Yup, rechecking I think I see the issue. The server timestamps changed when it was moved to new infrastructure so this is no longer true: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/services_acb.php#L71 Setting that to UTC shows the correct times for me. Asked our admins how they want to handle it. I imagine correcting the server timezone will fix this but we shall see. Steve https://redmine.pfsense.org/issues/15005

FIXED. All i did was remove backend and frontend configuration and re-added it. Working fine. pcaps now show TLS communication with backend. Definitely a bug. Trying to reproduce so i can open a redmine but so far i cant.

@Gertjan My screen looks a little different, but I set it up this way and completed successfully. The 1dot~ address is the one I was trying to get from here. It seems it was actually a different one... https://blog.cloudflare.com/ja-jp/enable-private-dns-with-1-1-1-1-on-android-9-pie-ja-jp/ ! alt text

@stephenw10 said in Service Watchdog and Kea DHCP Server (kea-dhcp4): I understand. I'm just pointing out that, in general, you should not need to use the the service watchdog except when debugging some issue. So I was wondering if you had enabled it because Kea (or ISC dhcpd) was stopping unexpectedly. @stephenw10 No, I enabled Service Watchdog, because very occasionally (I am a beta tester for pfBlockerNG develop) a service stops and as a courtesy to users, it will bring it up again and send me mail, so I can check out the cause.

Yup also see your other identical question: https://forum.netgate.com/post/1136501 You must use block rules for local subnet and any for the destination in pass rules. Or you can use 'not local' as a destination but it's generally better to avoid that. Steve

What do you see from: ifconfig -vvm ix0 on each side? Assuming you're using ix0 that is.

@JonathanLee I have too. I had a client once tell me about a programming change request, “I want to be all powerful, but a prompt of, ‘Are you sure, knucklehead?’ would be great.”

@SteveITS Perfect. I'll try that. Thanks very much!

My mistake. I had changed out my network and now realize that the greyed out option is the current DNS server.

@stephenw10 Hi Stephen. I give you a reply on this tomorrow (when the error happened again ;-)) Regards, Christian

@the-loquitur WAN Net is not the Internet, it is WAN’s subnet, often a /24. If you are trying to block LAN1 from accessing 2, you need to add block rules, like: Reject from LAN1 net to LAN2 net Allow from LAN1 net to any

Hmm, that's about as safe as it could be then. Your description of the failure sounds like it might have somehow pulled in a pkg from 23.09 before the upgrade resulting in a mismatch at some point. I'm not sure how that could have happened but clearly if it wasn't online it couldn't have happened.

@SteveITS Yep. TV is a vizio flatscreen (basically a big monitor) on it's own generic UPS from walmart. pfSense, WiFi, Cablemodem all on different UPS :)

Yes, it wasn't known at release but it could certainly be there now....

You just installed the 23.09 image directly? What was different to when you initially tried to do that?

@johnpoz thank you. this straightforward tutorial helps a lot!

@michmoor said in Certificate issue after starts squid proxy: https://redmine.pfsense.org/issues/14390 It does depend on what you're connecting to but yeah the 409 error can be painful.

@SamR-0 said in Data parasites: Actually, the graph showed equal tx & rx transfer, which must be a component of how DO works When you are in "devices on the internet and my local network" mode you will be sharing whatever other internet PC are requesting. So yes that's how it works, in that mode. Easy to monitor "Find out what you’re getting from other PCs—and what your PC is contributing—with Activity Monitor. " https://support.microsoft.com/en-us/windows/delivery-optimization-in-windows-10-0656e53c-15f2-90de-a87a-a2172c94cf6d However since you are a single PC and and have no other PC's on your local network to actually share updates with or spread downloads to, the appropriate setting is to turn it off. "As always, you decide whether you want Delivery Optimization to share parts of downloads between your PC and others on your local network or the Internet. " It's Microsoft's "Fun" way of saying here use your computer to help us offload demand from our servers. We’ll even tell you how much of a boost your PC is getting from other PCs on the Internet. Notice when the DO is off you will still get updates (but only directly from Microsoft) in a single PC environment there is zero benefit to having any of it turned on. [image: 1699988486048-screen-shot-2023-11-14-at-1.59.15-pm.png] [image: 1699988502719-screen-shot-2023-11-14-at-2.00.01-pm.png]

@jimp Cleaning up the PFBNG lists (deleting many that were not downloading) seemed to resolve this issue. Now, on to an all new issue with SNORT after upgrading! Thanks!

Yes, but it looks like it may have a significant bug.