Yeah, that's.... interesting. Good to find though! Also I'd argue it's Chelsio that hates Wireguard. Though I'm not sure if that's more unexpected. Steve

@stephenw10 Yep i figured out how the scheduling works. GUI isnt clear (at least to me) how to do a daily schedule or a monthly scedule. Months are presented so it feels like its implied that if you want to have a rule active only on the weekends, you need to select every weekend on every month but you actually dont. Documentation is not clear on this front either but nevertheless reviewing the xml stanza made everything make sense. Thanks Steve !

@morgion thank you. Still some issues pending

@stephenw10 said in [solved] Will pfSense support VRF?: Which is fun. Thanks god I already run virtual... one has to know his limits.

Hmm, I expect to be able to do that (at least until encrypted SNI is more widespread) using pass-through SSL. Though it's not something I've ever tried myself in pfSense, HAProxy appears to be able to do it. Old example. Steve

Currently you can only do that using Snort with OpenAppID. In in-line mode that can work OK since it blocks connections rather than hosts. https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html#application-id-detection-with-openapp-id Steve

System >Certificate Manager >CAs There you should be able to delete your Cert

Thanks all for replies; I'm planning to do a test setting up another PFSense 2.5.2 in same VMWare environment. With same packages and same configurations (importing them). Then I uninistall packages like Snort and NtopNG, and I'll do upgrade to 2.6 version to verify the behavior. As my actual PFSense manages 6 public IPs (set as Virtual IPs on WAN interface) it's not so quick "move" them from a PFSense to another one.

@jarhead That worked perfect! Thank you very much!

@stephenw10 I guess there is VLAN configured because I didn't need to set it on the pfsense

@stephenw10 said in SG 6100 Lan Ports Intermittent connection: So you have not seen that issue again in 22.05? Yes. If it does happen again check the logs. If you can still access the pfSense webgui it's not an issue with the LAN ports specifically but probably either DNS or something with multiwan. Ok noted. Thanks much steve for this insight of yours.

Not in pfSense. You would need to do that at the switch with 802.1x. Steve

It will work with DCO if you're able to try that. That using the kernel crypto framework and the QAT driver is available there. Steve

The only way to address that is using very low TTL values and there is no way to set that in pfSense. Even with that it's not difficult to workaround it at the client by simply setting the TTL values there. Steve

@stephenw10 Just glad this has been sorted out :) So for future me when i forget how I did this... "add 0.0.0.0/0 to the allowedIP" section to have dynamic routing, route traffic over the tunnel.

@johnpoz said in Is ISP blocking all ports?: did you send them your test results showing clearly ports not getting to your device when using the static I sent them detailed reports with very specific comments about what did and did not work. I was told it was escalated to level 2, but never was able to talk to a tech who seemed to have a clue. The common response was "we set up the modem/router correctly, it should work", despite the fact that each tech said that the last one didn't quite get it right. I never did speak to anyone (or hear second-hand) at the ISP who acknowledged that there really was a problem. It was all rather frustrating! I finally told my client that I didn't see us getting it resolved with that ISP.

Mmm, not familiar to me. Let me see if any one else has seen it....

@stsc_srzc_de Try the "RFC 2136 Clients". Also you could disable ULA in Fritzbox.

Yes, I would expect them to have been removed when the packages were uninstalled. If you restored a config later it might have had those crontab entries but been unable to install the package for some reason. That would result in what you saw. Steve