@bingo600 What I wrote about 'private network' means Windows network. When I plugged in server after PFSense, it connected with Private Network and it didn't let me allow to access internet or core switch. Probably firewall rules block my ping attempt, anyway I needed to be in company network domain. However, after I setup the DNS server ip address to PFSense - System - General Setup then my server network is correctly on our domain network. Still I don't get it why I need to configure DNS server IP address to PFSense firewall. It doesn't matter when I setup with Unifi switch after PFSense, but with the Cisco switch it was an issue. For the DHCP, we don't use DHCP on PFSense and server networks are always use static IP. Thanks to you, I have checked DNS setup on PFSense configuration and the problem solved. I am really appreciate your reply.

See: https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html

The Squid access log is a separate log. It's not part of the main pfSense logs. Configuring an external syslog server in the pfSense log settings will not export the Squid logs. It is possible to export the Squid logs directly, see: https://forum.netgate.com/post/936222 Steve

@aclouden said in Broken traffic graphs?: @steveits I put snort into legacy mode and the wan traffic graphs work as expected. Thanks for the tip! Chris The problem with the traffic graph and Inline IPS mode operation is due to a bug in the netmap kernel device. That kernel device is needed for Inline IPS Mode to work. That bug was recently fixed with an update to FreeBSD. That update was merged into FreeBSD back mid-August if I recall correctly. So at some point in the future it will make it into pfSense when they pull an operating system update from upstream.

I assume that's running OpenWRT? I would expect it to come up as a DHCP client be default but it may not. If it's static you'd have to set it in the correct subnet. It should appear as a wifi AP to wireless clients even if it's not connected so you'll have to check it's config. Try connecting to it's console so see what's happening. That's probably better served on the OpenWRT forum (assuming it's running that). Steve

It's possible it's being blocked be something other than Squid so check the firewall logs. Check Snort/Suricata if you're running them. You should see connections from the PS4 logged in the Squid realtime logs. So are conections to the Epic severs shows as passed or some errors? Steve

I've never used ADCS so I could easily be overlooking something! But if you're not generating certs for users in pfSense you don't need to import a private CA cert key. Steve

Nice. Thanks for the update.

@interessierter said in Boot loop: mode = 0100666, inum = 321055, fs = / panic: ffs_valloc: dup alloc cpuid = 2 time = 1633349216 KDB: enter: panic Yes, that is a filesystem damage error. But it will have been caused by something else previously. Whatever caused it to reboot initially is the real cause here. Steve

Generally you would want an Intel compatible module there but I would expect those to work. Steve

@modesty On my modem (AT&T DSL 3rd party reseller - Arris NVG589) I can setup the bridge connection, but it's not called that in the settings. Then I can set a specific MAC address to get the internet address from the modem. This is the MAC address of my pfsense WAN port. Then in pfsense, my WAN port is set to use DHCP from the modem and it gets the internet address. Works just fine that way for me.

There is no kernel panic shown there, that's not a crash. Looks like you have a drive error on ada0 though. Or possibly on the the controller. You should swap it out if you can. Steve

@stephenw10 @bingo600 @stephenw10 The issue is fixed now, what I did is I went back to the console and reassign those interfaces to their respective static mappings and rename those three interfaces to random names and renamed them correctly and same thing with their DHCP ranges. Thanks, [image: 1633229437667-tabby_l7wb64gjhv.png]

@johnpoz YES that menu. It was like 'stuck' It would not go away. After closing and re-opening the tab 4 times -- it went to just the icon. Told you I was calling Rod Serling. <lol>

Sure but not configured in pfSense. The firewall has to allow the incoming connections from the VPN client to the VM and once that connection is open the customer can do whatever the server allows. You need to configure the server to allow uploads only. Steve

So the important part there is: db:0:kdb.enter.default> show pcpu cpuid = 3 dynamic pcpu = 0xfffffe007f12e380 curthread = 0xfffff8020ef64740: pid 67417 tid 100250 "unbound" curpcb = 0xfffff8020ef64ce0 fpcurthread = 0xfffff8020ef64740: pid 67417 "unbound" idlethread = 0xfffff80004340740: tid 100006 "idle: cpu3" curpmap = 0xfffff8020e6cc138 tssp = 0xffffffff83717758 commontssp = 0xffffffff83717758 rsp0 = 0xfffffe004d5b6cc0 kcr3 = 0xffffffffffffffff ucr3 = 0xffffffffffffffff scr3 = 0x0 gs32p = 0xffffffff8371df70 ldt = 0xffffffff8371dfb0 tss = 0xffffffff8371dfa0 tlb gen = 589816 curvnet = 0xfffff8000408ba80 db:0:kdb.enter.default> bt Tracing pid 67417 tid 100250 td 0xfffff8020ef64740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe004d5b65b0 vpanic() at vpanic+0x197/frame 0xfffffe004d5b6600 panic() at panic+0x43/frame 0xfffffe004d5b6660 trap_fatal() at trap_fatal+0x391/frame 0xfffffe004d5b66c0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe004d5b6710 trap() at trap+0x286/frame 0xfffffe004d5b6820 calltrap() at calltrap+0x8/frame 0xfffffe004d5b6820 --- trap 0xc, rip = 0xffffffff80f712cc, rsp = 0xfffffe004d5b68f0, rbp = 0xfffffe004d5b6900 --- in_pcbdetach() at in_pcbdetach+0x3c/frame 0xfffffe004d5b6900 udp_detach() at udp_detach+0x93/frame 0xfffffe004d5b6930 sofree() at sofree+0x245/frame 0xfffffe004d5b6960 soclose() at soclose+0x30d/frame 0xfffffe004d5b69c0 _fdrop() at _fdrop+0x1a/frame 0xfffffe004d5b69e0 closef() at closef+0x23e/frame 0xfffffe004d5b6a70 closefp() at closefp+0xa0/frame 0xfffffe004d5b6ac0 amd64_syscall() at amd64_syscall+0x387/frame 0xfffffe004d5b6bf0 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe004d5b6bf0 --- syscall (6, FreeBSD ELF64, sys_close), rip = 0x800c8f47a, rsp = 0x7fffffffd978, rbp = 0x7fffffffd990 --- The msgbuf.txt file in your redacted archive appears to be damaged, I can't check it. That backtrace is not one I'm familiar with. It would be useful to compare that with the backtrace from other crashes. If it's close to identical it's probably a software issue. If it's a hardware problem they will be far more random. Steve

@tac57 said in Realtek Port Running Slow: I do have a 4 port Intel NIC sitting here hmmm, then pfSense didn't do this to you?

It depends entirely on what bandwidth you need over the VPN. Really I would suggest just testing it yourself as everyones traffic is different. Start small and go up. OpenVPN is single threaded so you may find the smaller instances work fine for you and larger instances don't give you much. Steve