My post yesterday was intended as tongue-in-cheek. Microsoft ran into this same discussion with Windows 10, after switching from three feature updates a year to two, then changing the labeling from "1909" to "20H2" because people kept expecting releases in March and September, per the numbers. It seems the misunderstanding here was that the ".01" release would definitely be out in January, not "when it's ready." Changing versioning to "21Q1" may not work with internal version numbering. I don't know if "21.1" for the first release of the year then "21.2" and "21.3" would still fit the stated goal of dating the release but might be a compromise. If one is even needed...setting the "when it's ready" expectation a bit better would be another method. I do understand the point of view where people may have been waiting for the new version to ship routers, and sympathize.

@jknott said in Complete newbie - set up guidance please: @tymh said in Complete newbie - set up guidance please: Obviously I need to put pfsense in between the modem and the router, Why would you need both pfsense and another router? Now I know more about this, it would be using the Orbi as an AP rather than a router.

Works fine just turning off the service if you don't reboot on a regular basis. I went from really high to 8/9% memory use since yesterday.

@patch said in Trying to use a new 5G modem with pfSense: you will need to not block local networks on your pfsense Wan The setting that pfSense has for this, Block private networks and loopback addresses, only blocks incoming connections sourced from private IPs. All incoming connections on WAN are blocked by default anyway. Having that enabled does not prevent outgoing connections in a double NAT setup like this. The only time you would need to disable that is if you were trying to connect from a client in the WAN side subnet. So for example if you had a WIFI client connected to the Telstra router and were trying to access the pfSense webgui using it's WAN IP. Steve

@steveits _ Thanks! Let's hope so...it drives me nuts!!

So... working as expected for you now?

What error is given? Is this pfSense related? Steve

So only output drops on the switch interface? Any drops or errors on the NIC in pfSense? Flow control mismatch maybe? I wouldn't really expect to see any issues with a 1G test over 10G infrastructure. Steve

Yes, PPPoE has special handling even though it's also a dynamic gateway. That will also appear in the config if you edit and save it though. Steve

@anengelsen said in shutdown -c: shutdown -c Is an incomplete command. Look here : @serbus said in shutdown -c: shutdown The time option is not optional. time Time is the time at which shutdown will bring the system down and may be the case-insensitive word now (indicating an immediate shutdown) This might work : shutdown -c now I didn't try it ;)

It probably isn't worth the time and effort, at least until DCO arrives. There would likely be some development required. I've never seen anyone do that, as far as I'm aware there is no way to have OpenSSL use the existing QAT driver. It's currently IPSec only. Steve

https://www.ntp.org/ntpfaq/NTP-s-trbl-general.htm#AEN5162 NTP will reject a peer that is #roughtly 20 or more minutes off. http://www.ntp.org/ntpfaq/NTP-s-algo.htm And it will consider a 128ms diff enough to be "unsync'ed" @einsdisp said in pfSense NTP server is very unstable.: How to force pfSense to believe remote time of a single server, in case the offset is very large? ntpdate will "step the time" ,but requires the ntp daemon to have released it's binding to the UDP 123 port ... AKA "usually" not running. /Bingo

@areckethennu By "upgrade things to 10GB Ethernet", you mean 10GB internet connection, or running an 10GB intranet? If the latter, then you just need a 10GB switch connected to your pfSense and 10GB NICs in the PC/Servers you want to be connected to it. The switch is a convenience, as you can always direct-connect computers through static IPs as long as they have a proper NIC. Or, as @AndyRH just said: only routed traffic passes through pfSense.

@stephenw10 said in 22.01 - Released or not released?: Mmm, it looks like the Next repo package might be showing that incorrectly. We are looking at it. Ohh no - please don’t let this be yet another delay in the 22.01 release…. :-( I have a bunch of boxes waiting on my desk I would love to start of in a ZFS based install before they are deployed. If 22.01 is delayed yet again, I guess I’ll have to go UFS on them and suffer the risk of consequenses whenever the power goes.

@stephenw10 said in pfSense running slow?: It really depends what change you're making. Some things might seem simple but actually trigger a number of other processes. Fair enough, that is true. One example I find peculiar is just changing the descriptive text of a firewall rule. This is sometimes quick, and at times can take up to 5s to save. I have noticed it is producing really much logs for blocked stuff, in particular for IPv6 which I don't use, perhaps that is what uses the CPU the times I find it a bit slow?

@vconroy said in Monitoring peak traffic on an interface over time: I am currently using Status > Traffic Totals to monitor total traffic on a few interfaces over time, but it doesn't give me everything I am looking for. Status Totals gives me the total bytes IN/OUT in a given hourly period which gives me the average utilization on an interface for that hourly period, but I also want to see is how often the IN/OUT traffic hits the bandwidth limiter I have set on that interface, in other words, how often am I maxing out that interface. I anyone has any ideas, love to hear your suggestions. Yes, that is exactly what I am looking for as well. I'd like to record the short peaks during a 12 month period. Did you check out the available options at https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html ?

@openwifi said in NETFLIX NOT WORKING CAUSE OF DNS: I have these two rules to redirect any DNS request from my LAN network to my firewall Mmm, you have shown firewall rules but they do not redirect anything. Do you have port forwards for the DNS traffic too? Steve

Can we assume you have followed this doc? https://docs.netgate.com/pfsense/en/latest/recipes/radius-windows.html Is there anything logged in pfSense or on the server when you try to authenticate? That error sounds like there is simply some config missing, is that returned on the Diag > Auth page? Steve

@stephenw10 Back when we got bit by this bug a few times it didn't ever seem to load a good config. However, if you look at the configs there are generally several that are over 100KB+ (can't remember exactly) but the last few are just a few KB in size. Perhaps it does load the last config but it is also corrupted but it can't really do anything about it since there is no disk space to swap through. That's just been my assumption. As for the second unit, everything was fine after a reboot. Disk space is fine, no errors in the logs. Just couldn't access the box via gui or ssh or console. Strange. It was 2.4.5-p1 so I've upgraded it to 2.5.2 and we'll see how it goes.

@gertjan said in Uncaught Error: Call to undefined function idn_to_utf8(): RELENG_2_5_0 2.5.2 was built on that branch.