Yeah I would also try enabling DHCP on OPT1 and setting a client to use it. That will prove you have a good layer 2. DHCP traffic is always allowed. If it then pings correctly the static client setup was probably incorrect somewhere. Steve

Nice.

@deanfourie said in pfSense constantly crashing: Could this really cause something so catastrophic like a kernel panic? I adivse you to make this a priority task : Have a look at what's been said about 'realtek' for 'serious' applications like routers. I've no solid proof, but their is this common knowledge that you should stay away from this brand, just to be on the safe side. Realtek over USB ? That's like playing russish roulette with 5 bullets in the 6 chambres, instead of one bullet. Ethernet over USB : that's just a big nono in your situation. If it works, ok, good for you. But that kind of hardware should be removed if you suspect issues. So : first go native, classic bare bone : a device with two (or more) real NIC's. test drive that. If still issues, then you know the device (drive or motherboard or power) has an issue. Don't do tests with realtek or USB NICs nearby.

@denverdesktopssupport You can simply set up a second VPN and enable or disable them whenever you want.

@stephenw10 I actually just updated to 2.5.2, but the notification for the crash report was still there so I decided to post it here. Should I clear it and hope for the best?

@stephenw10 @stephenw10 said in FreeRADIUS 3.0.22 has a bug.: That was lucky. It could easily have not worked with 2.5.2. Well, between me and you, it did not work the first time because I had forced a package repository update: pkg update -f Doing that undid the modification I had done to the pfSense.conf file. So I edited the file a second time and it worked.

@deanfourie said in Interface Timer Suggestion?: should I still use relative paths in cron? Yes, use the full path. That's the most common reason custom cron jobs fail. The cron user does not have the same paths as root which is what the command prompt runs as. Steve

@jhparizona Google "free computer". I was surprised at the result. You may find what you need. Ted

What I can say, while I am not a "fan" of breaking the L2 barrier with such discovery. There have been some recent mdns questions. And easy way for me to test that mdns via avahi is working is just my iphone using airprint. Which printer and client are being on different vlans. Can tell you it works - I setup avahi, my iphone can discovery and print to the printer.. If I also allow communication on the vlan to actually talk to the printer. As @stephenw10 mentions.

With an apparent bandwidth reduction that high the first thing I would do is check the port status in Status > Interfaces to make sure both are linked at the expected 1G full duplex. You should upgrade to the current version, 21.05.1, when you can. 2.4.4p3 is very old. You may wish to re-install clean to be sure. Open a ticket with us to get the recovery image: https://go.netgate.com/ Steve

Other than an update of pfsense actual version, there should never be a reason to have to reboot pfsense. Common issue where people believe this is the case in change in firewall rules, and not working as they think... This is most likely related to existing "state" for whatever trying your trying to change what happens with. And the reboot clears all this. But if you do have an existing state causing a rule not to function as you believe - you can either kill that specific state, kill all the states or just wait for them to time out on their own, etc.

@stephenw10 Hello ! Information on status. So far, in case of power failure, I want the UPS to start and the initiation of new back-up tasks to become impermissible, Upon a combination of time and remaining charge of the UPS' battery; a proper shut down of the mac; and, if possible, Shut-down of the UPS. So Far, On my pfSense firewall SG-1000, there is a pre-installed NUT package, It works already and can trigger termination of NUT clients. For macOS, (version 10.13 High Sierra, the package manager Homebrew does not work any more, but the package manager MacPorts does), so I would (1) Install or update xCode on the mac; (2) install or update MacPorts, (3) configure and set instructions to slave on pfSense SG-1000, and (4) complete on pfSense the remainder of NUT configuration. This is my current plan, which seems feasible so far.

Hmm, that is interesting. I assume the WAN IP is not changed when you restart dpinger? I.e. it's not somehow restarting the connection? (it shouldn't).

Since you are using a correctly configured policy routing rule for LAN traffic you do not have to do anything. Anything not caught by that policy rule, such as traffic from the firewall itself, will use the default gateway. Just be aware that with that set to the load-balancing group as it is traffic will use one of the two PPPoE WANs that are in tier 1. It will not use both and there is no way to specify which one it will use. It will simply switch to the other one if one goes down or to the LTE if both go down. That setup is probably fine for your use. Steve

There are packages for sending snmp data, allowing external collectors to query the firewall, but not for using the firewall as a collector itself.

You should upgrade to 21.05.1, the current version. It should (obviously!) not reboot at random like that. You should open a ticket with us to troubleshoot that: https://go.netgate.com/ Steve

Code carried over from the old forum was incorrect. Check now.

I had the "firewall optimization options" set to "conservative" and changed this now back to "normal". maybe......

@chudak dns has NOTHING to do with ports.. As I already went over if your goal is to get redirected to some port, then use HAproxy.. And then sure you can hit the public IP on port say 80 or 443 http/https and get proxied to port 1234 if you wanted.

An HA pfSense setup would usually be between two devices in the same location, often in the same rack. It's intended to mitigate a failing node or connection to/from that node. There is no reason it could not be between nodes in different buildings as long as they can be on the same layer 2 segments but there's not really much advantage in doing so. Steve