@stephenw10 I can see the current NDI, but I don't know how to get the previous one. I did not save it. I have the previous Activation Token for the last NDI and the original Activation Token but never saved that NDI. Is there a way to retrieve it?

Ok, so it's pulling a valid IP there. Check the routes in Diag > Routes. Make sure it has a default route via the upstream router; probably: 192.168.0.1.

Thank you again for the help!

Hmm, if there's no option I'm amazed it doesn't use VLAN1. If I've understood correctly that could only pull a lease from LAN. Or should at least.

@stephenw10 said in IPsec-MB use case: Currently there is only a user ctl for AES-CBC. Thanks stephenw10. Hope they add this option in the future.

Yes, from there you can really only reset. That sounds like a possible drive controller issue though if it happens repeatedly even after reinstalling. Or across multiple drives.

Yes, make sure the branch is set to 'Latest Stable'. Try resaving it as that. Try running pkg-static -d update at the CLI and see what errors it's throwing. I would probably just reinstall though. Better to start clean with a known good install. Steve

The connection appearing very slow like that can be some sort of asymmetric routing problem. Does the client you're connecting from have any other way of reaching pfSense 2? Like a wifi connection maybe? Steve

Yes, you can just get a new token and reregister it.

TAC Lite, currently $0, can be used in a commercial setting. See: https://shop.netgate.com/products/pfsense-software-subscription#commercial_use Steve

@stephenw10 freeradius does not natively support TOTP. Indirectly it can be supported, for example in Debian I use freeradius together with libpam-oath and oathtool (for example), where I can specify a "self-centering" tolerance window, meaning that after authentication the system knows the time offset of the client and centers it in the its window of "tolerance" The fact is that if you don't use systems of this type it is almost impossible to use hardware tokens. Luca

@mauro-tridici CASE closed: adding a new filter rule in /etc/rsyslog.conf I had been able to have a new file with only the information related to pfBlockerNG logs. Many thanks to all of you for the help. Mauro

I meant do you have access to the OpenVPN server or the application server to check for incoming connections? If you don't then check at the pfSense end for the expected states when you try to connect.

Yes, this is likely to have been hitting this: https://redmine.pfsense.org/issues/14288

@DenBeiren Use a webservice like https://www.whatismyip.com/ on every host I guess.

Ok, then I would try setting a limit on the arc.max initially.

Mmm, the promiscuous setting is new in 23.05. I would guess something failed to upgrade resulting in a mismatch somewhere.

@dakapo said in Slow upload speeds - download is fine (XGS PON): The current situation is as follows: I did a factory-reset of the Zyxel yesterday in the afternoon. Since then the upload-speeds are fine. I continue observing the situation and will report about any changes again here. That is encouraging news. ️

Be nice to show other things there maybe.