Yes, after looking into those tokens I see there is in fact a 'duration' value for tokens and it's 365 days. So if a redmine is required here it's for documentation. If it's not shown anywhere it should be. Not something I've seen before, thanks for pointing it out. Steve

We have considered changing it many times but at this point it would likely cause more confusion than it would solve. POLA applies.

Mmmm standby hardware is a comforting thing to have in such moments IMO. Yes it will always be slightly behind whatever the failed unit was but as long as it's kept vaguely current you can always update it and restore the current config to it. I have done that myself in exactly this situation. But, yes, the NDI will be different so both boxes would need to be registered ideally.

@darren200701 No issues on latest Ventura developer beta. If you are still having issues, Stuffit Expander is available from the Mac App Store

Yeah, if you have a CPU that supports SpeedShift it probably will be running faster/hotter with the default values than when using SpeedStep tuned to reduce power consumption.

@Gomo said in pfSense inpath DPI / setup question: pfSense transparent bridge Didn't even entered my mind...thanks for sharing.

@menethoran said in setup new non-active (yet) pfsense machine on network with working pfsense: I WILL be replacing one with the other, but I want to have the new one as set up as possible before switching. The way to do that is to download the config file and use it to get started with the new system. However, you will likely have to reconfigure the interfaces to match the old system. You can do that from the console, using ssh.

@SteveITS said in pfBlockerNG - Blocking a domain: does your log show an error it's trying to update the empty source? No errors here when updating or reloading.

@stephenw10, Well I am using the TFTP server and PXE to boot iPXE. Once iPXE takes over I want to use it to "sanboot" an ISO, but that requires the ISO to be made available via HTTP. It seems like the best thing is going to be for me to just install an HTTP server on a VM or in a container for that purpose, I was trying to avoid that and let pfSense do it, but I see it probably just cannot be. I was hoping pfSense could serve it up, but no problem I'll just setup a container to do it. Stuart

That is pretty small. We have to do some odd tricks to parse the lease file since the format used by ISC isn't very friendly to parsers. It's possible there is something in the lease data that is making the parser fall into an infinite loop. Probably something in one of the uid or client-hostname lines, but uid is much more likely to contain something problematic.

@stephenw10 Thank you. I know I have eyes on it now... but every entry helps.

@jimp said in Modify a widget?: While there are no plans I'm aware of to add that, given the functionality that's already there, it may not be terribly hard for someone to add and make a PR to do. True, it looks quite nice, not been through the imports yet though. Will be something to figure for a rainy day perhaps. Thanks :)

@Jarei said in pfsense+ upgrade from 22.05 to 23.01 causes kernel panic: well the good news is changing that problem card solved the problem running 23.01 atm had zfs saved snapshot so could test it quickly now my license does not work anymore so can't upgrade to 23.05 like yay think i'll move my shit over to something else just by changing 1 network card license is void this just plain sucks :( Are you seriously complaining about a free license that didn't cost you a single dime? Feel free to "move your ****" to another firewall platform.

Yup, if anyone can tell you what the expected behaviour of the AT&T router is it's the guys in that thread.

Hi people, my NIC arrived and it's running so fine. Love it! Will buy a Netgate 2100 in the future for the low running cost of 5W only! [image: 1685519039547-fada4b50-67bd-45b0-9a3e-52815b36895e-image.png]

@SteveITS Yep it has I believe 3 modes and one of those is AP. I will do some testing and report back but could be a while as I am not at home due to personal circumstances but will report back. That option to place the AP there is a really great one as it also frees up a port on the Pfsense SG-1100 (I ordered one before I came to this forum, if I knew then what I know I would have ordered a 2100

@tjabas said in need some help assigning ports in new router: i was trying to do so by assigning igc2 as the same start ip as igc1(192.168.1.1) but it wasnt possible so i made it 192.168.2.1, but i cant get no internet connection in that port. Unlike the main LAN, you need to provide rules to allow the traffic. Here's what I have for my guest WiFi. It's on a VLAN, but it works the same way. It allows connecting only to the Internet and pinging the interfauce. [image: 1685478689945-b2263027-ed7b-4ba3-876d-a871ead6e324-image.png]

@Troutpocket So based on what I have recently done i think you will need a radius proxy. To add some color, I recently set up Cisco DUO 2FA. Logging into my pfsense using LDAP or OpenVPN using LDAP auth, admins and end-users will get a DUO Push notification. Works brilliantly. In order to get this accomplished I needed to have a working LDAP server that everyone initially can reach and auth to. Once that is working I set up a DUO Proxy server that also listens for LDAP requests. Now you point all your LDAP configuration to the DUO Ldap you set up and when any LDAP request get sent to this proxy server, the proxy talks to the LDAP server confirms that auth is good then talks to the DUO service to have a push notification sent to the end-users phone. I bring all that up to say i think you require a proxy as well. You need to have something talking radius and all radius requets get sent to it and the proxy will turn around and send it to Azure. I found this while searching. https://wiki.freeradius.org/config/Proxy

@vahidmoghadam You'd do it with a shell script. Here's one I wrote years ago on Linux: #! /bin/sh while [ 1 ] do ping 99.246.124.1 -c 1 || date >> ~/log;sleep 50 done The commands I run on failure are date and sleep for 50 seconds.

Apologies for the thread necro, but I figured I should give a final update. Was all ready with Wireshark, and waiting for the problem to happen again - but it didn't. And four months later, it still hasn't happened. Everyone seems to be working fine. And I still had no idea what the problem was, or why it suddenly vanished. It could be sunspots for all I know. Thanks for all the advice and suggestions.