@cboenning man f***ing amazing kudus for you. I had Group member attribute: memberUid changing that to memberOf fixed my still existing issues. You da man!!!! Cheers!!!

@johnpoz Worked like a charm. Wasted 8 hours. I was almost there. Thank you, thank you very much!

@jimp hi Jim, the hostid is related to ZFS I think. I have the boot drive configured as ZFS and I note on my freenas box, it does have a hostid but initially shows "no hostid" in the initial stage of the boot. Presumably, it is later retrieved from the freenas config...I don't know.

@xaad I finally found a way to make it working by also changing the Switch VLAN that was originally 4090 (0t,3) to 35 (0t, 3t). [image: 1615363635900-99237664-298b-4985-bdd9-2b19f8f89a90-image.png] I really don't know if this is the right way since I could not find any other post describing this as necessary.

@hacesoft Good day, so I've figured it out. I had here: SystemRoutingGateways incorrectly set rule. It's a rule of the OpenVPN tunnel not working yet ... Good evening.

@immo1689 said in Mutli wan interface, LAN virtual ip traffic managment: how can i make the user on my LAN choose wich vpn there traffic goes from. You want that the users are able to choose the VPN from their computer dynamically?

Thank you both for your suggestions, I've been away so I didn't have time to test. I'll try both approaches (believe the one suggested by @fireodo will do the trick).

@bhjitsense It's just flow control it can be turned off if you want.

@ramses-sevilla Ok, you asked for it. This could be used on another system, with shell access and the wget command : https://forum.netgate.com/topic/123405/get-certificates-from-pfsense-cert-manager-using-linux-commandline/4?_=1615276186290 pfSense doesn't have 'wget', but has curl. You should be able get the (html) page, using sed and awk to filter our the certificates, and text like "Valid Until:" etc. pfSense is a GUI firewall. There is no straightforward command command do what you want. If the certs where stored some where in the file system, you could use the openssl command and option to get the all the date info from a cert.

I updated to the Development 2.6 version which seemed to have resolved the issue and I was able to delete the certificate in the GUI.

@gertjan Yep restarts solved the issue.

@gwaitsi as I had to do this again, and completely forgot how I did this last time, here are the instructions for 2021. Save the device cert & key generated in pfsense locally rename the device.crt to root.pem convert the private key to rsa private key openssl rsa -in device.key -out device_rsa.key create a file called ssl_key.pem a) copy the contents of device.crt into this file from -----BEGIN CERTIFICATE----- MIIE2jCCA8KgAwIBAgIBHjAN....... i1M5xmyTK0cyhwQ== -----END CERTIFICATE----- b) copy the contents of device_rsa.key into this file below the certificate from -----BEGIN RSA PRIVATE KEY----- MIIE..... ZBjv7j74PS4P7I= -----END RSA PRIVATE KEY----- From the netgear switch "Maintenance", "Update", "HTTP Firmware/File Update" select "X.509 Public Certificate PEM" and load the root.pem "X.509 Certificate Private Key PEM" and load the ssl_key.pem From the netgear switch "Security", "Access", "HTTPS", "Admin Mode" - Enable.