user admin in the gui is user root for ssh, it's the same account if you want to add a new user with ssh access you can do it from the gui System / User Manager add a new user, the privilege would be -> User - System: Shell account access

yeah the meme was a joke, the fried cpu was not

While you can't yet change which interfaces the GUI and SSH listens on, you could setup some floating rules to make this easier, something like Pass quick TCP from <your management subnets> to This firewall (self) ports <alias with 443, 22, etc> Reject quick TCP from any to This firewall (self) ports <alias with 443, 22, etc> The "This firewall (self)" target expands internally in pf to any address on the firewall.

ok thanks good info, I fixed the issue, after I connected the lan from the netgate to my pc I eas getting the full 230Mb, so the netgate router was not the issue. so next I removed all the other lan cables from my switch and moved the lan cable back to the switch and now im all good. Looks like I had a lan switch issue. :)

@NollipfSense said in pfSense crash after Blackout: @bmeeks Got to get me a UPS! I highly recommend it. Can save you from a mini disaster during a blackout or even temporary power blip.

@stephenw10 said in What IF's to enable TFTP Proxy on ?: You need to enable it on the entry interface of every firewall the initial request passes though passes through. Steve Thank you Stephen That clears it up :-) /Bingo

So internet in general was working, you had no issues resolving anything.. Just speed test was failing? And you had tried just changing the servers you were doing the test too? [image: 1568859670618-changeserver.png] That latency error you were getting seems to just point to one of there servers being down https://support.speedtest.net/hc/en-us/articles/203845540-What-does-Latency-Test-Error-mean- "Latency Test Error" typically occurs when the server has gone temporarily down. We have a server watchdog that will periodically contact servers to verify they're working properly, but there may be a slight delay before we automatically recognize the server is down. Please let us know by filing a support ticket specifically identifying which server caused the error, and try testing to a different server.

Yup, I remembered now I was showing a technician how to install a production version of our pfsense onto a generic build. He resetted to factory default first and changed the interfaces so WAN was on a usb port. At the time I didn't think too much about it but it turns out to be a big head for me. @johnpoz I would so buy you a case of beer if I can. Thanks everyone for the inputs, I believe this is now solved.

@stephenw10 i like overkill i will go for 3100 and 5100 for the main office. I am also considering upgrading our bandwidth. What do you suggest for a stable vpn connections, or is my current bandwidth are enough?

So a smart/managed layer 2 then ;) BTW, if your going to route and your wanting to access something on your downstream from a IP that is on your transit network you are always going to run into asymmetrical problems.. [image: 1568768481992-asymmetrical.png] If you want to route to other networks on your downstream, then that needs to be connected to your upstream router via a transit network.. If you going to want to get to it from devices on your transit network.. Then you need to host route on them, or you run into the above asymmetrical problem. Connect your upstream to your downstream via transit network (no hosts on it) and your asymmetrical issues are gone [image: 1568768794638-17216.png] Also if you created your SVI on the L2 that your 10 network is on, then its IP would be in the 10 nework.. If you created put the svi on a different L2, then you need to route it via a transit or host routes or your going to have the asymmetrical problems.

Ok so you can ping out though? Try pinging out with large packets: ping -s 1000 -c 3 1.1.1.1 Try different sized packets to see if you really are seeing an MTU issue. Steve

Well, take a look at the previous 48hs: [image: 1568746839947-pf-cpu3.jpg] I will double check the Hyper-threading on the bios. Thanks a lot for the help!

@stephenw10 Thanks and noted!

With IPAliases you can usually use either /32 or the correct subnet size. The important thing is you have at least one IP defined on the interface with the correct subnet in order to add the correct routing. https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html#ip-alias Steve

You could narrow that destination to just the PBX IP if that's the only thing you need access to in that subnet. Steve

Yes, bridging the interfaces would allow the ISP router to 'see' the wifi subnet directly but it would still need an IP in that subnet to respond from which it does not have. With the outbound NAT rule as you have it you are passing all the wifi traffic across the LAN subnet which means, unless you have blocked it in pfSense, wifi clients will be able to access any LAN client which you might not want. Steve

Thank you very much, for the help the patch worked perfectly and already shows the view I needed, excellent help.

Update from my end, I think I figured it out... After @chpalmer last msg, I went back to the "Hard disk standby time" settings and it was set to 180, which even if the systems was using the 180 mins it still didn't make any sense as to why is was spinning up/down so quickly. What I did is set it back to Always on and after saving and rebooting there are no more spin ups or downs. thank you.

@tjabas said in change theme in Pfsense: router after about 5 years Wow. From what version did you came from ?

@stephenw10 Thanks. I reactivated user admin for now and bookmarked the screen it should have gone to for other admin level users (me really).