OK - have removed all the other interfaces from system/routing/gateways, and have left the 1 remaining interface (WAN) as the selected default. No problems connecting to any of the VPN server instances. And DNS resolution remains functional. I will continue to monitor, but it really does appear that this problem has now been solved. Thanks again to @johnpoz and @stephenw10 .

@stephenw10 Thank you for your concern in my case. When the configuration from the second provider is directly done to the PBX Box while the first is through pfsense, I can use both Providers at the same time. My situation is, I do not want to hook providers into into the PBX hoping in the future I may have other Voice Connection from other providers as well. Connecting the PBX through the switch I think in my case is the optimal one just as I described in the diagram. -Lusekelo

Yes, for most that is not required but if the keep alive packet spacing is too high you may need to set conservative mode. Or use custom timeouts as you did. Steve

Setup Limiters to whatever bandwidth you need. Put default internet traffic in to those Limiters with firewall rules on LAN. Pass local traffic with rules above those that are unlimited. https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/limiters.html Steve

Keep in mind that 1.1.1.1's primary goal is harvesting your DNS requests. Not replying on your ICMP requests, so if they (1.1.1.1) decide to stop doing that, for example for bandwidth reasons, your WAN could get marked as offline.

I'm not sure what's going on with this thing, creating or changing rules doesn't take effect unless it's rebooted. That's new behavior, it's always been immediate before this. I'm going to rebuild it tomorrow. Thanks everyone for the help.

But it is only the reply traffic that goes back out though pfSense yes? As I said you will need an OUT rule on WAN since that will also be out of state TCP traffic. Let's see a screenshot of the blocked traffic you're seeing, Steve

Ok so: Run through the OpenVPN remote access setup wizard Create a test user in System > User Manager and make sure you add a client certificate to that user created against the same CA the wizard created. Install the Client Export Package. You should now see the various client types available for your test user in VPN > OpenVPN > Client Export. Pretty much what it says here: https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.html Steve

I had that situation months ago. I called the ISP and asked for a public IP and I got it immediately with no discussion. But that may depend on your internet contract. Maybe IPv6 is an option for you.

Yes, there was a bug in 2.3.X that prevented IGMP proxy running on VLAN interfaces. You can read about it in that bug link I posted above. That's just another reason you should upgrade, that is fixed in current. Steve

Exactly!!! BS error that doesn't say what the problem is!

Thanks for the explanation, it's not my exact scenario but will help others.

Thank you everyone for assisting I wrote another script on powershell which works for me, will post when it is fully functional with other additional features.

@1OF1000Quadrillion said in NTP / System Time Oddities: PS - When I was in the BIOS I did not see an option to select or change time zone data - I saw date/time and that's it. That's because the computer clock only knows whatever time you set it to. It has no other means of being set, so no need for time zones. In this respect, it's no different than any alarm or stove clock. On the other hand, NTP servers, which can be anywhere in the world, provide UTC, which a computer then offsets to local time. This is where the time zone comes in.

Yeah, as you found you can just add more keys below the first one.

@Pedro-ramirez said in Account: some other option that you know, thanks. https://docs.netgate.com/pfsense/en/latest/usermanager/locked-out-of-the-webgui.html Forgotten Password with Locked Console If the console is password protected and the password is unknown, all is not lost. It will take a couple reboots to accomplish, but it can be fixed with physical access to the console:

@lordofpc734 said in NTOPNG Reports TCP Out Of Order packets for 3 clients (2 wireless, one wired): im in a SNR war with my ISP. (means im getting really high noises and crap service) That is a likely cause. A noisy line means lost packets and that in turn kills performance, as TCP will have to wait for retransmission of lost packets.

The problem is fixed after removing ntopng. No more spikes. Thank you

It's open source you can change anything you want. There's no way to change that via the normal pfSense config though, you would need to edit the file that generates it. Steve

It should show when it does renew at other times and you will see what the lease time your ISP gives you. pfSense will usually try to renew it at 50% of that time. If that's not happening it would be a problem.