ok run into same thing ... gonna have a look into this 2.6CE brNP

You can execute commands directly using ssh if you have key based authentication setup. Like: steve@steve-NUC9i9QNX:~$ ssh root@apu "sysctl dev.amdtemp.0.core0.sensor0" dev.amdtemp.0.core0.sensor0: 54.1C You have to use root to avoid the menu. Steve

VLAN10 only needs to have ports 1 and 8 as members if you don't need to have DMZ hosts anywhere except as VMs. Otherwise that will work for the switch config. The VBox config is probably going to be more complex. I'm not sure I've ever tried it, I moved away from VBox a while back.

@stephenw10 All working now. Thank you all.

@stephenw10 Ok then, I will use the email option to remind our users to change passwords when they are about to expire.

Stunnel listens on localhost and forwards requests to dap.google.com so I would expect to point Freeradius at localhost on the appropriate port. As you do for LDAP auth directly: https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsuite.html#configure-ldap-authentication-on-pfsense-software

That appears to be the same crash report file. Do you have a different one?

0.5.1 has been released with support for nat forwarding of non-TCP/UDP protocols. https://galaxy.ansible.com/pfsensible/core

Actually, a simple reboot cleared up this problem (I was afraid to reboot before going to bed). It was odd. I suspect it was nginx problem but I was not able to fix it Thx all!

DynDNS works fine in everything I've tested. There have been some glitches with some services in the past and there maybe in the furture, usually when services change their API etc. Right now I'm not aware of anything that isn't working though. You can check the redmine for open dynamic DNS issues. Steve

@eeebbune Install the System Patches package, and then under System/Patches apply that patch I mentioned.

@nogbadthebad, @Cool_Corona , @stephenw10 Thank you all for responding. I have discovered OpenStack's Neutron network and Open vSwitch possibility and have installed OpenStack on VirtualBox to play with over the weekend. However, You all are correct that using home via VPN would be the best option for the iPad pro.

If your ISP has massive buffer-bloat you're going to see large latency increases when traffic increases however powerful your router is. To actually address that you need to use some traffic shaping on the firewall. If you only have one gateway defined it will always be the default route and pfSense will always try to use it. However it will still trigger a bunch of scripts that aren't required if you only have one. So I'd recommend editing the gateway and setting 'Disable Gateway Monitoring Action' to prevent that. However if you move the load-balancing over to it you will need to re-enable it. Where do you lose internet access from when you connect the 192.168.88.0/23 devices? What are you actually doing to connect them? Steve

Personally I use the default setup for NTP. You don't ever want to expose that to the WAN but the default firewall rules prevent that.

@erikig And I figured out what was happening. A confluence of events. On the one side, yes the ISP’s DHCP server went offline although their front-line support kept insisting nothing was wrong. (Yes, I know the fibre is up, that’s not the problem. ). What caused all of the odd secondary behavior was that the syslog server crashed and as a result pfSense started generating huge amounts of logs (notably system.log) which filled up the disk which resulted in all sorts of things breaking like DHCP etc. Clearing out the excess in /var/log and rebooting put things back on track. Other than of course the original source of the problem which the ISP finally acknowledged 4 hours later with a generic “there’s an incident impacting your line”

Nice. Yeah if it;s really just L2TP without IPSec then you really need to be aware of what's going across it. Leaving it enabled shouldn't really be a huge problem since only traffic from the configured remote site would ever be allowed. I would still investigate using something other than the LTE router to terminate a VPN so you can use a real VPN if you can. Steve

Ah, yes IPSec will grab that traffic and it's not obvious.

Yeah, not seeing anything that looks like a memory leak or CPU use. If you can hook up a console and log that you might catch something that doesn't get entered into the logs.

@stephenw10 Yeah ok, looking at the emails I got, it looks like the UPS ran out of power before it could fully shut down, but it was shutting down when the UPS ran out.

@michmoor Yes.