Ah, good result.

Bad request like that implies the client has an invalid certificate. It may have just not pulled a new cert. Running: pfSense-upgrade -c would correct that. If you still see errors send me your NDI in chat and I'll check it.

@cappie said in pfSense Plus 23.01 : Unable to gather system activity (1): I linked to that earlier Doh, missed that.

@ts_itops so you take your phone from network X to network Y, and then on Y you see a storm of retrans still trying to talk to IP 192.168.1.100, even say when your now on 192.168.2/24 ? Or your seeing this traffic on network X, even though your phone is no longer on the X network? And this traffic comes from pfsense, or goes through pfsense? If it comes through or from pfsense then yeah the arp cache on pfsense would still think phone IP with mac xyz is still there and sure could continue to send traffic even if phone is no longer on the network. In such a case then sure lower arp cache time on pfsense would lower the amount of time such traffic could be sent.

@nogbadthebad said in Using RADIUS server but on which device?: Out of interest how many access-points do you have ? I have a total of 5 Cisco 1700 Series access points connected to the controller

@stephenw10 Um, I do tend to go a wee bit overboard on the pfBlockerNG lists... ;-)

Thank you for your kind reply. I forwarded your suggestions to our dev team. For now this ticket is closed. Thanks again.

Yeah the VLAN interfaces are treated exactly like any other interface; you can apply firewall rules to them individually.

@stephenw10 This was what i was going to respond to you with in my 2 cents comment but i let it go. The redmine is spot on. If you are doing a Multi-WAN set up than as part of the configuration you should, explicitly, enable gateway actions because thats the whole point. Otherwise, keep the gateway action disabled. The RRD graphs are very valuable so i would keep the monitoring enabled for sure. Thanks again for your help. I think you're 10/10 with my issues now?

I would replace it.

This is a bit different from the tuntap issue. I've captured the details here. armv7 kernels currently differ from arm64 and amd64 in that they do not statically link the if_gif module, so it must be loaded at runtime. A change has been authored for this and an update to the System Patches package is forthcoming.

@rcoleman-netgate thanks for the info and help. Have a great day.

Yeah you can do this if you have a tunnel or transport subnet between the two locations are can NAT the traffic at both ends. It sounds like you are trying to have the 192.168.0.0/24 subnet on two interfaces on the same pfSense router here though. That cannot work.

@clevers Tried a web search? Virtualizing pfSense Software with VMware vSphere / ESXi

@steveits Thank You -- I have set it to 1.1.1.1. (CloudFlare) - and it appears to have made the red go 'bye-byez' [image: 1682523209539-c40bfc16-2797-4b99-bea6-5912060b408a-image.png]

What actual errors are you seeing? At either end?

@gertjan Thanks! I meant swapping it with the drive with the Untangle installation if I can’t configure the pfSense installation to my liking. As suggested by @stephenw10, this might be easier than reinstalling and restoring from backup while I’m still doing all these tests and optimization.

You almost certainly don't want to have VLAN1 tagged on any port. VLAN1 should usually exist inside the switch only so you should probably just have that untagged on 1 and 5-8 or only on 1 with every other port excluded. I don't expect an AP like that to be doing any routing so I would try to disable the WAN ports entirely and setup only a LAN. Though I don't have any direct experience with Omada gear like that. Steve