@Grimson: In that case you can also use an RPI2 or 3 to run the controller on. Maybe you have one collecting dust somewhere. Running the controller on the pfSense OS can have unforseen issues when pfSense upgrades or a controller upgrade installs conflicting packets. If you absolutely need to run both on the same hardware I'd strongly agree with johnpoz, put each into it's own VM. Good points there. Thanks. I don't have an RPI but I do have a Macbook that runs 24/7 so could use that. Also I have a QNAP NAS running 24/7 and I believe you can run the Unifi controller as a package or via a docker.

@Gertjan: sorry, yes i have two wan connections. i was referring to them as they are in the status/gateways and the gateway groups. i have one on tier 1, and the other on tier 2, so it should fail over (which it does). the problem is the gateway down notification. i never receive those, only gateway up notifications: MONITOR: WANGW is available now, adding to routing group WAN_Group 8.8.8.8 @jimp: i'll set default gateway switching and if that doesnt help will try 2.4.3.

https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml If you are worried about someone seeing the contents of config.xml, then they shouldn't have access to anything that can read config.xml.

"Normal" is, this : A device - a PC - on your LAN, hook it up as when it came out of the box : C:\Users\Réception-Gauche>ipconfig /all Configuration IP de Windows Carte Ethernet Connexion au réseau local :   Description. . . . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet   DHCP activé. . . . . . . . . . . . . . : Oui   Configuration automatique activée. . . : Oui   Adresse IPv6\. . . . . . . . . . . . . .: 2001:470:1f13:5c0:2::c6(préféré)   Bail obtenu. . . . . . . . . . . . . . : lundi 26 février 2018 06:45:20   Bail expirant. . . . . . . . . . . . . : lundi 26 février 2018 08:45:20   Adresse IPv6 de liaison locale. . . . .: fe80::75cd:7073:d0a4:bc7c%10(préféré)   Adresse IPv4\. . . . . . . . . . . . . .: 192.168.1.6(préféré)   Masque de sous-réseau. . . . . . . . . : 255.255.255.0   Bail obtenu. . . . . . . . . . . . . . : mercredi 14 février 2018 10:25:15   Bail expirant. . . . . . . . . . . . . : mardi 27 février 2018 06:45:19   Passerelle par défaut. . . . . . . . . : fe80::212:3fff:feb3:5875%10                                       192.168.1.1   Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1   IAID DHCPv6 . . . . . . . . . . . : 246983791   DUID de client DHCPv6\. . . . . . . . : 00-01-00-01-14-20-18-E3-B8-AC-6F-47-2C-77   Serveurs DNS. . .  . . . . . . . . . . : 2001:470:1f13:5c0:2::1                                       192.168.1.1   NetBIOS sur Tcpip. . . . . . . . . . . : Activé So, gateway and DNS are set to 192.168.1.1 - my pfSense. This isfo was given to my PC by pfSense. pfSense : I never touched the DNS settings, use settings out of the box. Set up my WAN connection using DHCP-clientso it obtains an IP from my upstream ISP router, and done. My System => General Setup is pretty empty, I only set a host name and domain name for pfSense. On  Status => Dashboard => Status => Dashboard says for DNS server(s) : 127.0.0.1 LAN firewall rule : a big pass all rule (TCP,UDP,ICMP,IPv4,IPv6) That's it. Actually, pfSense behaves exactly identical to any any other box that an ISP gives you : hook up to power, setup WAN, slide in a LAN cable and your online. Never actually understood why people want something from 8.8.8.8 or 8.8.4.4 …  ;)

169.254.0.0 /16 is called APIPA (automatic private IP addressing) and not specific to an operating system. https://wiki.wireshark.org/APIPA

@smegheed: root /usr/local/bin/screen usr/local/bin/stunnel screen -dmS tunnel stunnel vpn.ssl ? :o Take your command and add the full path to binaries and (config) files. So: screen -dmS tunnel stunnel vpn.ssl becomes /usr/local/bin/screen -dmS tunnel /usr/local/bin/stunnel /root/vpn.ssl Note: Paths in the example above are just guessed, so make sure they are correct. Also I'd advise to use the shellcmd and cron packages to configure this instead of messing with the config.xml by hand.

Thank you for the great discussion everyone. Lots of good info.

What is in the log? With UPS not connected I see the same "Failed to retrieve status" on UPS Status page and lots of messages from upsd and upsmon in the log. What is the part number of the cable you have? Something like 940-XXXX Do you have the same software (NUT) on your web server where you tested your UPS?

Thanks! #!/usr/local/bin/php -f # # Script to check the Version and print a Output in the Nagios-Plugin-Syntax # require("globals.inc"); require("config.inc"); require("functions.inc"); require_once("pkg-utils.inc"); $system_version = get_system_pkg_version(true, false); $iCheckExitCode = 3; if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) {         echo "Uknown - Error in version information";         exit( $iCheckExitCode ); }         switch ($system_version['pkg_version_compare']) {         case '<':                 echo "Critical -  Version " . $system_version['version'] . " is available.";                 $iCheckExitCode = 2;                 break;         case '=':                 echo "Ok - The system is on the latest versioni (" . $system_version['installed_version'] . ").";                 $iCheckExitCode = 0;                 break;         case '>':                 echo "Warning - The system is on a later version than official release.";                 $iCheckExitCode = 1;                 break;         default:                 echo "Unknown - Error comparing installed with latest version available";                 $iCheckExitCode = 3;                 break;         } exit( $iCheckExitCode ); ?>

So your using squid?  And blocking say www.facebook.com but they are getting through via https? To give you the best solution some more context would be helpful.  Why are you wanting to block this, is this a work setting, home, school are you using proxy or squidguard currently, etc.

This is the current/correct code for that section: // Gateway selector is populated by JavaScript updateGWselect() function $section->addInput(new Form_Select( 'gateway', 'Gateway', '', [] ))->setHelp('Leave as \'default\' to use the system routing table. Or choose a '. 'gateway to utilize policy based routing. %sGateway selection is not valid for "IPV4+IPV6" address family.', array(' ')); $group = new Form_Group('In / Out pipe'); I don't know why your system is not picking up the current version (2.3.6.a.20180223.0519) Try option 13 from the command line interface and see if that helps.

Thanks for doing that JohnPoz. This is the answer I expected but I wanted to cover all the bases. The issue is obviously something between what IISCrypto is showing and what the server is actually using.

I know this is an old thread, but I'd really like to see the contents of the "check_cputemp.sh" file for pfsense.

Hey, once more. So, I have played around a little bit more with configurations and I managed to force that opt1 interface would be used on tun0: http://prntscr.com/iifq73 I set Manual NAT rules, and forced LAN to go through OPT1 gateway but that did not make the trick. Maybe you guys would have any trick under the sleeve? As it feels that all configurations are so close.

If you do not have control of the upstream router and its routes, and nat functions and firewall rules then yes you would have to nat at pfsense to use it.. As to getting to stuff behind pfsense from stuff on the wan network you would need to port forward and hit the pfsense wan IP to get forwarded to the stuff behind pfsense. Why not just replace whatever is at the edge with pfsense?  And let pfsense handle all your networks and the nat to the public, etc.  Then you would not need to nat between your network and could just firewall. Worse case is just move everything behind pfsense and live with the double nat to the internet, etc.  You would just need a AP to put behind pfsense if you can not just use that sg306 device as AP and need it to be your modem/gateway to the internet. While your at it get a smart switch so you can do vlans and AP that can do vlans and now you would be cooking with gas! ;)