@stephenw10 That's good to know. I'll be installing on a new computer shortly and have the config.xml file saved. I'll get it installed & running, before copying over the config. I didn't copy the DUID, as it's all new hardware, with different MAC addresses, so I expect I'll be getting a new prefix.

echo | openssl s_client -servername domain.tld -connect domain.tld:443 | openssl x509 -noout -enddate | grep 'notAfter' > date.txt The file date.txt should contain a date and time in the future : notAfter=Apr 3 01:17:16 2021 GMT

@stephenw10 yes but I missed the link to Denon's website. I'll have another look on there and see what it says.

@stephenw10 thats weird indeed. connecting to the same proton free server straight from my computer will show all hops. i guess theres not much i can do thanks!

Nothing immediately familiar: db:0:kdb.enter.default> bt Tracing pid 12 tid 100094 td 0xfffff800057c7740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe00005fc6f0 vpanic() at vpanic+0x197/frame 0xfffffe00005fc740 panic() at panic+0x43/frame 0xfffffe00005fc7a0 trap_fatal() at trap_fatal+0x391/frame 0xfffffe00005fc800 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00005fc850 trap() at trap+0x286/frame 0xfffffe00005fc960 calltrap() at calltrap+0x8/frame 0xfffffe00005fc960 --- trap 0xc, rip = 0xffffffff810a6486, rsp = 0xfffffe00005fca30, rbp = 0xfffffe00005fca50 --- pfsync_state_export() at pfsync_state_export+0x26/frame 0xfffffe00005fca50 pfsync_sendout() at pfsync_sendout+0x280/frame 0xfffffe00005fcb00 pfsyncintr() at pfsyncintr+0xd1/frame 0xfffffe00005fcb50 ithread_loop() at ithread_loop+0x23c/frame 0xfffffe00005fcbb0 fork_exit() at fork_exit+0x7e/frame 0xfffffe00005fcbf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00005fcbf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- Looks exactly like this though: https://forum.netgate.com/topic/146256/regular-crash-dumps And this: https://forum.netgate.com/topic/136195/bugs-report Not much help there either.

I do this on my work network: pfsense SG-8860, a combination of Netgear and Cisco managed switches, and finally 6 UniFi AP's and 1 onsite UniFi controller. The network is setup with 2 networks - LAN and GUEST. The AP's are setup to run 1 VLAN, the GUEST VLAN. The LAN network is also on these access points, but not VLAN'ed. Both of these networks run on the same physical port on pfsense. It took some reading and research, but I got it all working just fine. Firewall rules keep both of these networks from talking to each other. If you want to do something similar, and from reading your post it looks like you are pretty close, you're gonna need a smart/managed switch. Some 5 to 8 port switch models run about $40 to $45 USD, check out Amazon. The OPT network that runs over to the tenant's apartment is fine on it's own pfsense port, run it directly into there and give it the proper settings. It doesn't need to go thru any of your switches. The other stuff that's "in your own place" should run thru the smart/managed switch, then into a single pfsense port, with VLAN's. Jeff

But not sending .118 down the vpn, shouldn't send it to your gateway.. Try splitting the whole local network 192.168.80.0/24 Also when you do that - take a look at the route table route print from a cmd line

@kurisuchan Okay never mind I solved it. Apparently when i created the CA I did not fill out all the optional fields. So I created a new CA with all fields filled in, also created a new server certificate and also filled in all the fields and now it works.

@gertjan This is a all in VMWare on my home PC. I do have a DHCP server at my house. This is where the 192.168.1.68 for my WAN interface is coming from. Thanks for the information on SSL/TSL. I picked 80 because it is just a internal VM and it was easy to setup by installing IIS on one of those VMs.

ClamAV only sees proxied traffic so, no, you can't do that. Steve

@draand28 Glad that you got it to work. Thank you for reporting back

Well I think that was it! I disabled 'Log packets blocked by Block Bogon Networks rules' at 14:05 today. I just checked the filter log file and the last RTALERT and PADN entry occurred exactly at 14:06:01. Nothing but valid firewall events after that... Up until that point it was logging about 230 of those offending messages per hour. The funny thing is, I've always had that Bogon logging option enabled and never had a problem until now.. My ISP is Comcast and like the mention in bug report #3494, Comcast appears to send ICMP6 Multicast Listener Report messages out on their system which get flagged as Bogon traffic by pfSense. I guess Comcast must have made some changes recently that increased the flow of this type of traffic... Anyway, glad we got to the bottom of it. Thanks again for all the help! No way I could have figured this out on my own...

@johnpoz hello I have 2 pfsense with bind connected via site to site openvpn :) I need my site 1 to be the master and site 2 to be the secondary I need site 1 to have all the zones on site 1 and site 2 as master zones The point is to add hosts only on site 1 witch is the master and those entry to be synced to site 2 so I don't have to enter them on site 2 also to be able to resolve them there as well. Like the build in resolver on pfsense (if I want to resolve host on site witch is actually host on site 2 I have to put entry into the resolver on site 1) Right. :) and ... the rules witch are confusing me What rules should I set so both sites can sync with this function or in any other way [image: 1611679402213-bind-xmlrpc-sync-resized.jpg]

@viktor_g @stephenw10 yup I got it working with 2.5 beta. If you click on #9155 : Hardware / Drivers Added bnxt driver for Broadcom NetXtreme interfaces #9155 https://redmine.pfsense.org/issues/9155 Added iOS/Android/Generic USB tethering driver #7467 on the 2.5 beta, you will see my name 'rich riv' user providing a solution. I guess I solved my own problem with if_bnxt.ko. Thanks everyone!

Ok, so the Ubuntu VM probably wasn't using DHCP before and didn't have any servers set so it couldn't resolve.

@stephenw10 I have now enabled Kaspersky Security Network and it seemed to have no issue login to pfsense Thanks again

On a Windows laptop you can indeed just use file explorer (smb) to connect to other Windows hosts and view their file shares. You may need to enter the remote IPs directly. If you are passing a dns search domain to clients and pSense as a DNS server they may be able to resolve LAN side hostnames if pfSense is a the DHCP server there. The hosts you are connecting to need to allow smb connections from the OpenVPN tunnel subnet of course. Anything you can do from the Android phone locally on WIFI should also work over OpenVPN. I don't know what you are trying there. I'm not sure I've ever tried to access smb fileshares on a phone. There may well be an app for that. Steve

Yeah, that seems likely.If the message reflect the actual connected hardware at that time it's probably a bad power component in that USB bus. You might find it has several USB buses and they may not share the same power supplies. Or try using a powered USB hub perhaps. Or serail console instead if it has a serial port. Steve

@viragomann Thanks!