The cert error you see when updating against 23.05 is not related to this ancient thread. It's probably because the pkg repo is using data for the wrong branch. The first thing to try here is to go to Sys > Update > Update Settings and resave 23.05 as the elected branch. That will copy in the correct certs and keys for 23.05. Steve

Do you see pfSense logging anything when you hit a latency spike? Like filter reloads perhaps?

You need to run some tests to see what's failing. Try to place an incoming call, look for the SIP traffic from the PBX on the correct WAN. If it's not there look on the incorrect WAN to see if it's sending it there. If it doesn't arrive at all the phone is probably sending a bad IP for the PBX to connect to. Check the SIP registration packets to see that. It would be surprising that audio works both ways if it is sending the wrong external IP though. Steve

@NollipfSense said in log reading to find out why my fw crashed: @jc1976 said in log reading to find out why my fw crashed: hmmmmm i wonder if that's it.. could the squid cache overflow from all the downloads be causing the problem? Sadly, it sounds more like a hardware issue...how is the hard-drive? If you're using Squid for the antivirus, I doubt it. I'm sorry for getting back so late.. it couldn't have been a hardware issue as all has been fine since.. absolutely zero problems. it had something to do with setting up that linux box and running updates. no idea why.. and it was long enough ago that i don't remember it all, but after reading through my original post to the end where i wondered if it had something to do with the caching of updates and maybe the cache became full and it caused a kernel panic? no idea.. pfsense on that little dell has been so reliable that it almost works against me in that since there aren't any problems, there's no impetus for me to learn how to decipher the logs.. anywho, i ended up going a different route with building my media server, using win10 ltsc IoT because the various applications i was going to be running, that was just a better route to go over debian. (sonarr/radarr/lidarr/nzbget, handbrake & makemkv, and plex server are all first and foremost made to run on windows).. just wish i knew how to read the logs..

@pfsjap BTW for Snort you should read https://forum.netgate.com/topic/180501/snort-v3/6 and consider Suricata. "At some point in the future I expect the upstream Snort team will cease development work on Snort 2.9.x (the version currently in pfSense). At that point, unless someone has stepped up and created a Snort3 package, Snort will die on pfSense."

Yes, after looking into those tokens I see there is in fact a 'duration' value for tokens and it's 365 days. So if a redmine is required here it's for documentation. If it's not shown anywhere it should be. Not something I've seen before, thanks for pointing it out. Steve

We have considered changing it many times but at this point it would likely cause more confusion than it would solve. POLA applies.

Mmmm standby hardware is a comforting thing to have in such moments IMO. Yes it will always be slightly behind whatever the failed unit was but as long as it's kept vaguely current you can always update it and restore the current config to it. I have done that myself in exactly this situation. But, yes, the NDI will be different so both boxes would need to be registered ideally.

@darren200701 No issues on latest Ventura developer beta. If you are still having issues, Stuffit Expander is available from the Mac App Store

Yeah, if you have a CPU that supports SpeedShift it probably will be running faster/hotter with the default values than when using SpeedStep tuned to reduce power consumption.

@Gomo said in pfSense inpath DPI / setup question: pfSense transparent bridge Didn't even entered my mind...thanks for sharing.

@menethoran said in setup new non-active (yet) pfsense machine on network with working pfsense: I WILL be replacing one with the other, but I want to have the new one as set up as possible before switching. The way to do that is to download the config file and use it to get started with the new system. However, you will likely have to reconfigure the interfaces to match the old system. You can do that from the console, using ssh.

@SteveITS said in pfBlockerNG - Blocking a domain: does your log show an error it's trying to update the empty source? No errors here when updating or reloading.

@stephenw10, Well I am using the TFTP server and PXE to boot iPXE. Once iPXE takes over I want to use it to "sanboot" an ISO, but that requires the ISO to be made available via HTTP. It seems like the best thing is going to be for me to just install an HTTP server on a VM or in a container for that purpose, I was trying to avoid that and let pfSense do it, but I see it probably just cannot be. I was hoping pfSense could serve it up, but no problem I'll just setup a container to do it. Stuart

That is pretty small. We have to do some odd tricks to parse the lease file since the format used by ISC isn't very friendly to parsers. It's possible there is something in the lease data that is making the parser fall into an infinite loop. Probably something in one of the uid or client-hostname lines, but uid is much more likely to contain something problematic.

@stephenw10 Thank you. I know I have eyes on it now... but every entry helps.

@jimp said in Modify a widget?: While there are no plans I'm aware of to add that, given the functionality that's already there, it may not be terribly hard for someone to add and make a PR to do. True, it looks quite nice, not been through the imports yet though. Will be something to figure for a rainy day perhaps. Thanks :)

@Jarei said in pfsense+ upgrade from 22.05 to 23.01 causes kernel panic: well the good news is changing that problem card solved the problem running 23.01 atm had zfs saved snapshot so could test it quickly now my license does not work anymore so can't upgrade to 23.05 like yay think i'll move my shit over to something else just by changing 1 network card license is void this just plain sucks :( Are you seriously complaining about a free license that didn't cost you a single dime? Feel free to "move your ****" to another firewall platform.

Yup, if anyone can tell you what the expected behaviour of the AT&T router is it's the guys in that thread.

Hi people, my NIC arrived and it's running so fine. Love it! Will buy a Netgate 2100 in the future for the low running cost of 5W only! [image: 1685519039547-fada4b50-67bd-45b0-9a3e-52815b36895e-image.png]