@stepinsky you would need to edit the subject (ie your first post) then you can edit that and add a tag of solved, etc.

Now that Frontier has resolved the corruption on their end, my problem is now resolved. Thank you everyone.

@thedragon said in Problems restoring my config: Is there anything in particular that causes the second set of tags to be added? Yes, the specific software-related bug I linked to caused it. In the next release the double-tag will be ignored.

@stephenw10 hi Steve, the version I use is the 2.6.0. In the file config.xml I have tried only to modify the "username" On friday I will test the alternative format in the field "URL" in the config.xml file I will update you thank you for now! regards sblack

@natethegreat21 Even if you post the same screenshots multiple times, it gets not more clear, what you have configured actually, since the pics are still missing comments. And also the questions stay the same: Did you import the SSL certificates into pfSense? Obviously you didn't. However, this is necessary for HAproxy allowing to read the host header. I mentioned this already in the other thread, I think. You have the ACLs configured on host name basis. So HAproxy must be able to get it. But the client only send the host name after he got an SSL certificate from the server. So that requires that HAproxy has SSL certificates assigned in the frontends. Without importing the certificates you can only use TCP mode frontends and configure the ACLs to read the SNI.

Mmm, there was a bacula package at one time (way back in pbi times). I don't see any feature requests open for that. It doesn't have any additional dependencies: [2.6.0-RELEASE][admin@cedev-4.stevew.lan]/root: pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/bacula13-client-13.0.1.pkg Fetching bacula13-client-13.0.1.pkg: 100% 427 KiB 436.8kB/s 00:01 Installing bacula13-client-13.0.1... ===> Creating groups. Creating group 'bacula' with gid '910'. ===> Creating users Creating user 'bacula' with uid '910'. ===> Creating homedir(s) Extracting bacula13-client-13.0.1: 100% ===== Message from bacula13-client-13.0.1: -- NOTE: Sample files are installed in /usr/local/etc/bacula: bconsole.conf.sample, bacula-fd.conf.sample There is no front end for it though. And pfSense doesn't use the FreeBSD init system so you might need to start it using another method. If you really need it. Steve

@mdearman I’m just having some fun. There have already been like 10 threads on this same subject over the past few days that were answered. This has been the more entertaining one of them.

Hmm, not really sure what you mean by that. When you backup the config the complete config is backed up every time. It's not incremental. Steve

@zprime I upped this very old thread, because it helped with my pfsense 22.05 plus system. Sometimes i have been problems with jammed connection, normally i do reboot and all go again fine. Now i started use IPv6, and i noticed very often jamming problems. I noticed removing lan cable cause unstable state and it not go back with replacing lan cable. After many hour googling, i found this thread and it helped. When i put fixed 1000T fd state all my NICs, pfsense is solid again. I hope some speaking why this very old bug still exist. I have intel 4 port NUC

@michmoor said in ISP blocks ping requests to its gateway IPV4 address: I would use the functionality of having dpinger ping something outside of your local ISP That and ISPs often treat regular pings as a DoS attack resulting in marking the gateway as down.

@stephenw10 said in connectivity delay for new clients: Partial IPv6 connectivity can introduce delays like that whilst Windows tries to use v6 and then falls back to v4. Nice catch

The firewall logs pull up the rule description from the current running ruleset based on the identifier. But the ruleset that was running when that log entry was created may have been different. Thus what shows there as the 'Permit to Internet' rule may have been something different at the time. And that seems likely because there is no way that rule could have matched that traffic. Unless it was far more open previously. However any single rule that could match all those entries would have to be something that applied to all interfaces. When you look at the ruleset directly that would be a rule without an interface specified. Steve

Yup, probably an authrorised device key required there like gmail uses since you can use a 2FA login. Steve

@stephenw10 Yes, Multiple IPsec VPN instanses, so I could have several Mobile VPN implementatios with very different settings running on different WAN IPs.

Indeed, when you restore a config it will reinstall any packages referenced in it. But that shouldn't be a problem as long as you have a valid WAN connection. Steve

@hefin The client certificate might not be, what you need. This is meant for authenticating the client on the server. You have to assign the certificate to the frontend. BTW: you should better hide your public IP, at least if it's static.

@stephenw10 Apparently it is a 32 GB. I thought I bought a 64. The invoice doesn't say and the web site shows both 32 & 64 available. On the Ali Express site, you select the options you want to build the computer. Well, not a problem. As I mentioned, I'm only using 4% of the 24 GB partition.

I've never tried but you could add static ARP entries for everything on all devices. I can only imagine it being a complete nightmare though! You'd be chasing connectivity issues forever. Hard to recommend.