@beria-pl said in Issues after upgrade 2.4.4p3 to 2.4.5: @bmeeks Thanks - works like a charm, after setting up 1 vCPU on both. At least it working now for 30 minutes without any issues. Is there any timeframe to expect this fix? Or in longer-term it may be better to wait for 2.5.0p1 ;) and now survive with 2.4.5 or downgrade to 2.4.4p3 ? I am not privy to the release dates as I am not affiliated with Netgate. As with pretty much every software company out there, Netgate is usually tight-lipped about release schedules (at least ones with very specific target dates). I suspect companies do this to minimize flak in the event they miss the release date due to unforeseen issues that may crop up. I personally don't expect a long delay in the 2.4.5-p1 fix for this issue, but whether that is later this week or several months from now, I have no idea. If one virtual CPU appears to be working for you, then I would suggest staying on the 2.4.5-RELEASE and not moving to 2.5.0-DEVEL as that branch understandably may have issues crop up -- especially if you keep up with the snapshot updates. The upstream FreeBSD guys merged the fix into FreeBSD-11.3-STABLE on May 11th, and so far as I can tell from the Github updates, the pfSense team is keeping up. So maybe the fix release won't be too far away.

Restarted the Virgin Superhub 3 last night and it's great again, we monitor again, but it will start to degrade later today or tomorrow as others have mentioned. If I set back to just use their Superhub as an all in one again all is fine, it has to be something to do with the hub in modem mode and the way it talks to pfSense.

Sorry for troubling you guys. I got it solved by adding following line to the moodle config file. (Instead of using a hardcoded IP) $CFG->wwwroot = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/lms';

@Rico Thanks.. I saw LAN when I read the OP the first time. ^^ what Rico said. :)

you welcome bro :-)

@stephenw10 Ah gotcha. I'll stay tuned for the 2.4.5_1 release. Thanks!

@YannTKO I had it on wan! ive changed the rules to lan thanks lol

@JKnott I now have a stratum 2¹ server on my pfSense firewall. One thing I've noticed since switching from pool.ntp.org, is that the clock on my computer appears in closer agreement with a WWVB radio clock I have. When I was using pool.ntp.org, my computer seemed to lag the WWVB clock by a half second or so. Now it appears the same, at least as close as I can tell by eye. pool.ntp.org provides stratum 2, which means pfSense provided stratum 3. TorIX provides stratum 1, so pfSense can be stratum 2.

@johnpoz said in Not all devices are listed in DHCP: If you just pinged it from pfsense, it would be in the arp table!! it worked Thanks

if there are no other alternatives to edit xml file exported, e.g. with 'sed' command directly from the console, I can try only this way best regards, thanks!

@fireix It seems that Ansible or Puppet is open source applications would work for you since it appears you're not shy to use CLI (like me). Ansible uses SSH whereas Puppet (from OpenStack) uses a user agent installed on client's box. Let's hope more senior members will follow-up.

My opinion is that FreeBSD is one of the best choices for NGFWs, due to the distinctive behavior of the OP system itself. However, you can't run it cleanly on FreeBSD, so like pfSense, sticking to the parent basics (FreeBSD), you need to implement a different philosophy = pfSense. NollipfSense / I agree with you that the future belongs to the VM, but we still have a lot to learn in this area. What is currently worrying is that only mirror solutions can create large stability systems. I currently work for a world-wide insurance company, in the current unfortunate situation (COVID), more than 8,000 employees work from home on a VM basis. It works, but 25 extra mirror servers have been set up in 15 countries to eliminate the any possible problems. Virtualization is a wonderful part of the IT world, flexible and I hope there will be more and more serious availability. (I started with Windows NT servers and Win 3.1 has changed a lot since then :-))

@bmeeks Thanks very much for the answer. I did try and download the patches and test, but, not apply and saw that it wasn't going to work from the patch test. Hence the post asking. 2.4.5-p1 - I shall have to wait. Thanks again.

@firerobin said in pfSense VM latency and WAP performance issues: @bmeeks Thanks again for the info. I'll ask around in neighborhood forums to see if anyone else is having issues with their xfinity connection. Hopefully I can find someone as knowledgeable as the folks in this forum, but then they'd probably already be on top of the issue Would this problem be as noticeable if they have a higher bandwidth service plan? If you have issues with the node you are served from, a higher speed tier is not likely to help. An overloaded or malfunctioning node would be expected to affect all speed tiers. The one exception might be if they moved you to another node for a higher tier, but that is extremely unlikely as the node serving you is usually fixed due to the realities of coax cable routing on the poles. To test and make sure a saturated uplink is not your issue, play your game at a time when you are 100% certain nobody else is using your Internet connection but you and your gaming machine. No streaming or anything else going on. If you have problems then, it is likely to be an upstream ISP problem. If you have no issues, then somebody really loading up on downloads can hurt your gaming and ping times as all the ACKs from the busy downloads can eat up the upload bandwidth.

I think I'll just add a couple more interfaces and do it that way. I got to thinking about how I might be able to use the separate lans anyhow. Thanks to all for the input.

Sure you can apply a schedule to a firewall rule so it only applies at certain times: https://docs.netgate.com/pfsense/en/latest/book/firewall/time-based-rules.html I'm not sure how that would help filtering different groups of users though. Steve

Hello together again, creepy. Two days ago my PFSense wasn't able anymore to connect in anyway to my CG VPN Service. Always "decompression failure" or something like that appeared. The final solution was to change from adaptive LZO Compression to OMIT Preference. Then this connection worked again. And what started to work as well? The VOIP Connections. I don't know how this belongs together, but now i can register like always my softphones and make calls. I think we would have searched years to find this out...But well, fortunately finally now it works again. That is the most important! Thanks again anyway for the interesting information you posted here and the support you gave! Have a nice weekend

@stephenw10 I just tried it again and it works. Looks like they finally updated their certs. Thanks for the help!