@jknott said in Network security in garage: Only high class burglars can afford to live in Vancouver. Ha. It probably does mean you have a higher class of bored teenager which is a far more legitimate threat! Steve

Perfect. It's all the same system. I'm planning on backingb up say the DHCP section. Edit the xml and cut the static mapping parts out and paste them under the new DHCP server entry for the vlan. Probably do the same for for the firewall rules too. Mostly any of the labor intensive parts where there's a lot of entries to move.

@akuma1x said in [LAN overlap problem between work VPN and home LAN] Jeff That worked! I had one issue that involved changing some rules under the firewall section. Thanks again!

Problem solved For some reason, the BIOS and pfSense system had been working fine with the SMART settings as they were. However, with an update of pfSense, it appears that it developed a problem trying to access the drives for normal operations as well as the re-install with the BIOS having the SMART options turned off. I turned them on and the errors went away and the system re-laoded with no problems.

Thank you all for your answer. I am upgrading everything ( getting an i5-560m for AES support, ) and getting new antennas for the wifi card (because the internal antenna cables were cut (not intended) by its old owner unfortunately. I will use the Pfsense AP as a backup AP then just in case the main one does not reach (the house is not very big anyway) tomorrow cabling will be done (CAT6E , yes over overkillcables and they were so cheap for some reason and that's the only cables the guy had anyway)

I did not get a success authentication test yet, but I assume this is due to my configuration file or a cert. issue. Cheers, N

This is pretty interesting. Any chance You'll have the time to write a How-to? Also how would this work with more than 2 interfaces per firewall? I am guessing user with SSH rights to the box install python package I am also looking at https://github.com/ndejong/pfsense_fauxapi, however that would require me to write python modules for ansible.

Does the firewall have Internet connectivity and working DNS? Check System > Routing, make sure you have a gateway set as default Check Diagnostics > Routes, make sure the default gateway is shown there Check System > General, make sure that you either have DNS servers set there or you have the DNS resolver setup in non-forwarding mode, with Disable DNS Fowarder unchecked. Try to ping an Internet site from Diagnostics > Ping Try to resolve an Internet site hostname from Diagnostics > DNS Lookup

There is not a separate section of the config for user/groups. You'd have to download complete backups from each site and copy/paste the relevant portions, then restore.

I would try to catch whatever is doing it by running top -aSH at the command line. That is a high number of processes though even when it's running normally. If you have something that is hanging traffic every 30s though I would expect it to use a lot of CPU time and be clearly visible there. Steve

Yes. You can always restore a configuration from an older version to a newer version. There is upgrade code that will adjust the configuration to the newer formats. You can't go backward, however.

Hi, 3 things to test, so you can isolate the problem. 1=> No more VM : go physical (did you read the other "HyperV" thread today / yesterday where the VM was freezing ?) 2=> Bridging physical NIC's : take a no-brain switch 3=> ntopng installed .... you are aware that that one only can bring pfSense to it's knees ....

All certs are stored in the XML... if you want to verify a cert, then you will also need to download the ca cert.. I used the files in the freerad dir because it couple other hot threads going on about it and certs an crls. For openvpn.. the .ca is the ca.pem an serverX.cert is the server .pem So for example [2.4.4-RELEASE][root@sg4860.local.lan]/var/etc/openvpn: openssl verify -CAfile server1.ca server1.cert server1.cert: OK No offense but you might want to understand the tools your using a bit more before you say stuff doesn't work ;) pem file can have any ext on it does not have to be .pem ;)

What I expect to see is all the FQDNs you have being resolved in the DNS log when you reload the filter. If you see nothing there that's a problem. If you see some and then an error that's a problem. Of you see them all resolved there and they still don't make it into the tables that's a different problem. Steve

I see the attachment links are dead. I came here to get a copy of my old script having lost it myself and noticed the attachment links don't work. I started using this. https://www.foxypossibilities.com/2018/05/23/reestablish-pfsense-openvpn-clients-with-cron/ I like how it uses native capabilities to restart openvpn client, I might add a for loop to this so it doesn't restart the vpn on a single failure later when I have time.

Hi everyone, The solution : replace "Dynamic" by "Hyper-V Port" protocol in the "Load balancing mode" of the Teaming properties. [image: 1540906270032-6caf606e-bfb8-4f2d-be98-d2982e788806-image.png] Everything work and no more packet loss !

That worked! Thanks! I just needed to be sure I had some way to reset admin password in case of an emergency. I have another 'sudo' admin which /etc/rc.initial worked perfectly. I also considered opening up SSH, but that might just be one more opening that someone could exploit. Anyway, thank's again.

stephenw10...Thank you for the response. Interestingly, I restarted a couple of times and now it's Online. I don't know why but it seems to be working now.