@courtalj For future viewers: I made a duplicate post on Superuser and am maintaining my configuration there: https://superuser.com/questions/1672350/pfsense-cincinnati-bell-fioptics-iptv

I've never tested that, or any of the many clones of it, myself but assuming the hardware itself is good I would expect it to be fine. Or course I'd rather you bought a Netgate device. I would expect that to pass 1G for firewall & NAT at least. It looks like your requirements are for more than 4 subnets/interfaces so you would need to use VLANs and that requires a managed switch. Steve

@ninthwave Beginning with 2.5.0 pfSense also allows you to renew the certificate in the web GUI in System > Certificate Manager > Certificates.

@stephenw10 Exactly, what I failed to mention in my post (because I'm an idiot) was that this was an internal pfsense vm. Once I added the second interface, it expected me to access it from the LAN interface, which I was not doing. Thanks!

@smokey-de-bone Hey Smokey, these are great questions. We will be using the emails that are put into the survey fields directly for contact and drawings It does not matter which email you submit. They don't necessarily have to match, although we prefer if they do. In terms of it potentially sabotaging your drawing chances, it won't. As long as you are not submitting the survey multiple times with different emails we don't have a preference of which email you use as long as it is valid and can receive emails. I totally understand your concerns. We plan to use the information provided within the survey directly to contact and announce winners. That being said, we will be in contact with you, or anyone else who wins, after we draw names. That will take place long before the January Newsletter so you, or anyone else, can let us know what level of publicity you are comfortable with. We tend to go the route of first name last initial (e.g. Smokey B.). I hope this has clarified things for you. Happy New Year, Andrew

@sven72 just edit to be your network if its not already... Doesn't really matter if you don't have a unifi router to manage what is in there. All you need is the vlan only networks so you can assign them to your ssids

Yeah, the Switches menu is there to configure the physical switch IC built in to some Netagte devices. It's not a software feature that can be applied to any random 3rd party hardware. Steve

@amostil just so you know you will need console access to do the clean.. So make sure you have that setup before you attempt. And for sure take a backup of your config. It really is only a few minutes to do.. https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/connect-to-console.html

Yeah you can't test that with ping like that because the route-to rules will force anything sourced from the WAN via the WAN gateway. But even if it didn't that only tests routing inside pfSense, which should work by default. An alternative to adding routes on the clients is to add routes to the upstream router so traffic from clients is sent back to pfSense but that is a classic asymmetric route with all that implies: https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html A VPN will allow it even if you don't really need the encryption there. Steve

@pinballwiz Appreciate the feedback. My take away from the post thus far seems to be the following: Allow the admin net outbound WAN access but use a dedicated OS/browser for admin work. That was pretty much were I am, so it is good to get some validation: In my current setup I'm allowing outbound WAN access to the admin LAN (during working hours) and using a Linux laptop dedicated only for admin work (non-root account of course). I keep it updated/patched and it also runs the Unifi controller software for management and firmware updates of Unifi equipment.

@misinthe said in PfSense blocking Unifi Updates: I didn't assign the PfSense DNS address to the WAN on the UDMP doh ;) hehehe glad you got it sorted.

@auto_carr this is an old topic, but I ran into this type of problem that coincidently looks like this kind of loss in bandwidth using intel nics. I created a thread here, if you ever got around figuring this out please share. thanks! topic bandwidth loss

@stephenw10 OK, I also realized it is much easier to edit the XML. Thanks the config file is an XML.

Fixed it. When mucking around with the static and DHCP. When deleting the gateway it removed the default gateway config and selected automatic. TLDR; Lessons learned when placing a edge switch to offload the VLAN tagging from PPPoE and VLAN tagging on the WAN interface: Configure the WAN interface to PPPoE only. Remove the VLAN Reboot. PFSense seems to pull the PPPoE settings in at reboots. Leaving this in hopes it can help someone else and save time.

Worked :-) Two small typos (?) but excellent tip - thank you very much! <?php require_once("pkg-utils.inc"); require_once("notices.inc"); require_once("util.inc"); # Added ';' to the end of line $msg = "Great tip from Gertjan!"; if (!empty($msg)) { notify_via_pushover($msg); } # When executed, removed space -> '-q': # php -q /root/pushover_test.php ?>

Not sure what I did, but I accidently locked myself out, so I redid a new build and everything is working fine now. Thanks for your help !!

@paulqsource Try this : On the dashboard, the 'radiusd' process should be 'green' : [image: 1640854586223-ae61402f-a40d-44aa-b384-ce82a38a7df4-image.png] Stop it : [image: 1640854627543-a0eebd41-9efe-419d-8a25-80aa0d6d6100-image.png] Open a console connection, menu option 8. Type radiusd -X Now the FreeRadius process starts, and logs over the console. If you use a ssh client like Putty, warning messages will be yellow, errors will be red. Your mission : find the red lines, and make them go away. When I start radiusd, I only see these : [image: 1640854977670-2dea9d74-9c6e-4e22-bcf4-2eca10e4cb6d-image.png] Then, it idles, waiting for 'things to do'.

Obviously there is a bridge somewhere. Most probably the wifi ap is by mistake connected to the wired lan segment.

@stephenw10 agreed, but I would argue its never "better" to bridge ;) hehehe Not saying it doesn't have use cases.. But it should be the last freaking choice, and only as a stop gap measure until you can get the equipment needed not to do it ;) If I was out of switch ports, and I could not disconnect something - and I had an extra port on pfsense. I would still prob just bring that up on its own network.. If I HAD to have it on the same L2 as xyz.. ok then setup a bridge. But this would only until I could either disconnect something and free up the switch port. Or my order for another switch or bigger switch came in ;) Even in that scenario - I would most likely look for something I could move off the switch to an interface on pfsense that could be another network. So I could put this thing I needed on network xyz on the switch ;)

Also see: https://redmine.pfsense.org/issues/12440