@johnpoz If I understand you correctly. I do have other devices connected to my US-24, some computers, Smart TV's but most of them are using my LAN network (my main network) and one Smart TV using profile - VL30_KIDS, the rest of the ports on my US-24 using profile "ALL" :) Btw, my pfSense and UniFi "setup"(almost) is from this video made by Lawrence Systems https://www.youtube.com/watch?v=b2w1Ywt081o

@stephenw10 said in *SOLVED* pfSense freezing for a second or two every 15 minutes: The other table that can be massive is bogons v6. Not too horrible at 124297 entries. Some tables as pfctl seems them -pa-r-- bogonsv6 Addresses: 124297 Cleared: Fri Aug 20 01:07:38 2021 References: [ Anchors: 0 Rules: 1 ] Evaluations: [ NoMatch: 537822 Match: 0 ] In/Block: [ Packets: 0 Bytes: 0 ] In/Pass: [ Packets: 0 Bytes: 0 ] In/XPass: [ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass: [ Packets: 0 Bytes: 0 ] Out/XPass: [ Packets: 0 Bytes: 0 ] -pa---- pfB_NAmerica_v6 Addresses: 505938 Cleared: Fri Aug 20 01:07:38 2021 References: [ Anchors: 0 Rules: 0 ] Evaluations: [ NoMatch: 2 Match: 12 ] In/Block: [ Packets: 0 Bytes: 0 ] In/Pass: [ Packets: 0 Bytes: 0 ] In/XPass: [ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass: [ Packets: 0 Bytes: 0 ] Out/XPass: [ Packets: 0 Bytes: 0 ] -pa-r-- pfB_Top_v6 Addresses: 16341 Cleared: Fri Aug 20 01:07:38 2021 References: [ Anchors: 0 Rules: 3 ] Evaluations: [ NoMatch: 51426 Match: 150 ] In/Block: [ Packets: 150 Bytes: 10800 ] In/Pass: [ Packets: 0 Bytes: 0 ] In/XPass: [ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass: [ Packets: 0 Bytes: 0 ] Out/XPass: [ Packets: 0 Bytes: 0 ]

All the package data is stored in the main config file in /conf/config.xml. If you're doing something that is impractical to manage via the gui you should probably be using a separate Radius server. Steve

@stephenw10 thanks

@bangui91 first go into the bios and disable hyperthreading. secondly, list your network adapters. are they all intel or do you have realtek? Everyone hates realtek because for the longest time, BSD was shipped with broken drivers.. pfsense version 2.5 finally included working drivers for realteks, however unlike intels that just 'install and work out of the box', you have to direct pfsense to use the new realtek drivers. i've seen the commands, it's very simple. just have to search for the instructions on what to do.. again, it's very simple and as a noob myself, i wouldn't be concerned. third, you should list the packages you have installed for the seasoned vets to go through.. someone here will know

PPPoE cannot be DHCP. I assume you just mean it's dynamic? You are suggesting using those subnets? I would avoid 192.168.1.X as it's very common. It's the default LAN subnet.

Anything that is just a modem will not be addressable outside it's own segment. It might have a management interface but it will be using a non-routable private IP address. What sort of DSL service are you connecting to? Steve

@carl123 said in Problem with packages: What confused me was that when I loaded my copy of pfsense, it returned the problem Most probably : When you install pfSense, updates/upgrades work, as default DNS settings work. When you import your own settings, with your config.xml, "breaks" DNS. pfSense itself can't resolve any more, and thus can't contact the Netgate update-upgrade server : the Package lists stays empty - and you're not notified any more when updates are avaible. Solution : 'repair' your DNS.

The matching thread on reddit for this says he already started the rma process.

@bingo600 said in MINIX NGC-3: His Minix book is worth a read I haven't read that book, but I do have his (with David J. Wetherall) Computer Networks book.

The client export by default will use the WAN IP as the server IP in the conf file. But in Azure the WAN is a NAT'd private IP so clients will fail to connect. You need to set the Host Name Resolution field to other and enter the public IP there. Or use an FQDN is you have a public host name for that. Steve

@stephenw10 Yeah, thats what I would like to do... I imagine I could do something like screen-scrape if needed...was hoping there would be something...

@jknott Thanks, very interesting.

No not two NICs, two interfaces, which can be a VLAN. Interestingly the SG-1100 only has one NIC anyway. It uses VLANs internally to create 3 separated interfaces. Steve

@mer said in SG 6100 is worth to buy?: Funny how the whole system is governed by the smallest bandwidth. Exactly. But as you say more ISPs are starting to offer connections in the 1-2Gbps range where 2.5G NICs (at least) are required.

Mmm, interesting. Thanks for following up.

No. The point of using the internal interface abstraction names like that is that there is only one reference between OPT1 and the physical interface. When you re-assign it to the new NIC all the rules on it will follow that. Steve

@srytryagn oh... and just so you completely understand the 1100 doesn't come with any WiFi access points. It's a wired device.

@stepinsky said in OpenSSL vulnerabiltiy: pfSense affected?: I cannot judge the relavance of the vulnerability for pfSense users. That is the big question for sure.. The analysis is still underway at nist https://nvd.nist.gov/vuln/detail/CVE-2021-3712 This vulnerability is currently awaiting analysis. The key really being "If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit." Would that be something that could be done with how and when pfsense uses openssl? And it seems there is a patch for freebsd https://www.freebsd.org/security/advisories/FreeBSD-SA-21:16.openssl.asc So when netgate/pfsense feels its prudent sure they will make it available. edit: Well this openssl thing was in one of the many newsletters I get ;) In one today.. Doesn't seem like it is too much of a concern to be honest. Here is the article if interested https://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/

Let me try to replicate it with the values I have first.