Ok, done some learning and there is a -h flag available to make du a bit more readable to dumb humans: So for example: [23.09-RC][admin@Router-7]/root: du -s -h /usr/ 910M /usr/ [23.09-RC][admin@Router-7]/root: du -s -h /var/ 718M /var/ [23.09-RC][admin@Router-7]/root: du -s -h /./ 1.8G /./ [23.09-RC][admin@Router-7]/root: Every day a school day... again ...or something. ️

Yep the only solution was to reinstall clean and rerun the config. Thank you

Ok many thanks. Will get device ID later and prob place an order over the weekend.

@empty_infinity said in New pfsense Install - No Internet for Connected Devices: IP: 192.168.55.10 Subnet: 255.255.255.0 DNS server: 192.168.55.1 (this is the static IP address i set on the LAN port of pfsense) And the gateway for this device ? I should be, as the DNS : 192.168.55.1 The pfSense LAN firewall rule is a generic pass all rule like the one you found when installing pfSense ?

johnpoz, thanks will give it a try. Thank you

@stephenw10 this was exactly it thank you! one of the VMs was not on /24 immediately fixed after correcting it

It would be backup and redeploy currently. There's no easy to upgrade off-line directly. Yet. Steve

The WAN gateway needs to be set the IP the ISP gave you so pfSense knows where to route traffic. That gateway may not respond to pings which is what pfSense uses to monitor the status. You can set different IP for it to check against, like 8.8.8.8 in System > Routing > Gateways: Edit the WAN gateway. You might also need to reboot any sort of ONT or modem the ISP provided if you connected to it with your laptop and it locked to the MAC address of that. Steve

'Bad Request' there shows the client is sending an invalid cert. Most likely the NDI changed so it was no longer able to pull a new, valid cert. Steve

@johnpoz thx

@astrolabius said in pfsense with mikrotik LTE in passthrough mode, how to access mikrotik admin panel ?: I thought that during VIP creation I'm setting up IP pool which will be assigned to this Interface, and not used by this interface. Not for an IPAlias VIP on WAN. You would add one for each IP you want to use there and at least one them has to be defined with the correct subnet mask so the routes are added. Otherwise pfSense has no idea how to reach any other IP in the subnet. So you you just need to change your VIP on WAN to be 192.168.88.2/24. Then change the source in the outbound NAT rule to 'LAN net' so that traffic from clients in the LAN matches it.

The incoming fibre from Openreach (or pretty much anyone) is GPON. You need a GPON adapter of some sort, like the ONT. You can get GPON SFP adapters but they need to be programmed. It's unlikely you would see any advantage by doing that anyway.

@viragomann King!! THanks.

@Popolou Tryb running zpool trim pfSense I run it from time to time and it gives back your free place. But your VM has to be set properly. Said trim will work on proxmox (I use it) only if your pfSense disk has "discard" set (I hope I remember it correctly - I am away from device and writing from memory)

@optimusprime said in Email Notifications not working: thanks for pointing that out,, You mean : [image: 1698924447838-b3c219b0-4d9d-4429-817c-903578852ece-image.png] Good news and bad news : It's pointed out. Your not the first not understanding what you've been reading @optimusprime said in Email Notifications not working: if any interface goes down LAN shouldn't go down. If it does, some one was ripping out cables, and then doesn't need to be confirmed by a mail. WAN : it's hard to send mails if that one goes down. The mail, if such a mail exists, I'm not sure, will get send when WAN comes back again. For example : after an ISP WAN IP change. I receive mails from pfSense when : There is a power issue (using the NUT package, an UPS - and my own NUT-mail settings. When pfSense can be upgraded, a pfSense package is avaible and also when a FreeBSD-pfSEnse package is avaible. I use a 'home made script', available here on the forum. The acme pfSense package renew the certificate I used for my pfSense GUI access. pfSEnse started up / was rebooted. Actually, pfSense doesn't send a lot of notification. This all depends on your setup, of course. If you use any of the Services / Dynamic DNS / .... the an IP update (WAN IP change) will be notified also. I'm not using other functionalities or pfSense packages so can't tell if there are more notifications sources.

@kurt19001 Yes if you are going to do an explict proxy then the firewall cert will need to be loaded on all the machines. All SSL certificates are going to be signed by the firewall as its performing a 'man in the middle' operation.

Check the logs at both ends. Does the server show the client even trying to connect? An expired or weak certificate can present like that. Steve

@araujo0608 Where is the certificate from? I've had this problem where an acme certificate obtained by and exported from the Netgate in the .p12 format would not import on an "older" windows system. After trying all the available under the certificate's Export PKCS#12 button, [image: 1698792798123-screen-shot-2023-10-31-at-6.52.02-pm.png] I noticed that the file being exported directly from the Netgate was always about 2k larger than the previous .p12 that I still had and that worked on the target system. The size difference was regardless of the encryption method and/or password used or not on the export shown above. my solution (workaround) was to finally just export the certificate (.crt) and key files individually from the Netgate, and then use openssl (on a MacBook no less) to generate the .p12 format file there. That certificate (always about 2k smaller) would then load into the windows system, with no issues. I've built the .p12 on various openssl versions from 2.x and 3.x no issues with the resultant certificate from any of them. and if needed you can set a password on the .p12 file in the process (good idea) openssl pkcs12 -password pass:your_password -export -in your-crt-file.crt -inkey your-key-file.key -name "CertName" -out your_p12_file.p12

Ah, nice catch!

@Patch said in Would Netgate reconsider reinstating home+lab license but as a subscription model?: and electronic devices have a useful life of 3-5 years. I disagree, useful life is how long it will do its job. My firewall can easily pass 5 years because my internet connection is unlikely to be increased. I don't really use the 1Gb I have. Support of old HW is another issue, but I find there is a sweet spot for grabbing whole systems full of spare parts. Apple and others build in the life span so they can sell you another one. A FW should not be the same, I only upgrade/change when there is a need.