeah, thats what I would like to do... I imagine I could do something like screen-scrape if needed...was hoping there would be something...

@jknott Thanks, very interesting.

No not two NICs, two interfaces, which can be a VLAN. Interestingly the SG-1100 only has one NIC anyway. It uses VLANs internally to create 3 separated interfaces. Steve

@mer said in SG 6100 is worth to buy?: Funny how the whole system is governed by the smallest bandwidth. Exactly. But as you say more ISPs are starting to offer connections in the 1-2Gbps range where 2.5G NICs (at least) are required.

Mmm, interesting. Thanks for following up.

No. The point of using the internal interface abstraction names like that is that there is only one reference between OPT1 and the physical interface. When you re-assign it to the new NIC all the rules on it will follow that. Steve

@srytryagn oh... and just so you completely understand the 1100 doesn't come with any WiFi access points. It's a wired device.

@stepinsky said in OpenSSL vulnerabiltiy: pfSense affected?: I cannot judge the relavance of the vulnerability for pfSense users. That is the big question for sure.. The analysis is still underway at nist https://nvd.nist.gov/vuln/detail/CVE-2021-3712 This vulnerability is currently awaiting analysis. The key really being "If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit." Would that be something that could be done with how and when pfsense uses openssl? And it seems there is a patch for freebsd https://www.freebsd.org/security/advisories/FreeBSD-SA-21:16.openssl.asc So when netgate/pfsense feels its prudent sure they will make it available. edit: Well this openssl thing was in one of the many newsletters I get ;) In one today.. Doesn't seem like it is too much of a concern to be honest. Here is the article if interested https://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/

Let me try to replicate it with the values I have first.

@johnpoz said in How to avoid bridge?: You have this? What sfps do you have in it? I have a few SFP+ WDM12-R20/WDM13-R20 for fiber and S-RJ01 for RJ45 (pic above). My main problem is that one of my pfSense interfaces comes from my IPTV router and goes to my TV boxes. I get IPTV signal on all devices. On pfSense with option "Allow packets with IP options to pass." it goes perfectly fine but if I use my CRS317 instead I get no signal flowing from one SFP to another.... that's why I gave up on CRS switching... [image: 1630001319342-img-6163.jpg]

@gertjan Thank you for your reply. Sorry for taking so long to get back to you. I've just renamed the file to .old, re-enabled graphing and everything is back and working. Thanks for your help. Chris.

@jknott Yep. I had tried, but that didn't work. No connection. No ping, no nothing. Reported elsewhere. ARP or what, no clue yet. Had to (1) re-allocate interfaces (in this case, swapping). Trouble is also physical access, after a reboot. Crawling into some dungeons. The box has neither monitor nor keyboard. No, it must be pre-set. (Don't want to whine about 'good old days', and yet, my former Soekris/m0n0wall was just running along. Power off - power on and I had access through the web interface for everything else. Have tried hard, but not found anything on the same level of ease and reliability. Well, updates and performance made it a no-go.)

The config file is in /cf/conf/config.xml. If you edit it live you often have to remove the cached copy: https://docs.netgate.com/pfsense/en/latest/config/xml-configuration-file.html#edit-in-place But I would recommend exporting it from Diag > Backup, editing it and then restoring it again. The system will reboot into the modified config. Steve