@elrick75 said in PHP Errors on csrf-magic.php and diag_command.php files:

(tried to allocate 4096 bytes) in /usr/local/www/diag_command.php

It looks like something was run in the Diag > Command Prompt page that didn't have a limited runtime and ended up exhausting the PHP memory limit.
Only ever run things there that complete immediately. So never run something like ping 8.8.8.8 there because it will just run continually in the background . If you need to set a count limit so it returns after that like ping -c 3 8.8.8.8.

Steve

@jknott valid point to bring up actually - one of the many things that makes ipv6 more than just a longer IP address ;)

The hop limit of 255 and NDP is kind of like the TTL of 1 with multicast.. which keeps it local.

@courtalj Not really but also check for DNS-leakage.

@stephenw10 will remember that for the next time 😉

@stephenw10 I'll try it. But now I cannot reproduce the issue . Thx

@nollipfsense
They have tentative plans to add one, but nothing with a concrete release date yet.

Crypto hardware like that is not restricted by the CPU in the system it runs on. If the card can be installed I would expect it to run fine. It will work in pfSense as long as the QAT driver supports it.
https://github.com/pfsense/FreeBSD-src/blob/devel-main/sys/dev/qat/include/common/adf_accel_devices.h#L12

OpenVPN can only be accelerated by it in DCO mode. Currently.

Steve

@guardian There is option 3, you can set the VOIP server not to return anything if the credentials are incorrect.

I recently reset my Snom VOIP phone and reconfigured it, it failed to work, it would appear that Safari was screwing up the password and I had to configure the password using Firefox.

I am running pfSense Plus 22.05 with i226-V NICs in passthrough from Proxmox.

The trick is installing 22.05 as one needs to upgrade from CE 2.6 and then 22.01. I set it up with linux bridges in Proxmox, upgraded to 22.05, and then set it up with PCIe passthrough to support hardware offloading.

@stephenw10 does it means that the user of pfsense CE can avail TAC subscription (TAC Pro or TAC Enterprise) and just need to have the latest CE version? in order to support by netgate TAC, am I right?

@jarhead said in Can ping pfsense lan but not VM Computers:

Most likely a problem with the vSwitch.

Hi,
Well done, it was a problem with my windows firewall.
Thank you for your answer.

@teward said in pfSense: Certificate Export only using Legacy SHA1 or MD5 exports/signatures:

@jimp I assume then that this will hit pfSense Plus, so for $FULLTIME_JOB I'll need to get us a pfSense+ license for commercial / corporate use. Because I don't know when CE will (if ever) receive the patch.

The code is in the upcoming Plus 23.01 release.

The code is also in CE 2.7.0 snapshots.

You can apply the patches to CE 2.6.0 or Plus 22.05 and get it on existing systems if you prefer.

When the OpenVPN client export changes are ready they will also be available on 2.6.0 and likely 22.05 in addition to 23.01 and 23.05/2.7.0

@stephenw10

No Steve, it's even dumber. Maybe THATS the reason you should never virtualize pfSense! I wanted to see what the MTU will be on WAN, when I let it auto negotiate again. It was 1492, thats okay since it's PPPoE. But looking at my LAN Interface: The MTU was 1288!

I dunno why, but after setting the MTU of 1500 in the Bridge in Proxmox and on the Interface on the VM the pfSense has on the LAN Interface 1500 MTU and since then everything is reachable.

I'm really shocked what happened to proxmox that this set it on that weird MTU.

@jimp Thanks for confirming, I had missed the redmine ticket.

@stephenw10 I've just encountered the same issue as reported in the example you give (https://redmine.pfsense.org/issues/13224) where I received an alert from NUT that my UPS was not responding and then a barrage of 'is available now...' notifications for my secondary WAN connection.

There was also a second notification from NUT when network connectivity was re-established to the UPS (only two notifications from NUT, the down notification and the up notification).

I wasn't at liberty to take any action that might cause network downtime (reboot, etc...), but clearing out the repeating notification from /var/db/notifyqueue.messages worked to put a stop to it. Not sure what, if anything, NUT has to do with it, but it seemed interesting that the circumstances I encountered matched what was reported there.

@rcoleman-netgate

thanks so much, doesn't bother me, just wanted to be sure I was safe. Thanks also for moving the thread, wasn't sure.

Only way you're likely to fix that sensor is a BIOS update. Or maybe a manually applied ACPI patch if you know exactly what it should be looking at.
Just use the CPU on-die sensors.

@keyser New installs of CE use ZFS. The boot environment GUI is in Plus.

@johnpoz I only need internet on the WAN(that I have) and Management subnet(don't have), nothing else.

The rest of the VLANs will only connect to interfaces on the same subnet. They should not connect to other VLANs(that is the point of me using pfsense. and having more VLANs and DHCP per subnet on my network).