@stephenw10 sounds good. Thanks for checking

It's trying to open pages that don't exist in pfSense. It probably was previosuly connected to something at the pfSense IP and hasn't updated yet.

Hmm, it just keeps running for me in 23.01. You're just viewing the default screen?

@menethoran store.netgate.com have excellent selections and help support the project

Ooops I missed a bunch of replies here. I see you solved it already. Nice.

Yeah, if your WAN connection is actually 1.5Mbps then I wouldn't expect to see anywhere near 1ms to anything external. I assume that's DSL? The 30ms you were previously seeing is probably about right but what was that to?

@mauro-tridici Most easy known solution : only accept really trusted devices on your pfSense LAN. From this LAN network, you could connect your own device - that you should trust - and access pfSense. You can even lock down to access to just one LAN IP : the one your device will get when it is connected. All other users : use another LAN called OPT2. From this OPT2, devices they can do what they want, but they should only be able to contact pfSense over port 53, UDP and TCP. Block the rest with destination .LAN2 IP pfSense.

Ooo, that's fun.

@somethig Many others will do it in the same way, or am I wrong with that? RouterOS Untangle ClearOS Endian Sophos

@steveits Logs, but I don't think I checked that particular logfile. I can check my backup for those double entries to see if that were the case. In any case, I'm back up and running and about to start the upgrade to +

Ah I see. Perhaps in my previous setup, the OpenVPN server wasn't assigned to an interface! Thanks everyone for the explanation!

Hello @dobby_ , thank you for your reply. I was able to fix the NTP sync problem detected on some particular "NTP client" devices. It was an issue related to the NTP client software. The devices vendor support suggested to uninstall ntp client and install chrony. Now, everything is working as expected. Anyway, I wasn't able to increase the verbosity of NTP server logs on pfSense 2.6 and I wasn't able to detect the reason of "reject" issue. Have a great day, Mauro

@consistent_plum3631 I haven't stopped to look at travel routers since I don't have enough budget to buy several devices for this project GL-SFT1200 (Opal) save WLAN-Router for travelers – AC1200 Dualband-Gigabit-Wireless-Internet-Router | IPv6 | USB-2.0 | MU-MIMO | 128 MB Arbeitsspeicher | Repeater-Brücke | Access Point-Modus 45 € Router 20 € Bag As a AP, as a repeater, connect and feed over powerbank, USB C, 3 WAN/LAN Ports WiFi AC small and able to carry inside of your backpack or a greater pocket! and the protectli seemed to me a very good idea because of its versatility, It is not able to feed over a powerbank, and is not that I would prefer to carry the whole day around elsewhere I go! You sit on a green inside of a park and the GL router is able to connect you via; WiFi, USB LTE modem, over your smartphone and can be powered over the Laptop or a small powerbank. Try this with the Protectli please. since I can always end up reusing it for something else, You can also that router reuse again. The Protectli is for home usage and the GL ones are for travelers or traveling. besides instead of a proprietary firmware with a simplistic GUI, OpenWRT is fine. I want this project to help me learn about pfsense, vpn's and networks in general. You could do more by using pfSense at home and OpenWRT in the wild or outside.

Hmm, the fact it saved a crashlog at all shows that the drive didn't fail entirely. Using ram disks can be problematic with larger packages like that.

You have an internal switch too though I assume? Is that showing 10G? Yeah, I would go to Intel NICs if you can.

You can search the config for sshdata tags.

@nollipfsense said in initial config; won't act like a router: knowing that doesn't make sense. Not sure I would say that - its quite possible to use pfsense as just a router without any firewall. You can either turn off the firewall completely - or just use any any rules as another method. If your going to use pfsense as just a router downstream of another router, be that your own or the ISP. You still need to understand that your not going to talk to the internet via a rfc1918 address. If you don't want pfsense natting rfc to its wan address - you would need to make sure that the upstream router that has a public does the natting of your downstream rfc1918 networks if they are wanting to talk to something on the internet. internet - routerA - 192.168.1.0/24 - routerB - 192.168.2.0/24 Lets say you had a transit network of 192.168.1/24 and your downstream routerB had say 192.168.2 behind it.. In this case if your downstream router is not going to nat the 192.168.2.x address to whatever IP it has on the 192.168.1 network. Then the router connected to the internet would need to nat both 192.168.1 and 192.168.2 addresses. If pfsense was being used as this edge router, and you setup a downstream network, and the routing for these downstream network(s) then it would auto nat them to the public internet interface IP, etc. If you had not turned off automatic outbound nat. Once you create the router to the downstream network(s) and the gateway to get to them, etc. The automatic outbound nat would add those downstream network(s) to its natting. Normally if you were going to use a downstream router in your network, no it wouldn't be natting from rfc to rfc, but the edge would need to handle the natting of rfc to public IP space if you want your rfc networks to talk to the internet.

@heper thanks for testing. Shame on me, I was running the commands on macOS and not on Linux. Trying on the latter worked, indeed! Damn mac, how much wasted time on this!! Thanks again

Yes, you can certainly break things that way. But enabling an interface is a fairly small change and you can copy/paste the line from another interface so the risk is low.