Sorry missed the replies here. It looks like you're using the webgui cert as the server cert? It has to be a cert created against the server CA. It also looks like the TLS key is different. Both ends must have the sane TLS key. You also still have a bunch of routed tunnel settings like pushing routes and adding gateways. But I'd fix up the cert/key first before looking at that. Steve

I found the issue I changed the OPT1 name and it would not change in the config.xml so it does not bind to the new name, I set it back to OPT1 after seeing that the config.xml did not recognize this as selected for upnp section of the code and it worked. It is like the name change messed up somehow

restarting only OSPFD produced nothing but restarting the pfsense 2.7.2 box output this on pfsense+ 24.03 2024-05-06 10:56:04.896 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor. 2024-05-06 10:56:09.660 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor. 2024-05-06 10:56:11.667 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor. 2024-05-06 10:56:22.682 [WARN] bgpd: [JG0WZ-7X009][EC 33554504] 10.255.255.254 unrecognized capability code: 128 - ignored 2024-05-06 10:56:24.339 [INFO] bgpd: [M59KS-A3ZXZ] bgp_update_receive: rcvd End-of-RIB for IPv4 Unicast from 10.255.255.254 in vrf default

@cometphoton said in Setting a different monitoring IP.: what is the next hop in the trace. I just did a traceroute to Google and picked the first address that worked.

AFAIK there's no way of reading the actual NIC chip temperature there. If the module reports a value that's the only thing you can check.

That can only be done manually currently. If you send me you NDI in chat I can remove it.

Did you try to open it with curl like I showed above?

@Unoptanio said in ARP TABLE Refresh time for Wake On Lan: just add it in the /etc/sysctl.conf file? Nope, pfSense doesn't use that. The system tunables table replaces it so add it there if you need to.

@stephenw10 - Right? Thanks for all the help!!

There are several threads about boxes with N100 CPUs specifically where the default power settings in the BIOS interact unexpectedly with the speedshift driver in FreeBSD/pfSense.

@DominikHoffmann said in The oldest Netgate hardware still running pfSense+ 24.03?: it’s good to know that in 15 years my Netgate... By that time you may need a 128bit processor!

Responded in chat.

You would usually add VIPs (IPAlias) on the WAN for each additional public IP. Then change the outbound NAT rules to manual and add rules for the internal subnets via the appropriate VIP. https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html#single-ip-subnet-on-wan Steve

@stephenw10 Memories! Nokia ip530

@Gertjan Thanks , the trick at the end was "just " the cert , it is not mentionned explicilty in the post with the command but part of the actions to make. For benefice of the Forum Q, command to run is certctl rehash This info is from PFsense Troublehoosting Manual Solved ! Thanks !

Mostly it gives you access to the pfSense Pus pkg repos. It's the entry level subscription that does so.

I rediscovered this today restoring two 3100 configs to 2100s. Short version, clicking Save before clicking Apply does work. Clicking Apply first results in an inaccessible router (aside from console).

@JeremyJ-0 said in how to stop logging blocked LAN IGMP?: Is there some part of the firewall that reads the rules on startup and does not re-read on a filter reload? Not that I am aware of. The reload of rules failing would explain your results however.

@Bob-Dig Sure, thanks. I plan to re-evaluate my values and start from scratch.