Honestly, unless there is a problem I don't waste my time tweaking for that extra 1 ms. Netgate uses resolver by default because it just works out of the box without the need to specify upstream servers. If you're concerned with speed, use the forwarder with your ISP's local DNS. As for testing, DNS Bench by Steve Gibson is one such tool.

Not really. If you're using the SDEC driver though they will be connected to the input pins on the parallel port. You could try reading the port directly. Probably easier to just try various combinations of the buttons specified by the driver until they line up. Steve

That^. Seems like a fairly accurate description to me. There are 3rd party apps for controlling Denon/Marantz stuff. One of those might work for you. Steve

So what IS working here? Do you have DHCP enabled on OPT1? Are clients pulling a lease from it? With outbound NAT in manu7al mode you will have to add outbound NAT rules for the new OPT1 subnet. Do you see any alerts in the GUI? It may be failing to load the new ruleset correctly. You should still be able to ping from LAN to OPT1 though even without any new rules. Steve

Anything special in your unbound config? Assuming you're running unbound. Steve

If your ISP can only provide those IPs to you directly on the WAN, rather then routing them to you via a different public IP, then your options are limited. You can setup IPAliases for those publlic IPs on the WAN connection and then 1:1 NAT them to private IPs internally. That means the servers using them cannot have a public IP directly which may or may not be an issue. With a non-PPPoE connection you could bridge the WAN and the internal interface in order to use the public IPs directly on the servers. Steve

It's NodeBB, https://nodebb.org

@ivor said in Roadmap? Any idea how much longer till I need AES-NI?: Likely not this year, still a lot of work is to be done. Thanks.... that's exactly the answer I was looking for. For me it's no rush as I'm in no hurry to lay out more $$ for another mini PC. Given there is a period of support for 2.4.x after 2.5 comes out, it looks like I'm good till about the 3rd-4th Quarter of 2019 before I'm totally unsupported.

This thread is quite old but others who are searching for it may find it helpful. On Chrome, you can fix this Error by adding -disable-prompt-on-repost Follow these steps Open application's folder in Program files in C Drive Right-click and open properties Click on the target field and add -disable-prompt-on-repost to the end of the directory Try again to check if Chrome is still showing the error Image for reference [image: Confirm-Form-Resubmission-Google-Chrome.png] Hope this Helps :D Source: Confirm Form Resubmission

Yes, it is safe.

Firewall > Rules, WAN tab. Edit the OpenVPN rule. Change the protocol to UDP. Save. Apply. Then update to 2.4.3-p1.

Thanks for the suggestions. It turns out that it was the physical network adapter. I swapped it out and it has been stable for 5 days now.

You do understand that now your firewall will need human intervention on power cycle. Is your firewall not in a secure location. What is exactly on there that might be of concern other than the CA, and private key for the web gui? Move the CA off.. This topic has been gone over a few times over the years - its just doesn't have a valid use case on a firewall.. Do any of the major players provide for FDE for their routers/firewalls? Cisco, Palo, Juniper, Fortinet? Your still open to evil maid attack as well. So what does it buy you? Not like you can loose your firewall, forget it on the subway. someone break window on your car and take it while your parked for lunch, etc. edit: For ref this the last time I recall this topic coming up https://forum.netgate.com/topic/114030/installation-with-whole-disk-encryption Use ZFS if you want to do it - just pointless IMHO and IMPO both personal and professional.

I've rebooted the ISP modem and pulled the ethernet cable out many times as well, and, like you said, no problem. I thought dns at first also but tried to access the gui via ip and it also hung. DNS was also affected though as I could not do an nslookup. Weird?!

@Derelict @JKnott Thanks guys for setting me on the straight and narrow. I'll now hunt down a hub with a BNC port instead of BNC NIC, and I still get to use pfsense :)

Thanks for that. I sort of had a gut feeling it would be Suricata. I thought the settings allowed for the logs to be regularly emptied but that seems to be not working or either I did not set them up correctly. I will take look and see what I can find out. Yes I did have Snort installed at one stage but removed it. So I guess I will have to learn how to delete that data that remains. Much appreciated your reply.

If it can authenticate against Freeradius on localhost it should be able validate against an external radius server. Can you authenticate against it from Diag > Auth? Check for valid states being created. Run a packet capture to make sure it really is trying. Check the daloradius logs for evidence it's trying to authenticate or any errors. Steve