@bmeeks Blocked hosts set to clear in 1 day, Snort blocking kill states is ON. Will keep monitoring for more crashes.

Yes. When gateway comes back up static routes using it are reapplied.

Yeah that module is not compiled against the pfSense 2.7.2 kernel. The instructions for dong so are in that linked thread. Hopefully that other user may be able to re-upload their compiled module.

Some thing on a client sees the gateway reboot and tries to reconnect maybe? Something had previously passed that traffic and the state still existed until reboot?

Hmm, what limit are you hitting?

@marcvb So it's been 7 years, are you still using pfSense and if so how are you managing them?

Use the default values unless you have a good reason not to.

If you have internal clients that try to use DoT by default it may help to enable that. Almost everything will just fall back to unencrypted DNS. If you have clients that _only) use DoT you you need to enable that. Generally that traffic is all internal only so there is little reason to encrypt it.

It will send the local interface address the dhcp server is running on if the pfSense DNS server is listening on it. See: https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html#servers

You can do a lot of things with syslog-ng. You can add multiple destination objects and pass traffic to them based on the source IP. See: https://man.freebsd.org/cgi/man.cgi?query=syslog-ng.conf

@chpalmer Hi everyone, thanks so much for all the thinking and suggestions. I am not sure why, but reading this triggered my brain to say "I have contol of both networks, why not just setup a VPN and see what happens?" One IPsec VPN tunnel later and all is well in VOIP land here. I don't know what the problem was, but the issue is resolved. It has only been an hour, but so far working reliably. To answer questions: the Netgate WAN IPv4 address starts: 98.97.. I am prety sure it is publically routable. No trouble setting up the VPN or other inbound connections, though other than this all inbound is just testing/incidental. I may switch the tunnel to not rely on the IP if it changes a lot. Time will tell. I did not want to put the device outside the Netgate; I could be wrong but I think to do that I would have to take Starlink out of Bypass and end up with a NAT address on the WAN of the pfSense. And I did not see much good in the Starlink router. I am not a huge fan in general for speed, cost or reliability reasons. but any sort of cable/fiber connection due to location is over 100K installation. So . . . Again, thanks for the help. I still feel like it should have "just worked" out of the box, but alls well that ends well. Bob

@snigy which model? Netgate has instructions for each, though they have a new $0 installer which is hardware independent. https://docs.netgate.com/pfsense/product-manuals.html

@panzerscope Does PureVPN work? Can you host jobs in GTA now?

@stephenw10 we should still get core dumps right if it’s enabled. We found a , it’s not just squid.

@periko said in pfsense 2.8-dev?: where is the link www.bajaopensolutions.com ----------> Error 503 Unavailable, the server is paused. Unavailable, the server is paused. Varnish cache server

If it is able to boot far enough to complete bootup it will trigger the auto-verification and remain on that BE. If the config is so broken it fails to boot entirely it will reboot back into the previous BE. You would set manual verification if you think the config is valid but might lock you out of the firewall for example.

@markdudov It allows a remote client/peer that has connected into the wireguard "network" to also use that network's internet connection. This could be for a variety of reasons. Most common is that if the WG tunnel is configured to force all traffic through it then without this rule, you will not be able to access anything on the public internet. The remote peer will then appear to be on that same WG network even though it is connecting into it from somewhere entirely different.

@belrpr said in NTP server stopped working: Hi I use a tool called NTP Tool Hummmm. That does ring a bell. Stop using that tool. Use another 'tool'. Like this one : [image: 1718373940947-3eac78e8-b452-4fb8-a02e-91021a01f687-image.png] ( my French GUI Micorsoft Windows classic Time settings - but you have the same, as the info is valid since windows 95.) I just synced with pfSense = 192.168.1.1 : [image: 1718374013073-0e87b656-b9e9-413e-a1b9-aa318e431579-image.png] so my tool works.

Yup, if you log into the webgui as soon as it's available but before it's finished booting you might see that message temporarily.