@NollipfSense said in pfSense crash after Blackout:

@bmeeks Got to get me a UPS!

I highly recommend it. Can save you from a mini disaster during a blackout or even temporary power blip.

@stephenw10 said in What IF's to enable TFTP Proxy on ?:

You need to enable it on the entry interface of every firewall the initial request passes though passes through.

Steve

Thank you Stephen
That clears it up :-)

/Bingo

So internet in general was working, you had no issues resolving anything.. Just speed test was failing? And you had tried just changing the servers you were doing the test too?

changeserver.png

That latency error you were getting seems to just point to one of there servers being down
https://support.speedtest.net/hc/en-us/articles/203845540-What-does-Latency-Test-Error-mean-
"Latency Test Error" typically occurs when the server has gone temporarily down. We have a server watchdog that will periodically contact servers to verify they're working properly, but there may be a slight delay before we automatically recognize the server is down. Please let us know by filing a support ticket specifically identifying which server caused the error, and try testing to a different server.

Yup, I remembered now I was showing a technician how to install a production version of our pfsense onto a generic build. He resetted to factory default first and changed the interfaces so WAN was on a usb port. At the time I didn't think too much about it but it turns out to be a big head for me. @johnpoz I would so buy you a case of beer if I can.

Thanks everyone for the inputs, I believe this is now solved.

@stephenw10 i like overkill 😁 i will go for 3100 and 5100 for the main office. I am also considering upgrading our bandwidth. What do you suggest for a stable vpn connections, or is my current bandwidth are enough?

So a smart/managed layer 2 then ;)

BTW, if your going to route and your wanting to access something on your downstream from a IP that is on your transit network you are always going to run into asymmetrical problems..

asymmetrical.png

If you want to route to other networks on your downstream, then that needs to be connected to your upstream router via a transit network.. If you going to want to get to it from devices on your transit network.. Then you need to host route on them, or you run into the above asymmetrical problem.

Connect your upstream to your downstream via transit network (no hosts on it) and your asymmetrical issues are gone
17216.png

Also if you created your SVI on the L2 that your 10 network is on, then its IP would be in the 10 nework.. If you created put the svi on a different L2, then you need to route it via a transit or host routes or your going to have the asymmetrical problems.

Ok so you can ping out though?

Try pinging out with large packets:
ping -s 1000 -c 3 1.1.1.1

Try different sized packets to see if you really are seeing an MTU issue.

Steve

Well, take a look at the previous 48hs:
pf-cpu3.JPG

I will double check the Hyper-threading on the bios.

Thanks a lot for the help!

@stephenw10 Thanks and noted!

With IPAliases you can usually use either /32 or the correct subnet size. The important thing is you have at least one IP defined on the interface with the correct subnet in order to add the correct routing.

https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html#ip-alias

Steve

You could narrow that destination to just the PBX IP if that's the only thing you need access to in that subnet.

Steve

Yes, bridging the interfaces would allow the ISP router to 'see' the wifi subnet directly but it would still need an IP in that subnet to respond from which it does not have.

With the outbound NAT rule as you have it you are passing all the wifi traffic across the LAN subnet which means, unless you have blocked it in pfSense, wifi clients will be able to access any LAN client which you might not want.

Steve

Thank you very much, for the help the patch worked perfectly and already shows the view I needed, excellent help.

Update from my end, I think I figured it out...
After @chpalmer last msg, I went back to the "Hard disk standby time" settings and it was set to 180, which even if the systems was using the 180 mins it still didn't make any sense as to why is was spinning up/down so quickly. What I did is set it back to Always on and after saving and rebooting there are no more spin ups or downs.

thank you.

@tjabas said in change theme in Pfsense:

router after about 5 years

Wow.
From what version did you came from ?

@stephenw10 Thanks. I reactivated user admin for now and bookmarked the screen it should have gone to for other admin level users (me really).

pfSense should not have a LAN gateway. If you have that set on the LAN interface remove it.

Then go to System > Routing and make sure the WAN gateway is set as default.

The fact you are able to reach the webgui shows it must be working to some extent.

Steve

Does it reboot because of some event? Do the logs show it rebooting or shuting down? Or do they just show it running then suddenly booting as though it was hard power cycled?

The logs immediately before Sep 9 21:16:47 syslogd kernel boot file is /boot/kernel/kernel should show that.

I assume no other VMs are rebooting at that time?

Steve

@bmeeks would know what snort can do and or should do - he is the snort guru around here that is for sure ;)

DMZ? WiFi AP for a Guest Network? ISCSI to a XigmaNAS? :)