pfSense is the router at the main house? What's the other end of the OpenVPN tunnel? You shouldn't need any port forwards if routing between the two ends of the tunnel is working. @ajaypatel26 said in Port forwarding for Synology on Openvpn address: I can connect the backup nas to my home router and get 192.168.10.10 I can work ok but the backup task not working. What exactly is working OK there? Steve

@rsicard said in SG-1100 package manager, search for available no work: Now how much is this going to cost me to upgrade? Nothing. There is no cost involved here. All Netgate hardware includes Plus upgrades for the life of the device.

Hmm, possibly you changed the IPSec filtering mode? That can hide tabs for VTI or IPSec interfaces.

Hmm, nothing terribly exciting there. Sure seems like it must be OpenVPN doing something.

@johnpoz said in Firewall log TCP -S: curious let see if you get any hits on those ;) Probably depends on what types of clients are behind the firewall. I'd certainly expect some hits on some of those.

@Antibiotic Ok , finally I think found correct settings with VPN interfaces. Waveform measuring looks like incorrectly upload speed, Ookla speed test show me correct 1GB upload speed and 1GB download. Have A+))) , without Limiters have B or C. Tested grade on all inerfaces with VPN and without VPN only clear WAN. All looks good grade A+ tested also with a proxy squid also A+. This my final settings Limiters as from official docs and floating rule as below: [image: 1717503071303-screenshot_4-6-2024_151052_192.168.10.1.jpeg]

No it shouldn't lock up the system entirely. You might end up blocking all ICMP traffic depending on how the limiter is configured. That could potentially block gateway monitoring etc.

@Greg2100 said in trouble adding LAN2 & LAN3 interfaces (assignments): Not very intuitive!!! For people inexperienced with managed switches, then yeah there is a bit of a learning curve.

@stephenw10, I would need something to force a status change. Maybe unplug the UPS so that NUT complains. I have Edge and FireFox I can try on it. Phizix

Indeed TFTP is, deliberately, very simple. It can be dramatically affected by any latency. You could test a tftp transfer directly and see what speeds you get. If it's bad though there's no much you can do other than use a local server instead.

Yes I would try it. First check the boot logs where is shows the output from the driver when it attaches (or fails to).

Hmm, probably not since that workaround exploited a bug that is now fixed: https://redmine.pfsense.org/issues/14756 So the particular issue you see in an HA setup is that the pfSync Interface is directly connected and hence is link cycled. Yet despite both ends being statically configured and most services not listening to that everything is restarted? That does seem like something that could be excluded.

@mauro-tridici create an alias with your country or countries you want to allow, and or any other IPs [image: 1717413185254-allow.jpg] This is the alias that is allowed to talk to my plex server. See I allow US Ips, also Morocco because I have a family member currently living there. Then some other IPs that are used to check if my plex server is up and if not warn me. The reason for the other lists is because some of those IPs are not always from the US.. Many monitoring services use IPs from all over the planet to make sure your service is up. That one labeled PlexRemoteCheck is list plex puts out for their IPs that validate your server is available remote - and it can be IPs outside the US as well.

@Yet_learningPFSense said in When installing PFSense, I am asked to connect to the internet: @anthonys Thanks. I will try again according to the URL you gave me. Or just download good old offline installation image from here.

@stephenw10 I'm away for a couple of days, I'll look into it when I get back. Thanks for your help.

@stephenw10 I assume this will either work or it will fail without doing any harm? Well, yeah right I can reset to default again if it fails. Thanks

@stephenw10 Ah , ok)))

@JustAnotherUser Also, you would have to allow computer 2 & 4's subnets across the WG0 tunnel.

@stephenw10 The original script is in bash, but is fairly simple so should be easily adaptable to tcsh. I know lots of other folks with similar configurations don't even bother with a watchdog script for wpa_supplicant. This is fine if it works. I rather have something in there that ensures there's network connectivity and the supplicant is not stalled.