Unable to connect to some random sites like that is usually either an MTU issue or a bad subnet mask somewhere. Since you're unable to ping or even reach the first hop in a traceroute it's unlikely to be MTU so check the routing table for some bad route. Steve

Yes, it's only 5.2 that is no longer supported upstream and was removed. The expected behaviour is that the package would simply be removed at upgrade. But that is not the case currently. So if you have zabbix_agent52 installed it should be removed before upgrading until we get a fix in. Steve

Mmm, those are not specifically defined. That is the correct file though, you can see where the process is started here: /usr/local/etc/rc.d/vnstatd.sh

CE cannot, Plus can.

The console may seem unresponsive when you connect to it after this has happened but try entering ctl+t. That can often produce a response when nothing else will and shows what process the system is waiting on. Also if you can log the serial output during the issue there may be an error show there that cannot be written to the system log. Steve

If the firewall is actually configured with that FQDN it won't throw that warning.

If your switch is pulling a DHCP lease you can see is current but you can't connect to it it might be time to reset it. Make sure you're using a client in the same subnet. It may well block connections from outside it's own subnet by default. Steve

Thanks for all your help, I wrote my own solution now: https://github.com/Hornochs/pfsense_trafficstats_into_influxdb I parse in a python script the data of vnstat and push it into a database. I still have to figure out, why vnstats thinks on my pppoe interfac I have a transfer of 4 GB when I'm reconnecting.

@stephenw10 Echo the above comments entirely. Super important you run a CPU that supports Intel aes ni instructions too - it's got a lot work to do with the encryption remember. Without I'd expect about what you're getting. I'm getting well over 400mbs from nordvpn with my i3-5010U setup on a 500mbs line which is fine for me. You're going to need some pretty serious hardware (well above 300 bucks) if you're looking to get anywhere near your line speed with any VPN provider. Prepare to get your wallet out again. All that said - your super fast line is probably costing fairly serious cash so I wouldn't consider say a cost equivalent to a year or two's subscription disproportionate for the router.

If you remove one of the configured interfaces and reboot it will ask you to re-assign the interfaces at the console. That's how pfSense has always worked. Simply removing the Ethernet cable so it has no link obviously does not do that though. If you add new interfaces that use the same driver as existing NICs the interface order may be renumbered but they would still exist so you wouldn't be asked to reassign. Exactly what interfaces are you using here? You have mentioned both wifi and USB interfaces but no specifics. Steve

@stephenw10 Thanks. I will, and I think I've read that host time sync is only for maintaining the VMs time when the VM is off, but conversely it doesn't seem the host should loop with the VMs NTP either. I'll give it a try and delete all the present RRD data since it's corrupt anyway. Thanks again.

@rfinch23 said in Pfsense in front of udm pro: This allows for any external access using port forwarding where required. So this is a vpn on some vps or something you setup somewhere - most vpn services do not provide for port forwarding.

@bingo600 said in Fun with zfs , snapshots and rollback: zpool set listsnapshots=on zroot Just made a snapshot on version 2.5.2 Since Netgate changed the zfs root-name from zroot to pfSense On the new 2.5.2 CE version. And made some other zfs changes. I decided to make a full reinstall of my "boxes", booting from a 2.5.2 USB stick , and reinstalling from scratch. This is the new layout on my boxes root: zfs list NAME USED AVAIL REFER MOUNTPOINT pfSense 1.02G 222G 96K /pfSense pfSense/ROOT 800M 222G 96K none pfSense/ROOT/default 800M 222G 800M / pfSense/cf 5.58M 222G 96K /cf pfSense/cf/conf 5.48M 222G 5.48M /cf/conf pfSense/home 212K 222G 212K /home pfSense/tmp 476K 222G 476K /tmp pfSense/var 228M 222G 3.37M /var pfSense/var/cache 120K 222G 120K /var/cache pfSense/var/db 223M 222G 223M /var/db pfSense/var/empty 96K 222G 96K /var/empty pfSense/var/log 880K 222G 880K /var/log pfSense/var/tmp 136K 222G 136K /var/tmp I just ran the above commands with the new zfs root , names pfSense zfs list zpool set listsnapshots=on pfSense zfs snapshot -r pfSense@2.5.2 Here's the layout after the snapshot. /root: zfs list NAME USED AVAIL REFER MOUNTPOINT pfSense 1.02G 222G 96K /pfSense pfSense@2.5.2 0 - 96K - pfSense/ROOT 800M 222G 96K none pfSense/ROOT@2.5.2 0 - 96K - pfSense/ROOT/default 800M 222G 800M / pfSense/ROOT/default@2.5.2 0 - 800M - pfSense/cf 5.58M 222G 96K /cf pfSense/cf@2.5.2 0 - 96K - pfSense/cf/conf 5.48M 222G 5.48M /cf/conf pfSense/cf/conf@2.5.2 0 - 5.48M - pfSense/home 212K 222G 212K /home pfSense/home@2.5.2 0 - 212K - pfSense/tmp 476K 222G 476K /tmp pfSense/tmp@2.5.2 0 - 476K - pfSense/var 230M 222G 3.37M /var pfSense/var@2.5.2 0 - 3.37M - pfSense/var/cache 120K 222G 120K /var/cache pfSense/var/cache@2.5.2 0 - 120K - pfSense/var/db 225M 222G 223M /var/db pfSense/var/db@2.5.2 1.78M - 223M - pfSense/var/empty 96K 222G 96K /var/empty pfSense/var/empty@2.5.2 0 - 96K - pfSense/var/log 952K 222G 880K /var/log pfSense/var/log@2.5.2 72K - 880K - pfSense/var/tmp 136K 222G 136K /var/tmp pfSense/var/tmp@2.5.2 0 - 136K - I haven't played with restore etc. yet, but expect it to behave as above. We might (will) have to take the new partitions made in 2.5.2 into consideration. /Bingo

@stephenw10 Thank you, you were exactly right. Turns out that router factory defaults to 192.168.1.1 - I really wish it had a sticker on the bottom or something that indicated that, didn't think to search it online yesterday just kept pinging the 192.168.0.0 network assuming it was somewhere there. Fixing the address for the main LAN router also resolved the port issues I was having with Jellyfin, so that's great :) Thank you Stephen and everyone else who's offered help here as I stumble through this. Edit: Also, I'm forgoing my plans for the trash network as far as any type of firewall bypassing. At most I may make it where the VPN isn't active on that interface, but otherwise I think I'm good on that too. Thank you all!!

Hmm, OK then probably time for a pcap showing it connecting correctly we can compare the failure to.

What exactly do you need to see? pfSense already logs traffic volumes on all interfaces in Status > Monitoring. Otherwise see: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html Steve

@stephenw10 said in Hotplug event detected for WAN(wan) static IP: Hmm, ntop running on WAN (em0)? Can you disable that as a test? I understand, I just uninstalled it.

The filter used by pfSense, pf(4), is a layer 3-4 only component. There are some higher layer functions available via Snort but there is currently no per user filtering beyond something like Captive portal or Squid. Steve

I would expect that to be fine. X520 is quite common.