https://forum.pfsense.org/index.php?topic=105184.0 https://forum.pfsense.org/index.php?topic=7668.0

please try out 115200 8/1/N this must be set up in putty on your pc or laptop and it is the default in pfSense.

Here is the tutorial to use windows certificate on pfSense: https://forum.pfsense.org/index.php?topic=112938.msg628407#msg628407

192.66.1.3 That is a public IP.. So are you inetnum:        192.66.1.0 - 192.66.1.255 netname:        DKNET-CNET2 descr:          Danish Network descr:          c/o DIKU descr:          Universitetsparken 1 descr:          DK-2100 Copenhagen O country:        DK So it is asking for that IP?  Or you want to give it that IP?  What IP range are you using in your network??  You would assign the switch an IP that is on your network, that does not conflict with any other device on that network.. So for example lets say your network is 192.168.0/24 this common, pfsense lan IP is 192.168.0.1 for example.  And your dhcp pool you hand out is what?? 192.168.0.x-y ??? You would want to set the switch to an IP that is NOT in your dhcp pool, and does not conflict with any of your other devices that have static or reservations for IPs. How are you involved in setting up this switch if you do not understand basic IP addresses?  Confused…

Thanks for the reply. I will try the 64Bit Version.

Until the pfSense is ready for use the current router is using that public IP, yes.

:-\

Should I create a ticket to pfsense support to push it or I should wait amazon finish populate the new regions? thank you

Yeah.. Its quite possible that pfsense sync to outbound ntp goes through the outbound nat and therefore changes the sourceport.  I can tell you that since I sync pfsense to my local ntp server, it does use 123 as the source port talking to ntp server on pfsense lan. As to laptops..  While I guess could be a problem if they are away from home for extended periods.. Being gone for a few days and not able to sync to their home ntp shouldn't really be that all that big of an issue. You could use a simple split dns trick ;)  So setup say pool.ntp.org to resolve to your local ntp (pfsense) now clients are home they sync to your local and don't go outbound.  If they are on the road they would resolve pool.ntp.org to some public ntp and use that.. This is what I do for my iot devices that like to just do what they want.. I have some tp-link hs110, and for some freaking reason they try and sync to uk.ntp.pool.org – stupid!!  Your being handed ntp via dhcp - use it.. Freaking moronic coders ;)  Not like your devices are only ever going to be in the uk.. If you want to use ntp pool, ok but don't code your devices to use a regional fqdn when clearly they are used outside that region... I am not really a fan of redirecting of traffic via nat.. But hey your asking my dns for resolution I can resolve what your asking for to anything I want ;) hehehe

While sure some soho wifi routers running 3rd party firmware can support vlans.  To be honest just get an AP, pure and simple - I am talking a ceiling mounted POE accesspoint.  One that will give you great coverage and the feature set you want/need.. Vlans, airtime fairness, band steering, DFS channels, etc.. While 3rd party firmware can breath new life into some hardware..  Your still going to have some brick looking box with some antennas sticking out of it that needs to have a power brick next to it to work.. With shitty coverage area, etc. Unless your talking wifi for 1 room and a few people, your better off doing wifi right and deploy the correct number of AP in the correct area's..

For anyone interested, I have completed this and it is good.  Following this guide https://www.jgranzow.com/?p=23 I created my CA and certificates I needed for my VCSA 6 and my 2 esxi 6 hosts.  I downloaded the CA root crt + key and the host crt + key and uploaded all of them to a shared storage space.  I followed this guide using option 1 https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2097936 and it asked for the VCSA crt, key and also the root crt.  I then followed this guide https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2113926 for my 2 esxi 6 hosts starting at the "Installing and configuring the certificate on the ESXi host"  I noticed I needed to remove the hosts 1 at a time from vcenter, update the cert, reboot the host to be on the safe side and re add back into vcenter.  All certs are now trusted and good for 10 years.

this also makes my ups/nut configuration useless.

I would to try out to install ASUSWRT-Merlin or something likes DD-WRT or OpenWRT and be happy with the AC WiFi.

The netgear 6100d is a lte modem/router with ip pass-through. Is this a hybrid router with capabilities for the load balancing and/or fail over? Then you could try out to get the best or most out of that unit together with pfSense, to build a router cascade or dual homed bastion host. Netgear Router Net: 192.168.1.0/24 (255.255.255.0) IP Address: 192.168.1.1/24 DHCP server: off pfSense behind the Netgear: WAN Net: 192.168.1.0/24 static IP 192.168.1.100/24 Gateway: 192.168.1.1/24 DNS: 192.168.1.1/24 LAN Net: 172.xx.xx/24 LAN IP: 172.xx.xx.1/24 DHCP: on Gateway: 192.168.1.1/24 DNS: 192.168.1.1/24 Client config: (PC, Laptop,…..) IP via DHCP or fix from 172.xx.xx/24 Gateway: 172.xx.xx.1/24 DNS: 172.xx.xx.1/24 Now you get something likes double NAT but it might be mostly only "eating" 3% - 5% of the total throughput.

Are there any ways to view the operation logs of specific user? You could try out installing Squid & SquidGuard together with user auth. and look then at the specific user account what he or has done.

$ ssh root@SG1000.fw.example.com 'pkg search -o ".*"' | awk '{print $1;}' | sort > armv6.list $ ssh root@SG8860.fw.example.com 'pkg search -o ".*"' | awk '{print $1;}' | sort > amd64.list $ diff amd64.list armv6.list | grep '^>' > not-on-amd64.txt $ diff amd64.list armv6.list | grep '^<' > not-on-armv6.txt $ cat not-on-amd64.txt > sysutil/pfSense-u-boot $ cat not-on-armv6.txt < archivers/cabextract < archivers/gtar < archivers/libarchive < archivers/liblz4 < audio/beep < databases/ldb < databases/mysql56-client < databases/redis < databases/tdb < devel/argp-standalone < devel/binutils < devel/cmake < devel/cmake-modules < devel/ding-libs < devel/git < devel/icu < devel/jansson < devel/jsoncpp < devel/libhtp < devel/libinotify < devel/libpci < devel/libunistring < devel/nasm < devel/nspr < devel/py-babel < devel/py-backports_abc < devel/py-botocore < devel/py-dateutil < devel/py-enum34 < devel/py-futures < devel/py-Jinja2 < devel/py-jmespath < devel/py-msgpack-python < devel/py-pytz < devel/py-singledispatch < devel/py-six < devel/py-yaml < devel/swig13 < devel/talloc < devel/tevent < devel/yajl < dns/bind99 < dns/c-ares < emulators/open-vm-tools-nox11 < emulators/pfSense-pkg-Open-VM-Tools < emulators/qemu-user-static < graphics/graphviz < lang/p5-Error < mail/p5-Net-SMTP-SSL < math/mpc < math/mpfr < misc/pciids < misc/py-progressbar < net/daq < net/freeradius2 < net/libdnet < net/libpcap < net/ndpi < net/ntopng < net/p5-IO-Socket-IP < net/p5-Socket < net/pfSense-pkg-freeradius2 < net/pfSense-pkg-ntopng < net/py-libcloud < net/py-pyzmq < net/rsync < security/barnyard2 < security/broccoli < security/nss < security/p5-Authen-SASL < security/p5-Digest-HMAC < security/p5-GSSAPI < security/p5-IO-Socket-SSL < security/p5-Net-SSLeay < security/pam_ldap < security/pam_mkhomedir < security/pfSense-default-config-azure < security/pfSense-default-config-bhyve < security/pfSense-default-config-ec2 < security/pfSense-default-config-ec2-csm < security/pfSense-default-config-kvm < security/pfSense-default-config-openstack-csm < security/pfSense-default-config-serial-alix < security/pfSense-default-config-vmware < security/pfSense-pkg-snort < security/pfSense-pkg-suricata < security/py-certifi < security/py-pycrypto < security/snort < security/sssd < security/suricata < shells/bash < sysutils/blinkled < sysutils/dmidecode < sysutils/flashrom < sysutils/grub2-bhyve < sysutils/htop < sysutils/lcdproc < sysutils/lsof < sysutils/pfSense-builder < sysutils/pfSense-pkg-blinkled < sysutils/pfSense-pkg-gwled < sysutils/pfSense-pkg-LCDproc < sysutils/py-salt < sysutils/screen < sysutils/smartmontools < sysutils/u-boot-ufw < sysutils/vm-bhyve < sysutils/vmdktool < sysutils/wrapalixresetbutton < sysutils/xe-guest-utilities < sysutils/xen-guest-tools < textproc/flex < textproc/libyaml < textproc/py-docutils < textproc/py-MarkupSafe < textproc/xmlstarlet < www/p5-Mozilla-CA < www/py-requests < www/py-tornado < x11-fonts/libfontenc < x11-fonts/mkfontdir < x11-fonts/mkfontscale < x11-fonts/webfonts < x11/xproto The packages that are not on ARM are mostly missing because they either do not compile or do not make sense on the platform, or they are dependencies of packages that are not there. For example, no need for VM guest tools if we know it's real hardware, not enough horsepower for snort/suricata even if they did compile. To boil it down to user-facing stuff: $ grep 'pfSense-pkg' not-on-armv6.txt | cut -f2- -d '/' | sort pfSense-pkg-blinkled pfSense-pkg-freeradius2 pfSense-pkg-gwled pfSense-pkg-LCDproc pfSense-pkg-ntopng pfSense-pkg-Open-VM-Tools pfSense-pkg-snort pfSense-pkg-suricata