@JKnott you have to add the file yourself, to add it it's under NTP configuration under leap second area.

https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html -Rico

@rcoleman-netgate said in /var is low on disk space: If, yes. If this is the case, and you are in the United States, and you are interested in having it used for a testing/trial process LMK and I can open DMs for you. I'd like to discuss this with you. jon

I just recently did this - now mind you I only have a hand full of devices.. I still had a few years left out of the 10 years on my CA, and server cert, etc.. But in another thread about openvpn I got reminded that my certs were using old RSA stuff.. So I updated everything to ecdsa.. But yeah @stephenw10 has the right path - fire up a new instance.. And migrate your clients over to the new instance using the new CA and certs.. This way you can do few clients at a time, and can always fall back to the old instance. Once your all migrated you can kill off the old instance.. But the migration really should be as simple as just changing the certs used on the instance you fire up, and then getting the clients the new certs.. Which is the hard part, especially if you have lots and lots of clients.

Especially if it's monitoring the default gateway IP. ISP gateways often prioritise ping replies pretty low. Try setting an external monitoring IP to get a better idea of real connectivity. Steve

@stephenw10 Well, I've just switched to virtio again, rebooted all of them, and it works... weird indeed.

@stephenw10 said in 23.01 - Internal speaker no longer works - "Device "spkr" is Giant locked": The speaker is likely just the last thing it shows and nothing to do with what it's halting on. What image did you use to install from exactly? Does it fail to boot the installer or after installing? You used USB NICs? Steve I've used the USB installer (VGA) build from Pfsense website. It failed at installation part where it shows that error message. I'm not using any USB nics aside from the internal one from the mobo. I'll try to screenshot the whole thing so I can better explain myself .

@stephenw10 thank you.

How exactly does it appear when this happens? Where are you logging in? What is logged when that happens? What pfSense version are you running? Steve

Do you have an old router with a switch in it you could use as a test perhaps? Or maybe you could put the WAN through a VLAN on another switch so it's already linked?

The registration token? No. Once a device has been registered the token is expired and not used anywhere.

Mmm, Realtek NICs can cause problems but link delays are not usually one of them. If Intel NICs work though stick with them. Intel NICs are almost always the best choice.

Cool, if that works for you I would expect any issues. Since you're exporting all the logs you don't need them locally.

The problem was solved with this Patch Thanks to the pfsense Team! (@jimp ) Have a fine Day, fireodo

So clients are unable to resolve anything when this happpens but pfSense itself can? In Diag > DNS Lookup?

I've installed a fresh 2.7 and the issue is gone now. Can be closed. Thank you

So rotate logs on a schedule rather than a maximum size? And copy the log files out before doing that? There's nothing built in to do that. You'd probably want to write your own newsyslog conf file and call it from cron.

SOLVED I discovered that if I put the config (both in the root and in \config) on my boot installer, which had the 64MB PFSENSE FAT32 partition, the ECL worked correctly. So, I reformatted the USB drive I was working with as a 64MB FAT32 partition (named PFSENSE) and wala, success! Previously, the USB drive was formatted to use the entire drive of 4 GB. No idea why reformatting it to a smaller size matters... But, in case anyone else runs across the same problem...

Yup, those devices are probably not trying to resolve .local addresses using DNS servers at all. They assume they are mDNS and try to find them locally.

As no one official has acknowledged the bug yet - just wanted to report it running like this on a customer's box that needed it urgently and since implementing the fix 2 days ago, it still works without anything bad breaking or anything.