@Gblenn

Yep TrueNas is using ZFS and a big ram cache, however the NVME-SSD should be ... fast enough to write 10G ... I think & hope. However I must admit that SSD's are not by far as fast as advertised if you are writing larger amounts of data ..

It is a 4TB WD_BLACK SN850X not the worst ssd ....

Thanks for the contributions, all. We ended up switching between authentication settings (from LDAP to local) and then back (from local to LDAP), and that seemed to fix the problem.

@stephenw10 Success. I only tested as far as error messages in the logs.

It should be noted both earlier and later patches need to be applied in order. I was initially under the understanding the later just needs to be applied by itself.

8286c27ca678dbada2d205f606e76fab48885f60

f51505bf15e7af39c909d63356089d5e247cf781

You must have a firewall rule allowing it since all traffic inbound is blocked by default.

So check the WAN firewall rules. If there's nothing there check for interface groups or floating rules.

Post some screenshots if you're unsure.

Edit: Ooops hit post after like 2hrs. 🙄

@patient0 Thanks for your help, believe me I looked and looked for a long time before I asked!

Only when I found the rule, well when I deteted it did I recall making that booboo.

Thanks again for the help! Very much appreciated!

Done. Thank you both very much! I thought so but I wanted to make sure.

@stephenw10 Got it. Thanks for the guidance!!!

You created a SWAP partiton on a memory disk? That seems counter-productive!

Do you see an error at boot when it runs the shellcmd?

Hmm, might need to wait for another crash and see if it's identical. The only previous time we've seen this it was a one time incidents and we never found a cause.

@Finger79 said in pfSense Community Edition EoL? 2.7.2-RELEASE (amd64):

I still have my OG pfSense "open source security" t-shirt

Me too. 😁

Yes it's better in 25.03

@patient0
Yes, thanks.
Used shellcmd package for executing a script which creates the *.conf file at reboot.

@michmoor said in Advice on setting up my SG1100 as a home firewall:

@sanjdbn said in Advice on setting up my SG1100 as a home firewall:

I would love any suggestions on how i can get my netgate in the mix of things and use features such as content filtering, VPN, Firewall Rules, etc.

Going to be honest with you. You got the wrong device for the job. I have an SG1100 and it can barely run pfBlocker (not a bunch of lists enabled).

I respectfully disagree. I have used SG-1100's for years as reliable firewalls, including pfBlocker (for ad blocking with lots of lists and GeoIP) and OpenVPN. It has always worked fine from a performance point of view. The only issue I had was the wear on the eMMC, for which I switched to external USB SSD, which solved the issue.
So I would say an SG-1100 is just fine even in 2025 for a primer and when you want to explore possibilities. If you wish to go further, then at some point you'll want something more powerful, yes, but for just occasional VPN work it's not that bad.
I moved up to an SG-2100, mainly for the 4GB RAM, as the CPU is more or less the same.

@michmoor I can't speak to bsnmp, but you can certainly get the information with net-snmp by using Extends.

In the Extended Commands section of Package / NET-SNMP / Host Information, add a custom Extended Command with Name temperatures and a Program containing a script like this:

#!/bin/sh /sbin/sysctl dev.cpu | /usr/bin/awk '/temperature/ {print $2;}' | sed 's/[CF]//g'

With that in place, you can access the temperatures as:

NET-SNMP-EXTEND-MIB::nsExtendOutLine."temperatures".1 NET-SNMP-EXTEND-MIB::nsExtendOutLine."temperatures".2 NET-SNMP-EXTEND-MIB::nsExtendOutLine."temperatures".3 NET-SNMP-EXTEND-MIB::nsExtendOutLine."temperatures".4

@SteveITS I have had ZFS since it was available for that reason, and I always reformat the SSD so pfsense install does ZFS from scratch. Yes, I have a very large UPS for many years, small car battery size. The problem is it lasts for a couple of hours since it handles the modem, router, HP 24 port switch, Mac Mini phone system, etc., whereas our power failures average 3 to 8 hours. Sometimes multiple days, one time almost a week! 2.6 always recovered until the modem change, strange but true. Trying to login to pfsense 2.6 only returned the dreaded "502 Bad Gateway Nginx error". Had to power off/on. Waiting to see what happens to 2.7.2. I'm thinking possible ethernet driver issue with a different chip in the S34 than the S33, which may be fixed in 2.7.2. The next power failure will be the test.

My plan is after Pfsense 2.8 is released I will buy a new box for it with 2.5G ethernet to the modem which hopefully will be fine.

Thanks for the comments.

@SteveITS

60% of the time it works every time.

If you're policy routing traffic via the VPN then traffic meant for other local subnets would be forced that way unless you have bypass rules to allow it to be locally routed.

But that doesn't apply to traffic in the same subnet, that doesn't go through pfSense at all. So I would confirm that they really are in the same subnet. Make sure the mask is set correctly on all devices.

Hanlon's Razor applies here. 😉

It was probably just a mistake somewhere. Or perhaps some client thought they could just add more IPs to use and it wouldn't matter. If they didn't use them all the time that might explain it.

Anyway let us know if you still see any issues now that can't happen.