Right, so if your BIOS does not include a UEFI shell then you need to boot something that does, which isn't pfSense. I would be looking for a USB image to do it. What are you trying to change anyway? Is it passing a bad value to pfSense? Steve

@mdecou you need server: above that.. With the server: I would expect you would get a parse error. I just tried it without server, and do not seem to get an error - but not sure it would work.. But yeah you need that or your most likely going to run into a rebind error.

the problem is already solved. the account was already secured. by a password 30 characters long randomly generated. it was not at risk. it only serves this purpose, its not my email account, so i never log into it, except when they break things in the name of "security". because i never log into it, i had no idea app passwords was a thing that could be used; they don't show up as even existing until you have 2fa on, but why would I turn 2fa on and break my notifications, thus, creating a circle. i have another account that is for arctual google services that doesn't use external apps, and all my google-fu failed to find any reference to app passwords. the first I heard of it was by chance in the feature request. once I knew that existed, i was able to find out that 2fa needs to be ON to even see it. i know perfectly well how to read my email...

Yeah, there's no way to switch filesystems at upgrade. You can only do that by reformatting at install. So it must have been running ZFS already. I think the bug you are referring to is this: https://redmine.pfsense.org/issues/12144 That only applied to ZFS installs, Steve

Encrypted private keys are not yet supported. You have to import the key without encryption. https://redmine.pfsense.org/issues/1257

- this is embarrassing. . . . I feel so stupid. It turned out to be that the server was being blocked in the AP's access control settings. Had been banging my head on this for a couple of hours. Thanks for the reply, @stephenw10 .

The simplest way to get back to a known working state with those sorts if errors is going to be a clean reinstall of 2.6 and config restore. If you cannot do that you can try a force re-install but that is not guaranteed. https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#forced-pkg-reinstall Steve

@departy As @Bob-Dig : [image: 1646643883767-5a3455e9-33b1-4940-9361-46c08720ffb0-image.png] says that dyndns is synced every day at 1AM1. The sync is also triggered at a WAN NIC network event, as this might imply a WAN IP change. If pfSense uses a RFC1918 IP on it's WAN, there must be an upstream router. These routers can renegotiate a new WAN IP without pfSense knowing about it. For pfSense, the RFC1918 didn't change : no WAN NIC event : the dyndns sub system isn't made aware of a possible change. As proposed : accelerate the checks. The dyndns script checks the domain DNS IP (it does a nslookup or dig) and compares the obtained IP with the IP stored in a local cache file. They must be the same. If so, the IP is shown on green in the widghet. If not, the IP is update on the DNS server side, and if all ok, then the local cache file is updated.

@steveits thanks for the tip re old releases. Lesson learned.

Probably both. The pfSense package should not create a pimd conf file that includes invalid interfaces. pimd should probably not kernel panic on a bad conf file. I expect it to simply fail to start. Steve

No, I've not noticed that. What CPU is that? The widget gets those values from the sysctls so I'd suggest you might just be missing the peak values that are caused by loading the dashboard. Try loading the CPU artificially and see if the steady state values match. When I'm doing that I use: [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [1] 6443 [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [2] 6589 [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [3] 6594 [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [4] 6923 That makes the 4 cores there run at 100%: last pid: 7719; load averages: 2.28, 0.69, 0.29 up 2+01:00:56 22:36:41 64 processes: 5 running, 59 sleeping CPU: 15.7% user, 0.0% nice, 84.3% system, 0.0% interrupt, 0.0% idle Mem: 20M Active, 152M Inact, 437M Wired, 3229M Free ARC: 175M Total, 42M MFU, 129M MRU, 172K Anon, 785K Header, 3756K Other 57M Compressed, 175M Uncompressed, 3.05:1 Ratio Swap: 1024M Total, 1024M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 6443 root 1 103 0 10M 2068K CPU1 1 0:49 100.06% yes 6594 root 1 103 0 10M 2068K CPU3 3 0:47 99.90% yes 6589 root 1 103 0 10M 2068K RUN 2 0:47 99.86% yes 6923 root 1 103 0 10M 2068K CPU0 0 0:46 99.83% yes 7719 root 1 20 0 13M 3572K CPU2 2 0:00 0.21% top 87020 root 1 20 0 14M 5068K nanslp 1 0:21 0.02% vnstatd On the 5100 the core temps are help pretty close: [22.01-RELEASE][admin@5100.stevew.lan]/root: sysctl -a | grep temperature hw.acpi.thermal.tz0.temperature: 0.1C dev.cpu.3.temperature: 46.0C dev.cpu.2.temperature: 46.0C dev.cpu.1.temperature: 46.0C dev.cpu.0.temperature: 47.0C Other CPUs may not be coupled as well to the heatsink, or internally each core. You can run killall yes to stop those. Steve

@thewaterbug I have a friend with a bare MBT-2220 running 2.6 on 500Mbit sym fiber and we're not seeing any missing speed -- but we haven't really pressed it too hard.

nevermind...I figured it out.

@hamsterray See here.

@stephenw10 said in Resolving a domain in firewall rule: Every 5mins by default. See: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases Steve I am fascinated with pfSense...so much to learn and what it can do.

You should open a ticket with us to work through it. You need to access the serial console to diagnose or repair that. https://www.netgate.com/tac-support-request Steve

@wheelhouse20 yes, I know there is a newer version, haven't updated yet.

You would have to access the subnet behind pfSense using port forwards. Or you could add a static route to the client PC for the 192.168.10.0/24 via 192.168.1.2. Steve

Well I wouldn't buy that particular one since it appears to include some sort of fast charge circuitry. I have no idea how that affect a USB data connection through it.

Yeah, the dependency is two fold. The default config has the WAN set as DHCPv6, the LAN set to track WAN for the IPv6 prefix and a DHCPv6 server enabled on LAN. To disable that first disable the DHCPb6 server on LAN. Then you can set the LAN interface DHCPv6 type to none. Then you can do the same on WAN. Steve