@stephenw10 Thanks for that info, I have created an account and provided the crash dump into the redmine ticket. I hope I could have provided the right information so they can fix the issue.

@flarednostril said in pfSense GUI unresponsive when WAN drops: @gertjan Yep reset to default. Then try disconnecting WAN. I suppose I will have to try that. Just surprised I'm the only one apparently having this problem. I will try reset to default and see if I get the same behaviour. We all agree the GUI may get a bit sluggish with no WAN connection, especially so if the Dashboard "home page" is being viewed and "Check for Updates" is checked. But I personally have never seen the pfSense GUI just basically slowly die as you describe.

You don't have to be doing anything with rules - just if you have an alias setup that wants to resolve that.. That is not something pfsense would be using. Do you have any aliases setup at all?

@noplan the one thing I would do differently (if you have the ports available) is connect your AP into your vlan capable switch. You can still use an uplink just for those vlans to another interface on pfsense. But doing so allows you to also put wired devices onto those vlans that your using for wireless. With your drawing, and only 1 vlan on that switch - it doesn't even have to support vlans, only your AP would since it looks to be directly connected into a port on pfsense.

@emmanuel-0 Is working well right now, I used use DNS Resolver then I change for DNS forwarder and made some changes at DHCP, is working now but is on trail. If continue to working well I write you, Thank for the help

@stephenw10 said in LCDProc CPU Temp Screen: Unfortunately my own php skilz are such that I'd have to spend significant time on it I understand that very well!

@marvosa Integrated and not having to use an Ubuntu server??

@johnpoz "Yeah you can leave your udm with a wan, I would put that on its own vlan for pfsense" First thing I did, actually.

@stephenw10 Found the problem, I was using Unbound python mode. Now it only blocks in the 101 vlan. Time to continue experimenting with pfblocker. Thanks again!

@stephenw10 said in Cloudflare Dynamic DNS error: Hmm, so you have it set to monitor gif0 but it cannot send updates from there? No, its monitoring opt19 but for some reason was trying to send updates out of opt15 (gif0). So I had to enable that hidden form field to manually change it. Question is, why is that form field even there and why is it hidden? I can only assume Firefox submitted the field even though its hidden (this is expected behaviour) and so the wrong interface got assigned, as gif0 was at the top of the list. I also noticed if I tried to monitor a ppp interface the IP just said n/a and it didn't even give a tick or cross. Fortunately I don't need to do that as both are static IPs, I just tried it while testing.

@stephenw10 Yep, had to reset the admin from the console. I was hoping for a remote solution, but hey, it's always fun to go to the datacenter, right? The weird thing about this problem is that an unrelated/unaltered user was showing the same error after we fixed admin.

@stephenw10 Except it failed overnight, when I changed versions. As the capture shows, there are 2 gateways involved, so there should be no conflict that way and my cell phone is with the same company. I do recall there were some OpenVPN changes when this happened. I redid my config to accommodate them and also because I wasn't thrilled with what I had. Correction, this came in with pfsense 2.5.0, not 2.6.0. I'm currently running 2.5.2. 2.5.0 came out on Feb. 17 and I was inquiring about the the OpenVPN version in openSUSE on Feb. 24, to see if that might be the cause of the problem.

@stephenw10 based on observation over the past day (or so) it looks like a one-time thing.

/usr/local/etc/wireguard -Rico

That setting has nothing to do with clients.. That has to do with how pfsense resolves.. It just what you want pfsense to do when it needs to resolve - say resolve an IP in the firewall logs, or asking for alias fqdn, or checking for its own update. Clients asking unbound - that has no effect on. But with how you have it now - pfsense would not be able to resolve any local resources.. It could have a hard time working out what client is at say 192.168.1.43 for example in your firewall logs..

@potjoe said in How to route promiscuous traffic ?: because you should not see traffic on private subnets go through the firewall. Nope. Because you cannot have the same subnet on two interfaces, it breaks routing, so traffic there should all be on o9nbe interface and the two devices talking to each either directly. But here you are in fact trying to workaround some ISP requirement where you have two devices in the same subnet on different interfaces. I still don't expect to see it on the firewall because they should just ARP for each other and fail. I'm not sure how that TCP session can ever establish. The only way I can see this working is be bridging and that would probably break numerous other things. What exactly is this device on the LAN? Does it have to be on the LAN? Steve

@overlord73978 Stay healthy

There is an entire sub-forum here dedicated to the Snort and Suricata IDS/IPS packages. Here is a direct link: https://forum.netgate.com/category/53/ids-ips. At the top of that forum page you will find a number of Sticky Posts describing the various operating modes and how to configure them. This one should get you started: https://forum.netgate.com/topic/143812/snort-package-4-0-inline-ips-mode-introduction-and-configuration-instructions. Note in the linked post that not all hardware NICs support the netmap kernel device required for inline IPS operation. If your NIC does not support netmap, then you will have to switch to Legacy Blocking Mode.

Another option here, if the files are small, is to use the Filer package. That includes additional files in the config file so they will be restored if you have to re-install completely. Steve

Ok, so your public IPs are in the same subnet I assume? Does the TP-LInk actually get a public IP or is it port forwarded from the Comcast router? I would still suggest using a single pfSense instance with just a modem in front of it if you can. Steve