@sl3390 said in WEBCONFIGURATOR WRONG CERT, NO LOGIN POSSIBLE: Webconfigurator See tip number 4. edit : Before posting, I actually tried out the command myself. [22.05-RELEASE][admin@pfSense.xxxxx.net]/root: pfSsh.php playback generateguicert Generating a new self-signed SSL/TLS certificate for the GUI...Done. Restarting webConfigurator...Done. But I saw a : pfsense.xxxxxx.net has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site. because I was 'stupid' enough to activate HSTS for the cert I use for the GUI access. So, Plan B: Console/ssh option 15, and restore a previous config. And then option 11 for good manners. That did it for me.

@periko Notifications will get dispatches over all available notification destinations. See /etc/notices.inc : ..... /* Notify via remote methods only - not via GUI. */ function notify_all_remote($msg) { notify_via_smtp($msg); notify_via_telegram($msg); notify_via_pushover($msg); notify_via_slack($msg);

Cool. Yeah you'd need a rule to pass traffic from 192.168.2.X to any on that interface. Not just v4 ICMP as shown in that screenshot. Steve

@gertjan said in Ver 22.05 - Unable to check for updates, pkg info reports invalid url: Does this implies that, ones a bad /usr/local/etc/pkg/repos/pfSense.conf ( /usr/local/share/pfSEnse/pkg/repos/pfSense.conf) has been pulled in, update requests are impossible as long as admin doesn't correct things ? Yes, though that file is only a sym-link to the repo files in /usr/local/share/pfSense/pkg/repos/. Those files are provided by the repo pkg and that's what was broken for a short time. Steve

There is an open feature request for it here you can add comments to: https://redmine.pfsense.org/issues/8694 Steve

Hello together, What version is shown here.... (picture below) [image: 1664893171641-5.jpg] ... should be matching to the chosen "branch"; In the dashboard shown version and the current chosen Branch should be matching together (Shown in the picture below) [image: 1664893207298-4.jpg] Show the installed packets in thew dashboard and scroll down until you reach the point "System patches", be sure there is a small hook shown and not a small plus (+) sign (Last position on the picture shown below) [image: 1664893353924-1.jpg] If there is a plus sign (+) you could click on the name of the shown patch and you will be directed to the to the pfSense section "Recommended System Patches" (As shown in the picture below, as an example) [image: 1664893498344-2.jpg] If you have applied this patch (or not, like you need it) you will be able to go back to the dashboard and click on the two bowed arrows to have a look again over the available updates. Now all should be fine there.

Yup, the DNS for that site is broken. <insert it was dns meme> But at least now you know it's broken and how so you can use any of the 3 workarounds to allow access again until it's fixed. Steve

At work, will run memory checker tonight. Thanks for the suggestion!

@periko According the manual @ https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html : [image: 1664870490371-d4adca7b-310a-4413-8d64-b4e8273fc301-image.png] But, it was a no go as I can't access : https://core.telegram.org/bots#creating-a-new-bot so, I guess Telegram has some temporary issues.

That particular CVE does not affect pfSense because it only applies to strongswan when acting as an EAP client which pfSense cannot be configured to do. That is often the case, FreeBSD vulnerabilities do not necessarily apply to pfSense. If it was affected we would either make a point release to address it or build an updated pkg in our repo which you could 'pkg upgrade' to depending on the level of assessed risk. Steve

I use FreeBSD as a daily driver on one of my machines and im falling in love with it. [image: 1664806629239-a6063969-adb0-44cd-9b82-b11765f66b47-image.png] Its so robust and unbreakable. Native ZFS support is just a cherry on top of all that. And yes. It has nothing to to with broken and bloated Linux kernel. Not only its not Linux based, you actually need to emulate Linux with projects like Linuxlator to be able to run Linux applications. Not that i recommend it, just want to point out how different it is compared to billions of Linux distros out there.

@stephenw10 I leave the dash board web page open on my desktop. Thank you for the reply.

@stephenw10 hello! thanks for the response, usb ethernet wont work long term, seen that when i looked at the netgate pfsense manual. that was the issue. i ran through the laptop with a vlan on single nic. works now, just having trouble figuring out a second vlan. i posted a request for help under L2/Switching/VLANs. thanks again! Terry

Ciao, @stephenw10 I did some test as suggested. With pfblocker enabled worked well for 2 days, then it begun to had some random crashes. These crashes usually happens during video stream (netflix) or watching youtube. Also, the router crashes even after pressing the "save" button to disable the plugin. But I have no issue when I do the same procedure but to enable it.. very strange. Unfortunately I haven't any log of these situations, usually on the home screen I have a yellow bar with a link, but now after the router reboot, it is like nothing happened. Now I removed pfblocker and eneble the traffic shaper again and I will do some new test with this settings

@stephenw10 Thanks for the offer, I had already decided to just open a case as I was about to call it a night. I removed the 2 SSDs and replaced with an NVMe drive. This time I installed 2.5.0 -> 2.6.0 and amazingly I got a super quick reply to my case, they offered to remote access the system to see what was going on. I did the upgrade to 22.01 and uname -a showed correctly and this time no issues with temperature sensors and AES-NI was showing as active. Did the upgrade to 22.05 and again uname shows correct and everything works as expected. I really appreciate the help, I am not sure what the issue was, either some problem with the ZFS mirroring and it was reading conflicting data from the disks or somehow the 2.5.0 starting point helped. Interestingly this time, I noticed that the wall of text during the upgrade was much much shorter and faster, not just the result of the faster NVMe drive, it just had less text, this time I recorded the upgrade incase it was showing errors, so I can only assume during the previous upgrade there were lots of errors reported but wasn't paying attention to what they said as I didn't expect any errors, I really don't know. I am happy that it's working and again thanks for your help.

I was in contact with my ISP and we managed to solve the problem by changing the ip 185.113.141.145 to the ip 185.113.143.xx inside the /24 of my /28. Thank you for help.

Yes, you would think. If it got stuck in a loop compressing the logs it could have high CPU usage for a long while though.

@skilledinept said in Automount ZFS volumes/datasets: could it be that it's not loading some service that mounts the ZFS pools? That is a good possibility. On a normal FreeBSD system /etc/rc.conf has "zfs_enable=YES" to enable/start the zfs service. I don't have a pfSense with ZFS in front of me, but in the Web GUI, look under services and see if there is a ZFS somewhere to enable.

@bob-dig @stephenw10 You guys were 100% right... lol. I ended up having it configured through my wireless router (which I had setup as ap mode only). In AP only mode, it hides the ddns configuration... (smh). So when I checked it as a possibility it didn't show up. But after monitoring tcpdump I saw it reach out and try to update, so changed it back to router mode and was able to disable it. Thank you all for your help!