Mmm, really you should be using some other type of authentication for that sort of connection. Steve

@pwood999 that’s the point I was making. Terrorism, organized crime, espionage…but not basement dwelling hentai watchers. The level of paranoia some people have is nuts. It you want to truly be safe, don’t use anything electronic. Ever.

Hmm, the only thing this looks like is an issue we had before 2.5.2 was released where pfctl was bogging and exhausting the RAM triggering a panic in ZFS. But to trigger that we had to deliberately use very low memory systems and this has 32GB so.... that seems unlikely! However check the memory usage history in Status > Monitoring.

@stephenw10 @andyrh Yes, you are right. I need to set things up so that I can get in when/if something like this happens again. Thanks for you help.

@jarhead thanks - deleted it, but you can just click the little 3 dots in the bottom right corner and flag the post next time.

@stephenw10 thank you Steve, that was the problem! Simply decode under Linux: cat certb64 | base64 -d > cert cat keyb64 | base64 -d > key

What CPU is that? You are testing directly to iperf running on pfSense? That will always be worse than testing through it. You can see in that video he's testing through the firewall and a completely different NIC type. Steve

2.4.5? Any reason you're not running 2.52 or 2.6? What crash are you actually seeing? supervisor read instruction, page not present could be any number of things. Steve

Yeah, that's.... interesting. Good to find though! Also I'd argue it's Chelsio that hates Wireguard. Though I'm not sure if that's more unexpected. Steve

@stephenw10 Yep i figured out how the scheduling works. GUI isnt clear (at least to me) how to do a daily schedule or a monthly scedule. Months are presented so it feels like its implied that if you want to have a rule active only on the weekends, you need to select every weekend on every month but you actually dont. Documentation is not clear on this front either but nevertheless reviewing the xml stanza made everything make sense. Thanks Steve !

@morgion thank you. Still some issues pending

@stephenw10 said in [solved] Will pfSense support VRF?: Which is fun. Thanks god I already run virtual... one has to know his limits.

Hmm, I expect to be able to do that (at least until encrypted SNI is more widespread) using pass-through SSL. Though it's not something I've ever tried myself in pfSense, HAProxy appears to be able to do it. Old example. Steve

Currently you can only do that using Snort with OpenAppID. In in-line mode that can work OK since it blocks connections rather than hosts. https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html#application-id-detection-with-openapp-id Steve

System >Certificate Manager >CAs There you should be able to delete your Cert

Thanks all for replies; I'm planning to do a test setting up another PFSense 2.5.2 in same VMWare environment. With same packages and same configurations (importing them). Then I uninistall packages like Snort and NtopNG, and I'll do upgrade to 2.6 version to verify the behavior. As my actual PFSense manages 6 public IPs (set as Virtual IPs on WAN interface) it's not so quick "move" them from a PFSense to another one.

@jarhead That worked perfect! Thank you very much!

@stephenw10 I guess there is VLAN configured because I didn't need to set it on the pfsense

@stephenw10 said in SG 6100 Lan Ports Intermittent connection: So you have not seen that issue again in 22.05? Yes. If it does happen again check the logs. If you can still access the pfSense webgui it's not an issue with the LAN ports specifically but probably either DNS or something with multiwan. Ok noted. Thanks much steve for this insight of yours.

Not in pfSense. You would need to do that at the switch with 802.1x. Steve