@chrcoluk said in FreeBSD Bug 188261 - How to apply patch to pfSense: ticket on redmine if you read, this has happened in the past @maverickws " I've added here: https://redmine.pfsense.org/issues/10820 Thanks!"

Hi! Many thanks for the replies. It turns out that there were some errors with my switch. However, I never managed to put the google nodes in bridge mode so I gave up and bought a uniquiti access point and installed. //Andreas

The Mellanox drive line is expected on any system. The dhcp leases line it likely something attempting to restart it twice (still starting from the last previous time). Here's me editing an alias on a test box: Aug 11 12:06:27 check_reload_status Syncing firewall Aug 11 12:06:39 check_reload_status Reloading filter Aug 11 12:06:40 xinetd 23110 Starting reconfiguration Aug 11 12:06:40 xinetd 23110 Swapping defaults Aug 11 12:06:40 xinetd 23110 readjusting service 19000-tcp Aug 11 12:06:40 xinetd 23110 Reconfigured: new=0 old=1 dropped=0 (services) It responds pretty much instantly in the GUI. The first log line is when it hit save. The second log line is when I hit apply. It takes ~1s to reload everything. Now that's a test device without much config on it. As you add more services and more rules, and tables etc it takes longer to reload. Steve

Found that there's also a pfSense hangout video and slides available specifically on the cert manager. Might be useful if you end up in this thread. https://www.slideshare.net/NetgateUSA/certificate-management-on-pfsense-24-pfsense-hangout-september-2017 https://www.youtube.com/watch?v=x2efFe9xXxo

I have always found the installation quite straightforward. Here are the instructions: https://docs.netgate.com/pfsense/en/latest/install/installing-pfsense.html

You could setup your IPsec tunnels better and get the same net effect without a script. For example, if it's a tunnel mode IPsec connection, if you setup P2 entries with remote hosts to ping, that normally will bring them back up automatically. For IPsec VTI mode, if you set the child SA close action to "reconnect" on one side that will make them reconnect when they disconnect. There wouldn't normally be an IKE/P1 issue unless you don't have working DPD on both sides.

If you want to filter between wireless and wired clients on the same subnet that is a legitimate use of a bridge. That can work well.

@stephenw10 Hello, Indeed I was wrong in the version. It's good 2.4.5p1. Following the advice to use the HAProxy, I tried again and managed to set up my VIPs last night. So I am ready for the next versions of pfsense. Thanks again to everyone. Emeric

You can use all of those in one pfSense install. If you want all of your traffic to use the VPN you set it as the default gateway and traffic from Squid will it also. Steve

Ah, nice. You should make sure you have the serial console enabled and you are able to access it. The next time this happens you may not able to do anything else and rolling back changes from the console is a very easy way to regain access. Steve

I found the issue with the help of Netgate support. The backstory is that I had to reinstall the pfSense package after a botched upgrade recently. It didn't automatically reinstall these packages. Once I installed mailreport, I can now get into these notification settings! FYI, the web root (location of the web menu GUI menu structure) are located in /usr/local/www. The status_mail_* flles are added here when the mailreport package is installed.

Not really load balancing, but you can make your OpenVPN server to listen on both WANs and configure the client to connect to the other WAN IP if one fails. To do so, configure the OpenVPN server to listen on localhost and forward the OpenVPN packets from both WANs to it. In the client config simply add a remote line for the second IP.

@JKnott Nah, i only got a cable hanging from the ceiling terminated at the server room, no router or those Ethernet extender. The fiber line is from allstream, but it is the building management who maintain it and resale the internet to different floor. Been told it is just plug it into a switch, to the firewall and plug in the assigned ip. The thing is, it worked on a computer with ipFire, i will have to try it again this weekend to see if direct connection on the laptop works.

@stompro sorry for late posting, my internetprovider have had two days with problems due to power-outage in my area. Result of the <sysctl vm.kmem_map_free> command "vm.kmem_map_free: 218554368" so guess thats ok...?

....yup.

What is your appliance? Seems like this bug: https://redmine.pfsense.org/issues/10436 Please check softflowd from the command line

Indeed, it may not be but you should set them correctly in 2.4.5. f they are too big the setup code simply won't create them at boot. It logs that. Steve

@Cascadoo said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode): but as Raffi said it may be that I just had to wait a bit longer after it pfsense got a public IP. if there is no hard ISP limit (time delay, protection intervals) then DHCP should do its thing .... immediately so powering off the modem tells the ISP that it can allocate a new DHCP lease time... that when this is the question and this ISP CMTS setup... BTW: because the MAC learning, which is why the "MAC spoofing" often comes in handy

@johnpoz said in DHCP lease issue, my user needs to reconnect to access internet.: Just like the OPs comment to IPs being changed on the AP.. I was not in front of a PC for a few days, and I couldn't even respond to this... (it really has nothing to do with the icon problem) it is conceivable that this is a Technet article, something of a guess... I totally agree with what you described

You may find the following article of some use: sky-fibre-router-vdsl-password