If after upgrade it shows as revertable then it was in the upgrade and you should just remove the patch without reverting it.

@JKnott said in What does WAN monitoring do?:

If the WAN fails, what mechanism is there, in pfSense, to force change?

It will change the default gateway (default route) and hence anything using that. If you have set the default gateway to a failover group it will use the gateways from within that. If it's set to automatic is just uses the next gateway that is UP which can be an issue is that is, say, a VPN.

If you're policy routing traffic you can set a load-balance or failover gateway group and pf forces traffic via that as states are opened. If a gateway is marked down it is removed from the group.

The increased CPU usage is probably due to change in the gui reload process. See: https://forum.netgate.com/post/1191398

@eagle61 Thanks for the heads up, will definitely keep it in mind. Haven't managed to get IPv6 working yet, so strong chance it isn't support, but will keep checking.

@JonathanLee, @MatthewA1 Thanks!

I updated to 24.11 and noticed that we now have authenticated NTP key setting in the GUI (Services->NTP)!

cb02144e-92fd-48b7-89f4-02002b845551-image.png

For those using NIST servers, I tweaked the following settings. I'm not 100% sure I needed to click "Prefer".
1e01b44d-883d-43f7-95ff-a948405c3859-image.png

I finally took the leap and used the Patches GUI to (re) apply the authentication status patch. Here are the settings I used.
24f29e0b-ce52-4c9b-8eec-3a00a15b5236-image.png

-LamaZ

@Log1cal-Big7935 just mute them

@ahking19 OK thanks for correcting me - I thought he did.

@stephenw10 - Thanks for the response. I'll keep your points in mind as I see what I can do with my first managed switch.

@diyhouse: Trying to get log files...but web documentation does not seem to work,.. will have to contact Draytek tomorrow..

adsl idle dti_on # Followed by sys reboot

Does not give me the ability to pull logs in the diagnostic window

You probably have some pkgs installed with lists etc?

You're still at >20% unused RAM though.

@JonathanLee

the nginx GUI web server doesn't use "/usr/local/www/nginx-dist" or "/usr/local/www/nginx" which links to the first.

It still works, though : https://pfsense.yourlocaldoimain.tld/nginx :

069a610b-39ff-47e0-9e77-2b5217541b1a-image.png

These were the initial html files that come with a basic install of ngins, like apache2.
A simple html index file to demonstrate that the server works.
These files have been put out of the way 'somewhere'.

The nginx config file is here : /var/etc/nginx-webConfigurator.conf

You'll find this :

server { listen 443 ssl http2; listen [::]:443 ssl http2;

so it's actually simple to do this :

server { listen 192.168.1.1:443 ssl http2; listen [::]:443 ssl http2;

(maybe you should also add the IPv6 of your LAN)

to make it listening only on LAN (nad localhost) and no where else.

Do not edit this config file.
Edit the file that edits the config file : /etc/inc/system.inc, look for the function system_generate_nginx_config(), you'll get the picture 😊

A lot has changed in 6 years. What exactly have you setup so far?

@stephenw10

Yep starts up fine, no issues.

Unless i can reproduce it or others have a similar issue might have to throw this in the mystery box.

@getcom
Thank you! That worked!

Unclear. By 'router' here you mean the gl.inet GL-MT6000? And that is connected to the pfSense LAN?

I can only imagine that device drops the link to the LAN when it reboots and the other device does not. However that should not affect the WAN. The other possibility is that during boot it comes up with a subnet that conflicts with the WAN causing the default to flip.

But however it's doing it you should definitely set WAN_DHCP as default to prevent it trying to use the VPN as default.

@stephenw10 said in device has not been registered for pfSense+:

Yes adding or removing any NIC, including USB, will change the NDI.

If you run pfSense-repoc -DN at the CLI it wil print the NDI actually being sent to the repo servers to check against.

Well dag nabit! Thanks Steve! I just promised Craig I will never do such a bad thing again.. 😌

I should have been using my test box to test and not my primary.

Found a setting on newer iOS that may help here as well … wife was reporting in parts of the house her phone would swap from WiFi back to 5g during a call

Can try disabling Settings -> Cellular -> Wi-Fi Assist (“automatically use cellular data when Wi-Fi connectivity is poor”)… maybe a dead spot or between APs fools the iPhone to opt for the crappy cellular signal ?

I've not seen anyone use Nextcloud specifically but it's just a matter of code. 😉

See: https://docs.netgate.com/pfsense/en/latest/backup/remote-backup.html

hey all,
I could narrow it down...
found my zyxel switch was causing the problem...it is (I guess) another bad IPv6 implementation. So I offed my v6 Interface on my xs1930. Still reachable with v4 and no more spamming my logs.
Thank you for your hint @stephenw10 :)

I don't believe so since the radius traffic never leaves the firewall.