The only antivirus you might have on pfSense, clamav, only scans traffic that is cached by Squid. It is probably not doing anything for traffic coming over a VPN. But even if it is it's no substitute for AV on hosts where it can have far more visibility. Steve

That should work. We're going to need to see some data to find out why it isn't. Can we see the ifconfig output with the new card and the interfaces assigned? Steve

@akuma1x said in Block personal wireless devices at work: It is in a safe spot, just in case they need it Sticky note on the monitor?

The logs are straight from Strongswan so maybe: https://wiki.strongswan.org/projects/strongswan/wiki/Loggerconfiguration Though I don't see any specifics there. There are existing log parsers for strongswan though as it's widely used. You might look at those. Steve

@viktor_g Hi Viktor, i`ve tested patch - it works, L2TP start automatically during boot, thanks a lot!

@stephenw10 No, it's not needed anymore. The only difference with a standard config is PAP.

@ali-ilyas said in PFSense On 4G To Remotely Access PLC (Programmable Logic Controller): I tried using Pfsense to access a PLC over VPN without having to enter router or default gateway info into PLC but didn't work. Also you will need to have a route setup on your local machine or router to the remote LAN network that sends traffic to the pfsense box that is performing the outbound NAT to the remote LAN. Hopefully it will be using a subnet that is different from your local network.

This is targeted for CE-next in redmine but seems to have stalled. Does CE-Next mean 2.5.2 or 2.6.0 ?

If you are hitting that it mostly affects VPN tunnels using the interface address. Whatever nuance it is causes the interface to return a VIP as the primary address. However you will find it doesn't cause a problem for pf using the system alias 'WAN address' for firewall rules or outbound NAT for example. If you can use a VIP there instead of the interface address that will be unaffected. Steve

There were significant changes in pf after 2.5.1 which will be in 2.5.2, especially in state handling. That panic is unlikely to still happen on 2.5.2, or at least would have a different backtrace which would be more helpful.

@mfld ill do that.. thanks a lot!

A downgrade then upgrade in the UI worked for me.

Smoothing can cause stuff like this for sure.. Also filtering could come into play as well. And have not played much with the mode..

I found this page that describes the fix which corrected my issue. Mostly, set to the current distribution, in my case 2.4.5 DEPRECATED and run "sudo pkg-static install -f pkg" https://agent31.net/blog/2021/03/10/fixing-stalled-package-manager-in-pfsense-2-4-5-p1-easily-in-5-minutes/ This procedure fixed the package manager on my 2.4.5-p1.

looks like everything is working now! many thanks to everyone who gave their input!

Use Captive Portal along with FreeRadius. Create a user and restrict no of simultaneous devices to 3. Share the username and password with all the users.... at a time only 3 will be able to connect. Regards, Ashima

For everyone's reference: apparently the notification methods are mutually exclusive. I had to first disable the SNMP notification method to have the Telegram one work. It looks like a bug to me. At the very least it is a behavior worth documenting.

If you create a new column in Wireshark and add the field vlan.id you'll be able to see the vlan ID otherwise look in the data. [image: 1624298101833-screenshot-2021-06-21-at-18.50.46.png]