I was in contact with my ISP and we managed to solve the problem by changing the ip 185.113.141.145 to the ip 185.113.143.xx inside the /24 of my /28. Thank you for help.

Yes, you would think. If it got stuck in a loop compressing the logs it could have high CPU usage for a long while though.

@skilledinept said in Automount ZFS volumes/datasets: could it be that it's not loading some service that mounts the ZFS pools? That is a good possibility. On a normal FreeBSD system /etc/rc.conf has "zfs_enable=YES" to enable/start the zfs service. I don't have a pfSense with ZFS in front of me, but in the Web GUI, look under services and see if there is a ZFS somewhere to enable.

@bob-dig @stephenw10 You guys were 100% right... lol. I ended up having it configured through my wireless router (which I had setup as ap mode only). In AP only mode, it hides the ddns configuration... (smh). So when I checked it as a possibility it didn't show up. But after monitoring tcpdump I saw it reach out and try to update, so changed it back to router mode and was able to disable it. Thank you all for your help!

@matthew_beck You setup a traffic shaper (also called a limiter), or multiple traffic shapers, and apply that to an interface or one specific machine, or an alias of machines (hosts) on an interface. https://docs.netgate.com/pfsense/en/latest/trafficshaper/index.html Here'a a good video on the process: https://www.youtube.com/watch?v=gIvc1qZn5dc

@hlrobert said in Local Password policy: My PCI/SOC2 auditor would like to talk to you. I known you're joking ;) When handling private data like credit card stuff, medical data, or worse, army stuff, all bets are off. Even simple systems that handle the power grid should be seriously protected, because it's the blood of our society. I only need one training when I have to deal with "PCI/SOC2" : and that is wrting clear and correct huge payment checks, as I would eject myself out of the "I know that" position. I would pay some one. And sue the hell out of him when thing go wrong.

Thanks, everyone. You're all correct. The count did include the replies. hahaha, I need more coffee. But, I also would like to reduce the noise. These answers are exactly what I was looking for. Really appreciate the quick responses. Thank you again!!

But it could be and by doing that the other side will be able to reply. Your rule need only apply to the monitoring pings. So you probably want it on the MPLS interface. Steve

Right obviously the package is not required and the Radius config is all on the remote and not in the firewall. But from the user auth point of view t configured in the same way. In both cases you need to add a Radius server in User Manager. The only difference there is that with Freeadius the server is specified as running at 127.0.01, because it's local. With a remote Radius server you need to configure the server IP address so pfSense knows where to find it. But the OpenVPN config is no different, the only change would be selecting the new radius server to use. Steve

@tedquade Seems it was quite broken. Did a bare-metal memstick install and config restore. Am now back in operation. Thanks for your help. Ted

Not sure what post you were refering to there, the link was removed. What exactly are you seeing? I assume a 502 error. What pfSense version are you running? Did this just start happening? Steve

@stephenw10 said in pfSense pkg from FreeBSD ports or repo: That's really only any use if you have wifi hardware in the firewall. And we are all familiar with the issues there. Unless you run kismet in server/drone config. But in that setup running the server part on some other host would probably be better. With the drone part running on an AP. Been many years since I did that.... Ok thanks for clarifying this, I would set up it then better on an small RAPI and combine there kismet and fail2ban for rough hosts in AP mode.

I've never tried that. But I'd say you're doing it correctly since the logs are reporting the file was loaded as expected.

Mmm, OK I replicated that. That clearly that is loaded though. Something in the perl config maybe. Someone more familiar with perl will need to look at it.

I'm using the RADIUS class property (Group Membership) > like described here. Is there not a way to write into the radius server certificate in wich vlan the user must be put in? And each vlan has then its own IP range. Done.

@johnpoz @stephenw10 Yes working great, thank ya'll so much :)!

@bert-0 said in No Internet: BTW: I am new to CMTs. How can you tell if a device you hit is a CMT or not? A CMTS is the device you connect to at the cable company head end. I used Wireshark to examine the DHCPv6-PD packets and saw the error message that identified, by host name, the failing system. Anyway, as I said, try connecting a computer to your modem directly. And if a tech comes make sure he can connect with his own equipment. BTW, have him try test-ipv6.com to show you everything is working properly. You should get 10/10.

@stephenw10 @jimp @Patch @Gblenn Thanks again everyone for your help. I am going to run this like this for a while - and take weekly backups. When I am ready to move to Proxmox - I will install fresh and then restore the last backup. Right now I have another issue... suddenly the 4-port card that I put into the HP Z240 prevents the machine from booting. I can take it out and put into another machine and that one boots just fine. Boots all the way to Windows server 2019, is seen and all 4-ports are there. Put it in the HP and I get 3 slow-beeps and RED power light, then 2 fast-beeps and white power light. I have a ticket with the folks at HP. It is an HP card 331T card.

Yes, should be possible