@r0utevv3

A VLAN is a means of separating logical networks over a physical network. As I mentioned, I have a guest WiFi, which is allowed to only access the Internet. The way I did this was to configure a 2nd SSID on my access point, which connects to the VLAN. My main SSID connects to the native LAN. This means both the main and guest WiFi travel over the same cable, but are logically separate. I do not separate my main WiFi from my main LAN. Both wired and wireless devices are on the same subnet.

According to my test,

unset($config['interfaces']['opt1']['enable']); interface_reconfigure('opt1'); write_config('enable/disable opt1 interface'); exec exit

Real-time enable/disable interface

The device key is derived from the SSH keys and those are only backed up in manual backups from Diagnostics > Backup & Restore, and even then only when the option is set to do so (which is on by default).

The extra backup options such as SSH keys, DHCP leases, Captive Portal databases, and RRD files, are not supported in AutoConfigBackup as they can significantly increase the size of the backup data.

@VioletDragon , to my knowledge (experience) license is per device, but that needs to be answered by a Netgate rep. or someone with much more knowledge on their licensing, once you register a device, the next time you install PfSsense+ on that same hardware it will show "Your device does not require registration, we recognize it already. You may have already registered, or it may be a pre-registered Netgate appliance." on the registration page, so I had to acquire another Plus (+) License for a second box. between Community Edition and plus, in my case, moving from the CE (FreeBSD 12) to Plus 23.05.1-RELEASE (amd64) (FreeBSD 14.0-CURRENT), it killed all my 2.5GB NICs (RTL 8125) and the 10GbE/40Gb_IBoIP (Mellanox CX-3) because of none hardware support in that later release, so if you planning on going to do that, make sure your hardware is covered/supported for the v14....

@templateunheard What does "repeater mode" mean? The 1100 is a router not a wireless access point.

Is the pfSense WAN the same 192.168.1.1/24 subnet as LAN? In that case, one needs to change. You can unplug WAN to configure that via LAN (may be slow as it tries to connect out to the disconnected WAN for updates and whatnot), or connect to the console.

https://docs.netgate.com/pfsense/en/latest/install/install-pfsense.html#pfsense-software-default-configuration

I ended up purchasing the TP-Link EAP650, I will see if it works out, this next weekend!

@AndyRH said in If a skilled hacker breaks into the network within PFSense:

are mostly legitimate and there is not good way to tell if they are being misused.

And how would pfsense even see them, since they would almost for sure be inside the https connection.. Without breaking end to end encryption and doing a mitm there would be no way for pfsense to even see cookies being used between the server and the client.

Hi

I have been traveling so I have not been able to respond.

I have made some changes and to my Pfsense which has fix many issues. Yes this is a simple setup with a single NIC computer running Pfsense.
Yes, It is a router on stick which I find is good for a small home office. You need to trust VLAN technology to be able to use router on stick designs.
I trust vlans and vlans is very practical in many ways. I will later on change from VL1 to something else as it is not recommended for security reasons
to use VL1. Pfsense, Netgear and Cisco talk vlan via Dot1q protocol, Cisco used to also do vlans via their proprietary protocol ISL but they have skipped that one
many years ago.

I have been using my own DNS for many years because of security and the low latency in DNS resolution. I like to keep my data in my log own files
rather having them at Google Datacenters :)

So I was running version 2.6 when I had "my" issues. I noticed in systems log that when I was loading the NIC with "more" traffic, NIC often
"decided" to restart which of course caused issues. I use a builtin Realtek Gigabit card in my Pfsense server and have found out that more people
than I have had issues with Realtek.

I have now upgraded the Pfsense to version 2.7, I have not started services like Snort, DNSBL for now.
I only run Ntopng 5.7.2 and the setup seem to work much better with my HW compared to when I was using 2.6 version of Pfsense.
No more odd NIC restarts when I load traffic on the network,

I am really happy right now and I love Pfsense. :)

Are you certain that the MB8600 actually supports LACP (as opposed to static LAG) in the first place? LACP doesn’t really provide any benefits if the devices are connected directly (i.e., no. media converters or such in between); why are you looking to enable it?

Also, regardless of LACP, unless your speed test uses multiple TCP connections, link aggregation will not give you better bandwidth — an individual stream will always be routed over exactly one link in the aggregation group.

@tcsac thank you for the instructions, this worked great and now I can cast YouTube from my mobile to my TV. However, the screen mirroring on my iPhone is still not displaying the TV which I have assigned a static IP. Any idea on how to fix that? TIA.

@Gertjan said in Telegram notification setup:

// edit start
notify_all_remote(sprintf(gettext("Successful login for user '%1$s' from: %2$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
// edit end

Genius! 😃

@stephenw10 That would be AWESOME if it was supported by pfSense natively. If you do begin work on this, please let me know ASAP, I'd be happy to share what I've got and otherwise there's no sense in me working on a feature that will get implemented natively, well, I mean there's no sense in us both working on it!

That said I am still working on my implementation - I've had some other things take priority recently but hopefully will have some time to dedicate shortly to it.

As you say, it's not a trivial task - just porting the AWS example to FreeBSD alone isn't trivial, letalone anything else.

Unfortunately my pfSense instances on AWS will no longer update; but that's a separate off-topic issue I'll have to raise otherwise.

@stephenw10

The Assisted Mode has IPv6 fully working again with no errors in the log.

As a 'promising' side-effect, my HomePods have suddenly remembered how to play an Apple Music playlist again; something that stopped a few Apple updates ago.

If I select SLAAC again, Apple Music becomes stupid again. I didn't think this issue would be IPv6 related, especially with IPv6 apparently working (at least for the most part).

I still have no idea what is up with SLAAC though, so this issue may still impact others, but Assisted Mode works for me.

Anyway, thanks Steve, 2 issues resolved for the price of 1. 👍

☕️

@GennP said in Wake on Lan default port:

But all applications I have seen use port 9

So? Again doesn't matter.. Like I said 7 and 9 have become common use for such applications. Has zero to do with wol working or not. 9 is the old discard protocol.

Not like the nic for the wol is waiting to see traffic on a specific port.. Its waiting to see its mac in a frame.. What port used by some application as it puts it on the wire is meaningless.. Unless you were looking to forward that through router maybe when above layer 2..

As to why they landed on 40000 vs say 9, have no idea really - but doesn't matter at all.. They could of used 42666 or 9999, it makes no difference.

@Gertjan

Thanks!!!!!

At the moment I have everything updated. But to check the script, I run: "/usr/local/bin/php -q /root/pkg_check.php" manually. The answer is:
"pfSense version 23.05.1 (installed) is current"

This is fine? Now wait for some kind of update? :)

I've got what seems to be the same issue.
I've had 2.6.0 for some time with no issues.
I did a clean install of 2.7.0 on a second PC and imported the config. I had trouble getting it to connect and then it suddenly did. It's been working OK for a week through a few reboots but it has suddenly stopped connecting again. Tried several reboots but still wouldn't connect.
Gone back to the old 2.6.0 PC and connected straight away.
Please do post if you find a solution to this issue.

D.

The built-in setting for cookie protection uses the new syntax in the newest version of the package on Plus 23.05.1/CE 2.7.0:
https://redmine.pfsense.org/issues/13343

You may be able to use the syntax from that as a guide for your custom settings if you even still need them rather than using the GUI options.

Take a look at: https://youtu.be/FJSHMyrd29E?t=1299