For it to happen repeatedly like that and damage the config file everytime you would have to be removing the power during the config write. So maybe pulling the power immediately after clicking save on something each time? Is that possible? Either way you should always halt the system properly before unplugging it if you can. Steve

What throughput vs CPU usage do you get currently? I've personally never seen pfSense running on anything that could pass 25Gbps. Steve

@reberhar said in dpinger stops (crashes?) after update to 2.6.0: @bmeeks My multihead site responded to changing to the Live Rule Swap option as well. The one that I thought was fixed by a reinstall of Suricata failed again so I have turned on Live Rule Swap there as well. Suricata reloads the rules even if you have blocking turned off and the same problem occurs. In order to monitor traffic, Suricata generally must put the interface in promiscuous mode. That happens whether blocking is enabled or not. And even when run in IDS mode (no blocking), Suricata still must update its rules.

@tomrrr said in Web Admin Two Factor Authentication: then I would be unable to monitor performance/throughput/etc remotely Have the data collected by some server, protect the link with firewall rules - and now observe from ..... Dono, pick your place. Go here or here if you need something. Btw : I'm just a pfSense user, like you.

Can't see the timestamps on those so it's hard to say how constantly that is.

Yeah, you don't need to add any routing, pfSense will route between all connected subnets by default. With pf disabled you should be able to reach between the subnets. There will be no NAT, so no WAN connectivity, but you don't need that between internal subnets. It sounds like you have some connections in places you shouldn't. Steve

Yeah, it sure looks like something objecting to whatever the Pi is doing. If it is Comcast it seems like they should know they're doing it. But....

@raulchiarella said in Could not fetch URL when creating ALIAS: https://raw.githubusercontent.com/victorfmaraujo/pfsense-aliases/master/WHATSAPP/whatsapp.as So created an alias using that, seems to pull fine. Then put into a rule to test the table being loaded. Tables are not really populated until the alias is actually put into a rule. But then you can see the table populated [image: 1646063641701-working.jpg] edit: btw that list could you some clean up for sure... lots of duplicated networks. example - these are all listed 185.60.216.0/22 185.60.216.0/24 185.60.217.0/24 185.60.218.0/24 185.60.219.0/24 But that first /22 covers all of those /24s - there are multiple examples of that in that list..

@jimp makes sense and works. Thank you.

@pille99 yes

@stephenw10 I figured it out. Report filed. It looks like someone else had a similar issue, made sure to quote it in my report.

@tacioandrade Haven't tried it but you might be able to do something with FauxAPI

Mmm, that looks like something still referencing the uninstalled package for some reason. I would try installing it again and uninstalling it first. There will be entries in the config file even if it has been uninstalled correctly as the HAProxy config is retained in case it is ever reinstalled. It's possible to remove config from the file manually but I wouldn't advise it. If re-uninstalling the package doesn't the next thing I would do is install 2.6 clean and restore the existing config. Steve

@stephenw10 1 DAC cable and 1 SFP+ Not the end of my world, just a nice to have...

@kom So when I factory reset the router with pfsense on it, for some reason it reset the port assignment so that the port labeled WAN on the device was not the actual WAN port anymore. The LAN/WAN ports went from being assigned to ports igb1/2 to igb0/1. On top of that, the way the ports were numbered and labeled is not very intuitive (at least not to me) It basically goes like this: First port: labeled LAN, (igb1) Second port: labeled WAN (but not WAN) is (igb2) Third port: (ibg3) Fourth port: actual WAN port on factory reset (igb0) So the "0" port is the 4th port and is, of course, not labeled WAN but became the WAN port upon factory reset. I did not think igb0 referred to the 4th port or that the factory reset reassigned the ports. Once I finally figured that out, it was simple. Like I said, I am pretty much a noob, but there you have it. I was finally able to get pfsense up and running with the VPN, added wireless, etc after that. It's no wonder everyone was so stumped.

It's almost certainly pfBlockerng blocking access to googletagmanager which is commonly in ad blocking lists. It appears strangely because you have imported the untrusted CA that pfBlocker uses by default. You are seeing it because something on those host PCs is periodically reaching out to some site that includes it. Steve

@avsion Try this: [image: 1645960846207-capture.png]

Hmm, slightly odd presentation. Doesn't seem to be a regression though: https://redmine.pfsense.org/issues/11394 Steve

That should be all that's required assuming the wifi router is NATing to it's WAN IP. If the proxy is in transparent mode make sure there are no stale states in pfSense after making the change. What you should really do though is use a VLAN from the router/AP to pfSense as a different interface that you can exclude from Squid. It may not be possible with your device. Steve

@jimp said in SSH not working as it did before 22.01 upgrade: You'll need to make whatever customizations you made again. John, Jim, Thanks as always for your help, even if was just a nudge in the right direction. All back and working again. Funny those changes survived all the recent upgrades and the conversion to "+"... but this last one hosed it up. Now to get my backup SG-4860 built with the fixed ZFS install.