All, Succeeding some further investigation the issue at hand seems to be due and related to the Gateway Monitoring Deamon requiring some modest adjustment in configuration parameters. I cannot say with categorical certainty it was due to the upgrade from 2.5.2 to 2.6, but surely did become evident in succession the upgrade. That said, some additional configuration changes were made to the router configuration thereafter as well, so perhaps something changed unintentionally. One thing to note: If you have your WAN and LAN ports both running over one Ethernet port using VLANs (as I do), then it is important to assure that a drop of the WAN IP address does not cause the port to get shutdown as this could make it very difficult to access. That said, nothing prevents access to the router from the console. Thus, the issue can now be declared resolved. Stuart

As a home user not really. You can always reinstall 2.6 if you really want to. Steve

@stephenw10 said in Is there a command to view current cpu clock speed?: How did it show those things enabled? The second output is after enabling it? In the BIOS? powerd relies on some driver to actually control the cpu speed, est(4) for Intel CPUs. And that relies on either hard coded values or, far more commonly, values passed to it by ACPI. It's not unusual for those to be wrong or missing unfortunately. Steve No both outputs are taken right after one another it shows the proc jumping all around to different clock speeds as the processor sees fit. My guess is the usage of hwpstate_intel is what allows the different visibility into the two different operating systems. https://www.freebsd.org/cgi/man.cgi?query=hwpstate_intel&apropos=0&sektion=4&manpath=FreeBSD+13-current&arch=default&format=html

Because 12 divides by 1,2,3,4 and 6 but not 5.

@jimp that's what I meant :) Thank you !

@jimfreeze An IDS package like Snort or Suricata has rules that can look for things like SSH attempts or other web requests. There isn't a great way to block specific URLs but maybe you can write your own rules if you're really familiar with doing so. I would read up on implementing it in the forum here before jumping in, and not block by default for a while until you can observe what alerts are being triggered.

Hi! I cant describe how it happends.. its. long time ago... . Thanks.. this fixed it also for me! ""Remove empty rule <rule></rule> from <outbound>" in the config file."

@sergei_shablovsky hint.sc.0.flags should be "0x0080" for VESA, not "0x180", per the man page here: https://www.freebsd.org/cgi/man.cgi?query=sc&sektion=4 So for mode 279 (1024x768x16), in /boot/device.hints it should be hint.sc.0.at="isa" hint.sc.0.flags="0x0080" hint.sc.0.vesa_mode="0x117" and in /boot/loader.conf make sure you have kern.vty=sc

Unable to connect to some random sites like that is usually either an MTU issue or a bad subnet mask somewhere. Since you're unable to ping or even reach the first hop in a traceroute it's unlikely to be MTU so check the routing table for some bad route. Steve

Yes, it's only 5.2 that is no longer supported upstream and was removed. The expected behaviour is that the package would simply be removed at upgrade. But that is not the case currently. So if you have zabbix_agent52 installed it should be removed before upgrading until we get a fix in. Steve

Mmm, those are not specifically defined. That is the correct file though, you can see where the process is started here: /usr/local/etc/rc.d/vnstatd.sh

CE cannot, Plus can.

The console may seem unresponsive when you connect to it after this has happened but try entering ctl+t. That can often produce a response when nothing else will and shows what process the system is waiting on. Also if you can log the serial output during the issue there may be an error show there that cannot be written to the system log. Steve

If the firewall is actually configured with that FQDN it won't throw that warning.

If your switch is pulling a DHCP lease you can see is current but you can't connect to it it might be time to reset it. Make sure you're using a client in the same subnet. It may well block connections from outside it's own subnet by default. Steve

Thanks for all your help, I wrote my own solution now: https://github.com/Hornochs/pfsense_trafficstats_into_influxdb I parse in a python script the data of vnstat and push it into a database. I still have to figure out, why vnstats thinks on my pppoe interfac I have a transfer of 4 GB when I'm reconnecting.

@stephenw10 Echo the above comments entirely. Super important you run a CPU that supports Intel aes ni instructions too - it's got a lot work to do with the encryption remember. Without I'd expect about what you're getting. I'm getting well over 400mbs from nordvpn with my i3-5010U setup on a 500mbs line which is fine for me. You're going to need some pretty serious hardware (well above 300 bucks) if you're looking to get anywhere near your line speed with any VPN provider. Prepare to get your wallet out again. All that said - your super fast line is probably costing fairly serious cash so I wouldn't consider say a cost equivalent to a year or two's subscription disproportionate for the router.

If you remove one of the configured interfaces and reboot it will ask you to re-assign the interfaces at the console. That's how pfSense has always worked. Simply removing the Ethernet cable so it has no link obviously does not do that though. If you add new interfaces that use the same driver as existing NICs the interface order may be renumbered but they would still exist so you wouldn't be asked to reassign. Exactly what interfaces are you using here? You have mentioned both wifi and USB interfaces but no specifics. Steve

@stephenw10 Thanks. I will, and I think I've read that host time sync is only for maintaining the VMs time when the VM is off, but conversely it doesn't seem the host should loop with the VMs NTP either. I'll give it a try and delete all the present RRD data since it's corrupt anyway. Thanks again.