So when exactly would curl on pfsense be doing this for example "When sending data to an MQTT server" "redis -- Integer overflow issues with BITFIELD command on 32-bit systems" How is that applicable? If you were going to update every single package every time any sort of issue is found, all you would be doing is running updates.. Unless the issue is applicable to how pfsense is used, it really shouldn't be a concern.. I am all for keeping up with what is out there, and what could be issues - but it can get out of hand really quickly if every little alert is some sort of fire drill for how the sky is falling.. Pfsense and the Netgate team should be keeping abreast of issues that could effect pfsense install base. And taking the appropriate actions - if you do not trust them to do their jobs, why are you running their software? Are you following up with the 2400 some plus CVEs currently out for windows 10? And following up with MS to what they are doing about them? ;) What is funny to me is how on one hand you have users worried about some odd cve report for a package and use case that I just do not see how its an issue.. And then you have others running 2.3 still of pfsense ;)

@kosvision pfSense is a router firewall. If you need a firewall / router, pfSense might fit your needs. Most often, your ISP router will do just fine. Hook it up, and it works, you'll be fine. Anyway, you can test it for yourself.

@jsmiddleton4 what exactly did you set? you should be able to view what that is directly with sysctl whatever that is..

It sounds like you whitelist includes your own IP and you are applying it inbound on WAN which you probably don't want. The pfBlocker rules generally get moved to the top of the list whenever they update which is probably why your block rules is being overridden. You can change that behaviour though or add a floating rule depending on how you have set the pfBlocker rules to apply. Can we see a screenshot of your WAN rules and floating rules if you're using them? Steve

No worries. Please ask if we can clarify anything further for you.

@stephenw10 said in Routing Error :radvd 40776 sendmsg: Permission denied: Go to Services > DHCPv6 Server & RA > LAN(or any other interface) > Router Advertisements tab. Set the router mode to disabled. Steve Dear Steve, your explanation help me out - thank you - roland.

What I set up for a client that is on FTTN is a Draytek Vigor 130 (i think) in bridge mode and a pfsense box. Their modem/router with the phone connection is connected to the pfsense box and goes out to the internet all by itself. All the other internal network runs off the pfsense box. FTTN ^ Draytek ^ pfsense box----------------> Old modem/router with ATA built in | |-----------------------------> Rest of network Hope that helps.

@sven72 The controller can just run on a VM.. Or a docker even - I run mine as a vm on my nas. You get a better AP, you get a better switch to be honest and more ports. While the UDM and the PRO and what the SE do have market I suppose. They have a new budget one coming out its in EA I think right now that is only 79$ that could be a good seller for them. I am just really not a fan of all in one boxes.. For big one where that box would go is rarely the correct place for an AP.. 4 ports pretty useless and would need a switch anyway ;) Once you put all that stuff into one box you limit yourself on features and functions, etc. While you can get a $40 smart switch.. You could also spend way more than that if you want more features at the switch level, etc. AP you can spend way more as well - but the U6 lite is better than the wifi that comes with that udm I do believe. If you really want to make it work - it can be done, it would end of being a bit of a mess in how has to be configured to be honest. Just a normal AP or even APs, a switch and your router makes for a clean setup with lots of options for expansion and configuration to really do whatever you would want to do.. There is a market for the UDMs even if your past your return window and want to get your money back. But if you don't want to use it as they intended a all in one box setup, its a pain trying to force it into your network and just use the functions you want.

@stephenw10 said in AWS pfSense VPC DNS: Start a ping to it. Check the state table. Where is the ping going? Where is that subnet actually available if you haven't created it yet? Steve Steve, once again many thanks for giving your time to help me. I've got is working. I had DNS resolution enabled on the VPC, but not DNS hostnames. My EC2 still has XXX.XXX,0.2 as its dns server and I don't have a XXX.XXX.0.0 subnet. But its working now.

You can see that to a certain extent just using the traffic graphs: [image: 1640215014521-screenshot-from-2021-12-22-23-16-09.png] Otherwise the options available are shown here: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html Steve

@stephenw10 Yeah, to be clear, I think this whole issue is mostly because my ISP suuuucks. lol If they had better documentation, or actual support personnel who knew the difference between a modem and a router (I mean this literally), then this probably wouldn't have even come up.

@stephenw10 I wondered if the 1 and 0's quotes not needed because they are simply enable/disable, yes, no, etc. Now to look at variables.

@stephenw10 Just to come back with a working solution. On the 4port intel card I've passthrough one NIC, problem solved immediately. So this is as far as i've seen a ESXi issue, either vmx driver nor vswitch stuff.

@stephenw10 After a couple of months I finally looked at the log. :) Some of those entries read in a way that I'm surprised anything is working.

Yup, sorry if you use the actual php shell directly you just need to run: playback generateguicert If you're at the command line you can invoke the shell with the full command: [22.01-BETA][root@pfSense.home.arpa]/root: pfSsh.php playback generateguicert Generating a new self-signed SSL/TLS certificate for the GUI...Done. Restarting webConfigurator...Done. Steve

That should be fine as long as it's not PPPoE, which I wouldn't expect it to be.

@stephenw10 Next time i add an interface/VLAN I will time it and let you know

@swansense said in NAT vpn if connection to a specific host.: Thanks again and happy holidays. No problem - and a happy holidays to you as well..

Problem solved. Thank you again for responding @mcury I have to create VLANs before assigning interfaces. I got confused by the Youtube video, where for some reason the person didn't have to create the VLANs before assigning. Thanks, Mike

@chpalmer said in Reefcam: @redhammer999 Is the "Gateway" address set properly on the camera? A good shout but yes it does :(