@viragomann Awesome, worked, thanks! How do I set it so that when a new client joins the network, I get an email notification?

@fixingstill said in Hotplug event detected for LAN at time xx:05:02 and xx:35:02 of random hours only.: I am out of idea how to troubleshoot this one On the pfSense side : swap WAN and LAN interface. Does the issue continue ? On the WAN now ? Or not ? Swap port on switch, or even use another switch ? Swap cable - even the best cable can be faulty from day one.

Thanks for all the input. It was indeed PVST. I've disabled spanning tree for each VLAN on the switch and the activity has disappeared from the traffic graph.

@parry For the future - just leave the DNS in Tomato set to 0.0.0.0 which it uses as a default. The DHCP server in pfsense provides the access to DNS

It looks more like you are trying to use this as a VPN router so that anything on the LAN side of pfSense will use the VPN? If so then that's not a switch and definitely not an access point. But that's good because pfSense is not a switch or access point! Steve

@stephenw10 There's not an alternative route that I can see from laptop to pfSense. Not connected via anything but the access point. Yes 23.x.x.x is the WAN IP passed through to pfSense. I ran a pcap on pfsense WAN as pfsense scans 172.16.0.0/13 and is generating TCP:A blocks outbound on WAN in the firewall logs. I look at a blocked TCP:A outbound entry timestamped 15:29:00 within the firewall logs, and filter for that destination in Wireshark. (ip.addr==172.16.56.89). I do not see any traffic to or from any of the destination IPs shown in the firewall logs. Edit: Where is 172.16.224.109? I don't know, it's not something that I've provisioned and well outside my address ranges. I use 172.16.0.0/24 for guest wifi access and that's not seen activity in some time. I saw that address in the AT&T gateway logs and was curious for this reason. AT&T gateway has everything related to firewalling and packet filtering disabled yet it was showing reason: filtering.

@stephenw10 okay thanks

Well the feature was rejected , due to a local (HW) obtained key was not secure , if the person performing the ECS had access to the hardware. Too bad .. I was never aiming for an unbreakable config , just something that would not give it away openly. /Bingo

@johnpoz Thanks, again! It was the Custom Option thing at the bottom of Services > DNS Resolver > General Settings. I'd forgotten all about that.

@bingo600 reroot is covered in docs (link) -- although it says it's faster than a reboot it still took a few mins. To perform a reroot, choose option r when triggering a reboot from the terminal menu. Since everything in my stack is automated (no human touch where we can help it), I just made a simple php script that triggers like this (php) and it's called through our automation engine: require_once("functions.inc"); system_reboot_sync(true); the true in system_reboot_sync(true) tells it to do a reroot instead of a reboot. It's not documented, but I found it in the source code here

@areckethennu glad you got it sorted and I could be of help.

@steveits Great information Steve! I willl take a deep look at it. Best Regards, and Thank you! LeMike

The reset config procedure in the 6100 is a little more involved that other devices. And it fact I would only attempt it in 21.05.2 if you have no other option. The timing is such that it's difficult unless you can see the console output and at that point just use the console! This is fixed in 22.01 where the feedback from the LEDs make the process relatively easy. The reset is a two step process: Power on the device. After a few seconds, when the green circle LED changes from orange to blue, hold the reset button for 5 seconds. This 'short-press' initiates the reset. Then after the drive has mounted the system recognises the reset has been initiated and asks you to confirm the reset. In 22.01 this is indicated by all three LEDs turning red. Hold the reset button until all three LEDs start flashing, ~13s. The system then resets the config and reboots. Steve

Ah, well to do that you might actually be better using two separate connections. You can route VoIP traffic via one exclusively and have no chance of other traffic ever causing a problem. And you can still setup both as failover to give some redundancy. Steve

@stephenw10 I have not be able to reproduce the behavior again, unless I use the crossover cable and have both OPT1 and WAN going into same switch - which I now believe to be an invalid configuration. MAC addresses need to be unique at the physical LAN subnet level. Hence the marvel with 1 Mac and 3 ports works as long each port is plugged into a different physical subnet. Now that I understand the Sg-1100, pfsense, VLANs better. I have the system working with 1 cable from WAN to Cisco Switch with the untagged VLAN being the WAN interface and the tagged 100 VLAN being the camera interface.

@stephenw10 Hi Stephen, I did have 'my identifier' set to the address with the elastic IP set. I finally found the problem. The inbound rules on the office pfSense did not allow udp/4500. Once I added a allow for the source IP the connection came up instantly. Thanks again, Paddy

@shinobi said in Java log4j vulnerability - Is pfSense affected ?: from what we see across various products and devops environments most often the devs are unaware of it until shown.. log4j can be buried deep so i'm about to scan my local pfsense using latest openvas plugins.. .although im not aware of it,.. it could still be behind something else. ~If i see any hits i will return them here. pfSense is open source software. If there was log4j module used, it would have been found / exposed and fixed by now. There are thousands of people out there checking the code. Not just Netgate. What im trying to say is, you are wasting your time.

Thanks @stephenw10, the rule screenshot's really helpful. I was able to get that rule set working (as long as the "skip rules..." option was selected).

@stephenw10 And gets auto discarded when the cited redmine feature request got implemented. On the down side : this needs some discussions with diff and 'patch'.