@jknott said in What's a pfSense equivalent to standard linux minicom?: It uses a 2400N81 weird serial cable protocol. That isn't weird, it's just slow. It's the cable that's weird ;) -- Designed so if you plug in a standard 9 pin serial, the UPS shuts down My pfsense box runs 8N1 @115.6K. 8N1 is pretty much standard for anything faster than the 110B you'd find on a Teletype machine. That's 8 data bits, no parity and 1 stop bit. BTW, I started in telecom as a bench tech overhauling Teletype machines, where the ASCII models ran 110B... Oh how I know! I used the Teletype and other slow links...we had one at home for my dad's R&D work when I was in jr/sr high school. Graduated to a 300 baud Silent 700 after a while. I had unlimited remote access to the mainframe. Pushed that and paper tape and punch cards out of the way during college. Built a bunch of "glass teletypes" -- adm-3a -- for our university Low Overhead Timeshare System. (They sold as a kit for $200 less than pre-built... paid me $50 to assemble. They assumed $3 an hour and 16 hours, but soon I had that reversed: 3 hr build time, so $16 an hour. Not bad pay for a freshman in 1975 :) )

That looks fine for general access. You don't really need those top two rules, the pass-all rule covers that traffic. The anti-lockout rule will be on your VLAN10 interface. Steve

That was it! I had everything set up on pfSense after adding the P2, but the Azure VNET wasn't aware of the 10.8.0.0/24 address space. Thanks Stephen.

How do you have Wireguard configured? Is the traffic using it? Steve

@voxmagna1 said in Secure DNS over TLS to Cloudflare, no success.: Am I therefore right to conclude that DNS requests over Cloudflare using port 853 are encrypted and on a matter of 'trust' it's whether you trust Cloudflare with DNS requests or a paid for VPN provider? Yes, that's true. The difference here is that some services use resolver location to detect VPN use and block access. Video streaming services mostly. So if you use a DNS service that is using an anycast IP like 1.1.1.1 the actual servers you use will be those close to you. The remote service can use a tailored fqdn to discover where you are resolving from and compare that to your public IP to attempt to discover if you're using a VPN. Steve

@stephenw10 Thanks! I was trying to add http://192.168.10.3:8888/ and it was giving me an error. It worked just using the IP address 192.168.10.3.

@stephenw10 I hadn't even considered there would be a way to reset the password, that should make this a lot easier :) Thanks for the info!

@stephenw10 I know but as I said that is not what I need to do atm. I will read up on it in the future. Thanks!

Cool. Not sure what happened there then but I guess take the win .

Got it! I configured it as "2t,5t" and then made Proxmox use the tagged network instead of untagged. Much better. Thanks for the help! :)

@stephenw10 No, I had it confused with the TFTP Proxy--my bad! Anyway, since it's only one file and I really don't want to open ports I'll use this piggybacking approach. If I need to make more connections/get more files I will try that, I already wrote it down so I don't forget, thanks for the tip!

Hello, after changing the LAN port at the FritzBox the network and the internet connection stays stable. Issue solved ;-) Thanks a lot ... Cheers Migo

Mmm, that is interesting. Good result though.

In a true HA setup pfSense does not support either DHCP or PPPoE WANs. So, yes, you would need to use additional routers in front of both WANs to terminate those connections and provide the static subnets required for CARP. You might consider getting a static /29 on one if you can. That would solve both issues. Steve

Well it's always better to pass only what you need but doing that can make troubleshooting that much more difficult as you're then filtering in two completely different places. If it's just allowing traffic withing the VPC it's not a big risk for most setups. However only you can really make that decision, it depends entirely how you have things setup in the VPC. Steve

There are two Netgate devices that have a port marked 'LAN4'. In the 2100 that is part of the switch that is connected to the LAN interface by default and no additional config is required to use it. In the 6100 that is a discrete NIC and not enabled by default. There you would have to enable the interface and set a firewall rule on it at a minimum to use it. Steve

@linuxha Yes, I have a lot of experience with IPv6. As I mentioned, you should use SLAAC, unless you have some need for DHCPv6. With SLAAC, the router advertises the LAN prefix and the device adds the rest of the address, often based on the MAC address. This requires no configuration on the device. Also, RDNSS is provided in a router advertisement, though it must be enabled. Start with this and see how it goes. I'll help with whatever I can.

Ok, thanks for clarification.