I would try to catch whatever is doing it by running top -aSH at the command line.

That is a high number of processes though even when it's running normally. If you have something that is hanging traffic every 30s though I would expect it to use a lot of CPU time and be clearly visible there.

Steve

Yes. You can always restore a configuration from an older version to a newer version. There is upgrade code that will adjust the configuration to the newer formats.

You can't go backward, however.

Hi,

3 things to test, so you can isolate the problem.

1=> No more VM : go physical (did you read the other "HyperV" thread today / yesterday where the VM was freezing ?)
2=> Bridging physical NIC's : take a no-brain switch
3=> ntopng installed .... you are aware that that one only can bring pfSense to it's knees ....

All certs are stored in the XML... if you want to verify a cert, then you will also need to download the ca cert..

I used the files in the freerad dir because it couple other hot threads going on about it and certs an crls.

For openvpn.. the .ca is the ca.pem an serverX.cert is the server .pem

So for example
[2.4.4-RELEASE][root@sg4860.local.lan]/var/etc/openvpn: openssl verify -CAfile server1.ca server1.cert
server1.cert: OK

No offense but you might want to understand the tools your using a bit more before you say stuff doesn't work ;) pem file can have any ext on it does not have to be .pem ;)

What I expect to see is all the FQDNs you have being resolved in the DNS log when you reload the filter.
If you see nothing there that's a problem.
If you see some and then an error that's a problem.
Of you see them all resolved there and they still don't make it into the tables that's a different problem.

Steve

I see the attachment links are dead. I came here to get a copy of my old script having lost it myself and noticed the attachment links don't work.

I started using this.

https://www.foxypossibilities.com/2018/05/23/reestablish-pfsense-openvpn-clients-with-cron/

I like how it uses native capabilities to restart openvpn client, I might add a for loop to this so it doesn't restart the vpn on a single failure later when I have time.

Hi everyone,

The solution : replace "Dynamic" by "Hyper-V Port" protocol in the "Load balancing mode" of the Teaming properties.

0_1540906269852_6caf606e-bfb8-4f2d-be98-d2982e788806-image.png

Everything work and no more packet loss !

That worked! Thanks! I just needed to be sure I had some way to reset admin password in case of an emergency. I have another 'sudo' admin which /etc/rc.initial worked perfectly.

I also considered opening up SSH, but that might just be one more opening that someone could exploit.

Anyway, thank's again.

stephenw10...Thank you for the response. Interestingly, I restarted a couple of times and now it's Online. I don't know why but it seems to be working now.

It was a NordVPN background service....☺ 👨‍🔧 🍤

@chpalmer said in Losing WAN when receiving VOIP call:

Then ask your ISP if anything about your circuit has changed on their end. Just to cover your bases.

I already texted him :)

https://www.netgate.com/docs/pfsense/book/config/advanced-admin.html?highlight=ssh#secure-shell-ssh

Ok. Thank you sir

pfSense can be a VPN client, yes. But you cannot route arbitrary traffic over those types.

You might be able to do it with VTI. You definitely can do it with OpenVPN.

Steve

@derelict said in How do I setup LAN to Wifi, Wifi to LAN. Wifi different subnet to LAN.:

WAN allow > pfsense
LAN antilockout rule anything allow > pfsense
LAN 192.168.6.0/24 allow to 192.168.5.0/24
LAN 192.168.5.0/24 allow to 192.168.6.0/24
ATH0 allow anything to anything

The stricken rule does nothing.  You will never see traffic coming into LAN from 192.168.6.0/24.

Here's what you want to do in general:

Pass traffic on ATH0 for things you want wireless clients to be able to do (like local DNS)
Reject traffic on ATH0 for things you don't want wireless clients to be able to do (Like access LAN or the firewall itself)
Pass traffic on ATH0 to everything else (the internet)

Read this:
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
Wifi name in hindi
Any questions post the part of that document you don't understand and ask away.


There are some things that are specific though like the interface names but pfSense will ask you to re-assign them at the first boot. It can be a problem if the previous hardware had more interfaces than the new hardware.
You certainly can import a config file from an older pfSense version, there are scripts to translate it to the newer config file format.

@xlameee (the original poster) and I are running 2.4.4. I have the same symptom as xlam. Unfortunately it's not a matter of an upgrade for either of us; something else is happening for us under the same conditions.

I know major changes and upgrades behind the scenes happened with the PHP upgrade and BSD updates since then. @Trufelli is on 2.3.2 and his use case is different than mine or xlam.

Thanks for the info and suggestions, ended up just creating a vlan on the isp interface and removing an ip from my pfsense and connecting it through directly to the customers CPE router. It's done the job.