@stephenw10 Thank you. I was able to get in. I needed to set the local LAN to a different subnet.

If you renew the certificate in the GUI it keeps most of the attributes the same (DN info, key, etc) but updates the certificate. If you use the CLI command mentioned above it creates and activates a completely new certificate for the GUI. The renewal method is usually less of a pain in the long run, but the other method works as well if the GUI method isn't viable.

I couldn't update bogons on my 2.4.5-p1 , due to fetch using the expired certificate. I spend quite some time to solve it here , due to my FreeBSD inexperience. https://forum.netgate.com/topic/167276/solved-can-t-update-bogons-on-a-2-4-5-p1-cert-expired Success in the end. /Bingo

@stephenw10 Thank you steve for your answer.

@xavier8854 said in Cannot ping WAN gateway: ? (192.168.1.254) at (incomplete) on mvneta0.4090 expired [vlan] As already mentioned if you can not arp it, you can not ping it - and no nothing is going to work if that your gateway to the internet. You need to figure out why you can not arp for that.. Even if dupe you should see answer to arp..

You should test in 2.5.2. However it looks like this known issue: https://redmine.pfsense.org/issues/9889 Also see: https://redmine.pfsense.org/issues/12327 Steve

OK, using syslog-ng is fun and opens up a lot of options but.... it shouldn't be necessary! I opened a bug for this and created a patch to log as Level NOTICE: https://redmine.pfsense.org/issues/12464 You can apply that diff against 2.5.2 using the System Patches package. Steve

@pontiac In either Dashboard widget or Status/Traffic Graph, select the wrench icon and change the setting, and save. [image: 1634366162011-e31a8ccf-7682-4962-9933-e39166307762-image.png]

@stephenw10 I was going to get the port forwarding working through a double NAT, but worried about leaving open ports to hackers. I decided to go with adding to my unraid server a docker container for Nginx, cloudflare with free argo tunnel, bought a domain .com from Go Daddy for $20, and used three youtube videos from IBRACORP for setting up ngix with cloudflare and free argo tunnel. Cloudflare CDN: How to Setup + Purchase Domain + NGINX Proxy Manager on Unraid (2021) (sets up SSL full encrypt) Cloudflare: How to Set up Cloudflare Argo Tunnel FREE on Unraid - Bypass CGNAT (sets up argo tunnel (IP obfuscation)) NGINX Proxy Manager: How to Install and Setup Reverse Proxy on Unraid (2021) (sets up nginx)

It won't. It will only ask you to reassign the interfaces if the config file contains interfaces that don't exist in the system. That obviously won't be the case for you as you exported the config from that same system. Steve

The new disks widget in current snapshots (shown above) has all that goodness.

@gertjan said in SSL error for 3x IP blocklist updates all three from letsencrypt: https://kriskintel.com/feeds/ktip_malicious_domains.tx Stranger and stranger. Ive just checked again, not only is kriskintel.com not in my ktip_malicious_domains but NONE of the others in your screenshot are either. This is my "K" list: (hah it wont let me post all the domins, the board thinks it is spam - suffice to say there are about 30 to 40 "K" domains and none of yours are in there) Granted, I dont use lots of lists. What lists are you pulling from? Im only pulling from the malicious DNSBL and ransomware IP.

The actual issue here is that fsck (which runs at every boot) can mark the filesystem as clean when in fact it is not. That's why when you run it manually you must run it at least 3 times. It will always come back after the first pass with 'file system marked clean' but it may not be and that's when you get panics at mount. Steve

@stephenw10 thank you very much, it is fixed.

@elenaydamonsalvatore Sure it can.. Bind runs dns on the planet ;) I just wouldn't suggest you do it.. its 1 box on 1 connection.. Why not let the big boys do it, you could have 4 or 6 NS all on different services. All on global anycast networks. For pennies really..

@rajid Thanks, everyone, for the help! It is very much appreciated!

@stephenw10 i ended up updating. i am now currently on the latest firmware

You are seeing that cert error in Windows when trying to access the other firewall GUI across the VPN? Are you accessing by IP directly or hostname? Steve

@edgerouter I have the computer described in my sig. Works well.